Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T14:40:50Zhttps://gitlab.torproject.org/legacy/trac/-/issues/13912Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE regi...2020-06-13T14:40:50ZteorKey Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers)The article "Zeroing Buffers Is Insufficient" describes how AES-NI can leave keys in SSE registers for long periods of time. (It also describes issues with temporary variables on the stack, and in other registers.)
http://www.daemonolog...The article "Zeroing Buffers Is Insufficient" describes how AES-NI can leave keys in SSE registers for long periods of time. (It also describes issues with temporary variables on the stack, and in other registers.)
http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html
Is there a way we can semi-portably fix this?Tor: unspecifiedhttps://gitlab.torproject.org/legacy/trac/-/issues/7003Wipe relay key material from memory on common crash conditions2020-06-13T14:23:13ZMike PerryWipe relay key material from memory on common crash conditionsTor should wipe key material before common crash conditions, to avoid key material leak in the case where relay operators have otherwise taken steps to keep key material off of disk.
There are two vectors towards obtaining key material ...Tor should wipe key material before common crash conditions, to avoid key material leak in the case where relay operators have otherwise taken steps to keep key material off of disk.
There are two vectors towards obtaining key material after crash: core files, and large mmap attempts by other users' processes.
It turns out many OS kernels do not provide ways to defend against the latter case. Therefore, tor should attempt to wipe sensitive key material on atexit, SIGSEGV, SIGBUS, tor_assert() and other common exit conditions.Tor: unspecifiedhttps://gitlab.torproject.org/legacy/trac/-/issues/6176Clean up service IDs2020-06-13T14:20:32ZAndrea ShepardClean up service IDsThere are several occurences in rendservice.c and rendclient.c of service IDs produced by hashing public keys. They should be properly zeroed when functions return/heap is freed.
* rendclient.c:
* lookup_last_hid_serv_request() (li...There are several occurences in rendservice.c and rendclient.c of service IDs produced by hashing public keys. They should be properly zeroed when functions return/heap is freed.
* rendclient.c:
* lookup_last_hid_serv_request() (line 430)
* directory_get_from_hs_dir() (line 539)
* rendservice.c:
* rend_service_intro_has_opened() (line 1562)
* rend_service_intro_established() (line 1680)
* rend_service_rendezvous_has_opened() (line 1721)
* upload_service_descriptor() (line 1981)
* rend_service_set_connection_addr_port() (line 2463)Tor: unspecified