Merge remote branch 'public/bug2378' into maint-0.2.2

This commit is contained in:
Nick Mathewson 2011-02-03 13:54:28 -05:00
commit 2fa9ddb958
5 changed files with 20 additions and 13 deletions

8
changes/bug2378 Normal file
View File

@ -0,0 +1,8 @@
o Minor bugfixes
- Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378;
found by "cypherpunks". This bug was introduced before the
first Tor release, in svn commit r110.
o Minor code simplifications and refactorings
- Always treat failure to allocate an RSA key as an unrecoverable
allocation error.

View File

@ -326,17 +326,6 @@ _crypto_new_pk_env_rsa(RSA *rsa)
return env;
}
/** used by tortls.c: wrap the RSA from an evp_pkey in a crypto_pk_env_t.
* returns NULL if this isn't an RSA key. */
crypto_pk_env_t *
_crypto_new_pk_env_evp_pkey(EVP_PKEY *pkey)
{
RSA *rsa;
if (!(rsa = EVP_PKEY_get1_RSA(pkey)))
return NULL;
return _crypto_new_pk_env_rsa(rsa);
}
/** Helper, used by tor-checkkey.c and tor-gencert.c. Return the RSA from a
* crypto_pk_env_t. */
RSA *
@ -390,7 +379,7 @@ crypto_new_pk_env(void)
RSA *rsa;
rsa = RSA_new();
if (!rsa) return NULL;
tor_assert(rsa);
return _crypto_new_pk_env_rsa(rsa);
}
@ -535,6 +524,8 @@ crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
/* Create a read-only memory BIO, backed by the string 's' */
b = BIO_new_mem_buf((char*)s, (int)len);
if (!b)
return -1;
if (env->key)
RSA_free(env->key);
@ -595,6 +586,8 @@ crypto_pk_write_key_to_string_impl(crypto_pk_env_t *env, char **dest,
tor_assert(dest);
b = BIO_new(BIO_s_mem()); /* Create a memory BIO */
if (!b)
return -1;
/* Now you can treat b as if it were a file. Just use the
* PEM_*_bio_* functions instead of the non-bio variants.
@ -662,6 +655,8 @@ crypto_pk_read_public_key_from_string(crypto_pk_env_t *env, const char *src,
tor_assert(len<INT_MAX);
b = BIO_new(BIO_s_mem()); /* Create a memory BIO */
if (!b)
return -1;
BIO_write(b, src, (int)len);

View File

@ -249,7 +249,6 @@ struct evp_pkey_st;
struct dh_st;
struct rsa_st *_crypto_pk_env_get_rsa(crypto_pk_env_t *env);
crypto_pk_env_t *_crypto_new_pk_env_rsa(struct rsa_st *rsa);
crypto_pk_env_t *_crypto_new_pk_env_evp_pkey(struct evp_pkey_st *pkey);
struct evp_pkey_st *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env,
int private);
struct dh_st *_crypto_dh_env_get_dh(crypto_dh_env_t *dh);

View File

@ -808,6 +808,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
goto error;
{
crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS);
tor_assert(dh);
SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh));
crypto_dh_free(dh);
}

View File

@ -259,6 +259,10 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
}
dh = crypto_dh_new(DH_TYPE_CIRCUIT);
if (!dh) {
log_warn(LD_BUG, "Couldn't allocate DH key");
goto err;
}
if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
log_info(LD_GENERAL, "crypto_dh_get_public failed.");
goto err;