1 files changed, 24 insertions, 5 deletions

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 6fe3c661c8..380f038f42 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -645,11 +645,21 @@ crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits))
   return 0;
 }
 
+/** A PEM callback that always reports a failure to get a password */
+static int
+pem_no_password_cb(char *buf, int size, int rwflag, void *u)
+{
+  (void)buf;
+  (void)size;
+  (void)rwflag;
+  (void)u;
+  return 0;
+}
+
 /** Read a PEM-encoded private key from the <b>len</b>-byte string <b>s</b>
  * into <b>env</b>.  Return 0 on success, -1 on failure.  If len is -1,
  * the string is nul-terminated.
  */
-/* Used here, and used for testing. */
 int
 crypto_pk_read_private_key_from_string(crypto_pk_t *env,
                                        const char *s, ssize_t len)
@@ -668,7 +678,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env,
   if (env->key)
     RSA_free(env->key);
 
-  env->key = PEM_read_bio_RSAPrivateKey(b,NULL,NULL,NULL);
+  env->key = PEM_read_bio_RSAPrivateKey(b,NULL,pem_no_password_cb,NULL);
 
   BIO_free(b);
 
@@ -800,7 +810,7 @@ crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src,
 
   if (env->key)
     RSA_free(env->key);
-  env->key = PEM_read_bio_RSAPublicKey(b, NULL, NULL, NULL);
+  env->key = PEM_read_bio_RSAPublicKey(b, NULL, pem_no_password_cb, NULL);
   BIO_free(b);
   if (!env->key) {
     crypto_log_errors(LOG_WARN, "reading public key from string");
@@ -2865,8 +2875,17 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
       tor_assert(errno != EAGAIN);
       tor_assert(errno != EINTR);
 
-      /* Probably ENOSYS. */
-      log_warn(LD_CRYPTO, "Can't get entropy from getrandom().");
+      /* Useful log message for errno. */
+      if (errno == ENOSYS) {
+        log_warn(LD_CRYPTO, "Can't get entropy from getrandom(). "
+                 " You are running a version of Tor built to support"
+                 " getrandom(), but the kernel doesn't implement this"
+                 " implement this function--probably because it is too old?");
+      } else {
+        log_warn(LD_CRYPTO, "Can't get entropy from getrandom(): %s.",
+                 strerror(errno));
+      }
+
       getrandom_works = 0; /* Don't bother trying again. */
       return -1;
       /* LCOV_EXCL_STOP */