[tor-bugs] #18901 [Core Tor/Tor]: Should we stop appling --enable-expensive-hardening to constant-time code ?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 26 15:37:40 UTC 2016
#18901: Should we stop appling --enable-expensive-hardening to constant-time code ?
------------------------------+---------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: 029-backport 029-proposed
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+---------------------------------------
The ubsan and asan options introduce branch instructions all over the
place. Although these branches are never actually taken in by code that
doesn't immediately crash, I'm concerned that they might make our
constant-time code less constant-time, with a suitably weird branch
predictor.
(I have no evidence that this is actually happening, but the whole
situation is a confusing mess.)
Out of an abundance of caution, I'd suggest that we make those options
apply only to the non-constant-time code
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18901>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list