commit b1b8f7982ebac1347a86d5eb9eee8e5f3bd3d39c Author: teor (Tim Wilson-Brown) teor2345@gmail.com Date: Mon Nov 23 20:53:59 2015 +1100

Check the return value of HMAC in crypto.c and assert on error

Fixes bug #17658; bugfix on commit in fdbb9cdf746b (11 Oct 2011) in tor version 0.2.3.5-alpha-dev. --- changes/check-crypto-errors | 5 +++++ src/common/crypto.c | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/changes/check-crypto-errors b/changes/check-crypto-errors new file mode 100644 index 0000000..e41862c --- /dev/null +++ b/changes/check-crypto-errors @@ -0,0 +1,5 @@ + o Minor bugfix (crypto): + - Check the return value of HMAC and assert on failure. + Fixes bug #17658; bugfix on commit in fdbb9cdf746b (11 Oct 2011) + in tor version 0.2.3.5-alpha-dev. + Patch by "teor". diff --git a/src/common/crypto.c b/src/common/crypto.c index 913d1c2..86357b0 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1906,11 +1906,14 @@ crypto_hmac_sha256(char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len) { + unsigned char *rv = NULL; /* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */ tor_assert(key_len < INT_MAX); tor_assert(msg_len < INT_MAX); - HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len, - (unsigned char*)hmac_out, NULL); + tor_assert(hmac_out); + rv = HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len, + (unsigned char*)hmac_out, NULL); + tor_assert(rv); }

/* DH */