aboutsummaryrefslogtreecommitdiff
path: root/src/lib/tls
diff options
context:
space:
mode:
authorAlexander Færøy <ahf@torproject.org>2023-11-02 14:38:43 -0400
committerDavid Goulet <dgoulet@torproject.org>2023-11-03 08:52:38 -0400
commit7aa496a2e057bb7c3cc284a04a1a4d2941c304f1 (patch)
tree95410b0f0a3e11175e3540a1e1235b1c7e5cf3d7 /src/lib/tls
parentd7777c121c93e4155236e8334bb12bec575ad8b6 (diff)
downloadtor-7aa496a2e057bb7c3cc284a04a1a4d2941c304f1.tar.gz
tor-7aa496a2e057bb7c3cc284a04a1a4d2941c304f1.zip
Fix TROVE-2023-004: Remote crash when compiled against OpenSSL
Fixes #40874 Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/lib/tls')
-rw-r--r--src/lib/tls/tortls_openssl.c32
1 files changed, 29 insertions, 3 deletions
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 77de2d6a11..f3257d5f24 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -1649,9 +1649,35 @@ tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out))
const size_t client_random_len = SSL_get_client_random(ssl, NULL, 0);
const size_t master_key_len = SSL_SESSION_get_master_key(session, NULL, 0);
- tor_assert(server_random_len);
- tor_assert(client_random_len);
- tor_assert(master_key_len);
+ if (BUG(! server_random_len)) {
+ log_warn(LD_NET, "Missing server randomness after handshake "
+ "using %s (cipher: %s, server: %s) from %s",
+ SSL_get_version(ssl),
+ SSL_get_cipher_name(ssl),
+ tls->isServer ? "true" : "false",
+ ADDR(tls));
+ return -1;
+ }
+
+ if (BUG(! client_random_len)) {
+ log_warn(LD_NET, "Missing client randomness after handshake "
+ "using %s (cipher: %s, server: %s) from %s",
+ SSL_get_version(ssl),
+ SSL_get_cipher_name(ssl),
+ tls->isServer ? "true" : "false",
+ ADDR(tls));
+ return -1;
+ }
+
+ if (BUG(! master_key_len)) {
+ log_warn(LD_NET, "Missing master key after handshake "
+ "using %s (cipher: %s, server: %s) from %s",
+ SSL_get_version(ssl),
+ SSL_get_cipher_name(ssl),
+ tls->isServer ? "true" : "false",
+ ADDR(tls));
+ return -1;
+ }
len = client_random_len + server_random_len + strlen(TLSSECRET_MAGIC) + 1;
tor_assert(len <= sizeof(buf));