[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Check all crypto_rand return values for ntor.
commit d3de0b91fb322c00d11857d89a8420af0d466e39
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Tue Dec 25 22:43:01 2012 -0500
Check all crypto_rand return values for ntor.
---
src/common/crypto_curve25519.c | 15 ++++++++++-----
src/common/crypto_curve25519.h | 8 ++++----
src/or/onion_fast.c | 7 +++++--
src/or/onion_ntor.c | 5 ++++-
src/or/router.c | 6 ++++--
5 files changed, 27 insertions(+), 14 deletions(-)
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index f3ecdb5..a4ab65c 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -54,14 +54,15 @@ curve25519_public_key_is_ok(const curve25519_public_key_t *key)
/** Generate a new keypair and return the secret key. If <b>extra_strong</b>
* is true, this key is possibly going to get used more than once, so
- * use a better-than-usual RNG. */
-void
+ * use a better-than-usual RNG. Return 0 on success, -1 on failure. */
+int
curve25519_secret_key_generate(curve25519_secret_key_t *key_out,
int extra_strong)
{
uint8_t k_tmp[CURVE25519_SECKEY_LEN];
- crypto_rand((char*)key_out->secret_key, CURVE25519_SECKEY_LEN);
+ if (crypto_rand((char*)key_out->secret_key, CURVE25519_SECKEY_LEN) < 0)
+ return -1;
if (extra_strong && !crypto_strongest_rand(k_tmp, CURVE25519_SECKEY_LEN)) {
/* If they asked for extra-strong entropy and we have some, use it as an
* HMAC key to improve not-so-good entopy rather than using it directly,
@@ -74,6 +75,8 @@ curve25519_secret_key_generate(curve25519_secret_key_t *key_out,
key_out->secret_key[0] &= 248;
key_out->secret_key[31] &= 127;
key_out->secret_key[31] |= 64;
+
+ return 0;
}
void
@@ -85,12 +88,14 @@ curve25519_public_key_generate(curve25519_public_key_t *key_out,
curve25519_impl(key_out->public_key, seckey->secret_key, basepoint);
}
-void
+int
curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
int extra_strong)
{
- curve25519_secret_key_generate(&keypair_out->seckey, extra_strong);
+ if (curve25519_secret_key_generate(&keypair_out->seckey, extra_strong) < 0)
+ return -1;
curve25519_public_key_generate(&keypair_out->pubkey, &keypair_out->seckey);
+ return 0;
}
int
diff --git a/src/common/crypto_curve25519.h b/src/common/crypto_curve25519.h
index c43017e..e768b8c 100644
--- a/src/common/crypto_curve25519.h
+++ b/src/common/crypto_curve25519.h
@@ -32,12 +32,12 @@ typedef struct curve25519_keypair_t {
#ifdef CURVE25519_ENABLED
int curve25519_public_key_is_ok(const curve25519_public_key_t *);
-void curve25519_secret_key_generate(curve25519_secret_key_t *key_out,
- int extra_strong);
+int curve25519_secret_key_generate(curve25519_secret_key_t *key_out,
+ int extra_strong);
void curve25519_public_key_generate(curve25519_public_key_t *key_out,
const curve25519_secret_key_t *seckey);
-void curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
- int extra_strong);
+int curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
+ int extra_strong);
void curve25519_handshake(uint8_t *output,
const curve25519_secret_key_t *,
diff --git a/src/or/onion_fast.c b/src/or/onion_fast.c
index eb9eceb..c1a0523 100644
--- a/src/or/onion_fast.c
+++ b/src/or/onion_fast.c
@@ -29,8 +29,11 @@ fast_onionskin_create(fast_handshake_state_t **handshake_state_out,
uint8_t *handshake_out)
{
fast_handshake_state_t *s;
- *handshake_state_out = s =tor_malloc(sizeof(fast_handshake_state_t));
- crypto_rand((char*)s->state, sizeof(s->state));
+ *handshake_state_out = s = tor_malloc(sizeof(fast_handshake_state_t));
+ if (crypto_rand((char*)s->state, sizeof(s->state)) < 0) {
+ tor_free(s);
+ return -1;
+ }
memcpy(handshake_out, s->state, DIGEST_LEN);
return 0;
}
diff --git a/src/or/onion_ntor.c b/src/or/onion_ntor.c
index b601d1e..58ab107 100644
--- a/src/or/onion_ntor.c
+++ b/src/or/onion_ntor.c
@@ -78,7 +78,10 @@ onion_skin_ntor_create(const uint8_t *router_id,
memcpy(state->router_id, router_id, DIGEST_LEN);
memcpy(&state->pubkey_B, router_key, sizeof(curve25519_public_key_t));
- curve25519_secret_key_generate(&state->seckey_x, 0);
+ if (curve25519_secret_key_generate(&state->seckey_x, 0) < 0) {
+ tor_free(state);
+ return -1;
+ }
curve25519_public_key_generate(&state->pubkey_X, &state->seckey_x);
op = onion_skin_out;
diff --git a/src/or/router.c b/src/or/router.c
index 961fd48..cc9702d 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -339,7 +339,8 @@ rotate_onion_key(void)
tor_free(fname_prev);
fname = get_datadir_fname2("keys", "secret_onion_key_ntor");
fname_prev = get_datadir_fname2("keys", "secret_onion_key_ntor.old");
- curve25519_keypair_generate(&new_curve25519_keypair, 1);
+ if (curve25519_keypair_generate(&new_curve25519_keypair, 1) < 0)
+ goto error;
if (file_status(fname) == FN_FILE) {
if (replace_file(fname, fname_prev))
goto error;
@@ -481,7 +482,8 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
}
log_info(LD_GENERAL, "No key found in \"%s\"; generating fresh key.",
fname);
- curve25519_keypair_generate(keys_out, 1);
+ if (curve25519_keypair_generate(keys_out, 1) < 0)
+ goto error;
if (curve25519_keypair_write_to_file(keys_out, fname, tag)<0) {
log(severity, LD_FS,
"Couldn't write generated key to \"%s\".", fname);
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits