mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-26 15:42:34 +01:00
Code Issues Projects Releases Wiki Activity
31372 commits 53 branches 632 tags 102 MiB
Commit graph

468 commits

Author SHA1 Message Date
Nick Mathewson
824160fd82 Fix a type, and hopefully the win64 builds. 2018-09-05 09:36:15 -04:00
Nick Mathewson
dc7c979453 Add note about use of tor_memcmp() 2018-09-05 09:11:53 -04:00
Nick Mathewson
79a7fbb79b Fix a reverse-inull warning from coverity in new code. 2018-09-05 08:34:14 -04:00
Nick Mathewson
03efb67b42 Debug one last reference-counting issue that only appeared on openssl master 2018-09-04 20:46:46 -04:00
Nick Mathewson
0db5c54957 Merge branch 'nss_squashed' into nss_merge 2018-09-04 20:21:07 -04:00
Nick Mathewson
d644c93ae9 Resolve openssl-only memory leaks 2018-09-04 19:45:28 -04:00
Nick Mathewson
c50537fd94 Fix a pair of remaining leaks in tortls_nss.c 
Fun fact: PR_Close leaks memory if its socket is not valid.
 2018-09-04 19:45:21 -04:00
Nick Mathewson
274efb1263 Use FREE_AND_NULL for impl types 2018-09-04 14:52:35 -04:00
Nick Mathewson
ad94d43fc5 Port test_tortls_verify to not depend on openssl internals 2018-09-04 14:52:35 -04:00
Nick Mathewson
59c1b34b72 Remove tor_tls_check_lifetime as unused. 
Everything that might have used it, uses tor_tls_cert_is_valid() instead.
 2018-09-04 14:52:35 -04:00
Nick Mathewson
7acb8c8d18 Document winsock includes better 2018-09-04 14:52:35 -04:00
Nick Mathewson
70c27b7e39 Fix documentation of initialized fields in crypto_init.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
edbb5ef5b2 Make some additional RSA functions const 2018-09-04 14:52:35 -04:00
Nick Mathewson
600e046ed3 Rename crypto_pk_check_key(), use it more reasonably, add tests 
This function was a wrapper around RSA_check_key() in openssl, which
checks for invalid RSA private keys (like those where p or q are
composite, or where d is not the inverse of e, or where n != p*q).
We don't need a function like this in NSS, since unlike OpenSSL, NSS
won't let you import a bogus private key.

I've renamed the function and changed its return type to make it
more reasonable, and added a unit test for trying to read a key
where n != p*q.
 2018-09-04 14:52:35 -04:00
Nick Mathewson
3b5d6ef15b Unify functions for reading/writing PEM keys, to avoid duplication. 2018-09-04 14:52:35 -04:00
Nick Mathewson
f46a7eafb8 Do not leak a reference to "slot" when decoding private key. 2018-09-04 14:52:35 -04:00
Nick Mathewson
36f3bdac03 Update prefork and postfork NSS code for unit tests. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52ac539b99 Test a few more tortls.c functions 2018-09-04 14:52:35 -04:00
Nick Mathewson
7163389b55 Several unit tests to improve test coverage of x509*.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
02086a216f Remove tor_x509_get_cert_impl as unneeded. 2018-09-04 14:52:35 -04:00
Nick Mathewson
b5fddbd241 Avoid double-close on TCP sockets under NSS. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52d5f4da12 Avoid spurious error logs when using NSS 
The tls_log_errors() function now behaves differently for NSS than
it did for OpenSSL, so we need to tweak it a bit.
 2018-09-04 14:52:35 -04:00
Nick Mathewson
dd04fc35c6 Remove tor_tls_shutdown() 
This function was supposed to implement a half-duplex mode for our
TLS connections.  However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me.  It's probably best to remove it.  We can add a tested one
later if we need one in the future.
 2018-09-04 14:52:35 -04:00
Nick Mathewson
5205c7fd90 Initial NSS support for TLS. 
This is enough to get a chutney network to bootstrap, though a bunch
of work remains.
 2018-09-04 14:52:35 -04:00
Nick Mathewson
3507fead10 Merge branch 'tor_api_owning_control' 2018-09-04 11:04:21 -04:00
cypherpunks
d32b08af6f string: add string_is_utf8() helper 
Ticket #27373.
 2018-09-03 13:54:43 +00:00
rl1987
01eb164574 Reject addresses with needless trailing colon 2018-08-31 19:34:14 +03:00
rl1987
23ed863da4 Improve bracket handling in tor_addr_parse() 
* Actually check for second bracket
* Only attempt parsing IPv4 address when no brackets found
 2018-08-31 18:55:36 +03:00
Mike Perry
93ff8b411a Merge branch 'ticket25573-034' into ticket25573-master 2018-08-29 17:10:06 +00:00
Nick Mathewson
219f6ea516 Fix log.c comments about assert vs tor_assert vs raw_assert. 2018-08-28 15:58:16 -04:00
Nick Mathewson
c567b8fcb4 NSS support for x509 certs 
7 unit tests are failing at this point, but they're all TLS-related.
 2018-08-22 16:11:45 -04:00
Nick Mathewson
7c5339677f Log error strings in crypto_nss_log_errors(). 
I'll need this for debugging.
 2018-08-22 12:36:25 -04:00
Nick Mathewson
de66bd397c Merge branch 'maint-0.3.4' 2018-08-21 19:20:37 -04:00
Nick Mathewson
5245a296c5 Make some x509 functions generic; remove some fields NSS doesn't need 2018-08-21 12:25:33 -04:00
Nick Mathewson
b9ca8f2356 Extract internal-only parts of x509.h 2018-08-21 12:25:33 -04:00
Nick Mathewson
108d9879eb Extract the non-generic part of tor_tls_context_decref(). 2018-08-21 12:25:33 -04:00
Nick Mathewson
96f8e19802 Implement PBKDF2 with NSS. 
This was a gap that we left in the last commit.
 2018-08-21 12:25:33 -04:00
Nick Mathewson
6a88d8f6b4 When enabling NSS, disable OpenSSL. 
We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.

Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
   - tor-gencert
   - pbkdf2
 2018-08-21 12:25:33 -04:00
Nick Mathewson
1992c76130 Split tls modules and their tests into openssl and generic. 
Also, add a stubbed-out nss version of the modules.  The tests won't
pass with NSS yet since the NSS modules don't do anything.

This is a good patch to read with --color-moved.
 2018-08-21 12:25:33 -04:00
Nick Mathewson
91c1e88b7a Refactor some of the certificate-manipulation logic 2018-08-21 12:25:33 -04:00
Nick Mathewson
598bc78bfa Extract tortls structures into a new header; clean up a little 2018-08-21 12:25:33 -04:00
Nick Mathewson
9a4f05b05c Split X509 code out of tortls.c 2018-08-21 12:25:33 -04:00
Nick Mathewson
aa45511250 Implement RSA for NSS. 2018-08-21 12:24:08 -04:00
Nick Mathewson
b94e7de7db Refactor crypto_rsa to use pem module. 
This cleans up a lot of junk from crypto_rsa_openssl, and will
save us duplicated code in crypto_rsa_nss (when it exists).

(Actually, it already exists, but I am going to use git rebase so
that this commit precedes the creation of crypto_rsa_nss.)
 2018-08-21 12:24:08 -04:00
Nick Mathewson
9566ed6fd9 Add rudimentary support for PEM-encoding, since NSS doesn't do that. 2018-08-21 12:24:08 -04:00
Nick Mathewson
0812f1cbc2 Use a constant for "65537" 2018-08-21 12:24:08 -04:00
Nick Mathewson
824009cde5 Rename openssl-bridging functions in crypto_rsa 
These functions exist only to expose RSA keys to other places in Tor
that use OpenSSL; let's be specific about their purpose.
 2018-08-21 12:24:08 -04:00
Nick Mathewson
38212d2e40 Remove a redundant function. 2018-08-21 12:24:08 -04:00
Nick Mathewson
0f971d7c91 Rename functions that encode/decode private keys 
It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.
 2018-08-21 12:24:08 -04:00
Nick Mathewson
752ffa2197 Extract openssl RSA functionality into its own file. 2018-08-21 12:24:08 -04:00