Merge branch 'nss_squashed' into nss_merge

author: Nick Mathewson <nickm@torproject.org> 2018-09-04 20:21:07 -0400
committer: Nick Mathewson <nickm@torproject.org> 2018-09-04 20:21:07 -0400
commit: 0db5c549571eb0098a3f709ffb25c2e4909ca01d (patch)
tree: 0dbf1fbe9b25ddab292eadca50703f34de4c919e /src/tools
parent: fd994f55c441922d3c5ae19ad5c254a1ae1eccfd (diff)
parent: d644c93ae9373f99d95870c7b752b790f8714201 (diff)
download: tor-0db5c549571eb0098a3f709ffb25c2e4909ca01d.tar.gz
tor-0db5c549571eb0098a3f709ffb25c2e4909ca01d.zip
2 files changed, 30 insertions, 17 deletions
diff --git a/src/tools/include.am b/src/tools/include.am
index d5924dda5f..73ec86935f 100644
--- a/src/tools/include.am
+++ b/src/tools/include.am
@@ -1,7 +1,7 @@
-bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert src/tools/tor-print-ed-signing-cert
+bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-print-ed-signing-cert
 
 if COVERAGE_ENABLED
-noinst_PROGRAMS+= src/tools/tor-cov-resolve src/tools/tor-cov-gencert
+noinst_PROGRAMS+= src/tools/tor-cov-resolve
 endif
 
 src_tools_tor_resolve_SOURCES = src/tools/tor-resolve.c
@@ -20,14 +20,19 @@ src_tools_tor_cov_resolve_LDADD = \
 	@TOR_LIB_MATH@ @TOR_LIB_WS32@
 endif
 
+if USE_NSS
+# ...
+else
+bin_PROGRAMS += src/tools/tor-gencert
 src_tools_tor_gencert_SOURCES = src/tools/tor-gencert.c
-src_tools_tor_gencert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
+src_tools_tor_gencert_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
 src_tools_tor_gencert_LDADD = \
 	$(TOR_CRYPTO_LIBS) \
 	$(TOR_UTIL_LIBS) \
 	$(rust_ldadd) \
-	@TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
+	@TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ $(TOR_LIBS_CRYPTLIB) \
 	@TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@
+endif
 
 src_tools_tor_print_ed_signing_cert_SOURCES = src/tools/tor-print-ed-signing-cert.c
 src_tools_tor_print_ed_signing_cert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
@@ -35,20 +40,25 @@ src_tools_tor_print_ed_signing_cert_LDADD = \
 	src/trunnel/libor-trunnel.a \
         $(TOR_CRYPTO_LIBS) \
         $(TOR_UTIL_LIBS) \
-	@TOR_LIB_MATH@ @TOR_OPENSSL_LIBS@ \
+	@TOR_LIB_MATH@ $(TOR_LIBS_CRYPTLIB) \
 	@TOR_LIB_WS32@ @TOR_LIB_USERENV@
 
+if USE_NSS
+# ...
+else
 if COVERAGE_ENABLED
+noinst_PROGRAMS += src/tools/tor-cov-gencert
 src_tools_tor_cov_gencert_SOURCES = src/tools/tor-gencert.c
 src_tools_tor_cov_gencert_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
 src_tools_tor_cov_gencert_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
-src_tools_tor_cov_gencert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
+src_tools_tor_cov_gencert_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
 src_tools_tor_cov_gencert_LDADD = \
     $(TOR_CRYPTO_TESTING_LIBS) \
     $(TOR_UTIL_TESTING_LIBS) \
-    @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
+    @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ $(TOR_LIBS_CRYPTLIB) \
     @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
 endif
+endif
 
 if BUILD_LIBTORRUNNER
 noinst_LIBRARIES += src/tools/libtorrunner.a
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index ff924152a6..a498c205b7 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -14,7 +14,10 @@
 #endif
 
 #include "lib/cc/compat_compiler.h"
+#include "lib/crypt_ops/crypto_init.h"
+#include "lib/crypt_ops/crypto_openssl_mgt.h"
 
+#ifdef ENABLE_OPENSSL
 /* Some versions of OpenSSL declare X509_STORE_CTX_set_verify_cb twice in
  * x509.h and x509_vfy.h. Suppress the GCC warning so we can build with
  * -Wredundant-decl. */
@@ -28,12 +31,13 @@ DISABLE_GCC_WARNING(redundant-decls)
 #include <openssl/err.h>
 
 ENABLE_GCC_WARNING(redundant-decls)
+#endif
 
 #include <errno.h>
 
-#include "lib/crypt_ops/crypto.h"
 #include "lib/crypt_ops/crypto_digest.h"
 #include "lib/crypt_ops/crypto_rand.h"
+#include "lib/crypt_ops/crypto_rsa.h"
 #include "lib/crypt_ops/crypto_util.h"
 #include "lib/encoding/binascii.h"
 #include "lib/encoding/time_fmt.h"
@@ -237,8 +241,7 @@ generate_key(int bits)
   crypto_pk_t *env = crypto_pk_new();
   if (crypto_pk_generate_key_with_bits(env,bits)<0)
     goto done;
-  rsa = crypto_pk_get_rsa_(env);
-  rsa = RSAPrivateKey_dup(rsa);
+  rsa = crypto_pk_get_openssl_rsa_(env);
  done:
   crypto_pk_free(env);
   return rsa;
@@ -266,7 +269,7 @@ load_identity_key(void)
                IDENTITY_KEY_BITS);
     if (!(key = generate_key(IDENTITY_KEY_BITS))) {
       log_err(LD_GENERAL, "Couldn't generate identity key.");
-      crypto_log_errors(LOG_ERR, "Generating identity key");
+      crypto_openssl_log_errors(LOG_ERR, "Generating identity key");
       return 1;
     }
     identity_key = EVP_PKEY_new();
@@ -288,7 +291,7 @@ load_identity_key(void)
                                        NULL, NULL)) {
       log_err(LD_GENERAL, "Couldn't write identity key to %s",
               identity_key_file);
-      crypto_log_errors(LOG_ERR, "Writing identity key");
+      crypto_openssl_log_errors(LOG_ERR, "Writing identity key");
       abort_writing_to_file(open_file);
       return 1;
     }
@@ -353,7 +356,7 @@ generate_signing_key(void)
              SIGNING_KEY_BITS);
   if (!(key = generate_key(SIGNING_KEY_BITS))) {
     log_err(LD_GENERAL, "Couldn't generate signing key.");
-    crypto_log_errors(LOG_ERR, "Generating signing key");
+    crypto_openssl_log_errors(LOG_ERR, "Generating signing key");
     return 1;
   }
   signing_key = EVP_PKEY_new();
@@ -369,7 +372,7 @@ generate_signing_key(void)
 
   /* Write signing key with no encryption. */
   if (!PEM_write_RSAPrivateKey(f, key, NULL, NULL, 0, NULL, NULL)) {
-    crypto_log_errors(LOG_WARN, "writing signing key");
+    crypto_openssl_log_errors(LOG_WARN, "writing signing key");
     abort_writing_to_file(open_file);
     return 1;
   }
@@ -393,7 +396,7 @@ key_to_string(EVP_PKEY *key)
 
   b = BIO_new(BIO_s_mem());
   if (!PEM_write_bio_RSAPublicKey(b, rsa)) {
-    crypto_log_errors(LOG_WARN, "writing public key to string");
+    crypto_openssl_log_errors(LOG_WARN, "writing public key to string");
     RSA_free(rsa);
     return NULL;
   }
@@ -414,7 +417,7 @@ static int
 get_fingerprint(EVP_PKEY *pkey, char *out)
 {
   int r = -1;
-  crypto_pk_t *pk = crypto_new_pk_from_rsa_(EVP_PKEY_get1_RSA(pkey));
+  crypto_pk_t *pk = crypto_new_pk_from_openssl_rsa_(EVP_PKEY_get1_RSA(pkey));
   if (pk) {
     r = crypto_pk_get_fingerprint(pk, out, 0);
     crypto_pk_free(pk);
@@ -427,7 +430,7 @@ static int
 get_digest(EVP_PKEY *pkey, char *out)
 {
   int r = -1;
-  crypto_pk_t *pk = crypto_new_pk_from_rsa_(EVP_PKEY_get1_RSA(pkey));
+  crypto_pk_t *pk = crypto_new_pk_from_openssl_rsa_(EVP_PKEY_get1_RSA(pkey));
   if (pk) {
     r = crypto_pk_get_digest(pk, out);
     crypto_pk_free(pk);
author	Nick Mathewson <nickm@torproject.org>	2018-09-04 20:21:07 -0400
committer	Nick Mathewson <nickm@torproject.org>	2018-09-04 20:21:07 -0400
commit	0db5c549571eb0098a3f709ffb25c2e4909ca01d (patch)
tree	0dbf1fbe9b25ddab292eadca50703f34de4c919e /src/tools
parent	fd994f55c441922d3c5ae19ad5c254a1ae1eccfd (diff)
parent	d644c93ae9373f99d95870c7b752b790f8714201 (diff)
download	tor-0db5c549571eb0098a3f709ffb25c2e4909ca01d.tar.gz tor-0db5c549571eb0098a3f709ffb25c2e4909ca01d.zip