Nick Mathewson
a4e9d67292
Remove some functions which were unused except for their tests
2013-02-23 23:38:43 -05:00
Nick Mathewson
365e302f61
Remove a bunch of unused macro definitions
2013-02-23 23:05:25 -05:00
Nick Mathewson
8cdd8b8353
Fix numerous problems with Tor's weak RNG.
...
We need a weak RNG in a couple of places where the strong RNG is
both needless and too slow. We had been using the weak RNG from our
platform's libc implementation, but that was problematic (because
many platforms have exceptionally horrible weak RNGs -- like, ones
that only return values between 0 and SHORT_MAX) and because we were
using it in a way that was wrong for LCG-based weak RNGs. (We were
counting on the low bits of the LCG output to be as random as the
high ones, which isn't true.)
This patch adds a separate type for a weak RNG, adds an LCG
implementation for it, and uses that exclusively where we had been
using the platform weak RNG.
2013-02-08 16:28:05 -05:00
Nick Mathewson
7301339e33
fix wide lines from tor_log rename
2013-02-01 16:19:02 -05:00
Nick Mathewson
a141430ec3
Rename log() to tor_log() for logging
...
This is meant to avoid conflict with the built-in log() function in
math.h. It resolves ticket 7599. First reported by dhill.
This was generated with the following perl script:
#!/usr/bin/perl -w -i -p
s/\blog\(LOG_(ERR|WARN|NOTICE|INFO|DEBUG)\s*,\s*/log_\L$1\(/g;
s/\blog\(/tor_log\(/g;
2013-02-01 15:43:37 -05:00
Nick Mathewson
e0581a4b57
Replace base-{16,32,64} with base{16,32,64} in the code
...
Patch from onizuka generated with
find ./ -type f -perm -u+rw -exec sed -ri 's/(Base)-(16|32|64)/\1\2/gi' {} \;
Fixes issue 6875 on Tor.
2013-01-17 16:08:28 -05:00
Nick Mathewson
b998431a33
Merge branch '024_msvc_squashed'
...
Conflicts:
src/or/or.h
srcwin32/orconfig.h
2013-01-16 22:32:12 -05:00
Nick Mathewson
5e06c4ee32
When building with MSVC, call every enum bitfield unsigned
...
Fixes bug 7305.
2013-01-16 22:29:39 -05:00
Nick Mathewson
4da083db3b
Update the copyright date to 201.
2013-01-16 01:54:56 -05:00
Nick Mathewson
b1bdecd703
Merge branch 'ntor-resquashed'
...
Conflicts:
src/or/cpuworker.c
src/or/or.h
src/test/bench.c
2013-01-03 11:52:41 -05:00
Nick Mathewson
25c05cb747
Refactor strong os-RNG into its own function
...
Previously, we only used the strong OS entropy source as part of
seeding OpenSSL's RNG. But with curve25519, we'll have occasion to
want to generate some keys using extremely-good entopy, as well as the
means to do so. So let's!
This patch refactors the OS-entropy wrapper into its own
crypto_strongest_rand() function, and makes our new
curve25519_secret_key_generate function try it as appropriate.
2013-01-02 14:11:13 -05:00
Sebastian Hahn
11e8a445c3
Fix a couple of harmless clang3.2 warnings
2012-12-31 18:23:28 +01:00
Nick Mathewson
6921d1fd25
Implement HKDF from RFC5869
...
This is a customizable extract-and-expand HMAC-KDF for deriving keys.
It derives from RFC5869, which derives its rationale from Krawczyk,
H., "Cryptographic Extraction and Key Derivation: The HKDF Scheme",
Proceedings of CRYPTO 2010, 2010, <http://eprint.iacr.org/2010/264 >.
I'm also renaming the existing KDF, now that Tor has two of them.
This is the key derivation scheme specified in ntor.
There are also unit tests.
2012-12-06 01:54:09 -05:00
Nick Mathewson
3c3084e165
Add a crypto_dh_dup, for benchmark support
2012-12-06 01:54:09 -05:00
Nick Mathewson
e6828ea634
Refer to RFC 4648 instead of the obsolete RFC 3548
...
Affects comments only. For ticket 6849.
2012-11-23 09:51:35 -05:00
Nick Mathewson
81deddb08c
Merge remote-tracking branch 'origin/maint-0.2.3'
...
Conflicts:
src/common/crypto.c
src/or/rendservice.c
2012-11-08 16:48:04 -05:00
Nick Mathewson
49dd5ef3a3
Add and use and unlikely-to-be-eliminated memwipe()
...
Apparently some compilers like to eliminate memset() operations on
data that's about to go out-of-scope. I've gone with the safest
possible replacement, which might be a bit slow. I don't think this
is critical path in any way that will affect performance, but if it
is, we can work on that in 0.2.4.
Fixes bug 7352.
2012-11-08 16:44:50 -05:00
Nick Mathewson
56c0baa523
Rename all reserved C identifiers we defined
...
For everything we declare that starts with _, make it end with _ instead.
This is a machine-generated patch. To make it, start by getting the
list of reserved identifiers using:
git ls-tree -r --name-only HEAD | grep '\.[ch]$' | \
xargs ctags --c-kinds=defglmpstuvx -o - | grep '^_' | \
cut -f 1 | sort| uniq
You might need gnu ctags.
Then pipe the output through this script:
==============================
use strict;
BEGIN { print "#!/usr/bin/perl -w -i -p\n\n"; }
chomp;
next if (
/^__attribute__/ or
/^__func__/ or
/^_FILE_OFFSET_BITS/ or
/^_FORTIFY_SOURCE/ or
/^_GNU_SOURCE/ or
/^_WIN32/ or
/^_DARWIN_UNLIMITED/ or
/^_FILE_OFFSET_BITS/ or
/^_LARGEFILE64_SOURCE/ or
/^_LFS64_LARGEFILE/ or
/^__cdecl/ or
/^__attribute__/ or
/^__func__/ or
/^_WIN32_WINNT/);
my $ident = $_;
my $better = $ident;
$better =~ s/^_//;
$better = "${better}_";
print "s/(?<![A-Za-z0-9_])$ident(?![A-Za-z0-9_])/$better/g;\n";
==============================
Then run the resulting script on all the files you want to change.
(That is, all the C except that in src/ext.) The resulting script was:
==============================
s/(?<![A-Za-z0-9_])_address(?![A-Za-z0-9_])/address_/g;
s/(?<![A-Za-z0-9_])_aes_fill_buf(?![A-Za-z0-9_])/aes_fill_buf_/g;
s/(?<![A-Za-z0-9_])_AllowInvalid(?![A-Za-z0-9_])/AllowInvalid_/g;
s/(?<![A-Za-z0-9_])_AP_CONN_STATE_MAX(?![A-Za-z0-9_])/AP_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_AP_CONN_STATE_MIN(?![A-Za-z0-9_])/AP_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_assert_cache_ok(?![A-Za-z0-9_])/assert_cache_ok_/g;
s/(?<![A-Za-z0-9_])_A_UNKNOWN(?![A-Za-z0-9_])/A_UNKNOWN_/g;
s/(?<![A-Za-z0-9_])_base(?![A-Za-z0-9_])/base_/g;
s/(?<![A-Za-z0-9_])_BridgePassword_AuthDigest(?![A-Za-z0-9_])/BridgePassword_AuthDigest_/g;
s/(?<![A-Za-z0-9_])_buffer_stats_compare_entries(?![A-Za-z0-9_])/buffer_stats_compare_entries_/g;
s/(?<![A-Za-z0-9_])_chan_circid_entries_eq(?![A-Za-z0-9_])/chan_circid_entries_eq_/g;
s/(?<![A-Za-z0-9_])_chan_circid_entry_hash(?![A-Za-z0-9_])/chan_circid_entry_hash_/g;
s/(?<![A-Za-z0-9_])_check_no_tls_errors(?![A-Za-z0-9_])/check_no_tls_errors_/g;
s/(?<![A-Za-z0-9_])_c_hist_compare(?![A-Za-z0-9_])/c_hist_compare_/g;
s/(?<![A-Za-z0-9_])_circ(?![A-Za-z0-9_])/circ_/g;
s/(?<![A-Za-z0-9_])_circuit_get_global_list(?![A-Za-z0-9_])/circuit_get_global_list_/g;
s/(?<![A-Za-z0-9_])_circuit_mark_for_close(?![A-Za-z0-9_])/circuit_mark_for_close_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_C_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_C_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_MIN(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_OR_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_OR_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_OR_MIN(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_OR_MIN_/g;
s/(?<![A-Za-z0-9_])_cmp_int_strings(?![A-Za-z0-9_])/cmp_int_strings_/g;
s/(?<![A-Za-z0-9_])_compare_cached_resolves_by_expiry(?![A-Za-z0-9_])/compare_cached_resolves_by_expiry_/g;
s/(?<![A-Za-z0-9_])_compare_digests(?![A-Za-z0-9_])/compare_digests_/g;
s/(?<![A-Za-z0-9_])_compare_digests256(?![A-Za-z0-9_])/compare_digests256_/g;
s/(?<![A-Za-z0-9_])_compare_dir_src_ents_by_authority_id(?![A-Za-z0-9_])/compare_dir_src_ents_by_authority_id_/g;
s/(?<![A-Za-z0-9_])_compare_duration_idx(?![A-Za-z0-9_])/compare_duration_idx_/g;
s/(?<![A-Za-z0-9_])_compare_int(?![A-Za-z0-9_])/compare_int_/g;
s/(?<![A-Za-z0-9_])_compare_networkstatus_v2_published_on(?![A-Za-z0-9_])/compare_networkstatus_v2_published_on_/g;
s/(?<![A-Za-z0-9_])_compare_old_routers_by_identity(?![A-Za-z0-9_])/compare_old_routers_by_identity_/g;
s/(?<![A-Za-z0-9_])_compare_orports(?![A-Za-z0-9_])/compare_orports_/g;
s/(?<![A-Za-z0-9_])_compare_pairs(?![A-Za-z0-9_])/compare_pairs_/g;
s/(?<![A-Za-z0-9_])_compare_routerinfo_by_id_digest(?![A-Za-z0-9_])/compare_routerinfo_by_id_digest_/g;
s/(?<![A-Za-z0-9_])_compare_routerinfo_by_ip_and_bw(?![A-Za-z0-9_])/compare_routerinfo_by_ip_and_bw_/g;
s/(?<![A-Za-z0-9_])_compare_signed_descriptors_by_age(?![A-Za-z0-9_])/compare_signed_descriptors_by_age_/g;
s/(?<![A-Za-z0-9_])_compare_string_ptrs(?![A-Za-z0-9_])/compare_string_ptrs_/g;
s/(?<![A-Za-z0-9_])_compare_strings_for_pqueue(?![A-Za-z0-9_])/compare_strings_for_pqueue_/g;
s/(?<![A-Za-z0-9_])_compare_strs(?![A-Za-z0-9_])/compare_strs_/g;
s/(?<![A-Za-z0-9_])_compare_tor_version_str_ptr(?![A-Za-z0-9_])/compare_tor_version_str_ptr_/g;
s/(?<![A-Za-z0-9_])_compare_vote_rs(?![A-Za-z0-9_])/compare_vote_rs_/g;
s/(?<![A-Za-z0-9_])_compare_votes_by_authority_id(?![A-Za-z0-9_])/compare_votes_by_authority_id_/g;
s/(?<![A-Za-z0-9_])_compare_without_first_ch(?![A-Za-z0-9_])/compare_without_first_ch_/g;
s/(?<![A-Za-z0-9_])_connection_free(?![A-Za-z0-9_])/connection_free_/g;
s/(?<![A-Za-z0-9_])_connection_mark_and_flush(?![A-Za-z0-9_])/connection_mark_and_flush_/g;
s/(?<![A-Za-z0-9_])_connection_mark_for_close(?![A-Za-z0-9_])/connection_mark_for_close_/g;
s/(?<![A-Za-z0-9_])_connection_mark_unattached_ap(?![A-Za-z0-9_])/connection_mark_unattached_ap_/g;
s/(?<![A-Za-z0-9_])_connection_write_to_buf_impl(?![A-Za-z0-9_])/connection_write_to_buf_impl_/g;
s/(?<![A-Za-z0-9_])_ConnLimit(?![A-Za-z0-9_])/ConnLimit_/g;
s/(?<![A-Za-z0-9_])_CONN_TYPE_MAX(?![A-Za-z0-9_])/CONN_TYPE_MAX_/g;
s/(?<![A-Za-z0-9_])_CONN_TYPE_MIN(?![A-Za-z0-9_])/CONN_TYPE_MIN_/g;
s/(?<![A-Za-z0-9_])_CONTROL_CONN_STATE_MAX(?![A-Za-z0-9_])/CONTROL_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_CONTROL_CONN_STATE_MIN(?![A-Za-z0-9_])/CONTROL_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_CPUWORKER_STATE_MAX(?![A-Za-z0-9_])/CPUWORKER_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_CPUWORKER_STATE_MIN(?![A-Za-z0-9_])/CPUWORKER_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_crypto_dh_get_dh(?![A-Za-z0-9_])/crypto_dh_get_dh_/g;
s/(?<![A-Za-z0-9_])_crypto_global_initialized(?![A-Za-z0-9_])/crypto_global_initialized_/g;
s/(?<![A-Za-z0-9_])_crypto_new_pk_from_rsa(?![A-Za-z0-9_])/crypto_new_pk_from_rsa_/g;
s/(?<![A-Za-z0-9_])_crypto_pk_get_evp_pkey(?![A-Za-z0-9_])/crypto_pk_get_evp_pkey_/g;
s/(?<![A-Za-z0-9_])_crypto_pk_get_rsa(?![A-Za-z0-9_])/crypto_pk_get_rsa_/g;
s/(?<![A-Za-z0-9_])_DIR_CONN_STATE_MAX(?![A-Za-z0-9_])/DIR_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_DIR_CONN_STATE_MIN(?![A-Za-z0-9_])/DIR_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_DIR_PURPOSE_MAX(?![A-Za-z0-9_])/DIR_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_DIR_PURPOSE_MIN(?![A-Za-z0-9_])/DIR_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_dirreq_map_get(?![A-Za-z0-9_])/dirreq_map_get_/g;
s/(?<![A-Za-z0-9_])_dirreq_map_put(?![A-Za-z0-9_])/dirreq_map_put_/g;
s/(?<![A-Za-z0-9_])_dns_randfn(?![A-Za-z0-9_])/dns_randfn_/g;
s/(?<![A-Za-z0-9_])_dummy(?![A-Za-z0-9_])/dummy_/g;
s/(?<![A-Za-z0-9_])_edge(?![A-Za-z0-9_])/edge_/g;
s/(?<![A-Za-z0-9_])_END_CIRC_REASON_MAX(?![A-Za-z0-9_])/END_CIRC_REASON_MAX_/g;
s/(?<![A-Za-z0-9_])_END_CIRC_REASON_MIN(?![A-Za-z0-9_])/END_CIRC_REASON_MIN_/g;
s/(?<![A-Za-z0-9_])_EOF(?![A-Za-z0-9_])/EOF_/g;
s/(?<![A-Za-z0-9_])_ERR(?![A-Za-z0-9_])/ERR_/g;
s/(?<![A-Za-z0-9_])_escaped_val(?![A-Za-z0-9_])/escaped_val_/g;
s/(?<![A-Za-z0-9_])_evdns_log(?![A-Za-z0-9_])/evdns_log_/g;
s/(?<![A-Za-z0-9_])_evdns_nameserver_add_impl(?![A-Za-z0-9_])/evdns_nameserver_add_impl_/g;
s/(?<![A-Za-z0-9_])_EVENT_MAX(?![A-Za-z0-9_])/EVENT_MAX_/g;
s/(?<![A-Za-z0-9_])_EVENT_MIN(?![A-Za-z0-9_])/EVENT_MIN_/g;
s/(?<![A-Za-z0-9_])_ExcludeExitNodesUnion(?![A-Za-z0-9_])/ExcludeExitNodesUnion_/g;
s/(?<![A-Za-z0-9_])_EXIT_CONN_STATE_MAX(?![A-Za-z0-9_])/EXIT_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_EXIT_CONN_STATE_MIN(?![A-Za-z0-9_])/EXIT_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_EXIT_PURPOSE_MAX(?![A-Za-z0-9_])/EXIT_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_EXIT_PURPOSE_MIN(?![A-Za-z0-9_])/EXIT_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_extrainfo_free(?![A-Za-z0-9_])/extrainfo_free_/g;
s/(?<![A-Za-z0-9_])_find_by_keyword(?![A-Za-z0-9_])/find_by_keyword_/g;
s/(?<![A-Za-z0-9_])_free_cached_dir(?![A-Za-z0-9_])/free_cached_dir_/g;
s/(?<![A-Za-z0-9_])_free_cached_resolve(?![A-Za-z0-9_])/free_cached_resolve_/g;
s/(?<![A-Za-z0-9_])_free_duplicate_routerstatus_entry(?![A-Za-z0-9_])/free_duplicate_routerstatus_entry_/g;
s/(?<![A-Za-z0-9_])_free_link_history(?![A-Za-z0-9_])/free_link_history_/g;
s/(?<![A-Za-z0-9_])_geoip_compare_entries(?![A-Za-z0-9_])/geoip_compare_entries_/g;
s/(?<![A-Za-z0-9_])_geoip_compare_key_to_entry(?![A-Za-z0-9_])/geoip_compare_key_to_entry_/g;
s/(?<![A-Za-z0-9_])_hex_decode_digit(?![A-Za-z0-9_])/hex_decode_digit_/g;
s/(?<![A-Za-z0-9_])_idxplus1(?![A-Za-z0-9_])/idxplus1_/g;
s/(?<![A-Za-z0-9_])__libc_enable_secure(?![A-Za-z0-9_])/_libc_enable_secure_/g;
s/(?<![A-Za-z0-9_])_log_debug(?![A-Za-z0-9_])/log_debug_/g;
s/(?<![A-Za-z0-9_])_log_err(?![A-Za-z0-9_])/log_err_/g;
s/(?<![A-Za-z0-9_])_log_fn(?![A-Za-z0-9_])/log_fn_/g;
s/(?<![A-Za-z0-9_])_log_fn_function_name(?![A-Za-z0-9_])/log_fn_function_name_/g;
s/(?<![A-Za-z0-9_])_log_global_min_severity(?![A-Za-z0-9_])/log_global_min_severity_/g;
s/(?<![A-Za-z0-9_])_log_info(?![A-Za-z0-9_])/log_info_/g;
s/(?<![A-Za-z0-9_])_log_notice(?![A-Za-z0-9_])/log_notice_/g;
s/(?<![A-Za-z0-9_])_log_prefix(?![A-Za-z0-9_])/log_prefix_/g;
s/(?<![A-Za-z0-9_])_log_warn(?![A-Za-z0-9_])/log_warn_/g;
s/(?<![A-Za-z0-9_])_magic(?![A-Za-z0-9_])/magic_/g;
s/(?<![A-Za-z0-9_])_MALLOC_LOCK(?![A-Za-z0-9_])/MALLOC_LOCK_/g;
s/(?<![A-Za-z0-9_])_MALLOC_LOCK_INIT(?![A-Za-z0-9_])/MALLOC_LOCK_INIT_/g;
s/(?<![A-Za-z0-9_])_MALLOC_UNLOCK(?![A-Za-z0-9_])/MALLOC_UNLOCK_/g;
s/(?<![A-Za-z0-9_])_microdesc_eq(?![A-Za-z0-9_])/microdesc_eq_/g;
s/(?<![A-Za-z0-9_])_microdesc_hash(?![A-Za-z0-9_])/microdesc_hash_/g;
s/(?<![A-Za-z0-9_])_MIN_TOR_TLS_ERROR_VAL(?![A-Za-z0-9_])/MIN_TOR_TLS_ERROR_VAL_/g;
s/(?<![A-Za-z0-9_])_mm_free(?![A-Za-z0-9_])/mm_free_/g;
s/(?<![A-Za-z0-9_])_NIL(?![A-Za-z0-9_])/NIL_/g;
s/(?<![A-Za-z0-9_])_n_openssl_mutexes(?![A-Za-z0-9_])/n_openssl_mutexes_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_create_cb(?![A-Za-z0-9_])/openssl_dynlock_create_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_destroy_cb(?![A-Za-z0-9_])/openssl_dynlock_destroy_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_lock_cb(?![A-Za-z0-9_])/openssl_dynlock_lock_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_locking_cb(?![A-Za-z0-9_])/openssl_locking_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_mutexes(?![A-Za-z0-9_])/openssl_mutexes_/g;
s/(?<![A-Za-z0-9_])_option_abbrevs(?![A-Za-z0-9_])/option_abbrevs_/g;
s/(?<![A-Za-z0-9_])_option_vars(?![A-Za-z0-9_])/option_vars_/g;
s/(?<![A-Za-z0-9_])_OR_CONN_STATE_MAX(?![A-Za-z0-9_])/OR_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_OR_CONN_STATE_MIN(?![A-Za-z0-9_])/OR_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_OutboundBindAddressIPv4(?![A-Za-z0-9_])/OutboundBindAddressIPv4_/g;
s/(?<![A-Za-z0-9_])_OutboundBindAddressIPv6(?![A-Za-z0-9_])/OutboundBindAddressIPv6_/g;
s/(?<![A-Za-z0-9_])_PDS_PREFER_TUNNELED_DIR_CONNS(?![A-Za-z0-9_])/PDS_PREFER_TUNNELED_DIR_CONNS_/g;
s/(?<![A-Za-z0-9_])_port(?![A-Za-z0-9_])/port_/g;
s/(?<![A-Za-z0-9_])__progname(?![A-Za-z0-9_])/_progname_/g;
s/(?<![A-Za-z0-9_])_PublishServerDescriptor(?![A-Za-z0-9_])/PublishServerDescriptor_/g;
s/(?<![A-Za-z0-9_])_remove_old_client_helper(?![A-Za-z0-9_])/remove_old_client_helper_/g;
s/(?<![A-Za-z0-9_])_rend_cache_entry_free(?![A-Za-z0-9_])/rend_cache_entry_free_/g;
s/(?<![A-Za-z0-9_])_routerlist_find_elt(?![A-Za-z0-9_])/routerlist_find_elt_/g;
s/(?<![A-Za-z0-9_])_SafeLogging(?![A-Za-z0-9_])/SafeLogging_/g;
s/(?<![A-Za-z0-9_])_SHORT_FILE_(?![A-Za-z0-9_])/SHORT_FILE__/g;
s/(?<![A-Za-z0-9_])_state_abbrevs(?![A-Za-z0-9_])/state_abbrevs_/g;
s/(?<![A-Za-z0-9_])_state_vars(?![A-Za-z0-9_])/state_vars_/g;
s/(?<![A-Za-z0-9_])_t(?![A-Za-z0-9_])/t_/g;
s/(?<![A-Za-z0-9_])_t32(?![A-Za-z0-9_])/t32_/g;
s/(?<![A-Za-z0-9_])_test_op_ip6(?![A-Za-z0-9_])/test_op_ip6_/g;
s/(?<![A-Za-z0-9_])_thread1_name(?![A-Za-z0-9_])/thread1_name_/g;
s/(?<![A-Za-z0-9_])_thread2_name(?![A-Za-z0-9_])/thread2_name_/g;
s/(?<![A-Za-z0-9_])_thread_test_func(?![A-Za-z0-9_])/thread_test_func_/g;
s/(?<![A-Za-z0-9_])_thread_test_mutex(?![A-Za-z0-9_])/thread_test_mutex_/g;
s/(?<![A-Za-z0-9_])_thread_test_start1(?![A-Za-z0-9_])/thread_test_start1_/g;
s/(?<![A-Za-z0-9_])_thread_test_start2(?![A-Za-z0-9_])/thread_test_start2_/g;
s/(?<![A-Za-z0-9_])_thread_test_strmap(?![A-Za-z0-9_])/thread_test_strmap_/g;
s/(?<![A-Za-z0-9_])_tor_calloc(?![A-Za-z0-9_])/tor_calloc_/g;
s/(?<![A-Za-z0-9_])_TOR_CHANNEL_INTERNAL(?![A-Za-z0-9_])/TOR_CHANNEL_INTERNAL_/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_EWMA_C(?![A-Za-z0-9_])/TOR_CIRCUITMUX_EWMA_C_/g;
s/(?<![A-Za-z0-9_])_tor_free(?![A-Za-z0-9_])/tor_free_/g;
s/(?<![A-Za-z0-9_])_tor_malloc(?![A-Za-z0-9_])/tor_malloc_/g;
s/(?<![A-Za-z0-9_])_tor_malloc_zero(?![A-Za-z0-9_])/tor_malloc_zero_/g;
s/(?<![A-Za-z0-9_])_tor_memdup(?![A-Za-z0-9_])/tor_memdup_/g;
s/(?<![A-Za-z0-9_])_tor_realloc(?![A-Za-z0-9_])/tor_realloc_/g;
s/(?<![A-Za-z0-9_])_tor_strdup(?![A-Za-z0-9_])/tor_strdup_/g;
s/(?<![A-Za-z0-9_])_tor_strndup(?![A-Za-z0-9_])/tor_strndup_/g;
s/(?<![A-Za-z0-9_])_TOR_TLS_SYSCALL(?![A-Za-z0-9_])/TOR_TLS_SYSCALL_/g;
s/(?<![A-Za-z0-9_])_TOR_TLS_ZERORETURN(?![A-Za-z0-9_])/TOR_TLS_ZERORETURN_/g;
s/(?<![A-Za-z0-9_])__USE_ISOC99(?![A-Za-z0-9_])/_USE_ISOC99_/g;
s/(?<![A-Za-z0-9_])_UsingTestNetworkDefaults(?![A-Za-z0-9_])/UsingTestNetworkDefaults_/g;
s/(?<![A-Za-z0-9_])_val(?![A-Za-z0-9_])/val_/g;
s/(?<![A-Za-z0-9_])_void_for_alignment(?![A-Za-z0-9_])/void_for_alignment_/g;
==============================
2012-10-12 12:22:13 -04:00
Andrea Shepard
5543c5b202
Fix formatting in various places after 6465/6816 work
2012-10-10 00:48:36 -07:00
Nick Mathewson
751b3aabb5
Merge remote-tracking branch 'public/openssl_1_is_best'
2012-10-04 12:50:41 -04:00
Robert Ransom
cd884c764b
Fix documentation for crypto_pk_cmp_keys
...
Now that crypto_pk_cmp_keys might return the result of tor_memcmp, there
is no guarantee that it will only return -1, 0, or 1. (It currently does
only return -1, 0, or 1, but that's a lucky accident due to details of the
current implementation of tor_memcmp and the particular input given to it.)
Fortunately, none of crypto_pk_cmp_keys's callers rely on this behaviour,
so changing its documentation is sufficient.
2012-09-17 11:02:53 -04:00
Robert Ransom
62babcaf0a
Implement and use crypto_pk_eq_keys
2012-09-17 11:02:53 -04:00
Robert Ransom
f3916a6855
Make crypto_pk_cmp_keys do something sane for NULL keys
...
Fixes bug 4283; bugfix on r76
(Git commit 01aadefbfc
).
2012-09-17 11:02:52 -04:00
Nick Mathewson
be68c1fb43
Log a notice if we're running with OpenSSL before 1.0.0.
...
These versions have some dubious, slow crypto implementations; 1.0.0
is a great improvement, and at this point is pretty mature.
2012-09-12 19:32:24 -04:00
Nick Mathewson
feabf4148f
Drop support for openssl 0.9.7
...
097 hasn't seen a new version since 2007; we can drop support too.
This lets us remove our built-in sha256 implementation, and some
checks for old bugs.
2012-09-12 19:25:58 -04:00
Nick Mathewson
7607ad2bec
Detect openssl header version doesn't match runtime version
...
We already do this for libevent; let's do it for openssl too.
For now, I'm making it always a warn, since this has caused some
problems in the past. Later, we can see about making it less severe.
2012-09-06 11:31:30 -04:00
Nick Mathewson
e3a130a7eb
Don't log about Libevent/OpenSSL initialization when all's well
...
OTOH, log the Libevent and OpenSSL versions on the first line when
we're starting Tor.
2012-09-06 11:31:22 -04:00
Nick Mathewson
20d6f787aa
Fix "make check-spaces" issues
2012-06-05 00:49:18 -04:00
Nick Mathewson
0fa107a6aa
Update copyright dates to 2012; add a few missing copyright statements
2012-06-04 20:58:17 -04:00
Nick Mathewson
173b18c79b
Add about 60 more DOCDOC comments to 0.2.3
...
Also, try to resolve some doxygen issues. First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
2012-06-04 19:59:08 -04:00
Sebastian Hahn
a5a8296892
Fix clang 3.1 compile warning in crypto.c
...
(Tweaked by nickm)
2012-05-30 11:56:43 -04:00
Nick Mathewson
21e3261914
Bump _WIN32_WINNT to 0x0501 throughout the code
...
This tells the windows headers to give us definitions that didn't
exist before XP -- like the ones that we need for IPv6 support.
See bug #5861 . We didn't run into this issue with mingw, since
mingw doesn't respect _WIN32_WINNT as well as it should for some of
its definitions.
2012-05-14 13:46:37 -04:00
Nick Mathewson
9ffccb3f49
Remove all instances of WIN32_WINNT (without leading _)
...
We started adding it in 59e2c77824
back in 2004, 8 years and 3
days ago. It's time to deprogram ourselves from this cargo cult.
2012-05-14 13:36:52 -04:00
Nick Mathewson
4db5a1e151
Remove needless check for a buffer that could not be NULL.
...
Fixes coverity CID 508: coverity scan doesn't like checking a
variable for non-NULL after it has been definitely dereferenced.
This should take us back down to zero coverity issues.
2012-04-18 10:38:39 -04:00
Nick Mathewson
ab3197c059
Remove a couple redundant NULL-checks before crypto_cipher_free
...
Calling crypto_cipher_free(NULL) is always safe, since (by
convention) all of our xyz_free() functions treat xyz_free(NULL) as
a no-op.
Flagged by coverity scan; fixes CID 508 and 509.
2012-03-30 10:16:58 -04:00
Nick Mathewson
01905a6ef9
Excise PK_NO_PADDING entirely: Unpadded RSA is silly.
...
We never use it, so having it around is pointless.
Suggested by Sebastian
2012-03-27 22:38:06 -04:00
Nick Mathewson
de0dca0de7
Refactor the API for setting up a block cipher.
...
It allows us more flexibility on the backend if the user needs to
specify the key and IV at setup time.
2012-03-27 22:37:56 -04:00
Nick Mathewson
00b4784575
Remove support for PK_NO_PADDING in crypto_pk_public_hybrid_encrypt
...
We never use it, and it would be a stupid thing if we started using it.
2012-03-27 22:37:55 -04:00
Robert Ransom
cd029f0ca3
Fix crypto_hmac_sha256 documentation comment
2012-02-20 02:47:10 -08:00
Nick Mathewson
5cf9167f91
Use the standard _WIN32, not the Torism MS_WINDOWS or deprecated WIN32
...
This commit is completely mechanical; I used this perl script to make it:
#!/usr/bin/perl -w -i.bak -p
if (/^\s*\#/) {
s/MS_WINDOWS/_WIN32/g;
s/\bWIN32\b/_WIN32/g;
}
2012-01-31 15:48:47 -05:00
Nick Mathewson
26e789fbfd
Rename nonconformant identifiers.
...
Fixes bug 4893.
These changes are pure mechanical, and were generated with this
perl script:
/usr/bin/perl -w -i.bak -p
s/crypto_pk_env_t/crypto_pk_t/g;
s/crypto_dh_env_t/crypto_dh_t/g;
s/crypto_cipher_env_t/crypto_cipher_t/g;
s/crypto_digest_env_t/crypto_digest_t/g;
s/aes_free_cipher/aes_cipher_free/g;
s/crypto_free_cipher_env/crypto_cipher_free/g;
s/crypto_free_digest_env/crypto_digest_free/g;
s/crypto_free_pk_env/crypto_pk_free/g;
s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;
s/crypto_new_cipher_env/crypto_cipher_new/g;
s/crypto_new_digest_env/crypto_digest_new/g;
s/crypto_new_digest256_env/crypto_digest256_new/g;
s/crypto_new_pk_env/crypto_pk_new/g;
s/crypto_create_crypto_env/crypto_cipher_new/g;
s/connection_create_listener/connection_listener_new/g;
s/smartlist_create/smartlist_new/g;
s/transport_create/transport_new/g;
2012-01-18 15:53:30 -05:00
Nick Mathewson
73d4dbe103
whitespace and warning fixes for bug4746
2012-01-10 16:53:37 -05:00
Nick Mathewson
7fbf1e225e
Merge remote-tracking branch 'asn-mytor/bug4746'
2012-01-10 16:44:03 -05:00
Nick Mathewson
d29a390733
Test for broken counter-mode at runtime
...
To solve bug 4779, we want to avoid OpenSSL 1.0.0's counter mode.
But Fedora (and maybe others) lie about the actual OpenSSL version,
so we can't trust the header to tell us if it's safe.
Instead, let's do a run-time test to see whether it's safe, and if
not, use our built-in version.
fermenthor contributed a pretty essential fixup to this patch. Thanks!
2012-01-10 11:15:35 -05:00
Nick Mathewson
5741aef3dc
We no longer need to detect openssl without RAND_poll()
...
We require openssl 0.9.7 or later, and RAND_poll() was first added in
openssl 0.9.6.
2012-01-10 10:40:31 -05:00
Nick Mathewson
85c7d7659e
Add macros to construct openssl version numbers
...
It's a pain to convert 0x0090813f to and from 0.9.8s-release on the
fly, so these macros should help.
2012-01-10 10:40:30 -05:00
Sebastian Hahn
2367f7e559
Make sure MAX_DNS_LABEL_SIZE is defined
...
MAX_DNS_LABEL_SIZE was only defined for old versions of openssl, which
broke the build. Spotted by xiando. Fixes bug 4413; not in any released
version.
2012-01-10 06:14:35 +01:00
Nick Mathewson
b1ee1a719d
Tweaks for bug4413 fix
...
The thing that's limited to 63 bytes is a "label", not a hostname.
Docment input constraints and behavior on bogus inputs.
Generally it's better to check for overflow-like conditions before
than after. In this case, it's not a true overflow, so we're okay,
but let's be consistent.
pedantic less->fewer in the documentation
2012-01-09 19:14:51 -05:00
Stephen Palmateer
3fadc074ca
Remove (untriggerable) overflow in crypto_random_hostname()
...
Fixes bug 4413; bugfix on xxxx.
Hostname components cannot be larger than 63 characters.
This simple check makes certain randlen cannot overflow rand_bytes_len.
2012-01-09 19:05:05 -05:00
George Kadianakis
d05bc02192
Add an informative header on the 'keys/dynamic_dh_params' file.
2011-12-19 16:06:22 +01:00
Robert Ransom
d688a40a0e
Don't crash on startup of a dormant relay
...
If a relay is dormant at startup, it will call init_keys before
crypto_set_tls_dh_prime. This is bad. Let's make it not so bad, because
someday it *will* happen again.
2011-12-12 11:25:55 -08:00
Sebastian Hahn
95af91565b
Work around a false positive in Coverity.
...
Fixes cid 501 and 502.
2011-12-02 06:16:57 +01:00
George Kadianakis
02708b7d80
Free the global DH parameters in crypto_global_cleanup().
2011-11-30 13:17:47 -05:00
George Kadianakis
a708e85236
Move crypto_global_cleanup() to the bottom of crypto.c.
2011-11-30 13:17:39 -05:00
Nick Mathewson
da6c136817
Merge remote-tracking branch 'asn-mytor/bug4548_take2'
2011-11-29 18:30:41 -05:00
George Kadianakis
055d6c01ff
Write dynamic DH parameters to a file.
...
Instead of only writing the dynamic DH prime modulus to a file, write
the whole DH parameters set for forward compatibility. At the moment
we only accept '2' as the group generator.
The DH parameters gets stored in base64-ed DER format to the
'dynamic_dh_params' file.
2011-11-26 19:29:57 +01:00
George Kadianakis
b31601975b
Move DH_GENERATOR to crypto.c.
2011-11-25 17:44:11 +01:00
George Kadianakis
1df6b5a734
Move broken primes to dynamic_dh_modulus.broken.
2011-11-25 17:39:45 +01:00
George Kadianakis
4938bcc06a
Do dynamic DH modulus storing in crypto.c.
2011-11-25 17:39:28 +01:00
Nick Mathewson
8143074b3f
Use EVP for AES only when hardware accel is present
...
Fixes bug 4525, fix on 0.2.3.8-alpha.
2011-11-25 10:32:00 -05:00
George Kadianakis
1d1d5ae7f8
Finishing touches.
...
- Make check-spaces happy.
- Remove a stray header from crypto.h
2011-11-25 01:08:31 +01:00
George Kadianakis
7c37a664c1
Rename 'dynamic prime' to 'dynamic DH modulus'.
2011-11-25 01:00:58 +01:00
George Kadianakis
bdeb797a13
Notify the user that her computer is generating numbers.
2011-11-25 00:59:47 +01:00
George Kadianakis
5f3f41c234
Make sure that the stored DH prime is safe to use.
2011-11-25 00:33:40 +01:00
George Kadianakis
94076d9e3b
Move crypto_get_stored_dynamic_prime() to crypto.c
2011-11-24 22:59:01 +01:00
George Kadianakis
2ef68980a7
Move store_dynamic_prime() to crypto.c.
2011-11-24 22:32:10 +01:00
George Kadianakis
cabb8e54c7
Tone down the logging.
2011-11-24 22:14:09 +01:00
George Kadianakis
8a726dd0dd
Implement dynamic prime reading and storing to disk.
2011-11-24 22:13:44 +01:00
George Kadianakis
42bda231ee
Make DynamicPrimes SIGHUP-able.
...
Instead of passing the DynamicPrimes configuration option to
crypto_global_init(), generate and set a new TLS DH prime when we read
the torrc.
2011-11-24 22:13:38 +01:00
George Kadianakis
0e71be5d94
Improve code in the dynamic primes realm.
2011-11-24 22:13:19 +01:00
George Kadianakis
fb38e58d14
Improve logging.
2011-11-24 22:13:00 +01:00
George Kadianakis
1797e0a39e
Make it compile.
2011-11-24 22:12:44 +01:00
George Kadianakis
375e55eaa2
Rename "Rakshasa" to "Dynamic Prime".
2011-11-24 22:09:15 +01:00
George Kadianakis
659381e00d
Introduce the DynamicPrimes configuration option.
2011-11-24 22:09:06 +01:00
George Kadianakis
edec9409e8
Copy/Paste Jake's stuff.
...
This commit copies parts of Jake's
f3bb6846975193d9a6649c31f94bda47e4014070 commit verbatim to the
current master.
2011-11-24 22:06:50 +01:00
Andrea Gelmini
72d4d762c1
Remove some duplicate includes
2011-11-03 10:23:33 -04:00
Nick Mathewson
beb9097bed
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-10-26 11:08:19 -04:00
Nick Mathewson
445f947890
Remove a no-longer-relevant comment
2011-10-10 23:14:17 -04:00
Nick Mathewson
fdbb9cdf74
Add a sha256 hmac function, with tests
2011-10-10 23:14:09 -04:00
Nick Mathewson
dcf69a9e12
New function to get all digests of a public key
2011-10-10 23:14:02 -04:00
Nick Mathewson
246afc1b1b
Make internal error check for unrecognized digest algorithm more robust
...
Fixes Coverity CID 479.
2011-10-06 14:13:09 -04:00
Nick Mathewson
44cfa53873
Make WIN32_WINNT defines conditional
...
Requested by Gisle Vanem on tor-dev. I'm not quite sure this is the
right solution, but it's probably harmless.
2011-07-15 10:03:59 -04:00
Nick Mathewson
8cd5a3c186
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-06-06 16:20:22 -04:00
Nick Mathewson
5afab5ca19
Check maximum properly in crypto_rand_int()
...
George Kadianakis notes that if you give crypto_rand_int() a value
above INT_MAX, it can return a negative number, which is not what
the documentation would imply.
The simple solution is to assert that the input is in [1,INT_MAX+1].
If in the future we need a random-value function that can return
values up to UINT_MAX, we can add one.
Fixes bug 3306; bugfix on 0.2.2pre14.
2011-06-06 16:18:06 -04:00
Nick Mathewson
12f9c91c06
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-06-03 11:36:21 -04:00
Nick Mathewson
bbf2fee8ff
Reject 128-byte keys that are not 1024-bit
...
When we added the check for key size, we required that the keys be
128 bytes. But RSA_size (which defers to BN_num_bytes) will return
128 for keys of length 1017..1024. This patch adds a new
crypto_pk_num_bits() that returns the actual number of significant
bits in the modulus, and uses that to enforce key sizes.
Also, credit the original bug3318 in the changes file.
2011-06-03 11:31:19 -04:00
Nick Mathewson
03ccce6d77
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-05-16 14:50:53 -04:00
Nick Mathewson
e908e3a332
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
...
Fixed trivial conflict due to headers moving into their own .h files
from or.h.
Conflicts:
src/or/or.h
2011-05-16 14:49:55 -04:00
Nick Mathewson
4a22046c86
squash! Add crypto_pk_check_key_public_exponent function
...
Rename crypto_pk_check_key_public_exponent to crypto_pk_public_exponent_ok:
it's nice to name predicates s.t. you can tell how to interpret true
and false.
2011-05-16 14:45:06 -04:00
Robert Ransom
d2629f78a0
Add crypto_pk_check_key_public_exponent function
2011-05-16 14:07:34 -04:00
Nick Mathewson
9fba014e3f
Merge remote-tracking branch 'public/bug3122_memcmp_022' into bug3122_memcmp_023
...
Conflicts in various places, mainly node-related. Resolved them in
favor of HEAD, with copying of tor_mem* operations from bug3122_memcmp_022.
src/common/Makefile.am
src/or/circuitlist.c
src/or/connection_edge.c
src/or/directory.c
src/or/microdesc.c
src/or/networkstatus.c
src/or/router.c
src/or/routerlist.c
src/test/test_util.c
2011-05-11 16:39:45 -04:00
Nick Mathewson
44ad734573
Merge remote-tracking branch 'public/3122_memcmp_squashed' into bug3122_memcmp_022
...
Conflicts throughout. All resolved in favor of taking HEAD and
adding tor_mem* or fast_mem* ops as appropriate.
src/common/Makefile.am
src/or/circuitbuild.c
src/or/directory.c
src/or/dirserv.c
src/or/dirvote.c
src/or/networkstatus.c
src/or/rendclient.c
src/or/rendservice.c
src/or/router.c
src/or/routerlist.c
src/or/routerparse.c
src/or/test.c
2011-05-11 16:24:29 -04:00
Nick Mathewson
59f9097d5c
Hand-conversion and audit phase of memcmp transition
...
Here I looked at the results of the automated conversion and cleaned
them up as follows:
If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I
changed it to a fast_memcmp or fast_memeq.
Otherwise if there was a tor_memcmp that could turn into a
tor_memneq or tor_memeq, I converted it.
This wants close attention.
[*] I'm erring on the side of caution here, and leaving some things
as tor_memcmp that could in my opinion use the data-dependent
fast_memcmp variant.
2011-05-11 16:12:51 -04:00
Nick Mathewson
db7b2a33ee
Automated conversion of memcmp to tor_memcmp/tor_mem[n]eq
...
This commit is _exactly_ the result of
perl -i -pe 's/\bmemcmp\(/tor_memcmp\(/g' src/*/*.[ch]
perl -i -pe 's/\!\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*==\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*!=\s*tor_memcmp\(/tor_memneq\(/g' src/*/*.[ch]
git checkout src/common/di_ops.[ch]
git checkout src/or/test.c
git checkout src/common/test.h
2011-05-11 16:12:51 -04:00
Nick Mathewson
26456d3354
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-04-27 22:14:54 -04:00
Nick Mathewson
0130e7c9d2
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
...
Conflicts:
src/common/torint.h
2011-04-27 22:14:28 -04:00
Nick Mathewson
43ffd023e9
Make SIZE_T_CEILING unsigned; add a signed SSIZE_T_CEILING
...
None of the comparisons were _broken_ previously, but avoiding
signed/unsigned comparisons makes everybody happier.
Fixes bug2475.
2011-04-26 13:03:58 -04:00
Nick Mathewson
b1b6552251
Merge remote-tracking branch 'origin/maint-0.2.2'
...
Conflicts:
src/common/crypto.c
2011-03-16 17:16:54 -04:00
Nick Mathewson
3310dd2358
Clean up whitespace
2011-03-16 17:11:30 -04:00
Nick Mathewson
57b954293e
Merge remote-tracking branch 'origin/maint-0.2.2'
...
Trivial Conflicts in
src/common/crypto.c
src/or/main.h
src/or/or.h
2011-03-16 17:09:32 -04:00
Nick Mathewson
6617822b84
Doxygen documentation for about 100 things that didn't have any
...
About 860 doxygen-less things remain in 0.2.2
2011-03-16 17:05:37 -04:00
Nick Mathewson
50c259d763
Make the DH parameter we use for TLS match the one from Apache's mod_ssl
...
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
(Backport from 0.2.2's 5ed73e3807
)
2011-02-10 15:55:06 -05:00
Nick Mathewson
912b76a1bf
Merge remote branch 'origin/maint-0.2.2'
2011-02-03 13:56:37 -05:00
Nick Mathewson
e80bdfb4a0
Correctly detect BIO_new failures
...
This bug was noticed by cypherpunks; fixes bug 2378.
Bugfix on svn commit r110.
2011-01-25 18:26:49 -05:00
Nick Mathewson
bfde636aad
Always treat failure to allocate an RSA key as an unrecoverable allocation error
2011-01-25 18:19:09 -05:00
Nick Mathewson
c939c953ae
Remove an unused function in crypto.c
2011-01-25 18:07:02 -05:00
Nick Mathewson
aaa5737a2e
Merge remote branch 'origin/maint-0.2.2'
2011-01-24 17:51:52 -05:00
Nick Mathewson
5ed73e3807
Make the DH parameter we use for TLS match the one from Apache's mod_ssl
...
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
2011-01-24 16:50:11 -05:00
Nick Mathewson
07888ed8e4
Merge remote branch 'origin/maint-0.2.2'
2011-01-15 14:17:59 -05:00
Nick Mathewson
a7790d48af
Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
2011-01-15 14:15:19 -05:00
Nick Mathewson
9b09627edd
Zero out some more key data before freeing it
...
Found by cypherpunks; fixes bug 2384.
2011-01-15 14:10:52 -05:00
Nick Mathewson
1758ef51de
Merge remote branch 'origin/maint-0.2.2'
2011-01-15 13:26:02 -05:00
Nick Mathewson
1393985768
Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
...
Conflicts:
src/or/routerparse.c
src/or/test.c
2011-01-15 13:25:13 -05:00
Nick Mathewson
b97b0efec8
Merge branch 'bug2352_obsize' into maint-0.2.1
2011-01-15 13:15:06 -05:00
Robert Ransom
7ea674e0e0
Remove some unnecessary occurrences of +1.
...
I dug through the OpenSSL source and verified that RSA_private_decrypt will
not write more than RSA_size(key) bytes to its output buffer.
2011-01-15 13:11:44 -05:00
Nick Mathewson
ed87738ede
Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
...
Conflicts:
src/or/config.c
src/or/networkstatus.c
src/or/rendcommon.c
src/or/routerparse.c
src/or/test.c
2011-01-15 12:02:55 -05:00
Nick Mathewson
115782bdbe
Fix a heap overflow found by debuger, and make it harder to make that mistake again
...
Our public key functions assumed that they were always writing into a
large enough buffer. In one case, they weren't.
(Incorporates fixes from sebastian)
2011-01-15 11:49:25 -05:00
Nick Mathewson
729f404efe
Add logic in routerparse to not read overlong private keys
...
I am not at all sure that it is possible to trigger a bug here,
but better safe than sorry.
2011-01-10 12:07:34 -05:00
Nick Mathewson
240fa42aac
Fix size_t vs unsigned comparison too
2011-01-05 12:49:02 -05:00
Nick Mathewson
0222228d64
Fix up size and sign issues in base32 code
...
Fixes bug 2331.
2011-01-03 16:16:53 -05:00
Nick Mathewson
bb5f99d4df
Merge remote branch 'sebastian/bug2314' into maint-0.2.2
2011-01-03 12:47:14 -05:00
Nick Mathewson
f1de329e78
Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
...
Conflicts:
src/common/test.h
src/or/test.c
2011-01-03 11:51:17 -05:00
Nick Mathewson
1a07348a50
Bump copyright statements to 2011
2011-01-03 11:50:39 -05:00
Sebastian Hahn
9ecf133686
Fix compile wanrings revealed by gcc 4.5 on mingw
2010-12-27 09:47:41 +01:00
Nick Mathewson
b5e293afe6
Merge remote branch fix_security_bug_021 into fix_security_bug_022
...
Conflicts:
src/common/memarea.c
src/or/or.h
src/or/rendclient.c
2010-12-15 22:48:23 -05:00
Nick Mathewson
785086cfba
Have all of our allocation functions and a few others check for underflow
...
It's all too easy in C to convert an unsigned value to a signed one,
which will (on all modern computers) give you a huge signed value. If
you have a size_t value of size greater than SSIZE_T_MAX, that is way
likelier to be an underflow than it is to be an actual request for
more than 2gb of memory in one go. (There's nothing in Tor that
should be trying to allocate >2gb chunks.)
2010-12-13 18:40:21 -05:00
Nick Mathewson
89e97bdf94
Add wrappers function for libc random()
...
On windows, it's called something different.
2010-11-29 16:00:47 -05:00
Sebastian Hahn
213139f887
Properly refcount client_identity_key
...
In a2bb0bf
we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.
Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.
2010-10-26 18:22:04 +02:00
Nick Mathewson
14bc4dcc22
Rename log.h to torlog.h
...
This should make us conflict less with system files named "log.h".
Yes, we shouldn't have been conflicting with those anyway, but some
people's compilers act very oddly.
The actual change was done with one "git mv", by editing
Makefile.am, and running
find . -name '*.[ch]' | xargs perl -i -pe 'if (/^#include.*\Wlog.h/) {s/log.h/torlog.h/; }'
2010-07-09 22:05:38 -04:00
Nick Mathewson
485cab869d
Merge remote branch 'public/rand_double2'
2010-06-29 18:57:59 -04:00
Nick Mathewson
b111a7cd9c
Make cbt_generate_sample use crypto_rand_double()
...
Possible workaround for bug 1139, if anybody cares.
2010-06-25 21:33:22 -04:00
Nick Mathewson
8e1bf98f4a
Log an error if openssl fails to copy a key for us
...
This should never happen unless openssl is buggy or some of our
assumptions are deeply wrong, but one of those might have been the
cause of the not-yet-reproducible bug 1209. If it ever happens again,
let's get some info we can use.
2010-06-22 22:20:52 -04:00
Nick Mathewson
006e2e8620
Add a function to return a double in range [0,1).
2010-06-22 21:30:26 -04:00
Nick Mathewson
b006e3279f
Merge remote branch 'origin/maint-0.2.1'
...
Conflicts:
src/common/test.h
src/or/test.c
2010-02-27 17:16:31 -05:00
Nick Mathewson
c3e63483b2
Update Tor Project copyright years
2010-02-27 17:14:21 -05:00
Nick Mathewson
616cbb31c7
Merge commit 'origin/maint-0.2.1'
2009-12-15 17:11:40 -05:00
Nick Mathewson
1c87a27574
Fix bug 1173: remove an assert(unsigned >= 0).
2009-12-15 15:51:59 -05:00
Nick Mathewson
9e6225ae16
Merge commit 'sebastian/coverity'
2009-12-12 02:10:19 -05:00
Sebastian Hahn
3807db001d
*_free functions now accept NULL
...
Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.
This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
2009-12-12 03:29:44 +01:00
Sebastian Hahn
70abd843fd
crypto_cipher_set_key cannot fail
...
In 5e4d53d535
we made it so that
crypto_cipher_set_key cannot fail. The call will now
always succeed, to returning a boolean for success/failure makes
no sense.
2009-10-27 04:31:23 +01:00
Nick Mathewson
5e4d53d535
Remove checks for array existence. (CID 410..415)
...
In C, the code "char x[10]; if (x) {...}" always takes the true branch of
the if statement. Coverity notices this now.
In some cases, we were testing arrays to make sure that an operation
we wanted to do would suceed. Those cases are now always-true.
In some cases, we were testing arrays to see if something was _set_.
Those caes are now tests for strlen(s), or tests for
!tor_mem_is_zero(d,len).
2009-10-26 22:40:41 -04:00
Karsten Loesing
d2b4b49ff0
Reduce log level for someone else sending us weak DH keys.
...
See task 1114. The most plausible explanation for someone sending us weak
DH keys is that they experiment with their Tor code or implement a new Tor
client. Usually, we don't care about such events, especially not on warn
level. If we really care about someone not following the Tor protocol, we
can set ProtocolWarnings to 1.
2009-10-25 23:47:05 -07:00
Nick Mathewson
200c39b66c
Document the microdescriptor code better.
2009-10-18 18:46:12 -04:00
Nick Mathewson
5576a3a094
Parse detached signature documents with multiple flavors and algorithms.
2009-10-15 15:17:13 -04:00
Nick Mathewson
3b2fc659a8
Refactor consensus signature storage for multiple digests and flavors.
...
This patch introduces a new type called document_signature_t to represent the
signature of a consensus document. Now, each consensus document can have up
to one document signature per voter per digest algorithm. Also, each
detached-signatures document can have up to one signature per <voter,
algorithm, flavor>.
2009-10-15 15:17:13 -04:00
Nick Mathewson
8d41e6c471
Support for encoding and decoding 256-bit digests in base64
2009-10-15 15:17:12 -04:00
Nick Mathewson
cfba9c01bf
Alter keygen function to generate keys of different lengths.
2009-09-29 00:53:25 -04:00
Nathan Freitas
76d26ae52d
Disable OpenSSL engines when building for Android.
...
Apparently the Android developers dumped OpenSSL's support for hardware
acceleration in order to save some memory, so you can't build programs using
engines on Android.
[Patch revised by nickm]
2009-09-29 00:53:10 -04:00
Nathan Freitas
8c585cce39
Include util.h and log.h as relative paths.
...
This shouldn't be necessary, but apparently the Android cross-compiler
doesn't respect -I as well as it should. (-I is supposed to add to the
*front* of the search path. Android's gcc wrapper apparently likes to add to
the end. This is broken, but we need to work around it.)
2009-09-29 00:52:52 -04:00
Nick Mathewson
5da3b45fdc
Make crypto_digest_get_digest nondestructive again.
...
Fixes bug in f57883a39
.
2009-08-20 12:03:32 -04:00
Nick Mathewson
d0c212995a
Add a SHA256 implementation for platforms that lack it.
...
(This would be everywhere running OpenSSL 0.9.7x and earlier, including
all current Macintosh users.)
The code is based on Tom St Denis's LibTomCrypt implementation,
modified to be way less general and use Tor's existing facilities. I
picked this one because it was pretty fast and pretty free, and
because Python uses it too.
2009-08-20 01:47:13 -04:00
Nick Mathewson
f57883a39e
Add basic support for SHA256.
...
This adds an openssl 0.9.8 dependency. Let's see if anybody cares.
2009-08-19 19:43:54 -04:00
Nick Mathewson
e84ddead34
Merge branch 'hardware_accel_improvements'
2009-05-31 13:36:50 -04:00
Nick Mathewson
260de44313
Fixes to spelling fixes. Thanks, Roger!
2009-05-28 12:22:48 -04:00
Nick Mathewson
ec7e054668
Spell-check Tor.
2009-05-27 17:55:51 -04:00
Martin Peck
7703b887f5
Add support for dynamic OpenSSL hardware crypto acceleration engines.
2009-05-23 16:42:44 -07:00
Karsten Loesing
9b32e8c141
Update copyright to 2009.
2009-05-04 11:28:27 -04:00
Karsten Loesing
4ebcc4da34
Update copyright to 2009.
2009-05-02 22:00:54 +02:00
Nick Mathewson
8ebceeb352
Make sure that even in the weird fiddly paths that lead to init_keys,
...
crypto_global_init gets called. Also have it be crypto_global_init
that calls crypto_seed_rng, so we are not dependent on OpenSSL's
RAND_poll in these fiddly cases.
Should fix bug 907. Bugfix on 0.0.9pre6. Backport candidate.
svn:r18210
2009-01-21 15:38:39 +00:00
Nick Mathewson
c4b8fef362
Remove svn $Id$s from our source, and remove tor --version --version.
...
The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed. They were not actually useful for
telling the version of Tor files in the wild.
svn:r17867
2009-01-04 00:35:51 +00:00
Nick Mathewson
b0a8ecd193
Use RSA_generate_key_ex where available.
...
svn:r17804
2008-12-29 02:20:57 +00:00
Nick Mathewson
b4d387c28b
Make freelist_len in memarea.c static; document a few variables.
...
svn:r17741
2008-12-22 19:14:08 +00:00
Nick Mathewson
1e5f457461
Fix most DOCDOCs remaining and/or added by redox.
...
svn:r17734
2008-12-22 17:53:04 +00:00
Nick Mathewson
1725c0c8a5
Add DOCDOC comments for all undocumented functions. Add missing *s to other comments so that they will get recognized as doxygen.
...
svn:r17729
2008-12-22 14:56:28 +00:00
Nick Mathewson
6c6b0283cb
Ben confirms that the MUST in rfc2631 is only for compatibility with X9.42, and isn't actually a security thing.
...
svn:r17685
2008-12-18 16:11:16 +00:00
Nick Mathewson
cebdf93949
Fix bug 889: share deep-copied keys between threads to avoid races in reference counts. Bugfix on 0.1.0.1-rc.
...
svn:r17672
2008-12-18 05:28:27 +00:00
Nick Mathewson
f43bcdc063
Use ctags and a python script to find identifiers that are never used anywhere, and remove the ones that we really want gone.
...
svn:r17651
2008-12-17 17:20:42 +00:00
Nick Mathewson
4d94e061c7
Clean up some redundant stuff in crypto_dh_new().
...
svn:r16778
2008-09-05 20:18:22 +00:00
Nick Mathewson
22259a0877
The first of Karsten's proposal 121 patches: configure and maintain client authorization data. Tweaked a bit: see comments on or-dev.
...
svn:r16475
2008-08-08 14:36:11 +00:00
Nick Mathewson
3ec25c2410
r16587@tombo: nickm | 2008-06-28 00:13:40 -0400
...
fix for bug 704; found by sjmurdoch. Windows and recent openssl both want to define OCSP_RESPONSE; do not let them.
svn:r15533
2008-06-28 04:16:17 +00:00
Nick Mathewson
d4ed91c672
Set dynamic-locking callbacks in openssl. These can be more efficient when openssl uses them.
...
svn:r15222
2008-06-13 16:35:12 +00:00
Nick Mathewson
ae2d022f0c
Remov unused macro in crypto.c
...
svn:r14950
2008-06-04 18:41:08 +00:00
Nick Mathewson
b7a80920e2
r15558@tombo: nickm | 2008-05-09 04:35:12 -0400
...
New (temporary) tool to dump the modulus of a key. May help with a project of weasel's.
svn:r14580
2008-05-09 08:35:38 +00:00
Nick Mathewson
b5b77f8bf3
r19004@catbus: nickm | 2008-03-21 15:18:43 -0400
...
Use RAND_poll() again: the bug that made us stop using it has been fixed.
svn:r14150
2008-03-21 19:18:57 +00:00
Nick Mathewson
3452486ac6
r14422@tombo: nickm | 2008-02-24 17:09:56 -0500
...
Whitespace fixes
svn:r13700
2008-02-24 22:11:18 +00:00
Nick Mathewson
e7db789e82
r14399@tombo: nickm | 2008-02-22 14:09:38 -0500
...
More 64-to-32 fixes. Partial backport candidate. still not done.
svn:r13680
2008-02-22 19:09:45 +00:00
Nick Mathewson
69300eb606
r14374@tombo: nickm | 2008-02-21 16:57:39 -0500
...
Fix all remaining shorten-64-to-32 errors in src/common. Some were genuine problems. Many were compatibility errors with libraries (openssl, zlib) that like predate size_t. Partial backport candidate.
svn:r13665
2008-02-21 21:57:47 +00:00
Nick Mathewson
b375472d14
r14373@tombo: nickm | 2008-02-21 16:29:18 -0500
...
Apply warnings about implicit 64-to-32 conversions; some from Sebastian Hahn; some not.
svn:r13664
2008-02-21 21:57:42 +00:00
Nick Mathewson
24e8e1fb36
r14185@tombo: nickm | 2008-02-15 18:05:54 -0500
...
Replace the hefty tor_strpartition with a simple function to replace its only (trivial) use.
svn:r13532
2008-02-15 23:39:14 +00:00
Roger Dingledine
509d2912dc
doxygen and other cleanups
...
svn:r13440
2008-02-09 03:11:10 +00:00
Nick Mathewson
de827f89df
r14062@tombo: nickm | 2008-02-08 15:17:07 -0500
...
Change DNs in x509 certificates to be harder to fingerprint. Raise common code. Refactor random hostname generation into crypto.c
svn:r13429
2008-02-08 21:13:12 +00:00
Nick Mathewson
b8179871a6
r17964@catbus: nickm | 2008-02-07 10:45:02 -0500
...
Fix bug in last patch that made secret_to_key crash.
svn:r13415
2008-02-07 16:10:36 +00:00
Nick Mathewson
eecc44dab8
r17963@catbus: nickm | 2008-02-07 10:14:25 -0500
...
Be more thorough about memory poisoning and clearing. Add an in-place version of aes_crypt in order to remove a memcpy from relay_crypt_one_payload.
svn:r13414
2008-02-07 16:10:33 +00:00
Nick Mathewson
842a33ff20
Update some copyright notices: it is now 2008.
...
svn:r13412
2008-02-07 05:31:47 +00:00
Nick Mathewson
a51deb9a9c
r17903@catbus: nickm | 2008-02-05 14:40:03 -0500
...
Remove some dead code; fix some XXX020s; turn some XXX020s into XXXX_IP6s (i.e., "needs to be fixed when we add ipv6 support").
svn:r13382
2008-02-05 19:40:26 +00:00
Nick Mathewson
d7fb8a34ac
r17613@catbus: nickm | 2008-01-14 13:52:44 -0500
...
Do not segfault if symetric key generation somehow fails in crypto_hybrid_encrypt.
svn:r13132
2008-01-14 19:00:28 +00:00
Nick Mathewson
becbafc9db
r17491@catbus: nickm | 2008-01-07 11:50:24 -0500
...
Remove some dead code.
svn:r13053
2008-01-07 16:50:33 +00:00
Roger Dingledine
1d8a8063b9
clean up copyrights, and assign 2007 copyrights to The Tor Project, Inc
...
svn:r12786
2007-12-12 21:09:01 +00:00
Roger Dingledine
7f12ebc3fa
cleanups on r12579
...
svn:r12580
2007-11-27 21:17:43 +00:00
Nick Mathewson
e047f7f865
r16455@catbus: nickm | 2007-11-06 12:48:00 -0500
...
Parse CERT cells and act correctly when we get them.
svn:r12396
2007-11-06 18:00:07 +00:00
Nick Mathewson
7712ddf8e7
r16317@catbus: nickm | 2007-10-31 23:52:52 -0400
...
Use HMAC() function from openssl. Oops.
svn:r12304
2007-11-01 03:56:17 +00:00
Nick Mathewson
17266cc44a
r16287@catbus: nickm | 2007-10-31 00:53:53 -0400
...
HMAC-SHA-1 implementation, with unit tests based on vectors from RVFC2202. Steven's stuff will need this.
svn:r12289
2007-10-31 04:56:59 +00:00
Nick Mathewson
7da93b80ca
r16159@catbus: nickm | 2007-10-25 12:53:38 -0400
...
Drop support for OpenSSL 0.9.6.
svn:r12191
2007-10-25 16:54:56 +00:00
Nick Mathewson
e3113502ad
r15882@catbus: nickm | 2007-10-17 15:23:05 -0400
...
oprofile was telling me that a fair bit of our time in openssl was spent in base64_decode, so replace base64_decode with an all-at-once fairly optimized implementation. For decoding keys and digests, it seems 3-3.5x faster than calling out to openssl. (Yes, I wrote it from scratch.)
svn:r12002
2007-10-17 19:23:56 +00:00
Nick Mathewson
7f9e9c816c
r15790@catbus: nickm | 2007-10-15 11:38:28 -0400
...
Fix bug 528: fix memory leak in base32_decode(). While there, also make base32_decode() accept upper-case inputs.
svn:r11946
2007-10-15 15:38:44 +00:00
Nick Mathewson
3de8158b16
r15702@catbus: nickm | 2007-10-11 17:29:20 -0400
...
Remove a bunch of redundant includes in crypto.c
svn:r11885
2007-10-11 21:40:32 +00:00
Nick Mathewson
fc5dd0cdbb
r15231@catbus: nickm | 2007-09-20 16:04:30 -0400
...
Patch from karsten: remove cbc and make unit tests handle aes-ctr-with-iv.
svn:r11538
2007-09-20 20:08:47 +00:00
Nick Mathewson
5f7950e874
r15172@catbus: nickm | 2007-09-19 11:50:02 -0400
...
New (untested) code to implement AES-with-IV. Currently, IVs are generated randomly. Once tested, should be (almost) a drop-in replacement for the CBC functions.
svn:r11519
2007-09-19 15:53:41 +00:00
Roger Dingledine
1a930cfc70
minor style tweaks
...
svn:r11490
2007-09-18 17:18:14 +00:00
Roger Dingledine
f15a4c8bd7
add some crypto/util functions from karsten, as the first
...
step of integrating his new hidden service stuff
svn:r11489
2007-09-18 17:07:56 +00:00
Nick Mathewson
3637ee0e59
r13383@catbus: nickm | 2007-06-13 13:53:04 -0400
...
Expose a function to parse a private key from a string as CRYPTO_PRIVATE. For testing.
svn:r10583
2007-06-13 18:15:53 +00:00
Nick Mathewson
6673d445f5
r13283@catbus: nickm | 2007-06-06 01:43:44 -0400
...
Fix up a couple of loops flagged by -Wunsafe-loop-optimizations so that they are more readable (and more amenable to compilation)
svn:r10513
2007-06-06 13:02:22 +00:00
Nick Mathewson
6faa9e2641
r13239@catbus: nickm | 2007-06-04 11:30:37 -0400
...
Fix the fix for bug 445: set umask properly. Also use open+fdopen rather than just umask+fopen, and create authority identity key with mode 400.
svn:r10485
2007-06-04 15:30:40 +00:00
Nick Mathewson
cb0324c400
r13191@catbus: nickm | 2007-06-03 19:38:18 -0400
...
Set umask(0700) when starting tor-gencert; resolves bug 445.
svn:r10475
2007-06-03 23:38:20 +00:00
Nick Mathewson
a187704872
r12980@Kushana: nickm | 2007-05-18 14:11:05 -0400
...
Add a "swap" function to smartlist, add a "shuffle" function for smartlist to crypto.c, and make appropriate hashtable functions be more const.
svn:r10208
2007-05-18 21:19:14 +00:00
Nick Mathewson
836328be2e
r12777@catbus: nickm | 2007-05-16 21:52:23 -0400
...
Fix dumb bug introduced in r10199
svn:r10202
2007-05-17 01:52:26 +00:00
Nick Mathewson
807adfc879
r12769@catbus: nickm | 2007-05-16 17:32:01 -0400
...
Fix warnings from -Wunsafe-loop-optimizations, which incidentally turned up a logic bug in connection_or_flush_from_first_active_circuit that would overcount the number of cells flushed.
svn:r10199
2007-05-16 22:15:48 +00:00
Nick Mathewson
9279c1d5fe
r12638@catbus: nickm | 2007-05-02 17:37:30 -0400
...
Remove the "RSA keys are 128-bits" assumption from crypto.c
svn:r10096
2007-05-02 21:37:53 +00:00
Nick Mathewson
6a27dd8284
r12595@catbus: nickm | 2007-04-30 18:32:34 -0400
...
Move private function declarations from crypto.c into a new #ifdef CRYPTO_PRIVATE block in crypto.h
svn:r10074
2007-04-30 22:42:50 +00:00
Nick Mathewson
f38240435a
r12001@catbus: nickm | 2007-02-28 15:24:12 -0500
...
Try to build without warnings on mingw with verbose warnings on. First attempt.
svn:r9688
2007-02-28 20:24:27 +00:00
Nick Mathewson
d6368fd075
r11976@catbus: nickm | 2007-02-27 19:35:59 -0500
...
Add some missing (redundant but helpful in most cases) static declarations, and remove a function nobody was calling.
svn:r9672
2007-02-28 00:36:03 +00:00
Nick Mathewson
759c58151e
r11775@catbus: nickm | 2007-02-12 16:39:09 -0500
...
Update copyright dates.
svn:r9570
2007-02-12 21:39:53 +00:00
Roger Dingledine
4ba57f68e4
more changes. i'm all caught up now.
...
svn:r9495
2007-02-06 02:49:07 +00:00
Nick Mathewson
f02be02356
r11639@catbus: nickm | 2007-02-05 13:33:38 -0500
...
Add documentation to src/common/*.h; improve documentation for SMARTLIST_FOREACH; remove never-used options and corresponding tests from tor_strpartition.
svn:r9483
2007-02-05 18:33:52 +00:00
Nick Mathewson
fefba95363
r11629@catbus: nickm | 2007-02-02 15:06:17 -0500
...
Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were. Oops. Hey, kids! Fixing some of these could be your first Tor patch!
svn:r9477
2007-02-02 20:06:43 +00:00
Nick Mathewson
ef0720f909
r9689@catbus: nickm | 2007-01-19 22:34:20 -0500
...
And remove another strcpy.
svn:r9375
2007-01-20 03:35:03 +00:00
Roger Dingledine
dcd33ef599
i saw somebody on #tor paste a string where these were
...
null. better safe than sorry.
svn:r8767
2006-10-20 00:12:02 +00:00
Nick Mathewson
7551c44a53
r9274@Kushana: nickm | 2006-10-19 16:16:58 -0400
...
Add unit tests for tor_mmap_file(); make tor_mmap_t.size always be the size of the file (not the size of the mapping); add an extra argument to read_file_to_str() so it can return the size of the result string.
svn:r8762
2006-10-19 23:05:02 +00:00
Nick Mathewson
c6f2d725d0
r8957@totoro: nickm | 2006-10-08 22:35:17 -0400
...
The otherwise regrettable MIPSpro C compiler warns about values set but never used, and about mixing enums and ints; these are good warnings, and so should be fixed. This removes some dead code and some potential bugs. Thanks to pnx.
svn:r8664
2006-10-09 02:35:51 +00:00
Roger Dingledine
881d23847a
fix something that looked scary to me. i believe this won't
...
change any behavior currently, but it will avoiding calling
noop code that might change for the worse some time.
nick, please confirm.
svn:r8623
2006-10-07 00:52:23 +00:00
Nick Mathewson
219ad6395c
r8825@totoro: nickm | 2006-10-01 17:41:27 -0400
...
Add function to return a random uint64_t.
svn:r8570
2006-10-01 21:59:05 +00:00
Nick Mathewson
7d366f61cb
r9025@Kushana: nickm | 2006-09-29 18:33:13 -0400
...
Differentiate more duplicated log entries
svn:r8542
2006-09-29 22:33:40 +00:00
Nick Mathewson
87648bdcf8
r9008@Kushana: nickm | 2006-09-29 13:50:10 -0400
...
Doxygen comments for code in common. Also simplify a few code paths to be more clear/speedy/correct.
svn:r8536
2006-09-29 18:13:37 +00:00
Nick Mathewson
c4ac4bcba3
r8696@Kushana: nickm | 2006-08-31 14:43:44 -0400
...
Try to appease some warnings with newer gccs that believe that ignoring a return value is okay, but casting a return value and then ignoring it is a sign of madness.
svn:r8312
2006-08-31 18:47:54 +00:00
Roger Dingledine
4b94dabb53
note a compile warning that we should investigate one day.
...
svn:r7052
2006-08-14 09:44:54 +00:00
Roger Dingledine
3d79eb52ab
stick to nick's nul/null convention
...
svn:r6763
2006-07-15 19:21:30 +00:00
Roger Dingledine
266afcd7d5
bandaid for bug 299. this is still a bug, since we don't
...
initialize for hardware acceleration in certain configurations;
but not critical until that is supported.
svn:r6536
2006-06-05 04:29:03 +00:00
Nick Mathewson
853e2d99b6
Add a new warning to our "warn a lot" list: unused parameters. This means we have to explicitly "use" unuseds, but it can catch bugs. (It caught two coding mistakes so far.)
...
svn:r6532
2006-06-04 22:42:13 +00:00
Roger Dingledine
36712a443b
Stop initializing the hardware accelerator engines simply because
...
we overloaded the meaning of the argument to crypto_global_init().
svn:r6490
2006-05-24 00:37:38 +00:00
Nick Mathewson
1fbc74661f
Remove DER64 functions in trunk: they will never be used again unless the directory authorities switch back to 0.0.9tooearly.
...
svn:r6376
2006-04-10 21:23:00 +00:00
Roger Dingledine
0543900fbf
clean up the traces from tracking the 0.1.1.9-alpha stack-smashing bug.
...
svn:r6240
2006-03-26 06:47:51 +00:00
Nick Mathewson
bd8ffccae7
More cleanups noticed by weasel; also, remove macros that nobody uses.
...
svn:r6143
2006-03-12 23:31:16 +00:00
Roger Dingledine
6ce36ead42
Start the process of converting warn to log_warn and so on.
...
This is needed because Windows already has an err() that we
can't clobber. And we need to be able to make the log functions
a macro so we can print the function's name in the log entry.
svn:r6000
2006-02-13 08:01:59 +00:00
Roger Dingledine
5f051574d5
Happy new year!
...
svn:r5949
2006-02-09 05:46:49 +00:00
Nick Mathewson
45757dafb7
Split PARANOIA_B into B1 and B2.
...
svn:r5849
2006-01-22 18:22:04 +00:00
Nick Mathewson
241310bbac
Split 0119_PARANOIA into 0119_PARANOIA_[ABC]. A is "this is suspicious, and we have not tried running without this yet". B is "this is suspicious, but the last time we tested, it was okay." C is "How could this possibly be the cause?"
...
svn:r5840
2006-01-17 23:08:38 +00:00
Nick Mathewson
55ac4f032c
Add a (diabled by default) option in crypto.h to disable most of the interesting crypto-related changes made on 0.1.1.9. This will help hunt bug 234.
...
svn:r5777
2006-01-10 21:12:06 +00:00
Nick Mathewson
1af630d32c
Bite the bullet and limit all our source lines to 80 characters, the way IBM intended.
...
svn:r5582
2005-12-14 20:40:40 +00:00
Nick Mathewson
e9b66ec906
Document CREATE_FAST better in the code. Move our key expansion algorithm into a separate function in crypto.c
...
svn:r5530
2005-12-08 17:38:32 +00:00
Roger Dingledine
485b2cb4dc
get rid of nick's crazy voodoo dh checking.
...
svn:r5518
2005-12-06 23:09:44 +00:00
Roger Dingledine
923ad87470
remove another unused function
...
svn:r5477
2005-11-30 22:19:02 +00:00
Nick Mathewson
9cec3a13f5
remove some functions that are not used; #if0 out some files that are not likely to be used.
...
svn:r5471
2005-11-30 06:27:59 +00:00
Roger Dingledine
8182eb69cd
a smidgen more hint when we fail to seed the rng
...
svn:r5438
2005-11-21 01:12:01 +00:00
Nick Mathewson
83d6b0387b
Try to build with OpenSSL 0.9.6. Lets pay attention to see if anybody complains.
...
svn:r5398
2005-11-16 05:22:44 +00:00
Nick Mathewson
887178e710
Oops. It looks like there *was* an easy way to make openssl do what we wanted.
...
svn:r5370
2005-11-14 19:18:31 +00:00
Roger Dingledine
5ef2927870
correct nick's comment
...
svn:r5360
2005-11-11 21:44:38 +00:00
Nick Mathewson
f14743a975
Note that much of check_dh_key is voodoo; make x in DH be only 320 bits for DH speed improvement: this wants auditing. [We have blessing from Ian on this.] (Note that DH in SSL is not yet affected.)
...
svn:r5359
2005-11-11 20:18:00 +00:00
Nick Mathewson
3c36a14ba6
Call ERR_remove_state() on the main thread on shutdown,too
...
svn:r5322
2005-10-26 02:20:48 +00:00
Nick Mathewson
9492424d3f
Per comments at the bottom of openssl/FAQ, call even more functions to
...
clean up OpenSSL's toys when it's done playing. (Why isn't there an
OpenSSL_free_everything() function?)
svn:r5321
2005-10-25 19:01:48 +00:00
Nick Mathewson
edf5698474
Start dividing log messages into logging domains. No, LD_ is not the best of identifiers. src/or has not been converted yet. Domains dont do anything yet.
...
svn:r5284
2005-10-18 21:58:19 +00:00
Peter Palfrader
0d9aedfcea
Downgrade a few INFO level logs to DEBUG again. Also add two or three new
...
logs in cases where a calling function's log was downgraded and we wouldn't
get any log message otherwise.
svn:r5263
2005-10-17 16:21:42 +00:00
Nick Mathewson
9bc2467626
Okay, try to use RAND_poll() from OpenSSL where available.
...
svn:r5229
2005-10-08 05:47:15 +00:00
Roger Dingledine
c4757e0705
LOG_ERR is for when we know we're going to exit. use LOG_WARN in other
...
cases.
svn:r5220
2005-10-07 19:53:57 +00:00
Nick Mathewson
150e5ac098
disable RAND_poll() for the alpha of the day; at least 24 hours of testing is in order for something like that.
...
svn:r5216
2005-10-07 19:17:20 +00:00
Nick Mathewson
a53ecc94f9
Add half our entropy from RAND_poll in OpenSSL. These know how to use egd (if present) openbsd weirdness (if present), vms/os2 weirdness (if we ever port there), and more in the future.
...
svn:r5215
2005-10-07 19:03:09 +00:00
Nick Mathewson
a89daaeca9
Once an hour (not just on startup) give OpenSSL some more entropy.
...
Add entropy in 512-bit chunks, not 160-bit chunks. (This latter
change is voodoo.)
svn:r5211
2005-10-06 22:22:22 +00:00
Nick Mathewson
cc35e1720f
Using RAND_pseudo_bytes instead of RAND_bytes is an accident waiting to happen, and does not really speed us up much when we do it. So stop doing it.
...
svn:r5210
2005-10-06 22:18:01 +00:00
Nick Mathewson
ba24193ab5
Make doxygen marginally happier
...
svn:r5208
2005-10-06 04:33:40 +00:00
Nick Mathewson
f8c07e1f33
free EVP cipher information on shutdown to remove some spurious dmalloc complaints.
...
svn:r5180
2005-10-03 21:10:35 +00:00
Nick Mathewson
de198d800b
Never call free() on tor_malloc()d memory. This is unlikely to be our current leak, but it may help dmalloc work.
...
svn:r5168
2005-09-30 20:47:58 +00:00
Nick Mathewson
26e7a05725
even better function start checks; give dmalloc a chance of working.
...
svn:r5162
2005-09-30 01:39:24 +00:00
Nick Mathewson
92451f74a8
Reformat inconsistent function declarations.
...
svn:r5160
2005-09-30 01:09:52 +00:00
Nick Mathewson
5c53545d81
Add a bunch more warnings to out warning suite; resolve them; pack structs a little better.
...
svn:r5150
2005-09-29 22:59:17 +00:00
Nick Mathewson
f8a80e8d59
Helper functions to perform our truncated base64 encoding on hexdigests.
...
svn:r5087
2005-09-18 02:18:59 +00:00
Nick Mathewson
6b479b3cfa
Only do openssl accel stuff if version is at least 0.9.7
...
svn:r4973
2005-09-09 22:07:15 +00:00
Roger Dingledine
fa507c63e8
put quotes around user-supplied strings so they are more likely to
...
realize if they add bad characters (like quotes) to the torrc
svn:r4844
2005-08-26 18:40:44 +00:00
Roger Dingledine
121ea4dd93
a url for better reference
...
svn:r4778
2005-08-15 01:03:50 +00:00
Nick Mathewson
943ef5256b
fix whitespace issues
...
svn:r4752
2005-08-08 21:59:48 +00:00
Nick Mathewson
9345323b18
far far cleaner implementation of handshake checking logic. Backport candidate.
...
svn:r4736
2005-08-07 20:36:14 +00:00
Roger Dingledine
bfe65db284
ok, so now it was just redundant. nick, do you recall what rfc
...
you were trying to point to?
svn:r4727
2005-08-07 17:11:33 +00:00
Roger Dingledine
b9a7482c02
note another potential security problem with generating key material
...
from our DH handshake.
svn:r4724
2005-08-06 16:50:51 +00:00
Roger Dingledine
261bf4c4d4
rfc 3536 "provides a glossary of terms used in the IETF when discussing
...
internationalization."
svn:r4723
2005-08-05 22:08:57 +00:00
Nick Mathewson
224fecb281
Appease insane windows compiler. (Oh no, an extra semi, the sky is falling!)
...
svn:r4722
2005-08-05 19:25:23 +00:00
Nick Mathewson
197eb2b2cb
fix harmless copy-and-paste error
...
svn:r4718
2005-08-05 14:59:14 +00:00
Nick Mathewson
ea2aa107a7
cover a few more cases; needs testing and once-over
...
svn:r4717
2005-08-05 14:20:38 +00:00
Nick Mathewson
3fa821d911
oops, that array got bigger
...
svn:r4708
2005-08-04 23:18:51 +00:00
Nick Mathewson
7a9eb49f5f
Discard special bignum values.
...
svn:r4706
2005-08-04 23:14:42 +00:00
Nick Mathewson
2aff87caae
Load hardware acceleration options when/where available. Can anybody test this?
...
svn:r4467
2005-06-20 18:56:35 +00:00
Nick Mathewson
d4972bd2e1
Remove code that has been #if-0ed for a long time.
...
svn:r4435
2005-06-15 18:34:46 +00:00
Roger Dingledine
fcd0fc3364
flesh out the source file descriptions for doxygen
...
svn:r4404
2005-06-11 05:31:17 +00:00
Nick Mathewson
0831823763
Change end-of-file NLNL convention. It turns out arma I and I agree.
...
svn:r4382
2005-06-09 19:03:31 +00:00
Nick Mathewson
5420aed38e
Possible bugfix for 151: backport candidate.
...
svn:r4318
2005-06-06 20:02:09 +00:00
Nick Mathewson
10b2208d93
Make Tor compile with no warnings with gcc4.0 on OSX
...
svn:r4184
2005-05-07 05:55:06 +00:00
Nick Mathewson
0e81265359
update copyright notices.
...
svn:r3982
2005-04-01 20:15:56 +00:00
Nick Mathewson
837d7dff69
Try to make crash-on-shutdown bug harder to trigger.
...
svn:r3939
2005-04-01 02:37:10 +00:00
Nick Mathewson
905c16846a
Fix a few more instances of memory not freed on exit (found by weasel).
...
svn:r3830
2005-03-23 06:20:50 +00:00
Nick Mathewson
aac97a3c6a
Tell openssl how to use locks and how to find thread ids -- this may prevent race conditions surrounding the error queue.
...
svn:r3622
2005-02-13 22:32:25 +00:00
Nick Mathewson
f6221b695f
Apply windows patch from Dmitri Bely
...
svn:r3617
2005-02-12 21:03:37 +00:00
Roger Dingledine
9e6d6c6096
Bugfix: we've been using openssl's BIO_get_mem_data incorrectly.
...
We assumed the pem-encoded data written by PEM_write_bio_RSAPrivateKey
is nul-terminated, and at least sometimes, it's not.
svn:r3263
2005-01-03 22:35:40 +00:00
Nick Mathewson
8c85c0bef8
Note that length checking on base64_decode is kinda conservative
...
svn:r3144
2004-12-13 18:38:19 +00:00
Nick Mathewson
fd4c624677
Belt *or* suspenders will be sufficient when casting things to unsigned char.
...
svn:r3122
2004-12-08 07:20:21 +00:00
Nick Mathewson
fe6eb34a10
Solaris CC freaks out if isspace and friends get anything other than an int. We learned that, so we casted. But it is also a bad idea to cast a signed char to an int and expect things to work on win32. Now we cast to unsigned char, then to int, then pass to isspace. Ug
...
svn:r3120
2004-12-08 00:42:50 +00:00
Nick Mathewson
a980446d0c
Be more proactive about noticing underflows: size_t values greater than 0x800...00 are likely to be trouble.
...
svn:r3064
2004-12-02 04:33:01 +00:00
Nick Mathewson
b457cfb5eb
Spell-check strings and comments
...
svn:r3052
2004-12-01 03:48:14 +00:00
Nick Mathewson
7fbd297532
Suggestion from weasel: Make tor --version --version dump the cvs Id of every file.
...
svn:r3019
2004-11-29 22:25:31 +00:00
Nick Mathewson
6f5dbefa7e
Normalize space: add one between every control keyword and control clause.
...
svn:r3003
2004-11-28 09:05:49 +00:00
Roger Dingledine
7c9a707900
remove emacs droppings, since nick says he doesn't need them anymore
...
svn:r2989
2004-11-26 04:00:55 +00:00
Nick Mathewson
5a5be93f80
Normalize whitespace; add a "tell me about all the unnormalized whitespace" target; fix a braino in dirserv.c
...
svn:r2758
2004-11-09 20:04:00 +00:00
Nick Mathewson
cea9125d71
Implement two flavors of authentication for control connections: one for trusted FS, one for untrusted FS.
...
svn:r2664
2004-11-03 19:49:03 +00:00
Nick Mathewson
ad4dc74482
Use a stricter set of warnings; make them all pass.
...
svn:r2645
2004-11-02 03:02:17 +00:00