commit 8785a75e2f0c44f1585b563d8043c64c6489acaa
parent d425dbf04a6bbac7eae832bf51c2bfe061e2c426
Author: Neel Chauhan <neel@neelc.org>
Date: Mon, 16 Nov 2020 09:35:23 -0800
Give a descriptive error message with "tor-gencert --create-identity-key"
Diffstat:
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/changes/bug40189 b/changes/bug40189
@@ -0,0 +1,4 @@
+ o Major bugfixes (signing key):
+ - In the tor-gencert utility, give an informative error message if the
+ passphrase given in `--create-identity-key` is too short. Fixes bug
+ 40189; bugfix on 0.2.0.1-alpha. Patch by Neel Chauhan.
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
@@ -248,6 +248,8 @@ generate_key(int bits)
return rsa;
}
+#define MIN_PASSPHRASE_LEN 4
+
/** Try to read the identity key from <b>identity_key_file</b>. If no such
* file exists and create_identity_key is set, make a new identity key and
* store it. Return 0 on success, nonzero on failure.
@@ -288,11 +290,16 @@ load_identity_key(void)
* the terminal. */
if (!PEM_write_PKCS8PrivateKey_nid(f, identity_key,
NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
- passphrase, (int)passphrase_len,
+ passphrase, (int) passphrase_len,
NULL, NULL)) {
- log_err(LD_GENERAL, "Couldn't write identity key to %s",
- identity_key_file);
- crypto_openssl_log_errors(LOG_ERR, "Writing identity key");
+ if ((int) passphrase_len < MIN_PASSPHRASE_LEN) {
+ log_err(LD_GENERAL, "Passphrase empty or too short. Passphrase needs "
+ "to be at least %d characters.", MIN_PASSPHRASE_LEN);
+ } else {
+ log_err(LD_GENERAL, "Couldn't write identity key to %s",
+ identity_key_file);
+ crypto_openssl_log_errors(LOG_ERR, "Writing identity key");
+ }
abort_writing_to_file(open_file);
return 1;
}
