Startseite Erkunden Hilfe
Anmelden
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Quellcode durchsuchen

Merge remote-tracking branch 'tor-github/pr/911' into maint-0.3.5

teor vor 5 Jahren
Ursprung
3287cae68c 4dd96f7444
Commit
955cf9620c
3 geänderte Dateien mit 50 neuen und 0 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. 4 0
      changes/29241_diagnostic
  2. 6 0
      changes/bug29241
  3. 40 0
      src/lib/tls/tortls_nss.c

+ 4 - 0
changes/29241_diagnostic
Datei anzeigen 

@@ -0,0 +1,4 @@
 
+  o Minor features (NSS, diagnostic):
 
+    - Try to log an error from NSS (if there is any) and a more useful
 
+      description of our situation if we are using NSS and a call to
 
+      SSL_ExportKeyingMaterial() fails.  Diagnostic for ticket 29241.

+ 6 - 0
changes/bug29241
Datei anzeigen 

@@ -0,0 +1,6 @@
 
+  o Major bugfixes (NSS, relay):
 
+    - When running with NSS, disable TLS 1.2 ciphersuites that use SHA384
 
+      for their PRF. Due to an NSS bug, the TLS key exporters for these
 
+      ciphersuites don't work -- which caused relays to fail to handshake
 
+      with one another when these ciphersuites were enabled.
 
+      Fixes bug 29241; bugfix on 0.3.5.1-alpha.

+ 40 - 0
src/lib/tls/tortls_nss.c
Datei anzeigen 

@@ -152,6 +152,32 @@ we_like_auth_type(SSLAuthType at)
 
   }
 
 }
 
 
+/**
 
+ * Return true iff this ciphersuite will be hit by a mozilla bug 1312976,
 
+ * which makes TLS key exporters not work with TLS 1.2 non-SHA256
 
+ * ciphersuites.
 
+ **/
 
+static bool
 
+ciphersuite_has_nss_export_bug(const SSLCipherSuiteInfo *info)
 
+{
 
+  /* For more information on the bug, see
 
+     https://bugzilla.mozilla.org/show_bug.cgi?id=1312976 */
 
+
 
+  /* This bug only exists in TLS 1.2. */
 
+  if (info->authType == ssl_auth_tls13_any)
 
+    return false;
 
+
 
+  /* Sadly, there's no way to get this information from the
 
+   * CipherSuiteInfo object itself other than by looking at the
 
+   * name.  */
 
+  if (strstr(info->cipherSuiteName, "_SHA384") ||
 
+      strstr(info->cipherSuiteName, "_SHA512")) {
 
+    return true;
 
+  }
 
+
 
+  return false;
 
+}
 
+
 
 tor_tls_context_t *
 
 tor_tls_context_new(crypto_pk_t *identity,
 
                     unsigned int key_lifetime, unsigned flags, int is_client)
 
@@ -256,6 +282,12 @@ tor_tls_context_new(crypto_pk_t *identity,
 
         !we_like_mac_algorithm(info.macAlgorithm) ||
 
         !we_like_auth_type(info.authType)/* Requires NSS 3.24 */;
 
 
+      if (ciphersuite_has_nss_export_bug(&info)) {
 
+        /* SSL_ExportKeyingMaterial will fail; we can't use this cipher.
 
+         */
 
+        disable = 1;
 
+      }
 
+
 
       s = SSL_CipherPrefSet(ctx->ctx, ciphers[i],
 
                             disable ? PR_FALSE : PR_TRUE);
 
       if (s != SECSuccess)
 
@@ -726,10 +758,18 @@ tor_tls_export_key_material,(tor_tls_t *tls, uint8_t *secrets_out,
 
   tor_assert(context_len <= UINT_MAX);
 
 
   SECStatus s;
 
+  /* Make sure that the error code is set here, so that we can be sure that
 
+   * any error code set after a failure was in fact caused by
 
+   * SSL_ExportKeyingMaterial. */
 
+  PR_SetError(PR_UNKNOWN_ERROR, 0);
 
   s = SSL_ExportKeyingMaterial(tls->ssl,
 
                                label, (unsigned)strlen(label),
 
                                PR_TRUE, context, (unsigned)context_len,
 
                                secrets_out, DIGEST256_LEN);
 
+  if (s != SECSuccess) {
 
+    tls_log_errors(tls, LOG_WARN, LD_CRYPTO,
 
+                   "exporting key material for a TLS handshake");
 
+  }
 
 
   return (s == SECSuccess) ? 0 : -1;
 
 }