Rename blacklist and whitelist wording

Closes #40033

Signed-off-by: David Goulet <dgoulet@torproject.org>

src/app/config/fallback_dirs.inc

@@ -3,10 +3,10 @@
 /* timestamp=20190625114911 */
 /* timestamp0=20190625114911 */
 /* timestamp1=20190628085927 */
-/* source=whitelist */
+/* source=allowlist */
 /* ===== */
-/* 0: Whitelist excluded 1550 of 1711 candidates. */
+/* 0: Allowlist excluded 1550 of 1711 candidates. */
-/* 1: Whitelist excluded 1601 of 1765 candidates. */
+/* 1: Allowlist excluded 1601 of 1765 candidates. */
 /* Checked IPv4 DirPorts served a consensus within 15.0s. */
 /*
 0:

src/core/or/circuitbuild.c

@@ -1771,7 +1771,7 @@ pick_restricted_middle_node(router_crn_flags_t flags,
 {
   const node_t *middle_node = NULL;
 
-  smartlist_t *whitelisted_live_middles = smartlist_new();
+  smartlist_t *allowlisted_live_middles = smartlist_new();
   smartlist_t *all_live_nodes = smartlist_new();
 
   tor_assert(pick_from);
@@ -1779,21 +1779,21 @@ pick_restricted_middle_node(router_crn_flags_t flags,
   /* Add all running nodes to all_live_nodes */
   router_add_running_nodes_to_smartlist(all_live_nodes, flags);
 
-  /* Filter all_live_nodes to only add live *and* whitelisted middles
+  /* Filter all_live_nodes to only add live *and* allowlisted middles
-   * to the list whitelisted_live_middles. */
+   * to the list allowlisted_live_middles. */
   SMARTLIST_FOREACH_BEGIN(all_live_nodes, node_t *, live_node) {
     if (routerset_contains_node(pick_from, live_node)) {
-      smartlist_add(whitelisted_live_middles, live_node);
+      smartlist_add(allowlisted_live_middles, live_node);
     }
   } SMARTLIST_FOREACH_END(live_node);
 
   /* Honor ExcludeNodes */
   if (exclude_set) {
-    routerset_subtract_nodes(whitelisted_live_middles, exclude_set);
+    routerset_subtract_nodes(allowlisted_live_middles, exclude_set);
   }
 
   if (exclude_list) {
-    smartlist_subtract(whitelisted_live_middles, exclude_list);
+    smartlist_subtract(allowlisted_live_middles, exclude_list);
   }
 
   /**
@@ -1809,9 +1809,9 @@ pick_restricted_middle_node(router_crn_flags_t flags,
    * If there are a lot of nodes in here, assume they did not load balance
    * and do it for them, but also warn them that they may be Doing It Wrong.
    */
-  if (smartlist_len(whitelisted_live_middles) <=
+  if (smartlist_len(allowlisted_live_middles) <=
           MAX_SANE_RESTRICTED_NODES) {
-    middle_node = smartlist_choose(whitelisted_live_middles);
+    middle_node = smartlist_choose(allowlisted_live_middles);
   } else {
     static ratelim_t pinned_notice_limit = RATELIM_INIT(24*3600);
     log_fn_ratelim(&pinned_notice_limit, LOG_NOTICE, LD_CIRC,
@@ -1819,17 +1819,17 @@ pick_restricted_middle_node(router_crn_flags_t flags,
             "in %d total nodes. This is a lot of nodes. "
             "You may want to consider using a Tor controller "
             "to select and update a smaller set of nodes instead.",
-            position_hint, smartlist_len(whitelisted_live_middles));
+            position_hint, smartlist_len(allowlisted_live_middles));
 
     /* NO_WEIGHTING here just means don't take node flags into account
      * (ie: use consensus measurement only). This is done so that
      * we don't further surprise the user by not using Exits that they
      * specified at all */
-    middle_node = node_sl_choose_by_bandwidth(whitelisted_live_middles,
+    middle_node = node_sl_choose_by_bandwidth(allowlisted_live_middles,
                                               NO_WEIGHTING);
   }
 
-  smartlist_free(whitelisted_live_middles);
+  smartlist_free(allowlisted_live_middles);
   smartlist_free(all_live_nodes);
 
   return middle_node;

src/core/or/connection_or.c

@@ -1160,7 +1160,7 @@ static time_t or_connect_failure_map_next_cleanup_ts = 0;
  * port.
  *
  * We need to identify a connection failure with these three values because we
- * want to avoid to wrongfully blacklist a relay if someone is trying to
+ * want to avoid to wrongfully block a relay if someone is trying to
  * extend to a known identity digest but with the wrong IP/port. For instance,
  * it can happen if a relay changed its port but the client still has an old
  * descriptor with the old port. We want to stop connecting to that

src/feature/client/entrynodes.c

@@ -1576,12 +1576,12 @@ guard_create_exit_restriction(const uint8_t *exit_id)
 }
 
 /** If we have fewer than this many possible usable guards, don't set
- * MD-availability-based restrictions: we might blacklist all of them. */
+ * MD-availability-based restrictions: we might denylist all of them. */
 #define MIN_GUARDS_FOR_MD_RESTRICTION 10
 
 /** Return true if we should set md dirserver restrictions. We might not want
  *  to set those if our guard options are too restricted, since we don't want
- *  to blacklist all of them. */
+ *  to denylist all of them. */
 static int
 should_set_md_dirserver_restriction(void)
 {

src/feature/dirparse/ns_parse.c

@@ -1354,8 +1354,8 @@ networkstatus_parse_vote_from_string(const char *s,
         goto err;
       }
       if (ns->type != NS_TYPE_CONSENSUS) {
-        if (authority_cert_is_blacklisted(ns->cert)) {
+        if (authority_cert_is_denylisted(ns->cert)) {
-          log_warn(LD_DIR, "Rejecting vote signature made with blacklisted "
+          log_warn(LD_DIR, "Rejecting vote signature made with denylisted "
                    "signing key %s",
                    hex_str(ns->cert->signing_key_digest, DIGEST_LEN));
           goto err;

src/feature/hs/hs_service.c

@@ -3904,7 +3904,7 @@ hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
 
 /** Add to file_list every filename used by a configured hidden service, and to
  * dir_list every directory path used by a configured hidden service. This is
- * used by the sandbox subsystem to whitelist those. */
+ * used by the sandbox subsystem to allowlist those. */
 void
 hs_service_lists_fnames_for_sandbox(smartlist_t *file_list,
                                     smartlist_t *dir_list)

src/feature/nodelist/authcert.c

@@ -745,7 +745,7 @@ static const char *BAD_SIGNING_KEYS[] = {
  * which, because of the old openssl heartbleed vulnerability, should
  * never be trusted. */
 int
-authority_cert_is_blacklisted(const authority_cert_t *cert)
+authority_cert_is_denylisted(const authority_cert_t *cert)
 {
   char hex_digest[HEX_DIGEST_LEN+1];
   int i;

src/feature/nodelist/authcert.h

@@ -41,7 +41,7 @@ void authority_cert_dl_failed(const char *id_digest,
 void authority_certs_fetch_missing(networkstatus_t *status, time_t now,
                                    const char *dir_hint);
 int authority_cert_dl_looks_uncertain(const char *id_digest);
-int authority_cert_is_blacklisted(const authority_cert_t *cert);
+int authority_cert_is_denylisted(const authority_cert_t *cert);
 
 void authority_cert_free_(authority_cert_t *cert);
 #define authority_cert_free(cert) \

src/feature/nodelist/networkstatus.c

@@ -471,8 +471,8 @@ networkstatus_check_document_signature(const networkstatus_t *consensus,
                  DIGEST_LEN))
     return -1;
 
-  if (authority_cert_is_blacklisted(cert)) {
+  if (authority_cert_is_denylisted(cert)) {
-    /* We implement blacklisting for authority signing keys by treating
+    /* We implement denylisting for authority signing keys by treating
      * all their signatures as always bad. That way we don't get into
      * crazy loops of dropping and re-fetching signatures. */
     log_warn(LD_DIR, "Ignoring a consensus signature made with deprecated"

src/lib/sandbox/sandbox.c

@@ -935,7 +935,7 @@ sb_epoll_ctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
  * the seccomp filter sandbox.
  *
  * NOTE: if multiple filters need to be added, the PR_SECCOMP parameter needs
- * to be whitelisted in this function.
+ * to be allowlisted in this function.
  */
 static int
 sb_prctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)