summaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
Diffstat (limited to 'src/common')
-rw-r--r--src/common/address.c243
-rw-r--r--src/common/address.h45
-rw-r--r--src/common/aes.c48
-rw-r--r--src/common/backtrace.c22
-rw-r--r--src/common/backtrace.h2
-rw-r--r--src/common/compat.c255
-rw-r--r--src/common/compat.h60
-rw-r--r--src/common/compat_libevent.c88
-rw-r--r--src/common/compat_libevent.h7
-rw-r--r--src/common/compat_pthreads.c52
-rw-r--r--src/common/compat_threads.c21
-rw-r--r--src/common/compat_threads.h36
-rw-r--r--src/common/compat_winthreads.c47
-rw-r--r--src/common/container.c19
-rw-r--r--src/common/container.h10
-rw-r--r--src/common/crypto.c850
-rw-r--r--src/common/crypto.h39
-rw-r--r--src/common/crypto_curve25519.c209
-rw-r--r--src/common/crypto_curve25519.h15
-rw-r--r--src/common/crypto_ed25519.c362
-rw-r--r--src/common/crypto_ed25519.h18
-rw-r--r--src/common/crypto_format.c203
-rw-r--r--src/common/crypto_format.h46
-rw-r--r--src/common/include.am40
-rw-r--r--src/common/log.c122
-rw-r--r--src/common/sandbox.c15
-rw-r--r--src/common/sandbox.h3
-rw-r--r--src/common/torlog.h67
-rw-r--r--src/common/tortls.c621
-rw-r--r--src/common/tortls.h35
-rw-r--r--src/common/util.c259
-rw-r--r--src/common/util.h20
-rw-r--r--src/common/util_codedigest.c13
-rw-r--r--src/common/util_format.c528
-rw-r--r--src/common/util_format.h33
-rw-r--r--src/common/workqueue.c39
-rw-r--r--src/common/workqueue.h19
37 files changed, 2660 insertions, 1851 deletions
diff --git a/src/common/address.c b/src/common/address.c
index 42a116a91e..cfa8fd1dca 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -10,19 +10,34 @@
#define ADDRESS_PRIVATE
+#include "orconfig.h"
+
#ifdef _WIN32
/* For access to structs needed by GetAdaptersAddresses */
-#undef _WIN32_WINNT
-#define _WIN32_WINNT 0x0501
-#include <process.h>
+#ifndef WIN32_LEAN_AND_MEAN
+#error "orconfig.h didn't define WIN32_LEAN_AND_MEAN"
+#endif
+#ifndef WINVER
+#error "orconfig.h didn't define WINVER"
+#endif
+#ifndef _WIN32_WINNT
+#error "orconfig.h didn't define _WIN32_WINNT"
+#endif
+#if WINVER < 0x0501
+#error "winver too low"
+#endif
+#if _WIN32_WINNT < 0x0501
+#error "winver too low"
+#endif
#include <winsock2.h>
+#include <process.h>
#include <windows.h>
#include <iphlpapi.h>
#endif
-#include "orconfig.h"
#include "compat.h"
#include "util.h"
+#include "util_format.h"
#include "address.h"
#include "torlog.h"
#include "container.h"
@@ -605,13 +620,20 @@ tor_addr_to_PTR_name(char *out, size_t outlen,
* yield an IPv4 wildcard.
*
* If 'flags & TAPMP_EXTENDED_STAR' is true, then the wildcard address '*'
- * yields an AF_UNSPEC wildcard address, and the following change is made
+ * yields an AF_UNSPEC wildcard address, which expands to corresponding
+ * wildcard IPv4 and IPv6 rules, and the following change is made
* in the grammar above:
* Address ::= IPv4Address / "[" IPv6Address "]" / "*" / "*4" / "*6"
* with the new "*4" and "*6" productions creating a wildcard to match
* IPv4 or IPv6 addresses.
*
- */
+ * If 'flags & TAPMP_EXTENDED_STAR' and 'flags & TAPMP_STAR_IPV4_ONLY' are
+ * both true, then the wildcard address '*' yields an IPv4 wildcard.
+ *
+ * If 'flags & TAPMP_EXTENDED_STAR' and 'flags & TAPMP_STAR_IPV6_ONLY' are
+ * both true, then the wildcard address '*' yields an IPv6 wildcard.
+ *
+ * TAPMP_STAR_IPV4_ONLY and TAPMP_STAR_IPV6_ONLY are mutually exclusive. */
int
tor_addr_parse_mask_ports(const char *s,
unsigned flags,
@@ -628,6 +650,10 @@ tor_addr_parse_mask_ports(const char *s,
tor_assert(s);
tor_assert(addr_out);
+ /* We can either only want an IPv4 address or only want an IPv6 address,
+ * but we can't only want IPv4 & IPv6 at the same time. */
+ tor_assert(!((flags & TAPMP_STAR_IPV4_ONLY)
+ && (flags & TAPMP_STAR_IPV6_ONLY)));
/** Longest possible length for an address, mask, and port-range combination.
* Includes IP, [], /mask, :, ports */
@@ -673,8 +699,21 @@ tor_addr_parse_mask_ports(const char *s,
if (!strcmp(address, "*")) {
if (flags & TAPMP_EXTENDED_STAR) {
- family = AF_UNSPEC;
- tor_addr_make_unspec(addr_out);
+ if (flags & TAPMP_STAR_IPV4_ONLY) {
+ family = AF_INET;
+ tor_addr_from_ipv4h(addr_out, 0);
+ } else if (flags & TAPMP_STAR_IPV6_ONLY) {
+ static char nil_bytes[16] = { [0]=0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 };
+ family = AF_INET6;
+ tor_addr_from_ipv6_bytes(addr_out, nil_bytes);
+ } else {
+ family = AF_UNSPEC;
+ tor_addr_make_unspec(addr_out);
+ log_info(LD_GENERAL,
+ "'%s' expands into rules which apply to all IPv4 and IPv6 "
+ "addresses. (Use accept/reject *4:* for IPv4 or "
+ "accept[6]/reject[6] *6:* for IPv6.)", s);
+ }
} else {
family = AF_INET;
tor_addr_from_ipv4h(addr_out, 0);
@@ -1467,8 +1506,8 @@ get_interface_addresses_ioctl(int severity)
* Return a new smartlist of tor_addr_t on success, and NULL on failure.
* (An empty smartlist indicates that we successfully learned that we have no
* addresses.) Log failure messages at <b>severity</b>. */
-STATIC smartlist_t *
-get_interface_addresses_raw(int severity)
+MOCK_IMPL(smartlist_t *,
+get_interface_addresses_raw,(int severity))
{
smartlist_t *result = NULL;
#if defined(HAVE_IFADDRS_TO_SMARTLIST)
@@ -1488,7 +1527,7 @@ get_interface_addresses_raw(int severity)
}
/** Return true iff <b>a</b> is a multicast address. */
-static int
+STATIC int
tor_addr_is_multicast(const tor_addr_t *a)
{
sa_family_t family = tor_addr_family(a);
@@ -1504,47 +1543,22 @@ tor_addr_is_multicast(const tor_addr_t *a)
return 0;
}
-/** Set *<b>addr</b> to the IP address (if any) of whatever interface
- * connects to the Internet. This address should only be used in checking
- * whether our address has changed. Return 0 on success, -1 on failure.
+/** Attempt to retrieve IP address of current host by utilizing some
+ * UDP socket trickery. Only look for address of given <b>family</b>.
+ * Set result to *<b>addr</b>. Return 0 on success, -1 on failure.
*/
MOCK_IMPL(int,
-get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
+get_interface_address6_via_udp_socket_hack,(int severity,
+ sa_family_t family,
+ tor_addr_t *addr))
{
- /* XXX really, this function should yield a smartlist of addresses. */
- smartlist_t *addrs;
- int sock=-1, r=-1;
struct sockaddr_storage my_addr, target_addr;
+ int sock=-1, r=-1;
socklen_t addr_len;
- tor_assert(addr);
-
- /* Try to do this the smart way if possible. */
- if ((addrs = get_interface_addresses_raw(severity))) {
- int rv = -1;
- SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) {
- if (family != AF_UNSPEC && family != tor_addr_family(a))
- continue;
- if (tor_addr_is_loopback(a) ||
- tor_addr_is_multicast(a))
- continue;
-
- tor_addr_copy(addr, a);
- rv = 0;
-
- /* If we found a non-internal address, declare success. Otherwise,
- * keep looking. */
- if (!tor_addr_is_internal(a, 0))
- break;
- } SMARTLIST_FOREACH_END(a);
- SMARTLIST_FOREACH(addrs, tor_addr_t *, a, tor_free(a));
- smartlist_free(addrs);
- return rv;
- }
-
- /* Okay, the smart way is out. */
memset(addr, 0, sizeof(tor_addr_t));
memset(&target_addr, 0, sizeof(target_addr));
+
/* Don't worry: no packets are sent. We just need to use a real address
* on the actual Internet. */
if (family == AF_INET6) {
@@ -1566,6 +1580,7 @@ get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
} else {
return -1;
}
+
if (sock < 0) {
int e = tor_socket_errno(-1);
log_fn(severity, LD_NET, "unable to create socket: %s",
@@ -1573,27 +1588,146 @@ get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
goto err;
}
- if (connect(sock,(struct sockaddr *)&target_addr, addr_len) < 0) {
+ if (tor_connect_socket(sock,(struct sockaddr *)&target_addr,
+ addr_len) < 0) {
int e = tor_socket_errno(sock);
log_fn(severity, LD_NET, "connect() failed: %s", tor_socket_strerror(e));
goto err;
}
- if (getsockname(sock,(struct sockaddr*)&my_addr, &addr_len)) {
+ if (tor_getsockname(sock,(struct sockaddr*)&my_addr, &addr_len)) {
int e = tor_socket_errno(sock);
log_fn(severity, LD_NET, "getsockname() to determine interface failed: %s",
tor_socket_strerror(e));
goto err;
}
- tor_addr_from_sockaddr(addr, (struct sockaddr*)&my_addr, NULL);
- r=0;
+ if (tor_addr_from_sockaddr(addr, (struct sockaddr*)&my_addr, NULL) == 0) {
+ if (tor_addr_is_loopback(addr) || tor_addr_is_multicast(addr)) {
+ log_fn(severity, LD_NET, "Address that we determined via UDP socket"
+ " magic is unsuitable for public comms.");
+ } else {
+ r=0;
+ }
+ }
+
err:
if (sock >= 0)
tor_close_socket(sock);
+ if (r == -1)
+ memset(addr, 0, sizeof(tor_addr_t));
return r;
}
+/** Set *<b>addr</b> to an arbitrary IP address (if any) of an interface that
+ * connects to the Internet. Prefer public IP addresses to internal IP
+ * addresses. This address should only be used in checking whether our
+ * address has changed, as it may be an internal IP address. Return 0 on
+ * success, -1 on failure.
+ * Prefer get_interface_address6_list for a list of all addresses on all
+ * interfaces which connect to the Internet.
+ */
+MOCK_IMPL(int,
+get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
+{
+ smartlist_t *addrs;
+ int rv = -1;
+ tor_assert(addr);
+
+ memset(addr, 0, sizeof(tor_addr_t));
+
+ /* Get a list of public or internal IPs in arbitrary order */
+ addrs = get_interface_address6_list(severity, family, 1);
+
+ /* Find the first non-internal address, or the last internal address
+ * Ideally, we want the default route, see #12377 for details */
+ SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) {
+ tor_addr_copy(addr, a);
+ rv = 0;
+
+ /* If we found a non-internal address, declare success. Otherwise,
+ * keep looking. */
+ if (!tor_addr_is_internal(a, 0))
+ break;
+ } SMARTLIST_FOREACH_END(a);
+
+ free_interface_address6_list(addrs);
+ return rv;
+}
+
+/** Free a smartlist of IP addresses returned by get_interface_address6_list.
+ */
+void
+free_interface_address6_list(smartlist_t *addrs)
+{
+ if (addrs != NULL) {
+ SMARTLIST_FOREACH(addrs, tor_addr_t *, a, tor_free(a));
+ smartlist_free(addrs);
+ }
+}
+
+/** Return a smartlist of the IP addresses of type family from all interfaces
+ * on the server. Excludes loopback and multicast addresses. Only includes
+ * internal addresses if include_internal is true. (Note that a relay behind
+ * NAT may use an internal address to connect to the Internet.)
+ * An empty smartlist means that there are no addresses of the selected type
+ * matching these criteria.
+ * Returns NULL on failure.
+ * Use free_interface_address6_list to free the returned list.
+ */
+MOCK_IMPL(smartlist_t *,get_interface_address6_list,(int severity,
+ sa_family_t family,
+ int include_internal))
+{
+ smartlist_t *addrs;
+ tor_addr_t addr;
+
+ /* Try to do this the smart way if possible. */
+ if ((addrs = get_interface_addresses_raw(severity))) {
+ SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a)
+ {
+ if (family != AF_UNSPEC && family != tor_addr_family(a)) {
+ SMARTLIST_DEL_CURRENT(addrs, a);
+ tor_free(a);
+ continue;
+ }
+
+ if (tor_addr_is_loopback(a) ||
+ tor_addr_is_multicast(a)) {
+ SMARTLIST_DEL_CURRENT(addrs, a);
+ tor_free(a);
+ continue;
+ }
+
+ if (!include_internal && tor_addr_is_internal(a, 0)) {
+ SMARTLIST_DEL_CURRENT(addrs, a);
+ tor_free(a);
+ continue;
+ }
+ } SMARTLIST_FOREACH_END(a);
+ }
+
+ if (addrs && smartlist_len(addrs) > 0) {
+ return addrs;
+ }
+
+ /* if we removed all entries as unsuitable */
+ if (addrs) {
+ smartlist_free(addrs);
+ }
+
+ /* Okay, the smart way is out. */
+ if (get_interface_address6_via_udp_socket_hack(severity,family,&addr))
+ return smartlist_new();
+ if (!include_internal && tor_addr_is_internal(&addr, 0)) {
+ return smartlist_new();
+ } else {
+ addrs = smartlist_new();
+ smartlist_add(addrs, tor_dup_addr(&addr));
+ return addrs;
+ }
+}
+
/* ======
* IPv4 helpers
* XXXX024 IPv6 deprecate some of these.
@@ -1833,10 +1967,13 @@ tor_dup_ip(uint32_t addr)
}
/**
- * Set *<b>addr</b> to the host-order IPv4 address (if any) of whatever
- * interface connects to the Internet. This address should only be used in
- * checking whether our address has changed. Return 0 on success, -1 on
- * failure.
+ * Set *<b>addr</b> to a host-order IPv4 address (if any) of an
+ * interface that connects to the Internet. Prefer public IP addresses to
+ * internal IP addresses. This address should only be used in checking
+ * whether our address has changed, as it may be an internal IPv4 address.
+ * Return 0 on success, -1 on failure.
+ * Prefer get_interface_address_list6 for a list of all IPv4 and IPv6
+ * addresses on all interfaces which connect to the Internet.
*/
MOCK_IMPL(int,
get_interface_address,(int severity, uint32_t *addr))
@@ -1844,6 +1981,8 @@ get_interface_address,(int severity, uint32_t *addr))
tor_addr_t local_addr;
int r;
+ memset(addr, 0, sizeof(uint32_t));
+
r = get_interface_address6(severity, AF_INET, &local_addr);
if (r>=0)
*addr = tor_addr_to_ipv4h(&local_addr);
diff --git a/src/common/address.h b/src/common/address.h
index df835e917a..d2841e1c9d 100644
--- a/src/common/address.h
+++ b/src/common/address.h
@@ -15,6 +15,7 @@
#include "orconfig.h"
#include "torint.h"
#include "compat.h"
+#include "container.h"
#ifdef ADDRESS_PRIVATE
@@ -43,7 +44,6 @@
#endif
// TODO win32 specific includes
-#include "container.h"
#endif // ADDRESS_PRIVATE
/** The number of bits from an address to consider while doing a masked
@@ -190,8 +190,13 @@ char *tor_dup_addr(const tor_addr_t *addr) ATTR_MALLOC;
const char *fmt_addr_impl(const tor_addr_t *addr, int decorate);
const char *fmt_addrport(const tor_addr_t *addr, uint16_t port);
const char * fmt_addr32(uint32_t addr);
+
MOCK_DECL(int,get_interface_address6,(int severity, sa_family_t family,
tor_addr_t *addr));
+void free_interface_address6_list(smartlist_t * addrs);
+MOCK_DECL(smartlist_t *,get_interface_address6_list,(int severity,
+ sa_family_t family,
+ int include_internal));
/** Flag to specify how to do a comparison between addresses. In an "exact"
* comparison, addresses are equivalent only if they are in the same family
@@ -227,7 +232,19 @@ int tor_addr_parse_PTR_name(tor_addr_t *result, const char *address,
int tor_addr_port_lookup(const char *s, tor_addr_t *addr_out,
uint16_t *port_out);
+
+/* Does the address * yield an AF_UNSPEC wildcard address (1),
+ * which expands to corresponding wildcard IPv4 and IPv6 rules, and do we
+ * allow *4 and *6 for IPv4 and IPv6 wildcards, respectively;
+ * or does the address * yield IPv4 wildcard address (0). */
#define TAPMP_EXTENDED_STAR 1
+/* Does the address * yield an IPv4 wildcard address rule (1);
+ * or does it yield wildcard IPv4 and IPv6 rules (0) */
+#define TAPMP_STAR_IPV4_ONLY (1 << 1)
+/* Does the address * yield an IPv6 wildcard address rule (1);
+ * or does it yield wildcard IPv4 and IPv6 rules (0) */
+#define TAPMP_STAR_IPV6_ONLY (1 << 2)
+/* TAPMP_STAR_IPV4_ONLY and TAPMP_STAR_IPV6_ONLY are mutually exclusive. */
int tor_addr_parse_mask_ports(const char *s, unsigned flags,
tor_addr_t *addr_out, maskbits_t *mask_out,
uint16_t *port_min_out, uint16_t *port_max_out);
@@ -269,11 +286,35 @@ int addr_mask_get_bits(uint32_t mask);
int tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len);
char *tor_dup_ip(uint32_t addr) ATTR_MALLOC;
MOCK_DECL(int,get_interface_address,(int severity, uint32_t *addr));
+/** Free a smartlist of IP addresses returned by get_interface_address_list.
+ */
+static INLINE void
+free_interface_address_list(smartlist_t *addrs)
+{
+ free_interface_address6_list(addrs);
+}
+/** Return a smartlist of the IPv4 addresses of all interfaces on the server.
+ * Excludes loopback and multicast addresses. Only includes internal addresses
+ * if include_internal is true. (Note that a relay behind NAT may use an
+ * internal address to connect to the Internet.)
+ * An empty smartlist means that there are no IPv4 addresses.
+ * Returns NULL on failure.
+ * Use free_interface_address_list to free the returned list.
+ */
+static INLINE smartlist_t *
+get_interface_address_list(int severity, int include_internal)
+{
+ return get_interface_address6_list(severity, AF_INET, include_internal);
+}
tor_addr_port_t *tor_addr_port_new(const tor_addr_t *addr, uint16_t port);
#ifdef ADDRESS_PRIVATE
-STATIC smartlist_t *get_interface_addresses_raw(int severity);
+MOCK_DECL(smartlist_t *,get_interface_addresses_raw,(int severity));
+STATIC int tor_addr_is_multicast(const tor_addr_t *a);
+MOCK_DECL(int,get_interface_address6_via_udp_socket_hack,(int severity,
+ sa_family_t family,
+ tor_addr_t *addr));
#ifdef HAVE_IFADDRS_TO_SMARTLIST
STATIC smartlist_t *ifaddrs_to_smartlist(const struct ifaddrs *ifa);
diff --git a/src/common/aes.c b/src/common/aes.c
index 7651f1d93a..5f2c3f2f03 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -12,31 +12,24 @@
#include "orconfig.h"
#ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/
- #ifndef _WIN32_WINNT
- #define _WIN32_WINNT 0x0501
- #endif
- #define WIN32_LEAN_AND_MEAN
- #if defined(_MSC_VER) && (_MSC_VER < 1300)
- #include <winsock.h>
- #else
- #include <winsock2.h>
- #include <ws2tcpip.h>
- #endif
+ #include <winsock2.h>
+ #include <ws2tcpip.h>
#endif
#include <openssl/opensslv.h>
+#include "crypto.h"
+
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
+#error "We require OpenSSL >= 1.0.0"
+#endif
+
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
-#include "crypto.h"
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
-/* See comments about which counter mode implementation to use below. */
#include <openssl/modes.h>
-#define CAN_USE_OPENSSL_CTR
-#endif
#include "compat.h"
#include "aes.h"
#include "util.h"
@@ -189,11 +182,9 @@ struct aes_cnt_cipher {
* we're testing it or because we have hardware acceleration configured */
static int should_use_EVP = 0;
-#ifdef CAN_USE_OPENSSL_CTR
/** True iff we have tested the counter-mode implementation and found that it
* doesn't have the counter-mode bug from OpenSSL 1.0.0. */
static int should_use_openssl_CTR = 0;
-#endif
/** Check whether we should use the EVP interface for AES. If <b>force_val</b>
* is nonnegative, we use use EVP iff it is true. Otherwise, we use EVP
@@ -235,7 +226,6 @@ evaluate_evp_for_aes(int force_val)
int
evaluate_ctr_for_aes(void)
{
-#ifdef CAN_USE_OPENSSL_CTR
/* Result of encrypting an all-zero block with an all-zero 128-bit AES key.
* This should be the same as encrypting an all-zero block with an all-zero
* 128-bit AES key in counter mode, starting at position 0 of the stream.
@@ -268,10 +258,6 @@ evaluate_ctr_for_aes(void)
"mode; using it.");
should_use_openssl_CTR = 1;
}
-#else
- log_info(LD_CRYPTO, "This version of OpenSSL has a slow implementation of "
- "counter mode; not using it.");
-#endif
return 0;
}
@@ -331,7 +317,7 @@ static void
aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
{
if (should_use_EVP) {
- const EVP_CIPHER *c;
+ const EVP_CIPHER *c = 0;
switch (key_bits) {
case 128: c = EVP_aes_128_ecb(); break;
case 192: c = EVP_aes_192_ecb(); break;
@@ -356,11 +342,9 @@ aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
cipher->pos = 0;
-#ifdef CAN_USE_OPENSSL_CTR
if (should_use_openssl_CTR)
memset(cipher->buf, 0, sizeof(cipher->buf));
else
-#endif
aes_fill_buf_(cipher);
}
@@ -386,7 +370,6 @@ aes_cipher_free(aes_cnt_cipher_t *cipher)
#define UPDATE_CTR_BUF(c, n)
#endif
-#ifdef CAN_USE_OPENSSL_CTR
/* Helper function to use EVP with openssl's counter-mode wrapper. */
static void
evp_block128_fn(const uint8_t in[16],
@@ -397,7 +380,6 @@ evp_block128_fn(const uint8_t in[16],
int inl=16, outl=16;
EVP_EncryptUpdate(ctx, out, &outl, in, inl);
}
-#endif
/** Encrypt <b>len</b> bytes from <b>input</b>, storing the result in
* <b>output</b>. Uses the key in <b>cipher</b>, and advances the counter
@@ -407,7 +389,6 @@ void
aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
char *output)
{
-#ifdef CAN_USE_OPENSSL_CTR
if (should_use_openssl_CTR) {
if (cipher->using_evp) {
/* In openssl 1.0.0, there's an if'd out EVP_aes_128_ctr in evp.h. If
@@ -431,9 +412,7 @@ aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
&cipher->pos);
}
return;
- } else
-#endif
- {
+ } else {
int c = cipher->pos;
if (PREDICT_UNLIKELY(!len)) return;
@@ -466,13 +445,10 @@ aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
void
aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len)
{
-#ifdef CAN_USE_OPENSSL_CTR
if (should_use_openssl_CTR) {
aes_crypt(cipher, data, len, data);
return;
- } else
-#endif
- {
+ } else {
int c = cipher->pos;
if (PREDICT_UNLIKELY(!len)) return;
@@ -512,9 +488,7 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv)
cipher->pos = 0;
memcpy(cipher->ctr_buf.buf, iv, 16);
-#ifdef CAN_USE_OPENSSL_CTR
if (!should_use_openssl_CTR)
-#endif
aes_fill_buf_(cipher);
}
diff --git a/src/common/backtrace.c b/src/common/backtrace.c
index a2d5378b20..bed0442471 100644
--- a/src/common/backtrace.c
+++ b/src/common/backtrace.c
@@ -62,16 +62,16 @@ static tor_mutex_t cb_buf_mutex;
* ucontext_t structure.
*/
void
-clean_backtrace(void **stack, int depth, const ucontext_t *ctx)
+clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx)
{
#ifdef PC_FROM_UCONTEXT
#if defined(__linux__)
- const int n = 1;
+ const size_t n = 1;
#elif defined(__darwin__) || defined(__APPLE__) || defined(__OpenBSD__) \
|| defined(__FreeBSD__)
- const int n = 2;
+ const size_t n = 2;
#else
- const int n = 1;
+ const size_t n = 1;
#endif
if (depth <= n)
return;
@@ -89,14 +89,14 @@ clean_backtrace(void **stack, int depth, const ucontext_t *ctx)
void
log_backtrace(int severity, int domain, const char *msg)
{
- int depth;
+ size_t depth;
char **symbols;
- int i;
+ size_t i;
tor_mutex_acquire(&cb_buf_mutex);
depth = backtrace(cb_buf, MAX_DEPTH);
- symbols = backtrace_symbols(cb_buf, depth);
+ symbols = backtrace_symbols(cb_buf, (int)depth);
tor_log(severity, domain, "%s. Stack trace:", msg);
if (!symbols) {
@@ -120,7 +120,7 @@ static void
crash_handler(int sig, siginfo_t *si, void *ctx_)
{
char buf[40];
- int depth;
+ size_t depth;
ucontext_t *ctx = (ucontext_t *) ctx_;
int n_fds, i;
const int *fds = NULL;
@@ -139,7 +139,7 @@ crash_handler(int sig, siginfo_t *si, void *ctx_)
n_fds = tor_log_get_sigsafe_err_fds(&fds);
for (i=0; i < n_fds; ++i)
- backtrace_symbols_fd(cb_buf, depth, fds[i]);
+ backtrace_symbols_fd(cb_buf, (int)depth, fds[i]);
abort();
}
@@ -174,8 +174,8 @@ install_bt_handler(void)
* libc has pre-loaded the symbols we need to dump things, so that later
* reads won't be denied by the sandbox code */
char **symbols;
- int depth = backtrace(cb_buf, MAX_DEPTH);
- symbols = backtrace_symbols(cb_buf, depth);
+ size_t depth = backtrace(cb_buf, MAX_DEPTH);
+ symbols = backtrace_symbols(cb_buf, (int) depth);
if (symbols)
free(symbols);
}
diff --git a/src/common/backtrace.h b/src/common/backtrace.h
index a9151d7956..838e18eedd 100644
--- a/src/common/backtrace.h
+++ b/src/common/backtrace.h
@@ -13,7 +13,7 @@ void clean_up_backtrace_handler(void);
#ifdef EXPOSE_CLEAN_BACKTRACE
#if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \
defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION)
-void clean_backtrace(void **stack, int depth, const ucontext_t *ctx);
+void clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx);
#endif
#endif
diff --git a/src/common/compat.c b/src/common/compat.c
index 1788e32ee3..98879c82c2 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -27,6 +27,7 @@
#include "compat.h"
#ifdef _WIN32
+#include <winsock2.h>
#include <windows.h>
#include <sys/locking.h>
#endif
@@ -67,6 +68,34 @@
#ifdef HAVE_CRT_EXTERNS_H
#include <crt_externs.h>
#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+
+#ifdef _WIN32
+#include <conio.h>
+#include <wchar.h>
+/* Some mingw headers lack these. :p */
+#if defined(HAVE_DECL__GETWCH) && !HAVE_DECL__GETWCH
+wint_t _getwch(void);
+#endif
+#ifndef WEOF
+#define WEOF (wchar_t)(0xFFFF)
+#endif
+#if defined(HAVE_DECL_SECUREZEROMEMORY) && !HAVE_DECL_SECUREZEROMEMORY
+static inline void
+SecureZeroMemory(PVOID ptr, SIZE_T cnt)
+{
+ volatile char *vcptr = (volatile char*)ptr;
+ while (cnt--)
+ *vcptr++ = 0;
+}
+#endif
+#elif defined(HAVE_READPASSPHRASE_H)
+#include <readpassphrase.h>
+#else
+#include "tor_readpassphrase.h"
+#endif
#ifndef HAVE_GETTIMEOFDAY
#ifdef HAVE_FTIME
@@ -131,15 +160,19 @@
#include "strlcat.c"
#endif
+/* When set_max_file_descriptors() is called, update this with the max file
+ * descriptor value so we can use it to check the limit when opening a new
+ * socket. Default value is what Debian sets as the default hard limit. */
+static int max_sockets = 1024;
+
/** As open(path, flags, mode), but return an fd with the close-on-exec mode
* set. */
int
tor_open_cloexec(const char *path, int flags, unsigned mode)
{
int fd;
- const char *p = path;
+ const char *p = sandbox_intern_string(path);
#ifdef O_CLOEXEC
- p = sandbox_intern_string(path);
fd = open(p, flags|O_CLOEXEC, mode);
if (fd >= 0)
return fd;
@@ -1156,12 +1189,20 @@ mark_socket_open(tor_socket_t s)
/** @} */
/** As socket(), but counts the number of open sockets. */
-tor_socket_t
-tor_open_socket(int domain, int type, int protocol)
+MOCK_IMPL(tor_socket_t,
+tor_open_socket,(int domain, int type, int protocol))
{
return tor_open_socket_with_extensions(domain, type, protocol, 1, 0);
}
+/** Mockable wrapper for connect(). */
+MOCK_IMPL(tor_socket_t,
+tor_connect_socket,(tor_socket_t socket,const struct sockaddr *address,
+ socklen_t address_len))
+{
+ return connect(socket,address,address_len);
+}
+
/** As socket(), but creates a nonblocking socket and
* counts the number of open sockets. */
tor_socket_t
@@ -1179,6 +1220,18 @@ tor_open_socket_with_extensions(int domain, int type, int protocol,
int cloexec, int nonblock)
{
tor_socket_t s;
+
+ /* We are about to create a new file descriptor so make sure we have
+ * enough of them. */
+ if (get_n_open_sockets() >= max_sockets - 1) {
+#ifdef _WIN32
+ WSASetLastError(WSAEMFILE);
+#else
+ errno = EMFILE;
+#endif
+ return TOR_INVALID_SOCKET;
+ }
+
#if defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK)
int ext_flags = (cloexec ? SOCK_CLOEXEC : 0) |
(nonblock ? SOCK_NONBLOCK : 0);
@@ -1250,6 +1303,18 @@ tor_accept_socket_with_extensions(tor_socket_t sockfd, struct sockaddr *addr,
socklen_t *len, int cloexec, int nonblock)
{
tor_socket_t s;
+
+ /* We are about to create a new file descriptor so make sure we have
+ * enough of them. */
+ if (get_n_open_sockets() >= max_sockets - 1) {
+#ifdef _WIN32
+ WSASetLastError(WSAEMFILE);
+#else
+ errno = EMFILE;
+#endif
+ return TOR_INVALID_SOCKET;
+ }
+
#if defined(HAVE_ACCEPT4) && defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK)
int ext_flags = (cloexec ? SOCK_CLOEXEC : 0) |
(nonblock ? SOCK_NONBLOCK : 0);
@@ -1308,6 +1373,14 @@ get_n_open_sockets(void)
return n;
}
+/** Mockable wrapper for getsockname(). */
+MOCK_IMPL(int,
+tor_getsockname,(tor_socket_t socket, struct sockaddr *address,
+ socklen_t *address_len))
+{
+ return getsockname(socket, address, address_len);
+}
+
/** Turn <b>socket</b> into a nonblocking socket. Return 0 on success, -1
* on failure.
*/
@@ -1519,24 +1592,43 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
}
#endif
+/* Return the maximum number of allowed sockets. */
+int
+get_max_sockets(void)
+{
+ return max_sockets;
+}
+
/** Number of extra file descriptors to keep in reserve beyond those that we
* tell Tor it's allowed to use. */
#define ULIMIT_BUFFER 32 /* keep 32 extra fd's beyond ConnLimit_ */
-/** Learn the maximum allowed number of file descriptors, and tell the system
- * we want to use up to that number. (Some systems have a low soft limit, and
- * let us set it higher.)
+/** Learn the maximum allowed number of file descriptors, and tell the
+ * system we want to use up to that number. (Some systems have a low soft
+ * limit, and let us set it higher.) We compute this by finding the largest
+ * number that we can use.
+ *
+ * If the limit is below the reserved file descriptor value (ULIMIT_BUFFER),
+ * return -1 and <b>max_out</b> is untouched.
*
- * We compute this by finding the largest number that we can use.
- * If we can't find a number greater than or equal to <b>limit</b>,
- * then we fail: return -1.
+ * If we can't find a number greater than or equal to <b>limit</b>, then we
+ * fail by returning -1 and <b>max_out</b> is untouched.
*
- * If <b>limit</b> is 0, then do not adjust the current maximum.
+ * If we are unable to set the limit value because of setrlimit() failing,
+ * return -1 and <b>max_out</b> is set to the current maximum value returned
+ * by getrlimit().
*
- * Otherwise, return 0 and store the maximum we found inside <b>max_out</b>.*/
+ * Otherwise, return 0 and store the maximum we found inside <b>max_out</b>
+ * and set <b>max_sockets</b> with that value as well.*/
int
set_max_file_descriptors(rlim_t limit, int *max_out)
{
+ if (limit < ULIMIT_BUFFER) {
+ log_warn(LD_CONFIG,
+ "ConnLimit must be at least %d. Failing.", ULIMIT_BUFFER);
+ return -1;
+ }
+
/* Define some maximum connections values for systems where we cannot
* automatically determine a limit. Re Cygwin, see
* http://archives.seul.org/or/talk/Aug-2006/msg00210.html
@@ -1571,14 +1663,6 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
strerror(errno));
return -1;
}
- if (limit == 0) {
- /* If limit == 0, return the maximum value without setting it. */
- limit = rlim.rlim_max;
- if (limit > INT_MAX)
- limit = INT_MAX;
- *max_out = (int)limit - ULIMIT_BUFFER;
- return 0;
- }
if (rlim.rlim_max < limit) {
log_warn(LD_CONFIG,"We need %lu file descriptors available, and we're "
"limited to %lu. Please change your ulimit -n.",
@@ -1590,6 +1674,9 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
log_info(LD_NET,"Raising max file descriptors from %lu to %lu.",
(unsigned long)rlim.rlim_cur, (unsigned long)rlim.rlim_max);
}
+ /* Set the current limit value so if the attempt to set the limit to the
+ * max fails at least we'll have a valid value of maximum sockets. */
+ *max_out = max_sockets = (int)rlim.rlim_cur - ULIMIT_BUFFER;
rlim.rlim_cur = rlim.rlim_max;
if (setrlimit(RLIMIT_NOFILE, &rlim) != 0) {
@@ -1623,15 +1710,10 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
limit = rlim.rlim_cur;
#endif /* HAVE_GETRLIMIT */
- if (limit < ULIMIT_BUFFER) {
- log_warn(LD_CONFIG,
- "ConnLimit must be at least %d. Failing.", ULIMIT_BUFFER);
- return -1;
- }
if (limit > INT_MAX)
limit = INT_MAX;
tor_assert(max_out);
- *max_out = (int)limit - ULIMIT_BUFFER;
+ *max_out = max_sockets = (int)limit - ULIMIT_BUFFER;
return 0;
}
@@ -2684,6 +2766,7 @@ correct_tm(int islocal, const time_t *timep, struct tm *resultbuf,
r->tm_mon = 11;
r->tm_mday = 31;
r->tm_yday = 364;
+ r->tm_wday = 6;
r->tm_hour = 23;
r->tm_min = 59;
r->tm_sec = 59;
@@ -2692,6 +2775,7 @@ correct_tm(int islocal, const time_t *timep, struct tm *resultbuf,
r->tm_mon = 0;
r->tm_mday = 1;
r->tm_yday = 0;
+ r->tm_wday = 0;
r->tm_hour = 0;
r->tm_min = 0;
r->tm_sec = 0;
@@ -2709,6 +2793,7 @@ correct_tm(int islocal, const time_t *timep, struct tm *resultbuf,
r->tm_mon = 0;
r->tm_mday = 1;
r->tm_yday = 0;
+ r->tm_wday = 0;
r->tm_hour = 0;
r->tm_min = 0 ;
r->tm_sec = 0;
@@ -2722,6 +2807,7 @@ correct_tm(int islocal, const time_t *timep, struct tm *resultbuf,
r->tm_mon = 11;
r->tm_mday = 31;
r->tm_yday = 364;
+ r->tm_wday = 6;
r->tm_hour = 23;
r->tm_min = 59;
r->tm_sec = 59;
@@ -3226,3 +3312,120 @@ tor_sleep_msec(int msec)
}
#endif
+/** Emit the password prompt <b>prompt</b>, then read up to <b>buflen</b>
+ * bytes of passphrase into <b>output</b>. Return the number of bytes in
+ * the passphrase, excluding terminating NUL.
+ */
+ssize_t
+tor_getpass(const char *prompt, char *output, size_t buflen)
+{
+ tor_assert(buflen <= SSIZE_MAX);
+ tor_assert(buflen >= 1);
+#if defined(HAVE_READPASSPHRASE)
+ char *pwd = readpassphrase(prompt, output, buflen, RPP_ECHO_OFF);
+ if (pwd == NULL)
+ return -1;
+ return strlen(pwd);
+#elif defined(_WIN32)
+ int r = -1;
+ while (*prompt) {
+ _putch(*prompt++);
+ }
+
+ tor_assert(buflen <= INT_MAX);
+ wchar_t *buf = tor_calloc(buflen, sizeof(wchar_t));
+
+ wchar_t *ptr = buf, *lastch = buf + buflen - 1;
+ while (ptr < lastch) {
+ wint_t ch = _getwch();
+ switch (ch) {
+ case '\r':
+ case '\n':
+ case WEOF:
+ goto done_reading;
+ case 3:
+ goto done; /* Can't actually read ctrl-c this way. */
+ case '\b':
+ if (ptr > buf)
+ --ptr;
+ continue;
+ case 0:
+ case 0xe0:
+ ch = _getwch(); /* Ignore; this is a function or arrow key */
+ break;
+ default:
+ *ptr++ = ch;
+ break;
+ }
+ }
+ done_reading:
+ ;
+
+#ifndef WC_ERR_INVALID_CHARS
+#define WC_ERR_INVALID_CHARS 0x80
+#endif
+
+ /* Now convert it to UTF-8 */
+ r = WideCharToMultiByte(CP_UTF8,
+ WC_NO_BEST_FIT_CHARS|WC_ERR_INVALID_CHARS,
+ buf, (int)(ptr-buf),
+ output, (int)(buflen-1),
+ NULL, NULL);
+ if (r <= 0) {
+ r = -1;
+ goto done;
+ }
+
+ tor_assert(r < (int)buflen);
+
+ output[r] = 0;
+
+ done:
+ SecureZeroMemory(buf, sizeof(wchar_t)*buflen);
+ tor_free(buf);
+ return r;
+#else
+#error "No implementation for tor_getpass found!"
+#endif
+}
+
+/** Return the amount of free disk space we have permission to use, in
+ * bytes. Return -1 if the amount of free space can't be determined. */
+int64_t
+tor_get_avail_disk_space(const char *path)
+{
+#ifdef HAVE_STATVFS
+ struct statvfs st;
+ int r;
+ memset(&st, 0, sizeof(st));
+
+ r = statvfs(path, &st);
+ if (r < 0)
+ return -1;
+
+ int64_t result = st.f_bavail;
+ if (st.f_frsize) {
+ result *= st.f_frsize;
+ } else if (st.f_bsize) {
+ result *= st.f_bsize;
+ } else {
+ return -1;
+ }
+
+ return result;
+#elif defined(_WIN32)
+ ULARGE_INTEGER freeBytesAvail;
+ BOOL ok;
+
+ ok = GetDiskFreeSpaceEx(path, &freeBytesAvail, NULL, NULL);
+ if (!ok) {
+ return -1;
+ }
+ return (int64_t)freeBytesAvail.QuadPart;
+#else
+ (void)path;
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
diff --git a/src/common/compat.h b/src/common/compat.h
index 11b41cded9..66cc079259 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -7,20 +7,12 @@
#define TOR_COMPAT_H
#include "orconfig.h"
-#include "torint.h"
-#include "testsupport.h"
#ifdef _WIN32
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x0501
-#endif
-#define WIN32_LEAN_AND_MEAN
-#if defined(_MSC_VER) && (_MSC_VER < 1300)
-#include <winsock.h>
-#else
#include <winsock2.h>
#include <ws2tcpip.h>
#endif
-#endif
+#include "torint.h"
+#include "testsupport.h"
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
@@ -50,6 +42,15 @@
#include <netinet6/in6.h>
#endif
+#if defined(__has_feature)
+# if __has_feature(address_sanitizer)
+/* Some of the fancy glibc strcmp() macros include references to memory that
+ * clang rejects because it is off the end of a less-than-3. Clang hates this,
+ * even though those references never actually happen. */
+# undef strcmp
+# endif
+#endif
+
#include <stdio.h>
#include <errno.h>
@@ -90,13 +91,8 @@
/* Try to get a reasonable __func__ substitute in place. */
#if defined(_MSC_VER)
-/* MSVC compilers before VC7 don't have __func__ at all; later ones call it
- * __FUNCTION__. */
-#if _MSC_VER < 1300
-#define __func__ "???"
-#else
+
#define __func__ __FUNCTION__
-#endif
#else
/* For platforms where autoconf works, make sure __func__ is defined
@@ -112,18 +108,8 @@
#endif /* ifndef MAVE_MACRO__func__ */
#endif /* if not windows */
-#if defined(_MSC_VER) && (_MSC_VER < 1300)
-/* MSVC versions before 7 apparently don't believe that you can cast uint64_t
- * to double and really mean it. */
-extern INLINE double U64_TO_DBL(uint64_t x) {
- int64_t i = (int64_t) x;
- return (i < 0) ? ((double) INT64_MAX) : (double) i;
-}
-#define DBL_TO_U64(x) ((uint64_t)(int64_t) (x))
-#else
#define U64_TO_DBL(x) ((double) (x))
#define DBL_TO_U64(x) ((uint64_t) (x))
-#endif
#ifdef ENUM_VALS_ARE_SIGNED
#define ENUM_BF(t) unsigned
@@ -428,6 +414,8 @@ int tor_fd_setpos(int fd, off_t pos);
int tor_fd_seekend(int fd);
int tor_ftruncate(int fd);
+int64_t tor_get_avail_disk_space(const char *path);
+
#ifdef _WIN32
#define PATH_SEPARATOR "\\"
#else
@@ -463,7 +451,8 @@ int tor_close_socket(tor_socket_t s);
tor_socket_t tor_open_socket_with_extensions(
int domain, int type, int protocol,
int cloexec, int nonblock);
-tor_socket_t tor_open_socket(int domain, int type, int protocol);
+MOCK_DECL(tor_socket_t,
+tor_open_socket,(int domain, int type, int protocol));
tor_socket_t tor_open_socket_nonblocking(int domain, int type, int protocol);
tor_socket_t tor_accept_socket(tor_socket_t sockfd, struct sockaddr *addr,
socklen_t *len);
@@ -474,8 +463,15 @@ tor_socket_t tor_accept_socket_with_extensions(tor_socket_t sockfd,
struct sockaddr *addr,
socklen_t *len,
int cloexec, int nonblock);
+MOCK_DECL(tor_socket_t,
+tor_connect_socket,(tor_socket_t socket,const struct sockaddr *address,
+ socklen_t address_len));
int get_n_open_sockets(void);
+MOCK_DECL(int,
+tor_getsockname,(tor_socket_t socket, struct sockaddr *address,
+ socklen_t *address_len));
+
#define tor_socket_send(s, buf, len, flags) send(s, buf, len, flags)
#define tor_socket_recv(s, buf, len, flags) recv(s, buf, len, flags)
@@ -572,10 +568,12 @@ int network_init(void);
#define ERRNO_IS_ACCEPT_EAGAIN(e) ERRNO_IS_EAGAIN(e)
/** Return true if e is EMFILE or another error indicating that a call to
* accept() has failed because we're out of fds or something. */
-#define ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e) \
+#define ERRNO_IS_RESOURCE_LIMIT(e) \
((e) == WSAEMFILE || (e) == WSAENOBUFS)
/** Return true if e is EADDRINUSE or the local equivalent. */
#define ERRNO_IS_EADDRINUSE(e) ((e) == WSAEADDRINUSE)
+/** Return true if e is EINTR or the local equivalent */
+#define ERRNO_IS_EINTR(e) ((e) == WSAEINTR || 0)
int tor_socket_errno(tor_socket_t sock);
const char *tor_socket_strerror(int e);
#else
@@ -586,11 +584,12 @@ const char *tor_socket_strerror(int e);
#else
#define ERRNO_IS_EAGAIN(e) ((e) == EAGAIN || (e) == EWOULDBLOCK)
#endif
+#define ERRNO_IS_EINTR(e) ((e) == EINTR || 0)
#define ERRNO_IS_EINPROGRESS(e) ((e) == EINPROGRESS || 0)
#define ERRNO_IS_CONN_EINPROGRESS(e) ((e) == EINPROGRESS || 0)
#define ERRNO_IS_ACCEPT_EAGAIN(e) \
(ERRNO_IS_EAGAIN(e) || (e) == ECONNABORTED)
-#define ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e) \
+#define ERRNO_IS_RESOURCE_LIMIT(e) \
((e) == EMFILE || (e) == ENFILE || (e) == ENOBUFS || (e) == ENOMEM)
#define ERRNO_IS_EADDRINUSE(e) (((e) == EADDRINUSE) || 0)
#define tor_socket_errno(sock) (errno)
@@ -632,6 +631,7 @@ set_uint8(void *cp, uint8_t v)
#if !defined(HAVE_RLIM_T)
typedef unsigned long rlim_t;
#endif
+int get_max_sockets(void);
int set_max_file_descriptors(rlim_t limit, int *max);
int tor_disable_debugger_attach(void);
int switch_id(const char *user);
@@ -700,6 +700,8 @@ STATIC int tor_ersatz_socketpair(int family, int type, int protocol,
#endif
#endif
+ssize_t tor_getpass(const char *prompt, char *output, size_t buflen);
+
/* This needs some of the declarations above so we include it here. */
#include "compat_threads.h"
diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c
index 15308dd4cb..a366b6c9c6 100644
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@@ -56,11 +56,6 @@ typedef uint32_t le_version_t;
* it is. */
#define LE_OTHER V(0,0,99)
-#if 0
-static le_version_t tor_get_libevent_version(const char **v_out);
-#endif
-
-#if defined(HAVE_EVENT_SET_LOG_CALLBACK) || defined(RUNNING_DOXYGEN)
/** A string which, if it appears in a libevent log, should be ignored. */
static const char *suppress_msg = NULL;
/** Callback function passed to event_set_log() so we can intercept
@@ -107,17 +102,6 @@ suppress_libevent_log_msg(const char *msg)
{
suppress_msg = msg;
}
-#else
-void
-configure_libevent_logging(void)
-{
-}
-void
-suppress_libevent_log_msg(const char *msg)
-{
- (void)msg;
-}
-#endif
#ifndef HAVE_EVENT2_EVENT_H
/** Work-alike replacement for event_new() on pre-Libevent-2.0 systems. */
@@ -275,19 +259,11 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg)
exit(1);
}
-#if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
/* Making this a NOTICE for now so we can link bugs to a libevent versions
* or methods better. */
log_info(LD_GENERAL,
"Initialized libevent version %s using method %s. Good.",
event_get_version(), tor_libevent_get_method());
-#else
- log_notice(LD_GENERAL,
- "Initialized old libevent (version 1.0b or earlier).");
- log_warn(LD_GENERAL,
- "You have a *VERY* old version of libevent. It is likely to be buggy; "
- "please build Tor with a more recent version.");
-#endif
#ifdef USE_BUFFEREVENTS
tor_libevent_set_tick_timeout(torcfg->msec_per_tick);
@@ -301,27 +277,14 @@ tor_libevent_get_base, (void))
return the_event_base;
}
-#ifndef HAVE_EVENT_BASE_LOOPEXIT
-/** Replacement for event_base_loopexit on some very old versions of Libevent
- * that we are not yet brave enough to deprecate. */
-int
-tor_event_base_loopexit(struct event_base *base, struct timeval *tv)
-{
- tor_assert(base == the_event_base);
- return event_loopexit(tv);
-}
-#endif
-
/** Return the name of the Libevent backend we're using. */
const char *
tor_libevent_get_method(void)
{
#ifdef HAVE_EVENT2_EVENT_H
return event_base_get_method(the_event_base);
-#elif defined(HAVE_EVENT_GET_METHOD)
- return event_get_method();
#else
- return "<unknown>";
+ return event_get_method();
#endif
}
@@ -376,54 +339,12 @@ le_versions_compatibility(le_version_t v)
return 5;
}
-#if 0
-/** Return the version number of the currently running version of Libevent.
- * See le_version_t for info on the format.
- */
-static le_version_t
-tor_get_libevent_version(const char **v_out)
-{
- const char *v;
- le_version_t r;
-#if defined(HAVE_EVENT_GET_VERSION_NUMBER)
- v = event_get_version();
- r = event_get_version_number();
-#elif defined (HAVE_EVENT_GET_VERSION)
- v = event_get_version();
- r = tor_decode_libevent_version(v);
-#else
- v = "pre-1.0c";
- r = LE_OLD;
-#endif
- if (v_out)
- *v_out = v;
- return r;
-}
-#endif
-
/** Return a string representation of the version of the currently running
* version of Libevent. */
const char *
tor_libevent_get_version_str(void)
{
-#ifdef HAVE_EVENT_GET_VERSION
return event_get_version();
-#else
- return "pre-1.0c";
-#endif
-}
-
-/**
- * Compare the current Libevent method and version to a list of versions
- * which are known not to work. Warn the user as appropriate.
- */
-void
-tor_check_libevent_version(const char *m, int server,
- const char **badness_out)
-{
- (void) m;
- (void) server;
- *badness_out = NULL;
}
#if defined(LIBEVENT_VERSION)
@@ -452,7 +373,7 @@ tor_check_libevent_header_compatibility(void)
/* In libevent versions before 2.0, it's hard to keep binary compatibility
* between upgrades, and unpleasant to detect when the version we compiled
* against is unlike the version we have linked against. Here's how. */
-#if defined(HEADER_VERSION) && defined(HAVE_EVENT_GET_VERSION)
+#if defined(HEADER_VERSION)
/* We have a header-file version and a function-call version. Easy. */
if (strcmp(HEADER_VERSION, event_get_version())) {
le_version_t v1, v2;
@@ -474,7 +395,7 @@ tor_check_libevent_header_compatibility(void)
else
log_info(LD_GENERAL, "I think these versions are binary-compatible.");
}
-#elif defined(HAVE_EVENT_GET_VERSION)
+#else
/* event_get_version but no _EVENT_VERSION. We might be in 1.4.0-beta or
earlier, where that's normal. To see whether we were compiled with an
earlier version, let's see whether the struct event defines MIN_HEAP_IDX.
@@ -504,9 +425,6 @@ tor_check_libevent_header_compatibility(void)
}
#endif
-#elif defined(HEADER_VERSION)
-#warn "_EVENT_VERSION is defined but not get_event_version(): Libevent is odd."
-#else
/* Your libevent is ancient. */
#endif
}
diff --git a/src/common/compat_libevent.h b/src/common/compat_libevent.h
index 6bbfae0056..39181efb7b 100644
--- a/src/common/compat_libevent.h
+++ b/src/common/compat_libevent.h
@@ -52,12 +52,7 @@ periodic_timer_t *periodic_timer_new(struct event_base *base,
void *data);
void periodic_timer_free(periodic_timer_t *);
-#ifdef HAVE_EVENT_BASE_LOOPEXIT
#define tor_event_base_loopexit event_base_loopexit
-#else
-struct timeval;
-int tor_event_base_loopexit(struct event_base *base, struct timeval *tv);
-#endif
/** Defines a configuration for using libevent with Tor: passed as an argument
* to tor_libevent_initialize() to describe how we want to set up. */
@@ -74,8 +69,6 @@ typedef struct tor_libevent_cfg {
void tor_libevent_initialize(tor_libevent_cfg *cfg);
MOCK_DECL(struct event_base *, tor_libevent_get_base, (void));
const char *tor_libevent_get_method(void);
-void tor_check_libevent_version(const char *m, int server,
- const char **badness_out);
void tor_check_libevent_header_compatibility(void);
const char *tor_libevent_get_version_str(void);
const char *tor_libevent_get_header_version_str(void);
diff --git a/src/common/compat_pthreads.c b/src/common/compat_pthreads.c
index 246076b276..b1d87d38f2 100644
--- a/src/common/compat_pthreads.c
+++ b/src/common/compat_pthreads.c
@@ -50,7 +50,8 @@ static pthread_attr_t attr_detached;
static int threads_initialized = 0;
/** Minimalist interface to run a void function in the background. On
- * Unix calls fork, on win32 calls beginthread. Returns -1 on failure.
+ * Unix calls pthread_create, on win32 calls beginthread. Returns -1 on
+ * failure.
* func should not return, but rather should call spawn_exit.
*
* NOTE: if <b>data</b> is used, it should not be allocated on the stack,
@@ -63,13 +64,17 @@ spawn_func(void (*func)(void *), void *data)
{
pthread_t thread;
tor_pthread_data_t *d;
- if (PREDICT_UNLIKELY(!threads_initialized))
+ if (PREDICT_UNLIKELY(!threads_initialized)) {
tor_threads_init();
+ }
d = tor_malloc(sizeof(tor_pthread_data_t));
d->data = data;
d->func = func;
- if (pthread_create(&thread,&attr_detached,tor_pthread_helper_fn,d))
+ if (pthread_create(&thread, &attr_detached, tor_pthread_helper_fn, d)) {
+ tor_free(d);
return -1;
+ }
+
return 0;
}
@@ -91,10 +96,9 @@ static pthread_mutexattr_t attr_recursive;
void
tor_mutex_init(tor_mutex_t *mutex)
{
- int err;
if (PREDICT_UNLIKELY(!threads_initialized))
tor_threads_init();
- err = pthread_mutex_init(&mutex->mutex, &attr_recursive);
+ const int err = pthread_mutex_init(&mutex->mutex, &attr_recursive);
if (PREDICT_UNLIKELY(err)) {
log_err(LD_GENERAL, "Error %d creating a mutex.", err);
tor_fragile_assert();
@@ -181,7 +185,8 @@ tor_cond_init(tor_cond_t *cond)
return -1;
}
-#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC)
+#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) \
+ && defined(HAVE_PTHREAD_CONDATTR_SETCLOCK)
/* Use monotonic time so when we timedwait() on it, any clock adjustment
* won't affect the timeout value. */
if (pthread_condattr_setclock(&condattr, CLOCK_MONOTONIC)) {
@@ -271,6 +276,33 @@ tor_cond_signal_all(tor_cond_t *cond)
pthread_cond_broadcast(&cond->cond);
}
+int
+tor_threadlocal_init(tor_threadlocal_t *threadlocal)
+{
+ int err = pthread_key_create(&threadlocal->key, NULL);
+ return err ? -1 : 0;
+}
+
+void
+tor_threadlocal_destroy(tor_threadlocal_t *threadlocal)
+{
+ pthread_key_delete(threadlocal->key);
+ memset(threadlocal, 0, sizeof(tor_threadlocal_t));
+}
+
+void *
+tor_threadlocal_get(tor_threadlocal_t *threadlocal)
+{
+ return pthread_getspecific(threadlocal->key);
+}
+
+void
+tor_threadlocal_set(tor_threadlocal_t *threadlocal, void *value)
+{
+ int err = pthread_setspecific(threadlocal->key, value);
+ tor_assert(err == 0);
+}
+
/** Set up common structures for use by threading. */
void
tor_threads_init(void)
@@ -278,12 +310,14 @@ tor_threads_init(void)
if (!threads_initialized) {
pthread_mutexattr_init(&attr_recursive);
pthread_mutexattr_settype(&attr_recursive, PTHREAD_MUTEX_RECURSIVE);
- tor_assert(0==pthread_attr_init(&attr_detached));
+ const int ret1 = pthread_attr_init(&attr_detached);
+ tor_assert(ret1 == 0);
#ifndef PTHREAD_CREATE_DETACHED
#define PTHREAD_CREATE_DETACHED 1
#endif
- tor_assert(0==pthread_attr_setdetachstate(&attr_detached,
- PTHREAD_CREATE_DETACHED));
+ const int ret2 =
+ pthread_attr_setdetachstate(&attr_detached, PTHREAD_CREATE_DETACHED);
+ tor_assert(ret2 == 0);
threads_initialized = 1;
set_main_thread();
}
diff --git a/src/common/compat_threads.c b/src/common/compat_threads.c
index 15648d2851..85ad737574 100644
--- a/src/common/compat_threads.c
+++ b/src/common/compat_threads.c
@@ -88,7 +88,7 @@ in_main_thread(void)
}
#if defined(HAVE_EVENTFD) || defined(HAVE_PIPE)
-/* non-interruptable versions */
+/* As write(), but retry on EINTR */
static int
write_ni(int fd, const void *buf, size_t n)
{
@@ -99,6 +99,7 @@ write_ni(int fd, const void *buf, size_t n)
goto again;
return r;
}
+/* As read(), but retry on EINTR */
static int
read_ni(int fd, void *buf, size_t n)
{
@@ -111,30 +112,32 @@ read_ni(int fd, void *buf, size_t n)
}
#endif
-/* non-interruptable versions */
+/** As send(), but retry on EINTR. */
static int
send_ni(int fd, const void *buf, size_t n, int flags)
{
int r;
again:
r = (int) send(fd, buf, n, flags);
- if (r < 0 && errno == EINTR)
+ if (r < 0 && ERRNO_IS_EINTR(tor_socket_errno(fd)))
goto again;
return r;
}
+/** As recv(), but retry on EINTR. */
static int
recv_ni(int fd, void *buf, size_t n, int flags)
{
int r;
again:
- r = (int) recv(fd, buf, n, flags);
- if (r < 0 && errno == EINTR)
+ r = (int) recv(fd, buf, n, flags);
+ if (r < 0 && ERRNO_IS_EINTR(tor_socket_errno(fd)))
goto again;
return r;
}
#ifdef HAVE_EVENTFD
+/* Increment the event count on an eventfd <b>fd</b> */
static int
eventfd_alert(int fd)
{
@@ -145,6 +148,7 @@ eventfd_alert(int fd)
return 0;
}
+/* Drain all events from an eventfd <b>fd</b>. */
static int
eventfd_drain(int fd)
{
@@ -157,6 +161,7 @@ eventfd_drain(int fd)
#endif
#ifdef HAVE_PIPE
+/** Send a byte over a pipe. Return 0 on success or EAGAIN; -1 on error */
static int
pipe_alert(int fd)
{
@@ -166,6 +171,8 @@ pipe_alert(int fd)
return 0;
}
+/** Drain all input from a pipe <b>fd</b> and ignore it. Return 0 on
+ * success, -1 on error. */
static int
pipe_drain(int fd)
{
@@ -181,6 +188,8 @@ pipe_drain(int fd)
}
#endif
+/** Send a byte on socket <b>fd</b>t. Return 0 on success or EAGAIN,
+ * -1 on error. */
static int
sock_alert(tor_socket_t fd)
{
@@ -190,6 +199,8 @@ sock_alert(tor_socket_t fd)
return 0;
}
+/** Drain all the input from a socket <b>fd</b>, and ignore it. Return 0 on
+ * success, -1 on error. */
static int
sock_drain(tor_socket_t fd)
{
diff --git a/src/common/compat_threads.h b/src/common/compat_threads.h
index acf3083f37..71562ba3ef 100644
--- a/src/common/compat_threads.h
+++ b/src/common/compat_threads.h
@@ -111,5 +111,41 @@ typedef struct alert_sockets_s {
int alert_sockets_create(alert_sockets_t *socks_out, uint32_t flags);
void alert_sockets_close(alert_sockets_t *socks);
+typedef struct tor_threadlocal_s {
+#ifdef _WIN32
+ DWORD index;
+#else
+ pthread_key_t key;
+#endif
+} tor_threadlocal_t;
+
+/** Initialize a thread-local variable.
+ *
+ * After you call this function on a tor_threadlocal_t, you can call
+ * tor_threadlocal_set to change the current value of this variable for the
+ * current thread, and tor_threadlocal_get to retrieve the current value for
+ * the current thread. Each thread has its own value.
+ **/
+int tor_threadlocal_init(tor_threadlocal_t *threadlocal);
+/**
+ * Release all resource associated with a thread-local variable.
+ */
+void tor_threadlocal_destroy(tor_threadlocal_t *threadlocal);
+/**
+ * Return the current value of a thread-local variable for this thread.
+ *
+ * It's undefined behavior to use this function if the threadlocal hasn't
+ * been initialized, or has been destroyed.
+ */
+void *tor_threadlocal_get(tor_threadlocal_t *threadlocal);
+/**
+ * Change the current value of a thread-local variable for this thread to
+ * <b>value</b>.
+ *
+ * It's undefined behavior to use this function if the threadlocal hasn't
+ * been initialized, or has been destroyed.
+ */
+void tor_threadlocal_set(tor_threadlocal_t *threadlocal, void *value);
+
#endif
diff --git a/src/common/compat_winthreads.c b/src/common/compat_winthreads.c
index 71b994c4e4..9a87daa871 100644
--- a/src/common/compat_winthreads.c
+++ b/src/common/compat_winthreads.c
@@ -3,6 +3,8 @@
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
+#ifdef _WIN32
+
#include "compat.h"
#include <windows.h>
#include <process.h>
@@ -123,6 +125,49 @@ tor_cond_signal_all(tor_cond_t *cond)
}
int
+tor_threadlocal_init(tor_threadlocal_t *threadlocal)
+{
+ threadlocal->index = TlsAlloc();
+ return (threadlocal->index == TLS_OUT_OF_INDEXES) ? -1 : 0;
+}
+
+void
+tor_threadlocal_destroy(tor_threadlocal_t *threadlocal)
+{
+ TlsFree(threadlocal->index);
+ memset(threadlocal, 0, sizeof(tor_threadlocal_t));
+}
+
+void *
+tor_threadlocal_get(tor_threadlocal_t *threadlocal)
+{
+ void *value = TlsGetValue(threadlocal->index);
+ if (value == NULL) {
+ DWORD err = GetLastError();
+ if (err != ERROR_SUCCESS) {
+ char *msg = format_win32_error(err);
+ log_err(LD_GENERAL, "Error retrieving thread-local value: %s", msg);
+ tor_free(msg);
+ tor_assert(err == ERROR_SUCCESS);
+ }
+ }
+ return value;
+}
+
+void
+tor_threadlocal_set(tor_threadlocal_t *threadlocal, void *value)
+{
+ BOOL ok = TlsSetValue(threadlocal->index, value);
+ if (!ok) {
+ DWORD err = GetLastError();
+ char *msg = format_win32_error(err);
+ log_err(LD_GENERAL, "Error adjusting thread-local value: %s", msg);
+ tor_free(msg);
+ tor_assert(ok);
+ }
+}
+
+int
tor_cond_wait(tor_cond_t *cond, tor_mutex_t *lock_, const struct timeval *tv)
{
CRITICAL_SECTION *lock = &lock_->mutex;
@@ -194,3 +239,5 @@ tor_threads_init(void)
set_main_thread();
}
+#endif
+
diff --git a/src/common/container.c b/src/common/container.c
index 76c129df0b..8c66bd89e4 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -211,6 +211,19 @@ smartlist_string_pos(const smartlist_t *sl, const char *element)
return -1;
}
+/** If <b>element</b> is the same pointer as an element of <b>sl</b>, return
+ * that element's index. Otherwise, return -1. */
+int
+smartlist_pos(const smartlist_t *sl, const void *element)
+{
+ int i;
+ if (!sl) return -1;
+ for (i=0; i < sl->num_used; i++)
+ if (element == sl->list[i])
+ return i;
+ return -1;
+}
+
/** Return true iff <b>sl</b> has some element E such that
* !strcasecmp(E,<b>element</b>)
*/
@@ -732,7 +745,7 @@ smartlist_sort_strings(smartlist_t *sl)
}
/** Return the most frequent string in the sorted list <b>sl</b> */
-char *
+const char *
smartlist_get_most_frequent_string(smartlist_t *sl)
{
return smartlist_get_most_frequent(sl, compare_string_ptrs_);
@@ -742,7 +755,7 @@ smartlist_get_most_frequent_string(smartlist_t *sl)
* If <b>count_out</b> is provided, set <b>count_out</b> to the
* number of times that string appears.
*/
-char *
+const char *
smartlist_get_most_frequent_string_(smartlist_t *sl, int *count_out)
{
return smartlist_get_most_frequent_(sl, compare_string_ptrs_, count_out);
@@ -1010,7 +1023,7 @@ smartlist_sort_digests256(smartlist_t *sl)
/** Return the most frequent member of the sorted list of DIGEST256_LEN
* digests in <b>sl</b> */
-char *
+const uint8_t *
smartlist_get_most_frequent_digest256(smartlist_t *sl)
{
return smartlist_get_most_frequent(sl, compare_digests256_);
diff --git a/src/common/container.h b/src/common/container.h
index 457b5e4ea0..bf4f04762c 100644
--- a/src/common/container.h
+++ b/src/common/container.h
@@ -38,6 +38,7 @@ void smartlist_reverse(smartlist_t *sl);
void smartlist_string_remove(smartlist_t *sl, const char *element);
int smartlist_contains(const smartlist_t *sl, const void *element);
int smartlist_contains_string(const smartlist_t *sl, const char *element);
+int smartlist_pos(const smartlist_t *sl, const void *element);
int smartlist_string_pos(const smartlist_t *, const char *elt);
int smartlist_contains_string_case(const smartlist_t *sl, const char *element);
int smartlist_contains_int_as_string(const smartlist_t *sl, int num);
@@ -108,9 +109,10 @@ void smartlist_sort_digests(smartlist_t *sl);
void smartlist_sort_digests256(smartlist_t *sl);
void smartlist_sort_pointers(smartlist_t *sl);
-char *smartlist_get_most_frequent_string(smartlist_t *sl);
-char *smartlist_get_most_frequent_string_(smartlist_t *sl, int *count_out);
-char *smartlist_get_most_frequent_digest256(smartlist_t *sl);
+const char *smartlist_get_most_frequent_string(smartlist_t *sl);
+const char *smartlist_get_most_frequent_string_(smartlist_t *sl,
+ int *count_out);
+const uint8_t *smartlist_get_most_frequent_digest256(smartlist_t *sl);
void smartlist_uniq_strings(smartlist_t *sl);
void smartlist_uniq_digests(smartlist_t *sl);
@@ -360,7 +362,7 @@ char *smartlist_join_strings2(smartlist_t *sl, const char *join,
DECLARE_MAP_FNS(strmap_t, const char *, strmap_);
/* Map from const char[DIGEST_LEN] to void *. Implemented with a hash table. */
DECLARE_MAP_FNS(digestmap_t, const char *, digestmap_);
-/* Map from const uint8_t[DIGEST_LEN] to void *. Implemented with a hash
+/* Map from const uint8_t[DIGEST256_LEN] to void *. Implemented with a hash
* table. */
DECLARE_MAP_FNS(digest256map_t, const uint8_t *, digest256map_);
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 8402ca079a..57981f9a00 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -13,10 +13,7 @@
#include "orconfig.h"
#ifdef _WIN32
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x0501
-#endif
-#define WIN32_LEAN_AND_MEAN
+#include <winsock2.h>
#include <windows.h>
#include <wincrypt.h>
/* Windows defines this; so does OpenSSL 0.9.8h and later. We don't actually
@@ -24,13 +21,24 @@
#undef OCSP_RESPONSE
#endif
+#include <openssl/opensslv.h>
+
+#define CRYPTO_PRIVATE
+#include "crypto.h"
+#include "crypto_curve25519.h"
+#include "crypto_ed25519.h"
+#include "crypto_format.h"
+
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
+#error "We require OpenSSL >= 1.0.0"
+#endif
+
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#include <openssl/rand.h>
-#include <openssl/opensslv.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/conf.h>
@@ -49,18 +57,13 @@
#include <sys/fcntl.h>
#endif
-#define CRYPTO_PRIVATE
-#include "crypto.h"
-#include "../common/torlog.h"
+#include "torlog.h"
#include "aes.h"
-#include "../common/util.h"
+#include "util.h"
#include "container.h"
#include "compat.h"
#include "sandbox.h"
-
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)
-#error "We require OpenSSL >= 0.9.8"
-#endif
+#include "util_format.h"
#ifdef ANDROID
/* Android's OpenSSL seems to have removed all of its Engine support. */
@@ -300,19 +303,15 @@ crypto_early_init(void)
SSLeay(), SSLeay_version(SSLEAY_VERSION));
}
- if (SSLeay() < OPENSSL_V_SERIES(1,0,0)) {
- log_notice(LD_CRYPTO,
- "Your OpenSSL version seems to be %s. We recommend 1.0.0 "
- "or later.",
- crypto_openssl_get_version_str());
- }
-
crypto_force_rand_ssleay();
- if (crypto_seed_rng(1) < 0)
+ if (crypto_seed_rng() < 0)
return -1;
if (crypto_init_siphash_key() < 0)
return -1;
+
+ curve25519_init();
+ ed25519_init();
}
return 0;
}
@@ -391,7 +390,7 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
}
if (crypto_force_rand_ssleay()) {
- if (crypto_seed_rng(1) < 0)
+ if (crypto_seed_rng() < 0)
return -1;
}
@@ -405,7 +404,11 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
void
crypto_thread_cleanup(void)
{
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ ERR_remove_thread_state(NULL);
+#else
ERR_remove_state(0);
+#endif
}
/** used by tortls.c: wrap an RSA* in a crypto_pk_t. */
@@ -830,7 +833,7 @@ crypto_pk_public_exponent_ok(crypto_pk_t *env)
* Note that this may leak information about the keys through timing.
*/
int
-crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
+crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_pk_t *b)
{
int result;
char a_is_non_null = (a != NULL) && (a->key != NULL);
@@ -856,19 +859,19 @@ crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
* Note that this may leak information about the keys through timing.
*/
int
-crypto_pk_eq_keys(crypto_pk_t *a, crypto_pk_t *b)
+crypto_pk_eq_keys(const crypto_pk_t *a, const crypto_pk_t *b)
{
return (crypto_pk_cmp_keys(a, b) == 0);
}
/** Return the size of the public key modulus in <b>env</b>, in bytes. */
size_t
-crypto_pk_keysize(crypto_pk_t *env)
+crypto_pk_keysize(const crypto_pk_t *env)
{
tor_assert(env);
tor_assert(env->key);
- return (size_t) RSA_size(env->key);
+ return (size_t) RSA_size((RSA*)env->key);
}
/** Return the size of the public key modulus of <b>env</b>, in bits. */
@@ -997,7 +1000,7 @@ crypto_pk_private_decrypt(crypto_pk_t *env, char *to,
* at least the length of the modulus of <b>env</b>.
*/
int
-crypto_pk_public_checksig(crypto_pk_t *env, char *to,
+crypto_pk_public_checksig(const crypto_pk_t *env, char *to,
size_t tolen,
const char *from, size_t fromlen)
{
@@ -1069,7 +1072,7 @@ crypto_pk_public_checksig_digest(crypto_pk_t *env, const char *data,
* at least the length of the modulus of <b>env</b>.
*/
int
-crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
+crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen)
{
int r;
@@ -1084,7 +1087,7 @@ crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
r = RSA_private_encrypt((int)fromlen,
(unsigned char*)from, (unsigned char*)to,
- env->key, RSA_PKCS1_PADDING);
+ (RSA*)env->key, RSA_PKCS1_PADDING);
if (r<0) {
crypto_log_errors(LOG_WARN, "generating RSA signature");
return -1;
@@ -1298,7 +1301,7 @@ crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
unsigned char *buf = NULL;
int len;
- len = i2d_RSAPublicKey(pk->key, &buf);
+ len = i2d_RSAPublicKey((RSA*)pk->key, &buf);
if (len < 0 || buf == NULL)
return -1;
if (crypto_digest(digest_out, (char*)buf, len) < 0) {
@@ -1397,6 +1400,78 @@ crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out)
return 0;
}
+/** Given a crypto_pk_t <b>pk</b>, allocate a new buffer containing the
+ * Base64 encoding of the DER representation of the private key as a NUL
+ * terminated string, and return it via <b>priv_out</b>. Return 0 on
+ * sucess, -1 on failure.
+ *
+ * It is the caller's responsibility to sanitize and free the resulting buffer.
+ */
+int
+crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out)
+{
+ unsigned char *der = NULL;
+ int der_len;
+ int ret = -1;
+
+ *priv_out = NULL;
+
+ der_len = i2d_RSAPrivateKey(pk->key, &der);
+ if (der_len < 0 || der == NULL)
+ return ret;
+
+ size_t priv_len = base64_encode_size(der_len, 0) + 1;
+ char *priv = tor_malloc_zero(priv_len);
+ if (base64_encode(priv, priv_len, (char *)der, der_len, 0) >= 0) {
+ *priv_out = priv;
+ ret = 0;
+ } else {
+ tor_free(priv);
+ }
+
+ memwipe(der, 0, der_len);
+ OPENSSL_free(der);
+ return ret;
+}
+
+/** Given a string containing the Base64 encoded DER representation of the
+ * private key <b>str</b>, decode and return the result on success, or NULL
+ * on failure.
+ */
+crypto_pk_t *
+crypto_pk_base64_decode(const char *str, size_t len)
+{
+ crypto_pk_t *pk = NULL;
+
+ char *der = tor_malloc_zero(len + 1);
+ int der_len = base64_decode(der, len, str, len);
+ if (der_len <= 0) {
+ log_warn(LD_CRYPTO, "Stored RSA private key seems corrupted (base64).");
+ goto out;
+ }
+
+ const unsigned char *dp = (unsigned char*)der; /* Shut the compiler up. */
+ RSA *rsa = d2i_RSAPrivateKey(NULL, &dp, der_len);
+ if (!rsa) {
+ crypto_log_errors(LOG_WARN, "decoding private key");
+ goto out;
+ }
+
+ pk = crypto_new_pk_from_rsa_(rsa);
+
+ /* Make sure it's valid. */
+ if (crypto_pk_check_key(pk) <= 0) {
+ crypto_pk_free(pk);
+ pk = NULL;
+ goto out;
+ }
+
+ out:
+ memwipe(der, 0, len + 1);
+ tor_free(der);
+ return pk;
+}
+
/* symmetric crypto */
/** Return a pointer to the key set for the cipher in <b>env</b>.
@@ -1724,7 +1799,24 @@ crypto_digest_assign(crypto_digest_t *into,
* <b>out_len</b> must be \<= DIGEST256_LEN. */
void
crypto_digest_smartlist(char *digest_out, size_t len_out,
- const smartlist_t *lst, const char *append,
+ const smartlist_t *lst,
+ const char *append,
+ digest_algorithm_t alg)
+{
+ crypto_digest_smartlist_prefix(digest_out, len_out, NULL, lst, append, alg);
+}
+
+/** Given a list of strings in <b>lst</b>, set the <b>len_out</b>-byte digest
+ * at <b>digest_out</b> to the hash of the concatenation of: the
+ * optional string <b>prepend</b>, those strings,
+ * and the optional string <b>append</b>, computed with the algorithm
+ * <b>alg</b>.
+ * <b>out_len</b> must be \<= DIGEST256_LEN. */
+void
+crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
+ const char *prepend,
+ const smartlist_t *lst,
+ const char *append,
digest_algorithm_t alg)
{
crypto_digest_t *d;
@@ -1732,6 +1824,8 @@ crypto_digest_smartlist(char *digest_out, size_t len_out,
d = crypto_digest_new();
else
d = crypto_digest256_new(alg);
+ if (prepend)
+ crypto_digest_add_bytes(d, prepend, strlen(prepend));
SMARTLIST_FOREACH(lst, const char *, cp,
crypto_digest_add_bytes(d, cp, strlen(cp)));
if (append)
@@ -1768,235 +1862,12 @@ static BIGNUM *dh_param_p_tls = NULL;
/** Shared G parameter for our DH key exchanges. */
static BIGNUM *dh_param_g = NULL;
-/** Generate and return a reasonable and safe DH parameter p. */
-static BIGNUM *
-crypto_generate_dynamic_dh_modulus(void)
-{
- BIGNUM *dynamic_dh_modulus;
- DH *dh_parameters;
- int r, dh_codes;
- char *s;
-
- dynamic_dh_modulus = BN_new();
- tor_assert(dynamic_dh_modulus);
-
- dh_parameters = DH_new();
- tor_assert(dh_parameters);
-
- r = DH_generate_parameters_ex(dh_parameters,
- DH_BYTES*8, DH_GENERATOR, NULL);
- tor_assert(r == 0);
-
- r = DH_check(dh_parameters, &dh_codes);
- tor_assert(r && !dh_codes);
-
- BN_copy(dynamic_dh_modulus, dh_parameters->p);
- tor_assert(dynamic_dh_modulus);
-
- DH_free(dh_parameters);
-
- { /* log the dynamic DH modulus: */
- s = BN_bn2hex(dynamic_dh_modulus);
- tor_assert(s);
- log_info(LD_OR, "Dynamic DH modulus generated: [%s]", s);
- OPENSSL_free(s);
- }
-
- return dynamic_dh_modulus;
-}
-
-/** Store our dynamic DH modulus (and its group parameters) to
- <b>fname</b> for future use. */
-static int
-crypto_store_dynamic_dh_modulus(const char *fname)
-{
- int len, new_len;
- DH *dh = NULL;
- unsigned char *dh_string_repr = NULL;
- char *base64_encoded_dh = NULL;
- char *file_string = NULL;
- int retval = -1;
- static const char file_header[] = "# This file contains stored Diffie-"
- "Hellman parameters for future use.\n# You *do not* need to edit this "
- "file.\n\n";
-
- tor_assert(fname);
-
- if (!dh_param_p_tls) {
- log_info(LD_CRYPTO, "Tried to store a DH modulus that does not exist.");
- goto done;
- }
-
- if (!(dh = DH_new()))
- goto done;
- if (!(dh->p = BN_dup(dh_param_p_tls)))
- goto done;
- if (!(dh->g = BN_new()))
- goto done;
- if (!BN_set_word(dh->g, DH_GENERATOR))
- goto done;
-
- len = i2d_DHparams(dh, &dh_string_repr);
- if ((len < 0) || (dh_string_repr == NULL)) {
- log_warn(LD_CRYPTO, "Error occured while DER encoding DH modulus (2).");
- goto done;
- }
-
- base64_encoded_dh = tor_calloc(len, 2); /* should be enough */
- new_len = base64_encode(base64_encoded_dh, len * 2,
- (char *)dh_string_repr, len);
- if (new_len < 0) {
- log_warn(LD_CRYPTO, "Error occured while base64-encoding DH modulus.");
- goto done;
- }
-
- /* concatenate file header and the dh parameters blob */
- new_len = tor_asprintf(&file_string, "%s%s", file_header, base64_encoded_dh);
-
- /* write to file */
- if (write_bytes_to_new_file(fname, file_string, new_len, 0) < 0) {
- log_info(LD_CRYPTO, "'%s' was already occupied.", fname);
- goto done;
- }
-
- retval = 0;
-
- done:
- if (dh)
- DH_free(dh);
- if (dh_string_repr)
- OPENSSL_free(dh_string_repr);
- tor_free(base64_encoded_dh);
- tor_free(file_string);
-
- return retval;
-}
-
-/** Return the dynamic DH modulus stored in <b>fname</b>. If there is no
- dynamic DH modulus stored in <b>fname</b>, return NULL. */
-static BIGNUM *
-crypto_get_stored_dynamic_dh_modulus(const char *fname)
-{
- int retval;
- char *contents = NULL;
- const char *contents_tmp = NULL;
- int dh_codes;
- DH *stored_dh = NULL;
- BIGNUM *dynamic_dh_modulus = NULL;
- int length = 0;
- unsigned char *base64_decoded_dh = NULL;
- const unsigned char *cp = NULL;
-
- tor_assert(fname);
-
- contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
- if (!contents) {
- log_info(LD_CRYPTO, "Could not open file '%s'", fname);
- goto done; /*usually means that ENOENT. don't try to move file to broken.*/
- }
-
- /* skip the file header */
- contents_tmp = eat_whitespace(contents);
- if (!*contents_tmp) {
- log_warn(LD_CRYPTO, "Stored dynamic DH modulus file "
- "seems corrupted (eat_whitespace).");
- goto err;
- }
-
- /* 'fname' contains the DH parameters stored in base64-ed DER
- * format. We are only interested in the DH modulus.
- * NOTE: We allocate more storage here than we need. Since we're already
- * doing that, we can also add 1 byte extra to appease Coverity's
- * scanner. */
-
- cp = base64_decoded_dh = tor_malloc_zero(strlen(contents_tmp) + 1);
- length = base64_decode((char *)base64_decoded_dh, strlen(contents_tmp),
- contents_tmp, strlen(contents_tmp));
- if (length < 0) {
- log_warn(LD_CRYPTO, "Stored dynamic DH modulus seems corrupted (base64).");
- goto err;
- }
-
- stored_dh = d2i_DHparams(NULL, &cp, length);
- if ((!stored_dh) || (cp - base64_decoded_dh != length)) {
- log_warn(LD_CRYPTO, "Stored dynamic DH modulus seems corrupted (d2i).");
- goto err;
- }
-
- { /* check the cryptographic qualities of the stored dynamic DH modulus: */
- retval = DH_check(stored_dh, &dh_codes);
- if (!retval || dh_codes) {
- log_warn(LD_CRYPTO, "Stored dynamic DH modulus is not a safe prime.");
- goto err;
- }
-
- retval = DH_size(stored_dh);
- if (retval < DH_BYTES) {
- log_warn(LD_CRYPTO, "Stored dynamic DH modulus is smaller "
- "than '%d' bits.", DH_BYTES*8);
- goto err;
- }
-
- if (!BN_is_word(stored_dh->g, 2)) {
- log_warn(LD_CRYPTO, "Stored dynamic DH parameters do not use '2' "
- "as the group generator.");
- goto err;
- }
- }
-
- { /* log the dynamic DH modulus: */
- char *s = BN_bn2hex(stored_dh->p);
- tor_assert(s);
- log_info(LD_OR, "Found stored dynamic DH modulus: [%s]", s);
- OPENSSL_free(s);
- }
-
- goto done;
-
- err:
-
- {
- /* move broken prime to $filename.broken */
- char *fname_new=NULL;
- tor_asprintf(&fname_new, "%s.broken", fname);
-
- log_warn(LD_CRYPTO, "Moving broken dynamic DH prime to '%s'.", fname_new);
-
- if (replace_file(fname, fname_new))
- log_notice(LD_CRYPTO, "Error while moving '%s' to '%s'.",
- fname, fname_new);
-
- tor_free(fname_new);
- }
-
- if (stored_dh) {
- DH_free(stored_dh);
- stored_dh = NULL;
- }
-
- done:
- tor_free(contents);
- tor_free(base64_decoded_dh);
-
- if (stored_dh) {
- dynamic_dh_modulus = BN_dup(stored_dh->p);
- DH_free(stored_dh);
- }
-
- return dynamic_dh_modulus;
-}
-
-/** Set the global TLS Diffie-Hellman modulus.
- * If <b>dynamic_dh_modulus_fname</b> is set, try to read a dynamic DH modulus
- * off it and use it as the DH modulus. If that's not possible,
- * generate a new dynamic DH modulus.
- * If <b>dynamic_dh_modulus_fname</b> is NULL, use the Apache mod_ssl DH
+/** Set the global TLS Diffie-Hellman modulus. Use the Apache mod_ssl DH
* modulus. */
void
-crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname)
+crypto_set_tls_dh_prime(void)
{
BIGNUM *tls_prime = NULL;
- int store_dh_prime_afterwards = 0;
int r;
/* If the space is occupied, free the previous TLS DH prime */
@@ -2005,44 +1876,24 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname)
dh_param_p_tls = NULL;
}
- if (dynamic_dh_modulus_fname) { /* use dynamic DH modulus: */
- log_info(LD_OR, "Using stored dynamic DH modulus.");
- tls_prime = crypto_get_stored_dynamic_dh_modulus(dynamic_dh_modulus_fname);
-
- if (!tls_prime) {
- log_notice(LD_OR, "Generating fresh dynamic DH modulus. "
- "This might take a while...");
- tls_prime = crypto_generate_dynamic_dh_modulus();
+ tls_prime = BN_new();
+ tor_assert(tls_prime);
- store_dh_prime_afterwards++;
- }
- } else { /* use the static DH prime modulus used by Apache in mod_ssl: */
- tls_prime = BN_new();
- tor_assert(tls_prime);
-
- /* This is the 1024-bit safe prime that Apache uses for its DH stuff; see
- * modules/ssl/ssl_engine_dh.c; Apache also uses a generator of 2 with this
- * prime.
- */
- r =BN_hex2bn(&tls_prime,
- "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98"
- "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A"
- "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7"
- "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68"
- "B0E7393E0F24218EB3");
- tor_assert(r);
- }
+ /* This is the 1024-bit safe prime that Apache uses for its DH stuff; see
+ * modules/ssl/ssl_engine_dh.c; Apache also uses a generator of 2 with this
+ * prime.
+ */
+ r = BN_hex2bn(&tls_prime,
+ "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98"
+ "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A"
+ "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7"
+ "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68"
+ "B0E7393E0F24218EB3");
+ tor_assert(r);
tor_assert(tls_prime);
dh_param_p_tls = tls_prime;
-
- if (store_dh_prime_afterwards)
- /* save the new dynamic DH modulus to disk. */
- if (crypto_store_dynamic_dh_modulus(dynamic_dh_modulus_fname)) {
- log_notice(LD_CRYPTO, "Failed while storing dynamic DH modulus. "
- "Make sure your data directory is sane.");
- }
}
/** Initialize dh_param_p and dh_param_g if they are not already
@@ -2079,10 +1930,8 @@ init_dh_param(void)
dh_param_p = circuit_dh_prime;
dh_param_g = generator;
- /* Ensure that we have TLS DH parameters set up, too, even if we're
- going to change them soon. */
if (!dh_param_p_tls) {
- crypto_set_tls_dh_prime(NULL);
+ crypto_set_tls_dh_prime();
}
}
@@ -2134,6 +1983,8 @@ crypto_dh_t *
crypto_dh_dup(const crypto_dh_t *dh)
{
crypto_dh_t *dh_new = tor_malloc_zero(sizeof(crypto_dh_t));
+ tor_assert(dh);
+ tor_assert(dh->dh);
dh_new->dh = dh->dh;
DH_up_ref(dh->dh);
return dh_new;
@@ -2419,15 +2270,6 @@ crypto_dh_free(crypto_dh_t *dh)
* work for us too. */
#define ADD_ENTROPY 32
-/** True iff it's safe to use RAND_poll after setup.
- *
- * Versions of OpenSSL prior to 0.9.7k and 0.9.8c had a bug where RAND_poll
- * would allocate an fd_set on the stack, open a new file, and try to FD_SET
- * that fd without checking whether it fit in the fd_set. Thus, if the
- * system has not just been started up, it is unsafe to call */
-#define RAND_POLL_IS_SAFE \
- (OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,8,'c'))
-
/** Set the seed of the weak RNG to a random value. */
void
crypto_seed_weak_rng(tor_weak_rng_t *rng)
@@ -2497,7 +2339,7 @@ crypto_strongest_rand(uint8_t *out, size_t out_len)
* have not yet allocated a bunch of fds. Return 0 on success, -1 on failure.
*/
int
-crypto_seed_rng(int startup)
+crypto_seed_rng(void)
{
int rand_poll_ok = 0, load_entropy_ok = 0;
uint8_t buf[ADD_ENTROPY];
@@ -2505,11 +2347,9 @@ crypto_seed_rng(int startup)
/* OpenSSL has a RAND_poll function that knows about more kinds of
* entropy than we do. We'll try calling that, *and* calling our own entropy
* functions. If one succeeds, we'll accept the RNG as seeded. */
- if (startup || RAND_POLL_IS_SAFE) {
- rand_poll_ok = RAND_poll();
- if (rand_poll_ok == 0)
- log_warn(LD_CRYPTO, "RAND_poll() failed.");
- }
+ rand_poll_ok = RAND_poll();
+ if (rand_poll_ok == 0)
+ log_warn(LD_CRYPTO, "RAND_poll() failed.");
load_entropy_ok = !crypto_strongest_rand(buf, sizeof(buf));
if (load_entropy_ok) {
@@ -2525,11 +2365,20 @@ crypto_seed_rng(int startup)
}
/** Write <b>n</b> bytes of strong random data to <b>to</b>. Return 0 on
- * success, -1 on failure.
+ * success, -1 on failure, with support for mocking for unit tests.
*/
MOCK_IMPL(int,
crypto_rand, (char *to, size_t n))
{
+ return crypto_rand_unmocked(to, n);
+}
+
+/** Write <b>n</b> bytes of strong random data to <b>to</b>. Return 0 on
+ * success, -1 on failure. Most callers will want crypto_rand instead.
+ */
+int
+crypto_rand_unmocked(char *to, size_t n)
+{
int r;
tor_assert(n < INT_MAX);
tor_assert(to);
@@ -2562,8 +2411,41 @@ crypto_rand_int(unsigned int max)
}
}
+/** Return a pseudorandom integer, chosen uniformly from the values <i>i</i>
+ * such that <b>min</b> &lt;= <i>i</i> &lt <b>max</b>.
+ *
+ * <b>min</b> MUST be in range [0, <b>max</b>).
+ * <b>max</b> MUST be in range (min, INT_MAX].
+ */
+int
+crypto_rand_int_range(unsigned int min, unsigned int max)
+{
+ tor_assert(min < max);
+ tor_assert(max <= INT_MAX);
+
+ /* The overflow is avoided here because crypto_rand_int() returns a value
+ * between 0 and (max - min) inclusive. */
+ return min + crypto_rand_int(max - min);
+}
+
+/** As crypto_rand_int_range, but supports uint64_t. */
+uint64_t
+crypto_rand_uint64_range(uint64_t min, uint64_t max)
+{
+ tor_assert(min < max);
+ return min + crypto_rand_uint64(max - min);
+}
+
+/** As crypto_rand_int_range, but supports time_t. */
+time_t
+crypto_rand_time_range(time_t min, time_t max)
+{
+ tor_assert(min < max);
+ return min + (time_t)crypto_rand_uint64(max - min);
+}
+
/** Return a pseudorandom 64-bit integer, chosen uniformly from the values
- * between 0 and <b>max</b>-1. */
+ * between 0 and <b>max</b>-1 inclusive. */
uint64_t
crypto_rand_uint64(uint64_t max)
{
@@ -2624,7 +2506,7 @@ crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix,
if (min_rand_len > max_rand_len)
min_rand_len = max_rand_len;
- randlen = min_rand_len + crypto_rand_int(max_rand_len - min_rand_len + 1);
+ randlen = crypto_rand_int_range(min_rand_len, max_rand_len+1);
prefixlen = strlen(prefix);
resultlen = prefixlen + strlen(suffix) + randlen + 16;
@@ -2671,344 +2553,6 @@ smartlist_shuffle(smartlist_t *sl)
}
}
-/** Base64 encode <b>srclen</b> bytes of data from <b>src</b>. Write
- * the result into <b>dest</b>, if it will fit within <b>destlen</b>
- * bytes. Return the number of bytes written on success; -1 if
- * destlen is too short, or other failure.
- */
-int
-base64_encode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
- /* FFFF we might want to rewrite this along the lines of base64_decode, if
- * it ever shows up in the profile. */
- EVP_ENCODE_CTX ctx;
- int len, ret;
- tor_assert(srclen < INT_MAX);
-
- /* 48 bytes of input -> 64 bytes of output plus newline.
- Plus one more byte, in case I'm wrong.
- */
- if (destlen < ((srclen/48)+1)*66)
- return -1;
- if (destlen > SIZE_T_CEILING)
- return -1;
-
- EVP_EncodeInit(&ctx);
- EVP_EncodeUpdate(&ctx, (unsigned char*)dest, &len,
- (unsigned char*)src, (int)srclen);
- EVP_EncodeFinal(&ctx, (unsigned char*)(dest+len), &ret);
- ret += len;
- return ret;
-}
-
-/** @{ */
-/** Special values used for the base64_decode_table */
-#define X 255
-#define SP 64
-#define PAD 65
-/** @} */
-/** Internal table mapping byte values to what they represent in base64.
- * Numbers 0..63 are 6-bit integers. SPs are spaces, and should be
- * skipped. Xs are invalid and must not appear in base64. PAD indicates
- * end-of-string. */
-static const uint8_t base64_decode_table[256] = {
- X, X, X, X, X, X, X, X, X, SP, SP, SP, X, SP, X, X, /* */
- X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
- SP, X, X, X, X, X, X, X, X, X, X, 62, X, X, X, 63,
- 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, X, X, X, PAD, X, X,
- X, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
- 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, X, X, X, X, X,
- X, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
- 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, X, X, X, X, X,
- X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
- X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
- X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
- X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
- X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
- X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
- X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
- X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
-};
-
-/** Base64 decode <b>srclen</b> bytes of data from <b>src</b>. Write
- * the result into <b>dest</b>, if it will fit within <b>destlen</b>
- * bytes. Return the number of bytes written on success; -1 if
- * destlen is too short, or other failure.
- *
- * NOTE 1: destlen is checked conservatively, as though srclen contained no
- * spaces or padding.
- *
- * NOTE 2: This implementation does not check for the correct number of
- * padding "=" characters at the end of the string, and does not check
- * for internal padding characters.
- */
-int
-base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
-#ifdef USE_OPENSSL_BASE64
- EVP_ENCODE_CTX ctx;
- int len, ret;
- /* 64 bytes of input -> *up to* 48 bytes of output.
- Plus one more byte, in case I'm wrong.
- */
- if (destlen < ((srclen/64)+1)*49)
- return -1;
- if (destlen > SIZE_T_CEILING)
- return -1;
-
- memset(dest, 0, destlen);
-
- EVP_DecodeInit(&ctx);
- EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len,
- (unsigned char*)src, srclen);
- EVP_DecodeFinal(&ctx, (unsigned char*)dest, &ret);
- ret += len;
- return ret;
-#else
- const char *eos = src+srclen;
- uint32_t n=0;
- int n_idx=0;
- char *dest_orig = dest;
-
- /* Max number of bits == srclen*6.
- * Number of bytes required to hold all bits == (srclen*6)/8.
- * Yes, we want to round down: anything that hangs over the end of a
- * byte is padding. */
- if (destlen < (srclen*3)/4)
- return -1;
- if (destlen > SIZE_T_CEILING)
- return -1;
-
- memset(dest, 0, destlen);
-
- /* Iterate over all the bytes in src. Each one will add 0 or 6 bits to the
- * value we're decoding. Accumulate bits in <b>n</b>, and whenever we have
- * 24 bits, batch them into 3 bytes and flush those bytes to dest.
- */
- for ( ; src < eos; ++src) {
- unsigned char c = (unsigned char) *src;
- uint8_t v = base64_decode_table[c];
- switch (v) {
- case X:
- /* This character isn't allowed in base64. */
- return -1;
- case SP:
- /* This character is whitespace, and has no effect. */
- continue;
- case PAD:
- /* We've hit an = character: the data is over. */
- goto end_of_loop;
- default:
- /* We have an actual 6-bit value. Append it to the bits in n. */
- n = (n<<6) | v;
- if ((++n_idx) == 4) {
- /* We've accumulated 24 bits in n. Flush them. */
- *dest++ = (n>>16);
- *dest++ = (n>>8) & 0xff;
- *dest++ = (n) & 0xff;
- n_idx = 0;
- n = 0;
- }
- }
- }
- end_of_loop:
- /* If we have leftover bits, we need to cope. */
- switch (n_idx) {
- case 0:
- default:
- /* No leftover bits. We win. */
- break;
- case 1:
- /* 6 leftover bits. That's invalid; we can't form a byte out of that. */
- return -1;
- case 2:
- /* 12 leftover bits: The last 4 are padding and the first 8 are data. */
- *dest++ = n >> 4;
- break;
- case 3:
- /* 18 leftover bits: The last 2 are padding and the first 16 are data. */
- *dest++ = n >> 10;
- *dest++ = n >> 2;
- }
-
- tor_assert((dest-dest_orig) <= (ssize_t)destlen);
- tor_assert((dest-dest_orig) <= INT_MAX);
-
- return (int)(dest-dest_orig);
-#endif
-}
-#undef X
-#undef SP
-#undef PAD
-
-/** Base64 encode DIGEST_LINE bytes from <b>digest</b>, remove the trailing =
- * and newline characters, and store the nul-terminated result in the first
- * BASE64_DIGEST_LEN+1 bytes of <b>d64</b>. */
-int
-digest_to_base64(char *d64, const char *digest)
-{
- char buf[256];
- base64_encode(buf, sizeof(buf), digest, DIGEST_LEN);
- buf[BASE64_DIGEST_LEN] = '\0';
- memcpy(d64, buf, BASE64_DIGEST_LEN+1);
- return 0;
-}
-
-/** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
- * trailing newline or = characters), decode it and store the result in the
- * first DIGEST_LEN bytes at <b>digest</b>. */
-int
-digest_from_base64(char *digest, const char *d64)
-{
-#ifdef USE_OPENSSL_BASE64
- char buf_in[BASE64_DIGEST_LEN+3];
- char buf[256];
- if (strlen(d64) != BASE64_DIGEST_LEN)
- return -1;
- memcpy(buf_in, d64, BASE64_DIGEST_LEN);
- memcpy(buf_in+BASE64_DIGEST_LEN, "=\n\0", 3);
- if (base64_decode(buf, sizeof(buf), buf_in, strlen(buf_in)) != DIGEST_LEN)
- return -1;
- memcpy(digest, buf, DIGEST_LEN);
- return 0;
-#else
- if (base64_decode(digest, DIGEST_LEN, d64, strlen(d64)) == DIGEST_LEN)
- return 0;
- else
- return -1;
-#endif
-}
-
-/** Base64 encode DIGEST256_LINE bytes from <b>digest</b>, remove the
- * trailing = and newline characters, and store the nul-terminated result in
- * the first BASE64_DIGEST256_LEN+1 bytes of <b>d64</b>. */
-int
-digest256_to_base64(char *d64, const char *digest)
-{
- char buf[256];
- base64_encode(buf, sizeof(buf), digest, DIGEST256_LEN);
- buf[BASE64_DIGEST256_LEN] = '\0';
- memcpy(d64, buf, BASE64_DIGEST256_LEN+1);
- return 0;
-}
-
-/** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
- * trailing newline or = characters), decode it and store the result in the
- * first DIGEST256_LEN bytes at <b>digest</b>. */
-int
-digest256_from_base64(char *digest, const char *d64)
-{
-#ifdef USE_OPENSSL_BASE64
- char buf_in[BASE64_DIGEST256_LEN+3];
- char buf[256];
- if (strlen(d64) != BASE64_DIGEST256_LEN)
- return -1;
- memcpy(buf_in, d64, BASE64_DIGEST256_LEN);
- memcpy(buf_in+BASE64_DIGEST256_LEN, "=\n\0", 3);
- if (base64_decode(buf, sizeof(buf), buf_in, strlen(buf_in)) != DIGEST256_LEN)
- return -1;
- memcpy(digest, buf, DIGEST256_LEN);
- return 0;
-#else
- if (base64_decode(digest, DIGEST256_LEN, d64, strlen(d64)) == DIGEST256_LEN)
- return 0;
- else
- return -1;
-#endif
-}
-
-/** Implements base32 encoding as in RFC 4648. Limitation: Requires
- * that srclen*8 is a multiple of 5.
- */
-void
-base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
- unsigned int i, v, u;
- size_t nbits = srclen * 8, bit;
-
- tor_assert(srclen < SIZE_T_CEILING/8);
- tor_assert((nbits%5) == 0); /* We need an even multiple of 5 bits. */
- tor_assert((nbits/5)+1 <= destlen); /* We need enough space. */
- tor_assert(destlen < SIZE_T_CEILING);
-
- for (i=0,bit=0; bit < nbits; ++i, bit+=5) {
- /* set v to the 16-bit value starting at src[bits/8], 0-padded. */
- v = ((uint8_t)src[bit/8]) << 8;
- if (bit+5<nbits) v += (uint8_t)src[(bit/8)+1];
- /* set u to the 5-bit value at the bit'th bit of src. */
- u = (v >> (11-(bit%8))) & 0x1F;
- dest[i] = BASE32_CHARS[u];
- }
- dest[i] = '\0';
-}
-
-/** Implements base32 decoding as in RFC 4648. Limitation: Requires
- * that srclen*5 is a multiple of 8. Returns 0 if successful, -1 otherwise.
- */
-int
-base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
- /* XXXX we might want to rewrite this along the lines of base64_decode, if
- * it ever shows up in the profile. */
- unsigned int i;
- size_t nbits, j, bit;
- char *tmp;
- nbits = srclen * 5;
-
- tor_assert(srclen < SIZE_T_CEILING / 5);
- tor_assert((nbits%8) == 0); /* We need an even multiple of 8 bits. */
- tor_assert((nbits/8) <= destlen); /* We need enough space. */
- tor_assert(destlen < SIZE_T_CEILING);
-
- memset(dest, 0, destlen);
-
- /* Convert base32 encoded chars to the 5-bit values that they represent. */
- tmp = tor_malloc_zero(srclen);
- for (j = 0; j < srclen; ++j) {
- if (src[j] > 0x60 && src[j] < 0x7B) tmp[j] = src[j] - 0x61;
- else if (src[j] > 0x31 && src[j] < 0x38) tmp[j] = src[j] - 0x18;
- else if (src[j] > 0x40 && src[j] < 0x5B) tmp[j] = src[j] - 0x41;
- else {
- log_warn(LD_BUG, "illegal character in base32 encoded string");
- tor_free(tmp);
- return -1;
- }
- }
-
- /* Assemble result byte-wise by applying five possible cases. */
- for (i = 0, bit = 0; bit < nbits; ++i, bit += 8) {
- switch (bit % 40) {
- case 0:
- dest[i] = (((uint8_t)tmp[(bit/5)]) << 3) +
- (((uint8_t)tmp[(bit/5)+1]) >> 2);
- break;
- case 8:
- dest[i] = (((uint8_t)tmp[(bit/5)]) << 6) +
- (((uint8_t)tmp[(bit/5)+1]) << 1) +
- (((uint8_t)tmp[(bit/5)+2]) >> 4);
- break;
- case 16:
- dest[i] = (((uint8_t)tmp[(bit/5)]) << 4) +
- (((uint8_t)tmp[(bit/5)+1]) >> 1);
- break;
- case 24:
- dest[i] = (((uint8_t)tmp[(bit/5)]) << 7) +
- (((uint8_t)tmp[(bit/5)+1]) << 2) +
- (((uint8_t)tmp[(bit/5)+2]) >> 3);
- break;
- case 32:
- dest[i] = (((uint8_t)tmp[(bit/5)]) << 5) +
- ((uint8_t)tmp[(bit/5)+1]);
- break;
- }
- }
-
- memwipe(tmp, 0, srclen);
- tor_free(tmp);
- tmp = NULL;
- return 0;
-}
-
/**
* Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to
* the value <b>byte</b>.
@@ -3129,13 +2673,11 @@ openssl_dynlock_destroy_cb_(struct CRYPTO_dynlock_value *v,
tor_free(v);
}
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
static void
tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
{
CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
}
-#endif
/** @{ */
/** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being
@@ -3150,11 +2692,7 @@ setup_openssl_threading(void)
for (i=0; i < n; ++i)
openssl_mutexes_[i] = tor_mutex_new();
CRYPTO_set_locking_callback(openssl_locking_cb_);
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
- CRYPTO_set_id_callback(tor_get_thread_id);
-#else
CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id);
-#endif
CRYPTO_set_dynlock_create_callback(openssl_dynlock_create_cb_);
CRYPTO_set_dynlock_lock_callback(openssl_dynlock_lock_cb_);
CRYPTO_set_dynlock_destroy_callback(openssl_dynlock_destroy_cb_);
@@ -3167,7 +2705,11 @@ int
crypto_global_cleanup(void)
{
EVP_cleanup();
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ ERR_remove_thread_state(NULL);
+#else
ERR_remove_state(0);
+#endif
ERR_free_strings();
if (dh_param_p)
diff --git a/src/common/crypto.h b/src/common/crypto.h
index d305bc17a0..6256f7346b 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -122,8 +122,7 @@ int crypto_global_cleanup(void);
crypto_pk_t *crypto_pk_new(void);
void crypto_pk_free(crypto_pk_t *env);
-void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname);
-
+void crypto_set_tls_dh_prime(void);
crypto_cipher_t *crypto_cipher_new(const char *key);
crypto_cipher_t *crypto_cipher_new_with_iv(const char *key, const char *iv);
void crypto_cipher_free(crypto_cipher_t *env);
@@ -147,9 +146,9 @@ int crypto_pk_write_private_key_to_filename(crypto_pk_t *env,
const char *fname);
int crypto_pk_check_key(crypto_pk_t *env);
-int crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b);
-int crypto_pk_eq_keys(crypto_pk_t *a, crypto_pk_t *b);
-size_t crypto_pk_keysize(crypto_pk_t *env);
+int crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_pk_t *b);
+int crypto_pk_eq_keys(const crypto_pk_t *a, const crypto_pk_t *b);
+size_t crypto_pk_keysize(const crypto_pk_t *env);
int crypto_pk_num_bits(crypto_pk_t *env);
crypto_pk_t *crypto_pk_dup_key(crypto_pk_t *orig);
crypto_pk_t *crypto_pk_copy_full(crypto_pk_t *orig);
@@ -161,11 +160,11 @@ int crypto_pk_public_encrypt(crypto_pk_t *env, char *to, size_t tolen,
int crypto_pk_private_decrypt(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen,
int padding, int warnOnFailure);
-int crypto_pk_public_checksig(crypto_pk_t *env, char *to, size_t tolen,
+int crypto_pk_public_checksig(const crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_pk_public_checksig_digest(crypto_pk_t *env, const char *data,
size_t datalen, const char *sig, size_t siglen);
-int crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
+int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
@@ -185,6 +184,9 @@ int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out);
int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);
+int crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out);
+crypto_pk_t *crypto_pk_base64_decode(const char *str, size_t len);
+
/* symmetric crypto */
const char *crypto_cipher_get_key(crypto_cipher_t *env);
@@ -207,6 +209,11 @@ int crypto_digest256(char *digest, const char *m, size_t len,
digest_algorithm_t algorithm);
int crypto_digest_all(digests_t *ds_out, const char *m, size_t len);
struct smartlist_t;
+void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
+ const char *prepend,
+ const struct smartlist_t *lst,
+ const char *append,
+ digest_algorithm_t alg);
void crypto_digest_smartlist(char *digest_out, size_t len_out,
const struct smartlist_t *lst, const char *append,
digest_algorithm_t alg);
@@ -251,10 +258,14 @@ int crypto_expand_key_material_rfc5869_sha256(
uint8_t *key_out, size_t key_out_len);
/* random numbers */
-int crypto_seed_rng(int startup);
+int crypto_seed_rng(void);
MOCK_DECL(int,crypto_rand,(char *to, size_t n));
+int crypto_rand_unmocked(char *to, size_t n);
int crypto_strongest_rand(uint8_t *out, size_t out_len);
int crypto_rand_int(unsigned int max);
+int crypto_rand_int_range(unsigned int min, unsigned int max);
+uint64_t crypto_rand_uint64_range(uint64_t min, uint64_t max);
+time_t crypto_rand_time_range(time_t min, time_t max);
uint64_t crypto_rand_uint64(uint64_t max);
double crypto_rand_double(void);
struct tor_weak_rng_t;
@@ -268,18 +279,6 @@ struct smartlist_t;
void *smartlist_choose(const struct smartlist_t *sl);
void smartlist_shuffle(struct smartlist_t *sl);
-int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen);
-int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen);
-/** Characters that can appear (case-insensitively) in a base32 encoding. */
-#define BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567"
-void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen);
-int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen);
-
-int digest_to_base64(char *d64, const char *digest);
-int digest_from_base64(char *digest, const char *d64);
-int digest256_to_base64(char *d64, const char *digest);
-int digest256_from_base64(char *digest, const char *d64);
-
/** OpenSSL-based utility functions. */
void memwipe(void *mem, uint8_t byte, size_t sz);
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index 5bb14b0d95..ac0b08a552 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -11,9 +11,12 @@
#include "container.h"
#include "crypto.h"
#include "crypto_curve25519.h"
+#include "crypto_format.h"
#include "util.h"
#include "torlog.h"
+#include "ed25519/donna/ed25519_donna_tor.h"
+
/* ==============================
Part 1: wrap a suitable curve25519 implementation as curve25519_impl
============================== */
@@ -30,6 +33,10 @@ int curve25519_donna(uint8_t *mypublic,
#endif
#endif
+static void pick_curve25519_basepoint_impl(void);
+
+static int curve25519_use_ed = -1;
+
STATIC int
curve25519_impl(uint8_t *output, const uint8_t *secret,
const uint8_t *basepoint)
@@ -50,6 +57,34 @@ curve25519_impl(uint8_t *output, const uint8_t *secret,
return r;
}
+STATIC int
+curve25519_basepoint_impl(uint8_t *output, const uint8_t *secret)
+{
+ int r = 0;
+ if (PREDICT_UNLIKELY(curve25519_use_ed == -1)) {
+ pick_curve25519_basepoint_impl();
+ }
+
+ /* TODO: Someone should benchmark curved25519_scalarmult_basepoint versus
+ * an optimized NaCl build to see which should be used when compiled with
+ * NaCl available. I suspected that the ed25519 optimization always wins.
+ */
+ if (PREDICT_LIKELY(curve25519_use_ed == 1)) {
+ curved25519_scalarmult_basepoint_donna(output, secret);
+ r = 0;
+ } else {
+ static const uint8_t basepoint[32] = {9};
+ r = curve25519_impl(output, secret, basepoint);
+ }
+ return r;
+}
+
+void
+curve25519_set_impl_params(int use_ed)
+{
+ curve25519_use_ed = use_ed;
+}
+
/* ==============================
Part 2: Wrap curve25519_impl with some convenience types and functions.
============================== */
@@ -113,9 +148,7 @@ void
curve25519_public_key_generate(curve25519_public_key_t *key_out,
const curve25519_secret_key_t *seckey)
{
- static const uint8_t basepoint[32] = {9};
-
- curve25519_impl(key_out->public_key, seckey->secret_key, basepoint);
+ curve25519_basepoint_impl(key_out->public_key, seckey->secret_key);
}
int
@@ -128,95 +161,6 @@ curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
return 0;
}
-/** Write the <b>datalen</b> bytes from <b>data</b> to the file named
- * <b>fname</b> in the tagged-data format. This format contains a
- * 32-byte header, followed by the data itself. The header is the
- * NUL-padded string "== <b>typestring</b>: <b>tag</b> ==". The length
- * of <b>typestring</b> and <b>tag</b> must therefore be no more than
- * 24.
- **/
-int
-crypto_write_tagged_contents_to_file(const char *fname,
- const char *typestring,
- const char *tag,
- const uint8_t *data,
- size_t datalen)
-{
- char header[32];
- smartlist_t *chunks = smartlist_new();
- sized_chunk_t ch0, ch1;
- int r = -1;
-
- memset(header, 0, sizeof(header));
- if (tor_snprintf(header, sizeof(header),
- "== %s: %s ==", typestring, tag) < 0)
- goto end;
- ch0.bytes = header;
- ch0.len = 32;
- ch1.bytes = (const char*) data;
- ch1.len = datalen;
- smartlist_add(chunks, &ch0);
- smartlist_add(chunks, &ch1);
-
- r = write_chunks_to_file(fname, chunks, 1, 0);
-
- end:
- smartlist_free(chunks);
- return r;
-}
-
-/** Read a tagged-data file from <b>fname</b> into the
- * <b>data_out_len</b>-byte buffer in <b>data_out</b>. Check that the
- * typestring matches <b>typestring</b>; store the tag into a newly allocated
- * string in <b>tag_out</b>. Return -1 on failure, and the number of bytes of
- * data on success. */
-ssize_t
-crypto_read_tagged_contents_from_file(const char *fname,
- const char *typestring,
- char **tag_out,
- uint8_t *data_out,
- ssize_t data_out_len)
-{
- char prefix[33];
- char *content = NULL;
- struct stat st;
- ssize_t r = -1;
- size_t st_size = 0;
-
- *tag_out = NULL;
- st.st_size = 0;
- content = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
- if (! content)
- goto end;
- if (st.st_size < 32 || st.st_size > 32 + data_out_len)
- goto end;
- st_size = (size_t)st.st_size;
-
- memcpy(prefix, content, 32);
- prefix[32] = 0;
- /* Check type, extract tag. */
- if (strcmpstart(prefix, "== ") || strcmpend(prefix, " ==") ||
- ! tor_mem_is_zero(prefix+strlen(prefix), 32-strlen(prefix)))
- goto end;
-
- if (strcmpstart(prefix+3, typestring) ||
- 3+strlen(typestring) >= 32 ||
- strcmpstart(prefix+3+strlen(typestring), ": "))
- goto end;
-
- *tag_out = tor_strndup(prefix+5+strlen(typestring),
- strlen(prefix)-8-strlen(typestring));
-
- memcpy(data_out, content+32, st_size-32);
- r = st_size - 32;
-
- end:
- if (content)
- memwipe(content, 0, st_size);
- tor_free(content);
- return r;
-}
-
/** DOCDOC */
int
curve25519_keypair_write_to_file(const curve25519_keypair_t *keypair,
@@ -283,3 +227,84 @@ curve25519_handshake(uint8_t *output,
curve25519_impl(output, skey->secret_key, pkey->public_key);
}
+/** Check whether the ed25519-based curve25519 basepoint optimization seems to
+ * be working. If so, return 0; otherwise return -1. */
+static int
+curve25519_basepoint_spot_check(void)
+{
+ static const uint8_t alicesk[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d,
+ 0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45,
+ 0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a,
+ 0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+ };
+ static const uint8_t alicepk[32] = {
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54,
+ 0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a,
+ 0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4,
+ 0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
+ };
+ const int loop_max=200;
+ int save_use_ed = curve25519_use_ed;
+ unsigned char e1[32] = { 5 };
+ unsigned char e2[32] = { 5 };
+ unsigned char x[32],y[32];
+ int i;
+ int r=0;
+
+ /* Check the most basic possible sanity via the test secret/public key pair
+ * used in "Cryptography in NaCl - 2. Secret keys and public keys". This
+ * may catch catastrophic failures on systems where Curve25519 is expensive,
+ * without requiring a ton of key generation.
+ */
+ curve25519_use_ed = 1;
+ r |= curve25519_basepoint_impl(x, alicesk);
+ if (fast_memneq(x, alicepk, 32))
+ goto fail;
+
+ /* Ok, the optimization appears to produce passable results, try a few more
+ * values, maybe there's something subtle wrong.
+ */
+ for (i = 0; i < loop_max; ++i) {
+ curve25519_use_ed = 0;
+ r |= curve25519_basepoint_impl(x, e1);
+ curve25519_use_ed = 1;
+ r |= curve25519_basepoint_impl(y, e2);
+ if (fast_memneq(x,y,32))
+ goto fail;
+ memcpy(e1, x, 32);
+ memcpy(e2, x, 32);
+ }
+
+ goto end;
+ fail:
+ r = -1;
+ end:
+ curve25519_use_ed = save_use_ed;
+ return r;
+}
+
+/** Choose whether to use the ed25519-based curve25519-basepoint
+ * implementation. */
+static void
+pick_curve25519_basepoint_impl(void)
+{
+ curve25519_use_ed = 1;
+
+ if (curve25519_basepoint_spot_check() == 0)
+ return;
+
+ log_warn(LD_CRYPTO, "The ed25519-based curve25519 basepoint "
+ "multiplication seems broken; using the curve25519 "
+ "implementation.");
+ curve25519_use_ed = 0;
+}
+
+/** Initialize the curve25519 implementations. This is necessary if you're
+ * going to use them in a multithreaded setting, and not otherwise. */
+void
+curve25519_init(void)
+{
+ pick_curve25519_basepoint_impl();
+}
+
diff --git a/src/common/crypto_curve25519.h b/src/common/crypto_curve25519.h
index 48e8a6d962..d868b3918b 100644
--- a/src/common/crypto_curve25519.h
+++ b/src/common/crypto_curve25519.h
@@ -61,6 +61,8 @@ int curve25519_rand_seckey_bytes(uint8_t *out, int extra_strong);
#ifdef CRYPTO_CURVE25519_PRIVATE
STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
const uint8_t *basepoint);
+
+STATIC int curve25519_basepoint_impl(uint8_t *output, const uint8_t *secret);
#endif
#define CURVE25519_BASE64_PADDED_LEN 44
@@ -70,17 +72,8 @@ int curve25519_public_from_base64(curve25519_public_key_t *pkey,
int curve25519_public_to_base64(char *output,
const curve25519_public_key_t *pkey);
-int crypto_write_tagged_contents_to_file(const char *fname,
- const char *typestring,
- const char *tag,
- const uint8_t *data,
- size_t datalen);
-
-ssize_t crypto_read_tagged_contents_from_file(const char *fname,
- const char *typestring,
- char **tag_out,
- uint8_t *data_out,
- ssize_t data_out_len);
+void curve25519_set_impl_params(int use_ed);
+void curve25519_init(void);
#endif
diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
index f2e6945ac8..1749efc34c 100644
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -12,13 +12,90 @@
#include "crypto_curve25519.h"
#include "crypto_ed25519.h"
+#include "crypto_format.h"
#include "torlog.h"
#include "util.h"
#include "ed25519/ref10/ed25519_ref10.h"
+#include "ed25519/donna/ed25519_donna_tor.h"
#include <openssl/sha.h>
+static void pick_ed25519_impl(void);
+static int ed25519_impl_spot_check(void);
+
+/** An Ed25519 implementation */
+typedef struct {
+ int (*selftest)(void);
+
+ int (*seckey)(unsigned char *);
+ int (*seckey_expand)(unsigned char *, const unsigned char *);
+ int (*pubkey)(unsigned char *, const unsigned char *);
+ int (*keygen)(unsigned char *, unsigned char *);
+
+ int (*open)(const unsigned char *, const unsigned char *, size_t, const
+ unsigned char *);
+ int (*sign)(unsigned char *, const unsigned char *, size_t,
+ const unsigned char *, const unsigned char *);
+ int (*open_batch)(const unsigned char **, size_t *, const unsigned char **,
+ const unsigned char **, size_t, int *);
+
+ int (*blind_secret_key)(unsigned char *, const unsigned char *,
+ const unsigned char *);
+ int (*blind_public_key)(unsigned char *, const unsigned char *,
+ const unsigned char *);
+
+ int (*pubkey_from_curve25519_pubkey)(unsigned char *, const unsigned char *,
+ int);
+} ed25519_impl_t;
+
+static const ed25519_impl_t impl_ref10 = {
+ NULL,
+
+ ed25519_ref10_seckey,
+ ed25519_ref10_seckey_expand,
+ ed25519_ref10_pubkey,
+ ed25519_ref10_keygen,
+
+ ed25519_ref10_open,
+ ed25519_ref10_sign,
+ NULL,
+
+ ed25519_ref10_blind_secret_key,
+ ed25519_ref10_blind_public_key,
+
+ ed25519_ref10_pubkey_from_curve25519_pubkey,
+};
+
+static const ed25519_impl_t impl_donna = {
+ ed25519_donna_selftest,
+
+ ed25519_donna_seckey,
+ ed25519_donna_seckey_expand,
+ ed25519_donna_pubkey,
+ ed25519_donna_keygen,
+
+ ed25519_donna_open,
+ ed25519_donna_sign,
+ ed25519_sign_open_batch_donna,
+
+ ed25519_donna_blind_secret_key,
+ ed25519_donna_blind_public_key,
+
+ ed25519_donna_pubkey_from_curve25519_pubkey,
+};
+
+static const ed25519_impl_t *ed25519_impl = NULL;
+
+static inline const ed25519_impl_t *
+get_ed_impl(void)
+{
+ if (PREDICT_UNLIKELY(ed25519_impl == NULL)) {
+ pick_ed25519_impl();
+ }
+ return ed25519_impl;
+}
+
/**
* Initialize a new ed25519 secret key in <b>seckey_out</b>. If
* <b>extra_strong</b>, take the RNG inputs directly from the operating
@@ -33,7 +110,7 @@ ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
if (! extra_strong || crypto_strongest_rand(seed, sizeof(seed)) < 0)
crypto_rand((char*)seed, sizeof(seed));
- r = ed25519_ref10_seckey_expand(seckey_out->seckey, seed);
+ r = get_ed_impl()->seckey_expand(seckey_out->seckey, seed);
memwipe(seed, 0, sizeof(seed));
return r < 0 ? -1 : 0;
@@ -47,8 +124,8 @@ int
ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
const uint8_t *seed)
{
- if (ed25519_ref10_seckey_expand(seckey_out->seckey, seed) < 0)
- return -1;
+ if (get_ed_impl()->seckey_expand(seckey_out->seckey, seed) < 0)
+ return -1;
return 0;
}
@@ -60,7 +137,7 @@ int
ed25519_public_key_generate(ed25519_public_key_t *pubkey_out,
const ed25519_secret_key_t *seckey)
{
- if (ed25519_ref10_pubkey(pubkey_out->pubkey, seckey->seckey) < 0)
+ if (get_ed_impl()->pubkey(pubkey_out->pubkey, seckey->seckey) < 0)
return -1;
return 0;
}
@@ -88,10 +165,9 @@ ed25519_sign(ed25519_signature_t *signature_out,
const uint8_t *msg, size_t len,
const ed25519_keypair_t *keypair)
{
-
- if (ed25519_ref10_sign(signature_out->sig, msg, len,
- keypair->seckey.seckey,
- keypair->pubkey.pubkey) < 0) {
+ if (get_ed_impl()->sign(signature_out->sig, msg, len,
+ keypair->seckey.seckey,
+ keypair->pubkey.pubkey) < 0) {
return -1;
}
@@ -110,7 +186,7 @@ ed25519_checksig(const ed25519_signature_t *signature,
const ed25519_public_key_t *pubkey)
{
return
- ed25519_ref10_open(signature->sig, msg, len, pubkey->pubkey) < 0 ? -1 : 0;
+ get_ed_impl()->open(signature->sig, msg, len, pubkey->pubkey) < 0 ? -1 : 0;
}
/** Validate every signature among those in <b>checkable</b>, which contains
@@ -125,56 +201,70 @@ ed25519_checksig_batch(int *okay_out,
const ed25519_checkable_t *checkable,
int n_checkable)
{
- int res, i;
-
- res = 0;
- for (i = 0; i < n_checkable; ++i) {
- const ed25519_checkable_t *ch = &checkable[i];
- int r = ed25519_checksig(&ch->signature, ch->msg, ch->len, ch->pubkey);
- if (r < 0)
- --res;
- if (okay_out)
- okay_out[i] = (r == 0);
+ int i, res;
+ const ed25519_impl_t *impl = get_ed_impl();
+
+ if (impl->open_batch == NULL) {
+ /* No batch verification implementation available, fake it by checking the
+ * each signature individually.
+ */
+ res = 0;
+ for (i = 0; i < n_checkable; ++i) {
+ const ed25519_checkable_t *ch = &checkable[i];
+ int r = ed25519_checksig(&ch->signature, ch->msg, ch->len, ch->pubkey);
+ if (r < 0)
+ --res;
+ if (okay_out)
+ okay_out[i] = (r == 0);
+ }
+ } else {
+ /* ed25519-donna style batch verification available.
+ *
+ * Theoretically, this should only be called if n_checkable >= 3, since
+ * that's the threshold where the batch verification actually kicks in,
+ * but the only difference is a few mallocs/frees.
+ */
+ const uint8_t **ms;
+ size_t *lens;
+ const uint8_t **pks;
+ const uint8_t **sigs;
+ int *oks;
+ int all_ok;
+
+ ms = tor_malloc(sizeof(uint8_t*)*n_checkable);
+ lens = tor_malloc(sizeof(size_t)*n_checkable);
+ pks = tor_malloc(sizeof(uint8_t*)*n_checkable);
+ sigs = tor_malloc(sizeof(uint8_t*)*n_checkable);
+ oks = okay_out ? okay_out : tor_malloc(sizeof(int)*n_checkable);
+
+ for (i = 0; i < n_checkable; ++i) {
+ ms[i] = checkable[i].msg;
+ lens[i] = checkable[i].len;
+ pks[i] = checkable[i].pubkey->pubkey;
+ sigs[i] = checkable[i].signature.sig;
+ oks[i] = 0;
+ }
+
+ res = 0;
+ all_ok = impl->open_batch(ms, lens, pks, sigs, n_checkable, oks);
+ for (i = 0; i < n_checkable; ++i) {
+ if (!oks[i])
+ --res;
+ }
+ /* XXX: For now sanity check oks with the return value. Once we have
+ * more confidence in the code, if `all_ok == 0` we can skip iterating
+ * over oks since all the signatures were found to be valid.
+ */
+ tor_assert(((res == 0) && !all_ok) || ((res < 0) && all_ok));
+
+ tor_free(ms);
+ tor_free(lens);
+ tor_free(pks);
+ tor_free(sigs);
+ if (! okay_out)
+ tor_free(oks);
}
-#if 0
- /* This is how we'd do it if we were using ed25519_donna. I'll keep this
- * code around here in case we ever do that. */
- const uint8_t **ms;
- size_t *lens;
- const uint8_t **pks;
- const uint8_t **sigs;
- int *oks;
-
- ms = tor_malloc(sizeof(uint8_t*)*n_checkable);
- lens = tor_malloc(sizeof(size_t)*n_checkable);
- pks = tor_malloc(sizeof(uint8_t*)*n_checkable);
- sigs = tor_malloc(sizeof(uint8_t*)*n_checkable);
- oks = okay_out ? okay_out : tor_malloc(sizeof(int)*n_checkable);
-
- for (i = 0; i < n_checkable; ++i) {
- ms[i] = checkable[i].msg;
- lens[i] = checkable[i].len;
- pks[i] = checkable[i].pubkey->pubkey;
- sigs[i] = checkable[i].signature.sig;
- oks[i] = 0;
- }
-
- ed25519_sign_open_batch_donna_fb(ms, lens, pks, sigs, n_checkable, oks);
-
- res = 0;
- for (i = 0; i < n_checkable; ++i) {
- if (!oks[i])
- --res;
- }
-
- tor_free(ms);
- tor_free(lens);
- tor_free(pks);
- if (! okay_out)
- tor_free(oks);
-#endif
-
return res;
}
@@ -229,9 +319,9 @@ ed25519_public_key_from_curve25519_public_key(ed25519_public_key_t *pubkey,
const curve25519_public_key_t *pubkey_in,
int signbit)
{
- return ed25519_ref10_pubkey_from_curve25519_pubkey(pubkey->pubkey,
- pubkey_in->public_key,
- signbit);
+ return get_ed_impl()->pubkey_from_curve25519_pubkey(pubkey->pubkey,
+ pubkey_in->public_key,
+ signbit);
}
/**
@@ -251,7 +341,7 @@ ed25519_keypair_blind(ed25519_keypair_t *out,
{
ed25519_public_key_t pubkey_check;
- ed25519_ref10_blind_secret_key(out->seckey.seckey,
+ get_ed_impl()->blind_secret_key(out->seckey.seckey,
inp->seckey.seckey, param);
ed25519_public_blind(&pubkey_check, &inp->pubkey, param);
@@ -274,7 +364,7 @@ ed25519_public_blind(ed25519_public_key_t *out,
const ed25519_public_key_t *inp,
const uint8_t *param)
{
- ed25519_ref10_blind_public_key(out->pubkey, inp->pubkey, param);
+ get_ed_impl()->blind_public_key(out->pubkey, inp->pubkey, param);
return 0;
}
@@ -309,10 +399,13 @@ ed25519_seckey_read_from_file(ed25519_secret_key_t *seckey_out,
len = crypto_read_tagged_contents_from_file(filename, "ed25519v1-secret",
tag_out, seckey_out->seckey,
sizeof(seckey_out->seckey));
- if (len != sizeof(seckey_out->seckey))
- return -1;
+ if (len == sizeof(seckey_out->seckey)) {
+ return 0;
+ } else if (len >= 0) {
+ errno = EINVAL;
+ }
- return 0;
+ return -1;
}
/**
@@ -345,9 +438,144 @@ ed25519_pubkey_read_from_file(ed25519_public_key_t *pubkey_out,
len = crypto_read_tagged_contents_from_file(filename, "ed25519v1-public",
tag_out, pubkey_out->pubkey,
sizeof(pubkey_out->pubkey));
- if (len != sizeof(pubkey_out->pubkey))
+ if (len == sizeof(pubkey_out->pubkey)) {
+ return 0;
+ } else if (len >= 0) {
+ errno = EINVAL;
+ }
+
+ return -1;
+}
+
+/** Release all storage held for <b>kp</b>. */
+void
+ed25519_keypair_free(ed25519_keypair_t *kp)
+{
+ if (! kp)
+ return;
+
+ memwipe(kp, 0, sizeof(*kp));
+ tor_free(kp);
+}
+
+/** Return true iff <b>key1</b> and <b>key2</b> are the same public key. */
+int
+ed25519_pubkey_eq(const ed25519_public_key_t *key1,
+ const ed25519_public_key_t *key2)
+{
+ tor_assert(key1);
+ tor_assert(key2);
+ return tor_memeq(key1->pubkey, key2->pubkey, ED25519_PUBKEY_LEN);
+}
+
+/** Check whether the given Ed25519 implementation seems to be working.
+ * If so, return 0; otherwise return -1. */
+static int
+ed25519_impl_spot_check(void)
+{
+ static const uint8_t alicesk[32] = {
+ 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
+ 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
+ 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
+ 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
+ };
+ static const uint8_t alicepk[32] = {
+ 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
+ 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
+ 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
+ 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
+ };
+ static const uint8_t alicemsg[2] = { 0xaf, 0x82 };
+ static const uint8_t alicesig[64] = {
+ 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
+ 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
+ 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
+ 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
+ 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
+ 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
+ 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
+ 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
+ };
+ const ed25519_impl_t *impl = get_ed_impl();
+ uint8_t sk[ED25519_SECKEY_LEN];
+ uint8_t pk[ED25519_PUBKEY_LEN];
+ uint8_t sig[ED25519_SIG_LEN];
+ int r = 0;
+
+ /* Some implementations (eg: The modified Ed25519-donna) have handy self-test
+ * code that sanity-checks the internals. If present, use that to screen out
+ * catastrophic errors like massive compiler failure.
+ */
+ if (impl->selftest && impl->selftest() != 0)
+ goto fail;
+
+ /* Validate results versus known answer tests. People really should be
+ * running "make test" instead of relying on this, but it's better than
+ * nothing.
+ *
+ * Test vectors taken from "EdDSA & Ed25519 - 6. Test Vectors for Ed25519
+ * (TEST3)" (draft-josefsson-eddsa-ed25519-03).
+ */
+
+ /* Key expansion, public key derivation. */
+ if (impl->seckey_expand(sk, alicesk) < 0)
+ goto fail;
+ if (impl->pubkey(pk, sk) < 0)
+ goto fail;
+ if (fast_memneq(pk, alicepk, ED25519_PUBKEY_LEN))
+ goto fail;
+
+ /* Signing, verification. */
+ if (impl->sign(sig, alicemsg, sizeof(alicemsg), sk, pk) < 0)
+ return -1;
+ if (fast_memneq(sig, alicesig, ED25519_SIG_LEN))
+ return -1;
+ if (impl->open(sig, alicemsg, sizeof(alicemsg), pk) < 0)
return -1;
- return 0;
+ /* XXX/yawning: Someone that's more paranoid than I am, can write "Assume
+ * ref0 is cannonical, and fuzz impl against it" if they want, but I doubt
+ * that will catch anything that the known answer tests won't.
+ */
+ goto end;
+
+ fail:
+ r = -1;
+ end:
+ return r;
+}
+
+/** Force the Ed25519 implementation to a given one, without sanity checking
+ * the output. Used for testing.
+ */
+void
+ed25519_set_impl_params(int use_donna)
+{
+ if (use_donna)
+ ed25519_impl = &impl_donna;
+ else
+ ed25519_impl = &impl_ref10;
+}
+
+/** Choose whether to use the Ed25519-donna implementation. */
+static void
+pick_ed25519_impl(void)
+{
+ ed25519_impl = &impl_donna;
+
+ if (ed25519_impl_spot_check() == 0)
+ return;
+
+ log_warn(LD_CRYPTO, "The Ed25519-donna implementation seems broken; using "
+ "the ref10 implementation.");
+ ed25519_impl = &impl_ref10;
+}
+
+/* Initialize the Ed25519 implementation. This is neccessary if you're
+ * going to use them in a multithreaded setting, and not otherwise. */
+void
+ed25519_init(void)
+{
+ pick_ed25519_impl();
}
diff --git a/src/common/crypto_ed25519.h b/src/common/crypto_ed25519.h
index 7efa74bff5..bdac12eb27 100644
--- a/src/common/crypto_ed25519.h
+++ b/src/common/crypto_ed25519.h
@@ -6,6 +6,7 @@
#include "testsupport.h"
#include "torint.h"
+#include "crypto_curve25519.h"
#define ED25519_PUBKEY_LEN 32
#define ED25519_SECKEY_LEN 64
@@ -60,7 +61,7 @@ int ed25519_checksig(const ed25519_signature_t *signature,
*/
typedef struct {
/** The public key that supposedly generated the signature. */
- ed25519_public_key_t *pubkey;
+ const ed25519_public_key_t *pubkey;
/** The signature to check. */
ed25519_signature_t signature;
/** The message that the signature is supposed to have been applied to. */
@@ -87,13 +88,6 @@ int ed25519_public_blind(ed25519_public_key_t *out,
const ed25519_public_key_t *inp,
const uint8_t *param);
-#define ED25519_BASE64_LEN 43
-
-int ed25519_public_from_base64(ed25519_public_key_t *pkey,
- const char *input);
-int ed25519_public_to_base64(char *output,
- const ed25519_public_key_t *pkey);
-
/* XXXX read encrypted, write encrypted. */
int ed25519_seckey_write_to_file(const ed25519_secret_key_t *seckey,
@@ -109,5 +103,13 @@ int ed25519_pubkey_read_from_file(ed25519_public_key_t *pubkey_out,
char **tag_out,
const char *filename);
+void ed25519_keypair_free(ed25519_keypair_t *kp);
+
+int ed25519_pubkey_eq(const ed25519_public_key_t *key1,
+ const ed25519_public_key_t *key2);
+
+void ed25519_set_impl_params(int use_donna);
+void ed25519_init(void);
+
#endif
diff --git a/src/common/crypto_format.c b/src/common/crypto_format.c
index 00e0e9ea85..d4ecd5b192 100644
--- a/src/common/crypto_format.c
+++ b/src/common/crypto_format.c
@@ -1,4 +1,7 @@
-/* Copyright (c) 2012-2015, The Tor Project, Inc. */
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/* Formatting and parsing code for crypto-related data structures. */
@@ -7,19 +10,122 @@
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
+#include "container.h"
#include "crypto.h"
#include "crypto_curve25519.h"
#include "crypto_ed25519.h"
+#include "crypto_format.h"
#include "util.h"
+#include "util_format.h"
#include "torlog.h"
+/** Write the <b>datalen</b> bytes from <b>data</b> to the file named
+ * <b>fname</b> in the tagged-data format. This format contains a
+ * 32-byte header, followed by the data itself. The header is the
+ * NUL-padded string "== <b>typestring</b>: <b>tag</b> ==". The length
+ * of <b>typestring</b> and <b>tag</b> must therefore be no more than
+ * 24.
+ **/
+int
+crypto_write_tagged_contents_to_file(const char *fname,
+ const char *typestring,
+ const char *tag,
+ const uint8_t *data,
+ size_t datalen)
+{
+ char header[32];
+ smartlist_t *chunks = smartlist_new();
+ sized_chunk_t ch0, ch1;
+ int r = -1;
+
+ memset(header, 0, sizeof(header));
+ if (tor_snprintf(header, sizeof(header),
+ "== %s: %s ==", typestring, tag) < 0)
+ goto end;
+ ch0.bytes = header;
+ ch0.len = 32;
+ ch1.bytes = (const char*) data;
+ ch1.len = datalen;
+ smartlist_add(chunks, &ch0);
+ smartlist_add(chunks, &ch1);
+
+ r = write_chunks_to_file(fname, chunks, 1, 0);
+
+ end:
+ smartlist_free(chunks);
+ return r;
+}
+
+/** Read a tagged-data file from <b>fname</b> into the
+ * <b>data_out_len</b>-byte buffer in <b>data_out</b>. Check that the
+ * typestring matches <b>typestring</b>; store the tag into a newly allocated
+ * string in <b>tag_out</b>. Return -1 on failure, and the number of bytes of
+ * data on success. Preserves the errno from reading the file. */
+ssize_t
+crypto_read_tagged_contents_from_file(const char *fname,
+ const char *typestring,
+ char **tag_out,
+ uint8_t *data_out,
+ ssize_t data_out_len)
+{
+ char prefix[33];
+ char *content = NULL;
+ struct stat st;
+ ssize_t r = -1;
+ size_t st_size = 0;
+ int saved_errno = 0;
+
+ *tag_out = NULL;
+ st.st_size = 0;
+ content = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
+ if (! content) {
+ saved_errno = errno;
+ goto end;
+ }
+ if (st.st_size < 32 || st.st_size > 32 + data_out_len) {
+ saved_errno = EINVAL;
+ goto end;
+ }
+ st_size = (size_t)st.st_size;
+
+ memcpy(prefix, content, 32);
+ prefix[32] = 0;
+ /* Check type, extract tag. */
+ if (strcmpstart(prefix, "== ") || strcmpend(prefix, " ==") ||
+ ! tor_mem_is_zero(prefix+strlen(prefix), 32-strlen(prefix))) {
+ saved_errno = EINVAL;
+ goto end;
+ }
+
+ if (strcmpstart(prefix+3, typestring) ||
+ 3+strlen(typestring) >= 32 ||
+ strcmpstart(prefix+3+strlen(typestring), ": ")) {
+ saved_errno = EINVAL;
+ goto end;
+ }
+
+ *tag_out = tor_strndup(prefix+5+strlen(typestring),
+ strlen(prefix)-8-strlen(typestring));
+
+ memcpy(data_out, content+32, st_size-32);
+ r = st_size - 32;
+
+ end:
+ if (content)
+ memwipe(content, 0, st_size);
+ tor_free(content);
+ if (saved_errno)
+ errno = saved_errno;
+ return r;
+}
+
int
curve25519_public_to_base64(char *output,
const curve25519_public_key_t *pkey)
{
char buf[128];
base64_encode(buf, sizeof(buf),
- (const char*)pkey->public_key, CURVE25519_PUBKEY_LEN);
+ (const char*)pkey->public_key, CURVE25519_PUBKEY_LEN, 0);
buf[CURVE25519_BASE64_PADDED_LEN] = '\0';
memcpy(output, buf, CURVE25519_BASE64_PADDED_LEN+1);
return 0;
@@ -65,3 +171,96 @@ ed25519_public_to_base64(char *output,
return digest256_to_base64(output, (const char *)pkey->pubkey);
}
+/** Encode the signature <b>sig</b> into the buffer at <b>output</b>,
+ * which must have space for ED25519_SIG_BASE64_LEN bytes of encoded signature,
+ * plus one byte for a terminating NUL. Return 0 on success, -1 on failure.
+ */
+int
+ed25519_signature_to_base64(char *output,
+ const ed25519_signature_t *sig)
+{
+ char buf[256];
+ int n = base64_encode_nopad(buf, sizeof(buf), sig->sig, ED25519_SIG_LEN);
+ tor_assert(n == ED25519_SIG_BASE64_LEN);
+ memcpy(output, buf, ED25519_SIG_BASE64_LEN+1);
+ return 0;
+}
+
+/** Try to decode the string <b>input</b> into an ed25519 signature. On
+ * success, store the value in <b>sig</b> and return 0. Otherwise return
+ * -1. */
+int
+ed25519_signature_from_base64(ed25519_signature_t *sig,
+ const char *input)
+{
+
+ if (strlen(input) != ED25519_SIG_BASE64_LEN)
+ return -1;
+ char buf[ED25519_SIG_BASE64_LEN+3];
+ memcpy(buf, input, ED25519_SIG_BASE64_LEN);
+ buf[ED25519_SIG_BASE64_LEN+0] = '=';
+ buf[ED25519_SIG_BASE64_LEN+1] = '=';
+ buf[ED25519_SIG_BASE64_LEN+2] = 0;
+ char decoded[128];
+ int n = base64_decode(decoded, sizeof(decoded), buf, strlen(buf));
+ if (n < 0 || n != ED25519_SIG_LEN)
+ return -1;
+ memcpy(sig->sig, decoded, ED25519_SIG_LEN);
+
+ return 0;
+}
+
+/** Base64 encode DIGEST_LINE bytes from <b>digest</b>, remove the trailing =
+ * characters, and store the nul-terminated result in the first
+ * BASE64_DIGEST_LEN+1 bytes of <b>d64</b>. */
+/* XXXX unify with crypto_format.c code */
+int
+digest_to_base64(char *d64, const char *digest)
+{
+ char buf[256];
+ base64_encode(buf, sizeof(buf), digest, DIGEST_LEN, 0);
+ buf[BASE64_DIGEST_LEN] = '\0';
+ memcpy(d64, buf, BASE64_DIGEST_LEN+1);
+ return 0;
+}
+
+/** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
+ * trailing newline or = characters), decode it and store the result in the
+ * first DIGEST_LEN bytes at <b>digest</b>. */
+/* XXXX unify with crypto_format.c code */
+int
+digest_from_base64(char *digest, const char *d64)
+{
+ if (base64_decode(digest, DIGEST_LEN, d64, strlen(d64)) == DIGEST_LEN)
+ return 0;
+ else
+ return -1;
+}
+
+/** Base64 encode DIGEST256_LINE bytes from <b>digest</b>, remove the
+ * trailing = characters, and store the nul-terminated result in the first
+ * BASE64_DIGEST256_LEN+1 bytes of <b>d64</b>. */
+ /* XXXX unify with crypto_format.c code */
+int
+digest256_to_base64(char *d64, const char *digest)
+{
+ char buf[256];
+ base64_encode(buf, sizeof(buf), digest, DIGEST256_LEN, 0);
+ buf[BASE64_DIGEST256_LEN] = '\0';
+ memcpy(d64, buf, BASE64_DIGEST256_LEN+1);
+ return 0;
+}
+
+/** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
+ * trailing newline or = characters), decode it and store the result in the
+ * first DIGEST256_LEN bytes at <b>digest</b>. */
+/* XXXX unify with crypto_format.c code */
+int
+digest256_from_base64(char *digest, const char *d64)
+{
+ if (base64_decode(digest, DIGEST256_LEN, d64, strlen(d64)) == DIGEST256_LEN)
+ return 0;
+ else
+ return -1;
+}
+
diff --git a/src/common/crypto_format.h b/src/common/crypto_format.h
new file mode 100644
index 0000000000..b972d3f509
--- /dev/null
+++ b/src/common/crypto_format.h
@@ -0,0 +1,46 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_CRYPTO_FORMAT_H
+#define TOR_CRYPTO_FORMAT_H
+
+#include "testsupport.h"
+#include "torint.h"
+#include "crypto_ed25519.h"
+
+int crypto_write_tagged_contents_to_file(const char *fname,
+ const char *typestring,
+ const char *tag,
+ const uint8_t *data,
+ size_t datalen);
+
+ssize_t crypto_read_tagged_contents_from_file(const char *fname,
+ const char *typestring,
+ char **tag_out,
+ uint8_t *data_out,
+ ssize_t data_out_len);
+
+#define ED25519_BASE64_LEN 43
+int ed25519_public_from_base64(ed25519_public_key_t *pkey,
+ const char *input);
+int ed25519_public_to_base64(char *output,
+ const ed25519_public_key_t *pkey);
+
+/* XXXX move these to crypto_format.h */
+#define ED25519_SIG_BASE64_LEN 86
+
+int ed25519_signature_from_base64(ed25519_signature_t *sig,
+ const char *input);
+int ed25519_signature_to_base64(char *output,
+ const ed25519_signature_t *sig);
+
+int digest_to_base64(char *d64, const char *digest);
+int digest_from_base64(char *digest, const char *d64);
+int digest256_to_base64(char *d64, const char *digest);
+int digest256_from_base64(char *digest, const char *d64);
+
+#endif
+
diff --git a/src/common/include.am b/src/common/include.am
index 5b63392541..7de93ba2ac 100644
--- a/src/common/include.am
+++ b/src/common/include.am
@@ -11,9 +11,7 @@ noinst_LIBRARIES += \
src/common/libor-event-testing.a
endif
-EXTRA_DIST+= \
- src/common/common_sha1.i \
- src/common/Makefile.nmake
+EXTRA_DIST += src/common/Makefile.nmake
#CFLAGS = -Wall -Wpointer-arith -O2
AM_CPPFLAGS += -I$(srcdir)/src/common -Isrc/common -I$(srcdir)/src/ext/trunnel -I$(srcdir)/src/trunnel
@@ -45,6 +43,7 @@ endif
endif
LIBDONNA += $(LIBED25519_REF10)
+LIBDONNA += $(LIBED25519_DONNA)
if THREADS_PTHREADS
threads_impl_source=src/common/compat_pthreads.c
@@ -53,6 +52,12 @@ if THREADS_WIN32
threads_impl_source=src/common/compat_winthreads.c
endif
+if BUILD_READPASSPHRASE_C
+readpassphrase_source=src/ext/readpassphrase.c
+else
+readpassphrase_source=
+endif
+
LIBOR_A_SOURCES = \
src/common/address.c \
src/common/backtrace.c \
@@ -63,14 +68,17 @@ LIBOR_A_SOURCES = \
src/common/log.c \
src/common/memarea.c \
src/common/util.c \
- src/common/util_codedigest.c \
+ src/common/util_format.c \
src/common/util_process.c \
src/common/sandbox.c \
src/common/workqueue.c \
src/ext/csiphash.c \
src/ext/trunnel/trunnel.c \
$(libor_extra_source) \
- $(threads_impl_source)
+ $(threads_impl_source) \
+ $(readpassphrase_source)
+
+src/common/log.o: micro-revision.i
LIBOR_CRYPTO_A_SOURCES = \
src/common/aes.c \
@@ -96,9 +104,9 @@ src_common_libor_testing_a_SOURCES = $(LIBOR_A_SOURCES)
src_common_libor_crypto_testing_a_SOURCES = $(LIBOR_CRYPTO_A_SOURCES)
src_common_libor_event_testing_a_SOURCES = $(LIBOR_EVENT_A_SOURCES)
-src_common_libor_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
-src_common_libor_crypto_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
-src_common_libor_event_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
+src_common_libor_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_common_libor_crypto_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_common_libor_event_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
src_common_libor_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
src_common_libor_crypto_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
src_common_libor_event_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
@@ -115,6 +123,7 @@ COMMONHEADERS = \
src/common/crypto.h \
src/common/crypto_curve25519.h \
src/common/crypto_ed25519.h \
+ src/common/crypto_format.h \
src/common/crypto_pwbox.h \
src/common/crypto_s2k.h \
src/common/di_ops.h \
@@ -128,22 +137,9 @@ COMMONHEADERS = \
src/common/torlog.h \
src/common/tortls.h \
src/common/util.h \
+ src/common/util_format.h \
src/common/util_process.h \
src/common/workqueue.h
noinst_HEADERS+= $(COMMONHEADERS)
-DISTCLEANFILES+= src/common/common_sha1.i
-
-src/common/common_sha1.i: $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(COMMONHEADERS)
- $(AM_V_GEN)if test "@SHA1SUM@" != none; then \
- (cd "$(srcdir)" && "@SHA1SUM@" $(src_common_libor_SOURCES) $(src_common_libor_crypto_a_SOURCES) $(COMMONHEADERS)) | "@SED@" -n 's/^\(.*\)$$/"\1\\n"/p' > $@; \
- elif test "@OPENSSL@" != none; then \
- (cd "$(srcdir)" && "@OPENSSL@" sha1 $(src_common_libor_SOURCES) $(src_Common_libor_crypto_a_SOURCES) $(COMMONHEADERS)) | "@SED@" -n 's/SHA1(\(.*\))= \(.*\)/"\2 \1\\n"/p' > $@; \
- else \
- rm $@; \
- touch $@; \
- fi
-
-src/common/util_codedigest.o: src/common/common_sha1.i
-
diff --git a/src/common/log.c b/src/common/log.c
index e8cc30c312..e23691b6ab 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -140,6 +140,9 @@ static size_t pending_startup_messages_len;
* configured. */
static int queue_startup_messages = 1;
+/** True iff __PRETTY_FUNCTION__ includes parenthesized arguments. */
+static int pretty_fn_has_parens = 0;
+
/** Don't store more than this many bytes of messages while waiting for the
* logs to get configured. */
#define MAX_STARTUP_MSG_LEN (1<<16)
@@ -263,6 +266,13 @@ log_tor_version(logfile_t *lf, int reset)
return 0;
}
+const char bug_suffix[] = " (on Tor " VERSION
+#ifndef _MSC_VER
+ " "
+#include "micro-revision.i"
+#endif
+ ")";
+
/** Helper: Format a log message into a fixed-sized buffer. (This is
* factored out of <b>logv</b> so that we never format a message more
* than once.) Return a pointer to the first character of the message
@@ -306,7 +316,9 @@ format_msg(char *buf, size_t buf_len,
}
if (funcname && should_log_function_name(domain, severity)) {
- r = tor_snprintf(buf+n, buf_len-n, "%s(): ", funcname);
+ r = tor_snprintf(buf+n, buf_len-n,
+ pretty_fn_has_parens ? "%s: " : "%s(): ",
+ funcname);
if (r<0)
n = strlen(buf);
else
@@ -341,6 +353,13 @@ format_msg(char *buf, size_t buf_len,
}
}
}
+
+ if (domain == LD_BUG &&
+ buf_len - n > strlen(bug_suffix)+1) {
+ memcpy(buf+n, bug_suffix, strlen(bug_suffix));
+ n += strlen(bug_suffix);
+ }
+
buf[n]='\n';
buf[n+1]='\0';
*msg_len_out = n+1;
@@ -655,9 +674,7 @@ tor_log_get_logfile_names(smartlist_t *out)
UNLOCK_LOGS();
}
-/** Output a message to the log, prefixed with a function name <b>fn</b>. */
-#ifdef __GNUC__
-/** GCC-based implementation of the log_fn backend, used when we have
+/** Implementation of the log_fn backend, used when we have
* variadic macros. All arguments are as for log_fn, except for
* <b>fn</b>, which is the name of the calling functions. */
void
@@ -687,98 +704,6 @@ log_fn_ratelim_(ratelim_t *ratelim, int severity, log_domain_mask_t domain,
va_end(ap);
tor_free(m);
}
-#else
-/** @{ */
-/** Variant implementation of log_fn, log_debug, log_info,... for C compilers
- * without variadic macros. In this case, the calling function sets
- * log_fn_function_name_ to the name of the function, then invokes the
- * appropriate log_fn_, log_debug_, etc. */
-const char *log_fn_function_name_=NULL;
-void
-log_fn_(int severity, log_domain_mask_t domain, const char *format, ...)
-{
- va_list ap;
- if (severity > log_global_min_severity_)
- return;
- va_start(ap,format);
- logv(severity, domain, log_fn_function_name_, NULL, format, ap);
- va_end(ap);
- log_fn_function_name_ = NULL;
-}
-void
-log_fn_ratelim_(ratelim_t *ratelim, int severity, log_domain_mask_t domain,
- const char *format, ...)
-{
- va_list ap;
- char *m;
- if (severity > log_global_min_severity_)
- return;
- m = rate_limit_log(ratelim, approx_time());
- if (m == NULL)
- return;
- va_start(ap, format);
- logv(severity, domain, log_fn_function_name_, m, format, ap);
- va_end(ap);
- tor_free(m);
-}
-void
-log_debug_(log_domain_mask_t domain, const char *format, ...)
-{
- va_list ap;
- /* For GCC we do this check in the macro. */
- if (PREDICT_LIKELY(LOG_DEBUG > log_global_min_severity_))
- return;
- va_start(ap,format);
- logv(LOG_DEBUG, domain, log_fn_function_name_, NULL, format, ap);
- va_end(ap);
- log_fn_function_name_ = NULL;
-}
-void
-log_info_(log_domain_mask_t domain, const char *format, ...)
-{
- va_list ap;
- if (LOG_INFO > log_global_min_severity_)
- return;
- va_start(ap,format);
- logv(LOG_INFO, domain, log_fn_function_name_, NULL, format, ap);
- va_end(ap);
- log_fn_function_name_ = NULL;
-}
-void
-log_notice_(log_domain_mask_t domain, const char *format, ...)
-{
- va_list ap;
- if (LOG_NOTICE > log_global_min_severity_)
- return;
- va_start(ap,format);
- logv(LOG_NOTICE, domain, log_fn_function_name_, NULL, format, ap);
- va_end(ap);
- log_fn_function_name_ = NULL;
-}
-void
-log_warn_(log_domain_mask_t domain, const char *format, ...)
-{
- va_list ap;
- if (LOG_WARN > log_global_min_severity_)
- return;
- va_start(ap,format);
- logv(LOG_WARN, domain, log_fn_function_name_, NULL, format, ap);
- va_end(ap);
- log_fn_function_name_ = NULL;
-}
-void
-log_err_(log_domain_mask_t domain, const char *format, ...)
-{
- va_list ap;
- if (LOG_ERR > log_global_min_severity_)
- return;
- va_start(ap,format);
- logv(LOG_ERR, domain, log_fn_function_name_, NULL, format, ap);
- va_end(ap);
- log_fn_function_name_ = NULL;
-}
-/** @} */
-#endif
/** Free all storage held by <b>victim</b>. */
static void
@@ -925,6 +850,11 @@ init_logging(int disable_startup_queue)
tor_mutex_init(&log_mutex);
log_mutex_initialized = 1;
}
+#ifdef __GNUC__
+ if (strchr(__PRETTY_FUNCTION__, '(')) {
+ pretty_fn_has_parens = 1;
+ }
+#endif
if (pending_cb_messages == NULL)
pending_cb_messages = smartlist_new();
if (disable_startup_queue)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 161eab7aad..bcbb3ce3fa 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -48,7 +48,7 @@
#include <sys/epoll.h>
#include <sys/prctl.h>
#include <linux/futex.h>
-#include <bits/signum.h>
+#include <sys/file.h>
#include <stdarg.h>
#include <seccomp.h>
@@ -177,11 +177,20 @@ static int filter_nopar_gen[] = {
SCMP_SYS(mmap),
#endif
SCMP_SYS(munmap),
+#ifdef __NR_prlimit
+ SCMP_SYS(prlimit),
+#endif
+#ifdef __NR_prlimit64
+ SCMP_SYS(prlimit64),
+#endif
SCMP_SYS(read),
SCMP_SYS(rt_sigreturn),
SCMP_SYS(sched_getaffinity),
SCMP_SYS(sendmsg),
SCMP_SYS(set_robust_list),
+#ifdef __NR_setrlimit
+ SCMP_SYS(setrlimit),
+#endif
#ifdef __NR_sigreturn
SCMP_SYS(sigreturn),
#endif
@@ -1598,7 +1607,7 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context)
const char *syscall_name;
int syscall;
#ifdef USE_BACKTRACE
- int depth;
+ size_t depth;
int n_fds, i;
const int *fds = NULL;
#endif
@@ -1630,7 +1639,7 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context)
#ifdef USE_BACKTRACE
n_fds = tor_log_get_sigsafe_err_fds(&fds);
for (i=0; i < n_fds; ++i)
- backtrace_symbols_fd(syscall_cb_buf, depth, fds[i]);
+ backtrace_symbols_fd(syscall_cb_buf, (int)depth, fds[i]);
#endif
#if defined(DEBUGGING_CLOSE)
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index 36d25d6516..21d517fe51 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -42,6 +42,9 @@ typedef struct sandbox_cfg_elem sandbox_cfg_t;
#ifndef __USE_GNU
#define __USE_GNU
#endif
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
#include <sys/ucontext.h>
#include <seccomp.h>
#include <netdb.h>
diff --git a/src/common/torlog.h b/src/common/torlog.h
index 8923a9e213..67edf14c04 100644
--- a/src/common/torlog.h
+++ b/src/common/torlog.h
@@ -166,7 +166,6 @@ void tor_log_get_logfile_names(struct smartlist_t *out);
extern int log_global_min_severity_;
-#if defined(__GNUC__) || defined(RUNNING_DOXYGEN)
void log_fn_(int severity, log_domain_mask_t domain,
const char *funcname, const char *format, ...)
CHECK_PRINTF(4,5);
@@ -175,6 +174,12 @@ void log_fn_ratelim_(struct ratelim_t *ratelim, int severity,
log_domain_mask_t domain, const char *funcname,
const char *format, ...)
CHECK_PRINTF(5,6);
+
+#if defined(__GNUC__)
+
+/* These are the GCC varidaic macros, so that older versions of GCC don't
+ * break. */
+
/** Log a message at level <b>severity</b>, using a pretty-printed version
* of the current function name. */
#define log_fn(severity, domain, args...) \
@@ -200,42 +205,32 @@ void log_fn_ratelim_(struct ratelim_t *ratelim, int severity,
#else /* ! defined(__GNUC__) */
-void log_fn_(int severity, log_domain_mask_t domain, const char *format, ...);
-struct ratelim_t;
-void log_fn_ratelim_(struct ratelim_t *ratelim, int severity,
- log_domain_mask_t domain, const char *format, ...);
-void log_debug_(log_domain_mask_t domain, const char *format, ...);
-void log_info_(log_domain_mask_t domain, const char *format, ...);
-void log_notice_(log_domain_mask_t domain, const char *format, ...);
-void log_warn_(log_domain_mask_t domain, const char *format, ...);
-void log_err_(log_domain_mask_t domain, const char *format, ...);
-
-#if defined(_MSC_VER) && _MSC_VER < 1300
-/* MSVC 6 and earlier don't have __func__, or even __LINE__. */
-#define log_fn log_fn_
-#define log_fn_ratelim log_fn_ratelim_
-#define log_debug log_debug_
-#define log_info log_info_
-#define log_notice log_notice_
-#define log_warn log_warn_
-#define log_err log_err_
-#else
-/* We don't have GCC's varargs macros, so use a global variable to pass the
- * function name to log_fn */
-extern const char *log_fn_function_name_;
-/* We abuse the comma operator here, since we can't use the standard
- * do {...} while (0) trick to wrap this macro, since the macro can't take
- * arguments. */
-#define log_fn (log_fn_function_name_=__func__),log_fn_
-#define log_fn_ratelim (log_fn_function_name_=__func__),log_fn_ratelim_
-#define log_debug (log_fn_function_name_=__func__),log_debug_
-#define log_info (log_fn_function_name_=__func__),log_info_
-#define log_notice (log_fn_function_name_=__func__),log_notice_
-#define log_warn (log_fn_function_name_=__func__),log_warn_
-#define log_err (log_fn_function_name_=__func__),log_err_
-#endif
+/* Here are the c99 variadic macros, to work with non-GCC compilers */
-#endif /* !GNUC */
+#define log_debug(domain, args, ...) \
+ STMT_BEGIN \
+ if (PREDICT_UNLIKELY(log_global_min_severity_ == LOG_DEBUG)) \
+ log_fn_(LOG_DEBUG, domain, __FUNCTION__, args, ##__VA_ARGS__); \
+ STMT_END
+#define log_info(domain, args,...) \
+ log_fn_(LOG_INFO, domain, __FUNCTION__, args, ##__VA_ARGS__)
+#define log_notice(domain, args,...) \
+ log_fn_(LOG_NOTICE, domain, __FUNCTION__, args, ##__VA_ARGS__)
+#define log_warn(domain, args,...) \
+ log_fn_(LOG_WARN, domain, __FUNCTION__, args, ##__VA_ARGS__)
+#define log_err(domain, args,...) \
+ log_fn_(LOG_ERR, domain, __FUNCTION__, args, ##__VA_ARGS__)
+/** Log a message at level <b>severity</b>, using a pretty-printed version
+ * of the current function name. */
+#define log_fn(severity, domain, args,...) \
+ log_fn_(severity, domain, __FUNCTION__, args, ##__VA_ARGS__)
+/** As log_fn, but use <b>ratelim</b> (an instance of ratelim_t) to control
+ * the frequency at which messages can appear.
+ */
+#define log_fn_ratelim(ratelim, severity, domain, args,...) \
+ log_fn_ratelim_(ratelim, severity, domain, __FUNCTION__, \
+ args, ##__VA_ARGS__)
+#endif
#ifdef LOG_PRIVATE
MOCK_DECL(STATIC void, logv, (int severity, log_domain_mask_t domain,
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 97a82bf6e1..536043e558 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -18,16 +18,8 @@
#include <assert.h>
#ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/
- #ifndef _WIN32_WINNT
- #define _WIN32_WINNT 0x0501
- #endif
- #define WIN32_LEAN_AND_MEAN
- #if defined(_MSC_VER) && (_MSC_VER < 1300)
- #include <winsock.h>
- #else
- #include <winsock2.h>
- #include <ws2tcpip.h>
- #endif
+ #include <winsock2.h>
+ #include <ws2tcpip.h>
#endif
#ifdef __GNUC__
@@ -43,13 +35,22 @@
#pragma GCC diagnostic ignored "-Wredundant-decls"
#endif
+#include <openssl/opensslv.h>
+#include "crypto.h"
+
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
+#error "We require OpenSSL >= 1.0.0"
+#endif
+#ifdef OPENSSL_NO_EC
+#error "We require OpenSSL with ECC support"
+#endif
+
#include <openssl/ssl.h>
#include <openssl/ssl3.h>
#include <openssl/err.h>
#include <openssl/tls1.h>
#include <openssl/asn1.h>
#include <openssl/bio.h>
-#include <openssl/opensslv.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -68,16 +69,16 @@
#include "compat_libevent.h"
#endif
-#include "crypto.h"
#include "tortls.h"
#include "util.h"
#include "torlog.h"
#include "container.h"
#include <string.h>
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(0,9,8)
-#error "We require OpenSSL >= 0.9.8"
-#endif
+#define X509_get_notBefore_const(cert) \
+ ((const ASN1_TIME*) X509_get_notBefore((X509 *)cert))
+#define X509_get_notAfter_const(cert) \
+ ((const ASN1_TIME*) X509_get_notAfter((X509 *)cert))
/* Enable the "v2" TLS handshake.
*/
@@ -93,10 +94,8 @@
#define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer")
-#if (OPENSSL_VERSION_NUMBER < OPENSSL_V(0,9,8,'s') || \
- (OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,9) && \
- OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f')))
-/* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f')
+/* This is a version of OpenSSL before 1.0.0f. It does not have
* the CVE-2011-4576 fix, and as such it can't use RELEASE_BUFFERS and
* SSL3 safely at the same time.
*/
@@ -114,15 +113,8 @@
#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
#endif
-/** Does the run-time openssl version look like we need
- * SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */
-static int use_unsafe_renegotiation_op = 0;
-/** Does the run-time openssl version look like we need
- * SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */
-static int use_unsafe_renegotiation_flag = 0;
-
/** Structure that we use for a single certificate. */
-struct tor_cert_t {
+struct tor_x509_cert_t {
X509 *cert;
uint8_t *encoded;
size_t encoded_len;
@@ -137,9 +129,9 @@ struct tor_cert_t {
typedef struct tor_tls_context_t {
int refcnt;
SSL_CTX *ctx;
- tor_cert_t *my_link_cert;
- tor_cert_t *my_id_cert;
- tor_cert_t *my_auth_cert;
+ tor_x509_cert_t *my_link_cert;
+ tor_x509_cert_t *my_id_cert;
+ tor_x509_cert_t *my_auth_cert;
crypto_pk_t *link_key;
crypto_pk_t *auth_key;
} tor_tls_context_t;
@@ -210,16 +202,6 @@ struct tor_tls_t {
void *callback_arg;
};
-#ifdef V2_HANDSHAKE_CLIENT
-/** An array of fake SSL_CIPHER objects that we use in order to trick OpenSSL
- * in client mode into advertising the ciphers we want. See
- * rectify_client_ciphers() for details. */
-static SSL_CIPHER *CLIENT_CIPHER_DUMMIES = NULL;
-/** A stack of SSL_CIPHER objects, some real, some fake.
- * See rectify_client_ciphers() for details. */
-static STACK_OF(SSL_CIPHER) *CLIENT_CIPHER_STACK = NULL;
-#endif
-
/** The ex_data index in which we store a pointer to an SSL object's
* corresponding tor_tls_t object. */
static int tor_tls_object_ex_data_index = -1;
@@ -479,65 +461,13 @@ tor_tls_init(void)
check_no_tls_errors();
if (!tls_library_is_initialized) {
- long version;
SSL_library_init();
SSL_load_error_strings();
- version = SSLeay();
-
- /* OpenSSL 0.9.8l introduced SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- * here, but without thinking too hard about it: it turns out that the
- * flag in question needed to be set at the last minute, and that it
- * conflicted with an existing flag number that had already been added
- * in the OpenSSL 1.0.0 betas. OpenSSL 0.9.8m thoughtfully replaced
- * the flag with an option and (it seems) broke anything that used
- * SSL3_FLAGS_* for the purpose. So we need to know how to do both,
- * and we mustn't use the SSL3_FLAGS option with anything besides
- * OpenSSL 0.9.8l.
- *
- * No, we can't just set flag 0x0010 everywhere. It breaks Tor with
- * OpenSSL 1.0.0beta3 and later. On the other hand, we might be able to
- * set option 0x00040000L everywhere.
- *
- * No, we can't simply detect whether the flag or the option is present
- * in the headers at build-time: some vendors (notably Apple) like to
- * leave their headers out of sync with their libraries.
- *
- * Yes, it _is_ almost as if the OpenSSL developers decided that no
- * program should be allowed to use renegotiation unless it first passed
- * a test of intelligence and determination.
- */
- if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
- log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
- "some vendors have backported renegotiation code from "
- "0.9.8m without updating the version number. "
- "I will try SSL3_FLAGS and SSL_OP to enable renegotation.",
- SSLeay_version(SSLEAY_VERSION));
- use_unsafe_renegotiation_flag = 1;
- use_unsafe_renegotiation_op = 1;
- } else if (version > OPENSSL_V(0,9,8,'l')) {
- log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
- "I will try SSL_OP to enable renegotiation",
- SSLeay_version(SSLEAY_VERSION));
- use_unsafe_renegotiation_op = 1;
- } else if (version <= OPENSSL_V(0,9,8,'k')) {
- log_info(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
- "0.9.8l, but some vendors have backported 0.9.8l's "
- "renegotiation code to earlier versions, and some have "
- "backported the code from 0.9.8m or 0.9.8n. I'll set both "
- "SSL3_FLAGS and SSL_OP just to be safe.",
- SSLeay_version(SSLEAY_VERSION), version);
- use_unsafe_renegotiation_flag = 1;
- use_unsafe_renegotiation_op = 1;
- } else {
- /* this is dead code, yes? */
- log_info(LD_GENERAL, "OpenSSL %s has version %lx",
- SSLeay_version(SSLEAY_VERSION), version);
- }
-
#if (SIZEOF_VOID_P >= 8 && \
- !defined(OPENSSL_NO_EC) && \
OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
+ long version = SSLeay();
+
if (version >= OPENSSL_V_SERIES(1,0,1)) {
/* Warn if we could *almost* be running with much faster ECDH.
If we're built for a 64-bit target, using OpenSSL 1.0.1, but we
@@ -588,12 +518,6 @@ tor_tls_free_all(void)
client_tls_context = NULL;
tor_tls_context_decref(ctx);
}
-#ifdef V2_HANDSHAKE_CLIENT
- if (CLIENT_CIPHER_DUMMIES)
- tor_free(CLIENT_CIPHER_DUMMIES);
- if (CLIENT_CIPHER_STACK)
- sk_SSL_CIPHER_free(CLIENT_CIPHER_STACK);
-#endif
}
/** We need to give OpenSSL a callback to verify certificates. This is
@@ -659,7 +583,8 @@ tor_tls_create_certificate(crypto_pk_t *rsa,
* than having it start right now. Don't choose quite uniformly, since
* then we might pick a time where we're about to expire. Lastly, be
* sure to start on a day boundary. */
- start_time = time(NULL) - crypto_rand_int(cert_lifetime) + 2*24*3600;
+ time_t now = time(NULL);
+ start_time = crypto_rand_time_range(now - cert_lifetime, now) + 2*24*3600;
start_time -= start_time % (24*3600);
tor_assert(rsa);
@@ -783,13 +708,12 @@ const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
* (SSL3_TXT_RSA_NULL_SHA). If you do this, you won't be able to communicate
* with any of the "real" Tors, though. */
-#ifdef V2_HANDSHAKE_CLIENT
#define CIPHER(id, name) name ":"
#define XCIPHER(id, name)
/** List of ciphers that clients should advertise, omitting items that
* our OpenSSL doesn't know about. */
static const char CLIENT_CIPHER_LIST[] =
-#include "./ciphers.inc"
+#include "ciphers.inc"
/* Tell it not to use SSLv2 ciphers, so that it can select an SSLv3 version
* of any cipher we say. */
"!SSLv2"
@@ -797,31 +721,9 @@ static const char CLIENT_CIPHER_LIST[] =
#undef CIPHER
#undef XCIPHER
-/** Holds a cipher that we want to advertise, and its 2-byte ID. */
-typedef struct cipher_info_t { unsigned id; const char *name; } cipher_info_t;
-/** A list of all the ciphers that clients should advertise, including items
- * that OpenSSL might not know about. */
-static const cipher_info_t CLIENT_CIPHER_INFO_LIST[] = {
-#define CIPHER(id, name) { id, name },
-#define XCIPHER(id, name) { id, #name },
-#include "./ciphers.inc"
-#undef CIPHER
-#undef XCIPHER
-};
-
-/** The length of CLIENT_CIPHER_INFO_LIST and CLIENT_CIPHER_DUMMIES. */
-static const int N_CLIENT_CIPHERS = ARRAY_LENGTH(CLIENT_CIPHER_INFO_LIST);
-#endif
-
-#ifndef V2_HANDSHAKE_CLIENT
-#undef CLIENT_CIPHER_LIST
-#define CLIENT_CIPHER_LIST (TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" \
- SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
-#endif
-
/** Free all storage held in <b>cert</b> */
void
-tor_cert_free(tor_cert_t *cert)
+tor_x509_cert_free(tor_x509_cert_t *cert)
{
if (! cert)
return;
@@ -833,14 +735,14 @@ tor_cert_free(tor_cert_t *cert)
}
/**
- * Allocate a new tor_cert_t to hold the certificate "x509_cert".
+ * Allocate a new tor_x509_cert_t to hold the certificate "x509_cert".
*
* Steals a reference to x509_cert.
*/
-static tor_cert_t *
-tor_cert_new(X509 *x509_cert)
+static tor_x509_cert_t *
+tor_x509_cert_new(X509 *x509_cert)
{
- tor_cert_t *cert;
+ tor_x509_cert_t *cert;
EVP_PKEY *pkey;
RSA *rsa;
int length;
@@ -850,7 +752,7 @@ tor_cert_new(X509 *x509_cert)
return NULL;
length = i2d_X509(x509_cert, &buf);
- cert = tor_malloc_zero(sizeof(tor_cert_t));
+ cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
if (length <= 0 || buf == NULL) {
tor_free(cert);
log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate");
@@ -880,14 +782,14 @@ tor_cert_new(X509 *x509_cert)
}
/** Read a DER-encoded X509 cert, of length exactly <b>certificate_len</b>,
- * from a <b>certificate</b>. Return a newly allocated tor_cert_t on success
- * and NULL on failure. */
-tor_cert_t *
-tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
+ * from a <b>certificate</b>. Return a newly allocated tor_x509_cert_t on
+ * success and NULL on failure. */
+tor_x509_cert_t *
+tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
{
X509 *x509;
const unsigned char *cp = (const unsigned char *)certificate;
- tor_cert_t *newcert;
+ tor_x509_cert_t *newcert;
tor_assert(certificate);
check_no_tls_errors();
@@ -902,14 +804,14 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
X509_free(x509);
goto err; /* Didn't use all the bytes */
}
- newcert = tor_cert_new(x509);
+ newcert = tor_x509_cert_new(x509);
if (!newcert) {
goto err;
}
if (newcert->encoded_len != certificate_len ||
fast_memneq(newcert->encoded, certificate, certificate_len)) {
/* Cert wasn't in DER */
- tor_cert_free(newcert);
+ tor_x509_cert_free(newcert);
goto err;
}
return newcert;
@@ -921,7 +823,7 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
/** Set *<b>encoded_out</b> and *<b>size_out</b> to <b>cert</b>'s encoded DER
* representation and length, respectively. */
void
-tor_cert_get_der(const tor_cert_t *cert,
+tor_x509_cert_get_der(const tor_x509_cert_t *cert,
const uint8_t **encoded_out, size_t *size_out)
{
tor_assert(cert);
@@ -934,7 +836,7 @@ tor_cert_get_der(const tor_cert_t *cert,
/** Return a set of digests for the public key in <b>cert</b>, or NULL if this
* cert's public key is not one we know how to take the digest of. */
const digests_t *
-tor_cert_get_id_digests(const tor_cert_t *cert)
+tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
{
if (cert->pkey_digests_set)
return &cert->pkey_digests;
@@ -944,7 +846,7 @@ tor_cert_get_id_digests(const tor_cert_t *cert)
/** Return a set of digests for the public key in <b>cert</b>. */
const digests_t *
-tor_cert_get_cert_digests(const tor_cert_t *cert)
+tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert)
{
return &cert->cert_digests;
}
@@ -957,9 +859,9 @@ tor_tls_context_decref(tor_tls_context_t *ctx)
tor_assert(ctx);
if (--ctx->refcnt == 0) {
SSL_CTX_free(ctx->ctx);
- tor_cert_free(ctx->my_link_cert);
- tor_cert_free(ctx->my_id_cert);
- tor_cert_free(ctx->my_auth_cert);
+ tor_x509_cert_free(ctx->my_link_cert);
+ tor_x509_cert_free(ctx->my_id_cert);
+ tor_x509_cert_free(ctx->my_auth_cert);
crypto_pk_free(ctx->link_key);
crypto_pk_free(ctx->auth_key);
tor_free(ctx);
@@ -973,8 +875,8 @@ tor_tls_context_decref(tor_tls_context_t *ctx)
* client mode. */
int
tor_tls_get_my_certs(int server,
- const tor_cert_t **link_cert_out,
- const tor_cert_t **id_cert_out)
+ const tor_x509_cert_t **link_cert_out,
+ const tor_x509_cert_t **id_cert_out)
{
tor_tls_context_t *ctx = server ? server_tls_context : client_tls_context;
if (! ctx)
@@ -1003,7 +905,7 @@ tor_tls_get_my_client_auth_key(void)
* certifies. Return NULL if the cert's key is not RSA.
*/
crypto_pk_t *
-tor_tls_cert_get_key(tor_cert_t *cert)
+tor_tls_cert_get_key(tor_x509_cert_t *cert)
{
crypto_pk_t *result = NULL;
EVP_PKEY *pkey = X509_get_pubkey(cert->cert);
@@ -1023,8 +925,8 @@ tor_tls_cert_get_key(tor_cert_t *cert)
/** Return true iff the other side of <b>tls</b> has authenticated to us, and
* the key certified in <b>cert</b> is the same as the key they used to do it.
*/
-int
-tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert)
+MOCK_IMPL(int,
+tor_tls_cert_matches_key,(const tor_tls_t *tls, const tor_x509_cert_t *cert))
{
X509 *peercert = SSL_get_peer_certificate(tls->ssl);
EVP_PKEY *link_key = NULL, *cert_key = NULL;
@@ -1053,8 +955,8 @@ tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert)
* we couldn't check it. */
int
tor_tls_cert_is_valid(int severity,
- const tor_cert_t *cert,
- const tor_cert_t *signing_cert,
+ const tor_x509_cert_t *cert,
+ const tor_x509_cert_t *signing_cert,
int check_rsa_1024)
{
check_no_tls_errors();
@@ -1265,9 +1167,9 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
result = tor_malloc_zero(sizeof(tor_tls_context_t));
result->refcnt = 1;
if (!is_client) {
- result->my_link_cert = tor_cert_new(X509_dup(cert));
- result->my_id_cert = tor_cert_new(X509_dup(idcert));
- result->my_auth_cert = tor_cert_new(X509_dup(authcert));
+ result->my_link_cert = tor_x509_cert_new(X509_dup(cert));
+ result->my_id_cert = tor_x509_cert_new(X509_dup(idcert));
+ result->my_auth_cert = tor_x509_cert_new(X509_dup(authcert));
if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert)
goto error;
result->link_key = crypto_pk_dup_key(rsa);
@@ -1284,8 +1186,13 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
#endif
/* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */
+#ifdef HAVE_TLS_METHOD
+ if (!(result->ctx = SSL_CTX_new(TLS_method())))
+ goto error;
+#else
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
goto error;
+#endif
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
@@ -1326,24 +1233,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
}
#endif
- /* XXX This block is now obsolete. */
- if (
-#ifdef DISABLE_SSL3_HANDSHAKE
- 1 ||
-#endif
- SSLeay() < OPENSSL_V(0,9,8,'s') ||
- (SSLeay() >= OPENSSL_V_SERIES(0,9,9) &&
- SSLeay() < OPENSSL_V(1,0,0,'f'))) {
- /* And not SSL3 if it's subject to CVE-2011-4576. */
- log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version "
- "might otherwise be vulnerable to CVE-2011-4576 "
- "(compile-time version %08lx (%s); "
- "runtime version %08lx (%s))",
- (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
- (unsigned long)SSLeay(), SSLeay_version(SSLEAY_VERSION));
- SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
- }
-
SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_options(result->ctx, SSL_OP_SINGLE_ECDH_USE);
@@ -1354,16 +1243,21 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
/* Yes, we know what we are doing here. No, we do not treat a renegotiation
* as authenticating any earlier-received data.
*/
- if (use_unsafe_renegotiation_op) {
+ {
SSL_CTX_set_options(result->ctx,
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
}
+#ifdef SSL_OP_NO_COMPRESSION
+ SSL_CTX_set_options(result->ctx, SSL_OP_NO_COMPRESSION);
+#endif
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
#ifndef OPENSSL_NO_COMP
/* Don't actually allow compression; it uses ram and time, but the data
* we transmit is all encrypted anyway. */
if (result->ctx->comp_methods)
result->ctx->comp_methods = NULL;
#endif
+#endif
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
@@ -1398,8 +1292,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
SSL_CTX_set_tmp_dh(result->ctx, crypto_dh_get_dh_(dh));
crypto_dh_free(dh);
}
-#if (!defined(OPENSSL_NO_EC) && \
- OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0))
if (! is_client) {
int nid;
EC_KEY *ec_key;
@@ -1415,9 +1307,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
SSL_CTX_set_tmp_ecdh(result->ctx, ec_key);
EC_KEY_free(ec_key);
}
-#else
- (void)flags;
-#endif
SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER,
always_accept_verify_cb);
/* let us realloc bufs that we're writing from */
@@ -1511,10 +1400,23 @@ static int v2_cipher_list_pruned = 0;
/** Return 0 if <b>m</b> does not support the cipher with ID <b>cipher</b>;
* return 1 if it does support it, or if we have no way to tell. */
static int
-find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
+find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
{
const SSL_CIPHER *c;
-#ifdef HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR
+#ifdef HAVE_SSL_CIPHER_FIND
+ {
+ unsigned char cipherid[3];
+ tor_assert(ssl);
+ set_uint16(cipherid, htons(cipher));
+ cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
+ * with a two-byte 'cipherid', it may look for a v2
+ * cipher with the appropriate 3 bytes. */
+ c = SSL_CIPHER_find((SSL*)ssl, cipherid);
+ if (c)
+ tor_assert((SSL_CIPHER_get_id(c) & 0xffff) == cipher);
+ return c != NULL;
+ }
+#elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR)
if (m && m->get_cipher_by_char) {
unsigned char cipherid[3];
set_uint16(cipherid, htons(cipher));
@@ -1527,6 +1429,7 @@ find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
return c != NULL;
} else
#endif
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
if (m && m->get_cipher && m->num_ciphers) {
/* It would seem that some of the "let's-clean-up-openssl" forks have
* removed the get_cipher_by_char function. Okay, so now you get a
@@ -1540,23 +1443,30 @@ find_cipher_by_id(const SSL_METHOD *m, uint16_t cipher)
}
}
return 0;
- } else {
- return 1; /* No way to search */
}
+#endif
+ (void) ssl;
+ (void) m;
+ (void) cipher;
+ return 1; /* No way to search */
}
/** Remove from v2_cipher_list every cipher that we don't support, so that
* comparing v2_cipher_list to a client's cipher list will give a sensible
* result. */
static void
-prune_v2_cipher_list(void)
+prune_v2_cipher_list(const SSL *ssl)
{
uint16_t *inp, *outp;
+#ifdef HAVE_TLS_METHOD
+ const SSL_METHOD *m = TLS_method();
+#else
const SSL_METHOD *m = SSLv23_method();
+#endif
inp = outp = v2_cipher_list;
while (*inp) {
- if (find_cipher_by_id(m, *inp)) {
+ if (find_cipher_by_id(ssl, m, *inp)) {
*outp++ = *inp++;
} else {
inp++;
@@ -1578,7 +1488,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
int i, res;
tor_tls_t *tor_tls;
if (PREDICT_UNLIKELY(!v2_cipher_list_pruned))
- prune_v2_cipher_list();
+ prune_v2_cipher_list(ssl);
tor_tls = tor_tls_get_by_ssl(ssl);
if (tor_tls && tor_tls->client_cipher_list_type)
@@ -1612,7 +1522,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
const uint16_t *v2_cipher = v2_cipher_list;
for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) {
SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i);
- uint16_t id = cipher->id & 0xffff;
+ uint16_t id = SSL_CIPHER_get_id(cipher) & 0xffff;
if (id == 0x00ff) /* extended renegotiation indicator. */
continue;
if (!id || id != *v2_cipher) {
@@ -1656,13 +1566,19 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
static int
tor_tls_client_is_using_v2_ciphers(const SSL *ssl)
{
+ STACK_OF(SSL_CIPHER) *ciphers;
+#ifdef HAVE_SSL_GET_CLIENT_CIPHERS
+ ciphers = SSL_get_client_ciphers(ssl);
+#else
SSL_SESSION *session;
if (!(session = SSL_get_session((SSL *)ssl))) {
log_info(LD_NET, "No session on TLS?");
return CIPHERS_ERR;
}
+ ciphers = session->ciphers;
+#endif
- return tor_tls_classify_client_ciphers(ssl, session->ciphers) >= CIPHERS_V2;
+ return tor_tls_classify_client_ciphers(ssl, ciphers) >= CIPHERS_V2;
}
/** Invoked when we're accepting a connection on <b>ssl</b>, and the connection
@@ -1675,14 +1591,17 @@ static void
tor_tls_server_info_callback(const SSL *ssl, int type, int val)
{
tor_tls_t *tls;
+ int ssl_state;
(void) val;
tor_tls_debug_state_callback(ssl, type, val);
if (type != SSL_CB_ACCEPT_LOOP)
return;
- if ((ssl->state != SSL3_ST_SW_SRVR_HELLO_A) &&
- (ssl->state != SSL3_ST_SW_SRVR_HELLO_B))
+
+ ssl_state = SSL_state(ssl);
+ if ((ssl_state != SSL3_ST_SW_SRVR_HELLO_A) &&
+ (ssl_state != SSL3_ST_SW_SRVR_HELLO_B))
return;
tls = tor_tls_get_by_ssl(ssl);
@@ -1713,10 +1632,6 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
if (tls) {
tls->wasV2Handshake = 1;
-#ifdef USE_BUFFEREVENTS
- if (use_unsafe_renegotiation_flag)
- tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-#endif
} else {
log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!");
}
@@ -1724,7 +1639,6 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
}
#endif
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
/** Callback to get invoked on a server after we've read the list of ciphers
* the client supports, but before we pick our own ciphersuite.
*
@@ -1762,128 +1676,6 @@ tor_tls_setup_session_secret_cb(tor_tls_t *tls)
{
SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL);
}
-#else
-#define tor_tls_setup_session_secret_cb(tls) STMT_NIL
-#endif
-
-/** Explain which ciphers we're missing. */
-static void
-log_unsupported_ciphers(smartlist_t *unsupported)
-{
- char *joined;
-
- log_notice(LD_NET, "We weren't able to find support for all of the "
- "TLS ciphersuites that we wanted to advertise. This won't "
- "hurt security, but it might make your Tor (if run as a client) "
- "more easy for censors to block.");
-
- if (SSLeay() < 0x10000000L) {
- log_notice(LD_NET, "To correct this, use a more recent OpenSSL, "
- "built without disabling any secure ciphers or features.");
- } else {
- log_notice(LD_NET, "To correct this, use a version of OpenSSL "
- "built with none of its ciphers disabled.");
- }
-
- joined = smartlist_join_strings(unsupported, ":", 0, NULL);
- log_info(LD_NET, "The unsupported ciphers were: %s", joined);
- tor_free(joined);
-}
-
-/** Replace *<b>ciphers</b> with a new list of SSL ciphersuites: specifically,
- * a list designed to mimic a common web browser. We might not be able to do
- * that if OpenSSL doesn't support all the ciphers we want. Some of the
- * ciphers in the list won't actually be implemented by OpenSSL: that's okay
- * so long as the server doesn't select them.
- *
- * [If the server <b>does</b> select a bogus cipher, we won't crash or
- * anything; we'll just fail later when we try to look up the cipher in
- * ssl->cipher_list_by_id.]
- */
-static void
-rectify_client_ciphers(STACK_OF(SSL_CIPHER) **ciphers)
-{
-#ifdef V2_HANDSHAKE_CLIENT
- if (PREDICT_UNLIKELY(!CLIENT_CIPHER_STACK)) {
- /* We need to set CLIENT_CIPHER_STACK to an array of the ciphers
- * we want to use/advertise. */
- int i = 0, j = 0;
- smartlist_t *unsupported = smartlist_new();
-
- /* First, create a dummy SSL_CIPHER for every cipher. */
- CLIENT_CIPHER_DUMMIES =
- tor_malloc_zero(sizeof(SSL_CIPHER)*N_CLIENT_CIPHERS);
- for (i=0; i < N_CLIENT_CIPHERS; ++i) {
- CLIENT_CIPHER_DUMMIES[i].valid = 1;
- /* The "3<<24" here signifies that the cipher is supposed to work with
- * SSL3 and TLS1. */
- CLIENT_CIPHER_DUMMIES[i].id = CLIENT_CIPHER_INFO_LIST[i].id | (3<<24);
- CLIENT_CIPHER_DUMMIES[i].name = CLIENT_CIPHER_INFO_LIST[i].name;
- }
-
- CLIENT_CIPHER_STACK = sk_SSL_CIPHER_new_null();
- tor_assert(CLIENT_CIPHER_STACK);
-
- log_debug(LD_NET, "List was: %s", CLIENT_CIPHER_LIST);
- for (j = 0; j < sk_SSL_CIPHER_num(*ciphers); ++j) {
- SSL_CIPHER *cipher = sk_SSL_CIPHER_value(*ciphers, j);
- log_debug(LD_NET, "Cipher %d: %lx %s", j, cipher->id, cipher->name);
- }
-
- /* Then copy as many ciphers as we can from the good list, inserting
- * dummies as needed. Let j be an index into list of ciphers we have
- * (*ciphers) and let i be an index into the ciphers we want
- * (CLIENT_INFO_CIPHER_LIST). We are building a list of ciphers in
- * CLIENT_CIPHER_STACK.
- */
- for (i = j = 0; i < N_CLIENT_CIPHERS; ) {
- SSL_CIPHER *cipher = NULL;
- if (j < sk_SSL_CIPHER_num(*ciphers))
- cipher = sk_SSL_CIPHER_value(*ciphers, j);
- if (cipher && ((cipher->id >> 24) & 0xff) != 3) {
- /* Skip over non-v3 ciphers entirely. (This should no longer be
- * needed, thanks to saying !SSLv2 above.) */
- log_debug(LD_NET, "Skipping v%d cipher %s",
- (int)((cipher->id>>24) & 0xff),
- cipher->name);
- ++j;
- } else if (cipher &&
- (cipher->id & 0xffff) == CLIENT_CIPHER_INFO_LIST[i].id) {
- /* "cipher" is the cipher we expect. Put it on the list. */
- log_debug(LD_NET, "Found cipher %s", cipher->name);
- sk_SSL_CIPHER_push(CLIENT_CIPHER_STACK, cipher);
- ++j;
- ++i;
- } else if (!strcmp(CLIENT_CIPHER_DUMMIES[i].name,
- "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA")) {
- /* We found bogus cipher 0xfeff, which OpenSSL doesn't support and
- * never has. For this one, we need a dummy. */
- log_debug(LD_NET, "Inserting fake %s", CLIENT_CIPHER_DUMMIES[i].name);
- sk_SSL_CIPHER_push(CLIENT_CIPHER_STACK, &CLIENT_CIPHER_DUMMIES[i]);
- ++i;
- } else {
- /* OpenSSL doesn't have this one. */
- log_debug(LD_NET, "Completely omitting unsupported cipher %s",
- CLIENT_CIPHER_INFO_LIST[i].name);
- smartlist_add(unsupported, (char*) CLIENT_CIPHER_INFO_LIST[i].name);
- ++i;
- }
- }
-
- if (smartlist_len(unsupported))
- log_unsupported_ciphers(unsupported);
-
- smartlist_free(unsupported);
- }
-
- sk_SSL_CIPHER_free(*ciphers);
- *ciphers = sk_SSL_CIPHER_dup(CLIENT_CIPHER_STACK);
- tor_assert(*ciphers);
-
-#else
- (void)ciphers;
-#endif
-}
/** Create a new TLS object from a file descriptor, and a flag to
* determine whether it is functioning as a server.
@@ -1924,8 +1716,6 @@ tor_tls_new(int sock, int isServer)
tor_free(result);
goto err;
}
- if (!isServer)
- rectify_client_ciphers(&result->ssl->cipher_list);
result->socket = sock;
bio = BIO_new_socket(sock, BIO_NOCLOSE);
if (! bio) {
@@ -2018,13 +1808,8 @@ tor_tls_unblock_renegotiation(tor_tls_t *tls)
{
/* Yes, we know what we are doing here. No, we do not treat a renegotiation
* as authenticating any earlier-received data. */
- if (use_unsafe_renegotiation_flag) {
- tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
- }
- if (use_unsafe_renegotiation_op) {
- SSL_set_options(tls->ssl,
- SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
- }
+ SSL_set_options(tls->ssl,
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
}
/** If this version of openssl supports it, turn off renegotiation on
@@ -2034,21 +1819,19 @@ tor_tls_unblock_renegotiation(tor_tls_t *tls)
void
tor_tls_block_renegotiation(tor_tls_t *tls)
{
+#ifdef SUPPORT_UNSAFE_RENEGOTIATION_FLAG
tls->ssl->s3->flags &= ~SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+#else
+ (void) tls;
+#endif
}
/** Assert that the flags that allow legacy renegotiation are still set */
void
tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
{
- if (use_unsafe_renegotiation_flag) {
- tor_assert(0 != (tls->ssl->s3->flags &
- SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
- }
- if (use_unsafe_renegotiation_op) {
- long options = SSL_get_options(tls->ssl);
- tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
- }
+ long options = SSL_get_options(tls->ssl);
+ tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
}
/** Return whether this tls initiated the connect (client) or
@@ -2091,8 +1874,8 @@ tor_tls_free(tor_tls_t *tls)
* number of characters read. On failure, returns TOR_TLS_ERROR,
* TOR_TLS_CLOSE, TOR_TLS_WANTREAD, or TOR_TLS_WANTWRITE.
*/
-int
-tor_tls_read(tor_tls_t *tls, char *cp, size_t len)
+MOCK_IMPL(int,
+tor_tls_read,(tor_tls_t *tls, char *cp, size_t len))
{
int r, err;
tor_assert(tls);
@@ -2179,7 +1962,7 @@ tor_tls_handshake(tor_tls_t *tls)
tor_assert(tls->ssl);
tor_assert(tls->state == TOR_TLS_ST_HANDSHAKE);
check_no_tls_errors();
- oldstate = tls->ssl->state;
+ oldstate = SSL_state(tls->ssl);
if (tls->isServer) {
log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls,
SSL_state_string_long(tls->ssl));
@@ -2189,7 +1972,7 @@ tor_tls_handshake(tor_tls_t *tls)
SSL_state_string_long(tls->ssl));
r = SSL_connect(tls->ssl);
}
- if (oldstate != tls->ssl->state)
+ if (oldstate != SSL_state(tls->ssl))
log_debug(LD_HANDSHAKE, "After call, %p was in state %s",
tls, SSL_state_string_long(tls->ssl));
/* We need to call this here and not earlier, since OpenSSL has a penchant
@@ -2224,8 +2007,7 @@ tor_tls_finish_handshake(tor_tls_t *tls)
if (tls->isServer) {
SSL_set_info_callback(tls->ssl, NULL);
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
- /* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
- tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
+ SSL_clear_mode(tls->ssl, SSL_MODE_NO_AUTO_CHAIN);
#ifdef V2_HANDSHAKE_SERVER
if (tor_tls_client_is_using_v2_ciphers(tls->ssl)) {
/* This check is redundant, but back when we did it in the callback,
@@ -2394,15 +2176,15 @@ tor_tls_peer_has_cert(tor_tls_t *tls)
}
/** Return the peer certificate, or NULL if there isn't one. */
-tor_cert_t *
-tor_tls_get_peer_cert(tor_tls_t *tls)
+MOCK_IMPL(tor_x509_cert_t *,
+tor_tls_get_peer_cert,(tor_tls_t *tls))
{
X509 *cert;
cert = SSL_get_peer_certificate(tls->ssl);
tls_log_errors(tls, LOG_WARN, LD_HANDSHAKE, "getting peer certificate");
if (!cert)
return NULL;
- return tor_cert_new(cert);
+ return tor_x509_cert_new(cert);
}
/** Warn that a certificate lifetime extends through a certain range. */
@@ -2426,7 +2208,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem)
if (!(bio = BIO_new(BIO_s_mem()))) {
log_warn(LD_GENERAL, "Couldn't allocate BIO!"); goto end;
}
- if (!(ASN1_TIME_print(bio, X509_get_notBefore(cert)))) {
+ if (!(ASN1_TIME_print(bio, X509_get_notBefore_const(cert)))) {
tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime");
goto end;
}
@@ -2434,7 +2216,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem)
s1 = tor_strndup(buf->data, buf->length);
(void)BIO_reset(bio);
- if (!(ASN1_TIME_print(bio, X509_get_notAfter(cert)))) {
+ if (!(ASN1_TIME_print(bio, X509_get_notAfter_const(cert)))) {
tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime");
goto end;
}
@@ -2597,12 +2379,12 @@ check_cert_lifetime_internal(int severity, const X509 *cert,
now = time(NULL);
t = now + future_tolerance;
- if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) {
+ if (X509_cmp_time(X509_get_notBefore_const(cert), &t) > 0) {
log_cert_lifetime(severity, cert, "not yet valid");
return -1;
}
t = now - past_tolerance;
- if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) {
+ if (X509_cmp_time(X509_get_notAfter_const(cert), &t) < 0) {
log_cert_lifetime(severity, cert, "already expired");
return -1;
}
@@ -2739,6 +2521,10 @@ dn_indicates_v3_cert(X509_NAME *name)
len = ASN1_STRING_to_UTF8(&s, str);
if (len < 0)
return 0;
+ if (len < 4) {
+ OPENSSL_free(s);
+ return 1;
+ }
r = fast_memneq(s + len - 4, ".net", 4);
OPENSSL_free(s);
return r;
@@ -2816,33 +2602,107 @@ tor_tls_server_got_renegotiate(tor_tls_t *tls)
return tls->got_renegotiate;
}
+#ifndef HAVE_SSL_GET_CLIENT_RANDOM
+static size_t
+SSL_get_client_random(SSL *s, uint8_t *out, size_t len)
+{
+ if (len == 0)
+ return SSL3_RANDOM_SIZE;
+ tor_assert(len == SSL3_RANDOM_SIZE);
+ tor_assert(s->s3);
+ memcpy(out, s->s3->client_random, len);
+ return len;
+}
+#endif
+
+#ifndef HAVE_SSL_GET_SERVER_RANDOM
+static size_t
+SSL_get_server_random(SSL *s, uint8_t *out, size_t len)
+{
+ if (len == 0)
+ return SSL3_RANDOM_SIZE;
+ tor_assert(len == SSL3_RANDOM_SIZE);
+ tor_assert(s->s3);
+ memcpy(out, s->s3->server_random, len);
+ return len;
+}
+#endif
+
+#ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
+static size_t
+SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out, size_t len)
+{
+ tor_assert(s);
+ if (len == 0)
+ return s->master_key_length;
+ tor_assert(len == (size_t)s->master_key_length);
+ tor_assert(out);
+ memcpy(out, s->master_key, len);
+ return len;
+}
+#endif
+
/** Set the DIGEST256_LEN buffer at <b>secrets_out</b> to the value used in
* the v3 handshake to prove that the client knows the TLS secrets for the
* connection <b>tls</b>. Return 0 on success, -1 on failure.
*/
-int
-tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
+MOCK_IMPL(int,
+tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out))
{
#define TLSSECRET_MAGIC "Tor V3 handshake TLS cross-certification"
- char buf[128];
+ uint8_t buf[128];
size_t len;
+
tor_assert(tls);
- tor_assert(tls->ssl);
- tor_assert(tls->ssl->s3);
- tor_assert(tls->ssl->session);
+
+ SSL *const ssl = tls->ssl;
+ SSL_SESSION *const session = SSL_get_session(ssl);
+
+ tor_assert(ssl);
+ tor_assert(session);
+
+ const size_t server_random_len = SSL_get_server_random(ssl, NULL, 0);
+ const size_t client_random_len = SSL_get_client_random(ssl, NULL, 0);
+ const size_t master_key_len = SSL_SESSION_get_master_key(session, NULL, 0);
+
+ tor_assert(server_random_len);
+ tor_assert(client_random_len);
+ tor_assert(master_key_len);
+
+ len = client_random_len + server_random_len + strlen(TLSSECRET_MAGIC) + 1;
+ tor_assert(len <= sizeof(buf));
+
+ {
+ size_t r = SSL_get_client_random(ssl, buf, client_random_len);
+ tor_assert(r == client_random_len);
+ }
+ {
+ size_t r = SSL_get_server_random(ssl,
+ buf+client_random_len,
+ server_random_len);
+ tor_assert(r == server_random_len);
+ }
+ uint8_t *master_key = tor_malloc_zero(master_key_len);
+ {
+ size_t r = SSL_SESSION_get_master_key(session, master_key, master_key_len);
+ tor_assert(r == master_key_len);
+ }
+
+ uint8_t *nextbuf = buf + client_random_len + server_random_len;
+ memcpy(nextbuf, TLSSECRET_MAGIC, strlen(TLSSECRET_MAGIC) + 1);
+
/*
The value is an HMAC, using the TLS master key as the HMAC key, of
client_random | server_random | TLSSECRET_MAGIC
*/
- memcpy(buf + 0, tls->ssl->s3->client_random, 32);
- memcpy(buf + 32, tls->ssl->s3->server_random, 32);
- memcpy(buf + 64, TLSSECRET_MAGIC, strlen(TLSSECRET_MAGIC) + 1);
- len = 64 + strlen(TLSSECRET_MAGIC) + 1;
crypto_hmac_sha256((char*)secrets_out,
- (char*)tls->ssl->session->master_key,
- tls->ssl->session->master_key_length,
- buf, len);
+ (char*)master_key,
+ master_key_len,
+ (char*)buf, len);
memwipe(buf, 0, sizeof(buf));
+ memwipe(master_key, 0, master_key_len);
+ tor_free(master_key);
+
return 0;
}
@@ -2850,12 +2710,23 @@ tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
* Set *<b>rbuf_capacity</b> to the amount of storage allocated for the read
* buffer and *<b>rbuf_bytes</b> to the amount actually used.
* Set *<b>wbuf_capacity</b> to the amount of storage allocated for the write
- * buffer and *<b>wbuf_bytes</b> to the amount actually used. */
-void
+ * buffer and *<b>wbuf_bytes</b> to the amount actually used.
+ *
+ * Return 0 on success, -1 on failure.*/
+int
tor_tls_get_buffer_sizes(tor_tls_t *tls,
size_t *rbuf_capacity, size_t *rbuf_bytes,
size_t *wbuf_capacity, size_t *wbuf_bytes)
{
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ (void)tls;
+ (void)rbuf_capacity;
+ (void)rbuf_bytes;
+ (void)wbuf_capacity;
+ (void)wbuf_bytes;
+
+ return -1;
+#else
if (tls->ssl->s3->rbuf.buf)
*rbuf_capacity = tls->ssl->s3->rbuf.len;
else
@@ -2866,6 +2737,8 @@ tor_tls_get_buffer_sizes(tor_tls_t *tls,
*wbuf_capacity = 0;
*rbuf_bytes = tls->ssl->s3->rbuf.left;
*wbuf_bytes = tls->ssl->s3->wbuf.left;
+ return 0;
+#endif
}
#ifdef USE_BUFFEREVENTS
@@ -2940,3 +2813,29 @@ tor_tls_init_bufferevent(tor_tls_t *tls, struct bufferevent *bufev_in,
}
#endif
+/** Check whether the ECC group requested is supported by the current OpenSSL
+ * library instance. Return 1 if the group is supported, and 0 if not.
+ */
+int
+evaluate_ecgroup_for_tls(const char *ecgroup)
+{
+ EC_KEY *ec_key;
+ int nid;
+ int ret;
+
+ if (!ecgroup)
+ nid = NID_tor_default_ecdhe_group;
+ else if (!strcasecmp(ecgroup, "P256"))
+ nid = NID_X9_62_prime256v1;
+ else if (!strcasecmp(ecgroup, "P224"))
+ nid = NID_secp224r1;
+ else
+ return 0;
+
+ ec_key = EC_KEY_new_by_curve_name(nid);
+ ret = (ec_key != NULL);
+ EC_KEY_free(ec_key);
+
+ return ret;
+}
+
diff --git a/src/common/tortls.h b/src/common/tortls.h
index f8c6d5913b..124b77160f 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -19,7 +19,7 @@
typedef struct tor_tls_t tor_tls_t;
/* Opaque structure to hold an X509 certificate. */
-typedef struct tor_cert_t tor_cert_t;
+typedef struct tor_x509_cert_t tor_x509_cert_t;
/* Possible return values for most tor_tls_* functions. */
#define MIN_TOR_TLS_ERROR_VAL_ -9
@@ -72,12 +72,12 @@ void tor_tls_set_renegotiate_callback(tor_tls_t *tls,
int tor_tls_is_server(tor_tls_t *tls);
void tor_tls_free(tor_tls_t *tls);
int tor_tls_peer_has_cert(tor_tls_t *tls);
-tor_cert_t *tor_tls_get_peer_cert(tor_tls_t *tls);
+MOCK_DECL(tor_x509_cert_t *,tor_tls_get_peer_cert,(tor_tls_t *tls));
int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
int tor_tls_check_lifetime(int severity,
tor_tls_t *tls, int past_tolerance,
int future_tolerance);
-int tor_tls_read(tor_tls_t *tls, char *cp, size_t len);
+MOCK_DECL(int, tor_tls_read, (tor_tls_t *tls, char *cp, size_t len));
int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);
int tor_tls_handshake(tor_tls_t *tls);
int tor_tls_finish_handshake(tor_tls_t *tls);
@@ -92,7 +92,7 @@ size_t tor_tls_get_forced_write_size(tor_tls_t *tls);
void tor_tls_get_n_raw_bytes(tor_tls_t *tls,
size_t *n_read, size_t *n_written);
-void tor_tls_get_buffer_sizes(tor_tls_t *tls,
+int tor_tls_get_buffer_sizes(tor_tls_t *tls,
size_t *rbuf_capacity, size_t *rbuf_bytes,
size_t *wbuf_capacity, size_t *wbuf_bytes);
@@ -102,7 +102,7 @@ int tor_tls_used_v1_handshake(tor_tls_t *tls);
int tor_tls_received_v3_certificate(tor_tls_t *tls);
int tor_tls_get_num_server_handshakes(tor_tls_t *tls);
int tor_tls_server_got_renegotiate(tor_tls_t *tls);
-int tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out);
+MOCK_DECL(int,tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out));
/* Log and abort if there are unhandled TLS errors in OpenSSL's error stack.
*/
@@ -120,24 +120,27 @@ struct bufferevent *tor_tls_init_bufferevent(tor_tls_t *tls,
int filter);
#endif
-void tor_cert_free(tor_cert_t *cert);
-tor_cert_t *tor_cert_decode(const uint8_t *certificate,
+void tor_x509_cert_free(tor_x509_cert_t *cert);
+tor_x509_cert_t *tor_x509_cert_decode(const uint8_t *certificate,
size_t certificate_len);
-void tor_cert_get_der(const tor_cert_t *cert,
+void tor_x509_cert_get_der(const tor_x509_cert_t *cert,
const uint8_t **encoded_out, size_t *size_out);
-const digests_t *tor_cert_get_id_digests(const tor_cert_t *cert);
-const digests_t *tor_cert_get_cert_digests(const tor_cert_t *cert);
+const digests_t *tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert);
+const digests_t *tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert);
int tor_tls_get_my_certs(int server,
- const tor_cert_t **link_cert_out,
- const tor_cert_t **id_cert_out);
+ const tor_x509_cert_t **link_cert_out,
+ const tor_x509_cert_t **id_cert_out);
crypto_pk_t *tor_tls_get_my_client_auth_key(void);
-crypto_pk_t *tor_tls_cert_get_key(tor_cert_t *cert);
-int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert);
+crypto_pk_t *tor_tls_cert_get_key(tor_x509_cert_t *cert);
+MOCK_DECL(int,tor_tls_cert_matches_key,(const tor_tls_t *tls,
+ const tor_x509_cert_t *cert));
int tor_tls_cert_is_valid(int severity,
- const tor_cert_t *cert,
- const tor_cert_t *signing_cert,
+ const tor_x509_cert_t *cert,
+ const tor_x509_cert_t *signing_cert,
int check_rsa_1024);
const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
+int evaluate_ecgroup_for_tls(const char *ecgroup);
+
#endif
diff --git a/src/common/util.c b/src/common/util.c
index 442d57a2cf..86f36b8eb8 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -27,6 +27,7 @@
#include "sandbox.h"
#include "backtrace.h"
#include "util_process.h"
+#include "util_format.h"
#ifdef _WIN32
#include <io.h>
@@ -95,6 +96,9 @@
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
+#if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
+#include <sys/prctl.h>
+#endif
#ifdef __clang_analyzer__
#undef MALLOC_ZERO_WORKS
@@ -771,16 +775,6 @@ fast_memcmpstart(const void *mem, size_t memlen,
return fast_memcmp(mem, prefix, plen);
}
-/** Given a nul-terminated string s, set every character before the nul
- * to zero. */
-void
-tor_strclear(char *s)
-{
- while (*s) {
- *s++ = '\0';
- }
-}
-
/** Return a pointer to the first char of s that is not whitespace and
* not a comment, or to the terminating NUL if no such character exists.
*/
@@ -1043,6 +1037,9 @@ string_is_valid_ipv6_address(const char *string)
/** Return true iff <b>string</b> matches a pattern of DNS names
* that we allow Tor clients to connect to.
+ *
+ * Note: This allows certain technically invalid characters ('_') to cope
+ * with misconfigured zones that have been encountered in the wild.
*/
int
string_is_valid_hostname(const char *string)
@@ -1055,16 +1052,22 @@ string_is_valid_hostname(const char *string)
smartlist_split_string(components,string,".",0,0);
SMARTLIST_FOREACH_BEGIN(components, char *, c) {
- if (c[0] == '-') {
+ if ((c[0] == '-') || (*c == '_')) {
result = 0;
break;
}
+ /* Allow a single terminating '.' used rarely to indicate domains
+ * are FQDNs rather than relative. */
+ if ((c_sl_idx > 0) && (c_sl_idx + 1 == c_sl_len) && !*c) {
+ continue;
+ }
+
do {
if ((*c >= 'a' && *c <= 'z') ||
(*c >= 'A' && *c <= 'Z') ||
(*c >= '0' && *c <= '9') ||
- (*c == '-'))
+ (*c == '-') || (*c == '_'))
c++;
else
result = 0;
@@ -1209,91 +1212,6 @@ tor_parse_uint64(const char *s, int base, uint64_t min,
CHECK_STRTOX_RESULT();
}
-/** Encode the <b>srclen</b> bytes at <b>src</b> in a NUL-terminated,
- * uppercase hexadecimal string; store it in the <b>destlen</b>-byte buffer
- * <b>dest</b>.
- */
-void
-base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
- const char *end;
- char *cp;
-
- tor_assert(destlen >= srclen*2+1);
- tor_assert(destlen < SIZE_T_CEILING);
-
- cp = dest;
- end = src+srclen;
- while (src<end) {
- *cp++ = "0123456789ABCDEF"[ (*(const uint8_t*)src) >> 4 ];
- *cp++ = "0123456789ABCDEF"[ (*(const uint8_t*)src) & 0xf ];
- ++src;
- }
- *cp = '\0';
-}
-
-/** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
-static INLINE int
-hex_decode_digit_(char c)
-{
- switch (c) {
- case '0': return 0;
- case '1': return 1;
- case '2': return 2;
- case '3': return 3;
- case '4': return 4;
- case '5': return 5;
- case '6': return 6;
- case '7': return 7;
- case '8': return 8;
- case '9': return 9;
- case 'A': case 'a': return 10;
- case 'B': case 'b': return 11;
- case 'C': case 'c': return 12;
- case 'D': case 'd': return 13;
- case 'E': case 'e': return 14;
- case 'F': case 'f': return 15;
- default:
- return -1;
- }
-}
-
-/** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
-int
-hex_decode_digit(char c)
-{
- return hex_decode_digit_(c);
-}
-
-/** Given a hexadecimal string of <b>srclen</b> bytes in <b>src</b>, decode it
- * and store the result in the <b>destlen</b>-byte buffer at <b>dest</b>.
- * Return 0 on success, -1 on failure. */
-int
-base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
-{
- const char *end;
-
- int v1,v2;
- if ((srclen % 2) != 0)
- return -1;
- if (destlen < srclen/2 || destlen > SIZE_T_CEILING)
- return -1;
-
- memset(dest, 0, destlen);
-
- end = src+srclen;
- while (src<end) {
- v1 = hex_decode_digit_(*src);
- v2 = hex_decode_digit_(*(src+1));
- if (v1<0||v2<0)
- return -1;
- *(uint8_t*)dest = (v1<<4)|v2;
- ++dest;
- src+=2;
- }
- return 0;
-}
-
/** Allocate and return a new string representing the contents of <b>s</b>,
* surrounded by quotes and using standard C escapes.
*
@@ -1758,6 +1676,7 @@ parse_iso_time_(const char *cp, time_t *t, int strict)
st_tm.tm_hour = hour;
st_tm.tm_min = minute;
st_tm.tm_sec = second;
+ st_tm.tm_wday = 0; /* Should be ignored. */
if (st_tm.tm_year < 70) {
char *esc = esc_for_log(cp);
@@ -1825,6 +1744,7 @@ parse_http_time(const char *date, struct tm *tm)
tm->tm_hour = (int)tm_hour;
tm->tm_min = (int)tm_min;
tm->tm_sec = (int)tm_sec;
+ tm->tm_wday = 0; /* Leave this unset. */
month[3] = '\0';
/* Okay, now decode the month. */
@@ -2001,8 +1921,10 @@ read_all(tor_socket_t fd, char *buf, size_t count, int isSocket)
size_t numread = 0;
ssize_t result;
- if (count > SIZE_T_CEILING || count > SSIZE_MAX)
+ if (count > SIZE_T_CEILING || count > SSIZE_MAX) {
+ errno = EINVAL;
return -1;
+ }
while (numread != count) {
if (isSocket)
@@ -2562,8 +2484,10 @@ read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out)
char *string = NULL;
size_t string_max = 0;
- if (max_bytes_to_read+1 >= SIZE_T_CEILING)
+ if (max_bytes_to_read+1 >= SIZE_T_CEILING) {
+ errno = EINVAL;
return NULL;
+ }
do {
/* XXXX This "add 1K" approach is a little goofy; if we care about
@@ -2575,7 +2499,9 @@ read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out)
string = tor_realloc(string, string_max);
r = read(fd, string + pos, string_max - pos - 1);
if (r < 0) {
+ int save_errno = errno;
tor_free(string);
+ errno = save_errno;
return NULL;
}
@@ -2643,17 +2569,21 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
if (S_ISFIFO(statbuf.st_mode)) {
size_t sz = 0;
string = read_file_to_str_until_eof(fd, FIFO_READ_MAX, &sz);
+ int save_errno = errno;
if (string && stat_out) {
statbuf.st_size = sz;
memcpy(stat_out, &statbuf, sizeof(struct stat));
}
close(fd);
+ if (!string)
+ errno = save_errno;
return string;
}
#endif
if ((uint64_t)(statbuf.st_size)+1 >= SIZE_T_CEILING) {
close(fd);
+ errno = EINVAL;
return NULL;
}
@@ -2823,38 +2753,9 @@ parse_config_line_from_str_verbose(const char *line, char **key_out,
char **value_out,
const char **err_out)
{
- /* I believe the file format here is supposed to be:
- FILE = (EMPTYLINE | LINE)* (EMPTYLASTLINE | LASTLINE)?
-
- EMPTYLASTLINE = SPACE* | COMMENT
- EMPTYLINE = EMPTYLASTLINE NL
- SPACE = ' ' | '\r' | '\t'
- COMMENT = '#' NOT-NL*
- NOT-NL = Any character except '\n'
- NL = '\n'
-
- LASTLINE = SPACE* KEY SPACE* VALUES
- LINE = LASTLINE NL
- KEY = KEYCHAR+
- KEYCHAR = Any character except ' ', '\r', '\n', '\t', '#', "\"
-
- VALUES = QUOTEDVALUE | NORMALVALUE
- QUOTEDVALUE = QUOTE QVCHAR* QUOTE EOLSPACE?
- QUOTE = '"'
- QVCHAR = KEYCHAR | ESC ('n' | 't' | 'r' | '"' | ESC |'\'' | OCTAL | HEX)
- ESC = "\\"
- OCTAL = ODIGIT (ODIGIT ODIGIT?)?
- HEX = ('x' | 'X') HEXDIGIT HEXDIGIT
- ODIGIT = '0' .. '7'
- HEXDIGIT = '0'..'9' | 'a' .. 'f' | 'A' .. 'F'
- EOLSPACE = SPACE* COMMENT?
-
- NORMALVALUE = (VALCHAR | ESC ESC_IGNORE | CONTINUATION)* EOLSPACE?
- VALCHAR = Any character except ESC, '#', and '\n'
- ESC_IGNORE = Any character except '#' or '\n'
- CONTINUATION = ESC NL ( COMMENT NL )*
+ /*
+ See torrc_format.txt for a description of the (silly) format this parses.
*/
-
const char *key, *val, *cp;
int continuation = 0;
@@ -3562,7 +3463,7 @@ finish_daemon(const char *cp)
/** Write the current process ID, followed by NL, into <b>filename</b>.
*/
void
-write_pidfile(char *filename)
+write_pidfile(const char *filename)
{
FILE *pidfile;
@@ -3949,9 +3850,11 @@ process_handle_new(void)
process_handle_t *out = tor_malloc_zero(sizeof(process_handle_t));
#ifdef _WIN32
+ out->stdin_pipe = INVALID_HANDLE_VALUE;
out->stdout_pipe = INVALID_HANDLE_VALUE;
out->stderr_pipe = INVALID_HANDLE_VALUE;
#else
+ out->stdin_pipe = -1;
out->stdout_pipe = -1;
out->stderr_pipe = -1;
#endif
@@ -3991,7 +3894,7 @@ process_handle_waitpid_cb(int status, void *arg)
#define CHILD_STATE_FORK 3
#define CHILD_STATE_DUPOUT 4
#define CHILD_STATE_DUPERR 5
-#define CHILD_STATE_REDIRECT 6
+#define CHILD_STATE_DUPIN 6
#define CHILD_STATE_CLOSEFD 7
#define CHILD_STATE_EXEC 8
#define CHILD_STATE_FAILEXEC 9
@@ -4025,6 +3928,8 @@ tor_spawn_background(const char *const filename, const char **argv,
HANDLE stdout_pipe_write = NULL;
HANDLE stderr_pipe_read = NULL;
HANDLE stderr_pipe_write = NULL;
+ HANDLE stdin_pipe_read = NULL;
+ HANDLE stdin_pipe_write = NULL;
process_handle_t *process_handle;
int status;
@@ -4070,6 +3975,20 @@ tor_spawn_background(const char *const filename, const char **argv,
return status;
}
+ /* Set up pipe for stdin */
+ if (!CreatePipe(&stdin_pipe_read, &stdin_pipe_write, &saAttr, 0)) {
+ log_warn(LD_GENERAL,
+ "Failed to create pipe for stdin communication with child process: %s",
+ format_win32_error(GetLastError()));
+ return status;
+ }
+ if (!SetHandleInformation(stdin_pipe_write, HANDLE_FLAG_INHERIT, 0)) {
+ log_warn(LD_GENERAL,
+ "Failed to configure pipe for stdin communication with child "
+ "process: %s", format_win32_error(GetLastError()));
+ return status;
+ }
+
/* Create the child process */
/* Windows expects argv to be a whitespace delimited string, so join argv up
@@ -4084,7 +4003,7 @@ tor_spawn_background(const char *const filename, const char **argv,
siStartInfo.cb = sizeof(STARTUPINFO);
siStartInfo.hStdError = stderr_pipe_write;
siStartInfo.hStdOutput = stdout_pipe_write;
- siStartInfo.hStdInput = NULL;
+ siStartInfo.hStdInput = stdin_pipe_read;
siStartInfo.dwFlags |= STARTF_USESTDHANDLES;
/* Create the child process */
@@ -4114,6 +4033,7 @@ tor_spawn_background(const char *const filename, const char **argv,
/* TODO: Close hProcess and hThread in process_handle->pid? */
process_handle->stdout_pipe = stdout_pipe_read;
process_handle->stderr_pipe = stderr_pipe_read;
+ process_handle->stdin_pipe = stdin_pipe_write;
status = process_handle->status = PROCESS_STATUS_RUNNING;
}
@@ -4124,6 +4044,7 @@ tor_spawn_background(const char *const filename, const char **argv,
pid_t pid;
int stdout_pipe[2];
int stderr_pipe[2];
+ int stdin_pipe[2];
int fd, retval;
ssize_t nbytes;
process_handle_t *process_handle;
@@ -4148,7 +4069,7 @@ tor_spawn_background(const char *const filename, const char **argv,
child_state = CHILD_STATE_PIPE;
- /* Set up pipe for redirecting stdout and stderr of child */
+ /* Set up pipe for redirecting stdout, stderr, and stdin of child */
retval = pipe(stdout_pipe);
if (-1 == retval) {
log_warn(LD_GENERAL,
@@ -4169,6 +4090,20 @@ tor_spawn_background(const char *const filename, const char **argv,
return status;
}
+ retval = pipe(stdin_pipe);
+ if (-1 == retval) {
+ log_warn(LD_GENERAL,
+ "Failed to set up pipe for stdin communication with child process: %s",
+ strerror(errno));
+
+ close(stdout_pipe[0]);
+ close(stdout_pipe[1]);
+ close(stderr_pipe[0]);
+ close(stderr_pipe[1]);
+
+ return status;
+ }
+
child_state = CHILD_STATE_MAXFD;
#ifdef _SC_OPEN_MAX
@@ -4190,6 +4125,15 @@ tor_spawn_background(const char *const filename, const char **argv,
if (0 == pid) {
/* In child */
+#if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
+ /* Attempt to have the kernel issue a SIGTERM if the parent
+ * goes away. Certain attributes of the binary being execve()ed
+ * will clear this during the execve() call, but it's better
+ * than nothing.
+ */
+ prctl(PR_SET_PDEATHSIG, SIGTERM);
+#endif
+
child_state = CHILD_STATE_DUPOUT;
/* Link child stdout to the write end of the pipe */
@@ -4204,13 +4148,11 @@ tor_spawn_background(const char *const filename, const char **argv,
if (-1 == retval)
goto error;
- child_state = CHILD_STATE_REDIRECT;
+ child_state = CHILD_STATE_DUPIN;
- /* Link stdin to /dev/null */
- fd = open("/dev/null", O_RDONLY); /* NOT cloexec, obviously. */
- if (fd != -1)
- dup2(fd, STDIN_FILENO);
- else
+ /* Link child stdin to the read end of the pipe */
+ retval = dup2(stdin_pipe[0], STDIN_FILENO);
+ if (-1 == retval)
goto error;
child_state = CHILD_STATE_CLOSEFD;
@@ -4219,7 +4161,8 @@ tor_spawn_background(const char *const filename, const char **argv,
close(stderr_pipe[1]);
close(stdout_pipe[0]);
close(stdout_pipe[1]);
- close(fd);
+ close(stdin_pipe[0]);
+ close(stdin_pipe[1]);
/* Close all other fds, including the read end of the pipe */
/* XXX: We should now be doing enough FD_CLOEXEC setting to make
@@ -4235,8 +4178,10 @@ tor_spawn_background(const char *const filename, const char **argv,
does not modify the arguments */
if (env)
execve(filename, (char *const *) argv, env->unixoid_environment_block);
- else
- execvp(filename, (char *const *) argv);
+ else {
+ static char *new_env[] = { NULL };
+ execve(filename, (char *const *) argv, new_env);
+ }
/* If we got here, the exec or open(/dev/null) failed */
@@ -4269,6 +4214,8 @@ tor_spawn_background(const char *const filename, const char **argv,
if (-1 == pid) {
log_warn(LD_GENERAL, "Failed to fork child process: %s", strerror(errno));
+ close(stdin_pipe[0]);
+ close(stdin_pipe[1]);
close(stdout_pipe[0]);
close(stdout_pipe[1]);
close(stderr_pipe[0]);
@@ -4305,16 +4252,28 @@ tor_spawn_background(const char *const filename, const char **argv,
strerror(errno));
}
+ /* Return write end of the stdin pipe to caller, and close the read end */
+ process_handle->stdin_pipe = stdin_pipe[1];
+ retval = close(stdin_pipe[0]);
+
+ if (-1 == retval) {
+ log_warn(LD_GENERAL,
+ "Failed to close read end of stdin pipe in parent process: %s",
+ strerror(errno));
+ }
+
status = process_handle->status = PROCESS_STATUS_RUNNING;
- /* Set stdout/stderr pipes to be non-blocking */
+ /* Set stdin/stdout/stderr pipes to be non-blocking */
if (fcntl(process_handle->stdout_pipe, F_SETFL, O_NONBLOCK) < 0 ||
- fcntl(process_handle->stderr_pipe, F_SETFL, O_NONBLOCK) < 0) {
- log_warn(LD_GENERAL, "Failed to set stderror/stdout pipes nonblocking "
- "in parent process: %s", strerror(errno));
+ fcntl(process_handle->stderr_pipe, F_SETFL, O_NONBLOCK) < 0 ||
+ fcntl(process_handle->stdin_pipe, F_SETFL, O_NONBLOCK) < 0) {
+ log_warn(LD_GENERAL, "Failed to set stderror/stdout/stdin pipes "
+ "nonblocking in parent process: %s", strerror(errno));
}
/* Open the buffered IO streams */
process_handle->stdout_handle = fdopen(process_handle->stdout_pipe, "r");
process_handle->stderr_handle = fdopen(process_handle->stderr_pipe, "r");
+ process_handle->stdin_handle = fdopen(process_handle->stdin_pipe, "r");
*process_handle_out = process_handle;
return process_handle->status;
@@ -4357,6 +4316,9 @@ tor_process_handle_destroy,(process_handle_t *process_handle,
if (process_handle->stderr_pipe)
CloseHandle(process_handle->stderr_pipe);
+
+ if (process_handle->stdin_pipe)
+ CloseHandle(process_handle->stdin_pipe);
#else
if (process_handle->stdout_handle)
fclose(process_handle->stdout_handle);
@@ -4364,6 +4326,9 @@ tor_process_handle_destroy,(process_handle_t *process_handle,
if (process_handle->stderr_handle)
fclose(process_handle->stderr_handle);
+ if (process_handle->stdin_handle)
+ fclose(process_handle->stdin_handle);
+
clear_waitpid_callback(process_handle->waitpid_cb);
#endif
diff --git a/src/common/util.h b/src/common/util.h
index ea774bd9bd..8bb4505e86 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -45,6 +45,13 @@
#error "Sorry; we don't support building with NDEBUG."
#endif
+/* Don't use assertions during coverage. It leads to tons of unreached
+ * branches which in reality are only assertions we didn't hit. */
+#ifdef TOR_COVERAGE
+#define tor_assert(a) STMT_BEGIN \
+ (void)(a); \
+ STMT_END
+#else
/** Like assert(3), but send assertion failures to the log as well as to
* stderr. */
#define tor_assert(expr) STMT_BEGIN \
@@ -52,6 +59,7 @@
tor_assertion_failed_(SHORT_FILE__, __LINE__, __func__, #expr); \
abort(); \
} STMT_END
+#endif
void tor_assertion_failed_(const char *fname, unsigned int line,
const char *func, const char *expr);
@@ -209,7 +217,6 @@ int strcasecmpstart(const char *s1, const char *s2) ATTR_NONNULL((1,2));
int strcmpend(const char *s1, const char *s2) ATTR_NONNULL((1,2));
int strcasecmpend(const char *s1, const char *s2) ATTR_NONNULL((1,2));
int fast_memcmpstart(const void *mem, size_t memlen, const char *prefix);
-void tor_strclear(char *s);
void tor_strstrip(char *s, const char *strip) ATTR_NONNULL((1,2));
long tor_parse_long(const char *s, int base, long min,
@@ -257,10 +264,6 @@ void smartlist_add_vasprintf(struct smartlist_t *sl, const char *pattern,
va_list args)
CHECK_PRINTF(2, 0);
-int hex_decode_digit(char c);
-void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen);
-int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen);
-
/* Time helpers */
long tv_udiff(const struct timeval *start, const struct timeval *end);
long tv_mdiff(const struct timeval *start, const struct timeval *end);
@@ -411,7 +414,7 @@ int path_is_relative(const char *filename);
/* Process helpers */
void start_daemon(void);
void finish_daemon(const char *desired_cwd);
-void write_pidfile(char *filename);
+void write_pidfile(const char *filename);
/* Port forwarding */
void tor_check_port_forwarding(const char *filename,
@@ -467,12 +470,15 @@ struct process_handle_t {
/** One of the PROCESS_STATUS_* values */
int status;
#ifdef _WIN32
+ HANDLE stdin_pipe;
HANDLE stdout_pipe;
HANDLE stderr_pipe;
PROCESS_INFORMATION pid;
#else
+ int stdin_pipe;
int stdout_pipe;
int stderr_pipe;
+ FILE *stdin_handle;
FILE *stdout_handle;
FILE *stderr_handle;
pid_t pid;
@@ -563,8 +569,6 @@ STATIC int format_helper_exit_status(unsigned char child_state,
#endif
-const char *libor_get_digests(void);
-
#define ARRAY_LENGTH(x) ((sizeof(x)) / sizeof(x[0]))
#endif
diff --git a/src/common/util_codedigest.c b/src/common/util_codedigest.c
deleted file mode 100644
index 7384f7dc1a..0000000000
--- a/src/common/util_codedigest.c
+++ /dev/null
@@ -1,13 +0,0 @@
-
-#include "util.h"
-
-/** Return a string describing the digest of the source files in src/common/
- */
-const char *
-libor_get_digests(void)
-{
- return ""
-#include "common_sha1.i"
- ;
-}
-
diff --git a/src/common/util_format.c b/src/common/util_format.c
new file mode 100644
index 0000000000..dc544a6c2e
--- /dev/null
+++ b/src/common/util_format.c
@@ -0,0 +1,528 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+#include "torlog.h"
+#include "util.h"
+#include "util_format.h"
+#include "torint.h"
+
+#include <stddef.h>
+#include <string.h>
+#include <stdlib.h>
+
+/** Implements base32 encoding as in RFC 4648. Limitation: Requires
+ * that srclen*8 is a multiple of 5.
+ */
+void
+base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
+{
+ unsigned int i, v, u;
+ size_t nbits = srclen * 8, bit;
+
+ tor_assert(srclen < SIZE_T_CEILING/8);
+ tor_assert((nbits%5) == 0); /* We need an even multiple of 5 bits. */
+ tor_assert((nbits/5)+1 <= destlen); /* We need enough space. */
+ tor_assert(destlen < SIZE_T_CEILING);
+
+ for (i=0,bit=0; bit < nbits; ++i, bit+=5) {
+ /* set v to the 16-bit value starting at src[bits/8], 0-padded. */
+ v = ((uint8_t)src[bit/8]) << 8;
+ if (bit+5<nbits) v += (uint8_t)src[(bit/8)+1];
+ /* set u to the 5-bit value at the bit'th bit of src. */
+ u = (v >> (11-(bit%8))) & 0x1F;
+ dest[i] = BASE32_CHARS[u];
+ }
+ dest[i] = '\0';
+}
+
+/** Implements base32 decoding as in RFC 4648. Limitation: Requires
+ * that srclen*5 is a multiple of 8. Returns 0 if successful, -1 otherwise.
+ */
+int
+base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
+{
+ /* XXXX we might want to rewrite this along the lines of base64_decode, if
+ * it ever shows up in the profile. */
+ unsigned int i;
+ size_t nbits, j, bit;
+ char *tmp;
+ nbits = srclen * 5;
+
+ tor_assert(srclen < SIZE_T_CEILING / 5);
+ tor_assert((nbits%8) == 0); /* We need an even multiple of 8 bits. */
+ tor_assert((nbits/8) <= destlen); /* We need enough space. */
+ tor_assert(destlen < SIZE_T_CEILING);
+
+ memset(dest, 0, destlen);
+
+ /* Convert base32 encoded chars to the 5-bit values that they represent. */
+ tmp = tor_malloc_zero(srclen);
+ for (j = 0; j < srclen; ++j) {
+ if (src[j] > 0x60 && src[j] < 0x7B) tmp[j] = src[j] - 0x61;
+ else if (src[j] > 0x31 && src[j] < 0x38) tmp[j] = src[j] - 0x18;
+ else if (src[j] > 0x40 && src[j] < 0x5B) tmp[j] = src[j] - 0x41;
+ else {
+ log_warn(LD_BUG, "illegal character in base32 encoded string");
+ tor_free(tmp);
+ return -1;
+ }
+ }
+
+ /* Assemble result byte-wise by applying five possible cases. */
+ for (i = 0, bit = 0; bit < nbits; ++i, bit += 8) {
+ switch (bit % 40) {
+ case 0:
+ dest[i] = (((uint8_t)tmp[(bit/5)]) << 3) +
+ (((uint8_t)tmp[(bit/5)+1]) >> 2);
+ break;
+ case 8:
+ dest[i] = (((uint8_t)tmp[(bit/5)]) << 6) +
+ (((uint8_t)tmp[(bit/5)+1]) << 1) +
+ (((uint8_t)tmp[(bit/5)+2]) >> 4);
+ break;
+ case 16:
+ dest[i] = (((uint8_t)tmp[(bit/5)]) << 4) +
+ (((uint8_t)tmp[(bit/5)+1]) >> 1);
+ break;
+ case 24:
+ dest[i] = (((uint8_t)tmp[(bit/5)]) << 7) +
+ (((uint8_t)tmp[(bit/5)+1]) << 2) +
+ (((uint8_t)tmp[(bit/5)+2]) >> 3);
+ break;
+ case 32:
+ dest[i] = (((uint8_t)tmp[(bit/5)]) << 5) +
+ ((uint8_t)tmp[(bit/5)+1]);
+ break;
+ }
+ }
+
+ memset(tmp, 0, srclen); /* on the heap, this should be safe */
+ tor_free(tmp);
+ tmp = NULL;
+ return 0;
+}
+
+#define BASE64_OPENSSL_LINELEN 64
+
+/** Return the Base64 encoded size of <b>srclen</b> bytes of data in
+ * bytes.
+ *
+ * If <b>flags</b>&amp;BASE64_ENCODE_MULTILINE is true, return the size
+ * of the encoded output as multiline output (64 character, `\n' terminated
+ * lines).
+ */
+size_t
+base64_encode_size(size_t srclen, int flags)
+{
+ size_t enclen;
+ tor_assert(srclen < INT_MAX);
+
+ if (srclen == 0)
+ return 0;
+
+ enclen = ((srclen - 1) / 3) * 4 + 4;
+ if (flags & BASE64_ENCODE_MULTILINE) {
+ size_t remainder = enclen % BASE64_OPENSSL_LINELEN;
+ enclen += enclen / BASE64_OPENSSL_LINELEN;
+ if (remainder)
+ enclen++;
+ }
+ tor_assert(enclen < INT_MAX && enclen > srclen);
+ return enclen;
+}
+
+/** Internal table mapping 6 bit values to the Base64 alphabet. */
+static const char base64_encode_table[64] = {
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
+ 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
+ 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
+ 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
+ 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+ 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
+ 'w', 'x', 'y', 'z', '0', '1', '2', '3',
+ '4', '5', '6', '7', '8', '9', '+', '/'
+};
+
+/** Base64 encode <b>srclen</b> bytes of data from <b>src</b>. Write
+ * the result into <b>dest</b>, if it will fit within <b>destlen</b>
+ * bytes. Return the number of bytes written on success; -1 if
+ * destlen is too short, or other failure.
+ *
+ * If <b>flags</b>&amp;BASE64_ENCODE_MULTILINE is true, return encoded
+ * output in multiline format (64 character, `\n' terminated lines).
+ */
+int
+base64_encode(char *dest, size_t destlen, const char *src, size_t srclen,
+ int flags)
+{
+ const unsigned char *usrc = (unsigned char *)src;
+ const unsigned char *eous = usrc + srclen;
+ char *d = dest;
+ uint32_t n = 0;
+ size_t linelen = 0;
+ size_t enclen;
+ int n_idx = 0;
+
+ if (!src || !dest)
+ return -1;
+
+ /* Ensure that there is sufficient space, including the NUL. */
+ enclen = base64_encode_size(srclen, flags);
+ if (destlen < enclen + 1)
+ return -1;
+ if (destlen > SIZE_T_CEILING)
+ return -1;
+ if (enclen > INT_MAX)
+ return -1;
+
+ memset(dest, 0, enclen);
+
+ /* XXX/Yawning: If this ends up being too slow, this can be sped up
+ * by separating the multiline format case and the normal case, and
+ * processing 48 bytes of input at a time when newlines are desired.
+ */
+#define ENCODE_CHAR(ch) \
+ STMT_BEGIN \
+ *d++ = ch; \
+ if (flags & BASE64_ENCODE_MULTILINE) { \
+ if (++linelen % BASE64_OPENSSL_LINELEN == 0) { \
+ linelen = 0; \
+ *d++ = '\n'; \
+ } \
+ } \
+ STMT_END
+
+#define ENCODE_N(idx) \
+ ENCODE_CHAR(base64_encode_table[(n >> ((3 - idx) * 6)) & 0x3f])
+
+#define ENCODE_PAD() ENCODE_CHAR('=')
+
+ /* Iterate over all the bytes in src. Each one will add 8 bits to the
+ * value we're encoding. Accumulate bits in <b>n</b>, and whenever we
+ * have 24 bits, batch them into 4 bytes and flush those bytes to dest.
+ */
+ for ( ; usrc < eous; ++usrc) {
+ n = (n << 8) | *usrc;
+ if ((++n_idx) == 3) {
+ ENCODE_N(0);
+ ENCODE_N(1);
+ ENCODE_N(2);
+ ENCODE_N(3);
+ n_idx = 0;
+ n = 0;
+ }
+ }
+ switch (n_idx) {
+ case 0:
+ /* 0 leftover bits, no pading to add. */
+ break;
+ case 1:
+ /* 8 leftover bits, pad to 12 bits, write the 2 6-bit values followed
+ * by 2 padding characters.
+ */
+ n <<= 4;
+ ENCODE_N(2);
+ ENCODE_N(3);
+ ENCODE_PAD();
+ ENCODE_PAD();
+ break;
+ case 2:
+ /* 16 leftover bits, pad to 18 bits, write the 3 6-bit values followed
+ * by 1 padding character.
+ */
+ n <<= 2;
+ ENCODE_N(1);
+ ENCODE_N(2);
+ ENCODE_N(3);
+ ENCODE_PAD();
+ break;
+ default:
+ /* Something went catastrophically wrong. */
+ tor_fragile_assert();
+ return -1;
+ }
+
+#undef ENCODE_N
+#undef ENCODE_PAD
+#undef ENCODE_CHAR
+
+ /* Multiline output always includes at least one newline. */
+ if (flags & BASE64_ENCODE_MULTILINE && linelen != 0)
+ *d++ = '\n';
+
+ tor_assert(d - dest == (ptrdiff_t)enclen);
+
+ *d++ = '\0'; /* NUL terminate the output. */
+
+ return (int) enclen;
+}
+
+/** As base64_encode, but do not add any internal spaces or external padding
+ * to the output stream. */
+int
+base64_encode_nopad(char *dest, size_t destlen,
+ const uint8_t *src, size_t srclen)
+{
+ int n = base64_encode(dest, destlen, (const char*) src, srclen, 0);
+ if (n <= 0)
+ return n;
+ tor_assert((size_t)n < destlen && dest[n] == 0);
+ char *in, *out;
+ in = out = dest;
+ while (*in) {
+ if (*in == '=' || *in == '\n') {
+ ++in;
+ } else {
+ *out++ = *in++;
+ }
+ }
+ *out = 0;
+
+ tor_assert(out - dest <= INT_MAX);
+
+ return (int)(out - dest);
+}
+
+/** As base64_decode, but do not require any padding on the input */
+int
+base64_decode_nopad(uint8_t *dest, size_t destlen,
+ const char *src, size_t srclen)
+{
+ if (srclen > SIZE_T_CEILING - 4)
+ return -1;
+ char *buf = tor_malloc(srclen + 4);
+ memcpy(buf, src, srclen+1);
+ size_t buflen;
+ switch (srclen % 4)
+ {
+ case 0:
+ default:
+ buflen = srclen;
+ break;
+ case 1:
+ tor_free(buf);
+ return -1;
+ case 2:
+ memcpy(buf+srclen, "==", 3);
+ buflen = srclen + 2;
+ break;
+ case 3:
+ memcpy(buf+srclen, "=", 2);
+ buflen = srclen + 1;
+ break;
+ }
+ int n = base64_decode((char*)dest, destlen, buf, buflen);
+ tor_free(buf);
+ return n;
+}
+
+#undef BASE64_OPENSSL_LINELEN
+
+/** @{ */
+/** Special values used for the base64_decode_table */
+#define X 255
+#define SP 64
+#define PAD 65
+/** @} */
+/** Internal table mapping byte values to what they represent in base64.
+ * Numbers 0..63 are 6-bit integers. SPs are spaces, and should be
+ * skipped. Xs are invalid and must not appear in base64. PAD indicates
+ * end-of-string. */
+static const uint8_t base64_decode_table[256] = {
+ X, X, X, X, X, X, X, X, X, SP, SP, SP, X, SP, X, X, /* */
+ X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+ SP, X, X, X, X, X, X, X, X, X, X, 62, X, X, X, 63,
+ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, X, X, X, PAD, X, X,
+ X, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
+ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, X, X, X, X, X,
+ X, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
+ 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, X, X, X, X, X,
+ X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+ X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+ X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+ X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+ X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+ X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+ X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+ X, X, X, X, X, X, X, X, X, X, X, X, X, X, X, X,
+};
+
+/** Base64 decode <b>srclen</b> bytes of data from <b>src</b>. Write
+ * the result into <b>dest</b>, if it will fit within <b>destlen</b>
+ * bytes. Return the number of bytes written on success; -1 if
+ * destlen is too short, or other failure.
+ *
+ * NOTE 1: destlen is checked conservatively, as though srclen contained no
+ * spaces or padding.
+ *
+ * NOTE 2: This implementation does not check for the correct number of
+ * padding "=" characters at the end of the string, and does not check
+ * for internal padding characters.
+ */
+int
+base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
+{
+ const char *eos = src+srclen;
+ uint32_t n=0;
+ int n_idx=0;
+ char *dest_orig = dest;
+
+ /* Max number of bits == srclen*6.
+ * Number of bytes required to hold all bits == (srclen*6)/8.
+ * Yes, we want to round down: anything that hangs over the end of a
+ * byte is padding. */
+ if (destlen < (srclen*3)/4)
+ return -1;
+ if (destlen > SIZE_T_CEILING)
+ return -1;
+
+ memset(dest, 0, destlen);
+
+ /* Iterate over all the bytes in src. Each one will add 0 or 6 bits to the
+ * value we're decoding. Accumulate bits in <b>n</b>, and whenever we have
+ * 24 bits, batch them into 3 bytes and flush those bytes to dest.
+ */
+ for ( ; src < eos; ++src) {
+ unsigned char c = (unsigned char) *src;
+ uint8_t v = base64_decode_table[c];
+ switch (v) {
+ case X:
+ /* This character isn't allowed in base64. */
+ return -1;
+ case SP:
+ /* This character is whitespace, and has no effect. */
+ continue;
+ case PAD:
+ /* We've hit an = character: the data is over. */
+ goto end_of_loop;
+ default:
+ /* We have an actual 6-bit value. Append it to the bits in n. */
+ n = (n<<6) | v;
+ if ((++n_idx) == 4) {
+ /* We've accumulated 24 bits in n. Flush them. */
+ *dest++ = (n>>16);
+ *dest++ = (n>>8) & 0xff;
+ *dest++ = (n) & 0xff;
+ n_idx = 0;
+ n = 0;
+ }
+ }
+ }
+ end_of_loop:
+ /* If we have leftover bits, we need to cope. */
+ switch (n_idx) {
+ case 0:
+ default:
+ /* No leftover bits. We win. */
+ break;
+ case 1:
+ /* 6 leftover bits. That's invalid; we can't form a byte out of that. */
+ return -1;
+ case 2:
+ /* 12 leftover bits: The last 4 are padding and the first 8 are data. */
+ *dest++ = n >> 4;
+ break;
+ case 3:
+ /* 18 leftover bits: The last 2 are padding and the first 16 are data. */
+ *dest++ = n >> 10;
+ *dest++ = n >> 2;
+ }
+
+ tor_assert((dest-dest_orig) <= (ssize_t)destlen);
+ tor_assert((dest-dest_orig) <= INT_MAX);
+
+ return (int)(dest-dest_orig);
+}
+#undef X
+#undef SP
+#undef PAD
+
+/** Encode the <b>srclen</b> bytes at <b>src</b> in a NUL-terminated,
+ * uppercase hexadecimal string; store it in the <b>destlen</b>-byte buffer
+ * <b>dest</b>.
+ */
+void
+base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
+{
+ const char *end;
+ char *cp;
+
+ tor_assert(destlen >= srclen*2+1);
+ tor_assert(destlen < SIZE_T_CEILING);
+
+ cp = dest;
+ end = src+srclen;
+ while (src<end) {
+ *cp++ = "0123456789ABCDEF"[ (*(const uint8_t*)src) >> 4 ];
+ *cp++ = "0123456789ABCDEF"[ (*(const uint8_t*)src) & 0xf ];
+ ++src;
+ }
+ *cp = '\0';
+}
+
+/** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
+static INLINE int
+hex_decode_digit_(char c)
+{
+ switch (c) {
+ case '0': return 0;
+ case '1': return 1;
+ case '2': return 2;
+ case '3': return 3;
+ case '4': return 4;
+ case '5': return 5;
+ case '6': return 6;
+ case '7': return 7;
+ case '8': return 8;
+ case '9': return 9;
+ case 'A': case 'a': return 10;
+ case 'B': case 'b': return 11;
+ case 'C': case 'c': return 12;
+ case 'D': case 'd': return 13;
+ case 'E': case 'e': return 14;
+ case 'F': case 'f': return 15;
+ default:
+ return -1;
+ }
+}
+
+/** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
+int
+hex_decode_digit(char c)
+{
+ return hex_decode_digit_(c);
+}
+
+/** Given a hexadecimal string of <b>srclen</b> bytes in <b>src</b>, decode it
+ * and store the result in the <b>destlen</b>-byte buffer at <b>dest</b>.
+ * Return 0 on success, -1 on failure. */
+int
+base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
+{
+ const char *end;
+
+ int v1,v2;
+ if ((srclen % 2) != 0)
+ return -1;
+ if (destlen < srclen/2 || destlen > SIZE_T_CEILING)
+ return -1;
+
+ memset(dest, 0, destlen);
+
+ end = src+srclen;
+ while (src<end) {
+ v1 = hex_decode_digit_(*src);
+ v2 = hex_decode_digit_(*(src+1));
+ if (v1<0||v2<0)
+ return -1;
+ *(uint8_t*)dest = (v1<<4)|v2;
+ ++dest;
+ src+=2;
+ }
+ return 0;
+}
+
diff --git a/src/common/util_format.h b/src/common/util_format.h
new file mode 100644
index 0000000000..3fb7e1ac16
--- /dev/null
+++ b/src/common/util_format.h
@@ -0,0 +1,33 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_UTIL_FORMAT_H
+#define TOR_UTIL_FORMAT_H
+
+#include "testsupport.h"
+#include "torint.h"
+
+#define BASE64_ENCODE_MULTILINE 1
+size_t base64_encode_size(size_t srclen, int flags);
+int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen,
+ int flags);
+int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen);
+int base64_encode_nopad(char *dest, size_t destlen,
+ const uint8_t *src, size_t srclen);
+int base64_decode_nopad(uint8_t *dest, size_t destlen,
+ const char *src, size_t srclen);
+
+/** Characters that can appear (case-insensitively) in a base32 encoding. */
+#define BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567"
+void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen);
+int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen);
+
+int hex_decode_digit(char c);
+void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen);
+int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen);
+
+#endif
+
diff --git a/src/common/workqueue.c b/src/common/workqueue.c
index c1bd6d4e8b..c467bdf43b 100644
--- a/src/common/workqueue.c
+++ b/src/common/workqueue.c
@@ -25,7 +25,7 @@ struct threadpool_s {
unsigned generation;
/** Function that should be run for updates on each thread. */
- int (*update_fn)(void *, void *);
+ workqueue_reply_t (*update_fn)(void *, void *);
/** Function to free update arguments if they can't be run. */
void (*free_update_arg_fn)(void *);
/** Array of n_threads update arguments. */
@@ -56,7 +56,7 @@ struct workqueue_entry_s {
/** True iff this entry is waiting for a worker to start processing it. */
uint8_t pending;
/** Function to run in the worker thread. */
- int (*fn)(void *state, void *arg);
+ workqueue_reply_t (*fn)(void *state, void *arg);
/** Function to run while processing the reply queue. */
void (*reply_fn)(void *arg);
/** Argument for the above functions. */
@@ -96,7 +96,7 @@ static void queue_reply(replyqueue_t *queue, workqueue_entry_t *work);
* <b>fn</b> in the worker thread, and <b>reply_fn</b> in the main
* thread. See threadpool_queue_work() for full documentation. */
static workqueue_entry_t *
-workqueue_entry_new(int (*fn)(void*, void*),
+workqueue_entry_new(workqueue_reply_t (*fn)(void*, void*),
void (*reply_fn)(void*),
void *arg)
{
@@ -172,7 +172,7 @@ worker_thread_main(void *thread_)
workerthread_t *thread = thread_;
threadpool_t *pool = thread->in_pool;
workqueue_entry_t *work;
- int result;
+ workqueue_reply_t result;
tor_mutex_acquire(&pool->lock);
while (1) {
@@ -182,13 +182,14 @@ worker_thread_main(void *thread_)
if (thread->in_pool->generation != thread->generation) {
void *arg = thread->in_pool->update_args[thread->index];
thread->in_pool->update_args[thread->index] = NULL;
- int (*update_fn)(void*,void*) = thread->in_pool->update_fn;
+ workqueue_reply_t (*update_fn)(void*,void*) =
+ thread->in_pool->update_fn;
thread->generation = thread->in_pool->generation;
tor_mutex_release(&pool->lock);
- int r = update_fn(thread->state, arg);
+ workqueue_reply_t r = update_fn(thread->state, arg);
- if (r < 0) {
+ if (r != WQ_RPL_REPLY) {
return;
}
@@ -208,7 +209,7 @@ worker_thread_main(void *thread_)
queue_reply(thread->reply_queue, work);
/* We may need to exit the thread. */
- if (result >= WQ_RPL_ERROR) {
+ if (result != WQ_RPL_REPLY) {
return;
}
tor_mutex_acquire(&pool->lock);
@@ -255,6 +256,7 @@ workerthread_new(void *state, threadpool_t *pool, replyqueue_t *replyqueue)
if (spawn_func(worker_thread_main, thr) < 0) {
log_err(LD_GENERAL, "Can't launch worker thread.");
+ tor_free(thr);
return NULL;
}
@@ -280,7 +282,7 @@ workerthread_new(void *state, threadpool_t *pool, replyqueue_t *replyqueue)
*/
workqueue_entry_t *
threadpool_queue_work(threadpool_t *pool,
- int (*fn)(void *, void *),
+ workqueue_reply_t (*fn)(void *, void *),
void (*reply_fn)(void *),
void *arg)
{
@@ -292,10 +294,10 @@ threadpool_queue_work(threadpool_t *pool,
TOR_TAILQ_INSERT_TAIL(&pool->work, ent, next_work);
- tor_mutex_release(&pool->lock);
-
tor_cond_signal_one(&pool->condition);
+ tor_mutex_release(&pool->lock);
+
return ent;
}
@@ -317,7 +319,7 @@ threadpool_queue_work(threadpool_t *pool,
int
threadpool_queue_update(threadpool_t *pool,
void *(*dup_fn)(void *),
- int (*fn)(void *, void *),
+ workqueue_reply_t (*fn)(void *, void *),
void (*free_fn)(void *),
void *arg)
{
@@ -344,10 +346,10 @@ threadpool_queue_update(threadpool_t *pool,
pool->update_fn = fn;
++pool->generation;
- tor_mutex_release(&pool->lock);
-
tor_cond_signal_all(&pool->condition);
+ tor_mutex_release(&pool->lock);
+
if (old_args) {
for (i = 0; i < n_threads; ++i) {
if (old_args[i] && old_args_free_fn)
@@ -359,12 +361,17 @@ threadpool_queue_update(threadpool_t *pool,
return 0;
}
+/** Don't have more than this many threads per pool. */
+#define MAX_THREADS 1024
+
/** Launch threads until we have <b>n</b>. */
static int
threadpool_start_threads(threadpool_t *pool, int n)
{
if (n < 0)
return -1;
+ if (n > MAX_THREADS)
+ n = MAX_THREADS;
tor_mutex_acquire(&pool->lock);
@@ -377,6 +384,7 @@ threadpool_start_threads(threadpool_t *pool, int n)
workerthread_t *thr = workerthread_new(state, pool, pool->reply_queue);
if (!thr) {
+ pool->free_thread_state_fn(state);
tor_mutex_release(&pool->lock);
return -1;
}
@@ -473,7 +481,8 @@ replyqueue_process(replyqueue_t *queue)
if (queue->alert.drain_fn(queue->alert.read_fd) < 0) {
static ratelim_t warn_limit = RATELIM_INIT(7200);
log_fn_ratelim(&warn_limit, LOG_WARN, LD_GENERAL,
- "Failure from drain_fd");
+ "Failure from drain_fd: %s",
+ tor_socket_strerror(tor_socket_errno(queue->alert.read_fd)));
}
tor_mutex_acquire(&queue->lock);
diff --git a/src/common/workqueue.h b/src/common/workqueue.h
index 92e82b8a48..9ce1eadafc 100644
--- a/src/common/workqueue.h
+++ b/src/common/workqueue.h
@@ -15,21 +15,22 @@ typedef struct threadpool_s threadpool_t;
* pool. */
typedef struct workqueue_entry_s workqueue_entry_t;
-/** Possible return value from a work function: indicates success. */
-#define WQ_RPL_REPLY 0
-/** Possible return value from a work function: indicates fatal error */
-#define WQ_RPL_ERROR 1
-/** Possible return value from a work function: indicates thread is shutting
- * down. */
-#define WQ_RPL_SHUTDOWN 2
+/** Possible return value from a work function: */
+typedef enum {
+ WQ_RPL_REPLY = 0, /** indicates success */
+ WQ_RPL_ERROR = 1, /** indicates fatal error */
+ WQ_RPL_SHUTDOWN = 2, /** indicates thread is shutting down */
+} workqueue_reply_t;
workqueue_entry_t *threadpool_queue_work(threadpool_t *pool,
- int (*fn)(void *, void *),
+ workqueue_reply_t (*fn)(void *,
+ void *),
void (*reply_fn)(void *),
void *arg);
+
int threadpool_queue_update(threadpool_t *pool,
void *(*dup_fn)(void *),
- int (*fn)(void *, void *),
+ workqueue_reply_t (*fn)(void *, void *),
void (*free_fn)(void *),
void *arg);
void *workqueue_entry_cancel(workqueue_entry_t *pending_work);