From be1f3a5eb596730cbb321c525a92ceb0a8178128 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 31 Oct 2011 04:33:38 -0400 Subject: [PATCH 1/2] normalize the name of the CERTS cell --- src/or/command.c | 48 +++++++++++++++++++++--------------------- src/or/connection_or.c | 8 +++---- src/or/connection_or.h | 2 +- src/or/or.h | 12 +++++------ 4 files changed, 35 insertions(+), 35 deletions(-) diff --git a/src/or/command.c b/src/or/command.c index c02d353bb1..e68b6bfc6a 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -49,7 +49,7 @@ uint64_t stats_n_netinfo_cells_processed = 0; /** How many CELL_VPADDING cells have we received, ever? */ uint64_t stats_n_vpadding_cells_processed = 0; /** How many CELL_CERTS cells have we received, ever? */ -uint64_t stats_n_cert_cells_processed = 0; +uint64_t stats_n_certs_cells_processed = 0; /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */ uint64_t stats_n_auth_challenge_cells_processed = 0; /** How many CELL_AUTHENTICATE cells have we received, ever? */ @@ -63,7 +63,7 @@ static void command_process_destroy_cell(cell_t *cell, or_connection_t *conn); static void command_process_versions_cell(var_cell_t *cell, or_connection_t *conn); static void command_process_netinfo_cell(cell_t *cell, or_connection_t *conn); -static void command_process_cert_cell(var_cell_t *cell, +static void command_process_certs_cell(var_cell_t *cell, or_connection_t *conn); static void command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn); @@ -214,19 +214,19 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn) #ifdef KEEP_TIMING_STATS /* how many of each cell have we seen so far this second? needs better * name. */ - static int num_versions=0, num_cert=0; + static int num_versions=0, num_certs=0; time_t now = time(NULL); if (now > current_second) { /* the second has rolled over */ /* print stats */ log_info(LD_OR, - "At end of second: %d versions (%d ms), %d cert (%d ms)", + "At end of second: %d versions (%d ms), %d certs (%d ms)", num_versions, versions_time/1000, - cert, cert_time/1000); + num_certs, certs_time/1000); - num_versions = num_cert = 0; - versions_time = cert_time = 0; + num_versions = num_certs = 0; + versions_time = certs_time = 0; /* remember which second it is, for next time */ current_second = now; @@ -293,9 +293,9 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn) ++stats_n_vpadding_cells_processed; /* Do nothing */ break; - case CELL_CERT: - ++stats_n_cert_cells_processed; - PROCESS_CELL(cert, cell, conn); + case CELL_CERTS: + ++stats_n_certs_cells_processed; + PROCESS_CELL(certs, cell, conn); break; case CELL_AUTH_CHALLENGE: ++stats_n_auth_challenge_cells_processed; @@ -719,8 +719,8 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn) } } if (send_certs) { - if (connection_or_send_cert_cell(conn) < 0) { - log_warn(LD_OR, "Couldn't send cert cell"); + if (connection_or_send_certs_cell(conn) < 0) { + log_warn(LD_OR, "Couldn't send certs cell"); connection_mark_for_close(TO_CONN(conn)); return; } @@ -887,9 +887,9 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn) assert_connection_ok(TO_CONN(conn),time(NULL)); } -/** Process a CERT cell from an OR connection. +/** Process a CERTS cell from an OR connection. * - * If the other side should not have sent us a CERT cell, or the cell is + * If the other side should not have sent us a CERTS cell, or the cell is * malformed, or it is supposed to authenticate the TLS key but it doesn't, * then mark the connection. * @@ -899,12 +899,12 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn) * If it's the server side, wait for an AUTHENTICATE cell. */ static void -command_process_cert_cell(var_cell_t *cell, or_connection_t *conn) +command_process_certs_cell(var_cell_t *cell, or_connection_t *conn) { #define ERR(s) \ do { \ log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \ - "Received a bad CERT cell from %s:%d: %s", \ + "Received a bad CERTS cell from %s:%d: %s", \ safe_str(conn->_base.address), conn->_base.port, (s)); \ connection_mark_for_close(TO_CONN(conn)); \ goto err; \ @@ -921,7 +921,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn) ERR("We're not doing a v3 handshake!"); if (conn->link_proto < 3) ERR("We're not using link protocol >= 3"); - if (conn->handshake_state->received_cert_cell) + if (conn->handshake_state->received_certs_cell) ERR("We already got one"); if (conn->handshake_state->authenticated) { /* Should be unreachable, but let's make sure. */ @@ -951,7 +951,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn) tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len); if (!cert) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Received undecodable certificate in CERT cell from %s:%d", + "Received undecodable certificate in CERTS cell from %s:%d", safe_str(conn->_base.address), conn->_base.port); } else { if (cert_type == OR_CERT_TYPE_TLS_LINK) { @@ -1041,7 +1041,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn) id_cert = auth_cert = NULL; } - conn->handshake_state->received_cert_cell = 1; + conn->handshake_state->received_certs_cell = 1; err: tor_cert_free(id_cert); tor_cert_free(link_cert); @@ -1055,7 +1055,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn) * originator of the connection), or it's ill-formed, or we aren't doing a v3 * handshake, mark the connection. If the cell is well-formed but we don't * want to authenticate, just drop it. If the cell is well-formed *and* we - * want to authenticate, send an AUTHENTICATE cell. */ + * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell. */ static void command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn) { @@ -1079,7 +1079,7 @@ command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn) ERR("We didn't originate this connection"); if (conn->handshake_state->received_auth_challenge) ERR("We already received one"); - if (! conn->handshake_state->received_cert_cell) + if (! conn->handshake_state->received_certs_cell) ERR("We haven't gotten a CERTS cell yet"); if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2) ERR("It was too short"); @@ -1128,7 +1128,7 @@ command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn) * If it's ill-formed or we weren't supposed to get one or we're not doing a * v3 handshake, then mark the connection. If it does not authenticate the * other side of the connection successfully (because it isn't signed right, - * we didn't get a CERT cell, etc) mark the connection. Otherwise, accept + * we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept * the identity of the router on the other side of the connection. */ static void @@ -1159,8 +1159,8 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn) /* Should be impossible given other checks */ ERR("The peer is already authenticated"); } - if (! conn->handshake_state->received_cert_cell) - ERR("We never got a cert cell"); + if (! conn->handshake_state->received_certs_cell) + ERR("We never got a certs cell"); if (conn->handshake_state->auth_cert == NULL) ERR("We never got an authentication certificate"); if (conn->handshake_state->id_cert == NULL) diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 202548a6b6..684d3abd23 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1435,7 +1435,7 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn, * side of conn is peer_id. For v1 and v2 handshakes, * this is right after we get a certificate chain in a TLS handshake * or renegotiation. For v3 handshakes, this is right after we get a - * certificate chain in a CERT cell. + * certificate chain in a CERTS cell. * * If we want any particular ID before, record the one we got. * @@ -1950,10 +1950,10 @@ connection_or_send_netinfo(or_connection_t *conn) return 0; } -/** Send a CERT cell on the connection conn. Return 0 on success, -1 +/** Send a CERTS cell on the connection conn. Return 0 on success, -1 * on failure. */ int -connection_or_send_cert_cell(or_connection_t *conn) +connection_or_send_certs_cell(or_connection_t *conn) { const tor_cert_t *link_cert = NULL, *id_cert = NULL; const uint8_t *link_encoded = NULL, *id_encoded = NULL; @@ -1977,7 +1977,7 @@ connection_or_send_cert_cell(or_connection_t *conn) 2 * ( 1 + 2 ) /* For each cert: 1 byte for type, 2 for length */ + link_len + id_len; cell = var_cell_new(cell_len); - cell->command = CELL_CERT; + cell->command = CELL_CERTS; cell->payload[0] = 2; pos = 1; diff --git a/src/or/connection_or.h b/src/or/connection_or.h index df009ab39e..62a15b1cf2 100644 --- a/src/or/connection_or.h +++ b/src/or/connection_or.h @@ -69,7 +69,7 @@ int connection_or_send_destroy(circid_t circ_id, or_connection_t *conn, int reason); int connection_or_send_versions(or_connection_t *conn, int v3_plus); int connection_or_send_netinfo(or_connection_t *conn); -int connection_or_send_cert_cell(or_connection_t *conn); +int connection_or_send_certs_cell(or_connection_t *conn); int connection_or_send_auth_challenge_cell(or_connection_t *conn); int connection_or_compute_authenticate_cell_body(or_connection_t *conn, uint8_t *out, size_t outlen, diff --git a/src/or/or.h b/src/or/or.h index e4f9b9b2b6..259ae5c989 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -826,7 +826,7 @@ typedef enum { #define CELL_RELAY_EARLY 9 #define CELL_VPADDING 128 -#define CELL_CERT 129 +#define CELL_CERTS 129 #define CELL_AUTH_CHALLENGE 130 #define CELL_AUTHENTICATE 131 @@ -1088,10 +1088,10 @@ typedef struct listener_connection_t { #define OR_AUTH_CHALLENGE_LEN 32 /** - * @name Certificate types for CERT cells. + * @name Certificate types for CERTS cells. * * These values are defined by the protocol, and affect how an X509 - * certificate in a CERT cell is interpreted and used. + * certificate in a CERTS cell is interpreted and used. * * @{ */ /** A certificate that authenticates a TLS link key. The subject key @@ -1137,8 +1137,8 @@ typedef struct or_handshake_state_t { unsigned int received_versions : 1; /** True iff we have received and processed an AUTH_CHALLENGE cell */ unsigned int received_auth_challenge : 1; - /** True iff we have received and processed a CERT cell. */ - unsigned int received_cert_cell : 1; + /** True iff we have received and processed a CERTS cell. */ + unsigned int received_certs_cell : 1; /** True iff we have received and processed an AUTHENTICATE cell */ unsigned int received_authenticate : 1; @@ -1171,7 +1171,7 @@ typedef struct or_handshake_state_t { crypto_digest_env_t *digest_received; /** @} */ - /** Certificates that a connection initiator sent us in a CERT cell; we're + /** Certificates that a connection initiator sent us in a CERTS cell; we're * holding on to them until we get an AUTHENTICATE cell. * * @{ From a6eef61f02deb123d44a58dac2e506650826db48 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 21 Nov 2011 10:47:57 -0500 Subject: [PATCH 2/2] Changes file for bug4360 --- changes/bug4360 | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changes/bug4360 diff --git a/changes/bug4360 b/changes/bug4360 new file mode 100644 index 0000000000..93afa8204d --- /dev/null +++ b/changes/bug4360 @@ -0,0 +1,3 @@ + o Code simplification and refactoring: + - Use the name "CERTS" consistently to refer to the new cell type; + we were calling it CERT in some places and CERTS in others.