mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 14:23:30 +01:00
Don't send a certificate chain on outgoing TLS connections from non-relays
This commit is contained in:
parent
a166f10414
commit
638fdedcf1
12
changes/issue-2011-10-19L
Normal file
12
changes/issue-2011-10-19L
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
o Security fixes:
|
||||||
|
|
||||||
|
- Don't send TLS certificate chains on outgoing OR connections
|
||||||
|
from clients and bridges. Previously, each client or bridge
|
||||||
|
would use a single cert chain for all outgoing OR connections
|
||||||
|
for up to 24 hours, which allowed any relay connected to by a
|
||||||
|
client or bridge to determine which entry guards it is using.
|
||||||
|
This is a potential user-tracing bug for *all* users; everyone
|
||||||
|
who uses Tor's client or hidden service functionality should
|
||||||
|
upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by
|
||||||
|
frosty_un.
|
||||||
|
|
@ -186,9 +186,11 @@ static X509* tor_tls_create_certificate(crypto_pk_env_t *rsa,
|
|||||||
static void tor_tls_unblock_renegotiation(tor_tls_t *tls);
|
static void tor_tls_unblock_renegotiation(tor_tls_t *tls);
|
||||||
static int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
|
static int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
|
||||||
crypto_pk_env_t *identity,
|
crypto_pk_env_t *identity,
|
||||||
unsigned int key_lifetime);
|
unsigned int key_lifetime,
|
||||||
|
int is_client);
|
||||||
static tor_tls_context_t *tor_tls_context_new(crypto_pk_env_t *identity,
|
static tor_tls_context_t *tor_tls_context_new(crypto_pk_env_t *identity,
|
||||||
unsigned int key_lifetime);
|
unsigned int key_lifetime,
|
||||||
|
int is_client);
|
||||||
|
|
||||||
/** Global TLS contexts. We keep them here because nobody else needs
|
/** Global TLS contexts. We keep them here because nobody else needs
|
||||||
* to touch them. */
|
* to touch them. */
|
||||||
@ -624,7 +626,7 @@ tor_tls_context_init(int is_public_server,
|
|||||||
|
|
||||||
rv1 = tor_tls_context_init_one(&server_tls_context,
|
rv1 = tor_tls_context_init_one(&server_tls_context,
|
||||||
server_identity,
|
server_identity,
|
||||||
key_lifetime);
|
key_lifetime, 0);
|
||||||
|
|
||||||
if (rv1 >= 0) {
|
if (rv1 >= 0) {
|
||||||
new_ctx = server_tls_context;
|
new_ctx = server_tls_context;
|
||||||
@ -640,7 +642,8 @@ tor_tls_context_init(int is_public_server,
|
|||||||
if (server_identity != NULL) {
|
if (server_identity != NULL) {
|
||||||
rv1 = tor_tls_context_init_one(&server_tls_context,
|
rv1 = tor_tls_context_init_one(&server_tls_context,
|
||||||
server_identity,
|
server_identity,
|
||||||
key_lifetime);
|
key_lifetime,
|
||||||
|
0);
|
||||||
} else {
|
} else {
|
||||||
tor_tls_context_t *old_ctx = server_tls_context;
|
tor_tls_context_t *old_ctx = server_tls_context;
|
||||||
server_tls_context = NULL;
|
server_tls_context = NULL;
|
||||||
@ -652,7 +655,8 @@ tor_tls_context_init(int is_public_server,
|
|||||||
|
|
||||||
rv2 = tor_tls_context_init_one(&client_tls_context,
|
rv2 = tor_tls_context_init_one(&client_tls_context,
|
||||||
client_identity,
|
client_identity,
|
||||||
key_lifetime);
|
key_lifetime,
|
||||||
|
1);
|
||||||
}
|
}
|
||||||
|
|
||||||
return rv1 < rv2 ? rv1 : rv2;
|
return rv1 < rv2 ? rv1 : rv2;
|
||||||
@ -669,10 +673,12 @@ tor_tls_context_init(int is_public_server,
|
|||||||
static int
|
static int
|
||||||
tor_tls_context_init_one(tor_tls_context_t **ppcontext,
|
tor_tls_context_init_one(tor_tls_context_t **ppcontext,
|
||||||
crypto_pk_env_t *identity,
|
crypto_pk_env_t *identity,
|
||||||
unsigned int key_lifetime)
|
unsigned int key_lifetime,
|
||||||
|
int is_client)
|
||||||
{
|
{
|
||||||
tor_tls_context_t *new_ctx = tor_tls_context_new(identity,
|
tor_tls_context_t *new_ctx = tor_tls_context_new(identity,
|
||||||
key_lifetime);
|
key_lifetime,
|
||||||
|
is_client);
|
||||||
tor_tls_context_t *old_ctx = *ppcontext;
|
tor_tls_context_t *old_ctx = *ppcontext;
|
||||||
|
|
||||||
if (new_ctx != NULL) {
|
if (new_ctx != NULL) {
|
||||||
@ -694,7 +700,8 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext,
|
|||||||
* certificate.
|
* certificate.
|
||||||
*/
|
*/
|
||||||
static tor_tls_context_t *
|
static tor_tls_context_t *
|
||||||
tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
|
tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
|
||||||
|
int is_client)
|
||||||
{
|
{
|
||||||
crypto_pk_env_t *rsa = NULL;
|
crypto_pk_env_t *rsa = NULL;
|
||||||
EVP_PKEY *pkey = NULL;
|
EVP_PKEY *pkey = NULL;
|
||||||
@ -711,6 +718,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
|
|||||||
goto error;
|
goto error;
|
||||||
if (crypto_pk_generate_key(rsa)<0)
|
if (crypto_pk_generate_key(rsa)<0)
|
||||||
goto error;
|
goto error;
|
||||||
|
if (!is_client) {
|
||||||
/* Create certificate signed by identity key. */
|
/* Create certificate signed by identity key. */
|
||||||
cert = tor_tls_create_certificate(rsa, identity, nickname, nn2,
|
cert = tor_tls_create_certificate(rsa, identity, nickname, nn2,
|
||||||
key_lifetime);
|
key_lifetime);
|
||||||
@ -721,12 +729,15 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
|
|||||||
log(LOG_WARN, LD_CRYPTO, "Error creating certificate");
|
log(LOG_WARN, LD_CRYPTO, "Error creating certificate");
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
result = tor_malloc_zero(sizeof(tor_tls_context_t));
|
result = tor_malloc_zero(sizeof(tor_tls_context_t));
|
||||||
result->refcnt = 1;
|
result->refcnt = 1;
|
||||||
|
if (!is_client) {
|
||||||
result->my_cert = X509_dup(cert);
|
result->my_cert = X509_dup(cert);
|
||||||
result->my_id_cert = X509_dup(idcert);
|
result->my_id_cert = X509_dup(idcert);
|
||||||
result->key = crypto_pk_dup_key(rsa);
|
result->key = crypto_pk_dup_key(rsa);
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef EVERYONE_HAS_AES
|
#ifdef EVERYONE_HAS_AES
|
||||||
/* Tell OpenSSL to only use TLS1 */
|
/* Tell OpenSSL to only use TLS1 */
|
||||||
@ -758,6 +769,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
|
|||||||
#ifdef SSL_MODE_RELEASE_BUFFERS
|
#ifdef SSL_MODE_RELEASE_BUFFERS
|
||||||
SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
|
SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
|
||||||
#endif
|
#endif
|
||||||
|
if (! is_client) {
|
||||||
if (cert && !SSL_CTX_use_certificate(result->ctx,cert))
|
if (cert && !SSL_CTX_use_certificate(result->ctx,cert))
|
||||||
goto error;
|
goto error;
|
||||||
X509_free(cert); /* We just added a reference to cert. */
|
X509_free(cert); /* We just added a reference to cert. */
|
||||||
@ -769,7 +781,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
|
|||||||
X509_free(idcert); /* The context now owns the reference to idcert */
|
X509_free(idcert); /* The context now owns the reference to idcert */
|
||||||
idcert = NULL;
|
idcert = NULL;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
|
SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
|
||||||
|
if (!is_client) {
|
||||||
tor_assert(rsa);
|
tor_assert(rsa);
|
||||||
if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,1)))
|
if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,1)))
|
||||||
goto error;
|
goto error;
|
||||||
@ -779,6 +793,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
|
|||||||
pkey = NULL;
|
pkey = NULL;
|
||||||
if (!SSL_CTX_check_private_key(result->ctx))
|
if (!SSL_CTX_check_private_key(result->ctx))
|
||||||
goto error;
|
goto error;
|
||||||
|
}
|
||||||
{
|
{
|
||||||
crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS);
|
crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS);
|
||||||
SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh));
|
SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh));
|
||||||
|
Loading…
Reference in New Issue
Block a user