[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13912 [Core Tor/Tor]: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers)

Subject: Re: [tor-bugs] #13912 [Core Tor/Tor]: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 09 Jul 2017 06:51:05 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 09 Jul 2017 02:51:16 -0400
In-reply-to: <044.8c947e23cb76f8beb775be9a08c0480c@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.8c947e23cb76f8beb775be9a08c0480c@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13912: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE
registers)
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.6.1-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  security registers aesni memwipe     |  Actual Points:
  tor-relay                                      |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Replying to [comment:5 yawning]:
 > Ooof.  This is tricky to solve correctly, but the AES-NI case is
 probably not exploitable.  From talking with nickm on IRC about this, the
 only way for this to actually leak AES keys would be:
 >
 >  * Bugs that allow arbitrary code execution (we've lost in that case
 regardless)
 >  * Something that reads from a uninitialized XMM register in a way that
 spits it out onto heap/stack/the network, while displaying "correct"
 behavior otherwise.
 >  * Your kernel is compromised (we've lost in that case regardless) since
 the registers get saved on context switch.

 What about ROP gadgets that do not provide turing complete behavior (so no
 "arbitrary" code execution), but still expose the sensitive registers?
 There will certainly be gadgets for reading from these registers.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13912#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #22966 [Applications/Tor Browser]: Nasty MitM possibility with the Firefox blocklist service
Next by Author: Re: [tor-bugs] #10394 [Applications/Tor Browser]: Torbrowser's updater updates HTTPS-everywhere
Previous by thread: Re: [tor-bugs] #22563 [Core Tor/Tor]: Many memory pages in tor.exe for Windows violate W^X
Next by thread: Re: [tor-bugs] #13912 [Core Tor/Tor]: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers)
Index(es):
- Author
- Thread