Merge commit 'public/android'

This commit is contained in:
Nick Mathewson 2009-10-11 23:30:19 -04:00
commit da990d09c3
9 changed files with 61 additions and 17 deletions

View File

@ -46,6 +46,8 @@ Changes in version 0.2.2.4-alpha - 2009-10-10
can run tests in their own processes, have smarter setup/teardown
code, and so on. The unit test code has moved to its own
subdirectory, and has been split into multiple modules.
- Numerous fixes from Nathan Freitas so that Tor can build correctly for
Android phones.
Changes in version 0.2.2.3-alpha - 2009-09-23

View File

@ -50,9 +50,9 @@
#define CRYPTO_PRIVATE
#include "crypto.h"
#include "log.h"
#include "../common/log.h"
#include "aes.h"
#include "util.h"
#include "../common/util.h"
#include "container.h"
#include "compat.h"
@ -62,6 +62,11 @@
#include <openssl/engine.h>
#ifdef ANDROID
/* Android's OpenSSL seems to have removed all of its Engine support. */
#define DISABLE_ENGINES
#endif
#if OPENSSL_VERSION_NUMBER < 0x00908000l
/* On OpenSSL versions before 0.9.8, there is no working SHA256
* implementation, so we use Tom St Denis's nice speedy one, slightly adapted
@ -174,6 +179,7 @@ crypto_log_errors(int severity, const char *doing)
}
}
#ifndef DISABLE_ENGINES
/** Log any OpenSSL engines we're using at NOTICE. */
static void
log_engine(const char *fn, ENGINE *e)
@ -188,7 +194,9 @@ log_engine(const char *fn, ENGINE *e)
log(LOG_INFO, LD_CRYPTO, "Using default implementation for %s", fn);
}
}
#endif
#ifndef DISABLE_ENGINES
/** Try to load an engine in a shared library via fully qualified path.
*/
static ENGINE *
@ -206,6 +214,7 @@ try_load_engine(const char *path, const char *engine)
}
return e;
}
#endif
/** Initialize the crypto library. Return 0 on success, -1 on failure.
*/
@ -218,10 +227,17 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
_crypto_global_initialized = 1;
setup_openssl_threading();
if (useAccel > 0) {
#ifdef DISABLE_ENGINES
(void)accelName;
(void)accelDir;
log_warn(LD_CRYPTO, "No OpenSSL hardware acceleration support enabled.");
#else
ENGINE *e = NULL;
log_info(LD_CRYPTO, "Initializing OpenSSL engine support.");
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
if (accelName) {
if (accelDir) {
log_info(LD_CRYPTO, "Trying to load dynamic OpenSSL engine \"%s\""
@ -251,6 +267,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1));
log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb));
log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb));
#endif
} else {
log_info(LD_CRYPTO, "NOT using OpenSSL engine support.");
}
@ -274,7 +291,11 @@ crypto_global_cleanup(void)
EVP_cleanup();
ERR_remove_state(0);
ERR_free_strings();
#ifndef DISABLE_ENGINES
ENGINE_cleanup();
#endif
CONF_modules_unload(1);
CRYPTO_cleanup_all_ex_data();
#ifdef TOR_IS_MULTITHREADED
@ -316,7 +337,8 @@ _crypto_new_pk_env_evp_pkey(EVP_PKEY *pkey)
return _crypto_new_pk_env_rsa(rsa);
}
/** Helper, used by tor-checkkey.c. Return the RSA from a crypto_pk_env_t. */
/** Helper, used by tor-checkkey.c and tor-gencert.c. Return the RSA from a
* crypto_pk_env_t. */
RSA *
_crypto_pk_env_get_rsa(crypto_pk_env_t *env)
{
@ -451,11 +473,11 @@ crypto_free_cipher_env(crypto_cipher_env_t *env)
/* public key crypto */
/** Generate a new public/private keypair in <b>env</b>. Return 0 on
* success, -1 on failure.
/** Generate a <b>bits</b>-bit new public/private keypair in <b>env</b>.
* Return 0 on success, -1 on failure.
*/
int
crypto_pk_generate_key(crypto_pk_env_t *env)
crypto_pk_generate_key_with_bits(crypto_pk_env_t *env, int bits)
{
tor_assert(env);
@ -463,7 +485,7 @@ crypto_pk_generate_key(crypto_pk_env_t *env)
RSA_free(env->key);
#if OPENSSL_VERSION_NUMBER < 0x00908000l
/* In OpenSSL 0.9.7, RSA_generate_key is all we have. */
env->key = RSA_generate_key(PK_BYTES*8,65537, NULL, NULL);
env->key = RSA_generate_key(bits, 65537, NULL, NULL);
#else
/* In OpenSSL 0.9.8, RSA_generate_key is deprecated. */
{
@ -476,7 +498,7 @@ crypto_pk_generate_key(crypto_pk_env_t *env)
r = RSA_new();
if (!r)
goto done;
if (RSA_generate_key_ex(r, PK_BYTES*8, e, NULL) == -1)
if (RSA_generate_key_ex(r, bits, e, NULL) == -1)
goto done;
env->key = r;

View File

@ -86,7 +86,9 @@ crypto_cipher_env_t *crypto_new_cipher_env(void);
void crypto_free_cipher_env(crypto_cipher_env_t *env);
/* public key crypto */
int crypto_pk_generate_key(crypto_pk_env_t *env);
int crypto_pk_generate_key_with_bits(crypto_pk_env_t *env, int bits);
#define crypto_pk_generate_key(env) \
crypto_pk_generate_key_with_bits((env), (PK_BYTES*8))
int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env,
const char *keyfile);

View File

@ -12,6 +12,8 @@
**/
#define BUFFERS_PRIVATE
#include "or.h"
#include "../common/util.h"
#include "../common/log.h"
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif

View File

@ -31,6 +31,7 @@
*/
#include "eventdns_tor.h"
#include "../common/util.h"
#include <sys/types.h>
/* #define NDEBUG */

View File

@ -82,7 +82,7 @@
#include "crypto.h"
#include "tortls.h"
#include "log.h"
#include "../common/log.h"
#include "compat.h"
#include "container.h"
#include "util.h"

View File

@ -7,7 +7,7 @@
#include <stdlib.h>
#include "crypto.h"
#include "log.h"
#include "util.h"
#include "../common/util.h"
#include "compat.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>

View File

@ -13,6 +13,7 @@
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/obj_mac.h>
#include <openssl/err.h>
@ -27,8 +28,8 @@
#define CRYPTO_PRIVATE
#include "compat.h"
#include "util.h"
#include "log.h"
#include "../common/util.h"
#include "../common/log.h"
#include "crypto.h"
#include "address.h"
@ -218,6 +219,20 @@ parse_commandline(int argc, char **argv)
return 0;
}
static RSA *
generate_key(int bits)
{
RSA *rsa = NULL;
crypto_pk_env_t *env = crypto_new_pk_env();
if (crypto_pk_generate_key_with_bits(env,bits)<0)
goto done;
rsa = _crypto_pk_env_get_rsa(env);
rsa = RSAPrivateKey_dup(rsa);
done:
crypto_free_pk_env(env);
return rsa;
}
/** Try to read the identity key from <b>identity_key_file</b>. If no such
* file exists and create_identity_key is set, make a new identity key and
* store it. Return 0 on success, nonzero on failure.
@ -238,7 +253,7 @@ load_identity_key(void)
}
log_notice(LD_GENERAL, "Generating %d-bit RSA identity key.",
IDENTITY_KEY_BITS);
if (!(key = RSA_generate_key(IDENTITY_KEY_BITS, 65537, NULL, NULL))) {
if (!(key = generate_key(IDENTITY_KEY_BITS))) {
log_err(LD_GENERAL, "Couldn't generate identity key.");
crypto_log_errors(LOG_ERR, "Generating identity key");
return 1;
@ -323,7 +338,7 @@ generate_signing_key(void)
RSA *key;
log_notice(LD_GENERAL, "Generating %d-bit RSA signing key.",
SIGNING_KEY_BITS);
if (!(key = RSA_generate_key(SIGNING_KEY_BITS, 65537, NULL, NULL))) {
if (!(key = generate_key(SIGNING_KEY_BITS))) {
log_err(LD_GENERAL, "Couldn't generate signing key.");
crypto_log_errors(LOG_ERR, "Generating signing key");
return 1;

View File

@ -6,9 +6,9 @@
#include "orconfig.h"
#include "compat.h"
#include "util.h"
#include "../common/util.h"
#include "address.h"
#include "log.h"
#include "../common/log.h"
#include <stdio.h>
#include <stdlib.h>