OpenSSL is soliciting input on a hardening effort for our library. The details can be found here: https://github.com/openssl/openssl/discussions/24321

Whats going on?

An issue was reported to us recently, in which it was found that some CPU’s that use SIMD registers in memory copy operations leave the contents of those registers unmodified after a copy is complete. As such, the data being copied, even if it was securely cleared from ram, may remain in those registers and potentially get leaked on the stack under certain conditions.

Is this a problem?

Yes and no. This is a side channel vector, and so any exploit of it would require an attacker to have local access to a system, meaning it is not truly a security issue. There are no known exploits of this issue currently. However, it may be reasonable to consider measures to avoid this if possible.

So why don’t you just fix it?

Well, we could, but any fix available to us is going to (by definition), be somewhat incomplete. Fixing it by wrapping functions that do memory copies is feasible, but limited in effectiveness. Details are in the discussion above, but the summary is that addressing this by wrapping effected function (memcpy/strcpy/etc), would only apply to users of those functions, and only for compilers that support the mechanisms we have available to address them. Additionally, such a fix does not address compiler optimizations that use SIMD instructions to optimize other code outside of those functions. Lastly it would be a performance impact, as clearing registers this often in what are frequently called code paths will slow operations down.

So whats the request?

Please read the above discussion on GitHub and give us your opinion on the matter. As community members, your input is important to us, and we are soliciting opinions on what to do about this issue. In the view of OpenSSL the issue is reasonably minor, but the consensus community opinion may differ here, so we would very much like to hear from you to help guide our efforts on this.