nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 14:23:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't send a certificate chain on outgoing TLS connections from non-relays

Browse Source
This commit is contained in:
Nick Mathewson 2011-10-23 16:06:06 +00:00 committed by Sebastian Hahn
parent a166f10414
commit 638fdedcf1
2 changed files with 66 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
changes/issue-2011-10-19L Normal file
View File

@ -0,0 +1,12 @@
o Security fixes:
- Don't send TLS certificate chains on outgoing OR connections
from clients and bridges. Previously, each client or bridge
would use a single cert chain for all outgoing OR connections
for up to 24 hours, which allowed any relay connected to by a
client or bridge to determine which entry guards it is using.
This is a potential user-tracing bug for *all* users; everyone
who uses Tor's client or hidden service functionality should
upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by
frosty_un.

93
src/common/tortls.c
View File

@ -186,9 +186,11 @@ static X509* tor_tls_create_certificate(crypto_pk_env_t *rsa,
static void tor_tls_unblock_renegotiation(tor_tls_t *tls); static void tor_tls_unblock_renegotiation(tor_tls_t *tls);
static int tor_tls_context_init_one(tor_tls_context_t **ppcontext, static int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
crypto_pk_env_t *identity, crypto_pk_env_t *identity,
unsigned int key_lifetime); unsigned int key_lifetime,
int is_client);
static tor_tls_context_t *tor_tls_context_new(crypto_pk_env_t *identity, static tor_tls_context_t *tor_tls_context_new(crypto_pk_env_t *identity,
unsigned int key_lifetime); unsigned int key_lifetime,
int is_client);
/** Global TLS contexts. We keep them here because nobody else needs /** Global TLS contexts. We keep them here because nobody else needs
* to touch them. */ * to touch them. */
@ -624,7 +626,7 @@ tor_tls_context_init(int is_public_server,
rv1 = tor_tls_context_init_one(&server_tls_context, rv1 = tor_tls_context_init_one(&server_tls_context,
server_identity, server_identity,
key_lifetime); key_lifetime, 0);
if (rv1 >= 0) { if (rv1 >= 0) {
new_ctx = server_tls_context; new_ctx = server_tls_context;
@ -640,7 +642,8 @@ tor_tls_context_init(int is_public_server,
if (server_identity != NULL) { if (server_identity != NULL) {
rv1 = tor_tls_context_init_one(&server_tls_context, rv1 = tor_tls_context_init_one(&server_tls_context,
server_identity, server_identity,
key_lifetime); key_lifetime,
0);
} else { } else {
tor_tls_context_t *old_ctx = server_tls_context; tor_tls_context_t *old_ctx = server_tls_context;
server_tls_context = NULL; server_tls_context = NULL;
@ -652,7 +655,8 @@ tor_tls_context_init(int is_public_server,
rv2 = tor_tls_context_init_one(&client_tls_context, rv2 = tor_tls_context_init_one(&client_tls_context,
client_identity, client_identity,
key_lifetime); key_lifetime,
1);
} }
return rv1 < rv2 ? rv1 : rv2; return rv1 < rv2 ? rv1 : rv2;
@ -669,10 +673,12 @@ tor_tls_context_init(int is_public_server,
static int static int
tor_tls_context_init_one(tor_tls_context_t **ppcontext, tor_tls_context_init_one(tor_tls_context_t **ppcontext,
crypto_pk_env_t *identity, crypto_pk_env_t *identity,
unsigned int key_lifetime) unsigned int key_lifetime,
int is_client)
{ {
tor_tls_context_t *new_ctx = tor_tls_context_new(identity, tor_tls_context_t *new_ctx = tor_tls_context_new(identity,
key_lifetime); key_lifetime,
is_client);
tor_tls_context_t *old_ctx = *ppcontext; tor_tls_context_t *old_ctx = *ppcontext;
if (new_ctx != NULL) { if (new_ctx != NULL) {
@ -694,7 +700,8 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext,
* certificate. * certificate.
*/ */
static tor_tls_context_t * static tor_tls_context_t *
tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
int is_client)
{ {
crypto_pk_env_t *rsa = NULL; crypto_pk_env_t *rsa = NULL;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
@ -711,22 +718,26 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
goto error; goto error;
if (crypto_pk_generate_key(rsa)<0) if (crypto_pk_generate_key(rsa)<0)
goto error; goto error;
/* Create certificate signed by identity key. */ if (!is_client) {
cert = tor_tls_create_certificate(rsa, identity, nickname, nn2, /* Create certificate signed by identity key. */
key_lifetime); cert = tor_tls_create_certificate(rsa, identity, nickname, nn2,
/* Create self-signed certificate for identity key. */ key_lifetime);
idcert = tor_tls_create_certificate(identity, identity, nn2, nn2, /* Create self-signed certificate for identity key. */
IDENTITY_CERT_LIFETIME); idcert = tor_tls_create_certificate(identity, identity, nn2, nn2,
if (!cert || !idcert) { IDENTITY_CERT_LIFETIME);
log(LOG_WARN, LD_CRYPTO, "Error creating certificate"); if (!cert || !idcert) {
goto error; log(LOG_WARN, LD_CRYPTO, "Error creating certificate");
goto error;
}
} }
result = tor_malloc_zero(sizeof(tor_tls_context_t)); result = tor_malloc_zero(sizeof(tor_tls_context_t));
result->refcnt = 1; result->refcnt = 1;
result->my_cert = X509_dup(cert); if (!is_client) {
result->my_id_cert = X509_dup(idcert); result->my_cert = X509_dup(cert);
result->key = crypto_pk_dup_key(rsa); result->my_id_cert = X509_dup(idcert);
result->key = crypto_pk_dup_key(rsa);
}
#ifdef EVERYONE_HAS_AES #ifdef EVERYONE_HAS_AES
/* Tell OpenSSL to only use TLS1 */ /* Tell OpenSSL to only use TLS1 */
@ -758,27 +769,31 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
#ifdef SSL_MODE_RELEASE_BUFFERS #ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS); SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
#endif #endif
if (cert && !SSL_CTX_use_certificate(result->ctx,cert)) if (! is_client) {
goto error; if (cert && !SSL_CTX_use_certificate(result->ctx,cert))
X509_free(cert); /* We just added a reference to cert. */ goto error;
cert=NULL; X509_free(cert); /* We just added a reference to cert. */
if (idcert) { cert=NULL;
X509_STORE *s = SSL_CTX_get_cert_store(result->ctx); if (idcert) {
tor_assert(s); X509_STORE *s = SSL_CTX_get_cert_store(result->ctx);
X509_STORE_add_cert(s, idcert); tor_assert(s);
X509_free(idcert); /* The context now owns the reference to idcert */ X509_STORE_add_cert(s, idcert);
idcert = NULL; X509_free(idcert); /* The context now owns the reference to idcert */
idcert = NULL;
}
} }
SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF); SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
tor_assert(rsa); if (!is_client) {
if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,1))) tor_assert(rsa);
goto error; if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,1)))
if (!SSL_CTX_use_PrivateKey(result->ctx, pkey)) goto error;
goto error; if (!SSL_CTX_use_PrivateKey(result->ctx, pkey))
EVP_PKEY_free(pkey); goto error;
pkey = NULL; EVP_PKEY_free(pkey);
if (!SSL_CTX_check_private_key(result->ctx)) pkey = NULL;
goto error; if (!SSL_CTX_check_private_key(result->ctx))
goto error;
}
{ {
crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS); crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS);
SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh)); SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh));