[tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello

[Tor Bug Tracker & Wiki]

#7277: timestamp leaked in TLS client hello
------------------------+---------------------------------------------------
 Reporter:  proper      |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.5.x-final
Component:  Tor         |        Version:                    
 Keywords:  tor-client  |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by nickm):

 The only options I see for doing this without a SSL patch are pretty
 questionable:

   1) Override time() when ssl3_client_hello() might be getting called,

   2) Override RAND_bytes and RAND_pseudo_bytes to see when they're getting
 called with a pointer that happens to be 4 bytes from the start of a the
 s3->client_random field of an SSL object, and if so, overwrite the first 4
 bytes as well.

 To do the first one, you need a portable way to override libc/system
 calls.

 To do the second one, you can override RAND_* with RAND_set_rand_method.
 You'd want to have the rand_engine implementation call the methods from
 RAND_get_rand_method.  To keep track of which pointers deserve the "write
 4 extra bytes" treatment, you'd want to do something clever with some data
 structure to determine whether a pointer matches the value of some
 ssl->s3->client_random + 4.  I *think* that client_random is allocated
 when the SSL structure is allocated, and that it doesn't change, but we
 should definitely examine that more closely.

 Be aware that multiple ClientHello messages can get sent for a single SSL,
 if renegotiation happens.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7277#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online