commit 3812319bb16f8687c7b21c9b7bcd86b2ed62663a
Author: Fernando Fernandez Mancera <ffmancera(a)riseup.net>
Date: Fri Jan 26 16:43:46 2018 +0100
Tweaks into functions and variables in crypto_rsa.[ch]
crypto_get_rsa_padding_overhead() and crypto_get_rsa_padding() are
not static inline anymore in order to split the crypto_rsa module
from crypto.[ch].
Also included necessary modules in order to solve dependency issues.
Also made two functions in crypto.c use crypto_pk_asn1_encdoe()
instead of reaching into the crypto_pk_t struct.
---
src/common/crypto.c | 53 +++++++++++++++++++++++++++++------------------
src/common/crypto_rsa.c | 55 ++++++++++++++++++++++++++++++++++++++++++++-----
src/common/crypto_rsa.h | 8 +++++--
3 files changed, 89 insertions(+), 27 deletions(-)
diff --git a/src/common/crypto.c b/src/common/crypto.c
index bb9820fc2..a5372b70f 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -28,6 +28,7 @@
#include "crypto_curve25519.h"
#include "crypto_ed25519.h"
#include "crypto_format.h"
+#include "crypto_rsa.h"
DISABLE_GCC_WARNING(redundant-decls)
@@ -611,18 +612,24 @@ crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env,
int
crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
{
- unsigned char *buf = NULL;
+ char *buf;
+ size_t buflen;
int len;
+ int rv = -1;
- len = i2d_RSAPublicKey((RSA*)pk->key, &buf);
- if (len < 0 || buf == NULL)
- return -1;
- if (crypto_digest(digest_out, (char*)buf, len) < 0) {
- OPENSSL_free(buf);
- return -1;
- }
- OPENSSL_free(buf);
- return 0;
+ buflen = crypto_pk_keysize(pk)*2;
+ buf = tor_malloc(buflen);
+ len = crypto_pk_asn1_encode(pk, buf, buflen);
+ if (len < 0)
+ goto done;
+
+ if (crypto_digest(digest_out, buf, len) < 0)
+ goto done;
+
+ rv = 0;
+ done:
+ tor_free(buf);
+ return rv;
}
/** Compute all digests of the DER encoding of <b>pk</b>, and store them
@@ -630,18 +637,24 @@ crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
int
crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out)
{
- unsigned char *buf = NULL;
+ char *buf;
+ size_t buflen;
int len;
+ int rv = -1;
- len = i2d_RSAPublicKey(pk->key, &buf);
- if (len < 0 || buf == NULL)
- return -1;
- if (crypto_common_digests(digests_out, (char*)buf, len) < 0) {
- OPENSSL_free(buf);
- return -1;
- }
- OPENSSL_free(buf);
- return 0;
+ buflen = crypto_pk_keysize(pk)*2;
+ buf = tor_malloc(buflen);
+ len = crypto_pk_asn1_encode(pk, buf, buflen);
+ if (len < 0)
+ goto done;
+
+ if (crypto_common_digests(digests_out, (char*)buf, len) < 0)
+ goto done;
+
+ rv = 0;
+ done:
+ tor_free(buf);
+ return rv;
}
/** Copy <b>in</b> to the <b>outlen</b>-byte buffer <b>out</b>, adding spaces
diff --git a/src/common/crypto_rsa.c b/src/common/crypto_rsa.c
index 1308c4819..92b5978ea 100644
--- a/src/common/crypto_rsa.c
+++ b/src/common/crypto_rsa.c
@@ -10,17 +10,62 @@
**/
#include "crypto_rsa.h"
-
-/** A public key, or a public/private key-pair. */
+#include "crypto.h"
+#include "compat_openssl.h"
+#include "crypto_curve25519.h"
+#include "crypto_ed25519.h"
+#include "crypto_format.h"
+
+DISABLE_GCC_WARNING(redundant-decls)
+
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/conf.h>
+#include <openssl/hmac.h>
+
+ENABLE_GCC_WARNING(redundant-decls)
+
+#include "torlog.h"
+#include "util.h"
+#include "util_format.h"
+
+/** Declaration for crypto_pk_t structure. */
struct crypto_pk_t
{
int refs; /**< reference count, so we don't have to copy keys */
RSA *key; /**< The key itself */
};
+/** Log all pending crypto errors at level <b>severity</b>. Use
+ * <b>doing</b> to describe our current activities.
+ */
+static void
+crypto_log_errors(int severity, const char *doing)
+{
+ unsigned long err;
+ const char *msg, *lib, *func;
+ while ((err = ERR_get_error()) != 0) {
+ msg = (const char*)ERR_reason_error_string(err);
+ lib = (const char*)ERR_lib_error_string(err);
+ func = (const char*)ERR_func_error_string(err);
+ if (!msg) msg = "(null)";
+ if (!lib) lib = "(null)";
+ if (!func) func = "(null)";
+ if (BUG(!doing)) doing = "(null)";
+ tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)",
+ doing, msg, lib, func);
+ }
+}
+
/** Return the number of bytes added by padding method <b>padding</b>.
*/
-static inline int
+int
crypto_get_rsa_padding_overhead(int padding)
{
switch (padding)
@@ -32,7 +77,7 @@ crypto_get_rsa_padding_overhead(int padding)
/** Given a padding method <b>padding</b>, return the correct OpenSSL constant.
*/
-static inline int
+int
crypto_get_rsa_padding(int padding)
{
switch (padding)
@@ -714,7 +759,7 @@ crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
* Return -1 on error, or the number of characters used on success.
*/
int
-crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len)
+crypto_pk_asn1_encode(const crypto_pk_t *pk, char *dest, size_t dest_len)
{
int len;
unsigned char *buf = NULL;
diff --git a/src/common/crypto_rsa.h b/src/common/crypto_rsa.h
index e38451fed..5b9025c62 100644
--- a/src/common/crypto_rsa.h
+++ b/src/common/crypto_rsa.h
@@ -20,6 +20,8 @@
#include "testsupport.h"
#include "compat.h"
#include "util.h"
+#include "torlog.h"
+#include "crypto_curve25519.h"
/** Length of our public keys. */
#define PK_BYTES (1024/8)
@@ -30,12 +32,15 @@
/** Number of bytes added for PKCS1-OAEP padding. */
#define PKCS1_OAEP_PADDING_OVERHEAD 42
+/** A public key, or a public/private key-pair. */
typedef struct crypto_pk_t crypto_pk_t;
/* RSA enviroment setup */
MOCK_DECL(crypto_pk_t *,crypto_pk_new,(void));
void crypto_pk_free_(crypto_pk_t *env);
#define crypto_pk_free(pk) FREE_AND_NULL(crypto_pk_t, crypto_pk_free_, (pk))
+int crypto_get_rsa_padding_overhead(int padding);
+int crypto_get_rsa_padding(int padding);
/* public key crypto */
MOCK_DECL(int, crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits));
@@ -64,7 +69,6 @@ crypto_pk_t *crypto_pk_dup_key(crypto_pk_t *orig);
crypto_pk_t *crypto_pk_copy_full(crypto_pk_t *orig);
int crypto_pk_key_is_private(const crypto_pk_t *key);
int crypto_pk_public_exponent_ok(crypto_pk_t *env);
-
int crypto_pk_public_encrypt(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen, int padding);
int crypto_pk_private_decrypt(crypto_pk_t *env, char *to, size_t tolen,
@@ -75,7 +79,7 @@ MOCK_DECL(int, crypto_pk_public_checksig,(const crypto_pk_t *env,
const char *from, size_t fromlen));
int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
-int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len);
+int crypto_pk_asn1_encode(const crypto_pk_t *pk, char *dest, size_t dest_len);
crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len);
int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);