[tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 29 13:27:21 UTC 2013

#7277: timestamp leaked in TLS client hello
 Reporter:  proper      |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.5.x-final
Component:  Tor         |        Version:                    
 Keywords:  tor-client  |         Parent:                    
   Points:              |   Actualpoints:                    

Comment(by nickm):

 The only options I see for doing this without a SSL patch are pretty

   1) Override time() when ssl3_client_hello() might be getting called,

   2) Override RAND_bytes and RAND_pseudo_bytes to see when they're getting
 called with a pointer that happens to be 4 bytes from the start of a the
 s3->client_random field of an SSL object, and if so, overwrite the first 4
 bytes as well.

 To do the first one, you need a portable way to override libc/system

 To do the second one, you can override RAND_* with RAND_set_rand_method.
 You'd want to have the rand_engine implementation call the methods from
 RAND_get_rand_method.  To keep track of which pointers deserve the "write
 4 extra bytes" treatment, you'd want to do something clever with some data
 structure to determine whether a pointer matches the value of some
 ssl->s3->client_random + 4.  I *think* that client_random is allocated
 when the SSL structure is allocated, and that it doesn't change, but we
 should definitely examine that more closely.

 Be aware that multiple ClientHello messages can get sent for a single SSL,
 if renegotiation happens.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7277#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list