Rename openssl-bridging functions in crypto_rsa

These functions exist only to expose RSA keys to other places in Tor that use OpenSSL; let's be specific about their purpose.
author: Nick Mathewson <nickm@torproject.org> 2018-07-19 09:07:08 -0400
committer: Nick Mathewson <nickm@torproject.org> 2018-08-21 12:24:08 -0400
commit: 824009cde52d40c937c23670b71e9c5b28d2e1f3 (patch)
tree: 10287f5e1112ee6172b9897164cdceb7d219d3c1 /src/lib
parent: 38212d2e40a1eae9f65c1a695e478854177c0783 (diff)
download: tor-824009cde52d40c937c23670b71e9c5b28d2e1f3.tar.gz
tor-824009cde52d40c937c23670b71e9c5b28d2e1f3.zip
3 files changed, 24 insertions, 21 deletions
diff --git a/src/lib/crypt_ops/crypto_rsa.h b/src/lib/crypt_ops/crypto_rsa.h
index d1f9d57aa0..88978bf370 100644
--- a/src/lib/crypt_ops/crypto_rsa.h
+++ b/src/lib/crypt_ops/crypto_rsa.h
@@ -104,14 +104,16 @@ int crypto_pk_get_common_digests(crypto_pk_t *pk,
 int crypto_pk_base64_encode_private(const crypto_pk_t *pk, char **priv_out);
 crypto_pk_t *crypto_pk_base64_decode_private(const char *str, size_t len);
 
+#ifdef ENABLE_OPENSSL
 /* Prototypes for private functions only used by tortls.c, crypto.c, and the
  * unit tests. */
 struct rsa_st;
-struct rsa_st *crypto_pk_get_rsa_(crypto_pk_t *env);
-crypto_pk_t *crypto_new_pk_from_rsa_(struct rsa_st *rsa);
-MOCK_DECL(struct evp_pkey_st *, crypto_pk_get_evp_pkey_,(crypto_pk_t *env,
-                                                         int private));
 struct evp_pkey_st;
+struct rsa_st *crypto_pk_get_openssl_rsa_(crypto_pk_t *env);
+crypto_pk_t *crypto_new_pk_from_openssl_rsa_(struct rsa_st *rsa);
+MOCK_DECL(struct evp_pkey_st *, crypto_pk_get_openssl_evp_pkey_,(
+                                 crypto_pk_t *env,int private));
+#endif
 
 #ifdef TOR_UNIT_TESTS
 void crypto_pk_assign_(crypto_pk_t *dest, const crypto_pk_t *src);
diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c
index cd9fb52667..20be34cbd5 100644
--- a/src/lib/crypt_ops/crypto_rsa_openssl.c
+++ b/src/lib/crypt_ops/crypto_rsa_openssl.c
@@ -58,9 +58,10 @@ crypto_pk_key_is_private(const crypto_pk_t *k)
 #endif /* defined(OPENSSL_1_1_API) */
 }
 
-/** used by tortls.c: wrap an RSA* in a crypto_pk_t. */
+/** used by tortls.c: wrap an RSA* in a crypto_pk_t. Takes ownership of
+ * its argument. */
 crypto_pk_t *
-crypto_new_pk_from_rsa_(RSA *rsa)
+crypto_new_pk_from_openssl_rsa_(RSA *rsa)
 {
   crypto_pk_t *env;
   tor_assert(rsa);
@@ -70,19 +71,19 @@ crypto_new_pk_from_rsa_(RSA *rsa)
   return env;
 }
 
-/** Helper, used by tor-gencert.c.  Return the RSA from a
+/** Helper, used by tor-gencert.c.  Return a copy of the private RSA from a
  * crypto_pk_t. */
 RSA *
-crypto_pk_get_rsa_(crypto_pk_t *env)
+crypto_pk_get_openssl_rsa_(crypto_pk_t *env)
 {
-  return env->key;
+  return RSA_PrivateKeyDup(env->key);
 }
 
 /** used by tortls.c: get an equivalent EVP_PKEY* for a crypto_pk_t.  Iff
  * private is set, include the private-key portion of the key. Return a valid
  * pointer on success, and NULL on failure. */
 MOCK_IMPL(EVP_PKEY *,
-crypto_pk_get_evp_pkey_,(crypto_pk_t *env, int private))
+crypto_pk_get_openssl_evp_pkey_,(crypto_pk_t *env, int private))
 {
   RSA *key = NULL;
   EVP_PKEY *pkey = NULL;
@@ -117,7 +118,7 @@ crypto_pk_new,(void))
 
   rsa = RSA_new();
   tor_assert(rsa);
-  return crypto_new_pk_from_rsa_(rsa);
+  return crypto_new_pk_from_openssl_rsa_(rsa);
 }
 
 /** Release a reference to an asymmetric key; when all the references
@@ -556,7 +557,7 @@ crypto_pk_copy_full(crypto_pk_t *env)
     /* LCOV_EXCL_STOP */
   }
 
-  return crypto_new_pk_from_rsa_(new_key);
+  return crypto_new_pk_from_openssl_rsa_(new_key);
 }
 
 /** Encrypt <b>fromlen</b> bytes from <b>from</b> with the public key
@@ -729,7 +730,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
     crypto_openssl_log_errors(LOG_WARN,"decoding public key");
     return NULL;
   }
-  return crypto_new_pk_from_rsa_(rsa);
+  return crypto_new_pk_from_openssl_rsa_(rsa);
 }
 
 /** Given a crypto_pk_t <b>pk</b>, allocate a new buffer containing the
@@ -789,7 +790,7 @@ crypto_pk_base64_decode_private(const char *str, size_t len)
     goto out;
   }
 
-  pk = crypto_new_pk_from_rsa_(rsa);
+  pk = crypto_new_pk_from_openssl_rsa_(rsa);
 
   /* Make sure it's valid. */
   if (crypto_pk_check_key(pk) <= 0) {
diff --git a/src/lib/tls/tortls.c b/src/lib/tls/tortls.c
index 875ed95f8c..466df8966c 100644
--- a/src/lib/tls/tortls.c
+++ b/src/lib/tls/tortls.c
@@ -539,9 +539,9 @@ tor_tls_create_certificate,(crypto_pk_t *rsa,
   tor_assert(cname);
   tor_assert(rsa_sign);
   tor_assert(cname_sign);
-  if (!(sign_pkey = crypto_pk_get_evp_pkey_(rsa_sign,1)))
+  if (!(sign_pkey = crypto_pk_get_openssl_evp_pkey_(rsa_sign,1)))
     goto error;
-  if (!(pkey = crypto_pk_get_evp_pkey_(rsa,0)))
+  if (!(pkey = crypto_pk_get_openssl_evp_pkey_(rsa,0)))
     goto error;
   if (!(x509 = X509_new()))
     goto error;
@@ -746,7 +746,7 @@ tor_x509_cert_new,(X509 *x509_cert))
 
   if ((pkey = X509_get_pubkey(x509_cert)) &&
       (rsa = EVP_PKEY_get1_RSA(pkey))) {
-    crypto_pk_t *pk = crypto_new_pk_from_rsa_(rsa);
+    crypto_pk_t *pk = crypto_new_pk_from_openssl_rsa_(rsa);
     if (crypto_pk_get_common_digests(pk, &cert->pkey_digests) < 0) {
       crypto_pk_free(pk);
       EVP_PKEY_free(pkey);
@@ -915,7 +915,7 @@ tor_tls_cert_get_key(tor_x509_cert_t *cert)
     EVP_PKEY_free(pkey);
     return NULL;
   }
-  result = crypto_new_pk_from_rsa_(rsa);
+  result = crypto_new_pk_from_openssl_rsa_(rsa);
   EVP_PKEY_free(pkey);
   return result;
 }
@@ -1270,7 +1270,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
   SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
   if (!is_client) {
     tor_assert(rsa);
-    if (!(pkey = crypto_pk_get_evp_pkey_(rsa,1)))
+    if (!(pkey = crypto_pk_get_openssl_evp_pkey_(rsa,1)))
       goto error;
     if (!SSL_CTX_use_PrivateKey(result->ctx, pkey))
       goto error;
@@ -2277,7 +2277,7 @@ tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity_key)
   rsa = EVP_PKEY_get1_RSA(id_pkey);
   if (!rsa)
     goto done;
-  *identity_key = crypto_new_pk_from_rsa_(rsa);
+  *identity_key = crypto_new_pk_from_openssl_rsa_(rsa);
 
   r = 0;
 
@@ -2362,7 +2362,7 @@ tor_x509_cert_replace_expiration(const tor_x509_cert_t *inp,
 {
   X509 *newc = X509_dup(inp->cert);
   X509_time_adj(X509_get_notAfter(newc), 0, &new_expiration_time);
-  EVP_PKEY *pk = crypto_pk_get_evp_pkey_(signing_key, 1);
+  EVP_PKEY *pk = crypto_pk_get_openssl_evp_pkey_(signing_key, 1);
   tor_assert(X509_sign(newc, pk, EVP_sha256()));
   EVP_PKEY_free(pk);
   return tor_x509_cert_new(newc);
author	Nick Mathewson <nickm@torproject.org>	2018-07-19 09:07:08 -0400
committer	Nick Mathewson <nickm@torproject.org>	2018-08-21 12:24:08 -0400
commit	824009cde52d40c937c23670b71e9c5b28d2e1f3 (patch)
tree	10287f5e1112ee6172b9897164cdceb7d219d3c1 /src/lib
parent	38212d2e40a1eae9f65c1a695e478854177c0783 (diff)
download	tor-824009cde52d40c937c23670b71e9c5b28d2e1f3.tar.gz tor-824009cde52d40c937c23670b71e9c5b28d2e1f3.zip