[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2927 [Tor Relay]: Tor doesn't overwrite rotated keys



#2927: Tor doesn't overwrite rotated keys
-----------------------+----------------------------------------------------
 Reporter:  asn        |          Owner:     
     Type:  defect     |         Status:  new
 Priority:  normal     |      Milestone:     
Component:  Tor Relay  |        Version:     
 Keywords:             |         Parent:     
   Points:             |   Actualpoints:     
-----------------------+----------------------------------------------------

Comment(by cypherpunks):

 {{{
 /** A public key, or a public/private key-pair. */
 struct crypto_pk_env_t
 {
   int refs; /* reference counting so we don't have to copy keys */
   RSA *key;
 };
 }}}
 {{{
 crypto_free_pk_env(crypto_pk_env_t *env)
 {
   tor_assert(env);

   if (--env->refs > 0)
     return;

   if (env->key)
     RSA_free(env->key);

   tor_free(env);
 }
 }}}
 {{{
 void RSA_free(RSA *r)
         {
 ...
         if (r->d != NULL) BN_clear_free(r->d);
         if (r->p != NULL) BN_clear_free(r->p);
         if (r->q != NULL) BN_clear_free(r->q);
         if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
         if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
         if (r->iqmp != NULL) BN_clear_free(r->iqmp);
 ...
 }}}
 {{{
 void BN_clear_free(BIGNUM *a)
         {
         int i;

         if (a == NULL) return;
         bn_check_top(a);
         if (a->d != NULL)
                 {
                 OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
                 if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
                         OPENSSL_free(a->d);
                 }
         i=BN_get_flags(a,BN_FLG_MALLOCED);
         OPENSSL_cleanse(a,sizeof(BIGNUM));
         if (i)
                 OPENSSL_free(a);
         }
 }}}
 {{{
 void OPENSSL_cleanse(void *ptr, size_t len)
         {
         unsigned char *p = ptr;
         size_t loop = len, ctr = cleanse_ctr;
         while(loop--)
                 {
                 *(p++) = (unsigned char)ctr;
                 ctr += (17 + ((size_t)p & 0xF));
                 }
         p=memchr(ptr, (unsigned char)ctr, len);
         if(p)
                 ctr += (63 + (size_t)p);
         cleanse_ctr = (unsigned char)ctr;
         }
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2927#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs