[tor-commits] [tor/release-0.2.9] On v3 link handshake, send the correct link certificate

nickm at torproject.org nickm at torproject.org
Mon Jun 5 19:52:53 UTC 2017 

commit 50facb40bb42e070b858ca052edccd0f3a5b83b5
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed May 31 19:12:32 2017 -0400

    On v3 link handshake, send the correct link certificate
    
    Previously we'd send the _current_ link certificate, which would
    cause a handshaking failure when the TLS context rotated.
---
 src/common/tortls.c    | 18 ++++++++++++++++++
 src/common/tortls.h    |  1 +
 src/or/connection_or.c | 30 ++++++++++++++++++------------
 3 files changed, 37 insertions(+), 12 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 62ed5be..055b468 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -2021,6 +2021,24 @@ tor_tls_get_peer_cert,(tor_tls_t *tls))
   return tor_x509_cert_new(cert);
 }
 
+/** Return the cerficate we used on the connection, or NULL if somehow
+ * we didn't use one. */
+tor_x509_cert_t *
+tor_tls_get_own_cert(tor_tls_t *tls)
+{
+  X509 *cert = SSL_get_certificate(tls->ssl);
+  tls_log_errors(tls, LOG_WARN, LD_HANDSHAKE,
+                 "getting own-connection certificate");
+  if (!cert)
+    return NULL;
+  /* Fun inconsistency: SSL_get_peer_certificate increments the reference
+   * count, but SSL_get_certificate does not. */
+  X509 *duplicate = X509_dup(cert);
+  if (BUG(duplicate == NULL))
+    return NULL;
+  return tor_x509_cert_new(duplicate);
+}
+
 /** Warn that a certificate lifetime extends through a certain range. */
 static void
 log_cert_lifetime(int severity, const X509 *cert, const char *problem)
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 7c035a2..ae11b7a 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -198,6 +198,7 @@ int tor_tls_is_server(tor_tls_t *tls);
 void tor_tls_free(tor_tls_t *tls);
 int tor_tls_peer_has_cert(tor_tls_t *tls);
 MOCK_DECL(tor_x509_cert_t *,tor_tls_get_peer_cert,(tor_tls_t *tls));
+tor_x509_cert_t *tor_tls_get_own_cert(tor_tls_t *tls);
 int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
 int tor_tls_check_lifetime(int severity,
                            tor_tls_t *tls, int past_tolerance,
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 267c32d..3b35d5e 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2137,7 +2137,9 @@ connection_or_send_netinfo,(or_connection_t *conn))
 int
 connection_or_send_certs_cell(or_connection_t *conn)
 {
-  const tor_x509_cert_t *link_cert = NULL, *id_cert = NULL;
+  const tor_x509_cert_t *global_link_cert = NULL, *id_cert = NULL,
+    *using_link_cert = NULL;
+  tor_x509_cert_t *own_link_cert = NULL;
   const uint8_t *link_encoded = NULL, *id_encoded = NULL;
   size_t link_len, id_len;
   var_cell_t *cell;
@@ -2149,9 +2151,15 @@ connection_or_send_certs_cell(or_connection_t *conn)
   if (! conn->handshake_state)
     return -1;
   const int conn_in_server_mode = ! conn->handshake_state->started_here;
-  if (tor_tls_get_my_certs(conn_in_server_mode, &link_cert, &id_cert) < 0)
+  if (tor_tls_get_my_certs(conn_in_server_mode,
+                           &global_link_cert, &id_cert) < 0)
     return -1;
-  tor_x509_cert_get_der(link_cert, &link_encoded, &link_len);
+  if (conn_in_server_mode) {
+    using_link_cert = own_link_cert = tor_tls_get_own_cert(conn->tls);
+  } else {
+    using_link_cert = global_link_cert;
+  }
+  tor_x509_cert_get_der(using_link_cert, &link_encoded, &link_len);
   tor_x509_cert_get_der(id_cert, &id_encoded, &id_len);
 
   cell_len = 1 /* 1 byte: num certs in cell */ +
@@ -2179,6 +2187,7 @@ connection_or_send_certs_cell(or_connection_t *conn)
 
   connection_or_write_var_cell_to_buf(cell, conn);
   var_cell_free(cell);
+  tor_x509_cert_free(own_link_cert);
 
   return 0;
 }
@@ -2258,10 +2267,10 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
   memcpy(auth1_getarray_type(auth), "AUTH0001", 8);
 
   {
-    const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL;
+    const tor_x509_cert_t *id_cert=NULL;
     const common_digests_t *my_digests, *their_digests;
     const uint8_t *my_id, *their_id, *client_id, *server_id;
-    if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
+    if (tor_tls_get_my_certs(server, NULL, &id_cert))
       goto err;
     my_digests = tor_x509_cert_get_id_digests(id_cert);
     their_digests =
@@ -2300,13 +2309,11 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
 
   {
     /* Digest of cert used on TLS link : 32 octets. */
-    const tor_x509_cert_t *cert = NULL;
-    tor_x509_cert_t *freecert = NULL;
+    tor_x509_cert_t *cert = NULL;
     if (server) {
-      tor_tls_get_my_certs(1, &cert, NULL);
+      cert = tor_tls_get_own_cert(conn->tls);
     } else {
-      freecert = tor_tls_get_peer_cert(conn->tls);
-      cert = freecert;
+      cert = tor_tls_get_peer_cert(conn->tls);
     }
     if (!cert) {
       log_warn(LD_OR, "Unable to find cert when making AUTH1 data.");
@@ -2316,8 +2323,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
     memcpy(auth->scert,
            tor_x509_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32);
 
-    if (freecert)
-      tor_x509_cert_free(freecert);
+    tor_x509_cert_free(cert);
   }
 
   /* HMAC of clientrandom and serverrandom using master key : 32 octets */

More information about the tor-commits mailing list