[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/maint-0.2.1] Disable SSLv3 when using a not-up-to-date openssl

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/maint-0.2.1] Disable SSLv3 when using a not-up-to-date openssl
From: nickm@xxxxxxxxxxxxxx
Date: Thu, 5 Jan 2012 19:13:04 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 05 Jan 2012 14:13:34 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: code repository commits <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx

commit db78fe45898a6d03727f8db68642bfebdfc10bf8
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Wed Jan 4 17:15:50 2012 -0500

    Disable SSLv3 when using a not-up-to-date openssl
    
    This is to address bug 4822, and CVE-2011-4576.
---
 src/common/tortls.c |   31 ++++++++++++++++++++++++++++---
 1 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index cc805f8..22b0e31 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -64,6 +64,16 @@
 
 #define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer")
 
+#if (OPENSSL_VERSION_NUMBER  <  0x0090813fL ||    \
+     (OPENSSL_VERSION_NUMBER >= 0x00909000L &&    \
+      OPENSSL_VERSION_NUMBER <  0x1000006fL))
+/* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have
+ * the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and
+ * SSL3 safely at the same time.
+ */
+#define DISABLE_SSL3_HANDSHAKE
+#endif
+
 /* We redefine these so that we can run correctly even if the vendor gives us
  * a version of OpenSSL that does not match its header files.  (Apple: I am
  * looking at you.)
@@ -739,16 +749,31 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
     result->key = crypto_pk_dup_key(rsa);
   }
 
-#ifdef EVERYONE_HAS_AES
-  /* Tell OpenSSL to only use TLS1 */
+#if 0
+  /* Tell OpenSSL to only use TLS1. This would actually break compatibility
+   * with clients that are configured to use SSLv23_method(), so we should
+   * probably never use it.
+   */
   if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
     goto error;
-#else
+#endif
+
   /* Tell OpenSSL to use SSL3 or TLS1 but not SSL2. */
   if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
     goto error;
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
+
+  if (
+#ifdef DISABLE_SSL3_HANDSHAKE
+      1 ||
 #endif
+      SSLeay()  <  0x0090813fL ||
+      (SSLeay() >= 0x00909000L &&
+       SSLeay() <  0x1000006fL)) {
+    /* And not SSL3 if it's subject to CVE-2011-4657. */
+    SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
+  }
+
   SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
 
 #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/maint-0.2.1] Merge branch 'bug4822_021_v2_squashed' into maint-0.2.1
Next by Author: [tor-commits] [tor/maint-0.2.2] Disable SSLv3 when using a not-up-to-date openssl
Previous by thread: [tor-commits] [tor/maint-0.2.1] Merge branch 'bug4822_021_v2_squashed' into maint-0.2.1
Next by thread: [tor-commits] [tor/maint-0.2.2] Disable SSLv3 when using a not-up-to-date openssl
Index(es):
- Author
- Thread