Nick Mathewson
c18967d6c8
changes file for our NSS support
2018-09-04 14:52:35 -04:00
Nick Mathewson
52d5f4da12
Avoid spurious error logs when using NSS
...
The tls_log_errors() function now behaves differently for NSS than
it did for OpenSSL, so we need to tweak it a bit.
2018-09-04 14:52:35 -04:00
Nick Mathewson
dd04fc35c6
Remove tor_tls_shutdown()
...
This function was supposed to implement a half-duplex mode for our
TLS connections. However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me. It's probably best to remove it. We can add a tested one
later if we need one in the future.
2018-09-04 14:52:35 -04:00
Nick Mathewson
5205c7fd90
Initial NSS support for TLS.
...
This is enough to get a chutney network to bootstrap, though a bunch
of work remains.
2018-09-04 14:52:35 -04:00
Nick Mathewson
c567b8fcb4
NSS support for x509 certs
...
7 unit tests are failing at this point, but they're all TLS-related.
2018-08-22 16:11:45 -04:00
Nick Mathewson
7c5339677f
Log error strings in crypto_nss_log_errors().
...
I'll need this for debugging.
2018-08-22 12:36:25 -04:00
Nick Mathewson
8148c0717d
Change log_test_helpers macros to use printf, not pasting
...
This ensures that our test failure messages actually tell us what
strings Tor was expecting. I will need this to debug some test
failures.
2018-08-22 10:55:55 -04:00
Nick Mathewson
5245a296c5
Make some x509 functions generic; remove some fields NSS doesn't need
2018-08-21 12:25:33 -04:00
Nick Mathewson
b9ca8f2356
Extract internal-only parts of x509.h
2018-08-21 12:25:33 -04:00
Nick Mathewson
108d9879eb
Extract the non-generic part of tor_tls_context_decref().
2018-08-21 12:25:33 -04:00
Nick Mathewson
96f8e19802
Implement PBKDF2 with NSS.
...
This was a gap that we left in the last commit.
2018-08-21 12:25:33 -04:00
Nick Mathewson
6a88d8f6b4
When enabling NSS, disable OpenSSL.
...
We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.
Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
- tor-gencert
- pbkdf2
2018-08-21 12:25:33 -04:00
Nick Mathewson
1992c76130
Split tls modules and their tests into openssl and generic.
...
Also, add a stubbed-out nss version of the modules. The tests won't
pass with NSS yet since the NSS modules don't do anything.
This is a good patch to read with --color-moved.
2018-08-21 12:25:33 -04:00
Nick Mathewson
91c1e88b7a
Refactor some of the certificate-manipulation logic
2018-08-21 12:25:33 -04:00
Nick Mathewson
598bc78bfa
Extract tortls structures into a new header; clean up a little
2018-08-21 12:25:33 -04:00
Nick Mathewson
9a4f05b05c
Split X509 code out of tortls.c
2018-08-21 12:25:33 -04:00
Nick Mathewson
3ccb94d7b6
The RSA_free in this test is no longer needed or wanted
2018-08-21 12:24:08 -04:00
Nick Mathewson
aa45511250
Implement RSA for NSS.
2018-08-21 12:24:08 -04:00
Nick Mathewson
cb5cfe3177
Also reinitialize the pregenerated keys postfork.
2018-08-21 12:24:08 -04:00
Nick Mathewson
b94e7de7db
Refactor crypto_rsa to use pem module.
...
This cleans up a lot of junk from crypto_rsa_openssl, and will
save us duplicated code in crypto_rsa_nss (when it exists).
(Actually, it already exists, but I am going to use git rebase so
that this commit precedes the creation of crypto_rsa_nss.)
2018-08-21 12:24:08 -04:00
Nick Mathewson
9566ed6fd9
Add rudimentary support for PEM-encoding, since NSS doesn't do that.
2018-08-21 12:24:08 -04:00
Nick Mathewson
0812f1cbc2
Use a constant for "65537"
2018-08-21 12:24:08 -04:00
Nick Mathewson
824009cde5
Rename openssl-bridging functions in crypto_rsa
...
These functions exist only to expose RSA keys to other places in Tor
that use OpenSSL; let's be specific about their purpose.
2018-08-21 12:24:08 -04:00
Nick Mathewson
38212d2e40
Remove a redundant function.
2018-08-21 12:24:08 -04:00
Nick Mathewson
0f971d7c91
Rename functions that encode/decode private keys
...
It is not nice to expose a private key's contents without having the
function name advertise the fact. Fortunately, we weren't misusing
these yet.
2018-08-21 12:24:08 -04:00
Nick Mathewson
752ffa2197
Extract openssl RSA functionality into its own file.
2018-08-21 12:24:08 -04:00
Nick Mathewson
e56f0c9d33
Adjust windows stubs for new start/finish_daemon() return types
2018-08-14 16:44:59 -04:00
Nick Mathewson
a57c27a1c7
Call crypto_postfork on start_daemon() instead.
2018-08-08 17:32:26 -04:00
Nick Mathewson
622a2c6bee
Make finish_daemon() return a boolean to say whether it did anything.
2018-08-08 16:59:53 -04:00
Nick Mathewson
4f300d547d
When RunAsDaemon is set, crypto_postfork() as needed
2018-08-08 16:50:23 -04:00
Nick Mathewson
f83b417bf8
Suppress strict-prototypes warning in crypto_nss_mgt.c
2018-08-02 08:41:33 -04:00
Nick Mathewson
727f1676d6
Fix double-link of crypto_openssl_mgt.c
2018-08-02 08:38:59 -04:00
Nick Mathewson
b590cc0449
Add a cast to make clang happier.
2018-08-02 08:36:24 -04:00
Nick Mathewson
a4c0a0e81e
Fix issues with crypto_ope compilation now that crypto.h is gone
2018-07-31 19:56:42 -04:00
Nick Mathewson
fdaa483098
Merge branch 'nss_dh_squashed' into nss_dh_squashed_merged
2018-07-31 19:56:23 -04:00
Nick Mathewson
17f922d371
Only link crypto_dh_openssl.c once
...
(We do this unconditionally, since we still need it for tortls.c)
2018-07-31 19:46:00 -04:00
Nick Mathewson
f5e22358b0
Additional tests for NSS DH
...
Notably, there's a test to make sure that it round-trips with
OpenSSL, if OpenSSL is enabled.
2018-07-31 19:46:00 -04:00
Nick Mathewson
17ea931ac7
Implement DH in NSS.
2018-07-31 19:46:00 -04:00
Nick Mathewson
32bbc8f6b5
Refactor the dependency between tortls and crypto_dh.
...
We only ever need this to get us a DH ephemeral key object,
so make a function that does just that.
2018-07-31 19:46:00 -04:00
Nick Mathewson
ac9a470c64
Extract the shared part of crypto_dh_compute_secret.
2018-07-31 19:46:00 -04:00
Nick Mathewson
60a5b78480
Extract the OpenSSL DH functionality to a new file.
2018-07-31 19:46:00 -04:00
Nick Mathewson
99beed152e
Make the rust tests link.
2018-07-31 19:46:00 -04:00
Nick Mathewson
2d80673b9a
Fix "make distcheck."
2018-07-31 19:46:00 -04:00
Nick Mathewson
e7a0616817
Changes files for feature26815 and 26816
2018-07-31 19:46:00 -04:00
Nick Mathewson
76e10ee6b9
Use NSS for AES_CTR.
2018-07-31 19:46:00 -04:00
Nick Mathewson
60705a5719
Use NSS in crypto_rand.c
...
This is comparatively straightforward too, except for a couple of
twists:
* For as long as we're building with two crypto libraries, we
want to seed _both_ their RNGs, and use _both_ their RNGs to
improve the output of crypto_strongest_rand()
* The NSS prng will sometimes refuse to generate huge outputs.
When it does, we stretch the output with SHAKE. We only need
this for the tests.
2018-07-31 19:46:00 -04:00
Nick Mathewson
be8d497b65
Make sure NSS is initialized before running benchmarks
2018-07-31 19:46:00 -04:00
Nick Mathewson
f64c9dccde
Use NSS's digest code in Tor.
...
This was a fairly straightforward port, once I realized which layer
I should be calling into.
2018-07-31 19:46:00 -04:00
Nick Mathewson
7e4ac0283e
Merge remote-tracking branch 'teor/bug26986'
2018-07-31 08:50:38 -04:00
Nick Mathewson
01c73711f1
Merge branch 'maint-0.3.4'
2018-07-31 08:30:58 -04:00