Commit Graph

504 Commits

Author SHA1 Message Date
Nick Mathewson
3aebeeffa5 Every openssl we support has ERR_remove_thread_state 2015-11-10 10:13:04 -05:00
Nick Mathewson
c32a43a4d2 Move openssl version compatibility defines into a new header. 2015-11-10 10:02:21 -05:00
Yawning Angel
3e3ec750cd Fix compilation with OpenSSL 1.1.0-dev.
OpenSSL changed the API:
 * 5998e29035
 * b0700d2c8d
2015-11-06 19:02:56 +00:00
Nick Mathewson
b5aa257d46 Fix "make check-spaces" 2015-10-02 14:33:54 +02:00
Ola Bini
94e5db3dca
Add tests for tortls.c 2015-09-15 17:09:18 +02:00
Nick Mathewson
280672bdbc Handle negative inputs to crypto_random_time_range().
(These inputs are possible when Shadow starts the world at time_t 0,
and breaks our assumption that Tor didn't exist in the 1970s.)

Fixes regression introduced in 241e6b09. Fixes #16980.
2015-09-08 10:22:01 -04:00
Yawning Angel
af898f5475 Add crypto_rand_unmocked, which is crypto_rand without mocking.
There is odd issues with calling crypto_rand from our copy of
ed25519-donna, due to mocking that are not easily resolved.
2015-08-12 15:57:05 +00:00
Nick Mathewson
347fe449fe Move formatting functions around.
The base64 and base32 functions used to be in crypto.c;
crypto_format.h had no header; some general-purpose functions were in
crypto_curve25519.c.

This patch makes a {crypto,util}_format.[ch], and puts more functions
there.  Small modules are beautiful!
2015-07-31 11:21:34 -04:00
Yawning Angel
840e68d917 Integrate and enable ed25519-donna.
The runtime sanity checking is slightly different from the optimized
basepoint stuff in that it uses a given implementation's self tests if
available, and checks if signing/verification works with a test vector
from the IETF EdDSA draft.

The unit tests include a new testcase that will fuzz donna against ref0,
including the blinding and curve25519 key conversion routines.  If this
is something that should be done at runtime (No?), the code can be
stolen from there.

Note: Integrating batch verification is not done yet.
2015-07-06 10:11:10 +00:00
Yawning Angel
f079c27761 Integrate the accelerated Curve25519 scalar basemult.
Integration work scavanged from nickm's `ticket8897_9663_v2` branch,
with minor modifications.  Tor will still sanity check the output but
now also attempts to catch extreme breakage by spot checking the
optimized implementation vs known values from the NaCl documentation.

Implements feature 9663.
2015-07-06 09:57:23 +00:00
Nick Mathewson
753797391f More tweaks for windows compilation. (ick) 2015-06-29 13:47:44 -04:00
Nick Mathewson
d9052c629b Remove checks for visual C 6. 2015-06-29 12:55:03 -04:00
Nick Mathewson
7816ba8f1a Add assertions to crypto_dh_dup()
Without these, coverity is annoyed that aren't checking for NULL in bench.c

CID 1293335 -- found by coverity.
2015-05-28 12:27:22 -04:00
Nick Mathewson
1b52e95028 Merge branch '12498_ed25519_keys_v6'
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28 11:04:33 -04:00
Nick Mathewson
277c9a3580 Note some functions that should move or be merged 2015-05-28 10:47:47 -04:00
Nick Mathewson
efa21bb941 Implement proposal 228: cross-certification with onion keys
Routers now use TAP and ntor onion keys to sign their identity keys,
and put these signatures in their descriptors.  That allows other
parties to be confident that the onion keys are indeed controlled by
the router that generated the descriptor.
2015-05-28 10:40:57 -04:00
Nick Mathewson
fe5d2477aa Implement ed25519-signed descriptors
Now that we have ed25519 keys, we can sign descriptors with them
and check those signatures as documented in proposal 220.
2015-05-28 10:40:56 -04:00
Nick Mathewson
0b7bf3585a Generate error ASAP if building with too-old openssl 2015-05-21 11:54:13 -04:00
Nick Mathewson
ed02a409cf Merge branch 'bug16034_no_more_openssl_098_squashed'
Conflicts:
	src/test/testing_common.c
2015-05-20 15:33:22 -04:00
Nick Mathewson
f8f407d66a Now that OpenSSL 0.9.8 is dead, crypto_seed_rng() needs no args
It needed an argument before because it wasn't safe to call
RAND_poll() on openssl 0.9.8c if you had already opened more fds
than would fit in fd_set.
2015-05-20 15:27:36 -04:00
Nick Mathewson
971f0f8e18 Remove code to support OpenSSL 0.9.8 2015-05-20 15:27:36 -04:00
Yawning Angel
53a347592a ERR_remove_state() is deprecated since OpenSSL 1.0.0.
OpenSSL 1.1.0 must be built with "enable-deprecated", and compiled with
`OPENSSL_USE_DEPRECATED` for this to work, so instead, use the newer
routine as appropriate.
2015-05-13 11:13:07 -04:00
Yawning Angel
915c7438a7 Add "ADD_ONION"/"DEL_ONION" and "GETINFO onions/*" to the controller.
These commands allow for the creation and management of ephemeral
Onion ("Hidden") services that are either bound to the lifetime of
the originating control connection, or optionally the lifetime of
the tor instance.

Implements #6411.
2015-04-28 10:19:08 -04:00
Nick Mathewson
9a81ed1d23 Fix some RNG function issues 2015-04-23 11:13:51 -04:00
Nick Mathewson
c3894473fe whitespace fixes 2015-04-23 09:36:43 -04:00
Nick Mathewson
241e6b0937 Fix some conversion problems 2015-04-23 09:16:42 -04:00
Nick Mathewson
647b7d37c2 Merge remote-tracking branch 'public/bug15745_027_03' 2015-04-23 09:10:35 -04:00
Nick Mathewson
55118d90ca Fix some implicit conversion warnings 2015-04-23 09:09:20 -04:00
Yawning Angel
196499da73 Use a custom Base64 encoder with more control over the output format. 2015-04-23 09:06:58 -04:00
Nick Mathewson
6bf31543dc Make the crypto_rand_int_range return value right-exclusive. 2015-04-21 11:30:21 -04:00
David Goulet
3f41318472 Add crypto_rand_int_range() and use it
Incidently, this fixes a bug where the maximum value was never used when
only using crypto_rand_int(). For instance this example below in
rendservice.c never gets to INTRO_POINT_LIFETIME_MAX_SECONDS.

  int intro_point_lifetime_seconds =
    INTRO_POINT_LIFETIME_MIN_SECONDS +
    crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS -
                    INTRO_POINT_LIFETIME_MIN_SECONDS);

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 11:06:12 -04:00
Yawning Angel
ba2485f7df Remove USE_OPENSSL_BASE64 and the associated code.
The alternative has been available since 2007, there's no way to
actually enable the ifdef, and it breaks on well formed but not OpenSSL
style inputs.
2015-04-10 09:12:47 +00:00
Nick Mathewson
cd8f13b5cb Merge branch 'bug13736' 2015-04-01 13:46:50 -04:00
Nick Mathewson
baf24bf4d1 Unindent a block in crypto_set_tls_dh_prime 2015-04-01 13:40:37 -04:00
cypherpunks
5176f6f103 Remove relative paths to header files.
The paths are already in the directory search path of the compiler therefore no
need to include them in the source code.
2015-03-14 13:00:05 -04:00
Nick Mathewson
511ca9b91c Remove DynamicDHGroups as obsoleted by PluggableTransports or P256.
Closes ticket 13736.
2015-03-14 12:40:55 -04:00
Nick Mathewson
e9caa8645e Try to work around changes in openssl 1.1.0
Prefer not to use a couple of deprecated functions; include more
headers in tortls.c

This is part of  ticket 14188.
2015-01-28 10:00:58 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
Nick Mathewson
0965bbd5ac Merge remote-tracking branch 'origin/maint-0.2.5' 2014-12-22 16:02:47 -05:00
Nick Mathewson
6d728ba880 Merge remote-tracking branch 'public/bug14013_024' into maint-0.2.5 2014-12-22 15:58:49 -05:00
Nick Mathewson
47760c7ba5 When decoding a base-{16,32,64} value, clear the target buffer first
This is a good idea in case the caller stupidly doesn't check the
return value from baseX_decode(), and as a workaround for the
current inconsistent API of base16_decode.

Prevents any fallout from bug 14013.
2014-12-22 12:56:35 -05:00
George Kadianakis
447ece46f5 Constify crypto_pk_get_digest(). 2014-12-02 12:15:11 +00:00
rl1987
4b18d8931b Downgrade RSA signature verification failure error message to info loglevel. 2014-11-09 17:39:23 +02:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
teor
2e1f5c1fc0 Memwipe more keys after tor has finished with them
Ensure we securely wipe keys from memory after
crypto_digest_get_digest and init_curve25519_keypair_from_file
have finished using them.

Fixes bug 13477.
2014-10-20 03:06:28 +11:00
Nick Mathewson
90bce702ba Merge remote-tracking branch 'public/bug10816' 2014-10-09 10:57:19 -04:00
Nick Mathewson
42350968a9 Drop check for NTE_BAD_KEYSET error
Any error when acquiring the CryptoAPI context should get treated as
bad.  Also, this one can't happen for the arguments we're giving.
Fixes bug 10816; bugfix on 0.0.2pre26.
2014-08-29 13:24:29 -04:00
Nick Mathewson
e72a5b3c07 Move secret-to-key functionality into a separate module
I'm about to add more of these, so we might as well trudge forward.
2014-08-28 12:04:22 -04:00
Nick Mathewson
9b2d8c4e20 Rename secret_to_key to secret_to_key_rfc2440 2014-08-28 11:20:31 -04:00
Nick Mathewson
2bfd92d0d1 Apply coccinelle script to replace malloc(a*b)->calloc(a,b) 2014-08-13 10:39:56 -04:00