Commit 1880a6a8 authored by Nick Mathewson's avatar Nick Mathewson 🥔
Browse files

Avoid asking for passphrase on junky PEM input

Fixes bug 24246 and TROVE-2017-011.

This bug is so old, it's in Matej's code.  Seems to have been
introduced with e01522bb.
parent 6f8c32b7
Loading
Loading
Loading
Loading

changes/trove-2017-011

0 → 100644
+8 −0
Original line number Diff line number Diff line
  o Major bugfixes (security):
    - Fix a denial of service bug where an attacker could use a malformed
      directory object to cause a Tor instance to pause while OpenSSL would
      try to read a passphrase from the terminal. (If the terminal was not
      available, tor would continue running.)  Fixes bug 24246; bugfix on
      every version of Tor.  Also tracked as TROVE-2017-011 and
      CVE-2017-8821.  Found by OSS-Fuzz as testcase 6360145429790720.
+13 −3
Original line number Diff line number Diff line
@@ -592,11 +592,21 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
  return 0;
}

/** A PEM callback that always reports a failure to get a password */
static int
pem_no_password_cb(char *buf, int size, int rwflag, void *u)
{
  (void)buf;
  (void)size;
  (void)rwflag;
  (void)u;
  return 0;
}

/** Read a PEM-encoded private key from the <b>len</b>-byte string <b>s</b>
 * into <b>env</b>.  Return 0 on success, -1 on failure.  If len is -1,
 * the string is nul-terminated.
 */
/* Used here, and used for testing. */
int
crypto_pk_read_private_key_from_string(crypto_pk_t *env,
                                       const char *s, ssize_t len)
@@ -615,7 +625,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env,
  if (env->key)
    RSA_free(env->key);

  env->key = PEM_read_bio_RSAPrivateKey(b,NULL,NULL,NULL);
  env->key = PEM_read_bio_RSAPrivateKey(b,NULL,pem_no_password_cb,NULL);

  BIO_free(b);

@@ -747,7 +757,7 @@ crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src,

  if (env->key)
    RSA_free(env->key);
  env->key = PEM_read_bio_RSAPublicKey(b, NULL, NULL, NULL);
  env->key = PEM_read_bio_RSAPublicKey(b, NULL, pem_no_password_cb, NULL);
  BIO_free(b);
  if (!env->key) {
    crypto_log_errors(LOG_WARN, "reading public key from string");