Nick Mathewson
52d5f4da12
Avoid spurious error logs when using NSS
...
The tls_log_errors() function now behaves differently for NSS than
it did for OpenSSL, so we need to tweak it a bit.
2018-09-04 14:52:35 -04:00
Nick Mathewson
dd04fc35c6
Remove tor_tls_shutdown()
...
This function was supposed to implement a half-duplex mode for our
TLS connections. However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me. It's probably best to remove it. We can add a tested one
later if we need one in the future.
2018-09-04 14:52:35 -04:00
Nick Mathewson
5205c7fd90
Initial NSS support for TLS.
...
This is enough to get a chutney network to bootstrap, though a bunch
of work remains.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3507fead10
Merge branch 'tor_api_owning_control'
2018-09-04 11:04:21 -04:00
cypherpunks
d32b08af6f
string: add string_is_utf8() helper
...
Ticket #27373 .
2018-09-03 13:54:43 +00:00
Mike Perry
93ff8b411a
Merge branch 'ticket25573-034' into ticket25573-master
2018-08-29 17:10:06 +00:00
Nick Mathewson
219f6ea516
Fix log.c comments about assert vs tor_assert vs raw_assert.
2018-08-28 15:58:16 -04:00
Nick Mathewson
c567b8fcb4
NSS support for x509 certs
...
7 unit tests are failing at this point, but they're all TLS-related.
2018-08-22 16:11:45 -04:00
Nick Mathewson
7c5339677f
Log error strings in crypto_nss_log_errors().
...
I'll need this for debugging.
2018-08-22 12:36:25 -04:00
Nick Mathewson
de66bd397c
Merge branch 'maint-0.3.4'
2018-08-21 19:20:37 -04:00
Nick Mathewson
5245a296c5
Make some x509 functions generic; remove some fields NSS doesn't need
2018-08-21 12:25:33 -04:00
Nick Mathewson
b9ca8f2356
Extract internal-only parts of x509.h
2018-08-21 12:25:33 -04:00
Nick Mathewson
108d9879eb
Extract the non-generic part of tor_tls_context_decref().
2018-08-21 12:25:33 -04:00
Nick Mathewson
96f8e19802
Implement PBKDF2 with NSS.
...
This was a gap that we left in the last commit.
2018-08-21 12:25:33 -04:00
Nick Mathewson
6a88d8f6b4
When enabling NSS, disable OpenSSL.
...
We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.
Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
- tor-gencert
- pbkdf2
2018-08-21 12:25:33 -04:00
Nick Mathewson
1992c76130
Split tls modules and their tests into openssl and generic.
...
Also, add a stubbed-out nss version of the modules. The tests won't
pass with NSS yet since the NSS modules don't do anything.
This is a good patch to read with --color-moved.
2018-08-21 12:25:33 -04:00
Nick Mathewson
91c1e88b7a
Refactor some of the certificate-manipulation logic
2018-08-21 12:25:33 -04:00
Nick Mathewson
598bc78bfa
Extract tortls structures into a new header; clean up a little
2018-08-21 12:25:33 -04:00
Nick Mathewson
9a4f05b05c
Split X509 code out of tortls.c
2018-08-21 12:25:33 -04:00
Nick Mathewson
aa45511250
Implement RSA for NSS.
2018-08-21 12:24:08 -04:00
Nick Mathewson
b94e7de7db
Refactor crypto_rsa to use pem module.
...
This cleans up a lot of junk from crypto_rsa_openssl, and will
save us duplicated code in crypto_rsa_nss (when it exists).
(Actually, it already exists, but I am going to use git rebase so
that this commit precedes the creation of crypto_rsa_nss.)
2018-08-21 12:24:08 -04:00
Nick Mathewson
9566ed6fd9
Add rudimentary support for PEM-encoding, since NSS doesn't do that.
2018-08-21 12:24:08 -04:00
Nick Mathewson
0812f1cbc2
Use a constant for "65537"
2018-08-21 12:24:08 -04:00
Nick Mathewson
824009cde5
Rename openssl-bridging functions in crypto_rsa
...
These functions exist only to expose RSA keys to other places in Tor
that use OpenSSL; let's be specific about their purpose.
2018-08-21 12:24:08 -04:00
Nick Mathewson
38212d2e40
Remove a redundant function.
2018-08-21 12:24:08 -04:00
Nick Mathewson
0f971d7c91
Rename functions that encode/decode private keys
...
It is not nice to expose a private key's contents without having the
function name advertise the fact. Fortunately, we weren't misusing
these yet.
2018-08-21 12:24:08 -04:00
Nick Mathewson
752ffa2197
Extract openssl RSA functionality into its own file.
2018-08-21 12:24:08 -04:00
rl1987
5ab2110eb6
Rework predicted_ports_prediction_time_remaining() to fix CID 1438153
2018-08-19 21:03:01 +03:00
Unto Sten
ba3c785092
Inform users about configuration file and directory includes
...
This patch makes it clearer to users what settings Tor daemon
is actually using. I think it is pretty important.
2018-08-17 14:08:59 +03:00
Nick Mathewson
e56f0c9d33
Adjust windows stubs for new start/finish_daemon() return types
2018-08-14 16:44:59 -04:00
Nick Mathewson
a57c27a1c7
Call crypto_postfork on start_daemon() instead.
2018-08-08 17:32:26 -04:00
Nick Mathewson
622a2c6bee
Make finish_daemon() return a boolean to say whether it did anything.
2018-08-08 16:59:53 -04:00
Nick Mathewson
26f1167e71
Merge branch 'bug26779_033' into bug26779_035
2018-08-08 15:50:29 -04:00
Nick Mathewson
7787150521
Merge branch 'maint-0.3.4'
2018-08-08 09:26:23 -04:00
Nick Mathewson
622a057e7e
Merge remote-tracking branch 'public/string_coverage'
2018-08-03 07:03:29 -04:00
Nick Mathewson
f83b417bf8
Suppress strict-prototypes warning in crypto_nss_mgt.c
2018-08-02 08:41:33 -04:00
Nick Mathewson
727f1676d6
Fix double-link of crypto_openssl_mgt.c
2018-08-02 08:38:59 -04:00
Nick Mathewson
b590cc0449
Add a cast to make clang happier.
2018-08-02 08:36:24 -04:00
Nick Mathewson
ff7229b32c
Document new helper functions in socketpair.c
2018-08-01 11:01:52 -04:00
Nick Mathewson
1b7b9c7e63
Reindent tor_ersatz_socketpair
2018-08-01 11:01:52 -04:00
Nick Mathewson
fc0dc5aa9e
Refactor tor_ersatz_socketpair() not to need socket.
...
This change also makes tor_ersatz_socketpair() follow the same
interface as socketpair() rather than tor_socketpair(), so it now
needs to be wrapped in the same code as socketpair() does.
2018-08-01 11:01:52 -04:00
Nick Mathewson
9b24609af0
Remove dependency from socketpair.c on address.h
...
Also refactor some annoying code in tor_ersatz_socketpair.
2018-08-01 09:24:22 -04:00
Nick Mathewson
2884639ad6
Extract tor_ersatz_socketpair into a new c file
...
I'm doing this because I want to make it a lower-level function
again, so that we can use it without linking in the rest of the
universe.
2018-08-01 08:47:27 -04:00
Nick Mathewson
a4c0a0e81e
Fix issues with crypto_ope compilation now that crypto.h is gone
2018-07-31 19:56:42 -04:00
Nick Mathewson
fdaa483098
Merge branch 'nss_dh_squashed' into nss_dh_squashed_merged
2018-07-31 19:56:23 -04:00
Nick Mathewson
17f922d371
Only link crypto_dh_openssl.c once
...
(We do this unconditionally, since we still need it for tortls.c)
2018-07-31 19:46:00 -04:00
Nick Mathewson
17ea931ac7
Implement DH in NSS.
2018-07-31 19:46:00 -04:00
Nick Mathewson
32bbc8f6b5
Refactor the dependency between tortls and crypto_dh.
...
We only ever need this to get us a DH ephemeral key object,
so make a function that does just that.
2018-07-31 19:46:00 -04:00
Nick Mathewson
ac9a470c64
Extract the shared part of crypto_dh_compute_secret.
2018-07-31 19:46:00 -04:00
Nick Mathewson
60a5b78480
Extract the OpenSSL DH functionality to a new file.
2018-07-31 19:46:00 -04:00
Nick Mathewson
2d80673b9a
Fix "make distcheck."
2018-07-31 19:46:00 -04:00
Nick Mathewson
76e10ee6b9
Use NSS for AES_CTR.
2018-07-31 19:46:00 -04:00
Nick Mathewson
60705a5719
Use NSS in crypto_rand.c
...
This is comparatively straightforward too, except for a couple of
twists:
* For as long as we're building with two crypto libraries, we
want to seed _both_ their RNGs, and use _both_ their RNGs to
improve the output of crypto_strongest_rand()
* The NSS prng will sometimes refuse to generate huge outputs.
When it does, we stretch the output with SHAKE. We only need
this for the tests.
2018-07-31 19:46:00 -04:00
Nick Mathewson
f64c9dccde
Use NSS's digest code in Tor.
...
This was a fairly straightforward port, once I realized which layer
I should be calling into.
2018-07-31 19:46:00 -04:00
teor
e26794ace9
Add TOR_PRIdSZ to torint.h
2018-07-31 11:21:28 +10:00
Nick Mathewson
acb54dee7b
Remove a now-obsolete comment about deadcode_dummy__
2018-07-30 09:09:10 -04:00
Nick Mathewson
70b16bc679
Merge branch 'ticket26890'
2018-07-30 09:08:39 -04:00
Nick Mathewson
13393b2d91
Merge remote-tracking branch 'rl1987/ticket21349_4'
2018-07-30 08:49:49 -04:00
Nick Mathewson
5823e62fa2
Merge branch 'maint-0.3.4'
2018-07-30 08:17:25 -04:00
rl1987
e6c51a056c
Make entry_guards_update_primary() shorter
2018-07-21 18:38:33 +03:00
Nick Mathewson
c515dc8d0d
Remove over-cleverness from our coverity BUG() definition.
...
Our previous definition implied that code would never keep running
if a BUG occurred (which it does), and that BUG(x) might be true
even if x was false (which it can't be).
Closes ticket 26890. Bugfix on 0.3.1.4-alpha.
2018-07-20 11:19:54 -04:00
Nick Mathewson
7253603e6b
Merge branch 'bug26712'
2018-07-19 12:20:13 -04:00
Nick Mathewson
ee12c11dd4
Increase line coverage in libtor-string to 100%
...
(On linux.)
2018-07-17 16:47:32 -04:00
Nick Mathewson
e2b744ce38
Merge branch 'bug25552_ope_squashed'
2018-07-17 16:19:32 -04:00
George Kadianakis
0140052a35
Make the OPE scheme return CRYPTO_OPE_ERROR on error.
...
Instead of UINT64_MAX.
2018-07-17 15:57:46 -04:00
George Kadianakis
34a5eb5904
Increase OPE_INPUT_MAX.
2018-07-17 15:57:46 -04:00
Nick Mathewson
3a45f6ffe9
Implementation for a simple order-preserving encryption scheme.
...
This is meant for use when encrypting the current time within the
period in order to get a monotonically increasing revision counter
without actually revealing our view of the time.
This scheme is far from the most state-of-the-art: don't use it for
anything else without careful analysis by somebody much smarter than
I am.
See ticket #25552 for some rationale for this logic.
2018-07-17 15:57:46 -04:00
Nick Mathewson
d811ce2421
Add postfork support for nss
...
We need this in our unit tests, since otherwise NSS will notice
we've forked and start cussing us out.
I suspect we'll need a different hack for daemonizing, but this
should be enough for tinytest to work.
2018-07-13 12:35:22 -04:00
Nick Mathewson
c317e78dd7
Initialize and shut down NSS.
...
This is largely conjectural, based on online documentation for NSS
and NSPR.
2018-07-13 12:35:22 -04:00
Nick Mathewson
f45107e7de
Rename crypto.c to crypto_cipher.c (since that's all it still has.)
2018-07-11 14:12:36 -04:00
Nick Mathewson
9010797e63
Remove most includes from crypto.c
2018-07-11 14:02:23 -04:00
Nick Mathewson
922208bd2d
Extract and rename crypto_log_errors().
2018-07-11 13:54:47 -04:00
Nick Mathewson
8e2df98860
Move crypto_add_spaces_to_fp() to crypto_rsa.c
2018-07-11 13:51:26 -04:00
Nick Mathewson
12a1ada158
Move the initialization and cleanup parts of crypto.c
...
These are now part of crypto_init.c. The openssl-only parts now
live in crypto_openssl_mgt.c.
I recommend reviewing this patch with -b and --color-moved.
2018-07-11 13:45:49 -04:00
Nick Mathewson
79267bad65
Add a configure switch to build with NSS.
...
When it is set, include the NSS headers and libraries as
appropriate. Doesn't actually use them yet, though.
2018-07-11 13:22:20 -04:00
Nick Mathewson
2b52360448
Only use OpenSSL kdf support if it is present.
...
We have to check for ERR_load_KDF_strings() here, since that's the
only one that's actually a function rather than a macro.
Fixes compilation with LibreSSL. Fixes bug 26712; bug not in
any released Tor.
2018-07-11 10:19:06 -04:00
Nick Mathewson
5aee26ee46
Move all use cases of micro-revision.i to a single place
...
That place is git-revision.c; git-revision.c now lives in lib/log.
Also fix the compilation rules so that all object files that need
micro-revision.i depend on it.
2018-07-11 09:52:39 -04:00
Nick Mathewson
537092cdbb
Merge branch 'ticket26223'
2018-07-10 20:18:28 -04:00
Nick Mathewson
c90961a923
Document compat_getdelim_.
2018-07-10 20:18:20 -04:00
Nick Mathewson
b6d0e7caa4
Rename tm_cvt to time_to_tm
2018-07-10 15:25:53 -04:00
Nick Mathewson
e7f5f48d68
Rename torlog.[ch] to log.[ch]
...
Fun fact: these files used to be called log.[ch] until we ran into
conflicts with systems having a log.h file. But now that we always
include "lib/log/log.h", we should be fine.
2018-07-10 15:20:30 -04:00
Nick Mathewson
41640b6573
Rename util_malloc to malloc.
2018-07-10 15:16:57 -04:00
Nick Mathewson
6711a172c0
Merge remote-tracking branch 'neel/fbsd-cfix'
2018-07-10 14:50:49 -04:00
Nick Mathewson
8de48c111c
Remove addr_port_lookup.
...
This lets us cut the dependency from address.c to resolve.c: the
address.c module now has no paths to the libc resolver in it.
2018-07-10 13:32:37 -04:00
Nick Mathewson
2f657a1416
Remove all users of addr_port_lookup outside of address.c
...
This function has a nasty API, since whether or not it invokes the
resolver depends on whether one of its arguments is NULL. That's a
good way for accidents to happen.
This patch incidentally makes tor-resolve support socks hosts on
IPv6.
2018-07-10 13:23:37 -04:00
Nick Mathewson
c2ddb7b231
Move tor_addr_{,port_}lookup to resolve.c
2018-07-10 13:00:02 -04:00
Nick Mathewson
5d8336c182
Refactor ipv[46].[ch]
...
These are now combined into an inaddr.[ch], since their purpose is
to implement functions for struct in_addr and struct in6_addr.
The definitions for in6_addr and its allies are now in a separate
header, inaddr_st.h.
Closes ticket 26532.
2018-07-10 12:50:38 -04:00
Neel Chauhan
6d58c20d94
Fix build on FreeBSD post-refactor
2018-07-10 12:32:14 -04:00
Nick Mathewson
4f42c923d6
File-level summary documentation for src/lib/*/*.[ch]
2018-07-10 12:22:01 -04:00
Nick Mathewson
b04d719c10
Integrate getdelim() and getline() support into Tor.
2018-07-10 10:36:49 -04:00
Nick Mathewson
19f2057d49
Fix some lingering windows compilation issues from Jenkins.
...
These were caused by the recent refactoring.
2018-07-09 12:54:40 -04:00
Nick Mathewson
eb856a3e51
strcasecmp should not take a size_t argument
2018-07-09 11:17:23 -04:00
Nick Mathewson
03283c00d8
Merge remote-tracking branch 'rl1987/bug26525'
2018-07-09 09:31:12 -04:00
Nick Mathewson
b8554dd880
Make Tor compile with --disable-memory-sentinels again
2018-07-09 08:44:16 -04:00
Nick Mathewson
753b797ca4
Fix up .may_includes for evloop.
2018-07-05 15:50:20 -04:00
Nick Mathewson
2d69c32bb6
Clean up include paths for libtor-evloop (automated)
2018-07-05 15:22:17 -04:00
Nick Mathewson
1e417b7275
All remaining files in src/common belong to the event loop.
2018-07-05 15:22:17 -04:00
Nick Mathewson
947de40d19
Move openbsd-malloc responsibility to lib/malloc
...
(Note that this is not believed to work, but we may as well have it
in the right place till we remove it)
2018-07-05 15:07:08 -04:00
Nick Mathewson
24c0f83185
Move socks5_status.h to src/lib/net
...
There might be a better place for it in the long run, but this is
the best I can think of for now.
2018-07-05 14:48:29 -04:00
Nick Mathewson
0e4b1781f4
Move handles.h to src/lib/container
...
There might be a better place for it in the long run, but this is
the best we can think of for now.
2018-07-05 14:45:34 -04:00