int crypto_pk_base64_encode_private(const crypto_pk_t *pk, char **priv_out);
crypto_pk_t *crypto_pk_base64_decode_private(const char *str, size_t len);
+#ifdef ENABLE_OPENSSL
/* Prototypes for private functions only used by tortls.c, crypto.c, and the
* unit tests. */
struct rsa_st;
-struct rsa_st *crypto_pk_get_rsa_(crypto_pk_t *env);
-crypto_pk_t *crypto_new_pk_from_rsa_(struct rsa_st *rsa);
-MOCK_DECL(struct evp_pkey_st *, crypto_pk_get_evp_pkey_,(crypto_pk_t *env,
- int private));
struct evp_pkey_st;
+struct rsa_st *crypto_pk_get_openssl_rsa_(crypto_pk_t *env);
+crypto_pk_t *crypto_new_pk_from_openssl_rsa_(struct rsa_st *rsa);
+MOCK_DECL(struct evp_pkey_st *, crypto_pk_get_openssl_evp_pkey_,(
+ crypto_pk_t *env,int private));
+#endif
#ifdef TOR_UNIT_TESTS
void crypto_pk_assign_(crypto_pk_t *dest, const crypto_pk_t *src);
#endif /* defined(OPENSSL_1_1_API) */
}
-/** used by tortls.c: wrap an RSA* in a crypto_pk_t. */
+/** used by tortls.c: wrap an RSA* in a crypto_pk_t. Takes ownership of
+ * its argument. */
crypto_pk_t *
-crypto_new_pk_from_rsa_(RSA *rsa)
+crypto_new_pk_from_openssl_rsa_(RSA *rsa)
{
crypto_pk_t *env;
tor_assert(rsa);
return env;
}
-/** Helper, used by tor-gencert.c. Return the RSA from a
+/** Helper, used by tor-gencert.c. Return a copy of the private RSA from a
* crypto_pk_t. */
RSA *
-crypto_pk_get_rsa_(crypto_pk_t *env)
+crypto_pk_get_openssl_rsa_(crypto_pk_t *env)
{
- return env->key;
+ return RSA_PrivateKeyDup(env->key);
}
/** used by tortls.c: get an equivalent EVP_PKEY* for a crypto_pk_t. Iff
* private is set, include the private-key portion of the key. Return a valid
* pointer on success, and NULL on failure. */
MOCK_IMPL(EVP_PKEY *,
-crypto_pk_get_evp_pkey_,(crypto_pk_t *env, int private))
+crypto_pk_get_openssl_evp_pkey_,(crypto_pk_t *env, int private))
{
RSA *key = NULL;
EVP_PKEY *pkey = NULL;
rsa = RSA_new();
tor_assert(rsa);
- return crypto_new_pk_from_rsa_(rsa);
+ return crypto_new_pk_from_openssl_rsa_(rsa);
}
/** Release a reference to an asymmetric key; when all the references
/* LCOV_EXCL_STOP */
}
- return crypto_new_pk_from_rsa_(new_key);
+ return crypto_new_pk_from_openssl_rsa_(new_key);
}
/** Encrypt <b>fromlen</b> bytes from <b>from</b> with the public key
crypto_openssl_log_errors(LOG_WARN,"decoding public key");
return NULL;
}
- return crypto_new_pk_from_rsa_(rsa);
+ return crypto_new_pk_from_openssl_rsa_(rsa);
}
/** Given a crypto_pk_t <b>pk</b>, allocate a new buffer containing the
goto out;
}
- pk = crypto_new_pk_from_rsa_(rsa);
+ pk = crypto_new_pk_from_openssl_rsa_(rsa);
/* Make sure it's valid. */
if (crypto_pk_check_key(pk) <= 0) {
tor_assert(cname);
tor_assert(rsa_sign);
tor_assert(cname_sign);
- if (!(sign_pkey = crypto_pk_get_evp_pkey_(rsa_sign,1)))
+ if (!(sign_pkey = crypto_pk_get_openssl_evp_pkey_(rsa_sign,1)))
goto error;
- if (!(pkey = crypto_pk_get_evp_pkey_(rsa,0)))
+ if (!(pkey = crypto_pk_get_openssl_evp_pkey_(rsa,0)))
goto error;
if (!(x509 = X509_new()))
goto error;
if ((pkey = X509_get_pubkey(x509_cert)) &&
(rsa = EVP_PKEY_get1_RSA(pkey))) {
- crypto_pk_t *pk = crypto_new_pk_from_rsa_(rsa);
+ crypto_pk_t *pk = crypto_new_pk_from_openssl_rsa_(rsa);
if (crypto_pk_get_common_digests(pk, &cert->pkey_digests) < 0) {
crypto_pk_free(pk);
EVP_PKEY_free(pkey);
EVP_PKEY_free(pkey);
return NULL;
}
- result = crypto_new_pk_from_rsa_(rsa);
+ result = crypto_new_pk_from_openssl_rsa_(rsa);
EVP_PKEY_free(pkey);
return result;
}
SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
if (!is_client) {
tor_assert(rsa);
- if (!(pkey = crypto_pk_get_evp_pkey_(rsa,1)))
+ if (!(pkey = crypto_pk_get_openssl_evp_pkey_(rsa,1)))
goto error;
if (!SSL_CTX_use_PrivateKey(result->ctx, pkey))
goto error;
rsa = EVP_PKEY_get1_RSA(id_pkey);
if (!rsa)
goto done;
- *identity_key = crypto_new_pk_from_rsa_(rsa);
+ *identity_key = crypto_new_pk_from_openssl_rsa_(rsa);
r = 0;
{
X509 *newc = X509_dup(inp->cert);
X509_time_adj(X509_get_notAfter(newc), 0, &new_expiration_time);
- EVP_PKEY *pk = crypto_pk_get_evp_pkey_(signing_key, 1);
+ EVP_PKEY *pk = crypto_pk_get_openssl_evp_pkey_(signing_key, 1);
tor_assert(X509_sign(newc, pk, EVP_sha256()));
EVP_PKEY_free(pk);
return tor_x509_cert_new(newc);
RSA *k = RSA_new();
ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
- expected = crypto_new_pk_from_rsa_(k);
+ expected = crypto_new_pk_from_openssl_rsa_(k);
ctx->auth_key = expected;
client_tls_context = NULL;
pk1 = crypto_pk_new();
pk2 = crypto_pk_new();
- MOCK(crypto_pk_get_evp_pkey_, fixed_crypto_pk_get_evp_pkey_);
+ MOCK(crypto_pk_get_openssl_evp_pkey_, fixed_crypto_pk_get_evp_pkey_);
fixed_crypto_pk_get_evp_pkey_result_index = 0;
fixed_crypto_pk_get_evp_pkey_result[0] = NULL;
ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
tt_assert(!ret);
done:
- UNMOCK(crypto_pk_get_evp_pkey_);
+ UNMOCK(crypto_pk_get_openssl_evp_pkey_);
crypto_pk_free(pk1);
crypto_pk_free(pk2);
}
crypto_pk_t *env = crypto_pk_new();
if (crypto_pk_generate_key_with_bits(env,bits)<0)
goto done;
- rsa = crypto_pk_get_rsa_(env);
- rsa = RSAPrivateKey_dup(rsa);
+ rsa = crypto_pk_get_openssl_rsa_(env);
done:
crypto_pk_free(env);
return rsa;
get_fingerprint(EVP_PKEY *pkey, char *out)
{
int r = -1;
- crypto_pk_t *pk = crypto_new_pk_from_rsa_(EVP_PKEY_get1_RSA(pkey));
+ crypto_pk_t *pk = crypto_new_pk_from_openssl_rsa_(EVP_PKEY_get1_RSA(pkey));
if (pk) {
r = crypto_pk_get_fingerprint(pk, out, 0);
crypto_pk_free(pk);
get_digest(EVP_PKEY *pkey, char *out)
{
int r = -1;
- crypto_pk_t *pk = crypto_new_pk_from_rsa_(EVP_PKEY_get1_RSA(pkey));
+ crypto_pk_t *pk = crypto_new_pk_from_openssl_rsa_(EVP_PKEY_get1_RSA(pkey));
if (pk) {
r = crypto_pk_get_digest(pk, out);
crypto_pk_free(pk);
projects / thirdparty / tor.git / commitdiff
