From 922208bd2d63c282a189b6fdd0da29ff40c08e82 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 11 Jul 2018 13:54:47 -0400 Subject: [PATCH] Extract and rename crypto_log_errors(). --- src/lib/crypt_ops/crypto_dh.c | 6 +++--- src/lib/crypt_ops/crypto_openssl_mgt.c | 22 ++++++++++++++++++++++ src/lib/crypt_ops/crypto_openssl_mgt.h | 2 ++ src/lib/crypt_ops/crypto_rsa.c | 26 +++++++++++++------------- src/lib/crypt_ops/crypto_util.c | 23 ----------------------- src/lib/crypt_ops/crypto_util.h | 9 --------- src/tools/tor-gencert.c | 11 ++++++----- 7 files changed, 46 insertions(+), 53 deletions(-) diff --git a/src/lib/crypt_ops/crypto_dh.c b/src/lib/crypt_ops/crypto_dh.c index 3e82996935..ab06fd4969 100644 --- a/src/lib/crypt_ops/crypto_dh.c +++ b/src/lib/crypt_ops/crypto_dh.c @@ -269,7 +269,7 @@ crypto_dh_new(int dh_type) /* LCOV_EXCL_START * This error condition is only reached when an allocation fails */ err: - crypto_log_errors(LOG_WARN, "creating DH object"); + crypto_openssl_log_errors(LOG_WARN, "creating DH object"); if (res->dh) DH_free(res->dh); /* frees p and g too */ tor_free(res); return NULL; @@ -309,7 +309,7 @@ crypto_dh_generate_public(crypto_dh_t *dh) if (!DH_generate_key(dh->dh)) { /* LCOV_EXCL_START * To test this we would need some way to tell openssl to break DH. */ - crypto_log_errors(LOG_WARN, "generating DH key"); + crypto_openssl_log_errors(LOG_WARN, "generating DH key"); return -1; /* LCOV_EXCL_STOP */ } @@ -472,7 +472,7 @@ crypto_dh_compute_secret(int severity, crypto_dh_t *dh, error: result = -1; done: - crypto_log_errors(LOG_WARN, "completing DH handshake"); + crypto_openssl_log_errors(LOG_WARN, "completing DH handshake"); if (pubkey_bn) BN_clear_free(pubkey_bn); if (secret_tmp) { diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c index b0c88bff4d..bf5b96f9a5 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.c +++ b/src/lib/crypt_ops/crypto_openssl_mgt.c @@ -17,6 +17,7 @@ #include "lib/string/util_string.h" #include "lib/lock/compat_mutex.h" #include "lib/log/log.h" +#include "lib/log/util_bug.h" #include "lib/testsupport/testsupport.h" #include "lib/thread/threads.h" @@ -53,6 +54,27 @@ STATIC void openssl_locking_cb_(int mode, int n, const char *file, int line); STATIC void tor_set_openssl_thread_id(CRYPTO_THREADID *threadid); #endif +/** Log all pending crypto errors at level severity. Use + * doing to describe our current activities. + */ +void +crypto_openssl_log_errors(int severity, const char *doing) +{ + unsigned long err; + const char *msg, *lib, *func; + while ((err = ERR_get_error()) != 0) { + msg = (const char*)ERR_reason_error_string(err); + lib = (const char*)ERR_lib_error_string(err); + func = (const char*)ERR_func_error_string(err); + if (!msg) msg = "(null)"; + if (!lib) lib = "(null)"; + if (!func) func = "(null)"; + if (BUG(!doing)) doing = "(null)"; + tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)", + doing, msg, lib, func); + } +} + /* Returns a trimmed and human-readable version of an openssl version string * raw_version. They are usually in the form of 'OpenSSL 1.0.0b 10 * May 2012' and this will parse them into a form similar to '1.0.0b' */ diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h index 60583a056e..417bb36f01 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.h +++ b/src/lib/crypt_ops/crypto_openssl_mgt.h @@ -69,6 +69,8 @@ #define NEW_THREAD_API #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && ... */ +void crypto_openssl_log_errors(int severity, const char *doing); + /* global openssl state */ const char * crypto_openssl_get_version_str(void); const char * crypto_openssl_get_header_version_str(void); diff --git a/src/lib/crypt_ops/crypto_rsa.c b/src/lib/crypt_ops/crypto_rsa.c index f0fd6d5f4b..d8a9be7ec9 100644 --- a/src/lib/crypt_ops/crypto_rsa.c +++ b/src/lib/crypt_ops/crypto_rsa.c @@ -207,7 +207,7 @@ crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits)) } if (!env->key) { - crypto_log_errors(LOG_WARN, "generating RSA key"); + crypto_openssl_log_errors(LOG_WARN, "generating RSA key"); return -1; } @@ -252,7 +252,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env, BIO_free(b); if (!env->key) { - crypto_log_errors(LOG_WARN, "Error parsing private key"); + crypto_openssl_log_errors(LOG_WARN, "Error parsing private key"); return -1; } return 0; @@ -316,7 +316,7 @@ crypto_pk_write_key_to_string_impl(crypto_pk_t *env, char **dest, r = PEM_write_bio_RSAPrivateKey(b, env->key, NULL,NULL,0,NULL,NULL); if (!r) { - crypto_log_errors(LOG_WARN, "writing RSA key to string"); + crypto_openssl_log_errors(LOG_WARN, "writing RSA key to string"); BIO_free(b); return -1; } @@ -382,7 +382,7 @@ crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src, env->key = PEM_read_bio_RSAPublicKey(b, NULL, pem_no_password_cb, NULL); BIO_free(b); if (!env->key) { - crypto_log_errors(LOG_WARN, "reading public key from string"); + crypto_openssl_log_errors(LOG_WARN, "reading public key from string"); return -1; } @@ -408,7 +408,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_t *env, return -1; if (PEM_write_bio_RSAPrivateKey(bio, env->key, NULL,NULL,0,NULL,NULL) == 0) { - crypto_log_errors(LOG_WARN, "writing private key"); + crypto_openssl_log_errors(LOG_WARN, "writing private key"); BIO_free(bio); return -1; } @@ -434,7 +434,7 @@ crypto_pk_check_key(crypto_pk_t *env) r = RSA_check_key(env->key); if (r <= 0) - crypto_log_errors(LOG_WARN,"checking RSA key"); + crypto_openssl_log_errors(LOG_WARN,"checking RSA key"); return r; } @@ -601,7 +601,7 @@ crypto_pk_copy_full(crypto_pk_t *env) */ log_err(LD_CRYPTO, "Unable to duplicate a %s key: openssl failed.", privatekey?"private":"public"); - crypto_log_errors(LOG_ERR, + crypto_openssl_log_errors(LOG_ERR, privatekey ? "Duplicating a private key" : "Duplicating a public key"); tor_fragile_assert(); @@ -777,7 +777,7 @@ crypto_pk_public_encrypt(crypto_pk_t *env, char *to, size_t tolen, (unsigned char*)from, (unsigned char*)to, env->key, crypto_get_rsa_padding(padding)); if (r<0) { - crypto_log_errors(LOG_WARN, "performing RSA encryption"); + crypto_openssl_log_errors(LOG_WARN, "performing RSA encryption"); return -1; } return r; @@ -813,7 +813,7 @@ crypto_pk_private_decrypt(crypto_pk_t *env, char *to, env->key, crypto_get_rsa_padding(padding)); if (r<0) { - crypto_log_errors(warnOnFailure?LOG_WARN:LOG_DEBUG, + crypto_openssl_log_errors(warnOnFailure?LOG_WARN:LOG_DEBUG, "performing RSA decryption"); return -1; } @@ -844,7 +844,7 @@ crypto_pk_public_checksig,(const crypto_pk_t *env, char *to, env->key, RSA_PKCS1_PADDING); if (r<0) { - crypto_log_errors(LOG_INFO, "checking RSA signature"); + crypto_openssl_log_errors(LOG_INFO, "checking RSA signature"); return -1; } return r; @@ -876,7 +876,7 @@ crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen, (unsigned char*)from, (unsigned char*)to, (RSA*)env->key, RSA_PKCS1_PADDING); if (r<0) { - crypto_log_errors(LOG_WARN, "generating RSA signature"); + crypto_openssl_log_errors(LOG_WARN, "generating RSA signature"); return -1; } return r; @@ -921,7 +921,7 @@ crypto_pk_asn1_decode(const char *str, size_t len) rsa = d2i_RSAPublicKey(NULL, &cp, len); tor_free(buf); if (!rsa) { - crypto_log_errors(LOG_WARN,"decoding public key"); + crypto_openssl_log_errors(LOG_WARN,"decoding public key"); return NULL; } return crypto_new_pk_from_rsa_(rsa); @@ -1165,7 +1165,7 @@ crypto_pk_base64_decode(const char *str, size_t len) const unsigned char *dp = (unsigned char*)der; /* Shut the compiler up. */ RSA *rsa = d2i_RSAPrivateKey(NULL, &dp, der_len); if (!rsa) { - crypto_log_errors(LOG_WARN, "decoding private key"); + crypto_openssl_log_errors(LOG_WARN, "decoding private key"); goto out; } diff --git a/src/lib/crypt_ops/crypto_util.c b/src/lib/crypt_ops/crypto_util.c index 79988c6a91..a645321bfb 100644 --- a/src/lib/crypt_ops/crypto_util.c +++ b/src/lib/crypt_ops/crypto_util.c @@ -10,7 +10,6 @@ * \brief Common cryptographic utilities. **/ -#ifndef CRYPTO_UTIL_PRIVATE #define CRYPTO_UTIL_PRIVATE #include "lib/crypt_ops/crypto_util.h" @@ -105,25 +104,3 @@ memwipe(void *mem, uint8_t byte, size_t sz) **/ memset(mem, byte, sz); } - -/** Log all pending crypto errors at level severity. Use - * doing to describe our current activities. - */ -void -crypto_log_errors(int severity, const char *doing) -{ - unsigned long err; - const char *msg, *lib, *func; - while ((err = ERR_get_error()) != 0) { - msg = (const char*)ERR_reason_error_string(err); - lib = (const char*)ERR_lib_error_string(err); - func = (const char*)ERR_func_error_string(err); - if (!msg) msg = "(null)"; - if (!lib) lib = "(null)"; - if (!func) func = "(null)"; - if (BUG(!doing)) doing = "(null)"; - tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)", - doing, msg, lib, func); - } -} -#endif /* !defined(CRYPTO_UTIL_PRIVATE) */ diff --git a/src/lib/crypt_ops/crypto_util.h b/src/lib/crypt_ops/crypto_util.h index 3ce34e6f23..e032263225 100644 --- a/src/lib/crypt_ops/crypto_util.h +++ b/src/lib/crypt_ops/crypto_util.h @@ -18,13 +18,4 @@ /** OpenSSL-based utility functions. */ void memwipe(void *mem, uint8_t byte, size_t sz); -/** Log utility function */ -void crypto_log_errors(int severity, const char *doing); - -#ifdef CRYPTO_UTIL_PRIVATE -#ifdef TOR_UNIT_TESTS -#endif /* defined(TOR_UNIT_TESTS) */ -#endif /* defined(CRYPTO_UTIL_PRIVATE) */ - #endif /* !defined(TOR_CRYPTO_UTIL_H) */ - diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index f87283097e..7e54483b28 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -15,6 +15,7 @@ #include "lib/cc/compat_compiler.h" #include "lib/crypt_ops/crypto_init.h" +#include "lib/crypt_ops/crypto_openssl_mgt.h" /* Some versions of OpenSSL declare X509_STORE_CTX_set_verify_cb twice in * x509.h and x509_vfy.h. Suppress the GCC warning so we can build with @@ -267,7 +268,7 @@ load_identity_key(void) IDENTITY_KEY_BITS); if (!(key = generate_key(IDENTITY_KEY_BITS))) { log_err(LD_GENERAL, "Couldn't generate identity key."); - crypto_log_errors(LOG_ERR, "Generating identity key"); + crypto_openssl_log_errors(LOG_ERR, "Generating identity key"); return 1; } identity_key = EVP_PKEY_new(); @@ -289,7 +290,7 @@ load_identity_key(void) NULL, NULL)) { log_err(LD_GENERAL, "Couldn't write identity key to %s", identity_key_file); - crypto_log_errors(LOG_ERR, "Writing identity key"); + crypto_openssl_log_errors(LOG_ERR, "Writing identity key"); abort_writing_to_file(open_file); return 1; } @@ -354,7 +355,7 @@ generate_signing_key(void) SIGNING_KEY_BITS); if (!(key = generate_key(SIGNING_KEY_BITS))) { log_err(LD_GENERAL, "Couldn't generate signing key."); - crypto_log_errors(LOG_ERR, "Generating signing key"); + crypto_openssl_log_errors(LOG_ERR, "Generating signing key"); return 1; } signing_key = EVP_PKEY_new(); @@ -370,7 +371,7 @@ generate_signing_key(void) /* Write signing key with no encryption. */ if (!PEM_write_RSAPrivateKey(f, key, NULL, NULL, 0, NULL, NULL)) { - crypto_log_errors(LOG_WARN, "writing signing key"); + crypto_openssl_log_errors(LOG_WARN, "writing signing key"); abort_writing_to_file(open_file); return 1; } @@ -394,7 +395,7 @@ key_to_string(EVP_PKEY *key) b = BIO_new(BIO_s_mem()); if (!PEM_write_bio_RSAPublicKey(b, rsa)) { - crypto_log_errors(LOG_WARN, "writing public key to string"); + crypto_openssl_log_errors(LOG_WARN, "writing public key to string"); RSA_free(rsa); return NULL; }