diff options
| author | Isis Lovecruft <isis@torproject.org> | 2017-07-13 19:31:13 +0000 |
|---|---|---|
| committer | Isis Lovecruft <isis@torproject.org> | 2017-07-13 20:24:48 +0000 |
| commit | c59ba015500aba040371a6d32134cb10d045e7bd (patch) | |
| tree | fe101e8dcd56e200078c84a2cbc75745f47a6868 | |
| parent | 3aba8490ba590899b6c23071ef0b4269d8c36d37 (diff) | |
| download | tor-c59ba015500aba040371a6d32134cb10d045e7bd.tar.gz tor-c59ba015500aba040371a6d32134cb10d045e7bd.zip | |
rephist: Remove unused crypto_pk statistics.
These statistics were largely ununsed, and kept track of statistical information
on things like how many time we had done TLS or how many signatures we had
verified. This information is largely not useful, and would only be logged
after receiving a SIGUSR1 signal (but only if the logging severity level was
less than LOG_INFO).
* FIXES #19871.
* REMOVES note_crypto_pk_op(), dump_pk_op(), and pk_op_counts from
src/or/rephist.c.
* REMOVES every external call to these functions.
| -rw-r--r-- | changes/bug19871 | 4 | ||||
| -rw-r--r-- | src/or/connection_or.c | 1 | ||||
| -rw-r--r-- | src/or/dirvote.c | 1 | ||||
| -rw-r--r-- | src/or/main.c | 1 | ||||
| -rw-r--r-- | src/or/onion_tap.c | 3 | ||||
| -rw-r--r-- | src/or/rendclient.c | 1 | ||||
| -rw-r--r-- | src/or/rendmid.c | 1 | ||||
| -rw-r--r-- | src/or/rendservice.c | 3 | ||||
| -rw-r--r-- | src/or/rephist.c | 99 | ||||
| -rw-r--r-- | src/or/rephist.h | 3 | ||||
| -rw-r--r-- | src/or/router.c | 1 | ||||
| -rw-r--r-- | src/or/routerparse.c | 3 |
12 files changed, 4 insertions, 117 deletions
diff --git a/changes/bug19871 b/changes/bug19871 new file mode 100644 index 0000000000..5f1c9dc802 --- /dev/null +++ b/changes/bug19871 @@ -0,0 +1,4 @@ + o Code refactoring: + - Remove dead code for largely unused statistics on the number of + times we've attempted various public key operations. Fixes bug + 19871; fix by Isis Lovecruft. Bugfix on 0.1.2.4-alpha. diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 753148291c..051bf9a176 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1369,7 +1369,6 @@ connection_tls_start_handshake,(or_connection_t *conn, int receiving)) connection_start_reading(TO_CONN(conn)); log_debug(LD_HANDSHAKE,"starting TLS handshake on fd "TOR_SOCKET_T_FORMAT, conn->base_.s); - note_crypto_pk_op(receiving ? TLS_HANDSHAKE_S : TLS_HANDSHAKE_C); if (connection_tls_continue_handshake(conn) < 0) return -1; diff --git a/src/or/dirvote.c b/src/or/dirvote.c index 11cd020d88..c65945fea7 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -306,7 +306,6 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, signing_key_fingerprint); } - note_crypto_pk_op(SIGN_DIR); { char *sig = router_get_dirobj_signature(digest, DIGEST_LEN, private_signing_key); diff --git a/src/or/main.c b/src/or/main.c index 5fa3869ff8..7e2652cb86 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2877,7 +2877,6 @@ dumpstats(int severity) rep_hist_dump_stats(now,severity); rend_service_dump_stats(severity); - dump_pk_ops(severity); dump_distinct_digest_count(severity); } diff --git a/src/or/onion_tap.c b/src/or/onion_tap.c index 294fc0df6d..928fcaabfb 100644 --- a/src/or/onion_tap.c +++ b/src/or/onion_tap.c @@ -72,8 +72,6 @@ onion_skin_TAP_create(crypto_pk_t *dest_router_key, if (crypto_dh_get_public(dh, challenge, dhbytes)) goto err; - note_crypto_pk_op(ENC_ONIONSKIN); - /* set meeting point, meeting cookie, etc here. Leave zero for now. */ if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out, TAP_ONIONSKIN_CHALLENGE_LEN, @@ -124,7 +122,6 @@ onion_skin_TAP_server_handshake( k = i==0?private_key:prev_private_key; if (!k) break; - note_crypto_pk_op(DEC_ONIONSKIN); len = crypto_pk_private_hybrid_decrypt(k, challenge, TAP_ONIONSKIN_CHALLENGE_LEN, onion_skin, diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 3d160bdc35..441c371bac 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -286,7 +286,6 @@ rend_client_send_introduction(origin_circuit_t *introcirc, goto perm_err; } - note_crypto_pk_op(REND_CLIENT); /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg, * to avoid buffer overflows? */ r = crypto_pk_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN, diff --git a/src/or/rendmid.c b/src/or/rendmid.c index 23c3deddaa..66d2f93113 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -71,7 +71,6 @@ rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request, goto err; } /* Rest of body: signature of previous data */ - note_crypto_pk_op(REND_MID); if (crypto_pk_public_checksig_digest(pk, (char*)request, 2+asn1len+DIGEST_LEN, (char*)(request+2+DIGEST_LEN+asn1len), diff --git a/src/or/rendservice.c b/src/or/rendservice.c index b8e704e54b..4eef72c32c 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -2845,8 +2845,6 @@ rend_service_decrypt_intro( } /* Decrypt the encrypted part */ - - note_crypto_pk_op(REND_SERVER); result = crypto_pk_private_hybrid_decrypt( key, (char *)buf, sizeof(buf), @@ -3260,7 +3258,6 @@ encode_establish_intro_cell_legacy(char *cell_body_out, if (crypto_digest(cell_body_out+len, auth, DIGEST_LEN+9)) goto err; len += 20; - note_crypto_pk_op(REND_SERVER); r = crypto_pk_private_sign_digest(intro_key, cell_body_out+len, cell_body_out_len - len, cell_body_out, len); diff --git a/src/or/rephist.c b/src/or/rephist.c index 72a5cc5a9b..e65b93fa76 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -2064,105 +2064,6 @@ rep_hist_circbuilding_dormant(time_t now) return 1; } -/** Structure to track how many times we've done each public key operation. */ -static struct { - /** How many directory objects have we signed? */ - unsigned long n_signed_dir_objs; - /** How many routerdescs have we signed? */ - unsigned long n_signed_routerdescs; - /** How many directory objects have we verified? */ - unsigned long n_verified_dir_objs; - /** How many routerdescs have we verified */ - unsigned long n_verified_routerdescs; - /** How many onionskins have we encrypted to build circuits? */ - unsigned long n_onionskins_encrypted; - /** How many onionskins have we decrypted to do circuit build requests? */ - unsigned long n_onionskins_decrypted; - /** How many times have we done the TLS handshake as a client? */ - unsigned long n_tls_client_handshakes; - /** How many times have we done the TLS handshake as a server? */ - unsigned long n_tls_server_handshakes; - /** How many PK operations have we done as a hidden service client? */ - unsigned long n_rend_client_ops; - /** How many PK operations have we done as a hidden service midpoint? */ - unsigned long n_rend_mid_ops; - /** How many PK operations have we done as a hidden service provider? */ - unsigned long n_rend_server_ops; -} pk_op_counts = {0,0,0,0,0,0,0,0,0,0,0}; - -/** Increment the count of the number of times we've done <b>operation</b>. */ -void -note_crypto_pk_op(pk_op_t operation) -{ - switch (operation) - { - case SIGN_DIR: - pk_op_counts.n_signed_dir_objs++; - break; - case SIGN_RTR: - pk_op_counts.n_signed_routerdescs++; - break; - case VERIFY_DIR: - pk_op_counts.n_verified_dir_objs++; - break; - case VERIFY_RTR: - pk_op_counts.n_verified_routerdescs++; - break; - case ENC_ONIONSKIN: - pk_op_counts.n_onionskins_encrypted++; - break; - case DEC_ONIONSKIN: - pk_op_counts.n_onionskins_decrypted++; - break; - case TLS_HANDSHAKE_C: - pk_op_counts.n_tls_client_handshakes++; - break; - case TLS_HANDSHAKE_S: - pk_op_counts.n_tls_server_handshakes++; - break; - case REND_CLIENT: - pk_op_counts.n_rend_client_ops++; - break; - case REND_MID: - pk_op_counts.n_rend_mid_ops++; - break; - case REND_SERVER: - pk_op_counts.n_rend_server_ops++; - break; - default: - log_warn(LD_BUG, "Unknown pk operation %d", operation); - } -} - -/** Log the number of times we've done each public/private-key operation. */ -void -dump_pk_ops(int severity) -{ - tor_log(severity, LD_HIST, - "PK operations: %lu directory objects signed, " - "%lu directory objects verified, " - "%lu routerdescs signed, " - "%lu routerdescs verified, " - "%lu onionskins encrypted, " - "%lu onionskins decrypted, " - "%lu client-side TLS handshakes, " - "%lu server-side TLS handshakes, " - "%lu rendezvous client operations, " - "%lu rendezvous middle operations, " - "%lu rendezvous server operations.", - pk_op_counts.n_signed_dir_objs, - pk_op_counts.n_verified_dir_objs, - pk_op_counts.n_signed_routerdescs, - pk_op_counts.n_verified_routerdescs, - pk_op_counts.n_onionskins_encrypted, - pk_op_counts.n_onionskins_decrypted, - pk_op_counts.n_tls_client_handshakes, - pk_op_counts.n_tls_server_handshakes, - pk_op_counts.n_rend_client_ops, - pk_op_counts.n_rend_mid_ops, - pk_op_counts.n_rend_server_ops); -} - /*** Exit port statistics ***/ /* Some constants */ diff --git a/src/or/rephist.h b/src/or/rephist.h index 2b1c2e7ec7..8f6d46616d 100644 --- a/src/or/rephist.h +++ b/src/or/rephist.h @@ -62,9 +62,6 @@ int any_predicted_circuits(time_t now); int rep_hist_circbuilding_dormant(time_t now); int predicted_ports_prediction_time_remaining(time_t now); -void note_crypto_pk_op(pk_op_t operation); -void dump_pk_ops(int severity); - void rep_hist_exit_stats_init(time_t now); void rep_hist_reset_exit_stats(time_t now); void rep_hist_exit_stats_term(void); diff --git a/src/or/router.c b/src/or/router.c index 100c4cc949..1b81a228af 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -3009,7 +3009,6 @@ router_dump_router_to_string(routerinfo_t *router, crypto_digest_smartlist(digest, DIGEST_LEN, chunks, "", DIGEST_SHA1); - note_crypto_pk_op(SIGN_RTR); { char *sig; if (!(sig = router_get_dirobj_signature(digest, DIGEST_LEN, ident_key))) { diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 6a03194472..f4e87a00d8 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1996,7 +1996,6 @@ router_parse_entry_from_string(const char *s, const char *end, } tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE); - note_crypto_pk_op(VERIFY_RTR); #ifdef COUNT_DISTINCT_DIGESTS if (!verified_digests) verified_digests = digestmap_new(); @@ -2231,7 +2230,6 @@ extrainfo_parse_entry_from_string(const char *s, const char *end, } if (key) { - note_crypto_pk_op(VERIFY_RTR); if (check_signature_token(digest, DIGEST_LEN, tok, key, 0, "extra-info") < 0) goto err; @@ -5288,7 +5286,6 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out, } /* Parse and verify signature. */ tok = find_by_keyword(tokens, R_SIGNATURE); - note_crypto_pk_op(VERIFY_RTR); if (check_signature_token(desc_hash, DIGEST_LEN, tok, result->pk, 0, "v2 rendezvous service descriptor") < 0) goto err; |