From a2990081d516873d94643853d1a98b9cc3da55c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Thu, 1 Feb 2018 21:25:33 +0100 Subject: [PATCH 1/2] Slightly different wording for error cases around entropy source selection. This patch makes the wording around error cases for selecting an entropy source in Tor slightly more verbose. We also let the user know when something goes wrong that we are trying out a fallback method instead. See: https://bugs.torproject.org/25120 --- src/common/crypto.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index 2ecf64c393..0dcffd2fb4 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1903,13 +1903,13 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) if (!provider_set) { if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - log_warn(LD_CRYPTO, "Can't get CryptoAPI provider [1]"); + log_warn(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1]."); return -1; } provider_set = 1; } if (!CryptGenRandom(provider, out_len, out)) { - log_warn(LD_CRYPTO, "Can't get entropy from CryptoAPI."); + log_warn(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI."); return -1; } @@ -1954,9 +1954,11 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) log_warn(LD_CRYPTO, "Can't get entropy from getrandom()." " You are running a version of Tor built to support" " getrandom(), but the kernel doesn't implement this" - " function--probably because it is too old?"); + " function--probably because it is too old?" + " Trying fallback method instead."); } else { log_warn(LD_CRYPTO, "Can't get entropy from getrandom(): %s.", + " Trying fallback method instead." strerror(errno)); } @@ -2009,7 +2011,7 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t out_len) size_t n; for (i = 0; filenames[i]; ++i) { - log_debug(LD_FS, "Considering %s for entropy", filenames[i]); + log_debug(LD_FS, "Considering %s as entropy source", filenames[i]); fd = open(sandbox_intern_string(filenames[i]), O_RDONLY, 0); if (fd<0) continue; log_info(LD_CRYPTO, "Reading entropy from \"%s\"", filenames[i]); @@ -2019,7 +2021,8 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t out_len) /* LCOV_EXCL_START * We can't make /dev/foorandom actually fail. */ log_warn(LD_CRYPTO, - "Error reading from entropy source (read only %lu bytes).", + "Error reading from entropy source %s (read only %lu bytes).", + filenames[i], (unsigned long)n); return -1; /* LCOV_EXCL_STOP */ From 14c47a0b5c8965463957f8c8c9311bcb96885049 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Thu, 1 Feb 2018 21:27:38 +0100 Subject: [PATCH 2/2] Lower log-level in different error conditions in entropy selection. This patch lowers the log-level from warning to info in the cases where we are going to attempt another method as entropy source to hopefully make the user feel less concerned. See: https://bugs.torproject.org/25120 --- src/common/crypto.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index 0dcffd2fb4..f8da2fcf18 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1891,6 +1891,12 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) { tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE); + /* We only log at notice-level here because in the case that this function + * fails the crypto_strongest_rand_raw() caller will log with a warning-level + * message and let crypto_strongest_rand() error out and finally terminating + * Tor with an assertion error. + */ + #ifdef TOR_UNIT_TESTS if (break_strongest_rng_syscall) return -1; @@ -1903,13 +1909,13 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) if (!provider_set) { if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - log_warn(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1]."); + log_notice(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1]."); return -1; } provider_set = 1; } if (!CryptGenRandom(provider, out_len, out)) { - log_warn(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI."); + log_notice(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI."); return -1; } @@ -1951,14 +1957,14 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) /* Useful log message for errno. */ if (errno == ENOSYS) { - log_warn(LD_CRYPTO, "Can't get entropy from getrandom()." - " You are running a version of Tor built to support" - " getrandom(), but the kernel doesn't implement this" - " function--probably because it is too old?" - " Trying fallback method instead."); + log_notice(LD_CRYPTO, "Can't get entropy from getrandom()." + " You are running a version of Tor built to support" + " getrandom(), but the kernel doesn't implement this" + " function--probably because it is too old?" + " Trying fallback method instead."); } else { - log_warn(LD_CRYPTO, "Can't get entropy from getrandom(): %s.", - " Trying fallback method instead." + log_notice(LD_CRYPTO, "Can't get entropy from getrandom(): %s.", + " Trying fallback method instead." strerror(errno)); } @@ -2020,10 +2026,10 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t out_len) if (n != out_len) { /* LCOV_EXCL_START * We can't make /dev/foorandom actually fail. */ - log_warn(LD_CRYPTO, - "Error reading from entropy source %s (read only %lu bytes).", - filenames[i], - (unsigned long)n); + log_notice(LD_CRYPTO, + "Error reading from entropy source %s (read only %lu bytes).", + filenames[i], + (unsigned long)n); return -1; /* LCOV_EXCL_STOP */ }