[tor-bugs] #22460 [Core Tor/Tor]: Link handshake trouble: certificates and keys can get out of sync

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 2 11:38:49 UTC 2017


#22460: Link handshake trouble: certificates and keys can get out of sync
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.3.1.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tor-relay certs handshake ed25519    |  Actual Points:  1
  needs-analysis 030-backport 029-backport       |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by asn):

 Review:

 `bug22460_030_01`: Looks good, but I get a bit anxious where we
 conditionally set `s->own_link_cert`, but then we unconditionally use it
 in `connection_or_send_certs_cell()`:
 {{{
 +  if (! started_here && get_current_link_cert_cert()) {
 +    s->own_link_cert = tor_cert_dup(get_current_link_cert_cert());
 +  }
 ...
      add_ed25519_cert(certs_cell,
                       CERTTYPE_ED_SIGN_LINK,
 -                     get_current_link_cert_cert());
 +                     conn->handshake_state->own_link_cert);
 }}}

 Are we sure that there is no chance we will leave `own_link_cert`
 uninitialized? If there is such a chance, should we default to
 `get_current_link_cert_cert()` if `own_link_cert` is unset in
 `connection_or_send_certs_cell()`?

 ----

 `bug22460_case2_029_01`: Seems like `tor_tls_get_peer_cert()` and
 `tor_tls_get_own_cert()` are the same function but with a different log
 message? Am i right, that we did that so that we can mock one function but
 not the other?

 And is it for the same mocking reason we use both functions here, even tho
 the functionality is the same?
 {{{
     if (server) {
       cert = tor_tls_get_own_cert(conn->tls);
     } else {
       cert = tor_tls_get_peer_cert(conn->tls);
     }
 }}}

 I guess the code duplication is a bit naughty here, as well as the name
 similarity between `tor_tls_get_own_cert()` and `tor_tls_get_my_certs()`
 (even tho they do a different thing IIUC). But if this is just for 0.2.9
 then it's probably OK.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22460#comment:34>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list