[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17983 [Core Tor/Tor]: Build tor with -ftrapv by default



#17983: Build tor with -ftrapv by default
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  nickm
     Type:  enhancement                          |         Status:
 Priority:  High                                 |  needs_revision
Component:  Core Tor/Tor                         |      Milestone:  Tor:
 Severity:  Normal                               |  0.2.9.x-final
 Keywords:  TorCoreTeam201604, tor-sponsorS-     |        Version:
  orphan                                         |     Resolution:
Parent ID:                                       |  Actual Points:
 Reviewer:                                       |         Points:  small
                                                 |        Sponsor:
                                                 |  SponsorS-can
-------------------------------------------------+-------------------------
Changes (by nickm):

 * status:  needs_review => needs_revision


Comment:

 update: I've asked around in #llvm, and I've asked some crypto
 implementers if they have any thoughts here.

 So far the safest option seems to be to use fwrapv on the code that should
 be constant-time, and ftrapv elsewhere.  Additionally, out of an abundance
 of caution, we should change --enable-expensive-hardening so that the
 constant-time code is not built with any of the compiler sanitizers in
 that case.

 (I have not seen a conclusive argument that that the untaken branches
 added by trapv and the sanitizers mess with constant-time properties, but
 it does seem that the diversity of branch predictors is so great that it
 is hard for me to call these branches "always harmless" with much
 certainty. Maybe given more information.)

 I've added a ticket to write testing logic to verify that our operations
 run in constant time.  (#18896)  I've added another ticket about the
 sanitizers (#18901).  I'm going to needs_revision this ticket, with the
 plan to use fwrapv on all constant-time modules, and trapv elsewhere.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17983#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs