[tor-bugs] #13912 [Tor]: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers)

Sun Dec 7 22:38:34 UTC 2014

#13912: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE
registers)
----------------------+------------------------------------
 Reporter:  teor      |          Owner:
     Type:  defect    |         Status:  new
 Priority:  normal    |      Milestone:  Tor: 0.2.???
Component:  Tor       |        Version:  Tor: 0.2.6.1-alpha
 Keywords:  security  |  Actual Points:
Parent ID:            |         Points:
----------------------+------------------------------------
 The article "Zeroing Buffers Is Insufficient" describes how AES-NI can
 leave keys in SSE registers for long periods of time. (It also describes
 issues with temporary variables on the stack, and in other registers.)

 http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-
 insufficient.html

 Is there a way we can semi-portably fix this?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13912>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online