[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Merge branch 'maint-0.2.8'

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] Merge branch 'maint-0.2.8'
From: nickm@xxxxxxxxxxxxxx
Date: Tue, 14 Jun 2016 16:22:58 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 14 Jun 2016 12:23:38 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit df4fa92a88dbeadcc85ea28ac52af006e9e1466a
Merge: a427a7c 71aacbe
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Tue Jun 14 12:17:24 2016 -0400

    Merge branch 'maint-0.2.8'

 changes/bug19406         |   4 ++
 src/common/crypto.c      | 182 ++++++++++++++++++++++++++++++++++++++---------
 src/common/tortls.c      |   6 ++
 src/test/test_tortls.c   |   6 +-
 src/tools/tor-checkkey.c |  11 ++-
 src/tools/tor-gencert.c  |  22 ++++++
 6 files changed, 195 insertions(+), 36 deletions(-)

diff --cc src/common/crypto.c
index 76e262e,614f9b5..4df674b
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@@ -2311,17 -2387,27 +2396,32 @@@ crypto_dh_get_bytes(crypto_dh_t *dh
  int
  crypto_dh_generate_public(crypto_dh_t *dh)
  {
+ #ifndef OPENSSL_1_1_API
   again:
+ #endif
    if (!DH_generate_key(dh->dh)) {
 +    /* LCOV_EXCL_START
 +     * To test this we would need some way to tell openssl to break DH. */
      crypto_log_errors(LOG_WARN, "generating DH key");
      return -1;
 +    /* LCOV_EXCL_STOP */
    }
+ #ifdef OPENSSL_1_1_API
+   /* OpenSSL 1.1.x doesn't appear to let you regenerate a DH key, without
+    * recreating the DH object.  I have no idea what sort of aliasing madness
+    * can occur here, so do the check, and just bail on failure.
+    */
+   BIGNUM *pub_key, *priv_key;
+   DH_get0_key(dh->dh, &pub_key, &priv_key);
+   if (tor_check_dh_key(LOG_WARN, pub_key)<0) {
+     log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid.  I guess once-in-"
+              "the-universe chances really do happen.  Treating as a failure.");
+     return -1;
+   }
+ #else
    if (tor_check_dh_key(LOG_WARN, dh->dh->pub_key)<0) {
 +    /* LCOV_EXCL_START
 +     * If this happens, then openssl's DH implementation is busted. */
      log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid.  I guess once-in-"
               "the-universe chances really do happen.  Trying again.");
      /* Free and clear the keys, so OpenSSL will actually try again. */
@@@ -2329,8 -2415,8 +2429,9 @@@
      BN_clear_free(dh->dh->priv_key);
      dh->dh->pub_key = dh->dh->priv_key = NULL;
      goto again;
 +    /* LCOV_EXCL_STOP */
    }
+ #endif
    return 0;
  }
  



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] Bug 19406: Add a changes file.
Next by Author: [tor-commits] [tor/master] Bug 19406: OpenSSL made RSA and DH opaque in 1.1.0.
Previous by thread: [tor-commits] [tor/master] Merge branch 'maint-0.2.8'
Next by thread: [tor-commits] [tor/master] Merge branch 'maint-0.2.8'
Index(es):
- Author
- Thread