From: Nick Mathewson Date: Tue, 14 Jun 2016 16:17:24 +0000 (-0400) Subject: Merge branch 'maint-0.2.8' X-Git-Tag: tor-0.2.9.1-alpha~173 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=df4fa92a88dbeadcc85ea28ac52af006e9e1466a;p=thirdparty%2Ftor.git Merge branch 'maint-0.2.8' --- df4fa92a88dbeadcc85ea28ac52af006e9e1466a diff --cc src/common/crypto.c index 76e262e257,614f9b5de9..4df674bee6 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@@ -2311,17 -2387,27 +2396,32 @@@ crypto_dh_get_bytes(crypto_dh_t *dh int crypto_dh_generate_public(crypto_dh_t *dh) { + #ifndef OPENSSL_1_1_API again: + #endif if (!DH_generate_key(dh->dh)) { + /* LCOV_EXCL_START + * To test this we would need some way to tell openssl to break DH. */ crypto_log_errors(LOG_WARN, "generating DH key"); return -1; + /* LCOV_EXCL_STOP */ } + #ifdef OPENSSL_1_1_API + /* OpenSSL 1.1.x doesn't appear to let you regenerate a DH key, without + * recreating the DH object. I have no idea what sort of aliasing madness + * can occur here, so do the check, and just bail on failure. + */ + BIGNUM *pub_key, *priv_key; + DH_get0_key(dh->dh, &pub_key, &priv_key); + if (tor_check_dh_key(LOG_WARN, pub_key)<0) { + log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid. I guess once-in-" + "the-universe chances really do happen. Treating as a failure."); + return -1; + } + #else if (tor_check_dh_key(LOG_WARN, dh->dh->pub_key)<0) { + /* LCOV_EXCL_START + * If this happens, then openssl's DH implementation is busted. */ log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid. I guess once-in-" "the-universe chances really do happen. Trying again."); /* Free and clear the keys, so OpenSSL will actually try again. */ @@@ -2329,8 -2415,8 +2429,9 @@@ BN_clear_free(dh->dh->priv_key); dh->dh->pub_key = dh->dh->priv_key = NULL; goto again; + /* LCOV_EXCL_STOP */ } + #endif return 0; }