Check all crypto_rand return values for ntor.

5 files changed, 27 insertions, 14 deletions

diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index f3ecdb5c7e..a4ab65cf4f 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -54,14 +54,15 @@ curve25519_public_key_is_ok(const curve25519_public_key_t *key)
 
 /** Generate a new keypair and return the secret key.  If <b>extra_strong</b>
  * is true, this key is possibly going to get used more than once, so
- * use a better-than-usual RNG. */
-void
+ * use a better-than-usual RNG. Return 0 on success, -1 on failure. */
+int
 curve25519_secret_key_generate(curve25519_secret_key_t *key_out,
                                int extra_strong)
 {
   uint8_t k_tmp[CURVE25519_SECKEY_LEN];
 
-  crypto_rand((char*)key_out->secret_key, CURVE25519_SECKEY_LEN);
+  if (crypto_rand((char*)key_out->secret_key, CURVE25519_SECKEY_LEN) < 0)
+    return -1;
   if (extra_strong && !crypto_strongest_rand(k_tmp, CURVE25519_SECKEY_LEN)) {
     /* If they asked for extra-strong entropy and we have some, use it as an
      * HMAC key to improve not-so-good entopy rather than using it directly,
@@ -74,6 +75,8 @@ curve25519_secret_key_generate(curve25519_secret_key_t *key_out,
   key_out->secret_key[0] &= 248;
   key_out->secret_key[31] &= 127;
   key_out->secret_key[31] |= 64;
+
+  return 0;
 }
 
 void
@@ -85,12 +88,14 @@ curve25519_public_key_generate(curve25519_public_key_t *key_out,
   curve25519_impl(key_out->public_key, seckey->secret_key, basepoint);
 }
 
-void
+int
 curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
                             int extra_strong)
 {
-  curve25519_secret_key_generate(&keypair_out->seckey, extra_strong);
+  if (curve25519_secret_key_generate(&keypair_out->seckey, extra_strong) < 0)
+    return -1;
   curve25519_public_key_generate(&keypair_out->pubkey, &keypair_out->seckey);
+  return 0;
 }
 
 int
diff --git a/src/common/crypto_curve25519.h b/src/common/crypto_curve25519.h
index c43017e355..e768b8c427 100644
--- a/src/common/crypto_curve25519.h
+++ b/src/common/crypto_curve25519.h
@@ -32,12 +32,12 @@ typedef struct curve25519_keypair_t {
 #ifdef CURVE25519_ENABLED
 int curve25519_public_key_is_ok(const curve25519_public_key_t *);
 
-void curve25519_secret_key_generate(curve25519_secret_key_t *key_out,
-                                    int extra_strong);
+int curve25519_secret_key_generate(curve25519_secret_key_t *key_out,
+                                   int extra_strong);
 void curve25519_public_key_generate(curve25519_public_key_t *key_out,
                                     const curve25519_secret_key_t *seckey);
-void curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
-                                 int extra_strong);
+int curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
+                                int extra_strong);
 
 void curve25519_handshake(uint8_t *output,
                           const curve25519_secret_key_t *,
diff --git a/src/or/onion_fast.c b/src/or/onion_fast.c
index eb9eceba88..c1a05233e0 100644
--- a/src/or/onion_fast.c
+++ b/src/or/onion_fast.c
@@ -29,8 +29,11 @@ fast_onionskin_create(fast_handshake_state_t **handshake_state_out,
                       uint8_t *handshake_out)
 {
   fast_handshake_state_t *s;
-  *handshake_state_out = s =tor_malloc(sizeof(fast_handshake_state_t));
-  crypto_rand((char*)s->state, sizeof(s->state));
+  *handshake_state_out = s = tor_malloc(sizeof(fast_handshake_state_t));
+  if (crypto_rand((char*)s->state, sizeof(s->state)) < 0) {
+    tor_free(s);
+    return -1;
+  }
   memcpy(handshake_out, s->state, DIGEST_LEN);
   return 0;
 }
diff --git a/src/or/onion_ntor.c b/src/or/onion_ntor.c
index b601d1ebb1..58ab107f1b 100644
--- a/src/or/onion_ntor.c
+++ b/src/or/onion_ntor.c
@@ -78,7 +78,10 @@ onion_skin_ntor_create(const uint8_t *router_id,
 
   memcpy(state->router_id, router_id, DIGEST_LEN);
   memcpy(&state->pubkey_B, router_key, sizeof(curve25519_public_key_t));
-  curve25519_secret_key_generate(&state->seckey_x, 0);
+  if (curve25519_secret_key_generate(&state->seckey_x, 0) < 0) {
+    tor_free(state);
+    return -1;
+  }
   curve25519_public_key_generate(&state->pubkey_X, &state->seckey_x);
 
   op = onion_skin_out;
diff --git a/src/or/router.c b/src/or/router.c
index 961fd48d1c..cc9702d1ad 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -339,7 +339,8 @@ rotate_onion_key(void)
   tor_free(fname_prev);
   fname = get_datadir_fname2("keys", "secret_onion_key_ntor");
   fname_prev = get_datadir_fname2("keys", "secret_onion_key_ntor.old");
-  curve25519_keypair_generate(&new_curve25519_keypair, 1);
+  if (curve25519_keypair_generate(&new_curve25519_keypair, 1) < 0)
+    goto error;
   if (file_status(fname) == FN_FILE) {
     if (replace_file(fname, fname_prev))
       goto error;
@@ -481,7 +482,8 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
         }
         log_info(LD_GENERAL, "No key found in \"%s\"; generating fresh key.",
                  fname);
-        curve25519_keypair_generate(keys_out, 1);
+        if (curve25519_keypair_generate(keys_out, 1) < 0)
+          goto error;
         if (curve25519_keypair_write_to_file(keys_out, fname, tag)<0) {
           log(severity, LD_FS,
               "Couldn't write generated key to \"%s\".", fname);