Soliciting input regarding the hardening of a potential data leak #24321
nhorman
started this conversation in
General Discussion
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The background
Some research was recently sent to the openssl project regarding the potential leaking of data on the stack.
On some architectures that make use of various SIMD instructions (specifically AMD Zen4, but other arches may be affected), it is possible that, when various copy functions are used (like memcpy, strcpy, etc). Its possible that, even if the source memory is cleared after the copy, data from the copy may remain in some of the simd registers, spilling onto the stack if lazy linking is performed. This spillage could be benign, but it could also be potentially detrimental if the data in the memcpy operation is sensitive
The analysis
the problem, in an academic sense, is somewhat easy to fix. Some compilers contain an attribute which allows the clearing of used simd (ne all) registers used in a function on exit. It would be somewhat straightforward to apply this attribute to functions performing such copies and solve the problem that way. But that approach has several drawbacks:
Additional information
it should be noted that this problem was found outside of openssl. There is no specific known attack on openssl using this discovery. It also should be noted that exploitation of this would be a side channel attack, requiring local access to the system. As such this is being looked at as a hardening effort, rather than a security bug.
The question
We are soliciting input for what to do about this. The options currently are:
Augment our OPENSSL_memcpy/dup/strcpy functions to clear registers on exit, and opportunistically mitigate the problem where possible, accepting the performance impact
Create variants of the above functions with register clearing attributes set, and make use of them in places where we think sensitive data might be in a register, updating when/if additional locations are found that may leak sensitive data
Beta Was this translation helpful? Give feedback.
All reactions