Age | Commit message (Collapse) | Author |
|
|
|
|
|
This patch lifts the `tor_tls_cert_matches_key()` tests out of the
OpenSSL specific TLS test suite and moves it into the generic TLS test
suite that is executed for both OpenSSL and NSS.
This patch is largely a code movement, but we had to rewrite parts of
the test to avoid using OpenSSL specific data-types (such as `X509 *`)
and replace it with the generic Tor abstraction type
(`tor_x509_cert_impl_t *`).
This patch is part of the fix for TROVE-2020-001.
See: https://bugs.torproject.org/33119
|
|
This is an automatically generated commit, made with the following
kludgey perl script. It results in a number of wide lines, which
I'll clean up in a subsequent commit.
#/usr/bin/perl -w -i
$mod = "NS_MODULE";
$submod = "NS_SUBMODULE";
$last_was_empty = 0;
while (<>) {
s/\bASPECT\(\s*(\w+)\s*,\s*(\w+)\s*\)/$1_$2/;
if (/# *define +NS_MODULE +(\w+)/) {
$mod = $1;
next;
} elsif (/# *define +NS_SUBMODULE +(\w+)/) {
$submod = $1;
next;
}
next if (/#undef NS_(SUB)?MODULE/);
s/NS\(\s*test_main\s*\)/test_${mod}_${submod}/;
s/NS\(\s*(\w+)\s*\)/${mod}_${submod}_$1/g;
s/NS_FULL\(\\s*(\w+)\s*,\s*(\w+),\s*(\w+)\s*\)/$1_$2_$3/;
s/^(\s*)NS_MOCK\(\s*(\w+)\s*\)/$1MOCK($2,\n$1 ${mod}_${submod}_$2)/;
s/NS_UNMOCK\(\s*(\w+)\s*\)/UNMOCK($1)/;
s/TEST_CASE\(\s*(\w+)\s*\)/{ "$1", test_${mod}_$1, TT_FORK, NULL, NULL }/;
s/TEST_CASE_ASPECT\(\s*(\w+)\s*,\s*(\w+)\s*\)/{ "$1_$2", test_${mod}_$1_$2, TT_FORK, NULL, NULL }/;
s/NS_DECL\(\s*([^,]+)\s*,\s*([^,]+)\s*,\s*(\(.*)\);/static $1 ${mod}_${submod}_$2$3;\nATTR_UNUSED static int ${mod}_${submod}_$2_called = 0;/;
s/\bCALLED\(\s*(\w+)\s*\)/${mod}_${submod}_$1_called/;
if (/^$/) {
print if (! $last_was_empty);
$last_was_empty = 1;
} else {
$last_was_empty = 0;
print;
}
if (eof) {
$mod = "NS_MODULE";
$submod = "NS_SUBMODULE";
$last_was_empty = 0;
}
}
# Please enter the commit message for your changes. Lines starting
# with '#' will be kept; you may remove them yourself if you want to.
# An empty message aborts the commit.
#
# Date: Thu Jan 9 10:26:10 2020 -0500
#
# On branch disable_ns_macro
# Changes to be committed:
# modified: src/test/test_accounting.c
# modified: src/test/test_compat_libevent.c
# modified: src/test/test_dir.c
# modified: src/test/test_dir_handle_get.c
# modified: src/test/test_dns.c
# modified: src/test/test_options.c
# modified: src/test/test_procmon.c
# modified: src/test/test_rendcache.c
# modified: src/test/test_router.c
# modified: src/test/test_routerset.c
# modified: src/test/test_status.c
# modified: src/test/test_tortls.c
# modified: src/test/test_tortls_openssl.c
# modified: src/test/test_util_format.c
# modified: src/test/test_util_process.c
#
# Untracked files:
# experiments/
# locate_options.sh
# un_ns.pl
#
# Please enter the commit message for your changes. Lines starting
# with '#' will be kept; you may remove them yourself if you want to.
# An empty message aborts the commit.
#
# Date: Thu Jan 9 10:26:10 2020 -0500
#
# On branch disable_ns_macro
# Changes to be committed:
# modified: src/test/test_accounting.c
# modified: src/test/test_compat_libevent.c
# modified: src/test/test_dir.c
# modified: src/test/test_dir_handle_get.c
# modified: src/test/test_dns.c
# modified: src/test/test_options.c
# modified: src/test/test_procmon.c
# modified: src/test/test_rendcache.c
# modified: src/test/test_router.c
# modified: src/test/test_routerset.c
# modified: src/test/test_status.c
# modified: src/test/test_tortls.c
# modified: src/test/test_tortls_openssl.c
# modified: src/test/test_util_format.c
# modified: src/test/test_util_process.c
#
# Untracked files:
# experiments/
# locate_options.sh
# un_ns.pl
#
|
|
|
|
This is an automated commit, generated by:
perl -i -pe 'next if /define/; s/((?:ENABLE|DISABLE)_GCC_WARNING)\(([A-Za-z0-9_\-]+)\)/$1(\"-W$2\")/' src/*/*/*.[ch] src/*/*.[ch]
|
|
|
|
|
|
|
|
|
|
|
|
Since this is an "intrusive" test, it only shows up for openssl <1.1
This is a bugfix on 0.3.5.x; bug not in any released Tor.
|
|
Bugfix on 0.3.5.x; bugfix not on any released Tor.
|
|
|
|
|
|
|
|
Everything that might have used it, uses tor_tls_cert_is_valid() instead.
|
|
This function was supposed to implement a half-duplex mode for our
TLS connections. However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me. It's probably best to remove it. We can add a tested one
later if we need one in the future.
|
|
|
|
Also, add a stubbed-out nss version of the modules. The tests won't
pass with NSS yet since the NSS modules don't do anything.
This is a good patch to read with --color-moved.
|