[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13912 [Tor]: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers)



#13912: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE
registers)
------------------------+--------------------------------
     Reporter:  teor    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.???
    Component:  Tor     |    Version:  Tor: 0.2.6.1-alpha
   Resolution:          |   Keywords:  security
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------

Comment (by teor):

 As for compilers' habits of spilling register values onto the stack: (GCC
 in particular)

     Compilers are free to make copies of data, rearranging it for faster
 access. One of the worst culprits in this regard is GCC: Because its
 register allocator does not apply any backpressure to the common
 subexpression elimination routines, GCC can decide to load values from
 memory into "registers", only to end up spilling those values onto the
 stack when it discovers that it does not have enough physical registers
 (this is one of the reasons why gcc -O3 sometimes produces slower code
 than gcc -O2). Even without register allocation bugs, however, all
 compilers will store temporary values on the stack from time to time, and
 there is no legal way to sanitize these from within C.

 Is the conclusion, that "there is no legal way to sanitize [compiler-
 created temporaries on the stack] from within C", correct?

 If so, I could imagine the following strategies to address this issue:
 * avoid building tor with gcc -O3
 * allocate and zero buffers on the stack after returning from sensitive
 functions

 Are there any others?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13912#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs