April 2017 - tor-commits - lists.torproject.org

[tor-browser-build/master] Bug 21709: Upgrade Go to 1.7.5.
by boklm＠torproject.org 07 Apr '17

07 Apr '17

commit 949c0d9e83d911b2fa80279edddb06c7e6299c80 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Fri Apr 7 13:11:41 2017 +0200 Bug 21709: Upgrade Go to 1.7.5. tor-browser-bundle.git commit: 1942f7b2f6e5f82c64dcfeab82713604866cb26f --- projects/go/config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/go/config b/projects/go/config index dbd7aab..89b4b45 100644 --- a/projects/go/config +++ b/projects/go/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 1.7.4 +version: 1.7.5 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' remote_docker: 1 @@ -75,7 +75,7 @@ input_files: enable: '[% c("var/windows") || c("var/osx") %]' - URL: 'https://golang.org/dl/go[% c("version") %].src.tar.gz' name: go - sha256sum: 4c189111e9ba651a2bb3ee868aa881fab36b2f2da3409e80885ca758a6b614cc + sha256sum: 4e834513a2079f8cbbd357502cccaac9507fd00a1efe672375798858ff291815 - URL: 'https://golang.org/dl/go[% c("var/go14_version") %].src.tar.gz' name: go14 sha256sum: 9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959

1 0

[tor-browser-build/master] Update mozconfig files
by boklm＠torproject.org 07 Apr '17

07 Apr '17

commit e6fb26f57bd0aca191e55798f63a533ea82675cd Author: Nicolas Vigier <boklm(a)torproject.org> Date: Fri Apr 7 13:41:03 2017 +0200 Update mozconfig files Update the mozconfig files with the changes from the versions in tor-browser.git. We are currently not using the mozconfig files from tor-browser.git directly as we need to modify some of them. --- projects/firefox/mozconfig-linux-i686 | 11 ++++------- projects/firefox/mozconfig-linux-x86_64 | 11 ++++------- projects/firefox/mozconfig-osx-x86_64 | 4 +--- projects/firefox/mozconfig-windows-i686 | 5 +---- 4 files changed, 10 insertions(+), 21 deletions(-) diff --git a/projects/firefox/mozconfig-linux-i686 b/projects/firefox/mozconfig-linux-i686 index 306b674..8b4ecb3 100755 --- a/projects/firefox/mozconfig-linux-i686 +++ b/projects/firefox/mozconfig-linux-i686 @@ -5,10 +5,6 @@ mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" mk_add_options MOZILLA_OFFICIAL=1 mk_add_options BUILD_OFFICIAL=1 -# Use jemalloc 4.x. In 52ESR, we should use -# the --enable-jemalloc=4 flag instead: -export MOZ_JEMALLOC4=1 - export CFLAGS=-m32 export CXXFLAGS=-m32 export LDFLAGS=-m32 @@ -21,8 +17,10 @@ ac_add_options --enable-optimize #ac_add_options --disable-optimize ac_add_options --enable-official-branding +# Let's support GTK2 for ESR52 +ac_add_options --enable-default-toolkit=cairo-gtk2 + ac_add_options --enable-tor-browser-update -ac_add_options --enable-update-packaging ac_add_options --enable-signmar ac_add_options --enable-verify-mar @@ -34,7 +32,6 @@ ac_add_options --disable-maintenance-service ac_add_options --disable-crashreporter ac_add_options --disable-webrtc # Let's not compile EME at least until we can enable ClearKey and only Clearkey. -# (Apart from that there is no Adobe CRM module for Linux right now) ac_add_options --disable-eme #ac_add_options --disable-ctypes -ac_add_options --disable-loop +ac_add_options --enable-jemalloc=4 diff --git a/projects/firefox/mozconfig-linux-x86_64 b/projects/firefox/mozconfig-linux-x86_64 index a419808..cde5b49 100755 --- a/projects/firefox/mozconfig-linux-x86_64 +++ b/projects/firefox/mozconfig-linux-x86_64 @@ -5,16 +5,14 @@ mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" mk_add_options MOZILLA_OFFICIAL=1 mk_add_options BUILD_OFFICIAL=1 -# Use jemalloc 4.x. In 52ESR, we should use -# the --enable-jemalloc=4 flag instead: -export MOZ_JEMALLOC4=1 - ac_add_options --enable-optimize #ac_add_options --disable-optimize ac_add_options --enable-official-branding +# Let's support GTK2 for ESR52 +ac_add_options --enable-default-toolkit=cairo-gtk2 + ac_add_options --enable-tor-browser-update -ac_add_options --enable-update-packaging ac_add_options --enable-signmar ac_add_options --enable-verify-mar @@ -26,7 +24,6 @@ ac_add_options --disable-maintenance-service ac_add_options --disable-crashreporter ac_add_options --disable-webrtc # Let's not compile EME at least until we can enable ClearKey and only Clearkey. -# (Apart from that there is no Adobe CRM module for Linux right now) ac_add_options --disable-eme #ac_add_options --disable-ctypes -ac_add_options --disable-loop +ac_add_options --enable-jemalloc=4 diff --git a/projects/firefox/mozconfig-osx-x86_64 b/projects/firefox/mozconfig-osx-x86_64 index 259e745..c75b2f5 100644 --- a/projects/firefox/mozconfig-osx-x86_64 +++ b/projects/firefox/mozconfig-osx-x86_64 @@ -18,7 +18,7 @@ export AR=${TOOLCHAIN_PREFIX}ar export RANLIB=${TOOLCHAIN_PREFIX}ranlib export STRIP=${TOOLCHAIN_PREFIX}strip export OTOOL=${TOOLCHAIN_PREFIX}otool -export DSYMUTIL=$topsrcdir/clang/bin/llvm-dsymutil +export DSYMUTIL="$TOOLCHAIN_DIR/clang/bin/llvm-dsymutil" export HOST_CC="$TOOLCHAIN_DIR/clang/helpers/clang" export HOST_CXX="$TOOLCHAIN_DIR/clang/helpers/clang++" @@ -43,7 +43,6 @@ ac_add_options --disable-debug ac_add_options --enable-tor-browser-data-outside-app-dir ac_add_options --enable-tor-browser-update -ac_add_options --enable-update-packaging ac_add_options --enable-signmar ac_add_options --enable-verify-mar @@ -55,4 +54,3 @@ ac_add_options --disable-tests # (Apart from that there is no Adobe CRM module for OS X right now) ac_add_options --disable-eme # ac_add_options --disable-ctypes -ac_add_options --disable-loop diff --git a/projects/firefox/mozconfig-windows-i686 b/projects/firefox/mozconfig-windows-i686 index 33ea6d4..de86c49 100644 --- a/projects/firefox/mozconfig-windows-i686 +++ b/projects/firefox/mozconfig-windows-i686 @@ -2,6 +2,7 @@ CROSS_COMPILE=1 ac_add_options --enable-application=browser ac_add_options --target=i686-w64-mingw32 +ac_add_options --with-toolchain-prefix=i686-w64-mingw32- ac_add_options --enable-default-toolkit=cairo-windows mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-mingw mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" @@ -14,7 +15,6 @@ ac_add_options --enable-strip ac_add_options --enable-official-branding ac_add_options --enable-tor-browser-update -ac_add_options --enable-update-packaging ac_add_options --enable-signmar ac_add_options --enable-verify-mar @@ -27,6 +27,3 @@ ac_add_options --disable-crashreporter ac_add_options --disable-maintenance-service ac_add_options --disable-webrtc ac_add_options --disable-tests - -#ac_add_options --disable-ctypes -ac_add_options --disable-loop

1 0

[tor-browser-build/master] Bug 21240: Bump mingw-w64 commit for ESR52 compilation
by boklm＠torproject.org 07 Apr '17

07 Apr '17

commit 580dad39db54fcd8d0f6e9f418bd791d02b1e8b3 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Fri Apr 7 13:24:37 2017 +0200 Bug 21240: Bump mingw-w64 commit for ESR52 compilation tor-browser-bundle.git commit: b5beb33b57643ff83838337ded870511599d45f5 --- projects/mingw-w64/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/mingw-w64/config b/projects/mingw-w64/config index 425e125..3065df7 100644 --- a/projects/mingw-w64/config +++ b/projects/mingw-w64/config @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' git_url: http://git.code.sf.net/p/mingw-w64/mingw-w64 -git_hash: a0cd5afeb60be3be0860e9a203314c10485bb9b8 +git_hash: 9c7c7122401cfd932e599bec5b4b7ca846deb5c0 version: '[% c("abbrev") %]' remote_docker: 1 var:

1 0

[tor-browser-build/master] Bump noscript version
by boklm＠torproject.org 07 Apr '17

07 Apr '17

commit 846dae993e531b638e981540ed0136c7d225a0e5 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Fri Apr 7 13:37:19 2017 +0200 Bump noscript version --- projects/tor-browser/config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/tor-browser/config b/projects/tor-browser/config index f2c1d72..87cc6b2 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -52,9 +52,9 @@ input_files: name: snowflake enable: '[% c("var/snowflake") %]' - filename: Bundle-Data - - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suit… + - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suit… name: noscript - sha256sum: ce9779a3a5a2574b958f8e4d079a99d43a8f84193bef52c587c704ed81c2fbbd + sha256sum: 31ba7743699deefb606bcc49197d26d926f6b4e3d3526cd2f8a339f857a04fb1 - filename: RelativeLink enable: '[% c("var/linux") %]' - project: libdmg-hfsplus

1 0

[tor/master] Comment fix. (Catalyst spotted this)
by nickm＠torproject.org 07 Apr '17

07 Apr '17

commit d33c3627f4e690b80c8801e306159e8d90e930e4 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Apr 7 10:00:08 2017 -0400 Comment fix. (Catalyst spotted this) --- src/common/util_format.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/util_format.c b/src/common/util_format.c index f6788e9..419cc12 100644 --- a/src/common/util_format.c +++ b/src/common/util_format.c @@ -136,7 +136,7 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen) * bytes. * * (WATCH OUT: This API <em>does not</em> count the terminating NUL byte, - * but base64_encoded_size does.) + * but base32_encoded_size does.) * * If <b>flags</b>&BASE64_ENCODE_MULTILINE is true, return the size * of the encoded output as multiline output (64 character, `\n' terminated

1 0

[tor/master] Make crypto_ed25519.c no longer depend on openssl
by nickm＠torproject.org 07 Apr '17

07 Apr '17

commit 3fc4f81de3d68947e5212e349fa0e1d7ed77ef67 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sat Mar 25 11:34:22 2017 +0100 Make crypto_ed25519.c no longer depend on openssl Now it calls through our own crypto API. --- src/common/crypto_ed25519.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c index f97b289..188e18c 100644 --- a/src/common/crypto_ed25519.c +++ b/src/common/crypto_ed25519.c @@ -32,8 +32,6 @@ #include "ed25519/ref10/ed25519_ref10.h" #include "ed25519/donna/ed25519_donna_tor.h" -#include <openssl/sha.h> - static void pick_ed25519_impl(void); /** An Ed25519 implementation, as a set of function pointers. */ @@ -442,14 +440,16 @@ ed25519_keypair_from_curve25519_keypair(ed25519_keypair_t *out, { const char string[] = "Derive high part of ed25519 key from curve25519 key"; ed25519_public_key_t pubkey_check; - SHA512_CTX ctx; - uint8_t sha512_output[64]; + crypto_digest_t *ctx; + uint8_t sha512_output[DIGEST512_LEN]; memcpy(out->seckey.seckey, inp->seckey.secret_key, 32); - SHA512_Init(&ctx); - SHA512_Update(&ctx, out->seckey.seckey, 32); - SHA512_Update(&ctx, string, sizeof(string)); - SHA512_Final(sha512_output, &ctx); + + ctx = crypto_digest512_new(DIGEST_SHA512); + crypto_digest_add_bytes(ctx, (const char*)out->seckey.seckey, 32); + crypto_digest_add_bytes(ctx, (const char*)string, sizeof(string)); + crypto_digest_get_digest(ctx, (char *)sha512_output, sizeof(sha512_output)); + crypto_digest_free(ctx); memcpy(out->seckey.seckey + 32, sha512_output, 32); ed25519_public_key_generate(&out->pubkey, &out->seckey);

1 0

[tor/master] Isolate dmalloc/openssl bridge code to crypto.c
by nickm＠torproject.org 07 Apr '17

07 Apr '17

commit e7506c03cf7e3121fb33567452039eaccd1eea50 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sat Mar 25 11:27:50 2017 +0100 Isolate dmalloc/openssl bridge code to crypto.c This makes it so main.c, and the rest of src/or, no longer need to include any openssl headers. --- src/common/crypto.c | 12 ++++++++++++ src/common/crypto.h | 4 ++++ src/or/main.c | 5 ++--- src/test/testing_common.c | 5 ++--- 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/common/crypto.c b/src/common/crypto.c index a5eb7b5..e1094ae 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -3459,3 +3459,15 @@ crypto_global_cleanup(void) /** @} */ +#ifdef USE_DMALLOC +/** Tell the crypto library to use Tor's allocation functions rather than + * calling libc's allocation functions directly. Return 0 on success, -1 + * on failure. */ +int +crypto_use_tor_alloc_functions(void) +{ + int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_); + return r ? 0 : -1; +} +#endif + diff --git a/src/common/crypto.h b/src/common/crypto.h index 62c78b5..c70d91c 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -131,6 +131,10 @@ int crypto_early_init(void) ATTR_WUR; int crypto_global_init(int hardwareAccel, const char *accelName, const char *accelPath) ATTR_WUR; +#ifdef USE_DMALLOC +int crypto_use_tor_alloc_functions(void); +#endif + void crypto_thread_cleanup(void); int crypto_global_cleanup(void); diff --git a/src/or/main.c b/src/or/main.c index 5b73aea..4505879 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -104,7 +104,6 @@ #include "ext_orport.h" #ifdef USE_DMALLOC #include <dmalloc.h> -#include <openssl/crypto.h> #endif #include "memarea.h" #include "sandbox.h" @@ -3617,8 +3616,8 @@ tor_main(int argc, char *argv[]) { /* Instruct OpenSSL to use our internal wrappers for malloc, realloc and free. */ - int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_); - tor_assert(r); + int r = crypto_use_tor_alloc_functions(); + tor_assert(r == 0); } #endif #ifdef NT_SERVICE diff --git a/src/test/testing_common.c b/src/test/testing_common.c index bb2bcbf..0e37e0d 100644 --- a/src/test/testing_common.c +++ b/src/test/testing_common.c @@ -38,7 +38,6 @@ const char tor_git_revision[] = ""; #ifdef USE_DMALLOC #include <dmalloc.h> -#include <openssl/crypto.h> #include "main.h" #endif @@ -238,8 +237,8 @@ main(int c, const char **v) #ifdef USE_DMALLOC { - int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_); - tor_assert(r); + int r = crypto_use_tor_alloc_functions(); + tor_assert(r == 0); } #endif

1 0

[tor/master] Make our ed25519 implementations no longer use openssl directly.
by nickm＠torproject.org 07 Apr '17

07 Apr '17

commit 38fb651f0d740bef575ad7f95475cc504ea4cb8f Author: Nick Mathewson <nickm(a)torproject.org> Date: Sat Mar 25 11:49:41 2017 +0100 Make our ed25519 implementations no longer use openssl directly. --- src/ext/ed25519/donna/ed25519-hash-custom.h | 31 +++++++++++++++++++++++++++++ src/ext/ed25519/ref10/crypto_hash_sha512.h | 30 +++++++++++++++------------- src/ext/include.am | 1 + 3 files changed, 48 insertions(+), 14 deletions(-) diff --git a/src/ext/ed25519/donna/ed25519-hash-custom.h b/src/ext/ed25519/donna/ed25519-hash-custom.h index 7dc2491..609451a 100644 --- a/src/ext/ed25519/donna/ed25519-hash-custom.h +++ b/src/ext/ed25519/donna/ed25519-hash-custom.h @@ -9,3 +9,34 @@ void ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen); */ +#include "crypto.h" + +typedef struct ed25519_hash_context { + crypto_digest_t *ctx; +} ed25519_hash_context; + + +static void +ed25519_hash_init(ed25519_hash_context *ctx) +{ + ctx->ctx = crypto_digest512_new(DIGEST_SHA512); +} +static void +ed25519_hash_update(ed25519_hash_context *ctx, const uint8_t *in, size_t inlen) +{ + crypto_digest_add_bytes(ctx->ctx, (const char *)in, inlen); +} +static void +ed25519_hash_final(ed25519_hash_context *ctx, uint8_t *hash) +{ + crypto_digest_get_digest(ctx->ctx, (char *)hash, DIGEST512_LEN); + crypto_digest_free(ctx->ctx); + ctx->ctx = NULL; +} +static void +ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen) +{ + crypto_digest512((char *)hash, (const char *)in, inlen, + DIGEST_SHA512); +} + diff --git a/src/ext/ed25519/ref10/crypto_hash_sha512.h b/src/ext/ed25519/ref10/crypto_hash_sha512.h index 0278571..e454c4e 100644 --- a/src/ext/ed25519/ref10/crypto_hash_sha512.h +++ b/src/ext/ed25519/ref10/crypto_hash_sha512.h @@ -1,30 +1,32 @@ /* Added for Tor. */ -#include <openssl/sha.h> +#include "crypto.h" /* Set 'out' to the 512-bit SHA512 hash of the 'len'-byte string in 'inp' */ #define crypto_hash_sha512(out, inp, len) \ - SHA512((inp), (len), (out)) + crypto_digest512((char *)(out), (const char *)(inp), (len), DIGEST_SHA512) /* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1', * concatenated with the 'len2'-byte string in 'inp2'. */ #define crypto_hash_sha512_2(out, inp1, len1, inp2, len2) \ do { \ - SHA512_CTX sha_ctx_; \ - SHA512_Init(&sha_ctx_); \ - SHA512_Update(&sha_ctx_, (inp1), (len1)); \ - SHA512_Update(&sha_ctx_, (inp2), (len2)); \ - SHA512_Final((out), &sha_ctx_); \ - } while(0) + crypto_digest_t *sha_ctx_; \ + sha_ctx_ = crypto_digest512_new(DIGEST_SHA512); \ + crypto_digest_add_bytes(sha_ctx_, (const char *)(inp1), (len1)); \ + crypto_digest_add_bytes(sha_ctx_, (const char *)(inp2), (len2)); \ + crypto_digest_get_digest(sha_ctx_, (char *)out, 64); \ + crypto_digest_free(sha_ctx_); \ + } while (0) /* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1', * concatenated with the 'len2'-byte string in 'inp2', concatenated with * the 'len3'-byte string in 'len3'. */ #define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3) \ do { \ - SHA512_CTX sha_ctx_; \ - SHA512_Init(&sha_ctx_); \ - SHA512_Update(&sha_ctx_, (inp1), (len1)); \ - SHA512_Update(&sha_ctx_, (inp2), (len2)); \ - SHA512_Update(&sha_ctx_, (inp3), (len3)); \ - SHA512_Final((out), &sha_ctx_); \ + crypto_digest_t *sha_ctx_; \ + sha_ctx_ = crypto_digest512_new(DIGEST_SHA512); \ + crypto_digest_add_bytes(sha_ctx_, (const char *)(inp1), (len1)); \ + crypto_digest_add_bytes(sha_ctx_, (const char *)(inp2), (len2)); \ + crypto_digest_add_bytes(sha_ctx_, (const char *)(inp3), (len3)); \ + crypto_digest_get_digest(sha_ctx_, (char *)out, 64); \ + crypto_digest_free(sha_ctx_); \ } while(0) diff --git a/src/ext/include.am b/src/ext/include.am index c18e588..7ec2e43 100644 --- a/src/ext/include.am +++ b/src/ext/include.am @@ -101,6 +101,7 @@ noinst_LIBRARIES += $(LIBED25519_REF10) src_ext_ed25519_donna_libed25519_donna_a_CFLAGS=\ @CFLAGS_CONSTTIME@ \ -DED25519_CUSTOMRANDOM \ + -DED25519_CUSTOMHASH \ -DED25519_SUFFIX=_donna src_ext_ed25519_donna_libed25519_donna_a_SOURCES= \

1 0

[tor/master] Remove crypto/rand include from test_crypto.c
by nickm＠torproject.org 07 Apr '17

07 Apr '17

commit 1a14e5be91cfd32f8eee30896eb432a7ff060c05 Author: Nick Mathewson <nickm(a)torproject.org> Date: Sat Mar 25 12:04:11 2017 +0100 Remove crypto/rand include from test_crypto.c Create a new test_crypto_openssl to test openssl-only crypto.c functionality. --- src/test/include.am | 1 + src/test/test.c | 1 + src/test/test.h | 1 + src/test/test_crypto.c | 34 --------------------------- src/test/test_crypto_openssl.c | 52 ++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 55 insertions(+), 34 deletions(-) diff --git a/src/test/include.am b/src/test/include.am index 7ced7ba..41e41b5 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -91,6 +91,7 @@ src_test_test_SOURCES = \ src/test/test_controller.c \ src/test/test_controller_events.c \ src/test/test_crypto.c \ + src/test/test_crypto_openssl.c \ src/test/test_data.c \ src/test/test_dir.c \ src/test/test_dir_common.c \ diff --git a/src/test/test.c b/src/test/test.c index d9723d5..45a68b4 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -1199,6 +1199,7 @@ struct testgroup_t testgroups[] = { { "control/", controller_tests }, { "control/event/", controller_event_tests }, { "crypto/", crypto_tests }, + { "crypto/openssl/", crypto_openssl_tests }, { "dir/", dir_tests }, { "dir_handle_get/", dir_handle_get_tests }, { "dir/md/", microdesc_tests }, diff --git a/src/test/test.h b/src/test/test.h index 0692040..1cd65c9 100644 --- a/src/test/test.h +++ b/src/test/test.h @@ -194,6 +194,7 @@ extern struct testcase_t container_tests[]; extern struct testcase_t controller_tests[]; extern struct testcase_t controller_event_tests[]; extern struct testcase_t crypto_tests[]; +extern struct testcase_t crypto_openssl_tests[]; extern struct testcase_t dir_tests[]; extern struct testcase_t dir_handle_get_tests[]; extern struct testcase_t entryconn_tests[]; diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index 3a6c222..f722492 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -16,7 +16,6 @@ #include "ed25519_vectors.inc" #include <openssl/evp.h> -#include <openssl/rand.h> /** Run unit tests for Diffie-Hellman functionality. */ static void @@ -331,38 +330,6 @@ test_crypto_rng_strongest(void *arg) #undef N } -/* Test for rectifying openssl RAND engine. */ -static void -test_crypto_rng_engine(void *arg) -{ - (void)arg; - RAND_METHOD dummy_method; - memset(&dummy_method, 0, sizeof(dummy_method)); - - /* We should be a no-op if we're already on RAND_OpenSSL */ - tt_int_op(0, ==, crypto_force_rand_ssleay()); - tt_assert(RAND_get_rand_method() == RAND_OpenSSL()); - - /* We should correct the method if it's a dummy. */ - RAND_set_rand_method(&dummy_method); -#ifdef LIBRESSL_VERSION_NUMBER - /* On libressl, you can't override the RNG. */ - tt_assert(RAND_get_rand_method() == RAND_OpenSSL()); - tt_int_op(0, ==, crypto_force_rand_ssleay()); -#else - tt_assert(RAND_get_rand_method() == &dummy_method); - tt_int_op(1, ==, crypto_force_rand_ssleay()); -#endif - tt_assert(RAND_get_rand_method() == RAND_OpenSSL()); - - /* Make sure we aren't calling dummy_method */ - crypto_rand((void *) &dummy_method, sizeof(dummy_method)); - crypto_rand((void *) &dummy_method, sizeof(dummy_method)); - - done: - ; -} - /** Run unit tests for our AES128 functionality */ static void test_crypto_aes128(void *arg) @@ -2941,7 +2908,6 @@ struct testcase_t crypto_tests[] = { CRYPTO_LEGACY(formats), CRYPTO_LEGACY(rng), { "rng_range", test_crypto_rng_range, 0, NULL, NULL }, - { "rng_engine", test_crypto_rng_engine, TT_FORK, NULL, NULL }, { "rng_strongest", test_crypto_rng_strongest, TT_FORK, NULL, NULL }, { "rng_strongest_nosyscall", test_crypto_rng_strongest, TT_FORK, &passthrough_setup, (void*)"nosyscall" }, diff --git a/src/test/test_crypto_openssl.c b/src/test/test_crypto_openssl.c new file mode 100644 index 0000000..64e33f5 --- /dev/null +++ b/src/test/test_crypto_openssl.c @@ -0,0 +1,52 @@ +/* Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2017, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#include "orconfig.h" + +#define CRYPTO_PRIVATE + +#include "crypto.h" +#include "test.h" + +#include <openssl/evp.h> +#include <openssl/rand.h> +#include "compat_openssl.h" + +/* Test for rectifying openssl RAND engine. */ +static void +test_crypto_rng_engine(void *arg) +{ + (void)arg; + RAND_METHOD dummy_method; + memset(&dummy_method, 0, sizeof(dummy_method)); + + /* We should be a no-op if we're already on RAND_OpenSSL */ + tt_int_op(0, ==, crypto_force_rand_ssleay()); + tt_assert(RAND_get_rand_method() == RAND_OpenSSL()); + + /* We should correct the method if it's a dummy. */ + RAND_set_rand_method(&dummy_method); +#ifdef LIBRESSL_VERSION_NUMBER + /* On libressl, you can't override the RNG. */ + tt_assert(RAND_get_rand_method() == RAND_OpenSSL()); + tt_int_op(0, ==, crypto_force_rand_ssleay()); +#else + tt_assert(RAND_get_rand_method() == &dummy_method); + tt_int_op(1, ==, crypto_force_rand_ssleay()); +#endif + tt_assert(RAND_get_rand_method() == RAND_OpenSSL()); + + /* Make sure we aren't calling dummy_method */ + crypto_rand((void *) &dummy_method, sizeof(dummy_method)); + crypto_rand((void *) &dummy_method, sizeof(dummy_method)); + + done: + ; +} + +struct testcase_t crypto_openssl_tests[] = { + { "rng_engine", test_crypto_rng_engine, TT_FORK, NULL, NULL }, + END_OF_TESTCASES +};

1 0

[tor/master] Remove openssl/evp.h dependency from test_crypto.c
by nickm＠torproject.org 07 Apr '17

07 Apr '17

commit a4964466a55a67ca96c751286b3778fc1f12727a Author: Nick Mathewson <nickm(a)torproject.org> Date: Sat Mar 25 12:13:31 2017 +0100 Remove openssl/evp.h dependency from test_crypto.c --- src/test/test_crypto.c | 38 ----------------------------- src/test/test_crypto_openssl.c | 55 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 38 deletions(-) diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index f722492..7a20150 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -15,8 +15,6 @@ #include "crypto_ed25519.h" #include "ed25519_vectors.inc" -#include <openssl/evp.h> - /** Run unit tests for Diffie-Hellman functionality. */ static void test_crypto_dh(void *arg) @@ -1444,28 +1442,6 @@ test_crypto_digest_names(void *arg) ; } -#ifndef OPENSSL_1_1_API -#define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX)) -#define EVP_ENCODE_CTX_free(ctx) tor_free(ctx) -#endif - -/** Encode src into dest with OpenSSL's EVP Encode interface, returning the - * length of the encoded data in bytes. - */ -static int -base64_encode_evp(char *dest, char *src, size_t srclen) -{ - const unsigned char *s = (unsigned char*)src; - EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); - int len, ret; - - EVP_EncodeInit(ctx); - EVP_EncodeUpdate(ctx, (unsigned char *)dest, &len, s, (int)srclen); - EVP_EncodeFinal(ctx, (unsigned char *)(dest + len), &ret); - EVP_ENCODE_CTX_free(ctx); - return ret+ len; -} - /** Run unit tests for misc crypto formatting functionality (base64, base32, * fingerprints, etc) */ static void @@ -1521,20 +1497,6 @@ test_crypto_formats(void *arg) tt_assert(digest_from_base64(data3, "###") < 0); - for (i = 0; i < 256; i++) { - /* Test the multiline format Base64 encoder with 0 .. 256 bytes of - * output against OpenSSL. - */ - const size_t enclen = base64_encode_size(i, BASE64_ENCODE_MULTILINE); - data1[i] = i; - j = base64_encode(data2, 1024, data1, i, BASE64_ENCODE_MULTILINE); - tt_int_op(j, OP_EQ, enclen); - j = base64_encode_evp(data3, data1, i); - tt_int_op(j, OP_EQ, enclen); - tt_mem_op(data2, OP_EQ, data3, enclen); - tt_int_op(j, OP_EQ, strlen(data2)); - } - /* Encoding SHA256 */ crypto_rand(data2, DIGEST256_LEN); memset(data2, 100, 1024); diff --git a/src/test/test_crypto_openssl.c b/src/test/test_crypto_openssl.c index 64e33f5..3d7d2b4 100644 --- a/src/test/test_crypto_openssl.c +++ b/src/test/test_crypto_openssl.c @@ -8,6 +8,9 @@ #define CRYPTO_PRIVATE #include "crypto.h" +#include "util.h" +#include "util_format.h" +#include "compat.h" #include "test.h" #include <openssl/evp.h> @@ -46,7 +49,59 @@ test_crypto_rng_engine(void *arg) ; } +#ifndef OPENSSL_1_1_API +#define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX)) +#define EVP_ENCODE_CTX_free(ctx) tor_free(ctx) +#endif + +/** Encode src into dest with OpenSSL's EVP Encode interface, returning the + * length of the encoded data in bytes. + */ +static int +base64_encode_evp(char *dest, char *src, size_t srclen) +{ + const unsigned char *s = (unsigned char*)src; + EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); + int len, ret; + + EVP_EncodeInit(ctx); + EVP_EncodeUpdate(ctx, (unsigned char *)dest, &len, s, (int)srclen); + EVP_EncodeFinal(ctx, (unsigned char *)(dest + len), &ret); + EVP_ENCODE_CTX_free(ctx); + return ret+ len; +} + +static void +test_crypto_base64_encode_matches(void *arg) +{ + (void)arg; + int i, j; + char data1[1024]; + char data2[1024]; + char data3[1024]; + + for (i = 0; i < 256; i++) { + /* Test the multiline format Base64 encoder with 0 .. 256 bytes of + * output against OpenSSL. + */ + const size_t enclen = base64_encode_size(i, BASE64_ENCODE_MULTILINE); + data1[i] = i; + j = base64_encode(data2, 1024, data1, i, BASE64_ENCODE_MULTILINE); + tt_int_op(j, OP_EQ, enclen); + j = base64_encode_evp(data3, data1, i); + tt_int_op(j, OP_EQ, enclen); + tt_mem_op(data2, OP_EQ, data3, enclen); + tt_int_op(j, OP_EQ, strlen(data2)); + } + + done: + ; +} + struct testcase_t crypto_openssl_tests[] = { { "rng_engine", test_crypto_rng_engine, TT_FORK, NULL, NULL }, + { "base64_encode_match", test_crypto_base64_encode_matches, + TT_FORK, NULL, NULL }, END_OF_TESTCASES }; +

1 0