summaryrefslogtreecommitdiff
path: root/src/common/tortls.c
AgeCommit message (Collapse)Author
2018-06-21Split crypto and tls libraries into directoriesNick Mathewson
I am calling the crypto library "crypt_ops", since I want higher-level crypto things to be separated from lower-level ones. This library will hold only the low-level ones, once we have it refactored.
2018-06-20Remove all use of the assert.h headerNick Mathewson
Nothing in Tor has actually called assert() for some while.
2018-06-20Run rectify_include_paths.pyNick Mathewson
2018-06-20Update copyrights to 2018.Nick Mathewson
2018-06-17Merge remote-tracking branch 'ffmancera-1/bug24658-dh_stream'Nick Mathewson
2018-05-09Merge remote-tracking branch 'public/bug26005_034'Nick Mathewson
2018-05-08Include crypto_dh.h in order to solve dependency issues.Fernando Fernandez Mancera
Included crypto_dh.h in some files in order to solve DH module dependency issues. Follows #24658. Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-05-03Merge remote-tracking branch 'isis/bug24660_r1'Nick Mathewson
2018-05-03Use OPENSSL_1_1_API in place of raw OPENSSL_VERSION_NUMBER checksNick Mathewson
This is needed for libressl-2.6.4 compatibility, which we broke when we merged a15b2c57e1f901c53 to fix bug 19981. Fixes bug 26005; bug not in any released Tor.
2018-04-27Only define X509_get_not{BeforeAfter} if they are not definedNick Mathewson
(The originally submitted version of a15b2c57e1f901c531 broke with OpenSSL 1.1.0.)
2018-04-18Add support for openssl built with "no-deprecated".Nick Mathewson
Patch from Andrew John Hughes; partial fix for 19981.
2018-04-06crypto: Refactor (P)RNG functionality into new crypto_rand module.Isis Lovecruft
* ADD new /src/common/crypto_rand.[ch] module. * ADD new /src/common/crypto_util.[ch] module (contains the memwipe() function, since all crypto_* modules need this). * FIXES part of #24658: https://bugs.torproject.org/24658
2018-03-26Merge branch 'bug24658-rm-curve25519-header' into bug24658-mergeNick Mathewson
2018-02-10Merge branch 'maint-0.3.2'Nick Mathewson
2018-02-10Merge branch 'maint-0.3.1' into maint-0.3.2Nick Mathewson
2018-02-10Merge branch 'maint-0.2.9' into maint-0.3.1Nick Mathewson
2018-02-07Fix spelling mistakes corresponding to ticket #23650Deepesh Pathak
2018-02-03Include crypto_digest.h in order to solve dependency issues.Fernando Fernandez Mancera
Included crypto_digest.h in some files in order to solve xof+digest module dependency issues. Removed crypto.h where it isn't needed anymore. Follows #24658. Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-01-23Make Tor support TLS1.3 ciphers with OpenSSL 1.1.1Nick Mathewson
Without this patch, not only will TLS1.3 not work with Tor, but OpenSSL 1.1.1 with TLS1.3 enabled won't build any connections at all: It requires that either TLS1.3 be disabled, or some TLS1.3 ciphersuites be listed. Closes ticket 24978.
2017-12-20Merge branch 'maint-0.3.2'Nick Mathewson
2017-12-13Another attempt at fixing the STACK warning in tortls.cNick Mathewson
Patch suggestion from catalyst. Related to 24423
2017-11-17Make all the crypto free() functions macros that clear their targetsNick Mathewson
2017-09-28Move around some LCOV_EXCLs in src/commonNick Mathewson
Apparently, my compiler now generates coverage markers for label-only lines, so we need to exclude those too if they are meant to be unreachable.
2017-09-15Run our #else/#endif annotator on our source code.Nick Mathewson
2017-08-25Merge branch 'maint-0.3.1'Nick Mathewson
2017-08-25Merge branch 'bug19418_029' into maint-0.3.1Nick Mathewson
2017-08-09Make sure we always wind up checking i2d_*'s output.Nick Mathewson
The biggest offender here was sometimes not checking the output of crypto_pk_get_digest. Fixes bug 19418. Reported by Guido Vranken.
2017-07-24Improve comment about why we disable TLS compression.Nick Mathewson
Closes bug 22964. Based on Teor's replacement there, but tries to put the comment in a more logical place, and explain why we're actually disabling compression in the first place.
2017-06-05Merge branch 'maint-0.3.0'Nick Mathewson
2017-06-05Merge branch 'maint-0.2.9' into maint-0.3.0Nick Mathewson
2017-06-05Improve documentation on get_{peer,own}_certificate()Nick Mathewson
Make it clear that we're returning a newly allocated copy.
2017-06-05Test prerequisites: function to dup a cert, make get_own_cert mockable.Nick Mathewson
2017-06-05On v3 link handshake, send the correct link certificateNick Mathewson
Previously we'd send the _current_ link certificate, which would cause a handshaking failure when the TLS context rotated.
2017-05-26Cleanup MOCK_IMPL (etc) to be findable with etagsNick Mathewson
A fair number of our mock_impl declarations were messed up so that even our special AM_ETAGSFLAGS couldn't find them. This should be a whitespace-only patch.
2017-03-31Move "change cert expiration and re-sign" fn into tortls.cNick Mathewson
This lets test_link_handshake stop including openssl headers.
2017-03-31Change many tortls.h declarations of private APIs to use structsNick Mathewson
This change makes it so those those APIs will not require prior inclusion of openssl headers. I've left some APIs alone-- those will change to be extra-private.
2017-03-15Run the copyright update script.Nick Mathewson
2017-02-27Merge branch 'bug21420_029_squashed' into maint-0.3.0Nick Mathewson
2017-02-27Revise the logic for picking the start time for link certsNick Mathewson
Since 0.2.4.11-alpha (in 0196647970a91d) we've tried to randomize the start time to up to some time in the past. But unfortunately we allowed the start time to be in the future as well, which isn't really legit. The new behavior lets the start time be be up to MAX(cert_lifetime-2days, 0) in the past, but never in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha.
2017-01-24Re-run gen_server_ciphersNick Mathewson
2016-11-03Merge branch 'maint-0.2.8' into maint-0.2.9Nick Mathewson
2016-11-03Merge branch 'bug20551_028'Nick Mathewson
2016-11-03Use explicit casts to avoid warnings when building with openssl 1.1Nick Mathewson
fixes bug 20551; bugfix on 0.2.1.1-alpha
2016-11-03Merge branch 'feature_15055_v2'Nick Mathewson
2016-11-03Audit use of tor_tls_cert_get_key().Nick Mathewson
This function is allowed to return NULL if the certified key isn't RSA. But in a couple of places we were treating this as a bug or internal error, and in one other place we weren't checking for it at all! Caught by Isis during code review for #15055. The serious bug was only on the 15055 branch, thank goodness.
2016-11-03Generate our x509 certificates using sha256, not sha1.Nick Mathewson
All supported Tors (0.2.4+) require versions of openssl that can handle this. Now that our link certificates are RSA2048, this might actually help vs fingerprinting a little.
2016-11-03For testing: add a tor_x509_cert_dup().Nick Mathewson
2016-11-03Increase TLS RSA link key length to 2048 bitsNick Mathewson
Oddly, nothing broke. Closes ticket 13752.
2016-11-03Make the current time an argument to x509 cert-checking functionsNick Mathewson
This makes the code a bit cleaner by having more of the functions be pure functions that don't depend on the current time.
2016-11-03New authentication types to use RFC5705.Nick Mathewson
See proposal 244. This feature lets us stop looking at the internals of SSL objects, *and* should let us port better to more SSL libraries, if they have RFC5705 support. Preparatory for #19156
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion