Zeroing variables and ineffectual variable assignments
1,893 views
Skip to first unread message
Kevin Burke
Oct 19, 2017, 1:21:22 PM10/19/17
to golang-dev
A third party "source code checker" tool warned about this line in golang.org/x/crypto/ed25519/internal/edwards25519: https://github.com/golang/crypto/blob/master/ed25519/internal/edwards25519/edwards25519.go#L1379. Briefly, here s12 is assigned and then never read again.
s0 += s12 * 666643
s1 += s12 * 470296
s2 += s12 * 654183
s3 -= s12 * 997805
s4 += s12 * 136657
s5 -= s12 * 683901
s12 = 0
It was flagged as an "ineffective variable assignment." The Go code is a port of the ed25519 implementation of SUPERCOP, a C project: https://bench.cr.yp.to/supercop.html (download the source and grep for sc_reduce; the implementation is in crypto_sign/ed25519/ref10/sc_reduce.c). The C code features the same zeroing
s0 += s12 * 666643;
s1 += s12 * 470296;
s2 += s12 * 654183;
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
s12 = 0;
If I run a simple program like that through "go tool compile -S", it looks like the last zero assignment gets optimized away. Which makes me wonder about it? Surely the GCC compiler makes the same optimization for the C implementation in supercop.
The fact that this is cryptography code makes me pause. Was the intent to zero the value in memory? If so it seems like it's ineffective. Or maybe it was left over from a block above it, where it's set back to zero before being reassigned. Or maybe it's necessary to ensure that all inputs are constant time.
I guess I am worried that the optimization affects the cryptographic correctness of the code, or potentially exposes values in memory that the program isn't supposed to expose. But maybe I'm reading too much into what the code is doing.
Here's an open issue to teach "go vet" about ineffectual variable assignments. https://github.com/golang/go/issues/6072
Bryan C. Mills
Oct 19, 2017, 6:21:44 PM10/19/17
to Kevin Burke, golang-dev
A guess: that block of statements was probably copied-and-pasted, or generated mechanically.
It occurs many times in that file, and in some of the occurrences (such as here) the final store is not dead.
--
You received this message because you are subscribed to the Google Groups "golang-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages