[tor-bugs] #2927 [Tor Relay]: Tor doesn't overwrite rotated keys
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Apr 15 20:04:58 UTC 2011
#2927: Tor doesn't overwrite rotated keys
-----------------------+----------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by cypherpunks):
{{{
/** A public key, or a public/private key-pair. */
struct crypto_pk_env_t
{
int refs; /* reference counting so we don't have to copy keys */
RSA *key;
};
}}}
{{{
crypto_free_pk_env(crypto_pk_env_t *env)
{
tor_assert(env);
if (--env->refs > 0)
return;
if (env->key)
RSA_free(env->key);
tor_free(env);
}
}}}
{{{
void RSA_free(RSA *r)
{
...
if (r->d != NULL) BN_clear_free(r->d);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
if (r->iqmp != NULL) BN_clear_free(r->iqmp);
...
}}}
{{{
void BN_clear_free(BIGNUM *a)
{
int i;
if (a == NULL) return;
bn_check_top(a);
if (a->d != NULL)
{
OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
OPENSSL_free(a->d);
}
i=BN_get_flags(a,BN_FLG_MALLOCED);
OPENSSL_cleanse(a,sizeof(BIGNUM));
if (i)
OPENSSL_free(a);
}
}}}
{{{
void OPENSSL_cleanse(void *ptr, size_t len)
{
unsigned char *p = ptr;
size_t loop = len, ctr = cleanse_ctr;
while(loop--)
{
*(p++) = (unsigned char)ctr;
ctr += (17 + ((size_t)p & 0xF));
}
p=memchr(ptr, (unsigned char)ctr, len);
if(p)
ctr += (63 + (size_t)p);
cleanse_ctr = (unsigned char)ctr;
}
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2927#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list