| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
This patch lifts the `tor_tls_cert_matches_key()` tests out of the
OpenSSL specific TLS test suite and moves it into the generic TLS test
suite that is executed for both OpenSSL and NSS.
This patch is largely a code movement, but we had to rewrite parts of
the test to avoid using OpenSSL specific data-types (such as `X509 *`)
and replace it with the generic Tor abstraction type
(`tor_x509_cert_impl_t *`).
This patch is part of the fix for TROVE-2020-001.
See: https://bugs.torproject.org/33119
|
|
This is an automatically generated commit, made with the following
kludgey perl script. It results in a number of wide lines, which
I'll clean up in a subsequent commit.
#/usr/bin/perl -w -i
$mod = "NS_MODULE";
$submod = "NS_SUBMODULE";
$last_was_empty = 0;
while (<>) {
s/\bASPECT\(\s*(\w+)\s*,\s*(\w+)\s*\)/$1_$2/;
if (/# *define +NS_MODULE +(\w+)/) {
$mod = $1;
next;
} elsif (/# *define +NS_SUBMODULE +(\w+)/) {
$submod = $1;
next;
}
next if (/#undef NS_(SUB)?MODULE/);
s/NS\(\s*test_main\s*\)/test_${mod}_${submod}/;
s/NS\(\s*(\w+)\s*\)/${mod}_${submod}_$1/g;
s/NS_FULL\(\\s*(\w+)\s*,\s*(\w+),\s*(\w+)\s*\)/$1_$2_$3/;
s/^(\s*)NS_MOCK\(\s*(\w+)\s*\)/$1MOCK($2,\n$1 ${mod}_${submod}_$2)/;
s/NS_UNMOCK\(\s*(\w+)\s*\)/UNMOCK($1)/;
s/TEST_CASE\(\s*(\w+)\s*\)/{ "$1", test_${mod}_$1, TT_FORK, NULL, NULL }/;
s/TEST_CASE_ASPECT\(\s*(\w+)\s*,\s*(\w+)\s*\)/{ "$1_$2", test_${mod}_$1_$2, TT_FORK, NULL, NULL }/;
s/NS_DECL\(\s*([^,]+)\s*,\s*([^,]+)\s*,\s*(\(.*)\);/static $1 ${mod}_${submod}_$2$3;\nATTR_UNUSED static int ${mod}_${submod}_$2_called = 0;/;
s/\bCALLED\(\s*(\w+)\s*\)/${mod}_${submod}_$1_called/;
if (/^$/) {
print if (! $last_was_empty);
$last_was_empty = 1;
} else {
$last_was_empty = 0;
print;
}
if (eof) {
$mod = "NS_MODULE";
$submod = "NS_SUBMODULE";
$last_was_empty = 0;
}
}
# Please enter the commit message for your changes. Lines starting
# with '#' will be kept; you may remove them yourself if you want to.
# An empty message aborts the commit.
#
# Date: Thu Jan 9 10:26:10 2020 -0500
#
# On branch disable_ns_macro
# Changes to be committed:
# modified: src/test/test_accounting.c
# modified: src/test/test_compat_libevent.c
# modified: src/test/test_dir.c
# modified: src/test/test_dir_handle_get.c
# modified: src/test/test_dns.c
# modified: src/test/test_options.c
# modified: src/test/test_procmon.c
# modified: src/test/test_rendcache.c
# modified: src/test/test_router.c
# modified: src/test/test_routerset.c
# modified: src/test/test_status.c
# modified: src/test/test_tortls.c
# modified: src/test/test_tortls_openssl.c
# modified: src/test/test_util_format.c
# modified: src/test/test_util_process.c
#
# Untracked files:
# experiments/
# locate_options.sh
# un_ns.pl
#
# Please enter the commit message for your changes. Lines starting
# with '#' will be kept; you may remove them yourself if you want to.
# An empty message aborts the commit.
#
# Date: Thu Jan 9 10:26:10 2020 -0500
#
# On branch disable_ns_macro
# Changes to be committed:
# modified: src/test/test_accounting.c
# modified: src/test/test_compat_libevent.c
# modified: src/test/test_dir.c
# modified: src/test/test_dir_handle_get.c
# modified: src/test/test_dns.c
# modified: src/test/test_options.c
# modified: src/test/test_procmon.c
# modified: src/test/test_rendcache.c
# modified: src/test/test_router.c
# modified: src/test/test_routerset.c
# modified: src/test/test_status.c
# modified: src/test/test_tortls.c
# modified: src/test/test_tortls_openssl.c
# modified: src/test/test_util_format.c
# modified: src/test/test_util_process.c
#
# Untracked files:
# experiments/
# locate_options.sh
# un_ns.pl
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is enough to get a chutney network to bootstrap, though a bunch
of work remains.
|
|
|
|
Also, add a stubbed-out nss version of the modules. The tests won't
pass with NSS yet since the NSS modules don't do anything.
This is a good patch to read with --color-moved.
|
|
|
|
|
|
|
|
These functions exist only to expose RSA keys to other places in Tor
that use OpenSSL; let's be specific about their purpose.
|
|
Fun fact: these files used to be called log.[ch] until we ran into
conflicts with systems having a log.h file. But now that we always
include "lib/log/log.h", we should be fine.
|
|
I am very glad to have written this script.
|
|
Fewer modules needed this than I had expected.
|
|
|
|
|
|
|
|
|
|
|
|
We alloc/free X.509 structures in three ways:
1) X509 structure allocated with X509_new() and X509_free()
2) Fake X509 structure allocated with fake_x509_malloc() and fake_x509_free()
May contain valid pointers inside.
3) Empty X509 structure shell allocated with tor_malloc_zero() and
freed with tor_free()
|
|
|
|
This is needed for libressl-2.6.4 compatibility, which we broke when
we merged a15b2c57e1f901c53 to fix bug 19981. Fixes bug 26005; bug
not in any released Tor.
|
|
|
|
LibreSSL, despite not having the OpenSSL 1.1 API, does define
OPENSSL_VERSION in crypto.h. Additionally, it apparently annotates
some functions as returning NULL, so that our unit tests need to be
more careful about checking for NULL so they don't get compilation
warnings.
Closes ticket 26006.
|
|
Also for 19981.
|
|
I don't know where these came from.
|
|
|
|
|
|
|
|
|
|
This change lets us remove the openssl/ssl.h include from
test_link_handshake.c.
|
|
|
|
|
|
Determining if OpenSSL structures are opaque now uses an autoconf check
instead of comparing the version number. Some definitions have been
moved to their own check as assumptions which were true for OpenSSL
with opaque structures did not hold for LibreSSL. Closes ticket 21359.
|
|
|
|
(We weren't actually using these ciphers; we were just requing that
ciphers of that name existed.)
Patch from rubiate. Fixes 20460
|
|
This makes the code a bit cleaner by having more of the functions be
pure functions that don't depend on the current time.
|
|
We have a mock for our RSA key generation function, so we now wire
it to pk_generate(). This covers all the cases that were not using
pk_generate() before -- all ~93 of them.
|
