diff options
| author | Nick Mathewson <nickm@torproject.org> | 2020-03-17 11:45:16 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-03-17 11:45:16 -0400 |
| commit | e15a621ac81c472f69a082180fa9b4ed39274e43 (patch) | |
| tree | 54020a4143660eeab6541cf5a752a380cff836ae /src | |
| parent | 9ef8f5d1b8c646d1383327a3d45cddf27ab4b886 (diff) | |
| parent | 5f4e14b8c8cd4c8907f669144a5a4bb8b8b7a585 (diff) | |
| download | tor-e15a621ac81c472f69a082180fa9b4ed39274e43.tar.gz tor-e15a621ac81c472f69a082180fa9b4ed39274e43.zip | |
Merge branch 'maint-0.4.1' into maint-0.4.2
Diffstat (limited to 'src')
| -rw-r--r-- | src/feature/hs/hs_client.c | 6 | ||||
| -rw-r--r-- | src/feature/hs/hs_service.c | 6 | ||||
| -rw-r--r-- | src/lib/crypt_ops/crypto_ed25519.c | 2 |
3 files changed, 10 insertions, 4 deletions
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 492e77faff..9d67f71275 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -1274,7 +1274,7 @@ hs_client_decode_descriptor(const char *desc_str, uint8_t subcredential[DIGEST256_LEN]; ed25519_public_key_t blinded_pubkey; hs_client_service_authorization_t *client_auth = NULL; - curve25519_secret_key_t *client_auht_sk = NULL; + curve25519_secret_key_t *client_auth_sk = NULL; tor_assert(desc_str); tor_assert(service_identity_pk); @@ -1283,7 +1283,7 @@ hs_client_decode_descriptor(const char *desc_str, /* Check if we have a client authorization for this service in the map. */ client_auth = find_client_auth(service_identity_pk); if (client_auth) { - client_auht_sk = &client_auth->enc_seckey; + client_auth_sk = &client_auth->enc_seckey; } /* Create subcredential for this HS so that we can decrypt */ @@ -1296,7 +1296,7 @@ hs_client_decode_descriptor(const char *desc_str, /* Parse descriptor */ ret = hs_desc_decode_descriptor(desc_str, subcredential, - client_auht_sk, desc); + client_auth_sk, desc); memwipe(subcredential, 0, sizeof(subcredential)); if (ret < 0) { goto err; diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 18c38ebc0a..17ac4fa4a9 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -3565,6 +3565,12 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, goto err; } + if (ed25519_validate_pubkey(&service->keys.identity_pk) < 0) { + log_warn(LD_CONFIG, "Bad ed25519 private key was provided"); + ret = RSAE_BADPRIVKEY; + goto err; + } + /* Make sure we have at least one port. */ if (smartlist_len(service->config.ports) == 0) { log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified " diff --git a/src/lib/crypt_ops/crypto_ed25519.c b/src/lib/crypt_ops/crypto_ed25519.c index 0581529125..c28111a5a5 100644 --- a/src/lib/crypt_ops/crypto_ed25519.c +++ b/src/lib/crypt_ops/crypto_ed25519.c @@ -795,7 +795,7 @@ ed25519_point_is_identity_element(const uint8_t *point) int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey) { - uint8_t result[32] = {9}; + uint8_t result[32] = {0}; /* First check that we were not given the identity element */ if (ed25519_point_is_identity_element(pubkey->pubkey)) { |