nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 21:53:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,701 Commits 53 Branches 630 Tags 125 MiB
69fc025e95
Commit Graph

562 Commits

Author SHA1 Message Date
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00
Nick Mathewson
882e0fbd76 Merge branch 'bug17795' 2016-02-23 07:25:12 -05:00
Nick Mathewson
e202f3a1ca Fix an erroneous renaming 
Did you know that crypto_digest_all is a substring of
crypto_digest_alloc_bytes()?  Hence the mysterious emergence of
"crypto_common_digestsoc_bytes".

Next time I should use the \b assertion in my regexen.

Spotted by Mike.
 2016-02-23 07:22:53 -05:00
Nick Mathewson
9746aed2ba Another automated rename. 
Also simplify crypto_common_digests() to have no loop.
 2016-02-10 15:32:12 -05:00
Nick Mathewson
8a4bba06d2 Rename crypto_digest_all, and digests_t. 
They are no longer "all" digests, but only the "common" digests.

Part of 17795.

This is an automated patch I made with a couple of perl one-liners:

  perl -i -pe 's/crypto_digest_all/crypto_common_digests/g;' src/*/*.[ch]
  perl -i -pe 's/\bdigests_t\b/common_digests_t/g;' src/*/*.[ch]
 2016-02-10 15:28:19 -05:00
Nick Mathewson
0f5f6b8a41 Merge remote-tracking branch 'yawning/bug18221' 2016-02-06 15:30:22 -05:00
Nick Mathewson
31a27729b9 Fix spaces. 2016-02-06 14:00:24 -05:00
Nick Mathewson
03371e3d3c Merge branch 'cleaned_aes_crypt' 2016-02-06 13:54:09 -05:00
Malek
a9cd291753 Removed aes_crypt, left only aes_crypt_inplace. Removed should_use_openssl_CTR, was used for openssl 1.0.0 bug. 2016-02-06 13:38:11 -05:00
Hassan Alsibyani
edd93f9de8 changing output of crypto_cipher_crypt_inplace from int to void 2016-02-06 12:14:39 -05:00
Nick Mathewson
27582325dc Make Tor build happily with OpenSSL master and libressl. 
Also tested with 1.0.0t and 1.0.2f.

Closes ticket 19784.

Closes most of 17921. (Still need to make some tests pass.)
 2016-02-03 11:13:12 -05:00
Yawning Angel
c625ab9f5a Validate the DH parameters for correctness. 
We use sensible parameters taken from common sources, and no longer
have dynamic DH groups as an option, but it feels prudent to have
OpenSSL validate p and g at initialization time.
 2016-02-02 22:03:48 +00:00
Nick Mathewson
39b597c2fd Restrict the meaning of digests_t to sha1+sha256. 
This saves CPU and RAM when handling consensuses and x509 certs.

Closes ticket 17795; bug not in any released tor.
 2016-01-27 13:10:17 -05:00
Nick Mathewson
f557a7f327 Merge branch 'maint-0.2.7' 2016-01-19 08:30:48 -05:00
Nick Mathewson
534a0ba59b Merge branch 'maint-0.2.6' into maint-0.2.7 2016-01-19 08:30:39 -05:00
Nick Mathewson
e2efa9e321 Refine the memwipe() arguments check for 18089 a little more. 
We still silently ignore
     memwipe(NULL, ch, 0);
and
     memwipe(ptr, ch, 0);  /* for ptr != NULL */

But we now assert on:
     memwipe(NULL, ch, 30);
 2016-01-19 08:28:58 -05:00
Nick Mathewson
ab58f60321 Merge branch 'maint-0.2.7' 2016-01-18 20:03:28 -05:00
Nick Mathewson
8335b1f9a9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-01-18 20:00:16 -05:00
teor (Tim Wilson-Brown)
db81565331 Make memwipe() do nothing when passed a NULL pointer or zero size 
Check size argument to memwipe() for underflow.

Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
 2016-01-18 19:58:07 -05:00
Nick Mathewson
1d6dd288e1 Try a little harder to only use SecureZeroMemory when it's present 
We could be using AC_CHECK_FUNC_DECL too, but it shouldn't be needed.
 2016-01-11 09:02:42 -05:00
Nick Mathewson
a1019b82c1 Merge remote-tracking branch 'public/feature16794_more' 2016-01-08 14:54:51 -08:00
rl1987
fb373a9ef6 On win32, use SecureZeroMemory() to securely wipe buffers. 
{Also tweak the comments. -nickm)
 2016-01-07 14:25:31 -08:00
Nick Mathewson
3783046f3b Use memset_s or explicit_bzero when available. 2016-01-07 12:53:24 -08:00
Nick Mathewson
603110aa1d Merge branch 'feature17796_squashed' 2015-12-29 09:48:39 -05:00
Nick Mathewson
488cdee5e7 When allocating a crypto_digest_t, allocate no more bytes than needed 
Previously we would allocate as many bytes as we'd need for a
keccak--even when we were only calculating SHA1.

Closes ticket 17796.
 2015-12-29 09:47:04 -05:00
Nick Mathewson
6365859825 Disable the dynlock functions we were giving openssl. 
OpenSSL doesn't use them, and fwict they were never called. If some
version of openssl *does* start using them, we should test them before
we turn them back on.

See ticket 17926
 2015-12-23 09:58:36 -05:00
Nick Mathewson
d7c841f467 Unit tests for crypto_force_rand_ssleay(). 
Part of 16794.
 2015-12-23 09:58:08 -05:00
Nick Mathewson
4ec0f8531e Add an unreachable line to make the compiler happy 2015-12-22 10:27:04 -05:00
Nick Mathewson
bb19799a49 Appease "make check-spaces" 2015-12-20 15:00:20 -05:00
Yawning Angel
9467485517 Add crypto_xof_t and assorted routines, backed by SHAKE256. 
This is an eXtendable-Output Function with the following claimed
security strengths against *all* adversaries:

 Collision: min(d/2, 256)
 Preimage: >= min(d, 256)
 2nd Preimage: min(d, 256)

 where d is the amount of output used, in bits.
 2015-12-19 22:45:21 +00:00
Yawning Angel
687f9b3bd7 Add the SHA-3 hash functions to common/crypto.h. 
* DIGEST_SHA3_[256,512] added as supported algorithms, which do
   exactly what is said on the tin.
 * test/bench now benchmarks all of the supported digest algorithms,
   so it's possible to see just how slow SHA-3 is, though the message
   sizes could probably use tweaking since this is very dependent on
   the message size vs the SHA-3 rate.
 2015-12-19 22:44:05 +00:00
cypherpunks
824a6a2a90 Replace usage of INLINE with inline 
This patch was generated using;

  sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
 2015-12-15 11:34:00 -05:00
Nick Mathewson
f3ed5ec0ca Fix a pair of dead assignments 2015-12-11 09:35:43 -05:00
Nick Mathewson
4d13cc69ce make stack-protector happy 2015-12-10 11:50:02 -05:00
Nick Mathewson
390d3fa3af add a static 2015-12-10 09:43:55 -05:00
Nick Mathewson
ce3b7ddb54 improve a comment in memwipe 2015-12-10 09:03:47 -05:00
Nick Mathewson
7186e2a943 Merge remote-tracking branch 'public/feature17694_strongest_027' 2015-12-10 09:02:10 -05:00
Nick Mathewson
631e3517e3 Mark a couple more arguments as unused. 2015-12-09 11:58:32 -05:00
Nick Mathewson
3843c6615c Small cleanups and comment fixes to rng functions. 2015-12-09 09:15:57 -05:00
Nick Mathewson
3a69fcb01f try a little harder with getrandom types to avoid warnings 2015-12-09 08:31:29 -05:00
Nick Mathewson
0df014edad mark a variable unused. 2015-12-08 17:17:17 -05:00
Nick Mathewson
b701b7962b Fix comment switcheroo. Spotted by skruffy 2015-12-08 12:53:51 -05:00
Yawning Angel
353c71516e Add support for getrandom() and getentropy() when available 
Implements feature #13696.
 2015-12-08 12:34:53 -05:00
Nick Mathewson
2259de0de7 Always hash crypto_strongest_rand() along with some prng 
(before using it for anything besides feeding the PRNG)

Part of #17694
 2015-12-08 10:54:42 -05:00
Nick Mathewson
e5754c42d1 Merge branch 'bug17686_v2_027' 2015-11-25 22:33:49 -05:00
Nick Mathewson
1cfa2bc859 Fix documentation for crypto_rand* 2015-11-25 22:29:59 -05:00
Nick Mathewson
ddcbe26474 Now that crypto_rand() cannot fail, it should return void. 2015-11-25 22:29:59 -05:00
Nick Mathewson
10fdee6285 Add crypto-initializer functions to those whose return values must be checked 2015-11-25 22:29:59 -05:00
Nick Mathewson
dedea28c2e Make crypto_seed_rng() and crypto_rand() less scary. 
These functions must really never fail; so have crypto_rand() assert
that it's working okay, and have crypto_seed_rng() demand that
callers check its return value.  Also have crypto_seed_rng() check
RAND_status() before returning.
 2015-11-25 22:29:59 -05:00
teor (Tim Wilson-Brown)
b1b8f7982e Check the return value of HMAC in crypto.c and assert on error 
Fixes bug #17658; bugfix on commit in fdbb9cdf74 (11 Oct 2011)
in tor version 0.2.3.5-alpha-dev.
 2015-11-26 10:46:36 +11:00