| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-10-19 | Rename a function; it is used to convert a value _From_ le. | Nick Mathewson | |
| We can't use htons()/ntohs() -- those are no-ops on exactly the wrong platforms. | |||
| 2018-10-19 | Fix a misspelled macro test that was breaking big-endian OPE | Nick Mathewson | |
| Fixes bug 28115; bugfix on 0.3.5.1-alpha. | |||
| 2018-10-14 | Merge branch 'bug27772_squashed' | Nick Mathewson | |
| 2018-10-09 | Merge remote-tracking branch 'public/ticket27856' | Nick Mathewson | |
| 2018-10-01 | Merge remote-tracking branch 'public/bug27728' | Nick Mathewson | |
| 2018-09-27 | Prevent duplicate initialization of NSS DH module | Nick Mathewson | |
| Allowing this didn't do any actual harm, since there aren't any shared structures or leakable objects here. Still, it's bad style and might cause trouble in the future. Closes ticket 27856. | |||
| 2018-09-24 | Fix arm compilation with openssl <1.1 | Nick Mathewson | |
| Bug 27781; bugfix on 0.3.5.1-alpha. | |||
| 2018-09-18 | Assert that some trunnel _new() functions return non-NULL | Nick Mathewson | |
| The trunnel functions are written under the assumption that their allocators can fail, so GCC LTO thinks they might return NULL. In point of fact, they're using tor_malloc() and friends, which can't fail, but GCC won't necessarily figure that out. Fixes part of #27772. | |||
| 2018-09-18 | Make crypto_strongest_rand() non-mockable | Nick Mathewson | |
| Instead, have it call a mockable function. We don't want crypto_strongest_rand() to be mockable, since doing so creates a type error when we call it from ed25519-donna, which we do not build in a test mode. Fixes bug 27728; bugfix on 0.3.5.1-alpha | |||
| 2018-09-18 | Fix minor memleak in edge-case of crypto_rsa.c function. | George Kadianakis | |
| 2018-09-17 | Lower the maximum size of a private key file to 16 MB | Nick Mathewson | |
| This shouldn't be a user-visible change: nobody has a 16 MB RSA key that they're trying to use with Tor. I'm doing this to fix CID 1439330 / ticket 27730, where coverity complains (on 64-bit) that we are making a comparison that is never true. | |||
| 2018-09-16 | When Tor is compiled with NSS, don't claim support for LinkAuth=1 | Nick Mathewson | |
| Closes ticket 27288 | |||
| 2018-09-13 | Fix a 32-bit off_t/size_t warning in crypto_rsa.c | Nick Mathewson | |
| Bug not in any released Tor. | |||
| 2018-09-09 | Refactor initialization in curve25519_basepoint_spot_check | Nick Mathewson | |
| This is an attempt to work around what I think may be a bug in OSS-Fuzz, which thinks that uninitialized data might be passed to the curve25519 functions. | |||
| 2018-09-07 | Merge remote-tracking branch 'dgoulet/ticket20700_035_03' | Nick Mathewson | |
| 2018-09-07 | test: Build an HSv3 descriptor with authorized client | Suphanat Chunhapanya | |
| Signed-off-by: David Goulet <dgoulet@torproject.org> | |||
| 2018-09-05 | Fix checkspaces | Nick Mathewson | |
| 2018-09-05 | Add a last-ditch memwipe() implementation for nss+old glibc | Nick Mathewson | |
| On new glibc versions, there's an explicit_bzero(). With openssl, there's openssl_memwipe(). When no other approach works, use memwipe() and a memory barrier. | |||
| 2018-09-04 | Fix documentation of initialized fields in crypto_init.c | Nick Mathewson | |
| 2018-09-04 | Make some additional RSA functions const | Nick Mathewson | |
| 2018-09-04 | Rename crypto_pk_check_key(), use it more reasonably, add tests | Nick Mathewson | |
| This function was a wrapper around RSA_check_key() in openssl, which checks for invalid RSA private keys (like those where p or q are composite, or where d is not the inverse of e, or where n != p*q). We don't need a function like this in NSS, since unlike OpenSSL, NSS won't let you import a bogus private key. I've renamed the function and changed its return type to make it more reasonable, and added a unit test for trying to read a key where n != p*q. | |||
| 2018-09-04 | Unify functions for reading/writing PEM keys, to avoid duplication. | Nick Mathewson | |
| 2018-09-04 | Do not leak a reference to "slot" when decoding private key. | Nick Mathewson | |
| 2018-09-04 | Update prefork and postfork NSS code for unit tests. | Nick Mathewson | |
| 2018-09-04 | Several unit tests to improve test coverage of x509*.c | Nick Mathewson | |
| 2018-08-22 | NSS support for x509 certs | Nick Mathewson | |
| 7 unit tests are failing at this point, but they're all TLS-related. | |||
| 2018-08-22 | Log error strings in crypto_nss_log_errors(). | Nick Mathewson | |
| I'll need this for debugging. | |||
| 2018-08-21 | Implement PBKDF2 with NSS. | Nick Mathewson | |
| This was a gap that we left in the last commit. | |||
| 2018-08-21 | When enabling NSS, disable OpenSSL. | Nick Mathewson | |
| We used to link both libraries at once, but now that I'm working on TLS, there's nothing left to keep OpenSSL around for when NSS is enabled. Note that this patch causes a couple of places that still assumed OpenSSL to be disabled when NSS is enabled - tor-gencert - pbkdf2 | |||
| 2018-08-21 | Implement RSA for NSS. | Nick Mathewson | |
| 2018-08-21 | Refactor crypto_rsa to use pem module. | Nick Mathewson | |
| This cleans up a lot of junk from crypto_rsa_openssl, and will save us duplicated code in crypto_rsa_nss (when it exists). (Actually, it already exists, but I am going to use git rebase so that this commit precedes the creation of crypto_rsa_nss.) | |||
| 2018-08-21 | Use a constant for "65537" | Nick Mathewson | |
| 2018-08-21 | Rename openssl-bridging functions in crypto_rsa | Nick Mathewson | |
| These functions exist only to expose RSA keys to other places in Tor that use OpenSSL; let's be specific about their purpose. | |||
| 2018-08-21 | Remove a redundant function. | Nick Mathewson | |
| 2018-08-21 | Rename functions that encode/decode private keys | Nick Mathewson | |
| It is not nice to expose a private key's contents without having the function name advertise the fact. Fortunately, we weren't misusing these yet. | |||
| 2018-08-21 | Extract openssl RSA functionality into its own file. | Nick Mathewson | |
| 2018-08-02 | Suppress strict-prototypes warning in crypto_nss_mgt.c | Nick Mathewson | |
| 2018-08-02 | Fix double-link of crypto_openssl_mgt.c | Nick Mathewson | |
| 2018-08-02 | Add a cast to make clang happier. | Nick Mathewson | |
| 2018-07-31 | Fix issues with crypto_ope compilation now that crypto.h is gone | Nick Mathewson | |
| 2018-07-31 | Merge branch 'nss_dh_squashed' into nss_dh_squashed_merged | Nick Mathewson | |
| 2018-07-31 | Only link crypto_dh_openssl.c once | Nick Mathewson | |
| (We do this unconditionally, since we still need it for tortls.c) | |||
| 2018-07-31 | Implement DH in NSS. | Nick Mathewson | |
| 2018-07-31 | Refactor the dependency between tortls and crypto_dh. | Nick Mathewson | |
| We only ever need this to get us a DH ephemeral key object, so make a function that does just that. | |||
| 2018-07-31 | Extract the shared part of crypto_dh_compute_secret. | Nick Mathewson | |
| 2018-07-31 | Extract the OpenSSL DH functionality to a new file. | Nick Mathewson | |
| 2018-07-31 | Fix "make distcheck." | Nick Mathewson | |
| 2018-07-31 | Use NSS for AES_CTR. | Nick Mathewson | |
| 2018-07-31 | Use NSS in crypto_rand.c | Nick Mathewson | |
| This is comparatively straightforward too, except for a couple of twists: * For as long as we're building with two crypto libraries, we want to seed _both_ their RNGs, and use _both_ their RNGs to improve the output of crypto_strongest_rand() * The NSS prng will sometimes refuse to generate huge outputs. When it does, we stretch the output with SHAKE. We only need this for the tests. | |||
| 2018-07-31 | Use NSS's digest code in Tor. | Nick Mathewson | |
| This was a fairly straightforward port, once I realized which layer I should be calling into. | |||
 |
index : tor | |
| Transit encryption and privacy out of the box | The Tor Project |
| aboutsummaryrefslogtreecommitdiff |