[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
#7277: timestamp leaked in TLS client hello
------------------------+---------------------------------------------------
Reporter: proper | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Keywords: tor-client | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by nickm):
The only options I see for doing this without a SSL patch are pretty
questionable:
1) Override time() when ssl3_client_hello() might be getting called,
2) Override RAND_bytes and RAND_pseudo_bytes to see when they're getting
called with a pointer that happens to be 4 bytes from the start of a the
s3->client_random field of an SSL object, and if so, overwrite the first 4
bytes as well.
To do the first one, you need a portable way to override libc/system
calls.
To do the second one, you can override RAND_* with RAND_set_rand_method.
You'd want to have the rand_engine implementation call the methods from
RAND_get_rand_method. To keep track of which pointers deserve the "write
4 extra bytes" treatment, you'd want to do something clever with some data
structure to determine whether a pointer matches the value of some
ssl->s3->client_random + 4. I *think* that client_random is allocated
when the SSL structure is allocated, and that it doesn't change, but we
should definitely examine that more closely.
Be aware that multiple ClientHello messages can get sent for a single SSL,
if renegotiation happens.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7277#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs