commit d3de0b91fb322c00d11857d89a8420af0d466e39 Author: Nick Mathewson <nickm@torproject.org> Date: Tue Dec 25 22:43:01 2012 -0500 Check all crypto_rand return values for ntor. --- src/common/crypto_curve25519.c | 15 ++++++++++----- src/common/crypto_curve25519.h | 8 ++++---- src/or/onion_fast.c | 7 +++++-- src/or/onion_ntor.c | 5 ++++- src/or/router.c | 6 ++++-- 5 files changed, 27 insertions(+), 14 deletions(-) diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c index f3ecdb5..a4ab65c 100644 --- a/src/common/crypto_curve25519.c +++ b/src/common/crypto_curve25519.c @@ -54,14 +54,15 @@ curve25519_public_key_is_ok(const curve25519_public_key_t *key) /** Generate a new keypair and return the secret key. If <b>extra_strong</b> * is true, this key is possibly going to get used more than once, so - * use a better-than-usual RNG. */ -void + * use a better-than-usual RNG. Return 0 on success, -1 on failure. */ +int curve25519_secret_key_generate(curve25519_secret_key_t *key_out, int extra_strong) { uint8_t k_tmp[CURVE25519_SECKEY_LEN]; - crypto_rand((char*)key_out->secret_key, CURVE25519_SECKEY_LEN); + if (crypto_rand((char*)key_out->secret_key, CURVE25519_SECKEY_LEN) < 0) + return -1; if (extra_strong && !crypto_strongest_rand(k_tmp, CURVE25519_SECKEY_LEN)) { /* If they asked for extra-strong entropy and we have some, use it as an * HMAC key to improve not-so-good entopy rather than using it directly, @@ -74,6 +75,8 @@ curve25519_secret_key_generate(curve25519_secret_key_t *key_out, key_out->secret_key[0] &= 248; key_out->secret_key[31] &= 127; key_out->secret_key[31] |= 64; + + return 0; } void @@ -85,12 +88,14 @@ curve25519_public_key_generate(curve25519_public_key_t *key_out, curve25519_impl(key_out->public_key, seckey->secret_key, basepoint); } -void +int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong) { - curve25519_secret_key_generate(&keypair_out->seckey, extra_strong); + if (curve25519_secret_key_generate(&keypair_out->seckey, extra_strong) < 0) + return -1; curve25519_public_key_generate(&keypair_out->pubkey, &keypair_out->seckey); + return 0; } int diff --git a/src/common/crypto_curve25519.h b/src/common/crypto_curve25519.h index c43017e..e768b8c 100644 --- a/src/common/crypto_curve25519.h +++ b/src/common/crypto_curve25519.h @@ -32,12 +32,12 @@ typedef struct curve25519_keypair_t { #ifdef CURVE25519_ENABLED int curve25519_public_key_is_ok(const curve25519_public_key_t *); -void curve25519_secret_key_generate(curve25519_secret_key_t *key_out, - int extra_strong); +int curve25519_secret_key_generate(curve25519_secret_key_t *key_out, + int extra_strong); void curve25519_public_key_generate(curve25519_public_key_t *key_out, const curve25519_secret_key_t *seckey); -void curve25519_keypair_generate(curve25519_keypair_t *keypair_out, - int extra_strong); +int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, + int extra_strong); void curve25519_handshake(uint8_t *output, const curve25519_secret_key_t *, diff --git a/src/or/onion_fast.c b/src/or/onion_fast.c index eb9eceb..c1a0523 100644 --- a/src/or/onion_fast.c +++ b/src/or/onion_fast.c @@ -29,8 +29,11 @@ fast_onionskin_create(fast_handshake_state_t **handshake_state_out, uint8_t *handshake_out) { fast_handshake_state_t *s; - *handshake_state_out = s =tor_malloc(sizeof(fast_handshake_state_t)); - crypto_rand((char*)s->state, sizeof(s->state)); + *handshake_state_out = s = tor_malloc(sizeof(fast_handshake_state_t)); + if (crypto_rand((char*)s->state, sizeof(s->state)) < 0) { + tor_free(s); + return -1; + } memcpy(handshake_out, s->state, DIGEST_LEN); return 0; } diff --git a/src/or/onion_ntor.c b/src/or/onion_ntor.c index b601d1e..58ab107 100644 --- a/src/or/onion_ntor.c +++ b/src/or/onion_ntor.c @@ -78,7 +78,10 @@ onion_skin_ntor_create(const uint8_t *router_id, memcpy(state->router_id, router_id, DIGEST_LEN); memcpy(&state->pubkey_B, router_key, sizeof(curve25519_public_key_t)); - curve25519_secret_key_generate(&state->seckey_x, 0); + if (curve25519_secret_key_generate(&state->seckey_x, 0) < 0) { + tor_free(state); + return -1; + } curve25519_public_key_generate(&state->pubkey_X, &state->seckey_x); op = onion_skin_out; diff --git a/src/or/router.c b/src/or/router.c index 961fd48..cc9702d 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -339,7 +339,8 @@ rotate_onion_key(void) tor_free(fname_prev); fname = get_datadir_fname2("keys", "secret_onion_key_ntor"); fname_prev = get_datadir_fname2("keys", "secret_onion_key_ntor.old"); - curve25519_keypair_generate(&new_curve25519_keypair, 1); + if (curve25519_keypair_generate(&new_curve25519_keypair, 1) < 0) + goto error; if (file_status(fname) == FN_FILE) { if (replace_file(fname, fname_prev)) goto error; @@ -481,7 +482,8 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out, } log_info(LD_GENERAL, "No key found in \"%s\"; generating fresh key.", fname); - curve25519_keypair_generate(keys_out, 1); + if (curve25519_keypair_generate(keys_out, 1) < 0) + goto error; if (curve25519_keypair_write_to_file(keys_out, fname, tag)<0) { log(severity, LD_FS, "Couldn't write generated key to \"%s\".", fname);