Merge branch 'bug4360'

changes/bug4360

@@ -0,0 +1,3 @@
+  o Code simplification and refactoring:
+    - Use the name "CERTS" consistently to refer to the new cell type;
+      we were calling it CERT in some places and CERTS in others.

src/or/command.c

@@ -49,7 +49,7 @@ uint64_t stats_n_netinfo_cells_processed = 0;
 /** How many CELL_VPADDING cells have we received, ever? */
 uint64_t stats_n_vpadding_cells_processed = 0;
 /** How many CELL_CERTS cells have we received, ever? */
-uint64_t stats_n_cert_cells_processed = 0;
+uint64_t stats_n_certs_cells_processed = 0;
 /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
 uint64_t stats_n_auth_challenge_cells_processed = 0;
 /** How many CELL_AUTHENTICATE cells have we received, ever? */
@@ -63,7 +63,7 @@ static void command_process_destroy_cell(cell_t *cell, or_connection_t *conn);
 static void command_process_versions_cell(var_cell_t *cell,
                                           or_connection_t *conn);
 static void command_process_netinfo_cell(cell_t *cell, or_connection_t *conn);
-static void command_process_cert_cell(var_cell_t *cell,
+static void command_process_certs_cell(var_cell_t *cell,
                                       or_connection_t *conn);
 static void command_process_auth_challenge_cell(var_cell_t *cell,
                                           or_connection_t *conn);
@@ -214,19 +214,19 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn)
 #ifdef KEEP_TIMING_STATS
   /* how many of each cell have we seen so far this second? needs better
    * name. */
-  static int num_versions=0, num_cert=0;
+  static int num_versions=0, num_certs=0;
 
   time_t now = time(NULL);
 
   if (now > current_second) { /* the second has rolled over */
     /* print stats */
     log_info(LD_OR,
-             "At end of second: %d versions (%d ms), %d cert (%d ms)",
+             "At end of second: %d versions (%d ms), %d certs (%d ms)",
              num_versions, versions_time/1000,
-             cert, cert_time/1000);
+             num_certs, certs_time/1000);
 
-    num_versions = num_cert = 0;
+    num_versions = num_certs = 0;
-    versions_time = cert_time = 0;
+    versions_time = certs_time = 0;
 
     /* remember which second it is, for next time */
     current_second = now;
@@ -293,9 +293,9 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn)
       ++stats_n_vpadding_cells_processed;
       /* Do nothing */
       break;
-    case CELL_CERT:
+    case CELL_CERTS:
-      ++stats_n_cert_cells_processed;
+      ++stats_n_certs_cells_processed;
-      PROCESS_CELL(cert, cell, conn);
+      PROCESS_CELL(certs, cell, conn);
       break;
     case CELL_AUTH_CHALLENGE:
       ++stats_n_auth_challenge_cells_processed;
@@ -719,8 +719,8 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
       }
     }
     if (send_certs) {
-      if (connection_or_send_cert_cell(conn) < 0) {
+      if (connection_or_send_certs_cell(conn) < 0) {
-        log_warn(LD_OR, "Couldn't send cert cell");
+        log_warn(LD_OR, "Couldn't send certs cell");
         connection_mark_for_close(TO_CONN(conn));
         return;
       }
@@ -887,9 +887,9 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
   assert_connection_ok(TO_CONN(conn),time(NULL));
 }
 
-/** Process a CERT cell from an OR connection.
+/** Process a CERTS cell from an OR connection.
  *
- * If the other side should not have sent us a CERT cell, or the cell is
+ * If the other side should not have sent us a CERTS cell, or the cell is
  * malformed, or it is supposed to authenticate the TLS key but it doesn't,
  * then mark the connection.
  *
@@ -899,12 +899,12 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
  * If it's the server side, wait for an AUTHENTICATE cell.
  */
 static void
-command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
+command_process_certs_cell(var_cell_t *cell, or_connection_t *conn)
 {
 #define ERR(s)                                                  \
   do {                                                          \
     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,                      \
-           "Received a bad CERT cell from %s:%d: %s",           \
+           "Received a bad CERTS cell from %s:%d: %s",          \
            safe_str(conn->_base.address), conn->_base.port, (s)); \
     connection_mark_for_close(TO_CONN(conn));                   \
     goto err;                                                   \
@@ -921,7 +921,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
     ERR("We're not doing a v3 handshake!");
   if (conn->link_proto < 3)
     ERR("We're not using link protocol >= 3");
-  if (conn->handshake_state->received_cert_cell)
+  if (conn->handshake_state->received_certs_cell)
     ERR("We already got one");
   if (conn->handshake_state->authenticated) {
     /* Should be unreachable, but let's make sure. */
@@ -951,7 +951,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
       tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);
       if (!cert) {
         log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-               "Received undecodable certificate in CERT cell from %s:%d",
+               "Received undecodable certificate in CERTS cell from %s:%d",
                safe_str(conn->_base.address), conn->_base.port);
       } else {
         if (cert_type == OR_CERT_TYPE_TLS_LINK) {
@@ -1050,7 +1050,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
     id_cert = auth_cert = NULL;
   }
 
-  conn->handshake_state->received_cert_cell = 1;
+  conn->handshake_state->received_certs_cell = 1;
  err:
   tor_cert_free(id_cert);
   tor_cert_free(link_cert);
@@ -1064,7 +1064,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
  * originator of the connection), or it's ill-formed, or we aren't doing a v3
  * handshake, mark the connection.  If the cell is well-formed but we don't
  * want to authenticate, just drop it.  If the cell is well-formed *and* we
- * want to authenticate, send an AUTHENTICATE cell. */
+ * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell. */
 static void
 command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn)
 {
@@ -1088,7 +1088,7 @@ command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn)
     ERR("We didn't originate this connection");
   if (conn->handshake_state->received_auth_challenge)
     ERR("We already received one");
-  if (! conn->handshake_state->received_cert_cell)
+  if (! conn->handshake_state->received_certs_cell)
     ERR("We haven't gotten a CERTS cell yet");
   if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2)
     ERR("It was too short");
@@ -1146,7 +1146,7 @@ command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn)
  * If it's ill-formed or we weren't supposed to get one or we're not doing a
  * v3 handshake, then mark the connection.  If it does not authenticate the
  * other side of the connection successfully (because it isn't signed right,
- * we didn't get a CERT cell, etc) mark the connection.  Otherwise, accept
+ * we didn't get a CERTS cell, etc) mark the connection.  Otherwise, accept
  * the identity of the router on the other side of the connection.
  */
 static void
@@ -1177,8 +1177,8 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
     /* Should be impossible given other checks */
     ERR("The peer is already authenticated");
   }
-  if (! conn->handshake_state->received_cert_cell)
+  if (! conn->handshake_state->received_certs_cell)
-    ERR("We never got a cert cell");
+    ERR("We never got a certs cell");
   if (conn->handshake_state->auth_cert == NULL)
     ERR("We never got an authentication certificate");
   if (conn->handshake_state->id_cert == NULL)

src/or/connection_or.c

@@ -1435,7 +1435,7 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
  * side of <b>conn</b> is <b>peer_id</b>.  For v1 and v2 handshakes,
  * this is right after we get a certificate chain in a TLS handshake
  * or renegotiation.  For v3 handshakes, this is right after we get a
- * certificate chain in a CERT cell.
+ * certificate chain in a CERTS cell.
  *
  * If we want any particular ID before, record the one we got.
  *
@@ -1954,10 +1954,10 @@ connection_or_send_netinfo(or_connection_t *conn)
   return 0;
 }
 
-/** Send a CERT cell on the connection <b>conn</b>.  Return 0 on success, -1
+/** Send a CERTS cell on the connection <b>conn</b>.  Return 0 on success, -1
  * on failure. */
 int
-connection_or_send_cert_cell(or_connection_t *conn)
+connection_or_send_certs_cell(or_connection_t *conn)
 {
   const tor_cert_t *link_cert = NULL, *id_cert = NULL;
   const uint8_t *link_encoded = NULL, *id_encoded = NULL;
@@ -1981,7 +1981,7 @@ connection_or_send_cert_cell(or_connection_t *conn)
              2 * ( 1 + 2 ) /* For each cert: 1 byte for type, 2 for length */ +
              link_len + id_len;
   cell = var_cell_new(cell_len);
-  cell->command = CELL_CERT;
+  cell->command = CELL_CERTS;
   cell->payload[0] = 2;
   pos = 1;
 

src/or/connection_or.h

@@ -69,7 +69,7 @@ int connection_or_send_destroy(circid_t circ_id, or_connection_t *conn,
                                int reason);
 int connection_or_send_versions(or_connection_t *conn, int v3_plus);
 int connection_or_send_netinfo(or_connection_t *conn);
-int connection_or_send_cert_cell(or_connection_t *conn);
+int connection_or_send_certs_cell(or_connection_t *conn);
 int connection_or_send_auth_challenge_cell(or_connection_t *conn);
 int connection_or_compute_authenticate_cell_body(or_connection_t *conn,
                                                  uint8_t *out, size_t outlen,

src/or/or.h

@@ -826,7 +826,7 @@ typedef enum {
 #define CELL_RELAY_EARLY 9
 
 #define CELL_VPADDING 128
-#define CELL_CERT 129
+#define CELL_CERTS 129
 #define CELL_AUTH_CHALLENGE 130
 #define CELL_AUTHENTICATE 131
 
@@ -1088,10 +1088,10 @@ typedef struct listener_connection_t {
 #define OR_AUTH_CHALLENGE_LEN 32
 
 /**
- * @name Certificate types for CERT cells.
+ * @name Certificate types for CERTS cells.
  *
  * These values are defined by the protocol, and affect how an X509
- * certificate in a CERT cell is interpreted and used.
+ * certificate in a CERTS cell is interpreted and used.
  *
  * @{ */
 /** A certificate that authenticates a TLS link key.  The subject key
@@ -1137,8 +1137,8 @@ typedef struct or_handshake_state_t {
   unsigned int received_versions : 1;
   /** True iff we have received and processed an AUTH_CHALLENGE cell */
   unsigned int received_auth_challenge : 1;
-  /** True iff we have received and processed a CERT cell. */
+  /** True iff we have received and processed a CERTS cell. */
-  unsigned int received_cert_cell : 1;
+  unsigned int received_certs_cell : 1;
   /** True iff we have received and processed an AUTHENTICATE cell */
   unsigned int received_authenticate : 1;
 
@@ -1171,7 +1171,7 @@ typedef struct or_handshake_state_t {
   crypto_digest_env_t *digest_received;
   /** @} */
 
-  /** Certificates that a connection initiator sent us in a CERT cell; we're
+  /** Certificates that a connection initiator sent us in a CERTS cell; we're
    * holding on to them until we get an AUTHENTICATE cell.
    *
    * @{