(Many thanks to Lutz for pointing out that I omitted the subject line; hopefully this isn't a duplicate.)
> ---------- Forwarded message ---------- > From: David Leon Gil <[email protected]> > To: "[email protected]" <[email protected]> > Cc: > Date: Wed, 1 Oct 2014 09:45:10 -0400 > Subject: Re: [PATCH] aesni-x86_64.pl: zeroize registers, Win64 ABI fix On Wednesday, October 1, 2014, Andy Polyakov via RT <[email protected]> wrote: > > > All internal exports: Zeroize XMM registers that may contain secret > > data before returning. (At 4x pxors per cycle, the overhead is > > negligible.) > > > > _ctr32: Zeroize $key0 and $ctr. > > Question is why just aesni module? Why not everywhere? It should be done everywhere. But I only have limited time to spend on this, so...one file at a time. > Why not demand that compiler does it too? See, e.g., http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html for someone who is demanding just that. I have heard there is some work on a compiler pass to do so, in fact. > Why just registers, and not stack too? You're right; I was neglecting the stack on Win64. (Some of the assembler already appears to clean parts of the stack in that case; on other platforms the stack isn't used IIRC.) > The answer is that it doesn't make much sense, because the code you are > trying to "protect" against resides in same process context Maybe yes, maybe no; a lot of things can reside in the same process. Motivating example: WebCrypto provides an API to perform encryption with keys that aren't accessible to the JS. (Thanks for the background on wipe_cpu.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
