Clang fsanitize=safe-stack RFC6979 miscompile issue #445

issue laanwj opened this issue on March 3, 2017
  1. laanwj commented at 1:17 PM on March 3, 2017: member

    There is a miscompile issue with LLVM 4.0 safe-stack and the secp256k1_rfc6979_hmac_sha256_generate function. This results in invalid deterministic signatures, (luckily) causing both the secp256k1 and bitcoin tests to fail.

    I'm fairly sure that this is a clang bug, although it's curious that it only seems to affect that function (and not any other tested use of SHA256, for example). In any case FYI this is being investigated here: https://github.com/NuxiNL/cloudabi-ports/issues/30

  2. laanwj commented at 4:58 PM on March 5, 2017: member

    Update: this problem is confirmed to exist on LLVM 4.0-rc3, and also on the SVN trunk. A bug has been filed: https://bugs.llvm.org//show_bug.cgi?id=32143

    Until fixed I'd strongly suggest not to use stafestack sanitize with secp256k1.

  3. jonasschnelli commented at 2:28 PM on March 20, 2017: contributor

    This bug is now active in LLVM 4.0 (release) and will very likely be fixed in 4.0.1

  4. laanwj commented at 8:50 PM on March 1, 2018: member

    This is fixed upstream, closing.

  5. laanwj closed this on Mar 1, 2018
Contributors
laanwjjonasschnelli
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 18:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me