Bug 140409
| Summary: | Cannot work ports/security/tor-devel + openssl-0.9.8l | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Andrei V. Lavreniyuk <andy.lavr> | ||||
| Component: | Individual Port(s) | Assignee: | Martin Wilke <miwi> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Andrei V. Lavreniyuk
2009-11-09 10:00:13 UTC
Maintainer of security/tor-devel,
Please note that PR ports/140409 has just been submitted.
If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.
The full text of the PR can be found at:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/140409
--
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool) Responsible Changed From-To: freebsd-ports-bugs->miwi I'll take it. Hi! http://archives.seul.org/or/cvs/Nov-2009/msg00030.html Patch FreeBSD port - ports/security/tor-devel: ----------------------- --- src/common/tortls.c +++ src/common/tortls.c @@ -154,6 +154,7 @@ const char *cname, const char *cname_sign, unsigned int lifetime); +static void tor_tls_unblock_renegotiation(tor_tls_t *tls); /** Global tls context. We keep it here because nobody else needs to * touch it. */ @@ -927,6 +928,36 @@ #endif } +/** If this version of openssl requires it, turn on renegotiation on + * <b>tls</b>. (Our protocol never requires this for security, but it's nice + * to use belt-and-suspenders here.) + */ +static void +tor_tls_unblock_renegotiation(tor_tls_t *tls) +{ +#ifdef SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + /* Yes, we know what we are doing here. No, we do not treat a renegotiation + * as authenticating any earlier-received data. */ + tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; +#else + (void)tls; +#endif +} + +/** If this version of openssl supports it, turn off renegotiation on + * <b>tls</b>. (Our protocol never requires this for security, but it's nice + * to use belt-and-suspenders here.) + */ +void +tor_tls_block_renegotiation(tor_tls_t *tls) +{ +#ifdef SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + tls->ssl->s3->flags &= ~SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; +#else + (void)tls; +#endif +} + /** Return whether this tls initiated the connect (client) or * received it (server). */ int @@ -1058,6 +1089,9 @@ if (oldstate != tls->ssl->state) log_debug(LD_HANDSHAKE, "After call, %p was in state %s", tls, ssl_state_to_string(tls->ssl->state)); + /* We need to call this here and not earlier, since OpenSSL has a penchant + * for clearing its flags when you say accept or connect. */ + tor_tls_unblock_renegotiation(tls); r = tor_tls_get_error(tls,r,0, "handshaking", LOG_INFO, LD_HANDSHAKE); if (ERR_peek_error() != 0) { tls_log_errors(tls, tls->isServer ? LOG_INFO : LOG_WARN, LD_HANDSHAKE, --- src/common/tortls.h +++ src/common/tortls.h @@ -65,6 +65,7 @@ int tor_tls_read(tor_tls_t *tls, char *cp, size_t len); int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n); int tor_tls_handshake(tor_tls_t *tls); int tor_tls_renegotiate(tor_tls_t *tls); +void tor_tls_block_renegotiation(tor_tls_t *tls); int tor_tls_shutdown(tor_tls_t *tls); int tor_tls_get_pending_bytes(tor_tls_t *tls); size_t tor_tls_get_forced_write_size(tor_tls_t *tls); --- src/or/connection_or.c +++ src/or/connection_or.c @@ -844,6 +844,7 @@ connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn) /* Don't invoke this again. */ tor_tls_set_renegotiate_callback(tls, NULL, NULL); + tor_tls_block_renegotiation(tls); if (connection_tls_finish_handshake(conn) < 0) { /* XXXX_TLS double-check that it's ok to do this from inside read. */ @@ -1087,6 +1088,7 @@ connection_tls_finish_handshake(or_connection_t *conn) connection_or_init_conn_from_address(conn, &conn->_base.addr, conn->_base.port, digest_rcvd, 0); } + tor_tls_block_renegotiation(conn->tls); return connection_or_set_state_open(conn); } else { conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING; -------------------- -- Best regards, Andrei V. Lavreniyuk. I have no way to test this (and broke my damn foot this morning) but if it looks ok then approved. NOTE: Is this even needed? My assumption is the tor folk will fix this in the next release and not sure this is a security bug. -Peter On 11/9/09, Peter Thoenen <peter.thoenen@yahoo.com> wrote: > I have no way to test this (and broke my damn foot this morning) but if > it looks ok then approved. > > NOTE: Is this even needed? My assumption is the tor folk will fix this > in the next release and not sure this is a security bug. > > -Peter > Ouch. I hope you're better soon. Like I wrote in my earlier private email, tor works safely with the openssl from the base system. But if you use the openssl from the base system, you have to use it for all ports, not just tor (unless you make some local changes). And other ports may be vulnerable if they use the now unpatched openssl from the base system. So it's a security problem in that sense. If you try to make the other ports safe by switching to the new openssl from ports, you break tor. The tor developers adopted one of the solutions I mentioned (and the one that seems to have been used in this PR) in the latest sources, which will probably be used in the next release, but for now it is broken. I'm willing to wait for the new release (I've fixed it on my system :) ), but I don't know if everyone else is, so I thought I'd let you know, and that is why I wrote my earlier message. b. Please consider instead the following patch, which updates the port to 0.2.2.6-alpha. This includes ssl/tls changes, so that with this update, tor-devel should work with both the base system and port versions of openssl. I also changed the regression-test target to a test target, so that a failed timeout assertion in the util/threads regression test on -CURRENT doesn't break builds on some tinderboxes that run the regression-test target automatically. As usual, gmail may automatically encode this patch in base-64, so try to decode the patch if it appears garbled. b. Approved .. one day I will settle now and have normal internet so I can get back to using FBSD :) -Peter State Changed From-To: feedback->closed Committed. Thanks! |
