[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #18901 [Core Tor/Tor]: Should we stop appling --enable-expensive-hardening to constant-time code ?

Subject: [tor-bugs] #18901 [Core Tor/Tor]: Should we stop appling --enable-expensive-hardening to constant-time code ?
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 26 Apr 2016 15:37:40 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 26 Apr 2016 11:37:49 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18901: Should we stop appling --enable-expensive-hardening to constant-time code ?
------------------------------+---------------------------------------
     Reporter:  nickm         |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  029-backport 029-proposed
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+---------------------------------------
 The ubsan and asan options introduce branch instructions all over the
 place.  Although these branches are never actually taken in by code that
 doesn't immediately crash, I'm concerned that they might make our
 constant-time code less constant-time, with a suitably weird branch
 predictor.

 (I have no evidence that this is actually happening, but the whole
 situation is a confusing mess.)

 Out of an abundance of caution, I'd suggest that we make those options
 apply only to the non-constant-time code

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18901>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #18901 [Core Tor/Tor]: Should we stop appling --enable-expensive-hardening to constant-time code ?
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #18897 [Core Tor/Tor]: Narrow scan-build checkers to those that have an acceptably low false positive rate.
Next by Author: Re: [tor-bugs] #17983 [Core Tor/Tor]: Build tor with -ftrapv by default
Previous by thread: Re: [tor-bugs] #18900 [Applications/Tor Browser]: TB 6.0a5: updater doesn't work on Linux (cannot find libraries)
Next by thread: Re: [tor-bugs] #18901 [Core Tor/Tor]: Should we stop appling --enable-expensive-hardening to constant-time code ?
Index(es):
- Author
- Thread