commit 3812319bb16f8687c7b21c9b7bcd86b2ed62663a Author: Fernando Fernandez Mancera <ffmancera@riseup.net> Date: Fri Jan 26 16:43:46 2018 +0100 Tweaks into functions and variables in crypto_rsa.[ch] crypto_get_rsa_padding_overhead() and crypto_get_rsa_padding() are not static inline anymore in order to split the crypto_rsa module from crypto.[ch]. Also included necessary modules in order to solve dependency issues. Also made two functions in crypto.c use crypto_pk_asn1_encdoe() instead of reaching into the crypto_pk_t struct. --- src/common/crypto.c | 53 +++++++++++++++++++++++++++++------------------ src/common/crypto_rsa.c | 55 ++++++++++++++++++++++++++++++++++++++++++++----- src/common/crypto_rsa.h | 8 +++++-- 3 files changed, 89 insertions(+), 27 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index bb9820fc2..a5372b70f 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -28,6 +28,7 @@ #include "crypto_curve25519.h" #include "crypto_ed25519.h" #include "crypto_format.h" +#include "crypto_rsa.h" DISABLE_GCC_WARNING(redundant-decls) @@ -611,18 +612,24 @@ crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env, int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out) { - unsigned char *buf = NULL; + char *buf; + size_t buflen; int len; + int rv = -1; - len = i2d_RSAPublicKey((RSA*)pk->key, &buf); - if (len < 0 || buf == NULL) - return -1; - if (crypto_digest(digest_out, (char*)buf, len) < 0) { - OPENSSL_free(buf); - return -1; - } - OPENSSL_free(buf); - return 0; + buflen = crypto_pk_keysize(pk)*2; + buf = tor_malloc(buflen); + len = crypto_pk_asn1_encode(pk, buf, buflen); + if (len < 0) + goto done; + + if (crypto_digest(digest_out, buf, len) < 0) + goto done; + + rv = 0; + done: + tor_free(buf); + return rv; } /** Compute all digests of the DER encoding of <b>pk</b>, and store them @@ -630,18 +637,24 @@ crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out) int crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out) { - unsigned char *buf = NULL; + char *buf; + size_t buflen; int len; + int rv = -1; - len = i2d_RSAPublicKey(pk->key, &buf); - if (len < 0 || buf == NULL) - return -1; - if (crypto_common_digests(digests_out, (char*)buf, len) < 0) { - OPENSSL_free(buf); - return -1; - } - OPENSSL_free(buf); - return 0; + buflen = crypto_pk_keysize(pk)*2; + buf = tor_malloc(buflen); + len = crypto_pk_asn1_encode(pk, buf, buflen); + if (len < 0) + goto done; + + if (crypto_common_digests(digests_out, (char*)buf, len) < 0) + goto done; + + rv = 0; + done: + tor_free(buf); + return rv; } /** Copy <b>in</b> to the <b>outlen</b>-byte buffer <b>out</b>, adding spaces diff --git a/src/common/crypto_rsa.c b/src/common/crypto_rsa.c index 1308c4819..92b5978ea 100644 --- a/src/common/crypto_rsa.c +++ b/src/common/crypto_rsa.c @@ -10,17 +10,62 @@ **/ #include "crypto_rsa.h" - -/** A public key, or a public/private key-pair. */ +#include "crypto.h" +#include "compat_openssl.h" +#include "crypto_curve25519.h" +#include "crypto_ed25519.h" +#include "crypto_format.h" + +DISABLE_GCC_WARNING(redundant-decls) + +#include <openssl/err.h> +#include <openssl/rsa.h> +#include <openssl/pem.h> +#include <openssl/evp.h> +#include <openssl/engine.h> +#include <openssl/rand.h> +#include <openssl/bn.h> +#include <openssl/dh.h> +#include <openssl/conf.h> +#include <openssl/hmac.h> + +ENABLE_GCC_WARNING(redundant-decls) + +#include "torlog.h" +#include "util.h" +#include "util_format.h" + +/** Declaration for crypto_pk_t structure. */ struct crypto_pk_t { int refs; /**< reference count, so we don't have to copy keys */ RSA *key; /**< The key itself */ }; +/** Log all pending crypto errors at level <b>severity</b>. Use + * <b>doing</b> to describe our current activities. + */ +static void +crypto_log_errors(int severity, const char *doing) +{ + unsigned long err; + const char *msg, *lib, *func; + while ((err = ERR_get_error()) != 0) { + msg = (const char*)ERR_reason_error_string(err); + lib = (const char*)ERR_lib_error_string(err); + func = (const char*)ERR_func_error_string(err); + if (!msg) msg = "(null)"; + if (!lib) lib = "(null)"; + if (!func) func = "(null)"; + if (BUG(!doing)) doing = "(null)"; + tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)", + doing, msg, lib, func); + } +} + /** Return the number of bytes added by padding method <b>padding</b>. */ -static inline int +int crypto_get_rsa_padding_overhead(int padding) { switch (padding) @@ -32,7 +77,7 @@ crypto_get_rsa_padding_overhead(int padding) /** Given a padding method <b>padding</b>, return the correct OpenSSL constant. */ -static inline int +int crypto_get_rsa_padding(int padding) { switch (padding) @@ -714,7 +759,7 @@ crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen, * Return -1 on error, or the number of characters used on success. */ int -crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len) +crypto_pk_asn1_encode(const crypto_pk_t *pk, char *dest, size_t dest_len) { int len; unsigned char *buf = NULL; diff --git a/src/common/crypto_rsa.h b/src/common/crypto_rsa.h index e38451fed..5b9025c62 100644 --- a/src/common/crypto_rsa.h +++ b/src/common/crypto_rsa.h @@ -20,6 +20,8 @@ #include "testsupport.h" #include "compat.h" #include "util.h" +#include "torlog.h" +#include "crypto_curve25519.h" /** Length of our public keys. */ #define PK_BYTES (1024/8) @@ -30,12 +32,15 @@ /** Number of bytes added for PKCS1-OAEP padding. */ #define PKCS1_OAEP_PADDING_OVERHEAD 42 +/** A public key, or a public/private key-pair. */ typedef struct crypto_pk_t crypto_pk_t; /* RSA enviroment setup */ MOCK_DECL(crypto_pk_t *,crypto_pk_new,(void)); void crypto_pk_free_(crypto_pk_t *env); #define crypto_pk_free(pk) FREE_AND_NULL(crypto_pk_t, crypto_pk_free_, (pk)) +int crypto_get_rsa_padding_overhead(int padding); +int crypto_get_rsa_padding(int padding); /* public key crypto */ MOCK_DECL(int, crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits)); @@ -64,7 +69,6 @@ crypto_pk_t *crypto_pk_dup_key(crypto_pk_t *orig); crypto_pk_t *crypto_pk_copy_full(crypto_pk_t *orig); int crypto_pk_key_is_private(const crypto_pk_t *key); int crypto_pk_public_exponent_ok(crypto_pk_t *env); - int crypto_pk_public_encrypt(crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding); int crypto_pk_private_decrypt(crypto_pk_t *env, char *to, size_t tolen, @@ -75,7 +79,7 @@ MOCK_DECL(int, crypto_pk_public_checksig,(const crypto_pk_t *env, const char *from, size_t fromlen)); int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen); -int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len); +int crypto_pk_asn1_encode(const crypto_pk_t *pk, char *dest, size_t dest_len); crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len); int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space); int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);