Title: Decrypting VPN traffic via crashdumps
Date: 2024-07-30 16:40

In the light of Microsoft getting some of their [signing keys exfiltrated via coredumps](https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/),
last year, I had some interesting conversations about leaking cryptographic
material via coredumps. One of those was about how
[Telecomix](https://en.wikipedia.org/wiki/Telecomix) uncovered how [Blue Coat
Systems](https://en.wikipedia.org/wiki/Blue_Coat_Systems) was likely able to
decrypt OpenVPN encrypted traffic in Syria around 2011: they had a remote crash for
the OpenVPN client, causing Windows to automatically [upload the coredump to
Microsoft](https://en.wikipedia.org/wiki/Windows_Error_Reporting),
[unencrypted](https://en.wikipedia.org/wiki/Windows_Error_Reporting#Privacy_concerns_and_use_by_the_NSA),
containing the encryption keys and all related cryptographic material.

Nowadays, those Windows Error reports are encrypted, but it [might not be the
case](https://github.com/search?q=repo%3Aabrt%2Flibreport+SSLVerify&type=code)
for every operating system. Another way to prevent keys from being exfiltrated
this way is to use
[`MAP_NOCORE`](https://manpages.org/mmap/2)/[`MADV_DONTDUMP`](https://www.man7.org/linux/man-pages/man2/madvise.2.html),
like [libsodium](https://doc.libsodium.org/memory_management) is doing.
OpenSSL [doesn't do
this](https://github.com/search?q=repo%3Aopenssl/openssl%20MADV_DONTDUMP&type=code),
but I've heard that there is some ongoing work to add this to BoringSSL