Fix TROVE-2023-004: Remote crash when compiled against OpenSSL (7aa496a2) · Commits · The Tor Project / Core / Tor

changes/ticket40874

0 → 100644

+3 −0

Original line number	Diff line number	Diff line
		o Major bugfixes (TROVE-2023-004, relay):
		- Mitigate an issue when Tor compiled with OpenSSL can crash during
		handshake with a remote relay. Fixes bug 40874; bugfix on 0.2.7.2-alpha.

+1 −0

Original line number	Diff line number	Diff line
		@@ -414,6 +414,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
		log_fn(LOG_PROTOCOL_WARN, LD_OR, "Somebody asked us for an older TLS "
		"authentication method (AUTHTYPE_RSA_SHA256_TLSSECRET) "
		"which we don't support.");
		goto err;
		}
		} else {
		char label[128];

+29 −3

Original line number	Diff line number	Diff line
		@@ -1649,9 +1649,35 @@ tor_tls_get_tlssecrets,(tor_tls_t tls, uint8_t secrets_out))
		const size_t client_random_len = SSL_get_client_random(ssl, NULL, 0);
		const size_t master_key_len = SSL_SESSION_get_master_key(session, NULL, 0);

		tor_assert(server_random_len);
		tor_assert(client_random_len);
		tor_assert(master_key_len);
		if (BUG(! server_random_len)) {
		log_warn(LD_NET, "Missing server randomness after handshake "
		"using %s (cipher: %s, server: %s) from %s",
		SSL_get_version(ssl),
		SSL_get_cipher_name(ssl),
		tls->isServer ? "true" : "false",
		ADDR(tls));
		return -1;
		}

		if (BUG(! client_random_len)) {
		log_warn(LD_NET, "Missing client randomness after handshake "
		"using %s (cipher: %s, server: %s) from %s",
		SSL_get_version(ssl),
		SSL_get_cipher_name(ssl),
		tls->isServer ? "true" : "false",
		ADDR(tls));
		return -1;
		}

		if (BUG(! master_key_len)) {
		log_warn(LD_NET, "Missing master key after handshake "
		"using %s (cipher: %s, server: %s) from %s",
		SSL_get_version(ssl),
		SSL_get_cipher_name(ssl),
		tls->isServer ? "true" : "false",
		ADDR(tls));
		return -1;
		}

		len = client_random_len + server_random_len + strlen(TLSSECRET_MAGIC) + 1;
		tor_assert(len <= sizeof(buf));