mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 14:23:30 +01:00
Merge remote branch 'public/bug2378' into maint-0.2.2
This commit is contained in:
commit
2fa9ddb958
8
changes/bug2378
Normal file
8
changes/bug2378
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
o Minor bugfixes
|
||||||
|
- Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378;
|
||||||
|
found by "cypherpunks". This bug was introduced before the
|
||||||
|
first Tor release, in svn commit r110.
|
||||||
|
|
||||||
|
o Minor code simplifications and refactorings
|
||||||
|
- Always treat failure to allocate an RSA key as an unrecoverable
|
||||||
|
allocation error.
|
@ -326,17 +326,6 @@ _crypto_new_pk_env_rsa(RSA *rsa)
|
|||||||
return env;
|
return env;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** used by tortls.c: wrap the RSA from an evp_pkey in a crypto_pk_env_t.
|
|
||||||
* returns NULL if this isn't an RSA key. */
|
|
||||||
crypto_pk_env_t *
|
|
||||||
_crypto_new_pk_env_evp_pkey(EVP_PKEY *pkey)
|
|
||||||
{
|
|
||||||
RSA *rsa;
|
|
||||||
if (!(rsa = EVP_PKEY_get1_RSA(pkey)))
|
|
||||||
return NULL;
|
|
||||||
return _crypto_new_pk_env_rsa(rsa);
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Helper, used by tor-checkkey.c and tor-gencert.c. Return the RSA from a
|
/** Helper, used by tor-checkkey.c and tor-gencert.c. Return the RSA from a
|
||||||
* crypto_pk_env_t. */
|
* crypto_pk_env_t. */
|
||||||
RSA *
|
RSA *
|
||||||
@ -390,7 +379,7 @@ crypto_new_pk_env(void)
|
|||||||
RSA *rsa;
|
RSA *rsa;
|
||||||
|
|
||||||
rsa = RSA_new();
|
rsa = RSA_new();
|
||||||
if (!rsa) return NULL;
|
tor_assert(rsa);
|
||||||
return _crypto_new_pk_env_rsa(rsa);
|
return _crypto_new_pk_env_rsa(rsa);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -535,6 +524,8 @@ crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
|
|||||||
|
|
||||||
/* Create a read-only memory BIO, backed by the string 's' */
|
/* Create a read-only memory BIO, backed by the string 's' */
|
||||||
b = BIO_new_mem_buf((char*)s, (int)len);
|
b = BIO_new_mem_buf((char*)s, (int)len);
|
||||||
|
if (!b)
|
||||||
|
return -1;
|
||||||
|
|
||||||
if (env->key)
|
if (env->key)
|
||||||
RSA_free(env->key);
|
RSA_free(env->key);
|
||||||
@ -595,6 +586,8 @@ crypto_pk_write_key_to_string_impl(crypto_pk_env_t *env, char **dest,
|
|||||||
tor_assert(dest);
|
tor_assert(dest);
|
||||||
|
|
||||||
b = BIO_new(BIO_s_mem()); /* Create a memory BIO */
|
b = BIO_new(BIO_s_mem()); /* Create a memory BIO */
|
||||||
|
if (!b)
|
||||||
|
return -1;
|
||||||
|
|
||||||
/* Now you can treat b as if it were a file. Just use the
|
/* Now you can treat b as if it were a file. Just use the
|
||||||
* PEM_*_bio_* functions instead of the non-bio variants.
|
* PEM_*_bio_* functions instead of the non-bio variants.
|
||||||
@ -662,6 +655,8 @@ crypto_pk_read_public_key_from_string(crypto_pk_env_t *env, const char *src,
|
|||||||
tor_assert(len<INT_MAX);
|
tor_assert(len<INT_MAX);
|
||||||
|
|
||||||
b = BIO_new(BIO_s_mem()); /* Create a memory BIO */
|
b = BIO_new(BIO_s_mem()); /* Create a memory BIO */
|
||||||
|
if (!b)
|
||||||
|
return -1;
|
||||||
|
|
||||||
BIO_write(b, src, (int)len);
|
BIO_write(b, src, (int)len);
|
||||||
|
|
||||||
|
@ -249,7 +249,6 @@ struct evp_pkey_st;
|
|||||||
struct dh_st;
|
struct dh_st;
|
||||||
struct rsa_st *_crypto_pk_env_get_rsa(crypto_pk_env_t *env);
|
struct rsa_st *_crypto_pk_env_get_rsa(crypto_pk_env_t *env);
|
||||||
crypto_pk_env_t *_crypto_new_pk_env_rsa(struct rsa_st *rsa);
|
crypto_pk_env_t *_crypto_new_pk_env_rsa(struct rsa_st *rsa);
|
||||||
crypto_pk_env_t *_crypto_new_pk_env_evp_pkey(struct evp_pkey_st *pkey);
|
|
||||||
struct evp_pkey_st *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env,
|
struct evp_pkey_st *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env,
|
||||||
int private);
|
int private);
|
||||||
struct dh_st *_crypto_dh_env_get_dh(crypto_dh_env_t *dh);
|
struct dh_st *_crypto_dh_env_get_dh(crypto_dh_env_t *dh);
|
||||||
|
@ -808,6 +808,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
|
|||||||
goto error;
|
goto error;
|
||||||
{
|
{
|
||||||
crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS);
|
crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS);
|
||||||
|
tor_assert(dh);
|
||||||
SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh));
|
SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh));
|
||||||
crypto_dh_free(dh);
|
crypto_dh_free(dh);
|
||||||
}
|
}
|
||||||
|
@ -259,6 +259,10 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
|
|||||||
}
|
}
|
||||||
|
|
||||||
dh = crypto_dh_new(DH_TYPE_CIRCUIT);
|
dh = crypto_dh_new(DH_TYPE_CIRCUIT);
|
||||||
|
if (!dh) {
|
||||||
|
log_warn(LD_BUG, "Couldn't allocate DH key");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
|
if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
|
||||||
log_info(LD_GENERAL, "crypto_dh_get_public failed.");
|
log_info(LD_GENERAL, "crypto_dh_get_public failed.");
|
||||||
goto err;
|
goto err;
|
||||||
|
Loading…
Reference in New Issue
Block a user