mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Merge remote-tracking branch 'tor-github/pr/911' into maint-0.3.5
This commit is contained in:
commit
955cf9620c
4
changes/29241_diagnostic
Normal file
4
changes/29241_diagnostic
Normal file
@ -0,0 +1,4 @@
|
||||
o Minor features (NSS, diagnostic):
|
||||
- Try to log an error from NSS (if there is any) and a more useful
|
||||
description of our situation if we are using NSS and a call to
|
||||
SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241.
|
6
changes/bug29241
Normal file
6
changes/bug29241
Normal file
@ -0,0 +1,6 @@
|
||||
o Major bugfixes (NSS, relay):
|
||||
- When running with NSS, disable TLS 1.2 ciphersuites that use SHA384
|
||||
for their PRF. Due to an NSS bug, the TLS key exporters for these
|
||||
ciphersuites don't work -- which caused relays to fail to handshake
|
||||
with one another when these ciphersuites were enabled.
|
||||
Fixes bug 29241; bugfix on 0.3.5.1-alpha.
|
@ -152,6 +152,32 @@ we_like_auth_type(SSLAuthType at)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Return true iff this ciphersuite will be hit by a mozilla bug 1312976,
|
||||
* which makes TLS key exporters not work with TLS 1.2 non-SHA256
|
||||
* ciphersuites.
|
||||
**/
|
||||
static bool
|
||||
ciphersuite_has_nss_export_bug(const SSLCipherSuiteInfo *info)
|
||||
{
|
||||
/* For more information on the bug, see
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=1312976 */
|
||||
|
||||
/* This bug only exists in TLS 1.2. */
|
||||
if (info->authType == ssl_auth_tls13_any)
|
||||
return false;
|
||||
|
||||
/* Sadly, there's no way to get this information from the
|
||||
* CipherSuiteInfo object itself other than by looking at the
|
||||
* name. */
|
||||
if (strstr(info->cipherSuiteName, "_SHA384") ||
|
||||
strstr(info->cipherSuiteName, "_SHA512")) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
tor_tls_context_t *
|
||||
tor_tls_context_new(crypto_pk_t *identity,
|
||||
unsigned int key_lifetime, unsigned flags, int is_client)
|
||||
@ -256,6 +282,12 @@ tor_tls_context_new(crypto_pk_t *identity,
|
||||
!we_like_mac_algorithm(info.macAlgorithm) ||
|
||||
!we_like_auth_type(info.authType)/* Requires NSS 3.24 */;
|
||||
|
||||
if (ciphersuite_has_nss_export_bug(&info)) {
|
||||
/* SSL_ExportKeyingMaterial will fail; we can't use this cipher.
|
||||
*/
|
||||
disable = 1;
|
||||
}
|
||||
|
||||
s = SSL_CipherPrefSet(ctx->ctx, ciphers[i],
|
||||
disable ? PR_FALSE : PR_TRUE);
|
||||
if (s != SECSuccess)
|
||||
@ -726,10 +758,18 @@ tor_tls_export_key_material,(tor_tls_t *tls, uint8_t *secrets_out,
|
||||
tor_assert(context_len <= UINT_MAX);
|
||||
|
||||
SECStatus s;
|
||||
/* Make sure that the error code is set here, so that we can be sure that
|
||||
* any error code set after a failure was in fact caused by
|
||||
* SSL_ExportKeyingMaterial. */
|
||||
PR_SetError(PR_UNKNOWN_ERROR, 0);
|
||||
s = SSL_ExportKeyingMaterial(tls->ssl,
|
||||
label, (unsigned)strlen(label),
|
||||
PR_TRUE, context, (unsigned)context_len,
|
||||
secrets_out, DIGEST256_LEN);
|
||||
if (s != SECSuccess) {
|
||||
tls_log_errors(tls, LOG_WARN, LD_CRYPTO,
|
||||
"exporting key material for a TLS handshake");
|
||||
}
|
||||
|
||||
return (s == SECSuccess) ? 0 : -1;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user