October 2015 - tor-commits - lists.torproject.org

[tor/master] Use __FUNCTION__ instead of __PRETTY_FUNCTION__
by nickm＠torproject.org 06 Oct '15

06 Oct '15

commit c44a94606a27e3dd9eb02083c05d87f9fe049b91 Author: Tom van der Woerdt <info(a)tvdw.eu> Date: Sun Oct 4 19:55:38 2015 +0200 Use __FUNCTION__ instead of __PRETTY_FUNCTION__ Fixes ticket #16563 --- src/common/torlog.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/common/torlog.h b/src/common/torlog.h index 722d595..3e86678 100644 --- a/src/common/torlog.h +++ b/src/common/torlog.h @@ -184,25 +184,25 @@ void log_fn_ratelim_(struct ratelim_t *ratelim, int severity, /** Log a message at level <b>severity</b>, using a pretty-printed version * of the current function name. */ #define log_fn(severity, domain, args...) \ - log_fn_(severity, domain, __PRETTY_FUNCTION__, args) + log_fn_(severity, domain, __FUNCTION__, args) /** As log_fn, but use <b>ratelim</b> (an instance of ratelim_t) to control * the frequency at which messages can appear. */ #define log_fn_ratelim(ratelim, severity, domain, args...) \ - log_fn_ratelim_(ratelim, severity, domain, __PRETTY_FUNCTION__, args) + log_fn_ratelim_(ratelim, severity, domain, __FUNCTION__, args) #define log_debug(domain, args...) \ STMT_BEGIN \ if (PREDICT_UNLIKELY(log_global_min_severity_ == LOG_DEBUG)) \ - log_fn_(LOG_DEBUG, domain, __PRETTY_FUNCTION__, args); \ + log_fn_(LOG_DEBUG, domain, __FUNCTION__, args); \ STMT_END #define log_info(domain, args...) \ - log_fn_(LOG_INFO, domain, __PRETTY_FUNCTION__, args) + log_fn_(LOG_INFO, domain, __FUNCTION__, args) #define log_notice(domain, args...) \ - log_fn_(LOG_NOTICE, domain, __PRETTY_FUNCTION__, args) + log_fn_(LOG_NOTICE, domain, __FUNCTION__, args) #define log_warn(domain, args...) \ - log_fn_(LOG_WARN, domain, __PRETTY_FUNCTION__, args) + log_fn_(LOG_WARN, domain, __FUNCTION__, args) #define log_err(domain, args...) \ - log_fn_(LOG_ERR, domain, __PRETTY_FUNCTION__, args) + log_fn_(LOG_ERR, domain, __FUNCTION__, args) #else /* ! defined(__GNUC__) */

1 0

[tor/master] Merge remote-tracking branch 'tvdw/fix-16563'
by nickm＠torproject.org 06 Oct '15

06 Oct '15

commit 41782bf3ac0ce1d2b3363585e652dfe944a9a58e Merge: 20ec030 c44a946 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Oct 6 10:57:31 2015 -0400 Merge remote-tracking branch 'tvdw/fix-16563' src/common/torlog.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-)

1 0

[tor/master] changes file for #16563
by nickm＠torproject.org 06 Oct '15

06 Oct '15

commit aaa27b995c03f6fe07849021e0302ecd9b720551 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Oct 6 11:02:55 2015 -0400 changes file for #16563 --- changes/bug16563 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/changes/bug16563 b/changes/bug16563 new file mode 100644 index 0000000..19e59b3 --- /dev/null +++ b/changes/bug16563 @@ -0,0 +1,6 @@ + o Minor bugfixes (logging): + - In log messages that include a function name, use __FUNCTION__ instead + of __PRETTY_FUNCTION__. In GCC, these are synonymous, but with clang + __PRETTY_FUNCTION__ has extra information we don't need. + Fixes bug 16563; bugfix on 0.0.2pre8. Fix by Tom van der Woerdt. + \ No newline at end of file

1 0

[stem/master] Fill in docs regarding HS_DESC's new reason field
by atagar＠torproject.org 06 Oct '15

06 Oct '15

commit bbb7099b8e9a839cb45bf7bd56b8ef65fe0afef5 Author: Damian Johnson <atagar(a)torproject.org> Date: Tue Oct 6 07:27:42 2015 -0700 Fill in docs regarding HS_DESC's new reason field Filling in a couple of our pydoc fields with the update from... https://trac.torproject.org/projects/tor/ticket/17226 --- stem/__init__.py | 2 +- stem/response/events.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stem/__init__.py b/stem/__init__.py index ece707a..273578a 100644 --- a/stem/__init__.py +++ b/stem/__init__.py @@ -426,7 +426,7 @@ Library for working with the tor process. **UPLOADED** descriptor was uploaded with HSPOST **IGNORE** fetched descriptor was ignored because we already have its v0 descriptor **FAILED** we were unable to retrieve the descriptor - **CREATED** unknown (:trac:`17226`) + **CREATED** hidden service descriptor was just created =============== =========== .. data:: HSDescReason (enum) diff --git a/stem/response/events.py b/stem/response/events.py index 98eaa9c..81a1b4c 100644 --- a/stem/response/events.py +++ b/stem/response/events.py @@ -641,7 +641,7 @@ class HSDescEvent(Event): :var str directory_nickname: hidden service directory's nickname if it was provided :var str descriptor_id: descriptor identifier :var stem.HSDescReason reason: reason the descriptor failed to be fetched - :var int replica: unknown (:trac:`17226`) + :var int replica: replica number the descriptor involves """ _VERSION_ADDED = stem.version.Requirement.EVENT_HS_DESC

1 0

[torspec/master] Clarify Replica field in HS_DESC event
by nickm＠torproject.org 06 Oct '15

06 Oct '15

commit 8401f6bc692532a048d42dc48af932d6ea379ea8 Author: Donncha O'Cearbhaill <donncha(a)donncha.is> Date: Tue Oct 6 15:15:41 2015 +0200 Clarify Replica field in HS_DESC event Clarify the format of the HS_DESC Replica field and indicate that it is is defined in rend-spec.txt. Resolves #17226. --- control-spec.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/control-spec.txt b/control-spec.txt index ba1831a..4df6a60 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -2751,6 +2751,7 @@ DescriptorID = 32*Base32Character Reason = "BAD_DESC" / "QUERY_REJECTED" / "UPLOAD_REJECTED" / "NOT_FOUND" / "UNEXPECTED" + Replica = 1*DIGIT These events will be triggered when required HiddenService descriptor is not found in the cache and a fetch or upload with the network is performed. @@ -2776,7 +2777,9 @@ - "UNEXPECTED" - nature of failure is unknown. If Action is "CREATED", Tor SHOULD send Replica field as well. The Replica - field contains the replica number of the generated descriptor. + field contains the replica number of the generated descriptor. The Replica + number is specified in rend-spec.txt section 1.3 and determines the + descriptor ID of the descriptor. 4.1.26. HiddenService descriptors content

1 0

[tor/master] Allow case-insensitive match in test_tortls_debug_state_callback
by nickm＠torproject.org 06 Oct '15

06 Oct '15

commit 94669c829c10c0d6f4560fa3f48cc7e73b8e791c Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Oct 6 09:40:56 2015 -0400 Allow case-insensitive match in test_tortls_debug_state_callback --- src/test/test_tortls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c index 5e0b80f..be7dd9b 100644 --- a/src/test/test_tortls.c +++ b/src/test/test_tortls.c @@ -1834,7 +1834,8 @@ test_tortls_debug_state_callback(void *ignored) n = snprintf(buf, 1000, "SSL %p is now in state unknown" " state [type=32,val=45].\n", ssl); buf[n]='\0'; - tt_str_op(mock_saved_log_at(0), OP_EQ, buf); + if (strcasecmp(mock_saved_log_at(0), buf)) + tt_str_op(mock_saved_log_at(0), OP_EQ, buf); done: teardown_capture_of_logs(previous_log);

1 0

[tor/master] Fix compilation with openssl 1.1 by forcibly disabling some tests
by nickm＠torproject.org 06 Oct '15

06 Oct '15

commit 20ec030d9b6ff0e403e37d2161f3e53dfd6dd622 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Oct 6 09:59:47 2015 -0400 Fix compilation with openssl 1.1 by forcibly disabling some tests Some of these tests can be ported to work with openssl 1.1, but probably some can't. --- src/test/test_tortls.c | 161 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 122 insertions(+), 39 deletions(-) diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c index be7dd9b..2e53293 100644 --- a/src/test/test_tortls.c +++ b/src/test/test_tortls.c @@ -28,6 +28,10 @@ #include <openssl/ssl3.h> #include <openssl/err.h> #include <openssl/asn1t.h> +#include <openssl/x509.h> +#include <openssl/rsa.h> +#include <openssl/evp.h> +#include <openssl/bn.h> #if __GNUC__ && GCC_VERSION >= 402 #if GCC_VERSION >= 406 @@ -49,6 +53,11 @@ extern tor_tls_context_t *server_tls_context; extern tor_tls_context_t *client_tls_context; +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) +#define OPENSSL_OPAQUE +#endif + +#ifndef OPENSSL_OPAQUE static SSL_METHOD * give_me_a_test_method(void) { @@ -62,6 +71,7 @@ fake_num_ciphers(void) { return 0; } +#endif static void test_tortls_errno_to_tls_error(void *data) @@ -132,12 +142,14 @@ test_tortls_tor_tls_new(void *data) tls = tor_tls_new(-1, 0); tt_assert(!tls); +#ifndef OPENSSL_OPAQUE SSL_METHOD *method = give_me_a_test_method(); SSL_CTX *ctx = SSL_CTX_new(method); method->num_ciphers = fake_num_ciphers; client_tls_context->ctx = ctx; tls = tor_tls_new(-1, 0); tt_assert(!tls); +#endif done: UNMOCK(tor_tls_cert_matches_key); @@ -399,6 +411,7 @@ test_tortls_log_one_error(void *ignored) tor_free(tls); } +#ifndef OPENSSL_OPAQUE static void test_tortls_get_error(void *ignored) { @@ -484,6 +497,7 @@ test_tortls_get_error(void *ignored) teardown_capture_of_logs(previous_log); tor_free(tls); } +#endif static void test_tortls_always_accept_verify_cb(void *ignored) @@ -498,6 +512,7 @@ test_tortls_always_accept_verify_cb(void *ignored) (void)0; } +#ifndef OPENSSL_OPAQUE static void test_tortls_x509_cert_free(void *ignored) { @@ -512,6 +527,7 @@ test_tortls_x509_cert_free(void *ignored) cert->encoded = tor_malloc_zero(1); tor_x509_cert_free(cert); } +#endif static void test_tortls_x509_cert_get_id_digests(void *ignored) @@ -536,6 +552,7 @@ test_tortls_x509_cert_get_id_digests(void *ignored) (void)0; } +#ifndef OPENSSL_OPAQUE static int fixed_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { @@ -628,6 +645,7 @@ test_tortls_cert_get_key(void *ignored) done: (void)0; } +#endif static void test_tortls_get_my_client_auth_key(void *ignored) @@ -691,6 +709,7 @@ test_tortls_get_my_certs(void *ignored) (void)1; } +#ifndef OPENSSL_OPAQUE static void test_tortls_get_ciphersuite_name(void *ignored) { @@ -838,11 +857,17 @@ test_tortls_classify_client_ciphers(void *ignored) done: (void)1; } +#endif static void test_tortls_client_is_using_v2_ciphers(void *ignored) { (void)ignored; + +#ifdef HAVE_SSL_GET_CLIENT_CIPHERS + tt_skip(); +#else + int ret; SSL_CTX *ctx; SSL *ssl; @@ -856,8 +881,6 @@ test_tortls_client_is_using_v2_ciphers(void *ignored) ssl = SSL_new(ctx); sess = SSL_SESSION_new(); -#ifdef HAVE_SSL_GET_CLIENT_CIPHERS -#else ret = tor_tls_client_is_using_v2_ciphers(ssl); tt_int_op(ret, OP_EQ, -1); @@ -878,6 +901,7 @@ test_tortls_client_is_using_v2_ciphers(void *ignored) (void)1; } +#ifndef OPENSSL_OPAQUE static X509 *fixed_try_to_extract_certs_from_tls_cert_out_result = NULL; static X509 *fixed_try_to_extract_certs_from_tls_id_cert_out_result = NULL; @@ -890,7 +914,9 @@ fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls, *cert_out = fixed_try_to_extract_certs_from_tls_cert_out_result; *id_cert_out = fixed_try_to_extract_certs_from_tls_id_cert_out_result; } +#endif +#ifndef OPENSSL_OPAQUE static const char* notCompletelyValidCertString = "-----BEGIN CERTIFICATE-----\n" "MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n" @@ -907,6 +933,7 @@ static const char* notCompletelyValidCertString = "jC9UeuErhaA/zzWi8ewMTFZW/WshOrm3fNvcMrMLKtH534JKvcdMg6qIdjTFINIr\n" "evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=\n" "-----END CERTIFICATE-----\n"; +#endif static const char* validCertString = "-----BEGIN CERTIFICATE-----\n" "MIIDpTCCAY0CAg3+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMREwDwYD\n" @@ -974,6 +1001,7 @@ read_cert_from(const char *str) return res; } +#ifndef OPENSSL_OPAQUE static void test_tortls_verify(void *ignored) { @@ -1028,7 +1056,9 @@ test_tortls_verify(void *ignored) tor_free(tls); tor_free(k); } +#endif +#ifndef OPENSSL_OPAQUE static void test_tortls_check_lifetime(void *ignored) { @@ -1062,7 +1092,9 @@ test_tortls_check_lifetime(void *ignored) tor_free(tls->ssl); tor_free(tls); } +#endif +#ifndef OPENSSL_OPAQUE static int fixed_ssl_pending_result = 0; static int @@ -1095,6 +1127,7 @@ test_tortls_get_pending_bytes(void *ignored) tor_free(tls->ssl); tor_free(tls); } +#endif static void test_tortls_get_forced_write_size(void *ignored) @@ -1215,6 +1248,7 @@ test_tortls_dn_indicates_v3_cert(void *ignored) X509_NAME_free(name); } +#ifndef OPENSSL_OPAQUE static void test_tortls_received_v3_certificate(void *ignored) { @@ -1295,6 +1329,7 @@ test_tortls_received_v3_certificate(void *ignored) tor_free(tls->ssl); tor_free(tls); } +#endif static void test_tortls_get_num_server_handshakes(void *ignored) @@ -1330,6 +1365,7 @@ test_tortls_server_got_renegotiate(void *ignored) tor_free(tls); } +#ifndef OPENSSL_OPAQUE static void test_tortls_SSL_SESSION_get_master_key(void *ignored) { @@ -1360,7 +1396,9 @@ test_tortls_SSL_SESSION_get_master_key(void *ignored) tor_free(tls); tor_free(out); } +#endif +#ifndef OPENSSL_OPAQUE static void test_tortls_get_tlssecrets(void *ignored) { @@ -1384,7 +1422,9 @@ test_tortls_get_tlssecrets(void *ignored) tor_free(tls->ssl); tor_free(tls); } +#endif +#ifndef OPENSSL_OPAQUE static void test_tortls_get_buffer_sizes(void *ignored) { @@ -1434,6 +1474,7 @@ test_tortls_get_buffer_sizes(void *ignored) tor_free(tls->ssl); tor_free(tls); } +#endif static void test_tortls_evaluate_ecgroup_for_tls(void *ignored) @@ -1457,6 +1498,7 @@ test_tortls_evaluate_ecgroup_for_tls(void *ignored) (void)0; } +#ifndef OPENSSL_OPAQUE typedef struct cert_pkey_st_local { X509 *x509; @@ -1516,7 +1558,9 @@ test_tortls_try_to_extract_certs_from_tls(void *ignored) tor_free(tls->ssl); tor_free(tls); } +#endif +#ifndef OPENSSL_OPAQUE static void test_tortls_get_peer_cert(void *ignored) { @@ -1545,7 +1589,9 @@ test_tortls_get_peer_cert(void *ignored) tor_free(tls->ssl); tor_free(tls); } +#endif +#ifndef OPENSSL_OPAQUE static void test_tortls_peer_has_cert(void *ignored) { @@ -1572,6 +1618,7 @@ test_tortls_peer_has_cert(void *ignored) tor_free(tls->ssl); tor_free(tls); } +#endif static void test_tortls_is_server(void *ignored) @@ -1589,6 +1636,7 @@ test_tortls_is_server(void *ignored) tor_free(tls); } +#ifndef OPENSSL_OPAQUE static void test_tortls_session_secret_cb(void *ignored) { @@ -1630,7 +1678,9 @@ test_tortls_session_secret_cb(void *ignored) SSL_CTX_free(ctx); tor_free(tls); } +#endif +#ifndef OPENSSL_OPAQUE /* TODO: It seems block_renegotiation and unblock_renegotiation and * using different blags. This might not be correct */ static void @@ -1669,7 +1719,9 @@ test_tortls_unblock_renegotiation(void *ignored) tor_free(tls->ssl); tor_free(tls); } +#endif +#ifndef OPENSSL_OPAQUE static void test_tortls_assert_renegotiation_unblocked(void *ignored) { @@ -1685,6 +1737,7 @@ test_tortls_assert_renegotiation_unblocked(void *ignored) tor_free(tls); } +#endif static void test_tortls_set_logged_address(void *ignored) @@ -1705,6 +1758,7 @@ test_tortls_set_logged_address(void *ignored) tor_free(tls); } +#ifndef OPENSSL_OPAQUE static void example_cb(tor_tls_t *t, void *arg) { @@ -1737,7 +1791,9 @@ test_tortls_set_renegotiate_callback(void *ignored) tor_free(tls->ssl); tor_free(tls); } +#endif +#ifndef OPENSSL_OPAQUE static const SSL_CIPHER * fake_get_cipher(unsigned ncipher) { @@ -1753,7 +1809,9 @@ fake_get_cipher(unsigned ncipher) return NULL; } } +#endif +#ifndef OPENSSL_OPAQUE static void test_tortls_find_cipher_by_id(void *ignored) { @@ -1816,7 +1874,9 @@ test_tortls_find_cipher_by_id(void *ignored) SSL_free(ssl); SSL_CTX_free(ctx); } +#endif +#ifndef OPENSSL_OPAQUE static void test_tortls_debug_state_callback(void *ignored) { @@ -1840,7 +1900,9 @@ test_tortls_debug_state_callback(void *ignored) done: teardown_capture_of_logs(previous_log); } +#endif +#ifndef OPENSSL_OPAQUE static void test_tortls_server_info_callback(void *ignored) { @@ -1905,7 +1967,9 @@ test_tortls_server_info_callback(void *ignored) teardown_capture_of_logs(previous_log); tor_free(ssl); } +#endif +#ifndef OPENSSL_OPAQUE static int fixed_ssl_read_result_index; static int fixed_ssl_read_result[5]; static int fixed_ssl_shutdown_result; @@ -2235,7 +2299,9 @@ test_tortls_renegotiate(void *ignored) SSL_CTX_free(ctx); tor_free(tls); } +#endif +#ifndef OPENSSL_OPAQUE static int fixed_ssl_accept_result; static int fixed_ssl_connect_result; @@ -2344,7 +2410,9 @@ test_tortls_handshake(void *ignored) SSL_CTX_free(ctx); tor_free(tls); } +#endif +#ifndef OPENSSL_OPAQUE static void test_tortls_finish_handshake(void *ignored) { @@ -2417,15 +2485,10 @@ test_tortls_finish_handshake(void *ignored) SSL_CTX_free(ctx); tor_free(tls); } +#endif static int fixed_crypto_pk_new_result_index; static crypto_pk_t *fixed_crypto_pk_new_result[5]; -static int fixed_crypto_pk_generate_key_with_bits_result_index; -static int fixed_crypto_pk_generate_key_with_bits_result[5]; -static int fixed_tor_tls_create_certificate_result_index; -static X509 *fixed_tor_tls_create_certificate_result[5]; -static int fixed_tor_x509_cert_new_result_index; -static tor_x509_cert_t *fixed_tor_x509_cert_new_result[5]; static crypto_pk_t * fixed_crypto_pk_new(void) @@ -2433,6 +2496,14 @@ fixed_crypto_pk_new(void) return fixed_crypto_pk_new_result[fixed_crypto_pk_new_result_index++]; } +#ifndef OPENSSL_OPAQUE +static int fixed_crypto_pk_generate_key_with_bits_result_index; +static int fixed_crypto_pk_generate_key_with_bits_result[5]; +static int fixed_tor_tls_create_certificate_result_index; +static X509 *fixed_tor_tls_create_certificate_result[5]; +static int fixed_tor_x509_cert_new_result_index; +static tor_x509_cert_t *fixed_tor_x509_cert_new_result[5]; + static int fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits) { @@ -2637,6 +2708,7 @@ test_tortls_context_new(void *ignored) UNMOCK(crypto_pk_generate_key_with_bits); UNMOCK(crypto_pk_new); } +#endif static int fixed_crypto_pk_get_evp_pkey_result_index = 0; static EVP_PKEY *fixed_crypto_pk_get_evp_pkey_result[5]; @@ -2717,9 +2789,11 @@ test_tortls_cert_new(void *ignored) ret = tor_x509_cert_new(cert); tt_assert(ret); +#ifndef OPENSSL_OPAQUE cert->cert_info = NULL; ret = tor_x509_cert_new(cert); tt_assert(ret); +#endif done: (void)0; @@ -2741,6 +2815,7 @@ test_tortls_cert_is_valid(void *ignored) ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0); tt_int_op(ret, OP_EQ, 1); +#ifndef OPENSSL_OPAQUE cert = tor_x509_cert_new(read_cert_from(validCertString)); scert = tor_x509_cert_new(read_cert_from(caCertString)); cert->cert->cert_info->validity->notAfter = @@ -2753,6 +2828,7 @@ test_tortls_cert_is_valid(void *ignored) cert->cert->cert_info->key = NULL; ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 1); tt_int_op(ret, OP_EQ, 0); +#endif cert = tor_x509_cert_new(read_cert_from(validCertString)); scert = tor_x509_cert_new(read_cert_from(caCertString)); @@ -2804,6 +2880,13 @@ test_tortls_context_init_one(void *ignored) #define LOCAL_TEST_CASE(name, flags) \ { #name, test_tortls_##name, (flags), NULL, NULL } +#ifdef OPENSSL_OPAQUE +#define INTRUSIVE_TEST_CASE(name, flags) \ + { #name, NULL, TT_SKIP, NULL, NULL } +#else +#define INTRUSIVE_TEST_CASE(name, flags) LOCAL_TEST_CASE(name, flags) +#endif + struct testcase_t tortls_tests[] = { LOCAL_TEST_CASE(errno_to_tls_error, 0), LOCAL_TEST_CASE(err_to_string, 0), @@ -2813,51 +2896,51 @@ struct testcase_t tortls_tests[] = { LOCAL_TEST_CASE(get_by_ssl, TT_FORK), LOCAL_TEST_CASE(allocate_tor_tls_object_ex_data_index, TT_FORK), LOCAL_TEST_CASE(log_one_error, TT_FORK), - LOCAL_TEST_CASE(get_error, TT_FORK), + INTRUSIVE_TEST_CASE(get_error, TT_FORK), LOCAL_TEST_CASE(always_accept_verify_cb, 0), - LOCAL_TEST_CASE(x509_cert_free, 0), + INTRUSIVE_TEST_CASE(x509_cert_free, 0), LOCAL_TEST_CASE(x509_cert_get_id_digests, 0), - LOCAL_TEST_CASE(cert_matches_key, 0), - LOCAL_TEST_CASE(cert_get_key, 0), + INTRUSIVE_TEST_CASE(cert_matches_key, 0), + INTRUSIVE_TEST_CASE(cert_get_key, 0), LOCAL_TEST_CASE(get_my_client_auth_key, TT_FORK), LOCAL_TEST_CASE(get_my_certs, TT_FORK), - LOCAL_TEST_CASE(get_ciphersuite_name, 0), - LOCAL_TEST_CASE(classify_client_ciphers, 0), + INTRUSIVE_TEST_CASE(get_ciphersuite_name, 0), + INTRUSIVE_TEST_CASE(classify_client_ciphers, 0), LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0), - LOCAL_TEST_CASE(verify, 0), - LOCAL_TEST_CASE(check_lifetime, 0), - LOCAL_TEST_CASE(get_pending_bytes, 0), + INTRUSIVE_TEST_CASE(verify, 0), + INTRUSIVE_TEST_CASE(check_lifetime, 0), + INTRUSIVE_TEST_CASE(get_pending_bytes, 0), LOCAL_TEST_CASE(get_forced_write_size, 0), LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK), LOCAL_TEST_CASE(used_v1_handshake, TT_FORK), LOCAL_TEST_CASE(dn_indicates_v3_cert, 0), - LOCAL_TEST_CASE(received_v3_certificate, 0), + INTRUSIVE_TEST_CASE(received_v3_certificate, 0), LOCAL_TEST_CASE(get_num_server_handshakes, 0), LOCAL_TEST_CASE(server_got_renegotiate, 0), - LOCAL_TEST_CASE(SSL_SESSION_get_master_key, 0), - LOCAL_TEST_CASE(get_tlssecrets, 0), - LOCAL_TEST_CASE(get_buffer_sizes, 0), + INTRUSIVE_TEST_CASE(SSL_SESSION_get_master_key, 0), + INTRUSIVE_TEST_CASE(get_tlssecrets, 0), + INTRUSIVE_TEST_CASE(get_buffer_sizes, 0), LOCAL_TEST_CASE(evaluate_ecgroup_for_tls, 0), - LOCAL_TEST_CASE(try_to_extract_certs_from_tls, 0), - LOCAL_TEST_CASE(get_peer_cert, 0), - LOCAL_TEST_CASE(peer_has_cert, 0), - LOCAL_TEST_CASE(shutdown, 0), - LOCAL_TEST_CASE(renegotiate, 0), - LOCAL_TEST_CASE(finish_handshake, 0), - LOCAL_TEST_CASE(handshake, 0), - LOCAL_TEST_CASE(write, 0), - LOCAL_TEST_CASE(read, 0), - LOCAL_TEST_CASE(server_info_callback, 0), + INTRUSIVE_TEST_CASE(try_to_extract_certs_from_tls, 0), + INTRUSIVE_TEST_CASE(get_peer_cert, 0), + INTRUSIVE_TEST_CASE(peer_has_cert, 0), + INTRUSIVE_TEST_CASE(shutdown, 0), + INTRUSIVE_TEST_CASE(renegotiate, 0), + INTRUSIVE_TEST_CASE(finish_handshake, 0), + INTRUSIVE_TEST_CASE(handshake, 0), + INTRUSIVE_TEST_CASE(write, 0), + INTRUSIVE_TEST_CASE(read, 0), + INTRUSIVE_TEST_CASE(server_info_callback, 0), LOCAL_TEST_CASE(is_server, 0), - LOCAL_TEST_CASE(assert_renegotiation_unblocked, 0), - LOCAL_TEST_CASE(block_renegotiation, 0), - LOCAL_TEST_CASE(unblock_renegotiation, 0), - LOCAL_TEST_CASE(set_renegotiate_callback, 0), + INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0), + INTRUSIVE_TEST_CASE(block_renegotiation, 0), + INTRUSIVE_TEST_CASE(unblock_renegotiation, 0), + INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0), LOCAL_TEST_CASE(set_logged_address, 0), - LOCAL_TEST_CASE(find_cipher_by_id, 0), - LOCAL_TEST_CASE(session_secret_cb, 0), - LOCAL_TEST_CASE(debug_state_callback, 0), - LOCAL_TEST_CASE(context_new, 0), + INTRUSIVE_TEST_CASE(find_cipher_by_id, 0), + INTRUSIVE_TEST_CASE(session_secret_cb, 0), + INTRUSIVE_TEST_CASE(debug_state_callback, 0), + INTRUSIVE_TEST_CASE(context_new, 0), LOCAL_TEST_CASE(create_certificate, 0), LOCAL_TEST_CASE(cert_new, 0), LOCAL_TEST_CASE(cert_is_valid, 0),

1 0

[tor/master] Fix 17251: avoid integer overflow in test_crypto_slow
by nickm＠torproject.org 06 Oct '15

06 Oct '15

commit f7ce93d97949fe0897bf8f1b2e95da73c620ff8a Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Oct 6 08:58:03 2015 -0400 Fix 17251: avoid integer overflow in test_crypto_slow --- changes/bug17251 | 3 +++ src/test/test_crypto_slow.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/changes/bug17251 b/changes/bug17251 new file mode 100644 index 0000000..edd7739 --- /dev/null +++ b/changes/bug17251 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix an integer overflow warning in test_crypto_slow.c. + Fixes bug 17251; bugfix on 0.2.7.2-alpha. diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c index d0f50f8..853a08d 100644 --- a/src/test/test_crypto_slow.c +++ b/src/test/test_crypto_slow.c @@ -217,7 +217,7 @@ test_libscrypt_eq_openssl(void *arg) memset(buf2,0,64); N = 1048576; - maxmem = 2 * 1024 * 1024 * 1024; // 2 GB + maxmem = 2 * 1024 * 1024 * (uint64_t)1024; // 2 GB libscrypt_retval = libscrypt_scrypt((const uint8_t *)"pleaseletmein",

1 0

[tor/master] Work around openssl declaring x509_get_not{Before, After} as functions
by nickm＠torproject.org 06 Oct '15

06 Oct '15

commit 1eb838b30361b0dcc1e2b82815be25391d5a15f1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Oct 6 09:04:37 2015 -0400 Work around openssl declaring x509_get_not{Before,After} as functions Now that x509_get_not{Before,After} are functions in OpenSSL 1.1 (not yet releasesd), we need to define a variant that takes a const pointer to X509 and returns a const pointer to ASN1_time. Part of 17237. I'm not convinced this is an openssl bug or a tor bug. It might be just one of those things. --- changes/bug17237_027 | 4 ++++ src/common/tortls.c | 13 +++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/changes/bug17237_027 b/changes/bug17237_027 new file mode 100644 index 0000000..8448bb0 --- /dev/null +++ b/changes/bug17237_027 @@ -0,0 +1,4 @@ + o Minor features (compilation): + - Repair compilation with the most recent (unreleased, alpha) + vesions of OpenSSL 1.1. Fixes the 0.2.7-related part of + ticket 17237. diff --git a/src/common/tortls.c b/src/common/tortls.c index 20c8984..97d0ce2 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -75,6 +75,11 @@ #include "container.h" #include <string.h> +#define X509_get_notBefore_const(cert) \ + ((const ASN1_TIME*) X509_get_notBefore((X509 *)cert)) +#define X509_get_notAfter_const(cert) \ + ((const ASN1_TIME*) X509_get_notAfter((X509 *)cert)) + /* Enable the "v2" TLS handshake. */ #define V2_HANDSHAKE_SERVER @@ -2203,7 +2208,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem) if (!(bio = BIO_new(BIO_s_mem()))) { log_warn(LD_GENERAL, "Couldn't allocate BIO!"); goto end; } - if (!(ASN1_TIME_print(bio, X509_get_notBefore(cert)))) { + if (!(ASN1_TIME_print(bio, X509_get_notBefore_const(cert)))) { tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime"); goto end; } @@ -2211,7 +2216,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem) s1 = tor_strndup(buf->data, buf->length); (void)BIO_reset(bio); - if (!(ASN1_TIME_print(bio, X509_get_notAfter(cert)))) { + if (!(ASN1_TIME_print(bio, X509_get_notAfter_const(cert)))) { tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime"); goto end; } @@ -2374,12 +2379,12 @@ check_cert_lifetime_internal(int severity, const X509 *cert, now = time(NULL); t = now + future_tolerance; - if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) { + if (X509_cmp_time(X509_get_notBefore_const(cert), &t) > 0) { log_cert_lifetime(severity, cert, "not yet valid"); return -1; } t = now - past_tolerance; - if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) { + if (X509_cmp_time(X509_get_notAfter_const(cert), &t) < 0) { log_cert_lifetime(severity, cert, "already expired"); return -1; }

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.7'
by nickm＠torproject.org 06 Oct '15

06 Oct '15

commit bfd9dccdb8692a8d1d04c1c4004bc4bd3236c7b1 Merge: b216340 1eb838b Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Oct 6 09:06:57 2015 -0400 Merge remote-tracking branch 'origin/maint-0.2.7' changes/bug17237_027 | 4 ++++ changes/bug17251 | 3 +++ src/common/tortls.c | 13 +++++++++---- src/test/test_crypto_slow.c | 2 +- 4 files changed, 17 insertions(+), 5 deletions(-)

1 0