OpenSSL is soliciting input on a hardening effort for our library. The details
can be found here:
https://github.com/openssl/openssl/discussions/24321
Whats going on?
An issue was reported to us recently, in which it was found that some CPU’s that
use SIMD registers in memory copy operations leave the contents of those
registers unmodified after a copy is complete. As such, the data being copied,
even if it was securely cleared from ram, may remain in those registers and
potentially get leaked on the stack under certain conditions.
Is this a problem?
Yes and no. This is a side channel vector, and so any exploit of it would
require an attacker to have local access to a system, meaning it is not truly a
security issue. There are no known exploits of this issue currently. However,
it may be reasonable to consider measures to avoid this if possible.
So why don’t you just fix it?
Well, we could, but any fix available to us is going to (by definition), be
somewhat incomplete. Fixing it by wrapping functions that do memory copies is
feasible, but limited in effectiveness. Details are in the discussion above,
but the summary is that addressing this by wrapping effected function
(memcpy/strcpy/etc), would only apply to users of those functions, and only for
compilers that support the mechanisms we have available to address them.
Additionally, such a fix does not address compiler optimizations that use SIMD
instructions to optimize other code outside of those functions. Lastly it would
be a performance impact, as clearing registers this often in what are
frequently called code paths will slow operations down.
So whats the request?
Please read the above discussion on GitHub and give us your opinion on the
matter. As community members, your input is important to us, and we are
soliciting opinions on what to do about this issue. In the view of OpenSSL
the issue is reasonably minor, but the consensus community opinion may differ
here, so we would very much like to hear from you to help guide our efforts on
this.