Re: [tor-bugs] #7419 [Tor]: Choose a faster memwipe implementation

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#7419: Choose a faster memwipe implementation
-----------------------------+------------------------------------
     Reporter:  nickm        |      Owner:
         Type:  enhancement  |     Status:  needs_review
     Priority:  normal       |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  tor-relay, nickm-patch
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+------------------------------------

Comment (by teor):

 If we do something like:
 {{{
 void *guaranteed_memset(void *v,int c,size_t n) {

   char memset_failed = 0;
   int i;

   /* do the memset in a fast, safe, platform-specific way */

   for (i = 0; i < n; i++) {
     if (v[i] != c) {
       memset_failed = 1;
       break;
     }
   }

   assert(!memset_failed);

   return v;
 }

 }}}
 we could prove the overwrite occurred, and ensure compilers don't/haven't
 optimise(d) it away.

 This is the safest approach - one question: should we guard it with #if
 PARANOIA, or do it all the time?

 (I favour doing it every time we overwrite, as it is a vital security
 property. However, it will be slower to read all the memory again.)

 What do you think, nickm, arma, rransom?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7419#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs