[tor-bugs] #13912 [Tor]: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Dec 8 03:51:54 UTC 2014


#13912: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE
registers)
------------------------+--------------------------------
     Reporter:  teor    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.???
    Component:  Tor     |    Version:  Tor: 0.2.6.1-alpha
   Resolution:          |   Keywords:  security
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------

Comment (by nickm):

 I think that with aesni, at least, it's a non-issue.  Remember:
    * we're doing AES all over the place, with many keys, many bytes at a
 time.
    * Leaking SSE registers is not so simple as leaking memory.

 But it it seems important to fix. options might include:
    * sticking in a pure-assembly "zero the SSE registers" call after each
 AES or SSL invocation

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13912#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list