Extract and rename crypto_log_errors().

This commit is contained in:
Nick Mathewson 2018-07-11 13:54:47 -04:00
parent 8e2df98860
commit 922208bd2d
7 changed files with 46 additions and 53 deletions

View File

@ -269,7 +269,7 @@ crypto_dh_new(int dh_type)
/* LCOV_EXCL_START /* LCOV_EXCL_START
* This error condition is only reached when an allocation fails */ * This error condition is only reached when an allocation fails */
err: err:
crypto_log_errors(LOG_WARN, "creating DH object"); crypto_openssl_log_errors(LOG_WARN, "creating DH object");
if (res->dh) DH_free(res->dh); /* frees p and g too */ if (res->dh) DH_free(res->dh); /* frees p and g too */
tor_free(res); tor_free(res);
return NULL; return NULL;
@ -309,7 +309,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
if (!DH_generate_key(dh->dh)) { if (!DH_generate_key(dh->dh)) {
/* LCOV_EXCL_START /* LCOV_EXCL_START
* To test this we would need some way to tell openssl to break DH. */ * To test this we would need some way to tell openssl to break DH. */
crypto_log_errors(LOG_WARN, "generating DH key"); crypto_openssl_log_errors(LOG_WARN, "generating DH key");
return -1; return -1;
/* LCOV_EXCL_STOP */ /* LCOV_EXCL_STOP */
} }
@ -472,7 +472,7 @@ crypto_dh_compute_secret(int severity, crypto_dh_t *dh,
error: error:
result = -1; result = -1;
done: done:
crypto_log_errors(LOG_WARN, "completing DH handshake"); crypto_openssl_log_errors(LOG_WARN, "completing DH handshake");
if (pubkey_bn) if (pubkey_bn)
BN_clear_free(pubkey_bn); BN_clear_free(pubkey_bn);
if (secret_tmp) { if (secret_tmp) {

View File

@ -17,6 +17,7 @@
#include "lib/string/util_string.h" #include "lib/string/util_string.h"
#include "lib/lock/compat_mutex.h" #include "lib/lock/compat_mutex.h"
#include "lib/log/log.h" #include "lib/log/log.h"
#include "lib/log/util_bug.h"
#include "lib/testsupport/testsupport.h" #include "lib/testsupport/testsupport.h"
#include "lib/thread/threads.h" #include "lib/thread/threads.h"
@ -53,6 +54,27 @@ STATIC void openssl_locking_cb_(int mode, int n, const char *file, int line);
STATIC void tor_set_openssl_thread_id(CRYPTO_THREADID *threadid); STATIC void tor_set_openssl_thread_id(CRYPTO_THREADID *threadid);
#endif #endif
/** Log all pending crypto errors at level <b>severity</b>. Use
* <b>doing</b> to describe our current activities.
*/
void
crypto_openssl_log_errors(int severity, const char *doing)
{
unsigned long err;
const char *msg, *lib, *func;
while ((err = ERR_get_error()) != 0) {
msg = (const char*)ERR_reason_error_string(err);
lib = (const char*)ERR_lib_error_string(err);
func = (const char*)ERR_func_error_string(err);
if (!msg) msg = "(null)";
if (!lib) lib = "(null)";
if (!func) func = "(null)";
if (BUG(!doing)) doing = "(null)";
tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)",
doing, msg, lib, func);
}
}
/* Returns a trimmed and human-readable version of an openssl version string /* Returns a trimmed and human-readable version of an openssl version string
* <b>raw_version</b>. They are usually in the form of 'OpenSSL 1.0.0b 10 * <b>raw_version</b>. They are usually in the form of 'OpenSSL 1.0.0b 10
* May 2012' and this will parse them into a form similar to '1.0.0b' */ * May 2012' and this will parse them into a form similar to '1.0.0b' */

View File

@ -69,6 +69,8 @@
#define NEW_THREAD_API #define NEW_THREAD_API
#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && ... */ #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && ... */
void crypto_openssl_log_errors(int severity, const char *doing);
/* global openssl state */ /* global openssl state */
const char * crypto_openssl_get_version_str(void); const char * crypto_openssl_get_version_str(void);
const char * crypto_openssl_get_header_version_str(void); const char * crypto_openssl_get_header_version_str(void);

View File

@ -207,7 +207,7 @@ crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits))
} }
if (!env->key) { if (!env->key) {
crypto_log_errors(LOG_WARN, "generating RSA key"); crypto_openssl_log_errors(LOG_WARN, "generating RSA key");
return -1; return -1;
} }
@ -252,7 +252,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env,
BIO_free(b); BIO_free(b);
if (!env->key) { if (!env->key) {
crypto_log_errors(LOG_WARN, "Error parsing private key"); crypto_openssl_log_errors(LOG_WARN, "Error parsing private key");
return -1; return -1;
} }
return 0; return 0;
@ -316,7 +316,7 @@ crypto_pk_write_key_to_string_impl(crypto_pk_t *env, char **dest,
r = PEM_write_bio_RSAPrivateKey(b, env->key, NULL,NULL,0,NULL,NULL); r = PEM_write_bio_RSAPrivateKey(b, env->key, NULL,NULL,0,NULL,NULL);
if (!r) { if (!r) {
crypto_log_errors(LOG_WARN, "writing RSA key to string"); crypto_openssl_log_errors(LOG_WARN, "writing RSA key to string");
BIO_free(b); BIO_free(b);
return -1; return -1;
} }
@ -382,7 +382,7 @@ crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src,
env->key = PEM_read_bio_RSAPublicKey(b, NULL, pem_no_password_cb, NULL); env->key = PEM_read_bio_RSAPublicKey(b, NULL, pem_no_password_cb, NULL);
BIO_free(b); BIO_free(b);
if (!env->key) { if (!env->key) {
crypto_log_errors(LOG_WARN, "reading public key from string"); crypto_openssl_log_errors(LOG_WARN, "reading public key from string");
return -1; return -1;
} }
@ -408,7 +408,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_t *env,
return -1; return -1;
if (PEM_write_bio_RSAPrivateKey(bio, env->key, NULL,NULL,0,NULL,NULL) if (PEM_write_bio_RSAPrivateKey(bio, env->key, NULL,NULL,0,NULL,NULL)
== 0) { == 0) {
crypto_log_errors(LOG_WARN, "writing private key"); crypto_openssl_log_errors(LOG_WARN, "writing private key");
BIO_free(bio); BIO_free(bio);
return -1; return -1;
} }
@ -434,7 +434,7 @@ crypto_pk_check_key(crypto_pk_t *env)
r = RSA_check_key(env->key); r = RSA_check_key(env->key);
if (r <= 0) if (r <= 0)
crypto_log_errors(LOG_WARN,"checking RSA key"); crypto_openssl_log_errors(LOG_WARN,"checking RSA key");
return r; return r;
} }
@ -601,7 +601,7 @@ crypto_pk_copy_full(crypto_pk_t *env)
*/ */
log_err(LD_CRYPTO, "Unable to duplicate a %s key: openssl failed.", log_err(LD_CRYPTO, "Unable to duplicate a %s key: openssl failed.",
privatekey?"private":"public"); privatekey?"private":"public");
crypto_log_errors(LOG_ERR, crypto_openssl_log_errors(LOG_ERR,
privatekey ? "Duplicating a private key" : privatekey ? "Duplicating a private key" :
"Duplicating a public key"); "Duplicating a public key");
tor_fragile_assert(); tor_fragile_assert();
@ -777,7 +777,7 @@ crypto_pk_public_encrypt(crypto_pk_t *env, char *to, size_t tolen,
(unsigned char*)from, (unsigned char*)to, (unsigned char*)from, (unsigned char*)to,
env->key, crypto_get_rsa_padding(padding)); env->key, crypto_get_rsa_padding(padding));
if (r<0) { if (r<0) {
crypto_log_errors(LOG_WARN, "performing RSA encryption"); crypto_openssl_log_errors(LOG_WARN, "performing RSA encryption");
return -1; return -1;
} }
return r; return r;
@ -813,7 +813,7 @@ crypto_pk_private_decrypt(crypto_pk_t *env, char *to,
env->key, crypto_get_rsa_padding(padding)); env->key, crypto_get_rsa_padding(padding));
if (r<0) { if (r<0) {
crypto_log_errors(warnOnFailure?LOG_WARN:LOG_DEBUG, crypto_openssl_log_errors(warnOnFailure?LOG_WARN:LOG_DEBUG,
"performing RSA decryption"); "performing RSA decryption");
return -1; return -1;
} }
@ -844,7 +844,7 @@ crypto_pk_public_checksig,(const crypto_pk_t *env, char *to,
env->key, RSA_PKCS1_PADDING); env->key, RSA_PKCS1_PADDING);
if (r<0) { if (r<0) {
crypto_log_errors(LOG_INFO, "checking RSA signature"); crypto_openssl_log_errors(LOG_INFO, "checking RSA signature");
return -1; return -1;
} }
return r; return r;
@ -876,7 +876,7 @@ crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
(unsigned char*)from, (unsigned char*)to, (unsigned char*)from, (unsigned char*)to,
(RSA*)env->key, RSA_PKCS1_PADDING); (RSA*)env->key, RSA_PKCS1_PADDING);
if (r<0) { if (r<0) {
crypto_log_errors(LOG_WARN, "generating RSA signature"); crypto_openssl_log_errors(LOG_WARN, "generating RSA signature");
return -1; return -1;
} }
return r; return r;
@ -921,7 +921,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
rsa = d2i_RSAPublicKey(NULL, &cp, len); rsa = d2i_RSAPublicKey(NULL, &cp, len);
tor_free(buf); tor_free(buf);
if (!rsa) { if (!rsa) {
crypto_log_errors(LOG_WARN,"decoding public key"); crypto_openssl_log_errors(LOG_WARN,"decoding public key");
return NULL; return NULL;
} }
return crypto_new_pk_from_rsa_(rsa); return crypto_new_pk_from_rsa_(rsa);
@ -1165,7 +1165,7 @@ crypto_pk_base64_decode(const char *str, size_t len)
const unsigned char *dp = (unsigned char*)der; /* Shut the compiler up. */ const unsigned char *dp = (unsigned char*)der; /* Shut the compiler up. */
RSA *rsa = d2i_RSAPrivateKey(NULL, &dp, der_len); RSA *rsa = d2i_RSAPrivateKey(NULL, &dp, der_len);
if (!rsa) { if (!rsa) {
crypto_log_errors(LOG_WARN, "decoding private key"); crypto_openssl_log_errors(LOG_WARN, "decoding private key");
goto out; goto out;
} }

View File

@ -10,7 +10,6 @@
* \brief Common cryptographic utilities. * \brief Common cryptographic utilities.
**/ **/
#ifndef CRYPTO_UTIL_PRIVATE
#define CRYPTO_UTIL_PRIVATE #define CRYPTO_UTIL_PRIVATE
#include "lib/crypt_ops/crypto_util.h" #include "lib/crypt_ops/crypto_util.h"
@ -105,25 +104,3 @@ memwipe(void *mem, uint8_t byte, size_t sz)
**/ **/
memset(mem, byte, sz); memset(mem, byte, sz);
} }
/** Log all pending crypto errors at level <b>severity</b>. Use
* <b>doing</b> to describe our current activities.
*/
void
crypto_log_errors(int severity, const char *doing)
{
unsigned long err;
const char *msg, *lib, *func;
while ((err = ERR_get_error()) != 0) {
msg = (const char*)ERR_reason_error_string(err);
lib = (const char*)ERR_lib_error_string(err);
func = (const char*)ERR_func_error_string(err);
if (!msg) msg = "(null)";
if (!lib) lib = "(null)";
if (!func) func = "(null)";
if (BUG(!doing)) doing = "(null)";
tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)",
doing, msg, lib, func);
}
}
#endif /* !defined(CRYPTO_UTIL_PRIVATE) */

View File

@ -18,13 +18,4 @@
/** OpenSSL-based utility functions. */ /** OpenSSL-based utility functions. */
void memwipe(void *mem, uint8_t byte, size_t sz); void memwipe(void *mem, uint8_t byte, size_t sz);
/** Log utility function */
void crypto_log_errors(int severity, const char *doing);
#ifdef CRYPTO_UTIL_PRIVATE
#ifdef TOR_UNIT_TESTS
#endif /* defined(TOR_UNIT_TESTS) */
#endif /* defined(CRYPTO_UTIL_PRIVATE) */
#endif /* !defined(TOR_CRYPTO_UTIL_H) */ #endif /* !defined(TOR_CRYPTO_UTIL_H) */

View File

@ -15,6 +15,7 @@
#include "lib/cc/compat_compiler.h" #include "lib/cc/compat_compiler.h"
#include "lib/crypt_ops/crypto_init.h" #include "lib/crypt_ops/crypto_init.h"
#include "lib/crypt_ops/crypto_openssl_mgt.h"
/* Some versions of OpenSSL declare X509_STORE_CTX_set_verify_cb twice in /* Some versions of OpenSSL declare X509_STORE_CTX_set_verify_cb twice in
* x509.h and x509_vfy.h. Suppress the GCC warning so we can build with * x509.h and x509_vfy.h. Suppress the GCC warning so we can build with
@ -267,7 +268,7 @@ load_identity_key(void)
IDENTITY_KEY_BITS); IDENTITY_KEY_BITS);
if (!(key = generate_key(IDENTITY_KEY_BITS))) { if (!(key = generate_key(IDENTITY_KEY_BITS))) {
log_err(LD_GENERAL, "Couldn't generate identity key."); log_err(LD_GENERAL, "Couldn't generate identity key.");
crypto_log_errors(LOG_ERR, "Generating identity key"); crypto_openssl_log_errors(LOG_ERR, "Generating identity key");
return 1; return 1;
} }
identity_key = EVP_PKEY_new(); identity_key = EVP_PKEY_new();
@ -289,7 +290,7 @@ load_identity_key(void)
NULL, NULL)) { NULL, NULL)) {
log_err(LD_GENERAL, "Couldn't write identity key to %s", log_err(LD_GENERAL, "Couldn't write identity key to %s",
identity_key_file); identity_key_file);
crypto_log_errors(LOG_ERR, "Writing identity key"); crypto_openssl_log_errors(LOG_ERR, "Writing identity key");
abort_writing_to_file(open_file); abort_writing_to_file(open_file);
return 1; return 1;
} }
@ -354,7 +355,7 @@ generate_signing_key(void)
SIGNING_KEY_BITS); SIGNING_KEY_BITS);
if (!(key = generate_key(SIGNING_KEY_BITS))) { if (!(key = generate_key(SIGNING_KEY_BITS))) {
log_err(LD_GENERAL, "Couldn't generate signing key."); log_err(LD_GENERAL, "Couldn't generate signing key.");
crypto_log_errors(LOG_ERR, "Generating signing key"); crypto_openssl_log_errors(LOG_ERR, "Generating signing key");
return 1; return 1;
} }
signing_key = EVP_PKEY_new(); signing_key = EVP_PKEY_new();
@ -370,7 +371,7 @@ generate_signing_key(void)
/* Write signing key with no encryption. */ /* Write signing key with no encryption. */
if (!PEM_write_RSAPrivateKey(f, key, NULL, NULL, 0, NULL, NULL)) { if (!PEM_write_RSAPrivateKey(f, key, NULL, NULL, 0, NULL, NULL)) {
crypto_log_errors(LOG_WARN, "writing signing key"); crypto_openssl_log_errors(LOG_WARN, "writing signing key");
abort_writing_to_file(open_file); abort_writing_to_file(open_file);
return 1; return 1;
} }
@ -394,7 +395,7 @@ key_to_string(EVP_PKEY *key)
b = BIO_new(BIO_s_mem()); b = BIO_new(BIO_s_mem());
if (!PEM_write_bio_RSAPublicKey(b, rsa)) { if (!PEM_write_bio_RSAPublicKey(b, rsa)) {
crypto_log_errors(LOG_WARN, "writing public key to string"); crypto_openssl_log_errors(LOG_WARN, "writing public key to string");
RSA_free(rsa); RSA_free(rsa);
return NULL; return NULL;
} }