nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'isolate_openssl'

Browse Source
This commit is contained in:
Nick Mathewson 2017-04-07 09:58:21 -04:00
commit 61f1838cdc
21 changed files with 249 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/ticket21841 Normal file
View File

@ -0,0 +1,4 @@
o Code simplification and refactoring:
- Isolate our usage of the openssl headers so that they are only
used from our crypto wrapper modules, and from tests that examing those
modules' internals. Closes ticket 21841.

12
src/common/crypto.c
View File

@ -3459,3 +3459,15 @@ crypto_global_cleanup(void)
/** @} */
#ifdef USE_DMALLOC
/** Tell the crypto library to use Tor's allocation functions rather than
* calling libc's allocation functions directly. Return 0 on success, -1
* on failure. */
int
crypto_use_tor_alloc_functions(void)
{
int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_);
return r ? 0 : -1;
}
#endif

4
src/common/crypto.h
View File

@ -131,6 +131,10 @@ int crypto_early_init(void) ATTR_WUR;
int crypto_global_init(int hardwareAccel,
const char *accelName,
const char *accelPath) ATTR_WUR;
#ifdef USE_DMALLOC
int crypto_use_tor_alloc_functions(void);
#endif
void crypto_thread_cleanup(void);
int crypto_global_cleanup(void);

16
src/common/crypto_ed25519.c
View File

@ -32,8 +32,6 @@
#include "ed25519/ref10/ed25519_ref10.h"
#include "ed25519/donna/ed25519_donna_tor.h"
#include <openssl/sha.h>
static void pick_ed25519_impl(void);
/** An Ed25519 implementation, as a set of function pointers. */
@ -442,14 +440,16 @@ ed25519_keypair_from_curve25519_keypair(ed25519_keypair_t *out,
{
const char string[] = "Derive high part of ed25519 key from curve25519 key";
ed25519_public_key_t pubkey_check;
SHA512_CTX ctx;
uint8_t sha512_output[64];
crypto_digest_t *ctx;
uint8_t sha512_output[DIGEST512_LEN];
memcpy(out->seckey.seckey, inp->seckey.secret_key, 32);
SHA512_Init(&ctx);
SHA512_Update(&ctx, out->seckey.seckey, 32);
SHA512_Update(&ctx, string, sizeof(string));
SHA512_Final(sha512_output, &ctx);
ctx = crypto_digest512_new(DIGEST_SHA512);
crypto_digest_add_bytes(ctx, (const char*)out->seckey.seckey, 32);
crypto_digest_add_bytes(ctx, (const char*)string, sizeof(string));
crypto_digest_get_digest(ctx, (char *)sha512_output, sizeof(sha512_output));
crypto_digest_free(ctx);
memcpy(out->seckey.seckey + 32, sha512_output, 32);
ed25519_public_key_generate(&out->pubkey, &out->seckey);

19
src/common/tortls.c
View File

@ -17,6 +17,7 @@
#include "orconfig.h"
#define TORTLS_PRIVATE
#define TORTLS_OPENSSL_PRIVATE
#include <assert.h>
#ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/
@ -2263,6 +2264,24 @@ check_cert_lifetime_internal(int severity, const X509 *cert,
return 0;
}
#ifdef TOR_UNIT_TESTS
/* Testing only: return a new x509 cert with the same contents as <b>inp</b>,
but with the expiration time <b>new_expiration_time</b>, signed with
<b>signing_key</b>. */
STATIC tor_x509_cert_t *
tor_x509_cert_replace_expiration(const tor_x509_cert_t *inp,
time_t new_expiration_time,
crypto_pk_t *signing_key)
{
X509 *newc = X509_dup(inp->cert);
X509_time_adj(X509_get_notAfter(newc), 0, &new_expiration_time);
EVP_PKEY *pk = crypto_pk_get_evp_pkey_(signing_key, 1);
tor_assert(X509_sign(newc, pk, EVP_sha256()));
EVP_PKEY_free(pk);
return tor_x509_cert_new(newc);
}
#endif
/** Return the number of bytes available for reading from <b>tls</b>.
*/
int

46
src/common/tortls.h
View File

@ -63,12 +63,17 @@ typedef enum {
} tor_tls_state_t;
#define tor_tls_state_bitfield_t ENUM_BF(tor_tls_state_t)
struct x509_st;
struct ssl_st;
struct ssl_ctx_st;
struct ssl_session_st;
/** Holds a SSL_CTX object and related state used to configure TLS
* connections.
*/
typedef struct tor_tls_context_t {
int refcnt;
SSL_CTX *ctx;
struct ssl_ctx_st *ctx;
tor_x509_cert_t *my_link_cert;
tor_x509_cert_t *my_id_cert;
tor_x509_cert_t *my_auth_cert;
@ -78,7 +83,7 @@ typedef struct tor_tls_context_t {
/** Structure that we use for a single certificate. */
struct tor_x509_cert_t {
X509 *cert;
struct x509_st *cert;
uint8_t *encoded;
size_t encoded_len;
unsigned pkey_digests_set : 1;
@ -92,7 +97,7 @@ struct tor_x509_cert_t {
struct tor_tls_t {
uint32_t magic;
tor_tls_context_t *context; /** A link to the context object for this tls. */
SSL *ssl; /**< An OpenSSL SSL object. */
struct ssl_st *ssl; /**< An OpenSSL SSL object. */
int socket; /**< The underlying file descriptor for this TLS connection. */
char *address; /**< An address to log when describing this connection. */
tor_tls_state_bitfield_t state : 3; /**< The current SSL state,
@ -128,35 +133,45 @@ struct tor_tls_t {
STATIC int tor_errno_to_tls_error(int e);
STATIC int tor_tls_get_error(tor_tls_t *tls, int r, int extra,
const char *doing, int severity, int domain);
STATIC tor_tls_t *tor_tls_get_by_ssl(const SSL *ssl);
STATIC tor_tls_t *tor_tls_get_by_ssl(const struct ssl_st *ssl);
STATIC void tor_tls_allocate_tor_tls_object_ex_data_index(void);
#ifdef TORTLS_OPENSSL_PRIVATE
STATIC int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx);
STATIC int tor_tls_classify_client_ciphers(const SSL *ssl,
STATIC int tor_tls_classify_client_ciphers(const struct ssl_st *ssl,
STACK_OF(SSL_CIPHER) *peer_ciphers);
STATIC int tor_tls_client_is_using_v2_ciphers(const SSL *ssl);
#endif
STATIC int tor_tls_client_is_using_v2_ciphers(const struct ssl_st *ssl);
MOCK_DECL(STATIC void, try_to_extract_certs_from_tls,
(int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out));
(int severity, tor_tls_t *tls, struct x509_st **cert_out,
struct x509_st **id_cert_out));
#ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out,
STATIC size_t SSL_SESSION_get_master_key(struct ssl_session_st *s,
uint8_t *out,
size_t len);
#endif
STATIC void tor_tls_debug_state_callback(const SSL *ssl, int type, int val);
STATIC void tor_tls_server_info_callback(const SSL *ssl, int type, int val);
STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret,
STATIC void tor_tls_debug_state_callback(const struct ssl_st *ssl,
int type, int val);
STATIC void tor_tls_server_info_callback(const struct ssl_st *ssl,
int type, int val);
#ifdef TORTLS_OPENSSL_PRIVATE
STATIC int tor_tls_session_secret_cb(struct ssl_st *ssl, void *secret,
int *secret_len,
STACK_OF(SSL_CIPHER) *peer_ciphers,
CONST_IF_OPENSSL_1_1_API SSL_CIPHER **cipher,
void *arg);
STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m,
uint16_t cipher);
MOCK_DECL(STATIC X509*, tor_tls_create_certificate,(crypto_pk_t *rsa,
#endif
MOCK_DECL(STATIC struct x509_st *, tor_tls_create_certificate,
(crypto_pk_t *rsa,
crypto_pk_t *rsa_sign,
const char *cname,
const char *cname_sign,
unsigned int cert_lifetime));
STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity,
unsigned int key_lifetime, unsigned flags, int is_client);
MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,(X509 *x509_cert));
MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,
(struct x509_st *x509_cert));
STATIC int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
crypto_pk_t *identity,
unsigned int key_lifetime,
@ -172,6 +187,11 @@ extern tor_tls_context_t *client_tls_context;
extern uint16_t v2_cipher_list[];
extern uint64_t total_bytes_written_over_tls;
extern uint64_t total_bytes_written_by_tls;
STATIC tor_x509_cert_t *tor_x509_cert_replace_expiration(
const tor_x509_cert_t *inp,
time_t new_expiration_time,
crypto_pk_t *signing_key);
#endif
#endif /* endif TORTLS_PRIVATE */

31
src/ext/ed25519/donna/ed25519-hash-custom.h
View File

@ -9,3 +9,34 @@
void ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen);
*/
#include "crypto.h"
typedef struct ed25519_hash_context {
crypto_digest_t *ctx;
} ed25519_hash_context;
static void
ed25519_hash_init(ed25519_hash_context *ctx)
{
ctx->ctx = crypto_digest512_new(DIGEST_SHA512);
}
static void
ed25519_hash_update(ed25519_hash_context *ctx, const uint8_t *in, size_t inlen)
{
crypto_digest_add_bytes(ctx->ctx, (const char *)in, inlen);
}
static void
ed25519_hash_final(ed25519_hash_context *ctx, uint8_t *hash)
{
crypto_digest_get_digest(ctx->ctx, (char *)hash, DIGEST512_LEN);
crypto_digest_free(ctx->ctx);
ctx->ctx = NULL;
}
static void
ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen)
{
crypto_digest512((char *)hash, (const char *)in, inlen,
DIGEST_SHA512);
}

30
src/ext/ed25519/ref10/crypto_hash_sha512.h
View File

@ -1,30 +1,32 @@
/* Added for Tor. */
#include <openssl/sha.h>
#include "crypto.h"
/* Set 'out' to the 512-bit SHA512 hash of the 'len'-byte string in 'inp' */
#define crypto_hash_sha512(out, inp, len) \
SHA512((inp), (len), (out))
crypto_digest512((char *)(out), (const char *)(inp), (len), DIGEST_SHA512)
/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
* concatenated with the 'len2'-byte string in 'inp2'. */
#define crypto_hash_sha512_2(out, inp1, len1, inp2, len2) \
do { \
SHA512_CTX sha_ctx_; \
SHA512_Init(&sha_ctx_); \
SHA512_Update(&sha_ctx_, (inp1), (len1)); \
SHA512_Update(&sha_ctx_, (inp2), (len2)); \
SHA512_Final((out), &sha_ctx_); \
} while(0)
crypto_digest_t *sha_ctx_; \
sha_ctx_ = crypto_digest512_new(DIGEST_SHA512); \
crypto_digest_add_bytes(sha_ctx_, (const char *)(inp1), (len1)); \
crypto_digest_add_bytes(sha_ctx_, (const char *)(inp2), (len2)); \
crypto_digest_get_digest(sha_ctx_, (char *)out, DIGEST512_LEN); \
crypto_digest_free(sha_ctx_); \
} while (0)
/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
* concatenated with the 'len2'-byte string in 'inp2', concatenated with
* the 'len3'-byte string in 'len3'. */
#define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3) \
do { \
SHA512_CTX sha_ctx_; \
SHA512_Init(&sha_ctx_); \
SHA512_Update(&sha_ctx_, (inp1), (len1)); \
SHA512_Update(&sha_ctx_, (inp2), (len2)); \
SHA512_Update(&sha_ctx_, (inp3), (len3)); \
SHA512_Final((out), &sha_ctx_); \
crypto_digest_t *sha_ctx_; \
sha_ctx_ = crypto_digest512_new(DIGEST_SHA512); \
crypto_digest_add_bytes(sha_ctx_, (const char *)(inp1), (len1)); \
crypto_digest_add_bytes(sha_ctx_, (const char *)(inp2), (len2)); \
crypto_digest_add_bytes(sha_ctx_, (const char *)(inp3), (len3)); \
crypto_digest_get_digest(sha_ctx_, (char *)out, DIGEST512_LEN); \
crypto_digest_free(sha_ctx_); \
} while(0)

1
src/ext/include.am
View File

@ -101,6 +101,7 @@ noinst_LIBRARIES += $(LIBED25519_REF10)
src_ext_ed25519_donna_libed25519_donna_a_CFLAGS=\
@CFLAGS_CONSTTIME@ \
-DED25519_CUSTOMRANDOM \
-DED25519_CUSTOMHASH \
-DED25519_SUFFIX=_donna
src_ext_ed25519_donna_libed25519_donna_a_SOURCES= \

5
src/or/main.c
View File

@ -104,7 +104,6 @@
#include "ext_orport.h"
#ifdef USE_DMALLOC
#include <dmalloc.h>
#include <openssl/crypto.h>
#endif
#include "memarea.h"
#include "sandbox.h"
@ -3617,8 +3616,8 @@ tor_main(int argc, char *argv[])
{
/* Instruct OpenSSL to use our internal wrappers for malloc,
realloc and free. */
int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_);
tor_assert(r);
int r = crypto_use_tor_alloc_functions();
tor_assert(r == 0);
}
#endif
#ifdef NT_SERVICE

1
src/test/include.am
View File

@ -93,6 +93,7 @@ src_test_test_SOURCES = \
src/test/test_controller.c \
src/test/test_controller_events.c \
src/test/test_crypto.c \
src/test/test_crypto_openssl.c \
src/test/test_data.c \
src/test/test_dir.c \
src/test/test_dir_common.c \

1
src/test/test.c
View File

@ -1201,6 +1201,7 @@ struct testgroup_t testgroups[] = {
{ "control/", controller_tests },
{ "control/event/", controller_event_tests },
{ "crypto/", crypto_tests },
{ "crypto/openssl/", crypto_openssl_tests },
{ "dir/", dir_tests },
{ "dir_handle_get/", dir_handle_get_tests },
{ "dir/md/", microdesc_tests },

1
src/test/test.h
View File

@ -196,6 +196,7 @@ extern struct testcase_t container_tests[];
extern struct testcase_t controller_tests[];
extern struct testcase_t controller_event_tests[];
extern struct testcase_t crypto_tests[];
extern struct testcase_t crypto_openssl_tests[];
extern struct testcase_t dir_tests[];
extern struct testcase_t dir_handle_get_tests[];
extern struct testcase_t entryconn_tests[];

72
src/test/test_crypto.c
View File

@ -15,9 +15,6 @@
#include "crypto_ed25519.h"
#include "ed25519_vectors.inc"
#include <openssl/evp.h>
#include <openssl/rand.h>
/** Run unit tests for Diffie-Hellman functionality. */
static void
test_crypto_dh(void *arg)
@ -331,38 +328,6 @@ test_crypto_rng_strongest(void *arg)
#undef N
}
/* Test for rectifying openssl RAND engine. */
static void
test_crypto_rng_engine(void *arg)
{
(void)arg;
RAND_METHOD dummy_method;
memset(&dummy_method, 0, sizeof(dummy_method));
/* We should be a no-op if we're already on RAND_OpenSSL */
tt_int_op(0, ==, crypto_force_rand_ssleay());
tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
/* We should correct the method if it's a dummy. */
RAND_set_rand_method(&dummy_method);
#ifdef LIBRESSL_VERSION_NUMBER
/* On libressl, you can't override the RNG. */
tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
tt_int_op(0, ==, crypto_force_rand_ssleay());
#else
tt_assert(RAND_get_rand_method() == &dummy_method);
tt_int_op(1, ==, crypto_force_rand_ssleay());
#endif
tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
/* Make sure we aren't calling dummy_method */
crypto_rand((void *) &dummy_method, sizeof(dummy_method));
crypto_rand((void *) &dummy_method, sizeof(dummy_method));
done:
;
}
/** Run unit tests for our AES128 functionality */
static void
test_crypto_aes128(void *arg)
@ -1477,28 +1442,6 @@ test_crypto_digest_names(void *arg)
;
}
#ifndef OPENSSL_1_1_API
#define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX))
#define EVP_ENCODE_CTX_free(ctx) tor_free(ctx)
#endif
/** Encode src into dest with OpenSSL's EVP Encode interface, returning the
* length of the encoded data in bytes.
*/
static int
base64_encode_evp(char *dest, char *src, size_t srclen)
{
const unsigned char *s = (unsigned char*)src;
EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
int len, ret;
EVP_EncodeInit(ctx);
EVP_EncodeUpdate(ctx, (unsigned char *)dest, &len, s, (int)srclen);
EVP_EncodeFinal(ctx, (unsigned char *)(dest + len), &ret);
EVP_ENCODE_CTX_free(ctx);
return ret+ len;
}
/** Run unit tests for misc crypto formatting functionality (base64, base32,
* fingerprints, etc) */
static void
@ -1554,20 +1497,6 @@ test_crypto_formats(void *arg)
tt_assert(digest_from_base64(data3, "###") < 0);
for (i = 0; i < 256; i++) {
/* Test the multiline format Base64 encoder with 0 .. 256 bytes of
* output against OpenSSL.
*/
const size_t enclen = base64_encode_size(i, BASE64_ENCODE_MULTILINE);
data1[i] = i;
j = base64_encode(data2, 1024, data1, i, BASE64_ENCODE_MULTILINE);
tt_int_op(j, OP_EQ, enclen);
j = base64_encode_evp(data3, data1, i);
tt_int_op(j, OP_EQ, enclen);
tt_mem_op(data2, OP_EQ, data3, enclen);
tt_int_op(j, OP_EQ, strlen(data2));
}
/* Encoding SHA256 */
crypto_rand(data2, DIGEST256_LEN);
memset(data2, 100, 1024);
@ -2941,7 +2870,6 @@ struct testcase_t crypto_tests[] = {
CRYPTO_LEGACY(formats),
CRYPTO_LEGACY(rng),
{ "rng_range", test_crypto_rng_range, 0, NULL, NULL },
{ "rng_engine", test_crypto_rng_engine, TT_FORK, NULL, NULL },
{ "rng_strongest", test_crypto_rng_strongest, TT_FORK, NULL, NULL },
{ "rng_strongest_nosyscall", test_crypto_rng_strongest, TT_FORK,
&passthrough_setup, (void*)"nosyscall" },

107
src/test/test_crypto_openssl.c Normal file
View File

@ -0,0 +1,107 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2017, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
#define CRYPTO_PRIVATE
#include "crypto.h"
#include "util.h"
#include "util_format.h"
#include "compat.h"
#include "test.h"
#include <openssl/evp.h>
#include <openssl/rand.h>
#include "compat_openssl.h"
/* Test for rectifying openssl RAND engine. */
static void
test_crypto_rng_engine(void *arg)
{
(void)arg;
RAND_METHOD dummy_method;
memset(&dummy_method, 0, sizeof(dummy_method));
/* We should be a no-op if we're already on RAND_OpenSSL */
tt_int_op(0, ==, crypto_force_rand_ssleay());
tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
/* We should correct the method if it's a dummy. */
RAND_set_rand_method(&dummy_method);
#ifdef LIBRESSL_VERSION_NUMBER
/* On libressl, you can't override the RNG. */
tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
tt_int_op(0, ==, crypto_force_rand_ssleay());
#else
tt_assert(RAND_get_rand_method() == &dummy_method);
tt_int_op(1, ==, crypto_force_rand_ssleay());
#endif
tt_assert(RAND_get_rand_method() == RAND_OpenSSL());
/* Make sure we aren't calling dummy_method */
crypto_rand((void *) &dummy_method, sizeof(dummy_method));
crypto_rand((void *) &dummy_method, sizeof(dummy_method));
done:
;
}
#ifndef OPENSSL_1_1_API
#define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX))
#define EVP_ENCODE_CTX_free(ctx) tor_free(ctx)
#endif
/** Encode src into dest with OpenSSL's EVP Encode interface, returning the
* length of the encoded data in bytes.
*/
static int
base64_encode_evp(char *dest, char *src, size_t srclen)
{
const unsigned char *s = (unsigned char*)src;
EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
int len, ret;
EVP_EncodeInit(ctx);
EVP_EncodeUpdate(ctx, (unsigned char *)dest, &len, s, (int)srclen);
EVP_EncodeFinal(ctx, (unsigned char *)(dest + len), &ret);
EVP_ENCODE_CTX_free(ctx);
return ret+ len;
}
static void
test_crypto_base64_encode_matches(void *arg)
{
(void)arg;
int i, j;
char data1[1024];
char data2[1024];
char data3[1024];
for (i = 0; i < 256; i++) {
/* Test the multiline format Base64 encoder with 0 .. 256 bytes of
* output against OpenSSL.
*/
const size_t enclen = base64_encode_size(i, BASE64_ENCODE_MULTILINE);
data1[i] = i;
j = base64_encode(data2, 1024, data1, i, BASE64_ENCODE_MULTILINE);
tt_int_op(j, OP_EQ, enclen);
j = base64_encode_evp(data3, data1, i);
tt_int_op(j, OP_EQ, enclen);
tt_mem_op(data2, OP_EQ, data3, enclen);
tt_int_op(j, OP_EQ, strlen(data2));
}
done:
;
}
struct testcase_t crypto_openssl_tests[] = {
{ "rng_engine", test_crypto_rng_engine, TT_FORK, NULL, NULL },
{ "base64_encode_match", test_crypto_base64_encode_matches,
TT_FORK, NULL, NULL },
END_OF_TESTCASES
};

3
src/test/test_crypto_slow.c
View File

@ -12,11 +12,8 @@
#if defined(HAVE_LIBSCRYPT_H) && defined(HAVE_LIBSCRYPT_SCRYPT)
#define HAVE_LIBSCRYPT
#include <libscrypt.h>
#endif
#include <openssl/evp.h>
/** Run unit tests for our secret-to-key passphrase hashing functionality. */
static void
test_crypto_s2k_rfc2440(void *arg)

24
src/test/test_link_handshake.c
View File

@ -10,13 +10,6 @@
#include "compat.h"
/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
* srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
DISABLE_GCC_WARNING(redundant-decls)
#include <openssl/x509.h>
#include <openssl/ssl.h>
ENABLE_GCC_WARNING(redundant-decls)
#include "or.h"
#include "config.h"
#include "connection.h"
@ -785,19 +778,14 @@ CERTS_FAIL(expired_rsa_id, /* both */
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1);
const tor_x509_cert_t *idc;
tor_tls_get_my_certs(1, NULL, &idc);
X509 *newc = X509_dup(idc->cert);
tor_x509_cert_t *newc;
time_t new_end = time(NULL) - 86400 * 10;
X509_time_adj(X509_get_notAfter(newc), 0, &new_end);
EVP_PKEY *pk = crypto_pk_get_evp_pkey_(d->key2, 1);
tt_assert(X509_sign(newc, pk, EVP_sha1()));
int len = i2d_X509(newc, NULL);
certs_cell_cert_setlen_body(cert, len);
uint8_t *body = certs_cell_cert_getarray_body(cert);
int len2 = i2d_X509(newc, &body);
tt_int_op(len, ==, len2);
newc = tor_x509_cert_replace_expiration(idc, new_end, d->key2);
certs_cell_cert_setlen_body(cert, newc->encoded_len);
memcpy(certs_cell_cert_getarray_body(cert),
newc->encoded, newc->encoded_len);
REENCODE();
X509_free(newc);
EVP_PKEY_free(pk);
tor_x509_cert_free(newc);
})
CERTS_FAIL(expired_ed_id, /* ed25519 */
{

6
src/test/test_microdesc.c
View File

@ -14,12 +14,6 @@
#include "test.h"
DISABLE_GCC_WARNING(redundant-decls)
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/pem.h>
ENABLE_GCC_WARNING(redundant-decls)
#ifdef _WIN32
/* For mkdir() */
#include <direct.h>

1
src/test/test_rendcache.c
View File

@ -11,7 +11,6 @@
#include "routerlist.h"
#include "config.h"
#include "hs_common.h"
#include <openssl/rsa.h>
#include "rend_test_helpers.h"
#include "log_test_helpers.h"

1
src/test/test_tortls.c
View File

@ -2,6 +2,7 @@
/* See LICENSE for licensing information */
#define TORTLS_PRIVATE
#define TORTLS_OPENSSL_PRIVATE
#define LOG_PRIVATE
#include "orconfig.h"

5
src/test/testing_common.c
View File

@ -38,7 +38,6 @@ const char tor_git_revision[] = "";
#ifdef USE_DMALLOC
#include <dmalloc.h>
#include <openssl/crypto.h>
#include "main.h"
#endif
@ -238,8 +237,8 @@ main(int c, const char **v)
#ifdef USE_DMALLOC
{
int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_);
tor_assert(r);
int r = crypto_use_tor_alloc_functions();
tor_assert(r == 0);
}
#endif