[tor-bugs] #13912 [Core Tor/Tor]: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 13 20:43:01 UTC 2017
#13912: Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE
registers)
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version: Tor:
| 0.2.6.1-alpha
Severity: Normal | Resolution:
Keywords: security registers aesni memwipe | Actual Points:
tor-relay |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by isis):
Replying to [comment:12 yawning]:
> Replying to [comment:11 cypherpunks]:
> > What about ROP gadgets that do not provide turing complete behavior
(so no "arbitrary" code execution), but still expose the sensitive
registers?
>
> I think you've likewise effective lost at that point. Patch OpenSSL's
assembly in strategic locations if you actually care about this, though
there's a a lot of other places in the code that don't scrub "sensitive"
keying information so IMO this is a lost cause.
Agreed. I think if we're at the point that an adversary can somehow chain
ROP gadgets to get a partial key read from an xmm register, I'd be way
more worried about a ROP chain for full RCE.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13912#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list