Nick Mathewson
882e0fbd76
Merge branch 'bug17795'
2016-02-23 07:25:12 -05:00
Nick Mathewson
9746aed2ba
Another automated rename.
...
Also simplify crypto_common_digests() to have no loop.
2016-02-10 15:32:12 -05:00
Nick Mathewson
8a4bba06d2
Rename crypto_digest_all, and digests_t.
...
They are no longer "all" digests, but only the "common" digests.
Part of 17795.
This is an automated patch I made with a couple of perl one-liners:
perl -i -pe 's/crypto_digest_all/crypto_common_digests/g;' src/*/*.[ch]
perl -i -pe 's/\bdigests_t\b/common_digests_t/g;' src/*/*.[ch]
2016-02-10 15:28:19 -05:00
Nick Mathewson
fa52b6f075
Make tortls unit tests pass with LibreSSL.
...
Part of the fix for 17921.
2016-02-03 11:31:57 -05:00
Nick Mathewson
27582325dc
Make Tor build happily with OpenSSL master and libressl.
...
Also tested with 1.0.0t and 1.0.2f.
Closes ticket 19784.
Closes most of 17921. (Still need to make some tests pass.)
2016-02-03 11:13:12 -05:00
Nick Mathewson
bb19799a49
Appease "make check-spaces"
2015-12-20 15:00:20 -05:00
Nick Mathewson
14c9b99051
mark a variable unused to fix a warning.
2015-12-18 13:16:40 -05:00
Nick Mathewson
0c5d8d9a4f
Move some more code inside a tortls.c ifdef to fix deadcode warning.
2015-12-18 11:11:42 -05:00
Nick Mathewson
6b5b1a02d4
Fix a coverity NULL-pointer deref warning in the tortls tests.
...
Also, make our cert validation code more NULL-resistant.
This is CID 1327891.
2015-12-18 10:25:15 -05:00
Nick Mathewson
9e2c4ee557
Fix some dead code in tortls.c
...
If SSL_CIPHER_find exists, then we won't use either of the two
kludges that would replace it.
Found by Coverity; fixes CID 1340256.
2015-12-18 10:04:01 -05:00
cypherpunks
824a6a2a90
Replace usage of INLINE with inline
...
This patch was generated using;
sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
2015-12-15 11:34:00 -05:00
Nick Mathewson
e5754c42d1
Merge branch 'bug17686_v2_027'
2015-11-25 22:33:49 -05:00
Nick Mathewson
ddcbe26474
Now that crypto_rand() cannot fail, it should return void.
2015-11-25 22:29:59 -05:00
Nick Mathewson
d467227323
Merge remote-tracking branch 'public/ticket11150_client_only'
2015-11-13 09:58:16 -05:00
Nick Mathewson
c32a43a4d2
Move openssl version compatibility defines into a new header.
2015-11-10 10:02:21 -05:00
Yawning Angel
3e3ec750cd
Fix compilation with OpenSSL 1.1.0-dev.
...
OpenSSL changed the API:
* 5998e29035
* b0700d2c8d
2015-11-06 19:02:56 +00:00
Nick Mathewson
5e9f2384cf
Fix various coverity-found issues
2015-10-21 16:01:29 -04:00
Nick Mathewson
f217b24e05
Merge remote-tracking branch 'origin/maint-0.2.7'
2015-10-21 12:03:04 -04:00
Nick Mathewson
4fb4906975
Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.7
2015-10-21 12:02:42 -04:00
Nick Mathewson
9459ae260e
Fix the return value
2015-10-21 12:01:05 -04:00
Nick Mathewson
895a98dbaf
Merge remote-tracking branch 'origin/maint-0.2.7'
2015-10-21 11:53:00 -04:00
Nick Mathewson
b809c265e7
Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.7
2015-10-21 11:51:03 -04:00
Nick Mathewson
35bf07b8d6
Check for len < 4 in dn_indicates_v3_cert
...
Without this check, we potentially look up to 3 characters before
the start of a malloc'd segment, which could provoke a crash under
certain (weird afaik) circumstances.
Fixes 17404; bugfix on 0.2.6.3-alpha.
2015-10-21 11:44:43 -04:00
Nick Mathewson
5bd3290df3
Remove workaround code for broken client-side renegotiation
...
Since 11150 removed client-side support for renegotiation, we no
longer need to make sure we have an openssl/TLSvX combination that
supports it (client-side)
2015-10-07 10:16:37 -04:00
Nick Mathewson
6505d529a5
Remove client-side support for detecting v1 handshake
...
Fixes more of 11150
2015-10-07 10:13:39 -04:00
Nick Mathewson
2ad6e1bb0e
Make the mis-named V2_HANDSHAKE_SERVER/CLIENT macros always-on.
...
They selected the V2 handshake *and* the V3 handshake, in a strange
mixture. Both handshakes have been mandatory for a long time.
2015-10-07 10:07:29 -04:00
Nick Mathewson
bd1a137893
Remove the client-side code for the v1 and v2 tls handshakes.
...
(This is safe since super-old Tor servers are no longer allowed on
the network.)
Closes the client-side part of 11150.
2015-10-07 10:04:12 -04:00
Nick Mathewson
bfd9dccdb8
Merge remote-tracking branch 'origin/maint-0.2.7'
2015-10-06 09:06:57 -04:00
Nick Mathewson
1eb838b303
Work around openssl declaring x509_get_not{Before,After} as functions
...
Now that x509_get_not{Before,After} are functions in OpenSSL 1.1
(not yet releasesd), we need to define a variant that takes a const
pointer to X509 and returns a const pointer to ASN1_time.
Part of 17237. I'm not convinced this is an openssl bug or a tor
bug. It might be just one of those things.
2015-10-06 09:04:37 -04:00
Nick Mathewson
11e3db3ee8
clean up whitespace
2015-10-02 15:13:19 +02:00
Nick Mathewson
b5aa257d46
Fix "make check-spaces"
2015-10-02 14:33:54 +02:00
Nick Mathewson
39901bd408
Make test_tortls compile without warnings
2015-10-02 14:20:28 +02:00
Nick Mathewson
086c33ea61
Merge remote-tracking branch 'twstrike/tortls_tests'
2015-10-02 14:12:27 +02:00
Ola Bini
94e5db3dca
Add tests for tortls.c
2015-09-15 17:09:18 +02:00
Nick Mathewson
902517a7c0
Use SSL_get_client_ciphers() on openssl 1.1+, not SSL_get_ciphers...
...
(which isn't correct.)
Fixes bug 17047; bugfix on 0.2.7.2-alpha, introduced by the merge in
0030765e04
, apparently.
2015-09-13 11:51:51 -04:00
Nick Mathewson
d9052c629b
Remove checks for visual C 6.
2015-06-29 12:55:03 -04:00
teor
4079d2e0a5
Fix spacing in tortls.c
2015-06-16 03:10:44 +10:00
teor
e870f6285d
Fix clang address of struct member always non-NULL in SSL master key
...
clang complains that the address of struct member in an assert in
SSL_SESSION_get_master_key is always non-NULL.
Instead, check each pointer argument is non-NULL before using it.
Fix on f90a704f12
from 27 May 2015, not in any released version of tor.
2015-06-11 01:06:15 +10:00
Nick Mathewson
e48f8e5e87
Merge remote-tracking branch 'public/bug15760_hard_026_v2'
2015-06-02 15:08:14 -04:00
Yawning Angel
8024f6a75f
A few more minor OpenSSL 1.1 fixes.
...
* Use `TLS_method()` instead of the deprecated `SSLv23_method()`
* Fix one missed conversion to `SSL_CIPHER_get_id()`
2015-06-02 15:04:20 -04:00
Nick Mathewson
34edf17d88
Merge remote-tracking branch 'teor/bug16115-minor-fixes'
2015-06-02 14:51:13 -04:00
teor
b3f79da0d5
Silence unused variable warnings in find_cipher_by_id
...
Unused variable warnings were still generated under some versions of OpenSSL.
Instead, make sure all variables are used under all versions.
Fix on 496df21c89
, not in any released version of tor.
2015-06-03 04:19:05 +10:00
Nick Mathewson
0030765e04
Merge remote-tracking branch 'public/bug15760_hard_026_v2'
...
Conflicts:
src/common/tortls.c
2015-06-02 13:45:27 -04:00
Nick Mathewson
ff835e2328
Use autoconf, not OPENSSL_VERSION_NUMBER, to detect SSL_CIPHER_find
...
Repairs build with libressl
2015-06-02 13:38:27 -04:00
Nick Mathewson
f90a704f12
Use accessor functions for client_random/server_random/master_key
...
If OpenSSL accepts my patch to introduce these functions, they'll
be a way to help Tor work with OpenSSL 1.1.
2015-06-02 13:38:27 -04:00
Andrea Shepard
0e0b65db4f
Appease make check-spaces
2015-06-01 12:59:14 +00:00
Nick Mathewson
1b52e95028
Merge branch '12498_ed25519_keys_v6'
...
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28 11:04:33 -04:00
Nick Mathewson
55bb7bbafd
Tests for AUTHENTICATE cell functionality.
2015-05-28 10:41:50 -04:00
Nick Mathewson
b75361c5ed
Start testing cell encoders/processers for the v3 handshake.
...
An earlier version of these tests was broken; now they're a nicer,
more robust, more black-box set of tests. The key is to have each
test check a handshake message that is wrong in _one_ way.
2015-05-28 10:41:50 -04:00
Nick Mathewson
9537596398
Stop looking at session->ciphers when possible
...
If the OpenSSL team accepts my patch to add an
SSL_get_client_ciphers function, this patch will make Tor use it
when available, thereby working better with openssl 1.1.
2015-05-26 11:05:36 -04:00