[tor-bugs] #10402 [Tor]: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Dec 18 20:19:40 UTC 2013


#10402: Force disable use of RDRAND in OpenSSL when HardwareAccel is enabled
------------------------+---------------------------------------------
     Reporter:  anon    |      Owner:
         Type:  defect  |     Status:  needs_review
     Priority:  major   |  Milestone:  Tor: 0.2.4.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  023-backport tor-relay security
Actual Points:          |  Parent ID:
       Points:          |
------------------------+---------------------------------------------

Comment (by anon):

 Hi Nick,

 Regarding "Of course, this isn't really a fix, because when we first start
 Tor, we'll have no state file, and we'll use the default rand method after
 all. But wow, this junk sure made debugging hard."

 I created a BADENGINE that behaves like RdRand except uses libc rand() for
 testing purposes.  I ran the current git Tor on a clean run (no state
 file) and on subsequent runs.

 This confirmed that on the first run without state file, RdRand (or
 BADRAND) will be used by default, but every subsequent run it will not.
 Unfortunately first run might also generate long lived secrets depending
 on Tor config.

 Test setup used:
 http://www.openssl.org/source/openssl-1.0.1e.tar.gz
 with the BADENGINE patch:
 https://peertech.org/dist/openssl-1.0.1e-badrand-test.patch

 OpenSSL was built with:
 {{{
 ./Configure --prefix=/usr/local/test threads shared linux-x86_64
 }}}

 And Tor was built with:
 {{{
 ./configure --prefix=/usr/local/test \
  --with-openssl-dir=/usr/local/test \
  --disable-asciidoc \
  --with-tcmalloc
 }}}

 Tor was using config:
 {{{
 Log info stderr
 RunAsDaemon 0
 DataDirectory /usr/local/test/var/lib/tor
 HardwareAccel 1
 SocksPort 9060
 }}}

 The first run log is here:
  https://peertech.org/dist/tor-badrand-test-first-run.txt
 And the second:
  https://peertech.org/dist/tor-badrand-test-second-run.txt
 With the first showing use of "BADRAND invocation# ..." while the second
 and subsequent runs with a state file do NOT use the defaults engines for
 RAND.

 I am confirming your fix now...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10402#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list