summaryrefslogtreecommitdiff
path: root/src/common/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/common/crypto.c')
-rw-r--r--src/common/crypto.c51
1 files changed, 26 insertions, 25 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 43bbaa3752..1be1bc1a2f 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -206,8 +206,8 @@ crypto_global_init(int useAccel)
#ifndef NO_ENGINES
if (useAccel) {
if (useAccel < 0)
- warn(LD_CRYPTO, "Initializing OpenSSL via tor_tls_init().");
- info(LD_CRYPTO, "Initializing OpenSSL engine support.");
+ log_warn(LD_CRYPTO, "Initializing OpenSSL via tor_tls_init().");
+ log_info(LD_CRYPTO, "Initializing OpenSSL engine support.");
ENGINE_load_builtin_engines();
if (!ENGINE_register_all_complete())
return -1;
@@ -363,7 +363,7 @@ crypto_create_init_cipher(const char *key, int encrypt_mode)
crypto_cipher_env_t *crypto = NULL;
if (! (crypto = crypto_new_cipher_env())) {
- warn(LD_CRYPTO, "Unable to allocate crypto object");
+ log_warn(LD_CRYPTO, "Unable to allocate crypto object");
return NULL;
}
@@ -474,7 +474,7 @@ crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env,
/* Read the file into a string. */
contents = read_file_to_str(keyfile, 0);
if (!contents) {
- warn(LD_CRYPTO, "Error reading private key from \"%s\"", keyfile);
+ log_warn(LD_CRYPTO, "Error reading private key from \"%s\"", keyfile);
return -1;
}
@@ -616,7 +616,7 @@ crypto_pk_DER64_encode_public_key(crypto_pk_env_t *env, char **out)
}
*out = tor_malloc(len * 2); /* too long, but safe. */
if (base64_encode(*out, len*2, buf, len) < 0) {
- warn(LD_CRYPTO, "Error base64-encoding DER-encoded key");
+ log_warn(LD_CRYPTO, "Error base64-encoding DER-encoded key");
tor_free(*out);
return -1;
}
@@ -652,7 +652,7 @@ crypto_pk_DER64_decode_public_key(const char *in)
return NULL;
len = base64_decode(buf, sizeof(buf), partitioned, strlen(partitioned));
if (len<0) {
- warn(LD_CRYPTO,"Error base-64 decoding key");
+ log_warn(LD_CRYPTO,"Error base-64 decoding key");
return NULL;
}
return crypto_pk_asn1_decode(buf, len);
@@ -810,16 +810,16 @@ crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
tor_assert(sig);
if (crypto_digest(digest,data,datalen)<0) {
- warn(LD_CRYPTO, "couldn't compute digest");
+ log_warn(LD_CRYPTO, "couldn't compute digest");
return -1;
}
r = crypto_pk_public_checksig(env,buf,sig,siglen);
if (r != DIGEST_LEN) {
- warn(LD_CRYPTO, "Invalid signature");
+ log_warn(LD_CRYPTO, "Invalid signature");
return -1;
}
if (memcmp(buf, digest, DIGEST_LEN)) {
- warn(LD_CRYPTO, "Signature mismatched with digest.");
+ log_warn(LD_CRYPTO, "Signature mismatched with digest.");
return -1;
}
@@ -1415,8 +1415,8 @@ crypto_dh_generate_public(crypto_dh_env_t *dh)
return -1;
}
if (tor_check_dh_key(dh->dh->pub_key)<0) {
- warn(LD_CRYPTO, "Weird! Our own DH key was invalid. I guess once-in-"
- "the-universe chances really do happen. Trying again.");
+ log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid. I guess once-in-"
+ "the-universe chances really do happen. Trying again.");
/* Free and clear the keys, so openssl will actually try again. */
BN_free(dh->dh->pub_key);
BN_free(dh->dh->priv_key);
@@ -1444,8 +1444,9 @@ crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey, size_t pubkey_len)
bytes = BN_num_bytes(dh->dh->pub_key);
tor_assert(bytes >= 0);
if (pubkey_len < (size_t)bytes) {
- warn(LD_CRYPTO, "Weird! pubkey_len (%d) was smaller than DH_BYTES (%d)",
- (int) pubkey_len, bytes);
+ log_warn(LD_CRYPTO,
+ "Weird! pubkey_len (%d) was smaller than DH_BYTES (%d)",
+ (int) pubkey_len, bytes);
return -1;
}
@@ -1471,13 +1472,13 @@ tor_check_dh_key(BIGNUM *bn)
init_dh_param();
BN_set_word(x, 1);
if (BN_cmp(bn,x)<=0) {
- warn(LD_CRYPTO, "DH key must be at least 2.");
+ log_warn(LD_CRYPTO, "DH key must be at least 2.");
goto err;
}
BN_copy(x,dh_param_p);
BN_sub_word(x, 1);
if (BN_cmp(bn,x)>=0) {
- warn(LD_CRYPTO, "DH key must be at most p-2.");
+ log_warn(LD_CRYPTO, "DH key must be at most p-2.");
goto err;
}
BN_free(x);
@@ -1485,7 +1486,7 @@ tor_check_dh_key(BIGNUM *bn)
err:
BN_free(x);
s = BN_bn2hex(bn);
- warn(LD_CRYPTO, "Rejecting insecure DH key [%s]", s);
+ log_warn(LD_CRYPTO, "Rejecting insecure DH key [%s]", s);
OPENSSL_free(s);
return -1;
}
@@ -1518,13 +1519,13 @@ crypto_dh_compute_secret(crypto_dh_env_t *dh,
goto error;
if (tor_check_dh_key(pubkey_bn)<0) {
/* Check for invalid public keys. */
- warn(LD_CRYPTO,"Rejected invalid g^x");
+ log_warn(LD_CRYPTO,"Rejected invalid g^x");
goto error;
}
secret_tmp = tor_malloc(crypto_dh_get_bytes(dh));
result = DH_compute_key((unsigned char*)secret_tmp, pubkey_bn, dh->dh);
if (result < 0) {
- warn(LD_CRYPTO,"DH_compute_key() failed.");
+ log_warn(LD_CRYPTO,"DH_compute_key() failed.");
goto error;
}
secret_len = result;
@@ -1644,7 +1645,7 @@ crypto_seed_rng(void)
* functions. If one succeeds, we'll accept the RNG as seeded. */
rand_poll_status = RAND_poll();
if (rand_poll_status == 0)
- warn(LD_CRYPTO, "RAND_poll() failed.");
+ log_warn(LD_CRYPTO, "RAND_poll() failed.");
#else
rand_poll_status = 0;
#endif
@@ -1654,14 +1655,14 @@ crypto_seed_rng(void)
if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT)) {
if (GetLastError() != NTE_BAD_KEYSET) {
- warn(LD_CRYPTO, "Can't get CryptoAPI provider [1]");
+ log_warn(LD_CRYPTO, "Can't get CryptoAPI provider [1]");
return rand_poll_status ? 0 : -1;
}
}
provider_set = 1;
}
if (!CryptGenRandom(provider, sizeof(buf), buf)) {
- warn(LD_CRYPTO, "Can't get entropy from CryptoAPI.");
+ log_warn(LD_CRYPTO, "Can't get entropy from CryptoAPI.");
return rand_poll_status ? 0 : -1;
}
RAND_seed(buf, sizeof(buf));
@@ -1670,19 +1671,19 @@ crypto_seed_rng(void)
for (i = 0; filenames[i]; ++i) {
fd = open(filenames[i], O_RDONLY, 0);
if (fd<0) continue;
- info(LD_CRYPTO, "Seeding RNG from \"%s\"", filenames[i]);
+ log_info(LD_CRYPTO, "Seeding RNG from \"%s\"", filenames[i]);
n = read_all(fd, buf, sizeof(buf), 0);
close(fd);
if (n != sizeof(buf)) {
- warn(LD_CRYPTO,
- "Error reading from entropy source (read only %d bytes).", n);
+ log_warn(LD_CRYPTO,
+ "Error reading from entropy source (read only %d bytes).", n);
return -1;
}
RAND_seed(buf, sizeof(buf));
return 0;
}
- warn(LD_CRYPTO, "Cannot seed RNG -- no entropy source found.");
+ log_warn(LD_CRYPTO, "Cannot seed RNG -- no entropy source found.");
return rand_poll_status ? 0 : -1;
#endif
}