[tor-bugs] #13912 [Tor]: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 9 05:51:03 UTC 2014
#13912: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE
registers)
------------------------+--------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.???
Component: Tor | Version: Tor: 0.2.6.1-alpha
Resolution: | Keywords: security
Actual Points: | Parent ID:
Points: |
------------------------+--------------------------------
Comment (by teor):
As for compilers' habits of spilling register values onto the stack: (GCC
in particular)
Compilers are free to make copies of data, rearranging it for faster
access. One of the worst culprits in this regard is GCC: Because its
register allocator does not apply any backpressure to the common
subexpression elimination routines, GCC can decide to load values from
memory into "registers", only to end up spilling those values onto the
stack when it discovers that it does not have enough physical registers
(this is one of the reasons why gcc -O3 sometimes produces slower code
than gcc -O2). Even without register allocation bugs, however, all
compilers will store temporary values on the stack from time to time, and
there is no legal way to sanitize these from within C.
Is the conclusion, that "there is no legal way to sanitize [compiler-
created temporaries on the stack] from within C", correct?
If so, I could imagine the following strategies to address this issue:
* avoid building tor with gcc -O3
* allocate and zero buffers on the stack after returning from sensitive
functions
Are there any others?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13912#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list