Log an error if openssl fails to copy a key for us

This should never happen unless openssl is buggy or some of our
assumptions are deeply wrong, but one of those might have been the
cause of the not-yet-reproducible bug 1209.  If it ever happens again,
let's get some info we can use.

2 files changed, 15 insertions, 0 deletions

diff --git a/changes/copy_key_log_bug1209 b/changes/copy_key_log_bug1209
new file mode 100644
index 0000000000..f77e6000eb
--- /dev/null
+++ b/changes/copy_key_log_bug1209
@@ -0,0 +1,4 @@
+ o Minor bugfixes
+   - If OpenSSL fails to make a duplicate of a private or public key, log
+     an error message and try to exit cleanly.  May help with debugging
+     if bug 1209 ever remanifests.
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 1a1dad616c..06b6aa4b51 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -779,14 +779,25 @@ crypto_pk_env_t *
 crypto_pk_copy_full(crypto_pk_env_t *env)
 {
   RSA *new_key;
+  int privatekey = 0;
   tor_assert(env);
   tor_assert(env->key);
 
   if (PRIVATE_KEY_OK(env)) {
     new_key = RSAPrivateKey_dup(env->key);
+    privatekey = 1;
   } else {
     new_key = RSAPublicKey_dup(env->key);
   }
+  if (!new_key) {
+    log_err(LD_CRYPTO, "Unable to duplicate a %s key: openssl failed.",
+            privatekey?"private":"public");
+    crypto_log_errors(LOG_ERR,
+                      privatekey ? "Duplicating a private key" :
+                      "Duplicating a public key");
+    tor_fragile_assert();
+    return NULL;
+  }
 
   return _crypto_new_pk_env_rsa(new_key);
 }