Add a few more checks and warnings in the crypto functions.
authorGuus Sliepen <guus@tinc-vpn.org>
Fri, 10 May 2013 18:55:52 +0000 (20:55 +0200)
committerGuus Sliepen <guus@tinc-vpn.org>
Fri, 10 May 2013 18:55:52 +0000 (20:55 +0200)
src/openssl/crypto.c
src/openssl/digest.c
src/openssl/ecdsagen.c

index ece7f05..6c5cbc8 100644 (file)
@@ -31,7 +31,13 @@ void crypto_init(void) {
        ENGINE_load_builtin_engines();
        ENGINE_register_all_complete();
 
+       ERR_load_crypto_strings();
        OpenSSL_add_all_algorithms();
+
+       if(!RAND_status()) {
+               fprintf(stderr, "Not enough entropy for the PRNG!\n");
+               abort();
+       }
 }
 
 void crypto_exit(void) {
index 9699d37..8d97e3b 100644 (file)
@@ -88,7 +88,10 @@ bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *out
        unsigned char tmpdata[len];
 
        if(digest->key) {
-               HMAC(digest->digest, digest->key, digest->keylength, indata, inlen, tmpdata, NULL);
+               if(!HMAC(digest->digest, digest->key, digest->keylength, indata, inlen, tmpdata, NULL)) {
+                       logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL));
+                       return false;
+               }
        } else {
                EVP_MD_CTX ctx;
 
index 35795f3..31e5847 100644 (file)
@@ -51,16 +51,20 @@ ecdsa_t *ecdsa_generate(void) {
 
 bool ecdsa_write_pem_public_key(ecdsa_t *ecdsa, FILE *fp) {
        BIO *out = BIO_new(BIO_s_file());
+       if(!out)
+               return false;
        BIO_set_fp(out, fp, BIO_NOCLOSE);
-       PEM_write_bio_EC_PUBKEY(out, ecdsa);
+       bool result = PEM_write_bio_EC_PUBKEY(out, ecdsa);
        BIO_free(out);
-       return true;
+       return result;
 }
 
 bool ecdsa_write_pem_private_key(ecdsa_t *ecdsa, FILE *fp) {
        BIO *out = BIO_new(BIO_s_file());
+       if(!out)
+               return false;
        BIO_set_fp(out, fp, BIO_NOCLOSE);
-       PEM_write_bio_ECPrivateKey(out, ecdsa, NULL, NULL, 0, NULL, NULL);
+       bool result = PEM_write_bio_ECPrivateKey(out, ecdsa, NULL, NULL, 0, NULL, NULL);
        BIO_free(out);
-       return true;
+       return result;
 }