Merge remote branch 'origin/maint-0.2.2'

author: Nick Mathewson <nickm@torproject.org> 2011-01-15 12:03:44 -0500
committer: Nick Mathewson <nickm@torproject.org> 2011-01-15 12:03:44 -0500
commit: 1b8f2ef5505a3ee4d824abf70141e1ad8b48e66c (patch)
tree: 84ca91d89a48f063b905771834cf9b6f5c3f94bd /src/or
parent: b7b01d963af19497df2d23fd558ff408a12a669b (diff)
parent: ed87738ede789fb9eccfd2e5a34bd8c484dfe44e (diff)
download: tor-1b8f2ef5505a3ee4d824abf70141e1ad8b48e66c.tar.gz
tor-1b8f2ef5505a3ee4d824abf70141e1ad8b48e66c.zip
8 files changed, 24 insertions, 13 deletions
diff --git a/src/or/config.c b/src/or/config.c
index 00a01f5fb8..c7376a27d0 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -5329,8 +5329,8 @@ or_state_save(time_t now)
   tor_free(state);
   fname = get_datadir_fname("state");
   if (write_str_to_file(fname, contents, 0)<0) {
-    log_warn(LD_FS, "Unable to write state to file \"%s\"; will try later",
-             fname);
+    log_warn(LD_FS, "Unable to write state to file \"%s\"; "
+             "will try again later", fname);
     global_state->LastWritten = -1;
     tor_free(fname);
     tor_free(contents);
diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c
index c491656f73..d5faffb2c3 100644
--- a/src/or/dnsserv.c
+++ b/src/or/dnsserv.c
@@ -286,7 +286,7 @@ dnsserv_resolved(edge_connection_t *conn,
     char *ans = tor_strndup(answer, answer_len);
     evdns_server_request_add_ptr_reply(req, NULL,
                                        name,
-                                       (char*)answer, ttl);
+                                       ans, ttl);
     tor_free(ans);
   } else if (answer_type == RESOLVED_TYPE_ERROR) {
     err = DNS_ERR_NOTEXIST;
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 405db12591..68dc9f6712 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -452,6 +452,7 @@ networkstatus_check_document_signature(const networkstatus_t *consensus,
   signed_digest = tor_malloc(signed_digest_len);
   if (crypto_pk_public_checksig(cert->signing_key,
                                 signed_digest,
+                                signed_digest_len,
                                 sig->signature,
                                 sig->signature_len) < dlen ||
       memcmp(signed_digest, consensus->digests.d[sig->alg], dlen)) {
diff --git a/src/or/onion.c b/src/or/onion.c
index 9db9145c78..323e0003e6 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -199,6 +199,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
 
   /* set meeting point, meeting cookie, etc here. Leave zero for now. */
   if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out,
+                                      ONIONSKIN_CHALLENGE_LEN,
                                       challenge, DH_KEY_LEN,
                                       PK_PKCS1_OAEP_PADDING, 1)<0)
     goto err;
@@ -241,6 +242,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
       break;
     note_crypto_pk_op(DEC_ONIONSKIN);
     len = crypto_pk_private_hybrid_decrypt(k, challenge,
+                                           ONIONSKIN_CHALLENGE_LEN,
                                            onion_skin, ONIONSKIN_CHALLENGE_LEN,
                                            PK_PKCS1_OAEP_PADDING,0);
     if (len>0)
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 88c9fd7afb..1907d5a6cd 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -185,6 +185,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
   /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg,
    * to avoid buffer overflows? */
   r = crypto_pk_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
+                                      sizeof(payload)-DIGEST_LEN,
                                       tmp,
                                       (int)(dh_offset+DH_KEY_LEN),
                                       PK_PKCS1_OAEP_PADDING, 0);
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 9f775ef842..9f364b0a85 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -929,7 +929,8 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   /* Next N bytes is encrypted with service key */
   note_crypto_pk_op(REND_SERVER);
   r = crypto_pk_private_hybrid_decrypt(
-       intro_key,buf,(char*)(request+DIGEST_LEN),request_len-DIGEST_LEN,
+       intro_key,buf,sizeof(buf),
+       (char*)(request+DIGEST_LEN),request_len-DIGEST_LEN,
        PK_PKCS1_OAEP_PADDING,1);
   if (r<0) {
     log_warn(LD_PROTOCOL, "Couldn't decrypt INTRODUCE2 cell.");
@@ -1366,7 +1367,8 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
     goto err;
   len += 20;
   note_crypto_pk_op(REND_SERVER);
-  r = crypto_pk_private_sign_digest(intro_key, buf+len, buf, len);
+  r = crypto_pk_private_sign_digest(intro_key, buf+len, sizeof(buf)-len,
+                                    buf, len);
   if (r<0) {
     log_warn(LD_BUG, "Internal error: couldn't sign introduction request.");
     reason = END_CIRC_REASON_INTERNAL;
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 539e540585..96cc01b960 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -5099,7 +5099,8 @@ routerinfo_incompatible_with_extrainfo(const routerinfo_t *ri,
 
   if (ei->pending_sig) {
     char signed_digest[128];
-    if (crypto_pk_public_checksig(ri->identity_pkey, signed_digest,
+    if (crypto_pk_public_checksig(ri->identity_pkey,
+                       signed_digest, sizeof(signed_digest),
                        ei->pending_sig, ei->pending_sig_len) != DIGEST_LEN ||
         memcmp(signed_digest, ei->cache_info.signed_descriptor_digest,
                DIGEST_LEN)) {
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 1822517620..56d86bde91 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -700,11 +700,13 @@ router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
                                size_t digest_len, crypto_pk_env_t *private_key)
 {
   char *signature;
-  size_t i;
+  size_t i, keysize;
   int siglen;
 
-  signature = tor_malloc(crypto_pk_keysize(private_key));
-  siglen = crypto_pk_private_sign(private_key, signature, digest, digest_len);
+  keysize = crypto_pk_keysize(private_key);
+  signature = tor_malloc(keysize);
+  siglen = crypto_pk_private_sign(private_key, signature, keysize,
+                                  digest, digest_len);
   if (siglen < 0) {
     log_warn(LD_BUG,"Couldn't sign digest.");
     goto err;
@@ -1057,6 +1059,7 @@ check_signature_token(const char *digest,
                       const char *doctype)
 {
   char *signed_digest;
+  size_t keysize;
   const int check_authority = (flags & CST_CHECK_AUTHORITY);
   const int check_objtype = ! (flags & CST_NO_CHECK_OBJTYPE);
 
@@ -1078,10 +1081,11 @@ check_signature_token(const char *digest,
     }
   }
 
-  signed_digest = tor_malloc(tok->object_size);
-  if (crypto_pk_public_checksig(pkey, signed_digest, tok->object_body,
-                                tok->object_size)
-      < digest_len) {
+  keysize = crypto_pk_keysize(pkey);
+  signed_digest = tor_malloc(keysize);
+  if (crypto_pk_public_checksig(pkey, signed_digest, keysize,
+                                tok->object_body, tok->object_size)
+      < DIGEST_LEN) {
     log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
     tor_free(signed_digest);
     return -1;
author	Nick Mathewson <nickm@torproject.org>	2011-01-15 12:03:44 -0500
committer	Nick Mathewson <nickm@torproject.org>	2011-01-15 12:03:44 -0500
commit	1b8f2ef5505a3ee4d824abf70141e1ad8b48e66c (patch)
tree	84ca91d89a48f063b905771834cf9b6f5c3f94bd /src/or
parent	b7b01d963af19497df2d23fd558ff408a12a669b (diff)
parent	ed87738ede789fb9eccfd2e5a34bd8c484dfe44e (diff)
download	tor-1b8f2ef5505a3ee4d824abf70141e1ad8b48e66c.tar.gz tor-1b8f2ef5505a3ee4d824abf70141e1ad8b48e66c.zip