Skip to content
Snippets Groups Projects
  1. Jul 09, 2020
  2. Jul 08, 2020
  3. Jul 07, 2020
  4. Jul 06, 2020
    • Nick Mathewson's avatar
      Start a changelog for 0.3.5.11 · b66953a3
      Nick Mathewson authored
      b66953a3
    • Nick Mathewson's avatar
      5463ba85
    • Alexander Hansen Færøy's avatar
      Use ((x + 7) >> 3) instead of (x >> 3) when converting from bits to bytes. · 7b2d1070
      Alexander Hansen Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch changes our bits-to-bytes conversion logic in the NSS
      implementation of `tor_tls_cert_matches_key()` from using (x >> 3) to
      ((x + 7) >> 3) since DER bit-strings are allowed to contain a number of
      bits that is not a multiple of 8.
      
      Additionally, we add a comment on why we cannot use the
      `DER_ConvertBitString()` macro from NSS, as we would potentially apply
      the bits-to-bytes conversion logic twice, which would lead to an
      insignificant amount of bytes being compared in
      `SECITEM_ItemsAreEqual()` and thus turn the logic into being a
      prefix match instead of a full match.
      
      The `DER_ConvertBitString()` macro is defined in NSS as:
      
          /*
          ** Macro to convert der decoded bit string into a decoded octet
          ** string. All it needs to do is fiddle with the length code.
          */
          #define DER_ConvertBitString(item)            \
              {                                         \
                  (item)->len = ((item)->len + 7) >> 3; \
              }
      
      Thanks to Taylor Yu for spotting this problem.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      7b2d1070
    • Alexander Hansen Færøy's avatar
      Add constness to length variables in `tor_tls_cert_matches_key`. · 06f1e959
      Alexander Hansen Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
      `tor_tls_cert_matches_key` to ensure that we don't accidentally alter
      the variables.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      06f1e959
    • Alexander Hansen Færøy's avatar
      Fix out-of-bound memory read in `tor_tls_cert_matches_key()` for NSS. · b46984e9
      Alexander Hansen Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch fixes an out-of-bound memory read in
      `tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS
      instead of OpenSSL.
      
      The NSS library stores some length fields in bits instead of bytes, but
      the comparison function found in `SECITEM_ItemsAreEqual()` needs the
      length to be encoded in bytes. This means that for a 140-byte,
      DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key
      in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120
      bytes instead of 140 (140bytes * 8bits = 1120bits).
      
      This patch fixes the issue by converting from bits to bytes before
      calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to
      bits before we leave the function.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      b46984e9
    • Alexander Hansen Færøy's avatar
      Run `tor_tls_cert_matches_key()` Test Suite with both OpenSSL and NSS. · 33e1c2e6
      Alexander Hansen Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch lifts the `tor_tls_cert_matches_key()` tests out of the
      OpenSSL specific TLS test suite and moves it into the generic TLS test
      suite that is executed for both OpenSSL and NSS.
      
      This patch is largely a code movement, but we had to rewrite parts of
      the test to avoid using OpenSSL specific data-types (such as `X509 *`)
      and replace it with the generic Tor abstraction type
      (`tor_x509_cert_impl_t *`).
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      33e1c2e6
  5. Jul 02, 2020
  6. Jun 30, 2020
  7. Jun 29, 2020
  8. Jun 12, 2020
  9. Jun 05, 2020
  10. Jun 03, 2020
  11. May 30, 2020
  12. May 15, 2020
  13. May 14, 2020
  14. May 06, 2020
Loading