mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-26 15:42:34 +01:00
Code Issues Projects Releases Wiki Activity
33619 commits 53 branches 632 tags 102 MiB
Commit graph

789 commits

Author SHA1 Message Date
Nick Mathewson
219f6ea516 Fix log.c comments about assert vs tor_assert vs raw_assert. 2018-08-28 15:58:16 -04:00
Nick Mathewson
c567b8fcb4 NSS support for x509 certs 
7 unit tests are failing at this point, but they're all TLS-related.
 2018-08-22 16:11:45 -04:00
Nick Mathewson
7c5339677f Log error strings in crypto_nss_log_errors(). 
I'll need this for debugging.
 2018-08-22 12:36:25 -04:00
Nick Mathewson
de66bd397c Merge branch 'maint-0.3.4' 2018-08-21 19:20:37 -04:00
Nick Mathewson
5245a296c5 Make some x509 functions generic; remove some fields NSS doesn't need 2018-08-21 12:25:33 -04:00
Nick Mathewson
b9ca8f2356 Extract internal-only parts of x509.h 2018-08-21 12:25:33 -04:00
Nick Mathewson
108d9879eb Extract the non-generic part of tor_tls_context_decref(). 2018-08-21 12:25:33 -04:00
Nick Mathewson
96f8e19802 Implement PBKDF2 with NSS. 
This was a gap that we left in the last commit.
 2018-08-21 12:25:33 -04:00
Nick Mathewson
6a88d8f6b4 When enabling NSS, disable OpenSSL. 
We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.

Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
   - tor-gencert
   - pbkdf2
 2018-08-21 12:25:33 -04:00
Nick Mathewson
1992c76130 Split tls modules and their tests into openssl and generic. 
Also, add a stubbed-out nss version of the modules.  The tests won't
pass with NSS yet since the NSS modules don't do anything.

This is a good patch to read with --color-moved.
 2018-08-21 12:25:33 -04:00
Nick Mathewson
91c1e88b7a Refactor some of the certificate-manipulation logic 2018-08-21 12:25:33 -04:00
Nick Mathewson
598bc78bfa Extract tortls structures into a new header; clean up a little 2018-08-21 12:25:33 -04:00
Nick Mathewson
9a4f05b05c Split X509 code out of tortls.c 2018-08-21 12:25:33 -04:00
Nick Mathewson
aa45511250 Implement RSA for NSS. 2018-08-21 12:24:08 -04:00
Nick Mathewson
b94e7de7db Refactor crypto_rsa to use pem module. 
This cleans up a lot of junk from crypto_rsa_openssl, and will
save us duplicated code in crypto_rsa_nss (when it exists).

(Actually, it already exists, but I am going to use git rebase so
that this commit precedes the creation of crypto_rsa_nss.)
 2018-08-21 12:24:08 -04:00
Nick Mathewson
9566ed6fd9 Add rudimentary support for PEM-encoding, since NSS doesn't do that. 2018-08-21 12:24:08 -04:00
Nick Mathewson
0812f1cbc2 Use a constant for "65537" 2018-08-21 12:24:08 -04:00
Nick Mathewson
824009cde5 Rename openssl-bridging functions in crypto_rsa 
These functions exist only to expose RSA keys to other places in Tor
that use OpenSSL; let's be specific about their purpose.
 2018-08-21 12:24:08 -04:00
Nick Mathewson
38212d2e40 Remove a redundant function. 2018-08-21 12:24:08 -04:00
Nick Mathewson
0f971d7c91 Rename functions that encode/decode private keys 
It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.
 2018-08-21 12:24:08 -04:00
Nick Mathewson
752ffa2197 Extract openssl RSA functionality into its own file. 2018-08-21 12:24:08 -04:00
rl1987
5ab2110eb6 Rework predicted_ports_prediction_time_remaining() to fix CID 1438153 2018-08-19 21:03:01 +03:00
Unto Sten
ba3c785092 Inform users about configuration file and directory includes 
This patch makes it clearer to users what settings Tor daemon
is actually using. I think it is pretty important.
 2018-08-17 14:08:59 +03:00
Nick Mathewson
e56f0c9d33 Adjust windows stubs for new start/finish_daemon() return types 2018-08-14 16:44:59 -04:00
Nick Mathewson
a57c27a1c7 Call crypto_postfork on start_daemon() instead. 2018-08-08 17:32:26 -04:00
Nick Mathewson
622a2c6bee Make finish_daemon() return a boolean to say whether it did anything. 2018-08-08 16:59:53 -04:00
Nick Mathewson
26f1167e71 Merge branch 'bug26779_033' into bug26779_035 2018-08-08 15:50:29 -04:00
Nick Mathewson
7787150521 Merge branch 'maint-0.3.4' 2018-08-08 09:26:23 -04:00
Nick Mathewson
622a057e7e Merge remote-tracking branch 'public/string_coverage' 2018-08-03 07:03:29 -04:00
Nick Mathewson
f83b417bf8 Suppress strict-prototypes warning in crypto_nss_mgt.c 2018-08-02 08:41:33 -04:00
Nick Mathewson
727f1676d6 Fix double-link of crypto_openssl_mgt.c 2018-08-02 08:38:59 -04:00
Nick Mathewson
b590cc0449 Add a cast to make clang happier. 2018-08-02 08:36:24 -04:00
Nick Mathewson
ff7229b32c Document new helper functions in socketpair.c 2018-08-01 11:01:52 -04:00
Nick Mathewson
1b7b9c7e63 Reindent tor_ersatz_socketpair 2018-08-01 11:01:52 -04:00
Nick Mathewson
fc0dc5aa9e Refactor tor_ersatz_socketpair() not to need socket. 
This change also makes tor_ersatz_socketpair() follow the same
interface as socketpair() rather than tor_socketpair(), so it now
needs to be wrapped in the same code as socketpair() does.
 2018-08-01 11:01:52 -04:00
Nick Mathewson
9b24609af0 Remove dependency from socketpair.c on address.h 
Also refactor some annoying code in tor_ersatz_socketpair.
 2018-08-01 09:24:22 -04:00
Nick Mathewson
2884639ad6 Extract tor_ersatz_socketpair into a new c file 
I'm doing this because I want to make it a lower-level function
again, so that we can use it without linking in the rest of the
universe.
 2018-08-01 08:47:27 -04:00
Nick Mathewson
a4c0a0e81e Fix issues with crypto_ope compilation now that crypto.h is gone 2018-07-31 19:56:42 -04:00
Nick Mathewson
fdaa483098 Merge branch 'nss_dh_squashed' into nss_dh_squashed_merged 2018-07-31 19:56:23 -04:00
Nick Mathewson
17f922d371 Only link crypto_dh_openssl.c once 
(We do this unconditionally, since we still need it for tortls.c)
 2018-07-31 19:46:00 -04:00
Nick Mathewson
17ea931ac7 Implement DH in NSS. 2018-07-31 19:46:00 -04:00
Nick Mathewson
32bbc8f6b5 Refactor the dependency between tortls and crypto_dh. 
We only ever need this to get us a DH ephemeral key object,
so make a function that does just that.
 2018-07-31 19:46:00 -04:00
Nick Mathewson
ac9a470c64 Extract the shared part of crypto_dh_compute_secret. 2018-07-31 19:46:00 -04:00
Nick Mathewson
60a5b78480 Extract the OpenSSL DH functionality to a new file. 2018-07-31 19:46:00 -04:00
Nick Mathewson
2d80673b9a Fix "make distcheck." 2018-07-31 19:46:00 -04:00
Nick Mathewson
76e10ee6b9 Use NSS for AES_CTR. 2018-07-31 19:46:00 -04:00
Nick Mathewson
60705a5719 Use NSS in crypto_rand.c 
This is comparatively straightforward too, except for a couple of
twists:

   * For as long as we're building with two crypto libraries, we
     want to seed _both_ their RNGs, and use _both_ their RNGs to
     improve the output of crypto_strongest_rand()

   * The NSS prng will sometimes refuse to generate huge outputs.
     When it does, we stretch the output with SHAKE.  We only need
     this for the tests.
 2018-07-31 19:46:00 -04:00
Nick Mathewson
f64c9dccde Use NSS's digest code in Tor. 
This was a fairly straightforward port, once I realized which layer
I should be calling into.
 2018-07-31 19:46:00 -04:00
teor
e26794ace9 Add TOR_PRIdSZ to torint.h 2018-07-31 11:21:28 +10:00
Nick Mathewson
acb54dee7b Remove a now-obsolete comment about deadcode_dummy__ 2018-07-30 09:09:10 -04:00