mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 02:09:24 +01:00
Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
This commit is contained in:
Florent Daigniere
Nick Mathewson
parent
655adbf667
commit
01132c93fd
@ -486,7 +486,7 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
|
|||||||
r = NULL;
|
r = NULL;
|
||||||
done:
|
done:
|
||||||
if (e)
|
if (e)
|
||||||
BN_free(e);
|
BN_clear_free(e);
|
||||||
if (r)
|
if (r)
|
||||||
RSA_free(r);
|
RSA_free(r);
|
||||||
}
|
}
|
||||||
@ -1922,7 +1922,7 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname)
|
|||||||
|
|
||||||
/* If the space is occupied, free the previous TLS DH prime */
|
/* If the space is occupied, free the previous TLS DH prime */
|
||||||
if (dh_param_p_tls) {
|
if (dh_param_p_tls) {
|
||||||
BN_free(dh_param_p_tls);
|
BN_clear_free(dh_param_p_tls);
|
||||||
dh_param_p_tls = NULL;
|
dh_param_p_tls = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2084,8 +2084,8 @@ crypto_dh_generate_public(crypto_dh_t *dh)
|
|||||||
log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid. I guess once-in-"
|
log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid. I guess once-in-"
|
||||||
"the-universe chances really do happen. Trying again.");
|
"the-universe chances really do happen. Trying again.");
|
||||||
/* Free and clear the keys, so OpenSSL will actually try again. */
|
/* Free and clear the keys, so OpenSSL will actually try again. */
|
||||||
BN_free(dh->dh->pub_key);
|
BN_clear_free(dh->dh->pub_key);
|
||||||
BN_free(dh->dh->priv_key);
|
BN_clear_free(dh->dh->priv_key);
|
||||||
dh->dh->pub_key = dh->dh->priv_key = NULL;
|
dh->dh->pub_key = dh->dh->priv_key = NULL;
|
||||||
goto again;
|
goto again;
|
||||||
}
|
}
|
||||||
@ -2147,10 +2147,10 @@ tor_check_dh_key(int severity, BIGNUM *bn)
|
|||||||
log_fn(severity, LD_CRYPTO, "DH key must be at most p-2.");
|
log_fn(severity, LD_CRYPTO, "DH key must be at most p-2.");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
BN_free(x);
|
BN_clear_free(x);
|
||||||
return 0;
|
return 0;
|
||||||
err:
|
err:
|
||||||
BN_free(x);
|
BN_clear_free(x);
|
||||||
s = BN_bn2hex(bn);
|
s = BN_bn2hex(bn);
|
||||||
log_fn(severity, LD_CRYPTO, "Rejecting insecure DH key [%s]", s);
|
log_fn(severity, LD_CRYPTO, "Rejecting insecure DH key [%s]", s);
|
||||||
OPENSSL_free(s);
|
OPENSSL_free(s);
|
||||||
@ -2209,7 +2209,7 @@ crypto_dh_compute_secret(int severity, crypto_dh_t *dh,
|
|||||||
done:
|
done:
|
||||||
crypto_log_errors(LOG_WARN, "completing DH handshake");
|
crypto_log_errors(LOG_WARN, "completing DH handshake");
|
||||||
if (pubkey_bn)
|
if (pubkey_bn)
|
||||||
BN_free(pubkey_bn);
|
BN_clear_free(pubkey_bn);
|
||||||
if (secret_tmp) {
|
if (secret_tmp) {
|
||||||
memwipe(secret_tmp, 0, secret_tmp_len);
|
memwipe(secret_tmp, 0, secret_tmp_len);
|
||||||
tor_free(secret_tmp);
|
tor_free(secret_tmp);
|
||||||
@ -3118,11 +3118,11 @@ crypto_global_cleanup(void)
|
|||||||
ERR_free_strings();
|
ERR_free_strings();
|
||||||
|
|
||||||
if (dh_param_p)
|
if (dh_param_p)
|
||||||
BN_free(dh_param_p);
|
BN_clear_free(dh_param_p);
|
||||||
if (dh_param_p_tls)
|
if (dh_param_p_tls)
|
||||||
BN_free(dh_param_p_tls);
|
BN_clear_free(dh_param_p_tls);
|
||||||
if (dh_param_g)
|
if (dh_param_g)
|
||||||
BN_free(dh_param_g);
|
BN_clear_free(dh_param_g);
|
||||||
|
|
||||||
#ifndef DISABLE_ENGINES
|
#ifndef DISABLE_ENGINES
|
||||||
ENGINE_cleanup();
|
ENGINE_cleanup();
|
||||||
|
|||||||
@ -694,7 +694,7 @@ tor_tls_create_certificate(crypto_pk_t *rsa,
|
|||||||
if (pkey)
|
if (pkey)
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
if (serial_number)
|
if (serial_number)
|
||||||
BN_free(serial_number);
|
BN_clear_free(serial_number);
|
||||||
if (name)
|
if (name)
|
||||||
X509_NAME_free(name);
|
X509_NAME_free(name);
|
||||||
if (name_issuer)
|
if (name_issuer)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user