| Age | Commit message (Collapse) | Author |
|---|
|
We already did this in a couple of places, but there are more that
we didn't get. This is necessary for systems with versions of
NSS that don't do their prototypes properly.
Fixes #40409; bugfix on 0.3.5.1-alpha.
|
|
|
|
Previously, we would detect errors from a missing RNG
implementation, but not failures from the RNG code itself.
Fortunately, it appears those failures do not happen in practice
when Tor is using OpenSSL's default RNG implementation. Fixes bug
40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
|
|
|
|
This is an automated commit, generated by:
perl -i -pe 'next if /define/; s/((?:ENABLE|DISABLE)_GCC_WARNING)\(([A-Za-z0-9_\-]+)\)/$1(\"-W$2\")/' src/*/*/*.[ch] src/*/*.[ch]
|
|
|
|
|
|
|
|
I don't believe any of these represent a real timing vulnerability
(remote timing against memcmp() on a modern CPU is not easy), but
these are the ones where I believe we should be more careful.
|
|
|
|
|
|
Closes ticket 29026; patch from Mangix.
|
|
Some of the code for getting a random value within a range wants to
be shared between crypto_rand() and the new crypto_fast_rng() code.
|
|
I don't know how this got here, but this kind of a wrapper only
belongs in a header file.
|
|
|
|
|
|
See https://github.com/torproject/tor/pull/624#discussion_r246453777
|
|
This project introduces the prob_distr.c subsystem which implements all the
probability distributions that WTF-PAD needs. It also adds unittests for all of
them.
Code and tests courtesy of Riastradh.
Co-authored-by: Taylor R Campbell <campbell+tor@mumble.net>
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
|
|
Instead, have it call a mockable function. We don't want
crypto_strongest_rand() to be mockable, since doing so creates a
type error when we call it from ed25519-donna, which we do not build
in a test mode.
Fixes bug 27728; bugfix on 0.3.5.1-alpha
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.
Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
- tor-gencert
- pbkdf2
|
|
This is comparatively straightforward too, except for a couple of
twists:
* For as long as we're building with two crypto libraries, we
want to seed _both_ their RNGs, and use _both_ their RNGs to
improve the output of crypto_strongest_rand()
* The NSS prng will sometimes refuse to generate huge outputs.
When it does, we stretch the output with SHAKE. We only need
this for the tests.
|
|
Fun fact: these files used to be called log.[ch] until we ran into
conflicts with systems having a log.h file. But now that we always
include "lib/log/log.h", we should be fine.
|
|
|
|
|
|
|
|
libtor-encoding is about various ways to transform data to and from
character sequences.
|
|
|
|
|
|
|
|
|
|
You have no idea how glad I am that this is automated.
|
|
|
|
I am calling the crypto library "crypt_ops", since I want
higher-level crypto things to be separated from lower-level ones.
This library will hold only the low-level ones, once we have it
refactored.
|
