diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-12-25 22:43:01 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-01-03 11:29:49 -0500 |
| commit | d3de0b91fb322c00d11857d89a8420af0d466e39 (patch) | |
| tree | 1c33f8f2126db0ede938cbff1d5a111640cf167d /src/common | |
| parent | 94cb7bd24d2ffda9038c267b3ee0837dd64ec903 (diff) | |
| download | tor-d3de0b91fb322c00d11857d89a8420af0d466e39.tar.gz tor-d3de0b91fb322c00d11857d89a8420af0d466e39.zip | |
Check all crypto_rand return values for ntor.
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/crypto_curve25519.c | 15 | ||||
| -rw-r--r-- | src/common/crypto_curve25519.h | 8 |
2 files changed, 14 insertions, 9 deletions
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c index f3ecdb5c7e..a4ab65cf4f 100644 --- a/src/common/crypto_curve25519.c +++ b/src/common/crypto_curve25519.c @@ -54,14 +54,15 @@ curve25519_public_key_is_ok(const curve25519_public_key_t *key) /** Generate a new keypair and return the secret key. If <b>extra_strong</b> * is true, this key is possibly going to get used more than once, so - * use a better-than-usual RNG. */ -void + * use a better-than-usual RNG. Return 0 on success, -1 on failure. */ +int curve25519_secret_key_generate(curve25519_secret_key_t *key_out, int extra_strong) { uint8_t k_tmp[CURVE25519_SECKEY_LEN]; - crypto_rand((char*)key_out->secret_key, CURVE25519_SECKEY_LEN); + if (crypto_rand((char*)key_out->secret_key, CURVE25519_SECKEY_LEN) < 0) + return -1; if (extra_strong && !crypto_strongest_rand(k_tmp, CURVE25519_SECKEY_LEN)) { /* If they asked for extra-strong entropy and we have some, use it as an * HMAC key to improve not-so-good entopy rather than using it directly, @@ -74,6 +75,8 @@ curve25519_secret_key_generate(curve25519_secret_key_t *key_out, key_out->secret_key[0] &= 248; key_out->secret_key[31] &= 127; key_out->secret_key[31] |= 64; + + return 0; } void @@ -85,12 +88,14 @@ curve25519_public_key_generate(curve25519_public_key_t *key_out, curve25519_impl(key_out->public_key, seckey->secret_key, basepoint); } -void +int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong) { - curve25519_secret_key_generate(&keypair_out->seckey, extra_strong); + if (curve25519_secret_key_generate(&keypair_out->seckey, extra_strong) < 0) + return -1; curve25519_public_key_generate(&keypair_out->pubkey, &keypair_out->seckey); + return 0; } int diff --git a/src/common/crypto_curve25519.h b/src/common/crypto_curve25519.h index c43017e355..e768b8c427 100644 --- a/src/common/crypto_curve25519.h +++ b/src/common/crypto_curve25519.h @@ -32,12 +32,12 @@ typedef struct curve25519_keypair_t { #ifdef CURVE25519_ENABLED int curve25519_public_key_is_ok(const curve25519_public_key_t *); -void curve25519_secret_key_generate(curve25519_secret_key_t *key_out, - int extra_strong); +int curve25519_secret_key_generate(curve25519_secret_key_t *key_out, + int extra_strong); void curve25519_public_key_generate(curve25519_public_key_t *key_out, const curve25519_secret_key_t *seckey); -void curve25519_keypair_generate(curve25519_keypair_t *keypair_out, - int extra_strong); +int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, + int extra_strong); void curve25519_handshake(uint8_t *output, const curve25519_secret_key_t *, |