diff options
author | Roger Dingledine <arma@torproject.org> | 2012-10-19 14:30:58 -0400 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2012-10-19 14:30:58 -0400 |
commit | 55cae7dbf17352b0556a4099bebca8acb88b329d (patch) | |
tree | 589e330695f079a46df961f7ccbbab35204b1985 | |
parent | 60d0964c9a015a8a90f88f1fcd07534937a867a4 (diff) | |
parent | 1cc06bd35e4203569ecc72ff314a1dd543f60651 (diff) | |
download | tor-55cae7dbf17352b0556a4099bebca8acb88b329d.tar.gz tor-55cae7dbf17352b0556a4099bebca8acb88b329d.zip |
Merge branch 'maint-0.2.3' into release-0.2.3
-rw-r--r-- | changes/bug7139 | 9 | ||||
-rw-r--r-- | changes/cve-2012-2249 | 5 | ||||
-rw-r--r-- | changes/dirserv-BUGGY-a | 7 | ||||
-rw-r--r-- | src/common/tortls.c | 8 | ||||
-rw-r--r-- | src/or/command.c | 1 | ||||
-rw-r--r-- | src/or/connection_or.c | 14 | ||||
-rw-r--r-- | src/or/connection_or.h | 1 | ||||
-rw-r--r-- | src/or/directory.c | 2 |
8 files changed, 45 insertions, 2 deletions
diff --git a/changes/bug7139 b/changes/bug7139 new file mode 100644 index 0000000000..dfb7d32838 --- /dev/null +++ b/changes/bug7139 @@ -0,0 +1,9 @@ + o Major bugfixes (security): + + - Disable TLS session tickets. OpenSSL's implementation were giving + our TLS session keys the lifetime of our TLS context objects, when + perfect forward secrecy would want us to discard anything that + could decrypt a link connection as soon as the link connection was + closed. Fixes bug 7139; bugfix on all versions of Tor linked + against OpenSSL 1.0.0 or later. Found by "nextgens". + diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249 new file mode 100644 index 0000000000..625bfa2f58 --- /dev/null +++ b/changes/cve-2012-2249 @@ -0,0 +1,5 @@ + o Major bugfixes (security): + - Discard extraneous renegotiation attempts once the V3 link + protocol has been initiated. Failure to do so left us open to + a remotely triggerable assertion failure. Fixes CVE-2012-2249; + bugfix on 0.2.3.6-alpha. Reported by "some guy from France". diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a new file mode 100644 index 0000000000..35b492a2d7 --- /dev/null +++ b/changes/dirserv-BUGGY-a @@ -0,0 +1,7 @@ + o Minor bugfixes: + + - Don't serve or accept v2 hidden service descriptors over a + relay's DirPort. It's never correct to do so, and disabling it + might make it more annoying to exploit any bugs that turn up in the + descriptor-parsing code. Fixes bug 7149. + diff --git a/src/common/tortls.c b/src/common/tortls.c index 53bcc98919..bec2c71232 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1195,6 +1195,14 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, #ifdef SSL_OP_NO_TLSv1_1 SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1); #endif + /* Disable TLS tickets if they're supported. We never want to use them; + * using them can make our perfect forward secrecy a little worse, *and* + * create an opportunity to fingerprint us (since it's unusual to use them + * with TLS sessions turned off). + */ +#ifdef SSL_OP_NO_TICKET + SSL_CTX_set_options(result->ctx, SSL_OP_NO_TICKET); +#endif if ( #ifdef DISABLE_SSL3_HANDSHAKE diff --git a/src/or/command.c b/src/or/command.c index d8a409bc27..975af046cd 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -649,6 +649,7 @@ enter_v3_handshake_with_cell(var_cell_t *cell, or_connection_t *conn) "Received a cell while TLS-handshaking, not in " "OR_HANDSHAKING_V3, on a connection we originated."); } + connection_or_block_renegotiation(conn); conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING_V3; if (connection_init_or_handshake_state(conn, started_here) < 0) { connection_mark_for_close(TO_CONN(conn)); diff --git a/src/or/connection_or.c b/src/or/connection_or.c index d016387935..6293fe881d 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1186,6 +1186,17 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving) return 0; } +/** Block all future attempts to renegotiate on 'conn' */ +void +connection_or_block_renegotiation(or_connection_t *conn) +{ + tor_tls_t *tls = conn->tls; + if (!tls) + return; + tor_tls_set_renegotiate_callback(tls, NULL, NULL); + tor_tls_block_renegotiation(tls); +} + /** Invoked on the server side from inside tor_tls_read() when the server * gets a successful TLS renegotiation from the client. */ static void @@ -1195,8 +1206,7 @@ connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn) (void)tls; /* Don't invoke this again. */ - tor_tls_set_renegotiate_callback(tls, NULL, NULL); - tor_tls_block_renegotiation(tls); + connection_or_block_renegotiation(conn); if (connection_tls_finish_handshake(conn) < 0) { /* XXXX_TLS double-check that it's ok to do this from inside read. */ diff --git a/src/or/connection_or.h b/src/or/connection_or.h index 3e98f5cce1..b78c444921 100644 --- a/src/or/connection_or.h +++ b/src/or/connection_or.h @@ -21,6 +21,7 @@ or_connection_t *connection_or_get_for_extend(const char *digest, int *launch_out); void connection_or_set_bad_connections(const char *digest, int force); +void connection_or_block_renegotiation(or_connection_t *conn); int connection_or_reached_eof(or_connection_t *conn); int connection_or_process_inbuf(or_connection_t *conn); int connection_or_flushed_some(or_connection_t *conn); diff --git a/src/or/directory.c b/src/or/directory.c index f1510b970a..f235bf3b41 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -3178,6 +3178,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers, } if (options->HidServDirectoryV2 && + connection_dir_is_encrypted(conn) && !strcmpstart(url,"/tor/rendezvous2/")) { /* Handle v2 rendezvous descriptor fetch request. */ const char *descp; @@ -3364,6 +3365,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers, /* Handle v2 rendezvous service publish request. */ if (options->HidServDirectoryV2 && + connection_dir_is_encrypted(conn) && !strcmpstart(url,"/tor/rendezvous2/publish")) { switch (rend_cache_store_v2_desc_as_dir(body)) { case -2: |