[tor/master] Lower log-level in different error conditions in entropy selection. - tor-commits

11 Feb 2018

commit 14c47a0b5c8965463957f8c8c9311bcb96885049
Author: Alexander Færøy ahf@torproject.org
Date:   Thu Feb 1 21:27:38 2018 +0100
Lower log-level in different error conditions in entropy selection.
This patch lowers the log-level from warning to info in the cases where
    we are going to attempt another method as entropy source to hopefully
    make the user feel less concerned.
See: https://bugs.torproject.org/25120
---
 src/common/crypto.c | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 0dcffd2fb..f8da2fcf1 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1891,6 +1891,12 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
 {
   tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE);
+  /* We only log at notice-level here because in the case that this function
+   * fails the crypto_strongest_rand_raw() caller will log with a warning-level
+   * message and let crypto_strongest_rand() error out and finally terminating
+   * Tor with an assertion error.
+   */
+
 #ifdef TOR_UNIT_TESTS
   if (break_strongest_rng_syscall)
     return -1;
@@ -1903,13 +1909,13 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
   if (!provider_set) {
     if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
                              CRYPT_VERIFYCONTEXT)) {
-      log_warn(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1].");
+      log_notice(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1].");
       return -1;
     }
     provider_set = 1;
   }
   if (!CryptGenRandom(provider, out_len, out)) {
-    log_warn(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI.");
+    log_notice(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI.");
     return -1;
   }
@@ -1951,14 +1957,14 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
/* Useful log message for errno. */
       if (errno == ENOSYS) {
-        log_warn(LD_CRYPTO, "Can't get entropy from getrandom()."
-                 " You are running a version of Tor built to support"
-                 " getrandom(), but the kernel doesn't implement this"
-                 " function--probably because it is too old?"
-                 " Trying fallback method instead.");
+        log_notice(LD_CRYPTO, "Can't get entropy from getrandom()."
+                   " You are running a version of Tor built to support"
+                   " getrandom(), but the kernel doesn't implement this"
+                   " function--probably because it is too old?"
+                   " Trying fallback method instead.");
       } else {
-        log_warn(LD_CRYPTO, "Can't get entropy from getrandom(): %s.",
-                            " Trying fallback method instead."
+        log_notice(LD_CRYPTO, "Can't get entropy from getrandom(): %s.",
+                              " Trying fallback method instead."
                  strerror(errno));
       }
@@ -2020,10 +2026,10 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t out_len)
     if (n != out_len) {
       /* LCOV_EXCL_START
        * We can't make /dev/foorandom actually fail. */
-      log_warn(LD_CRYPTO,
-               "Error reading from entropy source %s (read only %lu bytes).",
-               filenames[i],
-               (unsigned long)n);
+      log_notice(LD_CRYPTO,
+                 "Error reading from entropy source %s (read only %lu bytes).",
+                 filenames[i],
+                 (unsigned long)n);
       return -1;
       /* LCOV_EXCL_STOP */
     }

    