Rename functions that encode/decode private keys

It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.

src/feature/control/control.c

@@ -4994,7 +4994,7 @@ add_onion_helper_keyarg(const char *arg, int discard_pk,
 
   if (!strcasecmp(key_type_rsa1024, key_type)) {
     /* "RSA:<Base64 Blob>" - Loading a pre-existing RSA1024 key. */
-    pk = crypto_pk_base64_decode(key_blob, strlen(key_blob));
+    pk = crypto_pk_base64_decode_private(key_blob, strlen(key_blob));
     if (!pk) {
       err_msg = tor_strdup("512 Failed to decode RSA key\r\n");
       goto err;
@@ -5029,7 +5029,7 @@ add_onion_helper_keyarg(const char *arg, int discard_pk,
         goto err;
       }
       if (!discard_pk) {
-        if (crypto_pk_base64_encode(pk, &key_new_blob)) {
+        if (crypto_pk_base64_encode_private(pk, &key_new_blob)) {
           crypto_pk_free(pk);
           tor_asprintf(&err_msg, "551 Failed to encode %s key\r\n",
                        key_type_rsa1024);

src/lib/crypt_ops/crypto_rsa.h

@@ -101,8 +101,8 @@ int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
 int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
 int crypto_pk_get_common_digests(crypto_pk_t *pk,
                                  common_digests_t *digests_out);
-int crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out);
-crypto_pk_t *crypto_pk_base64_decode(const char *str, size_t len);
+int crypto_pk_base64_encode_private(const crypto_pk_t *pk, char **priv_out);
+crypto_pk_t *crypto_pk_base64_decode_private(const char *str, size_t len);
 
 /* Prototypes for private functions only used by tortls.c, crypto.c, and the
  * unit tests. */

src/lib/crypt_ops/crypto_rsa_openssl.c

@@ -750,7 +750,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
  * It is the caller's responsibility to sanitize and free the resulting buffer.
  */
 int
-crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out)
+crypto_pk_base64_encode_private(const crypto_pk_t *pk, char **priv_out)
 {
   unsigned char *der = NULL;
   int der_len;
@@ -781,7 +781,7 @@ crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out)
  * on failure.
  */
 crypto_pk_t *
-crypto_pk_base64_decode(const char *str, size_t len)
+crypto_pk_base64_decode_private(const char *str, size_t len)
 {
   crypto_pk_t *pk = NULL;
 

src/test/test_controller.c

@@ -161,7 +161,7 @@ test_add_onion_helper_keyarg_v2(void *arg)
   /* Test loading a RSA1024 key. */
   tor_free(err_msg);
   pk1 = pk_generate(0);
-  tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk1, &encoded));
+  tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded));
   tor_asprintf(&arg_str, "RSA1024:%s", encoded);
   ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob,
                                 &pk, &hs_version, &err_msg);

src/test/test_crypto.c

@@ -1420,22 +1420,22 @@ test_crypto_pk_base64(void *arg)
   /* Test Base64 encoding a key. */
   pk1 = pk_generate(0);
   tt_assert(pk1);
-  tt_int_op(0, OP_EQ, crypto_pk_base64_encode(pk1, &encoded));
+  tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded));
   tt_assert(encoded);
 
   /* Test decoding a valid key. */
-  pk2 = crypto_pk_base64_decode(encoded, strlen(encoded));
+  pk2 = crypto_pk_base64_decode_private(encoded, strlen(encoded));
   tt_assert(pk2);
   tt_int_op(crypto_pk_cmp_keys(pk1, pk2), OP_EQ, 0);
   crypto_pk_free(pk2);
 
   /* Test decoding a invalid key (not Base64). */
   static const char *invalid_b64 = "The key is in another castle!";
-  pk2 = crypto_pk_base64_decode(invalid_b64, strlen(invalid_b64));
+  pk2 = crypto_pk_base64_decode_private(invalid_b64, strlen(invalid_b64));
   tt_ptr_op(pk2, OP_EQ, NULL);
 
   /* Test decoding a truncated Base64 blob. */
-  pk2 = crypto_pk_base64_decode(encoded, strlen(encoded)/2);
+  pk2 = crypto_pk_base64_decode_private(encoded, strlen(encoded)/2);
   tt_ptr_op(pk2, OP_EQ, NULL);
 
  done: