/** Log a message <b>msg</b> at <b>severity</b> in <b>domain</b>, and follow
* that with a backtrace log. */
void
log_backtrace(int severity, int domain, const char *msg)
{
int depth;
char **symbols;
int i;
tor_mutex_acquire(&cb_buf_mutex);
depth = backtrace(cb_buf, MAX_DEPTH);
symbols = backtrace_symbols(cb_buf, depth);
tor_log(severity, domain, "%s. Stack trace:", msg);
if (!symbols) {
tor_log(severity, domain, " Unable to generate backtrace.");
goto done;
}
for (i=0; i < depth; ++i) {
tor_log(severity, domain, " %s", symbols[i]);
}
free(symbols);
done:
tor_mutex_release(&cb_buf_mutex);
}
/** Log a message <b>msg</b> at <b>severity</b> in <b>domain</b>, and follow
* that with a backtrace log. */
void
log_backtrace(int severity, int domain, const char *msg)
{
size_t depth;
char **symbols;
size_t i;
tor_mutex_acquire(&cb_buf_mutex);
depth = backtrace(cb_buf, MAX_DEPTH);
symbols = backtrace_symbols(cb_buf, (int)depth);
tor_log(severity, domain, "%s. Stack trace:", msg);
if (!symbols) {
/* LCOV_EXCL_START -- we can't provoke this. */
tor_log(severity, domain, " Unable to generate backtrace.");
goto done;
/* LCOV_EXCL_STOP */
}
for (i=0; i < depth; ++i) {
tor_log(severity, domain, " %s", symbols[i]);
}
raw_free(symbols);
done:
tor_mutex_release(&cb_buf_mutex);
}
/* XXXX copied from crypto.c */
static void
crypto_log_errors(int severity, const char *doing)
{
unsigned long err;
const char *msg, *lib, *func;
while ((err = ERR_get_error()) != 0) {
msg = (const char*)ERR_reason_error_string(err);
lib = (const char*)ERR_lib_error_string(err);
func = (const char*)ERR_func_error_string(err);
if (!msg) msg = "(null)";
if (!lib) lib = "(null)";
if (!func) func = "(null)";
if (doing) {
tor_log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)",
doing, msg, lib, func);
} else {
tor_log(severity, LD_CRYPTO, "crypto error: %s (in %s:%s)",
msg, lib, func);
}
}
}
/** Call the platform malloc info function, and dump the results to the log at
* level <b>severity</b>. If no such function exists, do nothing. */
void
tor_log_mallinfo(int severity)
{
#ifdef HAVE_MALLINFO
struct mallinfo mi;
memset(&mi, 0, sizeof(mi));
mi = mallinfo();
tor_log(severity, LD_MM,
"mallinfo() said: arena=%d, ordblks=%d, smblks=%d, hblks=%d, "
"hblkhd=%d, usmblks=%d, fsmblks=%d, uordblks=%d, fordblks=%d, "
"keepcost=%d",
mi.arena, mi.ordblks, mi.smblks, mi.hblks,
mi.hblkhd, mi.usmblks, mi.fsmblks, mi.uordblks, mi.fordblks,
mi.keepcost);
#else /* !(defined(HAVE_MALLINFO)) */
(void)severity;
#endif /* defined(HAVE_MALLINFO) */
}
/** Libevent callback to poll for the existence of the process
* monitored by <b>procmon_</b>. */
static void
tor_process_monitor_poll_cb(evutil_socket_t unused1, short unused2,
void *procmon_)
{
tor_process_monitor_t *procmon = (tor_process_monitor_t *)(procmon_);
int its_dead_jim;
(void)unused1; (void)unused2;
tor_assert(procmon != NULL);
#ifdef _WIN32
if (procmon->poll_hproc) {
DWORD exit_code;
if (!GetExitCodeProcess(procmon->hproc, &exit_code)) {
char *errmsg = format_win32_error(GetLastError());
log_warn(procmon->log_domain, "Error \"%s\" occurred while polling "
"handle for monitored process "PID_T_FORMAT"; assuming "
"it's dead.",
errmsg, procmon->pid);
tor_free(errmsg);
its_dead_jim = 1;
} else {
its_dead_jim = (exit_code != STILL_ACTIVE);
}
} else {
/* All we can do is try to open the process, and look at the error
* code if it fails again. */
procmon->hproc = OpenProcess(PROCESS_QUERY_INFORMATION | SYNCHRONIZE,
FALSE,
procmon->pid);
if (procmon->hproc != NULL) {
log_info(procmon->log_domain, "Successfully opened handle to monitored "
"process "PID_T_FORMAT".",
procmon->pid);
its_dead_jim = 0;
procmon->poll_hproc = 1;
} else {
DWORD err_code = GetLastError();
char *errmsg = format_win32_error(err_code);
/* When I tested OpenProcess's error codes on Windows 7, I
* received error code 5 (ERROR_ACCESS_DENIED) for PIDs of
* existing processes that I could not open and error code 87
* (ERROR_INVALID_PARAMETER) for PIDs that were not in use.
* Since the nonexistent-process error code is sane, I'm going
* to assume that all errors other than ERROR_INVALID_PARAMETER
* mean that the process we are monitoring is still alive. */
its_dead_jim = (err_code == ERROR_INVALID_PARAMETER);
if (!its_dead_jim)
log_info(procmon->log_domain, "Failed to open handle to monitored "
"process "PID_T_FORMAT", and error code %lu (%s) is not "
"'invalid parameter' -- assuming the process is still alive.",
procmon->pid,
err_code, errmsg);
tor_free(errmsg);
}
}
#else /* !(defined(_WIN32)) */
/* Unix makes this part easy, if a bit racy. */
its_dead_jim = kill(procmon->pid, 0);
its_dead_jim = its_dead_jim && (errno == ESRCH);
#endif /* defined(_WIN32) */
tor_log(its_dead_jim ? LOG_NOTICE : LOG_INFO,
procmon->log_domain, "Monitored process "PID_T_FORMAT" is %s.",
procmon->pid,
its_dead_jim ? "dead" : "still alive");
if (its_dead_jim) {
procmon->cb(procmon->cb_arg);
}
}
/**
* Read an ed25519 key and associated certificates from files beginning with
* <b>fname</b>, with certificate type <b>cert_type</b>. On failure, return
* NULL; on success return the keypair.
*
* If INIT_ED_KEY_CREATE is set in <b>flags</b>, then create the key (and
* certificate if requested) if it doesn't exist, and save it to disk.
*
* If INIT_ED_KEY_NEEDCERT is set in <b>flags</b>, load/create a certificate
* too and store it in *<b>cert_out</b>. Fail if the cert can't be
* found/created. To create a certificate, <b>signing_key</b> must be set to
* the key that should sign it; <b>now</b> to the current time, and
* <b>lifetime</b> to the lifetime of the key.
*
* If INIT_ED_KEY_REPLACE is set in <b>flags</b>, then create and save new key
* whether we can read the old one or not.
*
* If INIT_ED_KEY_EXTRA_STRONG is set in <b>flags</b>, set the extra_strong
* flag when creating the secret key.
*
* If INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT is set in <b>flags</b>, and
* we create a new certificate, create it with the signing key embedded.
*
* If INIT_ED_KEY_SPLIT is set in <b>flags</b>, and we create a new key,
* store the public key in a separate file from the secret key.
*
* If INIT_ED_KEY_MISSING_SECRET_OK is set in <b>flags</b>, and we find a
* public key file but no secret key file, return successfully anyway.
*
* If INIT_ED_KEY_OMIT_SECRET is set in <b>flags</b>, do not try to load a
* secret key unless no public key is found. Do not return a secret key. (but
* create and save one if needed).
*
* If INIT_ED_KEY_NO_LOAD_SECRET is set in <b>flags</b>, don't try to load
* a secret key, no matter what.
*
* If INIT_ED_KEY_TRY_ENCRYPTED is set, we look for an encrypted secret key
* and consider encrypting any new secret key.
*
* If INIT_ED_KEY_NO_REPAIR is set, and there is any issue loading the keys
* from disk _other than their absence_ (full or partial), we do not try to
* replace them.
*
* If INIT_ED_KEY_SUGGEST_KEYGEN is set, have log messages about failures
* refer to the --keygen option.
*
* If INIT_ED_KEY_EXPLICIT_FNAME is set, use the provided file name for the
* secret key file, encrypted or not.
*/
ed25519_keypair_t *
ed_key_init_from_file(const char *fname, uint32_t flags,
int severity,
const ed25519_keypair_t *signing_key,
time_t now,
time_t lifetime,
uint8_t cert_type,
struct tor_cert_st **cert_out)
{
char *secret_fname = NULL;
char *encrypted_secret_fname = NULL;
char *public_fname = NULL;
char *cert_fname = NULL;
const char *loaded_secret_fname = NULL;
int created_pk = 0, created_sk = 0, created_cert = 0;
const int try_to_load = ! (flags & INIT_ED_KEY_REPLACE);
const int encrypt_key = !! (flags & INIT_ED_KEY_TRY_ENCRYPTED);
const int norepair = !! (flags & INIT_ED_KEY_NO_REPAIR);
const int split = !! (flags & INIT_ED_KEY_SPLIT);
const int omit_secret = !! (flags & INIT_ED_KEY_OMIT_SECRET);
const int offline_secret = !! (flags & INIT_ED_KEY_OFFLINE_SECRET);
const int explicit_fname = !! (flags & INIT_ED_KEY_EXPLICIT_FNAME);
/* we don't support setting both of these flags at once. */
tor_assert((flags & (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)) !=
(INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT));
char tag[8];
tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type);
tor_cert_t *cert = NULL;
char *got_tag = NULL;
ed25519_keypair_t *keypair = tor_malloc_zero(sizeof(ed25519_keypair_t));
if (explicit_fname) {
secret_fname = tor_strdup(fname);
encrypted_secret_fname = tor_strdup(fname);
} else {
tor_asprintf(&secret_fname, "%s_secret_key", fname);
tor_asprintf(&encrypted_secret_fname, "%s_secret_key_encrypted", fname);
}
tor_asprintf(&public_fname, "%s_public_key", fname);
tor_asprintf(&cert_fname, "%s_cert", fname);
/* Try to read the secret key. */
int have_secret = 0;
int load_secret = try_to_load &&
!offline_secret &&
(!omit_secret || file_status(public_fname)==FN_NOENT);
if (load_secret) {
int rv = ed25519_seckey_read_from_file(&keypair->seckey,
&got_tag, secret_fname);
if (rv == 0) {
have_secret = 1;
loaded_secret_fname = secret_fname;
tor_assert(got_tag);
} else {
if (errno != ENOENT && norepair) {
tor_log(severity, LD_OR, "Unable to read %s: %s", secret_fname,
strerror(errno));
goto err;
}
}
}
/* Should we try for an encrypted key? */
int have_encrypted_secret_file = 0;
if (!have_secret && try_to_load && encrypt_key) {
int r = read_encrypted_secret_key(&keypair->seckey,
encrypted_secret_fname);
if (r > 0) {
have_secret = 1;
have_encrypted_secret_file = 1;
tor_free(got_tag); /* convince coverity we aren't leaking */
got_tag = tor_strdup(tag);
loaded_secret_fname = encrypted_secret_fname;
} else if (errno != ENOENT && norepair) {
tor_log(severity, LD_OR, "Unable to read %s: %s",
encrypted_secret_fname, strerror(errno));
goto err;
}
} else {
if (try_to_load) {
/* Check if it's there anyway, so we don't replace it. */
if (file_status(encrypted_secret_fname) != FN_NOENT)
have_encrypted_secret_file = 1;
}
}
if (have_secret) {
if (strcmp(got_tag, tag)) {
tor_log(severity, LD_OR, "%s has wrong tag", loaded_secret_fname);
goto err;
}
/* Derive the public key */
if (ed25519_public_key_generate(&keypair->pubkey, &keypair->seckey)<0) {
tor_log(severity, LD_OR, "%s can't produce a public key",
loaded_secret_fname);
goto err;
}
}
/* If we do split keys here, try to read the pubkey. */
int found_public = 0;
if (try_to_load && (!have_secret || split)) {
ed25519_public_key_t pubkey_tmp;
tor_free(got_tag);
found_public = ed25519_pubkey_read_from_file(&pubkey_tmp,
&got_tag, public_fname) == 0;
if (!found_public && errno != ENOENT && norepair) {
tor_log(severity, LD_OR, "Unable to read %s: %s", public_fname,
strerror(errno));
goto err;
}
if (found_public && strcmp(got_tag, tag)) {
tor_log(severity, LD_OR, "%s has wrong tag", public_fname);
goto err;
}
if (found_public) {
if (have_secret) {
/* If we have a secret key and we're reloading the public key,
* the key must match! */
if (! ed25519_pubkey_eq(&keypair->pubkey, &pubkey_tmp)) {
tor_log(severity, LD_OR, "%s does not match %s! If you are trying "
"to restore from backup, make sure you didn't mix up the "
"key files. If you are absolutely sure that %s is the right "
"key for this relay, delete %s or move it out of the way.",
public_fname, loaded_secret_fname,
loaded_secret_fname, public_fname);
goto err;
}
} else {
/* We only have the public key; better use that. */
tor_assert(split);
memcpy(&keypair->pubkey, &pubkey_tmp, sizeof(pubkey_tmp));
}
} else {
/* We have no public key file, but we do have a secret key, make the
* public key file! */
if (have_secret) {
if (ed25519_pubkey_write_to_file(&keypair->pubkey, public_fname, tag)
< 0) {
tor_log(severity, LD_OR, "Couldn't repair %s", public_fname);
goto err;
} else {
tor_log(LOG_NOTICE, LD_OR,
"Found secret key but not %s. Regenerating.",
public_fname);
}
}
}
}
/* If the secret key is absent and it's not allowed to be, fail. */
if (!have_secret && found_public &&
!(flags & INIT_ED_KEY_MISSING_SECRET_OK)) {
if (have_encrypted_secret_file) {
tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
"but it was encrypted. Try 'tor --keygen' instead, so you "
"can enter the passphrase.",
secret_fname);
} else {
tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
"but couldn't find it. %s", secret_fname,
(flags & INIT_ED_KEY_SUGGEST_KEYGEN) ?
"If you're keeping your master secret key offline, you will "
"need to run 'tor --keygen' to generate new signing keys." :
"Did you forget to copy it over when you copied the rest of the "
"signing key material?");
}
goto err;
}
/* If it's absent, and we're not supposed to make a new keypair, fail. */
if (!have_secret && !found_public && !(flags & INIT_ED_KEY_CREATE)) {
if (split) {
tor_log(severity, LD_OR, "No key found in %s or %s.",
secret_fname, public_fname);
} else {
tor_log(severity, LD_OR, "No key found in %s.", secret_fname);
}
goto err;
}
/* If the secret key is absent, but the encrypted key would be present,
* that's an error */
if (!have_secret && !found_public && have_encrypted_secret_file) {
tor_assert(!encrypt_key);
tor_log(severity, LD_OR, "Found an encrypted secret key, "
"but not public key file %s!", public_fname);
goto err;
}
/* if it's absent, make a new keypair... */
if (!have_secret && !found_public) {
tor_free(keypair);
keypair = ed_key_new(signing_key, flags, now, lifetime,
cert_type, &cert);
if (!keypair) {
tor_log(severity, LD_OR, "Couldn't create keypair");
goto err;
}
created_pk = created_sk = created_cert = 1;
}
/* Write it to disk if we're supposed to do with a new passphrase, or if
* we just created it. */
if (created_sk || (have_secret && get_options()->change_key_passphrase)) {
if (write_secret_key(&keypair->seckey,
encrypt_key,
secret_fname, tag, encrypted_secret_fname) < 0
||
(split &&
ed25519_pubkey_write_to_file(&keypair->pubkey, public_fname, tag) < 0)
||
(cert &&
crypto_write_tagged_contents_to_file(cert_fname, "ed25519v1-cert",
tag, cert->encoded, cert->encoded_len) < 0)) {
tor_log(severity, LD_OR, "Couldn't write keys or cert to file.");
goto err;
}
goto done;
}
/* If we're not supposed to get a cert, we're done. */
if (! (flags & INIT_ED_KEY_NEEDCERT))
goto done;
/* Read a cert. */
tor_free(got_tag);
uint8_t certbuf[256];
ssize_t cert_body_len = crypto_read_tagged_contents_from_file(
cert_fname, "ed25519v1-cert",
&got_tag, certbuf, sizeof(certbuf));
if (cert_body_len >= 0 && !strcmp(got_tag, tag))
cert = tor_cert_parse(certbuf, cert_body_len);
/* If we got it, check it to the extent we can. */
int bad_cert = 0;
if (! cert) {
tor_log(severity, LD_OR, "Cert was unparseable");
bad_cert = 1;
} else if (!tor_memeq(cert->signed_key.pubkey, keypair->pubkey.pubkey,
ED25519_PUBKEY_LEN)) {
tor_log(severity, LD_OR, "Cert was for wrong key");
bad_cert = 1;
} else if (signing_key &&
tor_cert_checksig(cert, &signing_key->pubkey, now) < 0) {
tor_log(severity, LD_OR, "Can't check certificate");
bad_cert = 1;
} else if (cert->cert_expired) {
tor_log(severity, LD_OR, "Certificate is expired");
bad_cert = 1;
} else if (signing_key && cert->signing_key_included &&
! ed25519_pubkey_eq(&signing_key->pubkey, &cert->signing_key)) {
tor_log(severity, LD_OR, "Certificate signed by unexpectd key!");
bad_cert = 1;
}
if (bad_cert) {
tor_cert_free(cert);
cert = NULL;
}
/* If we got a cert, we're done. */
if (cert)
goto done;
/* If we didn't get a cert, and we're not supposed to make one, fail. */
if (!signing_key || !(flags & INIT_ED_KEY_CREATE)) {
tor_log(severity, LD_OR, "Without signing key, can't create certificate");
goto err;
}
/* We have keys but not a certificate, so make one. */
uint32_t cert_flags = 0;
if (flags & INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT)
cert_flags |= CERT_FLAG_INCLUDE_SIGNING_KEY;
cert = tor_cert_create(signing_key, cert_type,
&keypair->pubkey,
now, lifetime,
cert_flags);
if (! cert) {
tor_log(severity, LD_OR, "Couldn't create certificate");
goto err;
}
/* Write it to disk. */
created_cert = 1;
if (crypto_write_tagged_contents_to_file(cert_fname, "ed25519v1-cert",
tag, cert->encoded, cert->encoded_len) < 0) {
tor_log(severity, LD_OR, "Couldn't write cert to disk.");
goto err;
}
done:
if (cert_out)
*cert_out = cert;
else
tor_cert_free(cert);
goto cleanup;
err:
if (keypair)
memwipe(keypair, 0, sizeof(*keypair));
tor_free(keypair);
tor_cert_free(cert);
if (cert_out)
*cert_out = NULL;
if (created_sk)
unlink(secret_fname);
if (created_pk)
unlink(public_fname);
if (created_cert)
unlink(cert_fname);
cleanup:
tor_free(encrypted_secret_fname);
tor_free(secret_fname);
tor_free(public_fname);
tor_free(cert_fname);
tor_free(got_tag);
return keypair;
}
void
log_backtrace(int severity, int domain, const char *msg)
{
tor_log(severity, domain, "%s. (Stack trace not available)", msg);
}
/** See whether the headers we were built against differ from the library we
* linked against so much that we're likely to crash. If so, warn the
* user. */
void
tor_check_libevent_header_compatibility(void)
{
(void) le_versions_compatibility;
(void) tor_decode_libevent_version;
/* In libevent versions before 2.0, it's hard to keep binary compatibility
* between upgrades, and unpleasant to detect when the version we compiled
* against is unlike the version we have linked against. Here's how. */
#if defined(HEADER_VERSION) && defined(HAVE_EVENT_GET_VERSION)
/* We have a header-file version and a function-call version. Easy. */
if (strcmp(HEADER_VERSION, event_get_version())) {
le_version_t v1, v2;
int compat1 = -1, compat2 = -1;
int verybad;
v1 = tor_decode_libevent_version(HEADER_VERSION);
v2 = tor_decode_libevent_version(event_get_version());
compat1 = le_versions_compatibility(v1);
compat2 = le_versions_compatibility(v2);
verybad = compat1 != compat2;
tor_log(verybad ? LOG_WARN : LOG_NOTICE,
LD_GENERAL, "We were compiled with headers from version %s "
"of Libevent, but we're using a Libevent library that says it's "
"version %s.", HEADER_VERSION, event_get_version());
if (verybad)
log_warn(LD_GENERAL, "This will almost certainly make Tor crash.");
else
log_info(LD_GENERAL, "I think these versions are binary-compatible.");
}
#elif defined(HAVE_EVENT_GET_VERSION)
/* event_get_version but no _EVENT_VERSION. We might be in 1.4.0-beta or
earlier, where that's normal. To see whether we were compiled with an
earlier version, let's see whether the struct event defines MIN_HEAP_IDX.
*/
#ifdef HAVE_STRUCT_EVENT_MIN_HEAP_IDX
/* The header files are 1.4.0-beta or later. If the version is not
* 1.4.0-beta, we are incompatible. */
{
if (strcmp(event_get_version(), "1.4.0-beta")) {
log_warn(LD_GENERAL, "It's a little hard to tell, but you seem to have "
"Libevent 1.4.0-beta header files, whereas you have linked "
"against Libevent %s. This will probably make Tor crash.",
event_get_version());
}
}
#else
/* Our headers are 1.3e or earlier. If the library version is not 1.4.x or
later, we're probably fine. */
{
const char *v = event_get_version();
if ((v[0] == '1' && v[2] == '.' && v[3] > '3') || v[0] > '1') {
log_warn(LD_GENERAL, "It's a little hard to tell, but you seem to have "
"Libevent header file from 1.3e or earlier, whereas you have "
"linked against Libevent %s. This will probably make Tor "
"crash.", event_get_version());
}
}
#endif
#elif defined(HEADER_VERSION)
#warn "_EVENT_VERSION is defined but not get_event_version(): Libevent is odd."
#else
/* Your libevent is ancient. */
#endif
}
