summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/crypt_ops/crypto_digest.c4
-rw-r--r--src/lib/crypt_ops/crypto_digest.h3
-rw-r--r--src/lib/tls/x509.c3
-rw-r--r--src/lib/tls/x509_nss.c4
-rw-r--r--src/lib/tls/x509_openssl.c8
5 files changed, 14 insertions, 8 deletions
diff --git a/src/lib/crypt_ops/crypto_digest.c b/src/lib/crypt_ops/crypto_digest.c
index 2bc5f08342..77cf18dca9 100644
--- a/src/lib/crypt_ops/crypto_digest.c
+++ b/src/lib/crypt_ops/crypto_digest.c
@@ -116,8 +116,8 @@ library_supports_digest(digest_algorithm_t alg)
* <b>m</b>. Write the DIGEST_LEN byte result into <b>digest</b>.
* Return 0 on success, -1 on failure.
*/
-int
-crypto_digest(char *digest, const char *m, size_t len)
+MOCK_IMPL(int,
+crypto_digest,(char *digest, const char *m, size_t len))
{
tor_assert(m);
tor_assert(digest);
diff --git a/src/lib/crypt_ops/crypto_digest.h b/src/lib/crypt_ops/crypto_digest.h
index 59713d2b9f..204f1aaff3 100644
--- a/src/lib/crypt_ops/crypto_digest.h
+++ b/src/lib/crypt_ops/crypto_digest.h
@@ -16,6 +16,7 @@
#include "lib/cc/torint.h"
#include "lib/defs/digest_sizes.h"
#include "lib/malloc/malloc.h"
+#include "lib/testsupport/testsupport.h"
/** Length of a sha1 message digest when encoded in base32 with trailing =
* signs removed. */
@@ -75,7 +76,7 @@ typedef struct crypto_xof_t crypto_xof_t;
struct smartlist_t;
/* SHA-1 and other digests */
-int crypto_digest(char *digest, const char *m, size_t len);
+MOCK_DECL(int, crypto_digest,(char *digest, const char *m, size_t len));
int crypto_digest256(char *digest, const char *m, size_t len,
digest_algorithm_t algorithm);
int crypto_digest512(char *digest, const char *m, size_t len,
diff --git a/src/lib/tls/x509.c b/src/lib/tls/x509.c
index cff1c1302c..c88298b6cf 100644
--- a/src/lib/tls/x509.c
+++ b/src/lib/tls/x509.c
@@ -118,6 +118,7 @@ tor_x509_cert_new,(tor_x509_cert_impl_t *x509_cert))
crypto_pk_t *pk = tor_tls_cert_get_key(cert);
if (pk) {
if (crypto_pk_get_common_digests(pk, &cert->pkey_digests) < 0) {
+ log_warn(LD_CRYPTO, "unable to compute digests of certificate key");
crypto_pk_free(pk);
goto err;
}
@@ -128,10 +129,8 @@ tor_x509_cert_new,(tor_x509_cert_impl_t *x509_cert))
return cert;
err:
- /* LCOV_EXCL_START for the same reason as the exclusion above */
tor_free(cert);
log_err(LD_CRYPTO, "Couldn't wrap encoded X509 certificate.");
tor_x509_cert_impl_free_(x509_cert);
return NULL;
- /* LCOV_EXCL_STOP */
}
diff --git a/src/lib/tls/x509_nss.c b/src/lib/tls/x509_nss.c
index 35b3d2542b..68aebbb69a 100644
--- a/src/lib/tls/x509_nss.c
+++ b/src/lib/tls/x509_nss.c
@@ -62,9 +62,11 @@ tor_tls_create_certificate_internal(crypto_pk_t *rsa,
validity = CERT_CreateValidity(((PRTime)start_time) * PRTIME_PER_SEC,
((PRTime)end_time) * PRTIME_PER_SEC);
- if (! validity) {
+ if (BUG(! validity)) {
+ /* LCOV_EXCL_START */
crypto_nss_log_errors(LOG_WARN, "creating a validity object");
goto err;
+ /* LCOV_EXCL_STOP */
}
unsigned long serial_number;
diff --git a/src/lib/tls/x509_openssl.c b/src/lib/tls/x509_openssl.c
index 28a30b66e1..f315b88f36 100644
--- a/src/lib/tls/x509_openssl.c
+++ b/src/lib/tls/x509_openssl.c
@@ -327,11 +327,15 @@ tor_tls_cert_is_valid(int severity,
if (check_rsa_1024 && cert_key) {
RSA *rsa = EVP_PKEY_get1_RSA(cert_key);
#ifdef OPENSSL_1_1_API
- if (rsa && RSA_bits(rsa) == 1024)
+ if (rsa && RSA_bits(rsa) == 1024) {
#else
- if (rsa && BN_num_bits(rsa->n) == 1024)
+ if (rsa && BN_num_bits(rsa->n) == 1024) {
#endif
key_ok = 1;
+ } else {
+ log_fn(severity, LD_CRYPTO, "Invalid certificate: Key is not RSA1024.");
+ }
+
if (rsa)
RSA_free(rsa);
} else if (cert_key) {