Merge remote-tracking branch 'origin/maint-0.2.5' into release-0.2.5

10 files changed, 87 insertions, 12 deletions

diff --git a/changes/13295 b/changes/13295
new file mode 100644
index 0000000000..433432595f
--- /dev/null
+++ b/changes/13295
@@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - Disable sandbox name resolver cache when running tor-resolve:
+      tor-resolve doesn't use the sandbox code, and turning it on was
+      breaking attempts to do tor-resolve on a non-default server on
+      Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
diff --git a/changes/bug13325 b/changes/bug13325
new file mode 100644
index 0000000000..b1da4d0bd5
--- /dev/null
+++ b/changes/bug13325
@@ -0,0 +1,4 @@
+  o Compilation fixes:
+    - Build and run correctly on systems like OpenBSD-current that
+      have patched OpenSSL to remove get_cipher_by_char and/or its
+      implementations. Fixes issue 13325.
diff --git a/changes/bug8093 b/changes/bug8093
new file mode 100644
index 0000000000..f0fbc618c2
--- /dev/null
+++ b/changes/bug8093
@@ -0,0 +1,3 @@
+  o Downgraded warnings:
+    - Downgrade the severity of the 'unexpected sendme cell from client' from
+      'warn' to 'protocol warning'. Closes ticket 8093.
diff --git a/changes/disable_sslv3 b/changes/disable_sslv3
new file mode 100644
index 0000000000..bb4c2df7a2
--- /dev/null
+++ b/changes/disable_sslv3
@@ -0,0 +1,4 @@
+  o Major security fixes:
+    - Disable support for SSLv3. All versions of OpenSSL in use with
+      Tor today support TLS 1.0 or later, so we can safely turn off
+      support for this old (and insecure) protocol. Fixes bug 13426.
diff --git a/configure.ac b/configure.ac
index fde643129e..e0cabc5d57 100644
--- a/configure.ac
+++ b/configure.ac
@@ -578,6 +578,10 @@ else
 fi
 AC_SUBST(TOR_OPENSSL_LIBS)
 
+AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
+[#include <openssl/ssl.h>
+])
+
 dnl ------------------------------------------------------
 dnl Where do you live, zlib?  And how do we call you?
 
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 05b91be7be..dbbaa59d7c 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1385,6 +1385,18 @@ HT_GENERATE(getaddrinfo_cache, cached_getaddrinfo_item_t, node,
             cached_getaddrinfo_items_eq,
             0.6, tor_malloc_, tor_realloc_, tor_free_);
 
+/** If true, don't try to cache getaddrinfo results. */
+static int sandbox_getaddrinfo_cache_disabled = 0;
+
+/** Tell the sandbox layer not to try to cache getaddrinfo results. Used as in
+ * tor-resolve, when we have no intention of initializing crypto or of
+ * installing the sandbox.*/
+void
+sandbox_disable_getaddrinfo_cache(void)
+{
+  sandbox_getaddrinfo_cache_disabled = 1;
+}
+
 int
 sandbox_getaddrinfo(const char *name, const char *servname,
                     const struct addrinfo *hints,
@@ -1393,6 +1405,10 @@ sandbox_getaddrinfo(const char *name, const char *servname,
   int err;
   struct cached_getaddrinfo_item_t search, *item;
 
+  if (sandbox_getaddrinfo_cache_disabled) {
+    return getaddrinfo(name, NULL, hints, res);
+  }
+
   if (servname != NULL) {
     log_warn(LD_BUG, "called with non-NULL servname");
     return EAI_NONAME;
@@ -1834,5 +1850,10 @@ sandbox_is_active(void)
 {
   return 0;
 }
+
+void
+sandbox_disable_getaddrinfo_cache(void)
+{
+}
 #endif
 
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index 20d5d5080c..35d87772fd 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -208,5 +208,7 @@ int sandbox_init(sandbox_cfg_t* cfg);
 /** Return true iff the sandbox is turned on. */
 int sandbox_is_active(void);
 
+void sandbox_disable_getaddrinfo_cache(void);
+
 #endif /* SANDBOX_H_ */
 
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 4fd9bba380..999d97131c 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1245,10 +1245,11 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
     goto error;
 #endif
 
-  /* Tell OpenSSL to use SSL3 or TLS1 but not SSL2. */
+  /* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */
   if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
     goto error;
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
+  SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
 
   /* Prefer the server's ordering of ciphers: the client's ordering has
   * historically been chosen for fingerprinting resistance. */
@@ -1287,6 +1288,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
   }
 #endif
 
+  /* XXX This block is now obsolete. */
   if (
 #ifdef DISABLE_SSL3_HANDSHAKE
       1 ||
@@ -1468,6 +1470,43 @@ static uint16_t v2_cipher_list[] = {
 /** Have we removed the unrecognized ciphers from v2_cipher_list yet? */
 static int v2_cipher_list_pruned = 0;
 
+/** Return 0 if <b>m</b> does not support the cipher with ID <b>cipher</b>;
+ * return 1 if it does support it, or if we have no way to tell. */
+static int
+find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
+{
+  const SSL_CIPHER *c;
+#ifdef HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR
+  if (m && m->get_cipher_by_char) {
+    unsigned char cipherid[3];
+    set_uint16(cipherid, htons(cipher));
+    cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
+                      * with a two-byte 'cipherid', it may look for a v2
+                      * cipher with the appropriate 3 bytes. */
+    c = m->get_cipher_by_char(cipherid);
+    if (c)
+      tor_assert((c->id & 0xffff) == cipher);
+    return c != NULL;
+  } else
+#endif
+  if (m && m->get_cipher && m->num_ciphers) {
+    /* It would seem that some of the "let's-clean-up-openssl" forks have
+     * removed the get_cipher_by_char function.  Okay, so now you get a
+     * quadratic search.
+     */
+    int i;
+    for (i = 0; i < m->num_ciphers(); ++i) {
+      c = m->get_cipher(i);
+      if (c && (c->id & 0xffff) == cipher) {
+        return 1;
+      }
+    }
+    return 0;
+  } else {
+    return 1; /* No way to search */
+  }
+}
+
 /** Remove from v2_cipher_list every cipher that we don't support, so that
  * comparing v2_cipher_list to a client's cipher list will give a sensible
  * result. */
@@ -1479,16 +1518,7 @@ prune_v2_cipher_list(void)
 
   inp = outp = v2_cipher_list;
   while (*inp) {
-    unsigned char cipherid[3];
-    const SSL_CIPHER *cipher;
-    /* Is there no better way to do this? */
-    set_uint16(cipherid, htons(*inp));
-    cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
-                      * with a two-byte 'cipherid', it may look for a v2
-                      * cipher with the appropriate 3 bytes. */
-    cipher = m->get_cipher_by_char(cipherid);
-    if (cipher) {
-      tor_assert((cipher->id & 0xffff) == *inp);
+    if (find_cipher_by_id(m, *inp)) {
       *outp++ = *inp++;
     } else {
       inp++;
diff --git a/src/or/relay.c b/src/or/relay.c
index 4d71157db8..9407df0559 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1718,7 +1718,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
           if (circ->package_window + CIRCWINDOW_INCREMENT >
                 CIRCWINDOW_START_MAX) {
             static struct ratelim_t client_warn_ratelim = RATELIM_INIT(600);
-            log_fn_ratelim(&client_warn_ratelim, LOG_WARN, LD_PROTOCOL,
+            log_fn_ratelim(&client_warn_ratelim,LOG_PROTOCOL_WARN, LD_PROTOCOL,
                    "Unexpected sendme cell from client. "
                    "Closing circ (window %d).",
                    circ->package_window);
diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c
index 306f6c66ab..480c7e52ca 100644
--- a/src/tools/tor-resolve.c
+++ b/src/tools/tor-resolve.c
@@ -8,6 +8,7 @@
 #include "../common/util.h"
 #include "address.h"
 #include "../common/torlog.h"
+#include "sandbox.h"
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -344,6 +345,7 @@ main(int argc, char **argv)
   log_severity_list_t *s = tor_malloc_zero(sizeof(log_severity_list_t));
 
   init_logging();
+  sandbox_disable_getaddrinfo_cache();
 
   arg = &argv[1];
   n_args = argc-1;