[tor-bugs] #4587 [Tor Client]: Bugs in tor_tls_got_client_hello()

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Nov 28 20:44:42 UTC 2011 

#4587: Bugs in tor_tls_got_client_hello()
------------------------+---------------------------------------------------
 Reporter:  Sebastian   |          Owner:                    
     Type:  defect      |         Status:  needs_review      
 Priority:  normal      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by asn):

 OK, I've been doing some tests with `master` plus `0452f34e` plus
 `103d5ef3` plus:
 {{{
 diff --git a/src/common/tortls.c b/src/common/tortls.c
 index b4d81de..8507069 100644
 --- a/src/common/tortls.c
 +++ b/src/common/tortls.c
 @@ -1580,7 +1580,6 @@ tor_tls_set_renegotiate_callbacks(tor_tls_t *tls,
    tls->excess_renegotiations_callback = cb2;
    tls->callback_arg = arg;
    tls->got_renegotiate = 0;
 -  SSL_set_info_callback(tls->ssl, tor_tls_state_changed_callback);
  }

  /** If this version of openssl requires it, turn on renegotiation on
 @@ -1784,7 +1783,6 @@ tor_tls_finish_handshake(tor_tls_t *tls)
  {
    int r = TOR_TLS_DONE;
    if (tls->isServer) {
 -    SSL_set_info_callback(tls->ssl, NULL);
      SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
      /* There doesn't seem to be a clear OpenSSL API to clear mode flags.
 */
      tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
 }}}

 Preliminary testing shows it to work. Bufferevent/non\ bufferevent
 version, successfully rate-limits renegotiations, does not crash with the
 DoS tool [0], and completes v1/v2/v3 handshake.

 I haven't found a way to send two ClientHellos, but I was thinking of
 trying an MS IE version that supports SGC and pointing it to a relay. We
 still '''haven't''' fixed the fact that `server_handshake_count` is
 incorrect (but see comment:12 for an idea that a quick browsing of the
 OpenSSL code seems to support, but I haven't had the time to test it or
 look at the `ssl3_accept()` thoroughly.)

 Please test more before merging anything, and don't be afraid of pulling
 the whole code out of `master` if you don't have enough time.

 [0]:
 I'm stress testing by doing:
 `thc-ssl-dosit() { while :; do (while :; do echo R; done) | openssl
 s_client -msg -connect 127.0.0.1:6666 2>/dev/null; done }`
 and then calling `thc-ssl-dosit`, as suggested in http://www.thc.org/thc-
 ssl-dos/. You can also try the tool itself.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4587#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list