[tor-bugs] #6465 [Tor Relay]: Build abstraction layer around TLS

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Sep 19 19:05:30 UTC 2012


#6465: Build abstraction layer around TLS
-----------------------+----------------------------------------------------
 Reporter:  andrea     |          Owner:  andrea            
     Type:  project    |         Status:  needs_review      
 Priority:  major      |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor Relay  |        Version:  Tor: unspecified  
 Keywords:             |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------

Comment(by nickm):

 Replying to [comment:35 andrea]:
 > Responses to part 4 (points in potential need of further discussion):
 >
 > > The removal of stats_n_vpadding_cells_processed and
 > > stats_n_padding_cells_processed is a little worrisome; those cell
 types are
 > > still real, generic cell types. Must investigate to make sure they're
 still
 > > handled right. I think these probably need to go back in command.c
 >
 > Those ended up in channeltls.c; those are generic enough we should have
 them in
 > command.c, you think?

 I think so.  By the specification, padding cells are part of the Tor
 protocol.

 > > Oh, a subtle point I should have added to the list of stuff I worry
 about:
 > > I worry about making sure that there can be no data on the TLS
 connection
 > > before the handshake, and no data on the TLS connection before the
 VERSIONS
 > > cell. If anything gets sent first, the connection needs to close.
 >
 > See channel_tls_handle_cell() in channeltls.c; we set handshaking =
 > (TO_CONN(conn)->state != OR_CONN_STATE_OPEN), which was the same test
 > used in the old command_process_cell(), and then if we see anything
 other
 > than NETINFO or VERSIONS with that true we kill the connection.

 ok.  There also used to be a DOS issue where you could send a bunch of
 data to bloat a server's buffers and get it ignored while the server was
 waiting for a v2 tls handshake.  But it's unlikely we reintroduced that
 and kept the v3 handshake working too.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6465#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list