diff --git a/changes/trove-2017-011 b/changes/trove-2017-011
new file mode 100644
index 0000000000..82d20d9e78
--- /dev/null
+++ b/changes/trove-2017-011
@@ -0,0 +1,8 @@
+ o Major bugfixes (security):
+ - Fix a denial of service bug where an attacker could use a malformed
+ directory object to cause a Tor instance to pause while OpenSSL would
+ try to read a passphrase from the terminal. (If the terminal was not
+ available, tor would continue running.) Fixes bug 24246; bugfix on
+ every version of Tor. Also tracked as TROVE-2017-011 and
+ CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
+
diff --git a/src/common/crypto.c b/src/common/crypto.c
index f7362765d2..8d816652d3 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -592,11 +592,21 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
return 0;
}
+/** A PEM callback that always reports a failure to get a password */
+static int
+pem_no_password_cb(char *buf, int size, int rwflag, void *u)
+{
+ (void)buf;
+ (void)size;
+ (void)rwflag;
+ (void)u;
+ return 0;
+}
+
/** Read a PEM-encoded private key from the len-byte string s
* into env. Return 0 on success, -1 on failure. If len is -1,
* the string is nul-terminated.
*/
-/* Used here, and used for testing. */
int
crypto_pk_read_private_key_from_string(crypto_pk_t *env,
const char *s, ssize_t len)
@@ -615,7 +625,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env,
if (env->key)
RSA_free(env->key);
- env->key = PEM_read_bio_RSAPrivateKey(b,NULL,NULL,NULL);
+ env->key = PEM_read_bio_RSAPrivateKey(b,NULL,pem_no_password_cb,NULL);
BIO_free(b);
@@ -747,7 +757,7 @@ crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src,
if (env->key)
RSA_free(env->key);
- env->key = PEM_read_bio_RSAPublicKey(b, NULL, NULL, NULL);
+ env->key = PEM_read_bio_RSAPublicKey(b, NULL, pem_no_password_cb, NULL);
BIO_free(b);
if (!env->key) {
crypto_log_errors(LOG_WARN, "reading public key from string");