[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10402 [Tor]: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled

Subject: Re: [tor-bugs] #10402 [Tor]: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 18 Dec 2013 16:31:38 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Dec 2013 11:31:42 -0500
In-reply-to: <044.3d9d5840e89957ebb5773190e70d729e@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.3d9d5840e89957ebb5773190e70d729e@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10402: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled
------------------------+---------------------------------------------
     Reporter:  anon    |      Owner:
         Type:  defect  |     Status:  needs_review
     Priority:  major   |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  024-backport tor-relay security
Actual Points:          |  Parent ID:
       Points:          |
------------------------+---------------------------------------------

Comment (by nickm):

 On investigation, I think that the log message is wrong: It looks at
 ENGINE_get_default_RAND(), which should have just gotten pulled off the
 engine table.

 There's also something else screwy going in here, though.  It appears that
 we aren't actually ''using'' the RDRAND backend, even when I enable
 HardwareAccel.

 AHA.

 We are frequently not using any RAND engine at all.  (That's probably a
 good thing!)

 That's because, if any RAND_* function is invoked before setting a RAND
 engine, the call in rand_lib.c to RAND_get_rand_method() will set the
 default_RAND_method pointer.  That RAND_METHOD pointer will stay that way
 until it's changed, and nothing will change it unless we somehow clear and
 re-initialize it.

 And when do we first call any random function?  During ordinary operation,
 if we start up with a state file that has any circuit build time values,
 we'll shuffle them in circuit_build_times_shuffle_store_array.

 If we have no state file, ''then'' the rand method is not set when the
 crypto_init() code is first called.

 Of course, this isn't really a fix, because when we first start Tor, we'll
 have no state file, and we'll use the default rand method after all.  But
 wow, this junk sure made debugging hard.

 It also suggested a much, much easier fix.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10402#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #10402 [Tor]: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #10418 [Tor Launcher]: Make a "Use Default Bridges" Radio button in the Tor Launcher Bridge UI
Next by Author: Re: [tor-bugs] #10418 [Tor Launcher]: Make a "Use Default Bridges" Radio button in the Tor Launcher Bridge UI
Previous by thread: Re: [tor-bugs] #10402 [Tor]: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled
Next by thread: Re: [tor-bugs] #10402 [Tor]: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled
Index(es):
- Author
- Thread