mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
This commit is contained in:
commit
ccd8289958
13
changes/bug4822
Normal file
13
changes/bug4822
Normal file
@ -0,0 +1,13 @@
|
||||
o Major security workaround:
|
||||
- When building or running with any version of OpenSSL earlier
|
||||
than 0.9.8s or 1.0.0f, disable SSLv3 support. These versions had
|
||||
a bug (CVE-2011-4576) in which their block cipher padding
|
||||
included uninitialized data, potentially leaking sensitive
|
||||
information to any peer with whom they made a SSLv3
|
||||
connection. Tor does not use SSL v3 by default, but a hostile
|
||||
client or server could force an SSLv3 connection in order to
|
||||
gain information that they shouldn't have been able to get. The
|
||||
best solution here is to upgrade to OpenSSL 0.9.8s or 1.0.0f (or
|
||||
later). But when building or running with a non-upgraded
|
||||
OpenSSL, we should instead make sure that the bug can't happen
|
||||
by disabling SSLv3 entirely.
|
@ -68,6 +68,16 @@
|
||||
|
||||
#define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer")
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x0090813fL || \
|
||||
(OPENSSL_VERSION_NUMBER >= 0x00909000L && \
|
||||
OPENSSL_VERSION_NUMBER < 0x1000006fL))
|
||||
/* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have
|
||||
* the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and
|
||||
* SSL3 safely at the same time.
|
||||
*/
|
||||
#define DISABLE_SSL3_HANDSHAKE
|
||||
#endif
|
||||
|
||||
/* We redefine these so that we can run correctly even if the vendor gives us
|
||||
* a version of OpenSSL that does not match its header files. (Apple: I am
|
||||
* looking at you.)
|
||||
@ -766,16 +776,37 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
|
||||
result->key = crypto_pk_dup_key(rsa);
|
||||
}
|
||||
|
||||
#ifdef EVERYONE_HAS_AES
|
||||
/* Tell OpenSSL to only use TLS1 */
|
||||
#if 0
|
||||
/* Tell OpenSSL to only use TLS1. This would actually break compatibility
|
||||
* with clients that are configured to use SSLv23_method(), so we should
|
||||
* probably never use it.
|
||||
*/
|
||||
if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
|
||||
goto error;
|
||||
#else
|
||||
#endif
|
||||
|
||||
/* Tell OpenSSL to use SSL3 or TLS1 but not SSL2. */
|
||||
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
|
||||
goto error;
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
|
||||
|
||||
if (
|
||||
#ifdef DISABLE_SSL3_HANDSHAKE
|
||||
1 ||
|
||||
#endif
|
||||
SSLeay() < 0x0090813fL ||
|
||||
(SSLeay() >= 0x00909000L &&
|
||||
SSLeay() < 0x1000006fL)) {
|
||||
/* And not SSL3 if it's subject to CVE-2011-4657. */
|
||||
log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version "
|
||||
"might otherwise be vulnerable to CVE-2011-4657 "
|
||||
"(compile-time version %08lx (%s); "
|
||||
"runtime version %08lx (%s))",
|
||||
OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
|
||||
SSLeay(), SSLeay_version(SSLEAY_VERSION));
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
|
||||
}
|
||||
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
|
||||
|
||||
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
|
||||
|
Loading…
Reference in New Issue
Block a user