aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/lib/crypt_ops/crypto_dh.c6
-rw-r--r--src/lib/crypt_ops/crypto_openssl_mgt.c22
-rw-r--r--src/lib/crypt_ops/crypto_openssl_mgt.h2
-rw-r--r--src/lib/crypt_ops/crypto_rsa.c26
-rw-r--r--src/lib/crypt_ops/crypto_util.c23
-rw-r--r--src/lib/crypt_ops/crypto_util.h9
-rw-r--r--src/tools/tor-gencert.c11
7 files changed, 46 insertions, 53 deletions
diff --git a/src/lib/crypt_ops/crypto_dh.c b/src/lib/crypt_ops/crypto_dh.c
index 3e82996935..ab06fd4969 100644
--- a/src/lib/crypt_ops/crypto_dh.c
+++ b/src/lib/crypt_ops/crypto_dh.c
@@ -269,7 +269,7 @@ crypto_dh_new(int dh_type)
/* LCOV_EXCL_START
* This error condition is only reached when an allocation fails */
err:
- crypto_log_errors(LOG_WARN, "creating DH object");
+ crypto_openssl_log_errors(LOG_WARN, "creating DH object");
if (res->dh) DH_free(res->dh); /* frees p and g too */
tor_free(res);
return NULL;
@@ -309,7 +309,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
if (!DH_generate_key(dh->dh)) {
/* LCOV_EXCL_START
* To test this we would need some way to tell openssl to break DH. */
- crypto_log_errors(LOG_WARN, "generating DH key");
+ crypto_openssl_log_errors(LOG_WARN, "generating DH key");
return -1;
/* LCOV_EXCL_STOP */
}
@@ -472,7 +472,7 @@ crypto_dh_compute_secret(int severity, crypto_dh_t *dh,
error:
result = -1;
done:
- crypto_log_errors(LOG_WARN, "completing DH handshake");
+ crypto_openssl_log_errors(LOG_WARN, "completing DH handshake");
if (pubkey_bn)
BN_clear_free(pubkey_bn);
if (secret_tmp) {
diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c
index b0c88bff4d..bf5b96f9a5 100644
--- a/src/lib/crypt_ops/crypto_openssl_mgt.c
+++ b/src/lib/crypt_ops/crypto_openssl_mgt.c
@@ -17,6 +17,7 @@
#include "lib/string/util_string.h"
#include "lib/lock/compat_mutex.h"
#include "lib/log/log.h"
+#include "lib/log/util_bug.h"
#include "lib/testsupport/testsupport.h"
#include "lib/thread/threads.h"
@@ -53,6 +54,27 @@ STATIC void openssl_locking_cb_(int mode, int n, const char *file, int line);
STATIC void tor_set_openssl_thread_id(CRYPTO_THREADID *threadid);
#endif
+/** Log all pending crypto errors at level <b>severity</b>. Use
+ * <b>doing</b> to describe our current activities.
+ */
+void
+crypto_openssl_log_errors(int severity, const char *doing)
+{
+ unsigned long err;
+ const char *msg, *lib, *func;
+ while ((err = ERR_get_error()) != 0) {
+ msg = (const char*)ERR_reason_error_string(err);
+ lib = (const char*)ERR_lib_error_string(err);
+ func = (const char*)ERR_func_error_string(err);
+ if (!msg) msg = "(null)";
+ if (!lib) lib = "(null)";
+ if (!func) func = "(null)";
+ if (BUG(!doing)) doing = "(null)";
+ tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)",
+ doing, msg, lib, func);
+ }
+}
+
/* Returns a trimmed and human-readable version of an openssl version string
* <b>raw_version</b>. They are usually in the form of 'OpenSSL 1.0.0b 10
* May 2012' and this will parse them into a form similar to '1.0.0b' */
diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h
index 60583a056e..417bb36f01 100644
--- a/src/lib/crypt_ops/crypto_openssl_mgt.h
+++ b/src/lib/crypt_ops/crypto_openssl_mgt.h
@@ -69,6 +69,8 @@
#define NEW_THREAD_API
#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && ... */
+void crypto_openssl_log_errors(int severity, const char *doing);
+
/* global openssl state */
const char * crypto_openssl_get_version_str(void);
const char * crypto_openssl_get_header_version_str(void);
diff --git a/src/lib/crypt_ops/crypto_rsa.c b/src/lib/crypt_ops/crypto_rsa.c
index f0fd6d5f4b..d8a9be7ec9 100644
--- a/src/lib/crypt_ops/crypto_rsa.c
+++ b/src/lib/crypt_ops/crypto_rsa.c
@@ -207,7 +207,7 @@ crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits))
}
if (!env->key) {
- crypto_log_errors(LOG_WARN, "generating RSA key");
+ crypto_openssl_log_errors(LOG_WARN, "generating RSA key");
return -1;
}
@@ -252,7 +252,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env,
BIO_free(b);
if (!env->key) {
- crypto_log_errors(LOG_WARN, "Error parsing private key");
+ crypto_openssl_log_errors(LOG_WARN, "Error parsing private key");
return -1;
}
return 0;
@@ -316,7 +316,7 @@ crypto_pk_write_key_to_string_impl(crypto_pk_t *env, char **dest,
r = PEM_write_bio_RSAPrivateKey(b, env->key, NULL,NULL,0,NULL,NULL);
if (!r) {
- crypto_log_errors(LOG_WARN, "writing RSA key to string");
+ crypto_openssl_log_errors(LOG_WARN, "writing RSA key to string");
BIO_free(b);
return -1;
}
@@ -382,7 +382,7 @@ crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src,
env->key = PEM_read_bio_RSAPublicKey(b, NULL, pem_no_password_cb, NULL);
BIO_free(b);
if (!env->key) {
- crypto_log_errors(LOG_WARN, "reading public key from string");
+ crypto_openssl_log_errors(LOG_WARN, "reading public key from string");
return -1;
}
@@ -408,7 +408,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_t *env,
return -1;
if (PEM_write_bio_RSAPrivateKey(bio, env->key, NULL,NULL,0,NULL,NULL)
== 0) {
- crypto_log_errors(LOG_WARN, "writing private key");
+ crypto_openssl_log_errors(LOG_WARN, "writing private key");
BIO_free(bio);
return -1;
}
@@ -434,7 +434,7 @@ crypto_pk_check_key(crypto_pk_t *env)
r = RSA_check_key(env->key);
if (r <= 0)
- crypto_log_errors(LOG_WARN,"checking RSA key");
+ crypto_openssl_log_errors(LOG_WARN,"checking RSA key");
return r;
}
@@ -601,7 +601,7 @@ crypto_pk_copy_full(crypto_pk_t *env)
*/
log_err(LD_CRYPTO, "Unable to duplicate a %s key: openssl failed.",
privatekey?"private":"public");
- crypto_log_errors(LOG_ERR,
+ crypto_openssl_log_errors(LOG_ERR,
privatekey ? "Duplicating a private key" :
"Duplicating a public key");
tor_fragile_assert();
@@ -777,7 +777,7 @@ crypto_pk_public_encrypt(crypto_pk_t *env, char *to, size_t tolen,
(unsigned char*)from, (unsigned char*)to,
env->key, crypto_get_rsa_padding(padding));
if (r<0) {
- crypto_log_errors(LOG_WARN, "performing RSA encryption");
+ crypto_openssl_log_errors(LOG_WARN, "performing RSA encryption");
return -1;
}
return r;
@@ -813,7 +813,7 @@ crypto_pk_private_decrypt(crypto_pk_t *env, char *to,
env->key, crypto_get_rsa_padding(padding));
if (r<0) {
- crypto_log_errors(warnOnFailure?LOG_WARN:LOG_DEBUG,
+ crypto_openssl_log_errors(warnOnFailure?LOG_WARN:LOG_DEBUG,
"performing RSA decryption");
return -1;
}
@@ -844,7 +844,7 @@ crypto_pk_public_checksig,(const crypto_pk_t *env, char *to,
env->key, RSA_PKCS1_PADDING);
if (r<0) {
- crypto_log_errors(LOG_INFO, "checking RSA signature");
+ crypto_openssl_log_errors(LOG_INFO, "checking RSA signature");
return -1;
}
return r;
@@ -876,7 +876,7 @@ crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
(unsigned char*)from, (unsigned char*)to,
(RSA*)env->key, RSA_PKCS1_PADDING);
if (r<0) {
- crypto_log_errors(LOG_WARN, "generating RSA signature");
+ crypto_openssl_log_errors(LOG_WARN, "generating RSA signature");
return -1;
}
return r;
@@ -921,7 +921,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
rsa = d2i_RSAPublicKey(NULL, &cp, len);
tor_free(buf);
if (!rsa) {
- crypto_log_errors(LOG_WARN,"decoding public key");
+ crypto_openssl_log_errors(LOG_WARN,"decoding public key");
return NULL;
}
return crypto_new_pk_from_rsa_(rsa);
@@ -1165,7 +1165,7 @@ crypto_pk_base64_decode(const char *str, size_t len)
const unsigned char *dp = (unsigned char*)der; /* Shut the compiler up. */
RSA *rsa = d2i_RSAPrivateKey(NULL, &dp, der_len);
if (!rsa) {
- crypto_log_errors(LOG_WARN, "decoding private key");
+ crypto_openssl_log_errors(LOG_WARN, "decoding private key");
goto out;
}
diff --git a/src/lib/crypt_ops/crypto_util.c b/src/lib/crypt_ops/crypto_util.c
index 79988c6a91..a645321bfb 100644
--- a/src/lib/crypt_ops/crypto_util.c
+++ b/src/lib/crypt_ops/crypto_util.c
@@ -10,7 +10,6 @@
* \brief Common cryptographic utilities.
**/
-#ifndef CRYPTO_UTIL_PRIVATE
#define CRYPTO_UTIL_PRIVATE
#include "lib/crypt_ops/crypto_util.h"
@@ -105,25 +104,3 @@ memwipe(void *mem, uint8_t byte, size_t sz)
**/
memset(mem, byte, sz);
}
-
-/** Log all pending crypto errors at level <b>severity</b>. Use
- * <b>doing</b> to describe our current activities.
- */
-void
-crypto_log_errors(int severity, const char *doing)
-{
- unsigned long err;
- const char *msg, *lib, *func;
- while ((err = ERR_get_error()) != 0) {
- msg = (const char*)ERR_reason_error_string(err);
- lib = (const char*)ERR_lib_error_string(err);
- func = (const char*)ERR_func_error_string(err);
- if (!msg) msg = "(null)";
- if (!lib) lib = "(null)";
- if (!func) func = "(null)";
- if (BUG(!doing)) doing = "(null)";
- tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)",
- doing, msg, lib, func);
- }
-}
-#endif /* !defined(CRYPTO_UTIL_PRIVATE) */
diff --git a/src/lib/crypt_ops/crypto_util.h b/src/lib/crypt_ops/crypto_util.h
index 3ce34e6f23..e032263225 100644
--- a/src/lib/crypt_ops/crypto_util.h
+++ b/src/lib/crypt_ops/crypto_util.h
@@ -18,13 +18,4 @@
/** OpenSSL-based utility functions. */
void memwipe(void *mem, uint8_t byte, size_t sz);
-/** Log utility function */
-void crypto_log_errors(int severity, const char *doing);
-
-#ifdef CRYPTO_UTIL_PRIVATE
-#ifdef TOR_UNIT_TESTS
-#endif /* defined(TOR_UNIT_TESTS) */
-#endif /* defined(CRYPTO_UTIL_PRIVATE) */
-
#endif /* !defined(TOR_CRYPTO_UTIL_H) */
-
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index f87283097e..7e54483b28 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -15,6 +15,7 @@
#include "lib/cc/compat_compiler.h"
#include "lib/crypt_ops/crypto_init.h"
+#include "lib/crypt_ops/crypto_openssl_mgt.h"
/* Some versions of OpenSSL declare X509_STORE_CTX_set_verify_cb twice in
* x509.h and x509_vfy.h. Suppress the GCC warning so we can build with
@@ -267,7 +268,7 @@ load_identity_key(void)
IDENTITY_KEY_BITS);
if (!(key = generate_key(IDENTITY_KEY_BITS))) {
log_err(LD_GENERAL, "Couldn't generate identity key.");
- crypto_log_errors(LOG_ERR, "Generating identity key");
+ crypto_openssl_log_errors(LOG_ERR, "Generating identity key");
return 1;
}
identity_key = EVP_PKEY_new();
@@ -289,7 +290,7 @@ load_identity_key(void)
NULL, NULL)) {
log_err(LD_GENERAL, "Couldn't write identity key to %s",
identity_key_file);
- crypto_log_errors(LOG_ERR, "Writing identity key");
+ crypto_openssl_log_errors(LOG_ERR, "Writing identity key");
abort_writing_to_file(open_file);
return 1;
}
@@ -354,7 +355,7 @@ generate_signing_key(void)
SIGNING_KEY_BITS);
if (!(key = generate_key(SIGNING_KEY_BITS))) {
log_err(LD_GENERAL, "Couldn't generate signing key.");
- crypto_log_errors(LOG_ERR, "Generating signing key");
+ crypto_openssl_log_errors(LOG_ERR, "Generating signing key");
return 1;
}
signing_key = EVP_PKEY_new();
@@ -370,7 +371,7 @@ generate_signing_key(void)
/* Write signing key with no encryption. */
if (!PEM_write_RSAPrivateKey(f, key, NULL, NULL, 0, NULL, NULL)) {
- crypto_log_errors(LOG_WARN, "writing signing key");
+ crypto_openssl_log_errors(LOG_WARN, "writing signing key");
abort_writing_to_file(open_file);
return 1;
}
@@ -394,7 +395,7 @@ key_to_string(EVP_PKEY *key)
b = BIO_new(BIO_s_mem());
if (!PEM_write_bio_RSAPublicKey(b, rsa)) {
- crypto_log_errors(LOG_WARN, "writing public key to string");
+ crypto_openssl_log_errors(LOG_WARN, "writing public key to string");
RSA_free(rsa);
return NULL;
}