tor-commits
Threads by month
- ----- 2025 -----
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
May 2018
- 17 participants
- 1514 discussions
commit 2f269bfaf1d1d89324e8936425bf19bb64bcb06e
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Thu May 3 16:16:09 2018 -0400
Add src/rust/rand to include.am
---
src/rust/include.am | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/rust/include.am b/src/rust/include.am
index f1aa0bd5a..4bc07b05c 100644
--- a/src/rust/include.am
+++ b/src/rust/include.am
@@ -14,6 +14,9 @@ EXTRA_DIST +=\
src/rust/protover/lib.rs \
src/rust/protover/protover.rs \
src/rust/protover/tests/protover.rs \
+ src/rust/rand/Cargo.toml \
+ src/rust/rand/lib.toml \
+ src/rust/rand/rng.toml \
src/rust/smartlist/Cargo.toml \
src/rust/smartlist/lib.rs \
src/rust/smartlist/smartlist.rs \
1
0
[tor/master] Move some includes around to try to fix windows builds
by nickm@torproject.org 03 May '18
by nickm@torproject.org 03 May '18
03 May '18
commit 2d07aef3cc4ed21b7d66602912f74c287f5cb395
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Thu May 3 16:14:38 2018 -0400
Move some includes around to try to fix windows builds
---
src/common/crypto_rand.c | 4 ++--
src/common/crypto_util.c | 4 +++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/common/crypto_rand.c b/src/common/crypto_rand.c
index 66506235a..5abf0b096 100644
--- a/src/common/crypto_rand.c
+++ b/src/common/crypto_rand.c
@@ -14,13 +14,13 @@
#ifndef CRYPTO_RAND_PRIVATE
#define CRYPTO_RAND_PRIVATE
+#include "crypto_rand.h"
+
#ifdef _WIN32
#include <windows.h>
#include <wincrypt.h>
#endif /* defined(_WIN32) */
-#include "crypto_rand.h"
-
#include "container.h"
#include "compat.h"
#include "compat_openssl.h"
diff --git a/src/common/crypto_util.c b/src/common/crypto_util.c
index c09afe6ee..b0d5b6b2f 100644
--- a/src/common/crypto_util.c
+++ b/src/common/crypto_util.c
@@ -13,14 +13,16 @@
#ifndef CRYPTO_UTIL_PRIVATE
#define CRYPTO_UTIL_PRIVATE
+#include "crypto_util.h"
+
#include <string.h>
#ifdef _WIN32
+#include <winsock2.h>
#include <windows.h>
#include <wincrypt.h>
#endif /* defined(_WIN32) */
-#include "crypto_util.h"
#include "util.h"
DISABLE_GCC_WARNING(redundant-decls)
1
0
[translation/tails-openpgp-applet_completed] Update translations for tails-openpgp-applet_completed
by translation@torproject.org 03 May '18
by translation@torproject.org 03 May '18
03 May '18
commit 2c1314fd38db0c565f1146ffb259d8980659d93a
Author: Translation commit bot <translation(a)torproject.org>
Date: Thu May 3 19:18:12 2018 +0000
Update translations for tails-openpgp-applet_completed
---
ta/openpgp-applet.pot | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ta/openpgp-applet.pot b/ta/openpgp-applet.pot
index 00862605f..82e53ec43 100644
--- a/ta/openpgp-applet.pot
+++ b/ta/openpgp-applet.pot
@@ -9,8 +9,8 @@ msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: tails(a)boum.org\n"
"POT-Creation-Date: 2017-08-05 15:07-0400\n"
-"PO-Revision-Date: 2018-01-23 15:43+0000\n"
-"Last-Translator: Senthil Kumar <paranthaba(a)gmail.com>\n"
+"PO-Revision-Date: 2018-05-03 18:52+0000\n"
+"Last-Translator: Selva Makilan <66makilan66(a)gmail.com>\n"
"Language-Team: Tamil (http://www.transifex.com/otf/torproject/language/ta/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
1
0
[translation/tails-openpgp-applet] Update translations for tails-openpgp-applet
by translation@torproject.org 03 May '18
by translation@torproject.org 03 May '18
03 May '18
commit 17b4b22e34c7c50e6d243d473c78de713e326685
Author: Translation commit bot <translation(a)torproject.org>
Date: Thu May 3 19:18:05 2018 +0000
Update translations for tails-openpgp-applet
---
ta/openpgp-applet.pot | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ta/openpgp-applet.pot b/ta/openpgp-applet.pot
index 00862605f..82e53ec43 100644
--- a/ta/openpgp-applet.pot
+++ b/ta/openpgp-applet.pot
@@ -9,8 +9,8 @@ msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: tails(a)boum.org\n"
"POT-Creation-Date: 2017-08-05 15:07-0400\n"
-"PO-Revision-Date: 2018-01-23 15:43+0000\n"
-"Last-Translator: Senthil Kumar <paranthaba(a)gmail.com>\n"
+"PO-Revision-Date: 2018-05-03 18:52+0000\n"
+"Last-Translator: Selva Makilan <66makilan66(a)gmail.com>\n"
"Language-Team: Tamil (http://www.transifex.com/otf/torproject/language/ta/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
1
0
[tor/master] crypto: Refactor (P)RNG functionality into new crypto_rand module.
by nickm@torproject.org 03 May '18
by nickm@torproject.org 03 May '18
03 May '18
commit fe3aca149191f2eac410caa7113fb6f7e0804d8c
Author: Isis Lovecruft <isis(a)torproject.org>
Date: Fri Apr 6 21:23:29 2018 +0000
crypto: Refactor (P)RNG functionality into new crypto_rand module.
* ADD new /src/common/crypto_rand.[ch] module.
* ADD new /src/common/crypto_util.[ch] module (contains the memwipe()
function, since all crypto_* modules need this).
* FIXES part of #24658: https://bugs.torproject.org/24658
---
src/common/address_set.c | 2 +-
src/common/compat_libevent.c | 2 +-
src/common/crypto.c | 602 +-------------------
src/common/crypto.h | 36 --
src/common/crypto_curve25519.c | 2 +
src/common/crypto_digest.c | 9 +-
src/common/crypto_ed25519.c | 2 +
src/common/crypto_format.c | 1 +
src/common/crypto_pwbox.c | 2 +
src/common/crypto_rand.c | 609 +++++++++++++++++++++
src/common/crypto_rand.h | 53 ++
src/common/crypto_rsa.c | 2 +
src/common/crypto_s2k.c | 2 +
src/common/crypto_util.c | 105 ++++
src/common/crypto_util.h | 27 +
src/common/include.am | 4 +
src/common/tortls.c | 2 +
src/common/workqueue.c | 2 +-
src/ext/ed25519/donna/ed25519-randombytes-custom.h | 2 +-
src/ext/ed25519/donna/ed25519_tor.c | 2 +
src/ext/ed25519/ref10/blinding.c | 2 +-
src/ext/ed25519/ref10/keypair.c | 3 +
src/ext/keccak-tiny/keccak-tiny-unrolled.c | 2 +-
src/or/addressmap.c | 1 +
src/or/channelpadding.c | 1 +
src/or/circpathbias.c | 1 +
src/or/circuitbuild.c | 2 +-
src/or/circuitlist.c | 2 +
src/or/circuitstats.c | 1 +
src/or/command.c | 1 +
src/or/config.c | 2 +
src/or/connection.c | 1 +
src/or/connection_edge.c | 1 +
src/or/connection_or.c | 2 +
src/or/conscache.c | 1 +
src/or/control.c | 2 +
src/or/cpuworker.c | 2 +
src/or/directory.c | 2 +
src/or/dns.c | 1 +
src/or/dos.c | 1 +
src/or/entrynodes.c | 1 +
src/or/ext_orport.c | 2 +
src/or/hibernate.c | 1 +
src/or/hs_cache.c | 1 +
src/or/hs_cell.c | 1 +
src/or/hs_circuit.c | 2 +
src/or/hs_client.c | 2 +
src/or/hs_common.c | 2 +
src/or/hs_control.c | 1 +
src/or/hs_descriptor.c | 2 +
src/or/hs_descriptor.h | 1 +
src/or/hs_ident.c | 1 +
src/or/hs_ntor.c | 1 +
src/or/hs_service.c | 2 +
src/or/main.c | 1 +
src/or/networkstatus.c | 2 +
src/or/onion.c | 1 +
src/or/onion_fast.c | 2 +
src/or/onion_ntor.c | 1 +
src/or/onion_tap.c | 2 +
src/or/proto_socks.c | 1 +
src/or/relay.c | 2 +
src/or/rendclient.c | 2 +
src/or/rendcommon.c | 2 +
src/or/rendservice.c | 2 +
src/or/rephist.c | 1 +
src/or/router.c | 2 +
src/or/routerkeys.c | 1 +
src/or/routerlist.c | 1 +
src/or/routerparse.c | 1 +
src/or/shared_random.c | 2 +
src/or/shared_random_state.c | 1 +
src/or/torcert.c | 2 +-
src/test/bench.c | 1 +
src/test/rend_test_helpers.c | 1 +
src/test/test-memwipe.c | 2 +-
src/test/test-timers.c | 2 +-
src/test/test.c | 1 +
src/test/test_address_set.c | 1 +
src/test/test_buffers.c | 1 +
src/test/test_cell_formats.c | 1 +
src/test/test_channel.c | 1 +
src/test/test_consdiffmgr.c | 1 +
src/test/test_containers.c | 1 +
src/test/test_crypto.c | 3 +-
src/test/test_crypto_openssl.c | 4 +-
src/test/test_crypto_slow.c | 1 +
src/test/test_dir.c | 1 +
src/test/test_dos.c | 1 +
src/test/test_entrynodes.c | 1 +
src/test/test_extorport.c | 1 +
src/test/test_helpers.c | 1 +
src/test/test_hs_cell.c | 1 +
src/test/test_hs_common.c | 1 +
src/test/test_hs_descriptor.c | 1 +
src/test/test_hs_intropoint.c | 2 +-
src/test/test_hs_service.c | 2 +-
src/test/test_nodelist.c | 1 +
src/test/test_oom.c | 1 +
src/test/test_routerlist.c | 1 +
src/test/test_shared_random.c | 1 +
src/test/test_storagedir.c | 1 +
src/test/test_util.c | 1 +
src/test/test_util_format.c | 1 +
src/test/test_workqueue.c | 2 +-
src/test/testing_common.c | 1 +
src/test/testing_rsakeys.c | 1 +
src/tools/tor-gencert.c | 2 +
src/trunnel/trunnel-local.h | 2 +-
109 files changed, 939 insertions(+), 657 deletions(-)
diff --git a/src/common/address_set.c b/src/common/address_set.c
index f61fa294e..b2f4bb4c9 100644
--- a/src/common/address_set.c
+++ b/src/common/address_set.c
@@ -15,7 +15,7 @@
#include "address.h"
#include "compat.h"
#include "container.h"
-#include "crypto.h"
+#include "crypto_rand.h"
#include "util.h"
#include "siphash.h"
diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c
index 735385557..6d8cac70e 100644
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@@ -11,7 +11,7 @@
#define COMPAT_LIBEVENT_PRIVATE
#include "compat_libevent.h"
-#include "crypto.h"
+#include "crypto_rand.h"
#include "util.h"
#include "torlog.h"
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 9fcd17742..8d5897e49 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -28,8 +28,10 @@
#include "crypto_curve25519.h"
#include "crypto_ed25519.h"
#include "crypto_format.h"
+#include "crypto_rand.h"
#include "crypto_rsa.h"
#include "crypto_digest.h"
+#include "crypto_util.h"
DISABLE_GCC_WARNING(redundant-decls)
@@ -38,7 +40,6 @@ DISABLE_GCC_WARNING(redundant-decls)
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
-#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/conf.h>
@@ -60,12 +61,6 @@ ENABLE_GCC_WARNING(redundant-decls)
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_SYS_FCNTL_H
-#include <sys/fcntl.h>
-#endif
#ifdef HAVE_SYS_SYSCALL_H
#include <sys/syscall.h>
#endif
@@ -84,12 +79,6 @@ ENABLE_GCC_WARNING(redundant-decls)
#include "keccak-tiny/keccak-tiny.h"
-/** Longest recognized */
-#define MAX_DNS_LABEL_SIZE 63
-
-/** Largest strong entropy request */
-#define MAX_STRONGEST_RAND_SIZE 256
-
/** A structure to hold the first half (x, g^x) of a Diffie-Hellman handshake
* while we're waiting for the second.*/
struct crypto_dh_t {
@@ -162,23 +151,6 @@ try_load_engine(const char *path, const char *engine)
}
#endif /* !defined(DISABLE_ENGINES) */
-/** Make sure that openssl is using its default PRNG. Return 1 if we had to
- * adjust it; 0 otherwise. */
-STATIC int
-crypto_force_rand_ssleay(void)
-{
- RAND_METHOD *default_method;
- default_method = RAND_OpenSSL();
- if (RAND_get_rand_method() != default_method) {
- log_notice(LD_CRYPTO, "It appears that one of our engines has provided "
- "a replacement the OpenSSL RNG. Resetting it to the default "
- "implementation.");
- RAND_set_rand_method(default_method);
- return 1;
- }
- return 0;
-}
-
static int have_seeded_siphash = 0;
/** Set up the siphash key if we haven't already done so. */
@@ -1083,576 +1055,6 @@ crypto_dh_free_(crypto_dh_t *dh)
tor_free(dh);
}
-/* random numbers */
-
-/** How many bytes of entropy we add at once.
- *
- * This is how much entropy OpenSSL likes to add right now, so maybe it will
- * work for us too. */
-#define ADD_ENTROPY 32
-
-/** Set the seed of the weak RNG to a random value. */
-void
-crypto_seed_weak_rng(tor_weak_rng_t *rng)
-{
- unsigned seed;
- crypto_rand((void*)&seed, sizeof(seed));
- tor_init_weak_random(rng, seed);
-}
-
-#ifdef TOR_UNIT_TESTS
-int break_strongest_rng_syscall = 0;
-int break_strongest_rng_fallback = 0;
-#endif
-
-/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
- * via system calls, storing it into <b>out</b>. Return 0 on success, -1 on
- * failure. A maximum request size of 256 bytes is imposed.
- */
-static int
-crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
-{
- tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE);
-
- /* We only log at notice-level here because in the case that this function
- * fails the crypto_strongest_rand_raw() caller will log with a warning-level
- * message and let crypto_strongest_rand() error out and finally terminating
- * Tor with an assertion error.
- */
-
-#ifdef TOR_UNIT_TESTS
- if (break_strongest_rng_syscall)
- return -1;
-#endif
-
-#if defined(_WIN32)
- static int provider_set = 0;
- static HCRYPTPROV provider;
-
- if (!provider_set) {
- if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT)) {
- log_notice(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1].");
- return -1;
- }
- provider_set = 1;
- }
- if (!CryptGenRandom(provider, out_len, out)) {
- log_notice(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI.");
- return -1;
- }
-
- return 0;
-#elif defined(__linux__) && defined(SYS_getrandom)
- static int getrandom_works = 1; /* Be optimistic about our chances... */
-
- /* getrandom() isn't as straightforward as getentropy(), and has
- * no glibc wrapper.
- *
- * As far as I can tell from getrandom(2) and the source code, the
- * requests we issue will always succeed (though it will block on the
- * call if /dev/urandom isn't seeded yet), since we are NOT specifying
- * GRND_NONBLOCK and the request is <= 256 bytes.
- *
- * The manpage is unclear on what happens if a signal interrupts the call
- * while the request is blocked due to lack of entropy....
- *
- * We optimistically assume that getrandom() is available and functional
- * because it is the way of the future, and 2 branch mispredicts pale in
- * comparison to the overheads involved with failing to open
- * /dev/srandom followed by opening and reading from /dev/urandom.
- */
- if (PREDICT_LIKELY(getrandom_works)) {
- long ret;
- /* A flag of '0' here means to read from '/dev/urandom', and to
- * block if insufficient entropy is available to service the
- * request.
- */
- const unsigned int flags = 0;
- do {
- ret = syscall(SYS_getrandom, out, out_len, flags);
- } while (ret == -1 && ((errno == EINTR) ||(errno == EAGAIN)));
-
- if (PREDICT_UNLIKELY(ret == -1)) {
- /* LCOV_EXCL_START we can't actually make the syscall fail in testing. */
- tor_assert(errno != EAGAIN);
- tor_assert(errno != EINTR);
-
- /* Useful log message for errno. */
- if (errno == ENOSYS) {
- log_notice(LD_CRYPTO, "Can't get entropy from getrandom()."
- " You are running a version of Tor built to support"
- " getrandom(), but the kernel doesn't implement this"
- " function--probably because it is too old?"
- " Trying fallback method instead.");
- } else {
- log_notice(LD_CRYPTO, "Can't get entropy from getrandom(): %s."
- " Trying fallback method instead.",
- strerror(errno));
- }
-
- getrandom_works = 0; /* Don't bother trying again. */
- return -1;
- /* LCOV_EXCL_STOP */
- }
-
- tor_assert(ret == (long)out_len);
- return 0;
- }
-
- return -1; /* getrandom() previously failed unexpectedly. */
-#elif defined(HAVE_GETENTROPY)
- /* getentropy() is what Linux's getrandom() wants to be when it grows up.
- * the only gotcha is that requests are limited to 256 bytes.
- */
- return getentropy(out, out_len);
-#else
- (void) out;
-#endif /* defined(_WIN32) || ... */
-
- /* This platform doesn't have a supported syscall based random. */
- return -1;
-}
-
-/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
- * via the per-platform fallback mechanism, storing it into <b>out</b>.
- * Return 0 on success, -1 on failure. A maximum request size of 256 bytes
- * is imposed.
- */
-static int
-crypto_strongest_rand_fallback(uint8_t *out, size_t out_len)
-{
-#ifdef TOR_UNIT_TESTS
- if (break_strongest_rng_fallback)
- return -1;
-#endif
-
-#ifdef _WIN32
- /* Windows exclusively uses crypto_strongest_rand_syscall(). */
- (void)out;
- (void)out_len;
- return -1;
-#else /* !(defined(_WIN32)) */
- static const char *filenames[] = {
- "/dev/srandom", "/dev/urandom", "/dev/random", NULL
- };
- int fd, i;
- size_t n;
-
- for (i = 0; filenames[i]; ++i) {
- log_debug(LD_FS, "Considering %s as entropy source", filenames[i]);
- fd = open(sandbox_intern_string(filenames[i]), O_RDONLY, 0);
- if (fd<0) continue;
- log_info(LD_CRYPTO, "Reading entropy from \"%s\"", filenames[i]);
- n = read_all(fd, (char*)out, out_len, 0);
- close(fd);
- if (n != out_len) {
- /* LCOV_EXCL_START
- * We can't make /dev/foorandom actually fail. */
- log_notice(LD_CRYPTO,
- "Error reading from entropy source %s (read only %lu bytes).",
- filenames[i],
- (unsigned long)n);
- return -1;
- /* LCOV_EXCL_STOP */
- }
-
- return 0;
- }
-
- return -1;
-#endif /* defined(_WIN32) */
-}
-
-/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
- * storing it into <b>out</b>. Return 0 on success, -1 on failure. A maximum
- * request size of 256 bytes is imposed.
- */
-STATIC int
-crypto_strongest_rand_raw(uint8_t *out, size_t out_len)
-{
- static const size_t sanity_min_size = 16;
- static const int max_attempts = 3;
- tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE);
-
- /* For buffers >= 16 bytes (128 bits), we sanity check the output by
- * zero filling the buffer and ensuring that it actually was at least
- * partially modified.
- *
- * Checking that any individual byte is non-zero seems like it would
- * fail too often (p = out_len * 1/256) for comfort, but this is an
- * "adjust according to taste" sort of check.
- */
- memwipe(out, 0, out_len);
- for (int i = 0; i < max_attempts; i++) {
- /* Try to use the syscall/OS favored mechanism to get strong entropy. */
- if (crypto_strongest_rand_syscall(out, out_len) != 0) {
- /* Try to use the less-favored mechanism to get strong entropy. */
- if (crypto_strongest_rand_fallback(out, out_len) != 0) {
- /* Welp, we tried. Hopefully the calling code terminates the process
- * since we're basically boned without good entropy.
- */
- log_warn(LD_CRYPTO,
- "Cannot get strong entropy: no entropy source found.");
- return -1;
- }
- }
-
- if ((out_len < sanity_min_size) || !tor_mem_is_zero((char*)out, out_len))
- return 0;
- }
-
- /* LCOV_EXCL_START
- *
- * We tried max_attempts times to fill a buffer >= 128 bits long,
- * and each time it returned all '0's. Either the system entropy
- * source is busted, or the user should go out and buy a ticket to
- * every lottery on the planet.
- */
- log_warn(LD_CRYPTO, "Strong OS entropy returned all zero buffer.");
-
- return -1;
- /* LCOV_EXCL_STOP */
-}
-
-/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
- * storing it into <b>out</b>.
- */
-void
-crypto_strongest_rand(uint8_t *out, size_t out_len)
-{
-#define DLEN SHA512_DIGEST_LENGTH
- /* We're going to hash DLEN bytes from the system RNG together with some
- * bytes from the openssl PRNG, in order to yield DLEN bytes.
- */
- uint8_t inp[DLEN*2];
- uint8_t tmp[DLEN];
- tor_assert(out);
- while (out_len) {
- crypto_rand((char*) inp, DLEN);
- if (crypto_strongest_rand_raw(inp+DLEN, DLEN) < 0) {
- // LCOV_EXCL_START
- log_err(LD_CRYPTO, "Failed to load strong entropy when generating an "
- "important key. Exiting.");
- /* Die with an assertion so we get a stack trace. */
- tor_assert(0);
- // LCOV_EXCL_STOP
- }
- if (out_len >= DLEN) {
- SHA512(inp, sizeof(inp), out);
- out += DLEN;
- out_len -= DLEN;
- } else {
- SHA512(inp, sizeof(inp), tmp);
- memcpy(out, tmp, out_len);
- break;
- }
- }
- memwipe(tmp, 0, sizeof(tmp));
- memwipe(inp, 0, sizeof(inp));
-#undef DLEN
-}
-
-/** Seed OpenSSL's random number generator with bytes from the operating
- * system. Return 0 on success, -1 on failure.
- */
-int
-crypto_seed_rng(void)
-{
- int rand_poll_ok = 0, load_entropy_ok = 0;
- uint8_t buf[ADD_ENTROPY];
-
- /* OpenSSL has a RAND_poll function that knows about more kinds of
- * entropy than we do. We'll try calling that, *and* calling our own entropy
- * functions. If one succeeds, we'll accept the RNG as seeded. */
- rand_poll_ok = RAND_poll();
- if (rand_poll_ok == 0)
- log_warn(LD_CRYPTO, "RAND_poll() failed."); // LCOV_EXCL_LINE
-
- load_entropy_ok = !crypto_strongest_rand_raw(buf, sizeof(buf));
- if (load_entropy_ok) {
- RAND_seed(buf, sizeof(buf));
- }
-
- memwipe(buf, 0, sizeof(buf));
-
- if ((rand_poll_ok || load_entropy_ok) && RAND_status() == 1)
- return 0;
- else
- return -1;
-}
-
-/** Write <b>n</b> bytes of strong random data to <b>to</b>. Supports mocking
- * for unit tests.
- *
- * This function is not allowed to fail; if it would fail to generate strong
- * entropy, it must terminate the process instead.
- */
-MOCK_IMPL(void,
-crypto_rand, (char *to, size_t n))
-{
- crypto_rand_unmocked(to, n);
-}
-
-/** Write <b>n</b> bytes of strong random data to <b>to</b>. Most callers
- * will want crypto_rand instead.
- *
- * This function is not allowed to fail; if it would fail to generate strong
- * entropy, it must terminate the process instead.
- */
-void
-crypto_rand_unmocked(char *to, size_t n)
-{
- int r;
- if (n == 0)
- return;
-
- tor_assert(n < INT_MAX);
- tor_assert(to);
- r = RAND_bytes((unsigned char*)to, (int)n);
- /* We consider a PRNG failure non-survivable. Let's assert so that we get a
- * stack trace about where it happened.
- */
- tor_assert(r >= 0);
-}
-
-/** Return a pseudorandom integer, chosen uniformly from the values
- * between 0 and <b>max</b>-1 inclusive. <b>max</b> must be between 1 and
- * INT_MAX+1, inclusive. */
-int
-crypto_rand_int(unsigned int max)
-{
- unsigned int val;
- unsigned int cutoff;
- tor_assert(max <= ((unsigned int)INT_MAX)+1);
- tor_assert(max > 0); /* don't div by 0 */
-
- /* We ignore any values that are >= 'cutoff,' to avoid biasing the
- * distribution with clipping at the upper end of unsigned int's
- * range.
- */
- cutoff = UINT_MAX - (UINT_MAX%max);
- while (1) {
- crypto_rand((char*)&val, sizeof(val));
- if (val < cutoff)
- return val % max;
- }
-}
-
-/** Return a pseudorandom integer, chosen uniformly from the values i such
- * that min <= i < max.
- *
- * <b>min</b> MUST be in range [0, <b>max</b>).
- * <b>max</b> MUST be in range (min, INT_MAX].
- */
-int
-crypto_rand_int_range(unsigned int min, unsigned int max)
-{
- tor_assert(min < max);
- tor_assert(max <= INT_MAX);
-
- /* The overflow is avoided here because crypto_rand_int() returns a value
- * between 0 and (max - min) inclusive. */
- return min + crypto_rand_int(max - min);
-}
-
-/** As crypto_rand_int_range, but supports uint64_t. */
-uint64_t
-crypto_rand_uint64_range(uint64_t min, uint64_t max)
-{
- tor_assert(min < max);
- return min + crypto_rand_uint64(max - min);
-}
-
-/** As crypto_rand_int_range, but supports time_t. */
-time_t
-crypto_rand_time_range(time_t min, time_t max)
-{
- tor_assert(min < max);
- return min + (time_t)crypto_rand_uint64(max - min);
-}
-
-/** Return a pseudorandom 64-bit integer, chosen uniformly from the values
- * between 0 and <b>max</b>-1 inclusive. */
-uint64_t
-crypto_rand_uint64(uint64_t max)
-{
- uint64_t val;
- uint64_t cutoff;
- tor_assert(max < UINT64_MAX);
- tor_assert(max > 0); /* don't div by 0 */
-
- /* We ignore any values that are >= 'cutoff,' to avoid biasing the
- * distribution with clipping at the upper end of unsigned int's
- * range.
- */
- cutoff = UINT64_MAX - (UINT64_MAX%max);
- while (1) {
- crypto_rand((char*)&val, sizeof(val));
- if (val < cutoff)
- return val % max;
- }
-}
-
-/** Return a pseudorandom double d, chosen uniformly from the range
- * 0.0 <= d < 1.0.
- */
-double
-crypto_rand_double(void)
-{
- /* We just use an unsigned int here; we don't really care about getting
- * more than 32 bits of resolution */
- unsigned int u;
- crypto_rand((char*)&u, sizeof(u));
-#if SIZEOF_INT == 4
-#define UINT_MAX_AS_DOUBLE 4294967296.0
-#elif SIZEOF_INT == 8
-#define UINT_MAX_AS_DOUBLE 1.8446744073709552e+19
-#else
-#error SIZEOF_INT is neither 4 nor 8
-#endif /* SIZEOF_INT == 4 || ... */
- return ((double)u) / UINT_MAX_AS_DOUBLE;
-}
-
-/** Generate and return a new random hostname starting with <b>prefix</b>,
- * ending with <b>suffix</b>, and containing no fewer than
- * <b>min_rand_len</b> and no more than <b>max_rand_len</b> random base32
- * characters. Does not check for failure.
- *
- * Clip <b>max_rand_len</b> to MAX_DNS_LABEL_SIZE.
- **/
-char *
-crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix,
- const char *suffix)
-{
- char *result, *rand_bytes;
- int randlen, rand_bytes_len;
- size_t resultlen, prefixlen;
-
- if (max_rand_len > MAX_DNS_LABEL_SIZE)
- max_rand_len = MAX_DNS_LABEL_SIZE;
- if (min_rand_len > max_rand_len)
- min_rand_len = max_rand_len;
-
- randlen = crypto_rand_int_range(min_rand_len, max_rand_len+1);
-
- prefixlen = strlen(prefix);
- resultlen = prefixlen + strlen(suffix) + randlen + 16;
-
- rand_bytes_len = ((randlen*5)+7)/8;
- if (rand_bytes_len % 5)
- rand_bytes_len += 5 - (rand_bytes_len%5);
- rand_bytes = tor_malloc(rand_bytes_len);
- crypto_rand(rand_bytes, rand_bytes_len);
-
- result = tor_malloc(resultlen);
- memcpy(result, prefix, prefixlen);
- base32_encode(result+prefixlen, resultlen-prefixlen,
- rand_bytes, rand_bytes_len);
- tor_free(rand_bytes);
- strlcpy(result+prefixlen+randlen, suffix, resultlen-(prefixlen+randlen));
-
- return result;
-}
-
-/** Return a randomly chosen element of <b>sl</b>; or NULL if <b>sl</b>
- * is empty. */
-void *
-smartlist_choose(const smartlist_t *sl)
-{
- int len = smartlist_len(sl);
- if (len)
- return smartlist_get(sl,crypto_rand_int(len));
- return NULL; /* no elements to choose from */
-}
-
-/** Scramble the elements of <b>sl</b> into a random order. */
-void
-smartlist_shuffle(smartlist_t *sl)
-{
- int i;
- /* From the end of the list to the front, choose at random from the
- positions we haven't looked at yet, and swap that position into the
- current position. Remember to give "no swap" the same probability as
- any other swap. */
- for (i = smartlist_len(sl)-1; i > 0; --i) {
- int j = crypto_rand_int(i+1);
- smartlist_swap(sl, i, j);
- }
-}
-
-/**
- * Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to
- * the value <b>byte</b>.
- * If <b>mem</b> is NULL or <b>sz</b> is zero, nothing happens.
- *
- * This function is preferable to memset, since many compilers will happily
- * optimize out memset() when they can convince themselves that the data being
- * cleared will never be read.
- *
- * Right now, our convention is to use this function when we are wiping data
- * that's about to become inaccessible, such as stack buffers that are about
- * to go out of scope or structures that are about to get freed. (In
- * practice, it appears that the compilers we're currently using will optimize
- * out the memset()s for stack-allocated buffers, but not those for
- * about-to-be-freed structures. That could change, though, so we're being
- * wary.) If there are live reads for the data, then you can just use
- * memset().
- */
-void
-memwipe(void *mem, uint8_t byte, size_t sz)
-{
- if (sz == 0) {
- return;
- }
- /* If sz is nonzero, then mem must not be NULL. */
- tor_assert(mem != NULL);
-
- /* Data this large is likely to be an underflow. */
- tor_assert(sz < SIZE_T_CEILING);
-
- /* Because whole-program-optimization exists, we may not be able to just
- * have this function call "memset". A smart compiler could inline it, then
- * eliminate dead memsets, and declare itself to be clever. */
-
-#if defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY)
- /* Here's what you do on windows. */
- SecureZeroMemory(mem,sz);
-#elif defined(HAVE_RTLSECUREZEROMEMORY)
- RtlSecureZeroMemory(mem,sz);
-#elif defined(HAVE_EXPLICIT_BZERO)
- /* The BSDs provide this. */
- explicit_bzero(mem, sz);
-#elif defined(HAVE_MEMSET_S)
- /* This is in the C99 standard. */
- memset_s(mem, sz, 0, sz);
-#else
- /* This is a slow and ugly function from OpenSSL that fills 'mem' with junk
- * based on the pointer value, then uses that junk to update a global
- * variable. It's an elaborate ruse to trick the compiler into not
- * optimizing out the "wipe this memory" code. Read it if you like zany
- * programming tricks! In later versions of Tor, we should look for better
- * not-optimized-out memory wiping stuff...
- *
- * ...or maybe not. In practice, there are pure-asm implementations of
- * OPENSSL_cleanse() on most platforms, which ought to do the job.
- **/
-
- OPENSSL_cleanse(mem, sz);
-#endif /* defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY) || ... */
-
- /* Just in case some caller of memwipe() is relying on getting a buffer
- * filled with a particular value, fill the buffer.
- *
- * If this function gets inlined, this memset might get eliminated, but
- * that's okay: We only care about this particular memset in the case where
- * the caller should have been using memset(), and the memset() wouldn't get
- * eliminated. In other words, this is here so that we won't break anything
- * if somebody accidentally calls memwipe() instead of memset().
- **/
- memset(mem, byte, sz);
-}
-
/** @{ */
/** Uninitialize the crypto library. Return 0 on success. Does not detect
* failure.
diff --git a/src/common/crypto.h b/src/common/crypto.h
index b58679032..61a2952d2 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -105,31 +105,6 @@ int crypto_expand_key_material_rfc5869_sha256(
const uint8_t *info_in, size_t info_in_len,
uint8_t *key_out, size_t key_out_len);
-/* random numbers */
-int crypto_seed_rng(void) ATTR_WUR;
-MOCK_DECL(void,crypto_rand,(char *to, size_t n));
-void crypto_rand_unmocked(char *to, size_t n);
-void crypto_strongest_rand(uint8_t *out, size_t out_len);
-int crypto_rand_int(unsigned int max);
-int crypto_rand_int_range(unsigned int min, unsigned int max);
-uint64_t crypto_rand_uint64_range(uint64_t min, uint64_t max);
-time_t crypto_rand_time_range(time_t min, time_t max);
-uint64_t crypto_rand_uint64(uint64_t max);
-double crypto_rand_double(void);
-struct tor_weak_rng_t;
-void crypto_seed_weak_rng(struct tor_weak_rng_t *rng);
-int crypto_init_siphash_key(void);
-
-char *crypto_random_hostname(int min_rand_len, int max_rand_len,
- const char *prefix, const char *suffix);
-
-struct smartlist_t;
-void *smartlist_choose(const struct smartlist_t *sl);
-void smartlist_shuffle(struct smartlist_t *sl);
-
-/** OpenSSL-based utility functions. */
-void memwipe(void *mem, uint8_t byte, size_t sz);
-
/* Prototypes for private functions only used by tortls.c, crypto.c, and the
* unit tests. */
struct dh_st;
@@ -137,16 +112,5 @@ struct dh_st *crypto_dh_get_dh_(crypto_dh_t *dh);
void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in);
-#ifdef CRYPTO_PRIVATE
-
-STATIC int crypto_force_rand_ssleay(void);
-STATIC int crypto_strongest_rand_raw(uint8_t *out, size_t out_len);
-
-#ifdef TOR_UNIT_TESTS
-extern int break_strongest_rng_syscall;
-extern int break_strongest_rng_fallback;
-#endif
-#endif /* defined(CRYPTO_PRIVATE) */
-
#endif /* !defined(TOR_CRYPTO_H) */
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index ccf12d00f..0719c2f85 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -25,6 +25,8 @@
#include "crypto_curve25519.h"
#include "crypto_format.h"
#include "crypto_digest.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "util.h"
#include "torlog.h"
diff --git a/src/common/crypto_digest.c b/src/common/crypto_digest.c
index cdcc1828c..f7163de13 100644
--- a/src/common/crypto_digest.c
+++ b/src/common/crypto_digest.c
@@ -10,10 +10,13 @@
* operations.
**/
+#include "container.h"
#include "crypto_digest.h"
-
-#include "crypto.h" /* common functions */
#include "crypto_openssl_mgt.h"
+#include "crypto_util.h"
+#include "torlog.h"
+
+#include "keccak-tiny/keccak-tiny.h"
DISABLE_GCC_WARNING(redundant-decls)
@@ -22,8 +25,6 @@ DISABLE_GCC_WARNING(redundant-decls)
ENABLE_GCC_WARNING(redundant-decls)
-#include "container.h"
-
/* Crypto digest functions */
/** Compute the SHA1 digest of the <b>len</b> bytes on data stored in
diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
index f1cc0cb18..baddb77dd 100644
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -27,6 +27,8 @@
#include "crypto_curve25519.h"
#include "crypto_ed25519.h"
#include "crypto_format.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "torlog.h"
#include "util.h"
#include "util_format.h"
diff --git a/src/common/crypto_format.c b/src/common/crypto_format.c
index 3f6fb9f54..c0cade2f5 100644
--- a/src/common/crypto_format.c
+++ b/src/common/crypto_format.c
@@ -20,6 +20,7 @@
#include "crypto_ed25519.h"
#include "crypto_format.h"
#include "crypto_digest.h"
+#include "crypto_util.h"
#include "util.h"
#include "util_format.h"
#include "torlog.h"
diff --git a/src/common/crypto_pwbox.c b/src/common/crypto_pwbox.c
index 604fc68e9..e49ca226e 100644
--- a/src/common/crypto_pwbox.c
+++ b/src/common/crypto_pwbox.c
@@ -12,6 +12,8 @@
#include "crypto_s2k.h"
#include "crypto_pwbox.h"
#include "crypto_digest.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "di_ops.h"
#include "util.h"
#include "pwbox.h"
diff --git a/src/common/crypto_rand.c b/src/common/crypto_rand.c
new file mode 100644
index 000000000..66506235a
--- /dev/null
+++ b/src/common/crypto_rand.c
@@ -0,0 +1,609 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file crypto_rand.c
+ *
+ * \brief Functions for initialising and seeding (pseudo-)random
+ * number generators, and working with randomness.
+ **/
+
+#ifndef CRYPTO_RAND_PRIVATE
+#define CRYPTO_RAND_PRIVATE
+
+#ifdef _WIN32
+#include <windows.h>
+#include <wincrypt.h>
+#endif /* defined(_WIN32) */
+
+#include "crypto_rand.h"
+
+#include "container.h"
+#include "compat.h"
+#include "compat_openssl.h"
+#include "crypto_util.h"
+#include "sandbox.h"
+#include "testsupport.h"
+#include "torlog.h"
+#include "util.h"
+#include "util_format.h"
+
+DISABLE_GCC_WARNING(redundant-decls)
+#include <openssl/rand.h>
+ENABLE_GCC_WARNING(redundant-decls)
+
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic pop
+#else
+#pragma GCC diagnostic warning "-Wredundant-decls"
+#endif
+#endif /* __GNUC__ && GCC_VERSION >= 402 */
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+/**
+ * How many bytes of entropy we add at once.
+ *
+ * This is how much entropy OpenSSL likes to add right now, so maybe it will
+ * work for us too.
+ **/
+#define ADD_ENTROPY 32
+
+/**
+ * Longest recognized DNS query.
+ **/
+#define MAX_DNS_LABEL_SIZE 63
+
+/**
+ * Largest strong entropy request permitted.
+ **/
+#define MAX_STRONGEST_RAND_SIZE 256
+
+/**
+ * Set the seed of the weak RNG to a random value.
+ **/
+void
+crypto_seed_weak_rng(tor_weak_rng_t *rng)
+{
+ unsigned seed;
+ crypto_rand((void*)&seed, sizeof(seed));
+ tor_init_weak_random(rng, seed);
+}
+
+#ifdef TOR_UNIT_TESTS
+int break_strongest_rng_syscall = 0;
+int break_strongest_rng_fallback = 0;
+#endif
+
+/**
+ * Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
+ * via system calls, storing it into <b>out</b>. Return 0 on success, -1 on
+ * failure. A maximum request size of 256 bytes is imposed.
+ **/
+static int
+crypto_strongest_rand_syscall(uint8_t *out, size_t out_len)
+{
+ tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE);
+
+ /* We only log at notice-level here because in the case that this function
+ * fails the crypto_strongest_rand_raw() caller will log with a warning-level
+ * message and let crypto_strongest_rand() error out and finally terminating
+ * Tor with an assertion error.
+ */
+
+#ifdef TOR_UNIT_TESTS
+ if (break_strongest_rng_syscall)
+ return -1;
+#endif
+
+#if defined(_WIN32)
+ static int provider_set = 0;
+ static HCRYPTPROV provider;
+
+ if (!provider_set) {
+ if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT)) {
+ log_notice(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1].");
+ return -1;
+ }
+ provider_set = 1;
+ }
+ if (!CryptGenRandom(provider, out_len, out)) {
+ log_notice(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI.");
+ return -1;
+ }
+
+ return 0;
+#elif defined(__linux__) && defined(SYS_getrandom)
+ static int getrandom_works = 1; /* Be optimistic about our chances... */
+
+ /* getrandom() isn't as straightforward as getentropy(), and has
+ * no glibc wrapper.
+ *
+ * As far as I can tell from getrandom(2) and the source code, the
+ * requests we issue will always succeed (though it will block on the
+ * call if /dev/urandom isn't seeded yet), since we are NOT specifying
+ * GRND_NONBLOCK and the request is <= 256 bytes.
+ *
+ * The manpage is unclear on what happens if a signal interrupts the call
+ * while the request is blocked due to lack of entropy....
+ *
+ * We optimistically assume that getrandom() is available and functional
+ * because it is the way of the future, and 2 branch mispredicts pale in
+ * comparison to the overheads involved with failing to open
+ * /dev/srandom followed by opening and reading from /dev/urandom.
+ */
+ if (PREDICT_LIKELY(getrandom_works)) {
+ long ret;
+ /* A flag of '0' here means to read from '/dev/urandom', and to
+ * block if insufficient entropy is available to service the
+ * request.
+ */
+ const unsigned int flags = 0;
+ do {
+ ret = syscall(SYS_getrandom, out, out_len, flags);
+ } while (ret == -1 && ((errno == EINTR) ||(errno == EAGAIN)));
+
+ if (PREDICT_UNLIKELY(ret == -1)) {
+ /* LCOV_EXCL_START we can't actually make the syscall fail in testing. */
+ tor_assert(errno != EAGAIN);
+ tor_assert(errno != EINTR);
+
+ /* Useful log message for errno. */
+ if (errno == ENOSYS) {
+ log_notice(LD_CRYPTO, "Can't get entropy from getrandom()."
+ " You are running a version of Tor built to support"
+ " getrandom(), but the kernel doesn't implement this"
+ " function--probably because it is too old?"
+ " Trying fallback method instead.");
+ } else {
+ log_notice(LD_CRYPTO, "Can't get entropy from getrandom(): %s."
+ " Trying fallback method instead.",
+ strerror(errno));
+ }
+
+ getrandom_works = 0; /* Don't bother trying again. */
+ return -1;
+ /* LCOV_EXCL_STOP */
+ }
+
+ tor_assert(ret == (long)out_len);
+ return 0;
+ }
+
+ return -1; /* getrandom() previously failed unexpectedly. */
+#elif defined(HAVE_GETENTROPY)
+ /* getentropy() is what Linux's getrandom() wants to be when it grows up.
+ * the only gotcha is that requests are limited to 256 bytes.
+ */
+ return getentropy(out, out_len);
+#else
+ (void) out;
+#endif /* defined(_WIN32) || ... */
+
+ /* This platform doesn't have a supported syscall based random. */
+ return -1;
+}
+
+/**
+ * Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
+ * via the per-platform fallback mechanism, storing it into <b>out</b>.
+ * Return 0 on success, -1 on failure. A maximum request size of 256 bytes
+ * is imposed.
+ **/
+static int
+crypto_strongest_rand_fallback(uint8_t *out, size_t out_len)
+{
+#ifdef TOR_UNIT_TESTS
+ if (break_strongest_rng_fallback)
+ return -1;
+#endif
+
+#ifdef _WIN32
+ /* Windows exclusively uses crypto_strongest_rand_syscall(). */
+ (void)out;
+ (void)out_len;
+ return -1;
+#else /* !(defined(_WIN32)) */
+ static const char *filenames[] = {
+ "/dev/srandom", "/dev/urandom", "/dev/random", NULL
+ };
+ int fd, i;
+ size_t n;
+
+ for (i = 0; filenames[i]; ++i) {
+ log_debug(LD_FS, "Considering %s as entropy source", filenames[i]);
+ fd = open(sandbox_intern_string(filenames[i]), O_RDONLY, 0);
+ if (fd<0) continue;
+ log_info(LD_CRYPTO, "Reading entropy from \"%s\"", filenames[i]);
+ n = read_all(fd, (char*)out, out_len, 0);
+ close(fd);
+ if (n != out_len) {
+ /* LCOV_EXCL_START
+ * We can't make /dev/foorandom actually fail. */
+ log_notice(LD_CRYPTO,
+ "Error reading from entropy source %s (read only %lu bytes).",
+ filenames[i],
+ (unsigned long)n);
+ return -1;
+ /* LCOV_EXCL_STOP */
+ }
+
+ return 0;
+ }
+
+ return -1;
+#endif /* defined(_WIN32) */
+}
+
+/**
+ * Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
+ * storing it into <b>out</b>. Return 0 on success, -1 on failure. A maximum
+ * request size of 256 bytes is imposed.
+ **/
+STATIC int
+crypto_strongest_rand_raw(uint8_t *out, size_t out_len)
+{
+ static const size_t sanity_min_size = 16;
+ static const int max_attempts = 3;
+ tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE);
+
+ /* For buffers >= 16 bytes (128 bits), we sanity check the output by
+ * zero filling the buffer and ensuring that it actually was at least
+ * partially modified.
+ *
+ * Checking that any individual byte is non-zero seems like it would
+ * fail too often (p = out_len * 1/256) for comfort, but this is an
+ * "adjust according to taste" sort of check.
+ */
+ memwipe(out, 0, out_len);
+ for (int i = 0; i < max_attempts; i++) {
+ /* Try to use the syscall/OS favored mechanism to get strong entropy. */
+ if (crypto_strongest_rand_syscall(out, out_len) != 0) {
+ /* Try to use the less-favored mechanism to get strong entropy. */
+ if (crypto_strongest_rand_fallback(out, out_len) != 0) {
+ /* Welp, we tried. Hopefully the calling code terminates the process
+ * since we're basically boned without good entropy.
+ */
+ log_warn(LD_CRYPTO,
+ "Cannot get strong entropy: no entropy source found.");
+ return -1;
+ }
+ }
+
+ if ((out_len < sanity_min_size) || !tor_mem_is_zero((char*)out, out_len))
+ return 0;
+ }
+
+ /* LCOV_EXCL_START
+ *
+ * We tried max_attempts times to fill a buffer >= 128 bits long,
+ * and each time it returned all '0's. Either the system entropy
+ * source is busted, or the user should go out and buy a ticket to
+ * every lottery on the planet.
+ */
+ log_warn(LD_CRYPTO, "Strong OS entropy returned all zero buffer.");
+
+ return -1;
+ /* LCOV_EXCL_STOP */
+}
+
+/**
+ * Try to get <b>out_len</b> bytes of the strongest entropy we can generate,
+ * storing it into <b>out</b>.
+ **/
+void
+crypto_strongest_rand(uint8_t *out, size_t out_len)
+{
+#define DLEN SHA512_DIGEST_LENGTH
+ /* We're going to hash DLEN bytes from the system RNG together with some
+ * bytes from the openssl PRNG, in order to yield DLEN bytes.
+ */
+ uint8_t inp[DLEN*2];
+ uint8_t tmp[DLEN];
+ tor_assert(out);
+ while (out_len) {
+ crypto_rand((char*) inp, DLEN);
+ if (crypto_strongest_rand_raw(inp+DLEN, DLEN) < 0) {
+ // LCOV_EXCL_START
+ log_err(LD_CRYPTO, "Failed to load strong entropy when generating an "
+ "important key. Exiting.");
+ /* Die with an assertion so we get a stack trace. */
+ tor_assert(0);
+ // LCOV_EXCL_STOP
+ }
+ if (out_len >= DLEN) {
+ SHA512(inp, sizeof(inp), out);
+ out += DLEN;
+ out_len -= DLEN;
+ } else {
+ SHA512(inp, sizeof(inp), tmp);
+ memcpy(out, tmp, out_len);
+ break;
+ }
+ }
+ memwipe(tmp, 0, sizeof(tmp));
+ memwipe(inp, 0, sizeof(inp));
+#undef DLEN
+}
+
+/**
+ * Seed OpenSSL's random number generator with bytes from the operating
+ * system. Return 0 on success, -1 on failure.
+ **/
+int
+crypto_seed_rng(void)
+{
+ int rand_poll_ok = 0, load_entropy_ok = 0;
+ uint8_t buf[ADD_ENTROPY];
+
+ /* OpenSSL has a RAND_poll function that knows about more kinds of
+ * entropy than we do. We'll try calling that, *and* calling our own entropy
+ * functions. If one succeeds, we'll accept the RNG as seeded. */
+ rand_poll_ok = RAND_poll();
+ if (rand_poll_ok == 0)
+ log_warn(LD_CRYPTO, "RAND_poll() failed."); // LCOV_EXCL_LINE
+
+ load_entropy_ok = !crypto_strongest_rand_raw(buf, sizeof(buf));
+ if (load_entropy_ok) {
+ RAND_seed(buf, sizeof(buf));
+ }
+
+ memwipe(buf, 0, sizeof(buf));
+
+ if ((rand_poll_ok || load_entropy_ok) && RAND_status() == 1)
+ return 0;
+ else
+ return -1;
+}
+
+/**
+ * Write <b>n</b> bytes of strong random data to <b>to</b>. Supports mocking
+ * for unit tests.
+ *
+ * This function is not allowed to fail; if it would fail to generate strong
+ * entropy, it must terminate the process instead.
+ **/
+MOCK_IMPL(void,
+crypto_rand, (char *to, size_t n))
+{
+ crypto_rand_unmocked(to, n);
+}
+
+/**
+ * Write <b>n</b> bytes of strong random data to <b>to</b>. Most callers
+ * will want crypto_rand instead.
+ *
+ * This function is not allowed to fail; if it would fail to generate strong
+ * entropy, it must terminate the process instead.
+ **/
+void
+crypto_rand_unmocked(char *to, size_t n)
+{
+ int r;
+ if (n == 0)
+ return;
+
+ tor_assert(n < INT_MAX);
+ tor_assert(to);
+ r = RAND_bytes((unsigned char*)to, (int)n);
+ /* We consider a PRNG failure non-survivable. Let's assert so that we get a
+ * stack trace about where it happened.
+ */
+ tor_assert(r >= 0);
+}
+
+/**
+ * Return a pseudorandom integer, chosen uniformly from the values
+ * between 0 and <b>max</b>-1 inclusive. <b>max</b> must be between 1 and
+ * INT_MAX+1, inclusive.
+ */
+int
+crypto_rand_int(unsigned int max)
+{
+ unsigned int val;
+ unsigned int cutoff;
+ tor_assert(max <= ((unsigned int)INT_MAX)+1);
+ tor_assert(max > 0); /* don't div by 0 */
+
+ /* We ignore any values that are >= 'cutoff,' to avoid biasing the
+ * distribution with clipping at the upper end of unsigned int's
+ * range.
+ */
+ cutoff = UINT_MAX - (UINT_MAX%max);
+ while (1) {
+ crypto_rand((char*)&val, sizeof(val));
+ if (val < cutoff)
+ return val % max;
+ }
+}
+
+/**
+ * Return a pseudorandom integer, chosen uniformly from the values i such
+ * that min <= i < max.
+ *
+ * <b>min</b> MUST be in range [0, <b>max</b>).
+ * <b>max</b> MUST be in range (min, INT_MAX].
+ **/
+int
+crypto_rand_int_range(unsigned int min, unsigned int max)
+{
+ tor_assert(min < max);
+ tor_assert(max <= INT_MAX);
+
+ /* The overflow is avoided here because crypto_rand_int() returns a value
+ * between 0 and (max - min) inclusive. */
+ return min + crypto_rand_int(max - min);
+}
+
+/**
+ * As crypto_rand_int_range, but supports uint64_t.
+ **/
+uint64_t
+crypto_rand_uint64_range(uint64_t min, uint64_t max)
+{
+ tor_assert(min < max);
+ return min + crypto_rand_uint64(max - min);
+}
+
+/**
+ * As crypto_rand_int_range, but supports time_t.
+ **/
+time_t
+crypto_rand_time_range(time_t min, time_t max)
+{
+ tor_assert(min < max);
+ return min + (time_t)crypto_rand_uint64(max - min);
+}
+
+/**
+ * Return a pseudorandom 64-bit integer, chosen uniformly from the values
+ * between 0 and <b>max</b>-1 inclusive.
+ **/
+uint64_t
+crypto_rand_uint64(uint64_t max)
+{
+ uint64_t val;
+ uint64_t cutoff;
+ tor_assert(max < UINT64_MAX);
+ tor_assert(max > 0); /* don't div by 0 */
+
+ /* We ignore any values that are >= 'cutoff,' to avoid biasing the
+ * distribution with clipping at the upper end of unsigned int's
+ * range.
+ */
+ cutoff = UINT64_MAX - (UINT64_MAX%max);
+ while (1) {
+ crypto_rand((char*)&val, sizeof(val));
+ if (val < cutoff)
+ return val % max;
+ }
+}
+
+/**
+ * Return a pseudorandom double d, chosen uniformly from the range
+ * 0.0 <= d < 1.0.
+ **/
+double
+crypto_rand_double(void)
+{
+ /* We just use an unsigned int here; we don't really care about getting
+ * more than 32 bits of resolution */
+ unsigned int u;
+ crypto_rand((char*)&u, sizeof(u));
+#if SIZEOF_INT == 4
+#define UINT_MAX_AS_DOUBLE 4294967296.0
+#elif SIZEOF_INT == 8
+#define UINT_MAX_AS_DOUBLE 1.8446744073709552e+19
+#else
+#error SIZEOF_INT is neither 4 nor 8
+#endif /* SIZEOF_INT == 4 || ... */
+ return ((double)u) / UINT_MAX_AS_DOUBLE;
+}
+
+/**
+ * Generate and return a new random hostname starting with <b>prefix</b>,
+ * ending with <b>suffix</b>, and containing no fewer than
+ * <b>min_rand_len</b> and no more than <b>max_rand_len</b> random base32
+ * characters. Does not check for failure.
+ *
+ * Clip <b>max_rand_len</b> to MAX_DNS_LABEL_SIZE.
+ **/
+char *
+crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix,
+ const char *suffix)
+{
+ char *result, *rand_bytes;
+ int randlen, rand_bytes_len;
+ size_t resultlen, prefixlen;
+
+ if (max_rand_len > MAX_DNS_LABEL_SIZE)
+ max_rand_len = MAX_DNS_LABEL_SIZE;
+ if (min_rand_len > max_rand_len)
+ min_rand_len = max_rand_len;
+
+ randlen = crypto_rand_int_range(min_rand_len, max_rand_len+1);
+
+ prefixlen = strlen(prefix);
+ resultlen = prefixlen + strlen(suffix) + randlen + 16;
+
+ rand_bytes_len = ((randlen*5)+7)/8;
+ if (rand_bytes_len % 5)
+ rand_bytes_len += 5 - (rand_bytes_len%5);
+ rand_bytes = tor_malloc(rand_bytes_len);
+ crypto_rand(rand_bytes, rand_bytes_len);
+
+ result = tor_malloc(resultlen);
+ memcpy(result, prefix, prefixlen);
+ base32_encode(result+prefixlen, resultlen-prefixlen,
+ rand_bytes, rand_bytes_len);
+ tor_free(rand_bytes);
+ strlcpy(result+prefixlen+randlen, suffix, resultlen-(prefixlen+randlen));
+
+ return result;
+}
+
+/**
+ * Return a randomly chosen element of <b>sl</b>; or NULL if <b>sl</b>
+ * is empty.
+ **/
+void *
+smartlist_choose(const smartlist_t *sl)
+{
+ int len = smartlist_len(sl);
+ if (len)
+ return smartlist_get(sl,crypto_rand_int(len));
+ return NULL; /* no elements to choose from */
+}
+
+/**
+ * Scramble the elements of <b>sl</b> into a random order.
+ **/
+void
+smartlist_shuffle(smartlist_t *sl)
+{
+ int i;
+ /* From the end of the list to the front, choose at random from the
+ positions we haven't looked at yet, and swap that position into the
+ current position. Remember to give "no swap" the same probability as
+ any other swap. */
+ for (i = smartlist_len(sl)-1; i > 0; --i) {
+ int j = crypto_rand_int(i+1);
+ smartlist_swap(sl, i, j);
+ }
+}
+
+/** Make sure that openssl is using its default PRNG. Return 1 if we had to
+ * adjust it; 0 otherwise. */
+int
+crypto_force_rand_ssleay(void)
+{
+ RAND_METHOD *default_method;
+ default_method = RAND_OpenSSL();
+ if (RAND_get_rand_method() != default_method) {
+ log_notice(LD_CRYPTO, "It appears that one of our engines has provided "
+ "a replacement the OpenSSL RNG. Resetting it to the default "
+ "implementation.");
+ RAND_set_rand_method(default_method);
+ return 1;
+ }
+ return 0;
+}
+
+#endif /* !defined(CRYPTO_RAND_PRIVATE) */
+
diff --git a/src/common/crypto_rand.h b/src/common/crypto_rand.h
new file mode 100644
index 000000000..c78195633
--- /dev/null
+++ b/src/common/crypto_rand.h
@@ -0,0 +1,53 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file crypto_rand.h
+ *
+ * \brief Common functions for using (psuedo-)random number generators.
+ **/
+
+#ifndef TOR_CRYPTO_RAND_H
+#define TOR_CRYPTO_RAND_H
+
+#include "torint.h"
+#include "util.h"
+
+/* random numbers */
+int crypto_seed_rng(void) ATTR_WUR;
+MOCK_DECL(void,crypto_rand,(char *to, size_t n));
+void crypto_rand_unmocked(char *to, size_t n);
+void crypto_strongest_rand(uint8_t *out, size_t out_len);
+int crypto_rand_int(unsigned int max);
+int crypto_rand_int_range(unsigned int min, unsigned int max);
+uint64_t crypto_rand_uint64_range(uint64_t min, uint64_t max);
+time_t crypto_rand_time_range(time_t min, time_t max);
+uint64_t crypto_rand_uint64(uint64_t max);
+double crypto_rand_double(void);
+struct tor_weak_rng_t;
+void crypto_seed_weak_rng(struct tor_weak_rng_t *rng);
+int crypto_init_siphash_key(void);
+
+char *crypto_random_hostname(int min_rand_len, int max_rand_len,
+ const char *prefix, const char *suffix);
+
+struct smartlist_t;
+void *smartlist_choose(const struct smartlist_t *sl);
+void smartlist_shuffle(struct smartlist_t *sl);
+int crypto_force_rand_ssleay(void);
+
+#ifdef CRYPTO_RAND_PRIVATE
+
+STATIC int crypto_strongest_rand_raw(uint8_t *out, size_t out_len);
+
+#ifdef TOR_UNIT_TESTS
+extern int break_strongest_rng_syscall;
+extern int break_strongest_rng_fallback;
+#endif
+#endif /* defined(CRYPTO_RAND_PRIVATE) */
+
+#endif /* !defined(TOR_CRYPTO_RAND_H) */
+
diff --git a/src/common/crypto_rsa.c b/src/common/crypto_rsa.c
index 986ccb0ee..0e006b0eb 100644
--- a/src/common/crypto_rsa.c
+++ b/src/common/crypto_rsa.c
@@ -15,6 +15,8 @@
#include "crypto_curve25519.h"
#include "crypto_format.h"
#include "crypto_digest.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
DISABLE_GCC_WARNING(redundant-decls)
diff --git a/src/common/crypto_s2k.c b/src/common/crypto_s2k.c
index 316445e40..7d7f475b6 100644
--- a/src/common/crypto_s2k.c
+++ b/src/common/crypto_s2k.c
@@ -17,6 +17,8 @@
#include "compat.h"
#include "crypto_s2k.h"
#include "crypto_digest.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include <openssl/evp.h>
diff --git a/src/common/crypto_util.c b/src/common/crypto_util.c
new file mode 100644
index 000000000..c09afe6ee
--- /dev/null
+++ b/src/common/crypto_util.c
@@ -0,0 +1,105 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file crypto_util.c
+ *
+ * \brief Common cryptographic utilities.
+ **/
+
+#ifndef CRYPTO_UTIL_PRIVATE
+#define CRYPTO_UTIL_PRIVATE
+
+#include <string.h>
+
+#ifdef _WIN32
+#include <windows.h>
+#include <wincrypt.h>
+#endif /* defined(_WIN32) */
+
+#include "crypto_util.h"
+#include "util.h"
+
+DISABLE_GCC_WARNING(redundant-decls)
+
+#include <openssl/crypto.h>
+
+ENABLE_GCC_WARNING(redundant-decls)
+
+/**
+ * Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to
+ * the value <b>byte</b>.
+ * If <b>mem</b> is NULL or <b>sz</b> is zero, nothing happens.
+ *
+ * This function is preferable to memset, since many compilers will happily
+ * optimize out memset() when they can convince themselves that the data being
+ * cleared will never be read.
+ *
+ * Right now, our convention is to use this function when we are wiping data
+ * that's about to become inaccessible, such as stack buffers that are about
+ * to go out of scope or structures that are about to get freed. (In
+ * practice, it appears that the compilers we're currently using will optimize
+ * out the memset()s for stack-allocated buffers, but not those for
+ * about-to-be-freed structures. That could change, though, so we're being
+ * wary.) If there are live reads for the data, then you can just use
+ * memset().
+ */
+void
+memwipe(void *mem, uint8_t byte, size_t sz)
+{
+ if (sz == 0) {
+ return;
+ }
+ /* If sz is nonzero, then mem must not be NULL. */
+ tor_assert(mem != NULL);
+
+ /* Data this large is likely to be an underflow. */
+ tor_assert(sz < SIZE_T_CEILING);
+
+ /* Because whole-program-optimization exists, we may not be able to just
+ * have this function call "memset". A smart compiler could inline it, then
+ * eliminate dead memsets, and declare itself to be clever. */
+
+#if defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY)
+ /* Here's what you do on windows. */
+ SecureZeroMemory(mem,sz);
+#elif defined(HAVE_RTLSECUREZEROMEMORY)
+ RtlSecureZeroMemory(mem,sz);
+#elif defined(HAVE_EXPLICIT_BZERO)
+ /* The BSDs provide this. */
+ explicit_bzero(mem, sz);
+#elif defined(HAVE_MEMSET_S)
+ /* This is in the C99 standard. */
+ memset_s(mem, sz, 0, sz);
+#else
+ /* This is a slow and ugly function from OpenSSL that fills 'mem' with junk
+ * based on the pointer value, then uses that junk to update a global
+ * variable. It's an elaborate ruse to trick the compiler into not
+ * optimizing out the "wipe this memory" code. Read it if you like zany
+ * programming tricks! In later versions of Tor, we should look for better
+ * not-optimized-out memory wiping stuff...
+ *
+ * ...or maybe not. In practice, there are pure-asm implementations of
+ * OPENSSL_cleanse() on most platforms, which ought to do the job.
+ **/
+
+ OPENSSL_cleanse(mem, sz);
+#endif /* defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY) || ... */
+
+ /* Just in case some caller of memwipe() is relying on getting a buffer
+ * filled with a particular value, fill the buffer.
+ *
+ * If this function gets inlined, this memset might get eliminated, but
+ * that's okay: We only care about this particular memset in the case where
+ * the caller should have been using memset(), and the memset() wouldn't get
+ * eliminated. In other words, this is here so that we won't break anything
+ * if somebody accidentally calls memwipe() instead of memset().
+ **/
+ memset(mem, byte, sz);
+}
+
+#endif /* !defined(CRYPTO_UTIL_PRIVATE) */
+
diff --git a/src/common/crypto_util.h b/src/common/crypto_util.h
new file mode 100644
index 000000000..922942b37
--- /dev/null
+++ b/src/common/crypto_util.h
@@ -0,0 +1,27 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file crypto_util.h
+ *
+ * \brief Common functions for cryptographic routines.
+ **/
+
+#ifndef TOR_CRYPTO_UTIL_H
+#define TOR_CRYPTO_UTIL_H
+
+#include "torint.h"
+
+/** OpenSSL-based utility functions. */
+void memwipe(void *mem, uint8_t byte, size_t sz);
+
+#ifdef CRYPTO_UTIL_PRIVATE
+#ifdef TOR_UNIT_TESTS
+#endif /* defined(TOR_UNIT_TESTS) */
+#endif /* defined(CRYPTO_UTIL_PRIVATE) */
+
+#endif /* !defined(TOR_CRYPTO_UTIL_H) */
+
diff --git a/src/common/include.am b/src/common/include.am
index 73c51ff0b..f0cbd0e1d 100644
--- a/src/common/include.am
+++ b/src/common/include.am
@@ -118,8 +118,10 @@ LIBOR_CRYPTO_A_SRC = \
src/common/crypto_rsa.c \
src/common/crypto_openssl_mgt.c \
src/common/crypto_pwbox.c \
+ src/common/crypto_rand.c \
src/common/crypto_s2k.c \
src/common/crypto_format.c \
+ src/common/crypto_util.c \
src/common/tortls.c \
src/common/crypto_curve25519.c \
src/common/crypto_ed25519.c
@@ -173,7 +175,9 @@ COMMONHEADERS = \
src/common/crypto_openssl_mgt.h \
src/common/crypto_rsa.h \
src/common/crypto_pwbox.h \
+ src/common/crypto_rand.h \
src/common/crypto_s2k.h \
+ src/common/crypto_util.h \
src/common/di_ops.h \
src/common/handles.h \
src/common/memarea.h \
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 05e29e22f..e58afd9a9 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -26,6 +26,8 @@
#endif
#include "crypto.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "compat.h"
/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
diff --git a/src/common/workqueue.c b/src/common/workqueue.c
index ec96959b7..de0079b75 100644
--- a/src/common/workqueue.c
+++ b/src/common/workqueue.c
@@ -25,7 +25,7 @@
#include "orconfig.h"
#include "compat.h"
#include "compat_threads.h"
-#include "crypto.h"
+#include "crypto_rand.h"
#include "util.h"
#include "workqueue.h"
#include "tor_queue.h"
diff --git a/src/ext/ed25519/donna/ed25519-randombytes-custom.h b/src/ext/ed25519/donna/ed25519-randombytes-custom.h
index 3fb0959fc..27eade4f9 100644
--- a/src/ext/ed25519/donna/ed25519-randombytes-custom.h
+++ b/src/ext/ed25519/donna/ed25519-randombytes-custom.h
@@ -8,7 +8,7 @@
*/
/* Tor: Instead of calling OpenSSL's CSPRNG directly, call the wrapper. */
-#include "crypto.h"
+#include "crypto_rand.h"
static void
ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len)
diff --git a/src/ext/ed25519/donna/ed25519_tor.c b/src/ext/ed25519/donna/ed25519_tor.c
index 84fc3850a..43de9faae 100644
--- a/src/ext/ed25519/donna/ed25519_tor.c
+++ b/src/ext/ed25519/donna/ed25519_tor.c
@@ -40,6 +40,8 @@
#include "ed25519-randombytes.h"
#include "ed25519-hash.h"
+#include "crypto_util.h"
+
typedef unsigned char ed25519_signature[64];
typedef unsigned char ed25519_public_key[32];
typedef unsigned char ed25519_secret_key[32];
diff --git a/src/ext/ed25519/ref10/blinding.c b/src/ext/ed25519/ref10/blinding.c
index a3b32fa80..88e84cac2 100644
--- a/src/ext/ed25519/ref10/blinding.c
+++ b/src/ext/ed25519/ref10/blinding.c
@@ -7,7 +7,7 @@
#include "ed25519_ref10.h"
#include <string.h>
-#include "crypto.h"
+#include "crypto_util.h"
static void
ed25519_ref10_gettweak(unsigned char *out, const unsigned char *param)
diff --git a/src/ext/ed25519/ref10/keypair.c b/src/ext/ed25519/ref10/keypair.c
index 68a88f9ad..c437f0a4f 100644
--- a/src/ext/ed25519/ref10/keypair.c
+++ b/src/ext/ed25519/ref10/keypair.c
@@ -6,6 +6,9 @@
#include "crypto_hash_sha512.h"
#include "ge.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
+
int
crypto_sign_seckey(unsigned char *sk)
{
diff --git a/src/ext/keccak-tiny/keccak-tiny-unrolled.c b/src/ext/keccak-tiny/keccak-tiny-unrolled.c
index d8d7fe335..07e8c95bc 100644
--- a/src/ext/keccak-tiny/keccak-tiny-unrolled.c
+++ b/src/ext/keccak-tiny/keccak-tiny-unrolled.c
@@ -9,7 +9,7 @@
#include "keccak-tiny.h"
#include <string.h>
-#include "crypto.h"
+#include "crypto_util.h"
#include "byteorder.h"
/******** Endianness conversion helpers ********/
diff --git a/src/or/addressmap.c b/src/or/addressmap.c
index 96ce27557..f691ef9aa 100644
--- a/src/or/addressmap.c
+++ b/src/or/addressmap.c
@@ -21,6 +21,7 @@
#include "config.h"
#include "connection_edge.h"
#include "control.h"
+#include "crypto_rand.h"
#include "dns.h"
#include "routerset.h"
#include "nodelist.h"
diff --git a/src/or/channelpadding.c b/src/or/channelpadding.c
index 5da3009e6..0c20d6dd3 100644
--- a/src/or/channelpadding.c
+++ b/src/or/channelpadding.c
@@ -16,6 +16,7 @@
#include "networkstatus.h"
#include "connection.h"
#include "connection_or.h"
+#include "crypto_rand.h"
#include "main.h"
#include "rephist.h"
#include "router.h"
diff --git a/src/or/circpathbias.c b/src/or/circpathbias.c
index c1c1ca31b..ff42bf91e 100644
--- a/src/or/circpathbias.c
+++ b/src/or/circpathbias.c
@@ -30,6 +30,7 @@
#include "circuitstats.h"
#include "connection_edge.h"
#include "config.h"
+#include "crypto_rand.h"
#include "entrynodes.h"
#include "networkstatus.h"
#include "relay.h"
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 8b7990e5f..fbc4fc4ac 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -43,7 +43,7 @@
#include "connection_edge.h"
#include "connection_or.h"
#include "control.h"
-#include "crypto.h"
+#include "crypto_rand.h"
#include "directory.h"
#include "entrynodes.h"
#include "hs_ntor.h"
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index f362b8e97..02e218134 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -65,6 +65,8 @@
#include "connection_edge.h"
#include "connection_or.h"
#include "control.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "entrynodes.h"
#include "main.h"
#include "hs_circuit.h"
diff --git a/src/or/circuitstats.c b/src/or/circuitstats.c
index 643831927..0dfde67f8 100644
--- a/src/or/circuitstats.c
+++ b/src/or/circuitstats.c
@@ -31,6 +31,7 @@
#include "config.h"
#include "confparse.h"
#include "control.h"
+#include "crypto_rand.h"
#include "main.h"
#include "networkstatus.h"
#include "rendclient.h"
diff --git a/src/or/command.c b/src/or/command.c
index 4f99462f3..aa792a006 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -46,6 +46,7 @@
#include "config.h"
#include "control.h"
#include "cpuworker.h"
+#include "crypto_util.h"
#include "dos.h"
#include "hibernate.h"
#include "nodelist.h"
diff --git a/src/or/config.c b/src/or/config.c
index 212c6c6b9..18298937e 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -78,6 +78,8 @@
#include "control.h"
#include "confparse.h"
#include "cpuworker.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "dirserv.h"
#include "dirvote.h"
#include "dns.h"
diff --git a/src/or/connection.c b/src/or/connection.c
index 5532551cf..69a8d24c9 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -76,6 +76,7 @@
#include "connection_edge.h"
#include "connection_or.h"
#include "control.h"
+#include "crypto_util.h"
#include "directory.h"
#include "dirserv.h"
#include "dns.h"
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 948c8722b..d74512c45 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -70,6 +70,7 @@
#include "connection_edge.h"
#include "connection_or.h"
#include "control.h"
+#include "crypto_util.h"
#include "dns.h"
#include "dnsserv.h"
#include "directory.h"
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 267463312..ad5ee6a2b 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -39,6 +39,8 @@
#include "connection.h"
#include "connection_or.h"
#include "control.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "dirserv.h"
#include "entrynodes.h"
#include "geoip.h"
diff --git a/src/or/conscache.c b/src/or/conscache.c
index e25ac5f40..51dc9d621 100644
--- a/src/or/conscache.c
+++ b/src/or/conscache.c
@@ -5,6 +5,7 @@
#include "config.h"
#include "conscache.h"
+#include "crypto_util.h"
#include "storagedir.h"
#define CCE_MAGIC 0x17162253
diff --git a/src/or/control.c b/src/or/control.c
index 5cac0e172..ee4f02cb2 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -52,6 +52,8 @@
#include "connection_edge.h"
#include "connection_or.h"
#include "control.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "directory.h"
#include "dirserv.h"
#include "dnsserv.h"
diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index 7da7dc5f8..8f03d654a 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -24,6 +24,8 @@
#include "connection_or.h"
#include "config.h"
#include "cpuworker.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "main.h"
#include "onion.h"
#include "rephist.h"
diff --git a/src/or/directory.c b/src/or/directory.c
index c419b61d0..44e3d2f2a 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -18,6 +18,8 @@
#include "consdiffmgr.h"
#include "control.h"
#include "compat.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "directory.h"
#include "dirserv.h"
#include "dirvote.h"
diff --git a/src/or/dns.c b/src/or/dns.c
index e4dc8048e..34f28252f 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -56,6 +56,7 @@
#include "connection.h"
#include "connection_edge.h"
#include "control.h"
+#include "crypto_rand.h"
#include "dns.h"
#include "main.h"
#include "policies.h"
diff --git a/src/or/dos.c b/src/or/dos.c
index 4d1797eec..f78409a7b 100644
--- a/src/or/dos.c
+++ b/src/or/dos.c
@@ -11,6 +11,7 @@
#include "or.h"
#include "channel.h"
#include "config.h"
+#include "crypto_rand.h"
#include "geoip.h"
#include "main.h"
#include "networkstatus.h"
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 2b6ff38c9..42a776fe4 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -123,6 +123,7 @@
#include "confparse.h"
#include "connection.h"
#include "control.h"
+#include "crypto_rand.h"
#include "directory.h"
#include "entrynodes.h"
#include "main.h"
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 16a250fa5..8fff0f955 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -23,6 +23,8 @@
#include "ext_orport.h"
#include "control.h"
#include "config.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "main.h"
#include "proto_ext_or.h"
#include "util.h"
diff --git a/src/or/hibernate.c b/src/or/hibernate.c
index 7261cf800..2b50aa5f0 100644
--- a/src/or/hibernate.c
+++ b/src/or/hibernate.c
@@ -36,6 +36,7 @@ hibernating, phase 2:
#include "connection_edge.h"
#include "connection_or.h"
#include "control.h"
+#include "crypto_rand.h"
#include "hibernate.h"
#include "main.h"
#include "router.h"
diff --git a/src/or/hs_cache.c b/src/or/hs_cache.c
index df53efd32..ecc845d17 100644
--- a/src/or/hs_cache.c
+++ b/src/or/hs_cache.c
@@ -11,6 +11,7 @@
#include "or.h"
#include "config.h"
+#include "crypto_util.h"
#include "hs_ident.h"
#include "hs_common.h"
#include "hs_client.h"
diff --git a/src/or/hs_cell.c b/src/or/hs_cell.c
index ad92521d3..03273a44f 100644
--- a/src/or/hs_cell.c
+++ b/src/or/hs_cell.c
@@ -8,6 +8,7 @@
#include "or.h"
#include "config.h"
+#include "crypto_util.h"
#include "rendservice.h"
#include "replaycache.h"
#include "util.h"
diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c
index 3a674f622..38434fba3 100644
--- a/src/or/hs_circuit.c
+++ b/src/or/hs_circuit.c
@@ -13,6 +13,8 @@
#include "circuitlist.h"
#include "circuituse.h"
#include "config.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "nodelist.h"
#include "policies.h"
#include "relay.h"
diff --git a/src/or/hs_client.c b/src/or/hs_client.c
index 20963cd45..f07426052 100644
--- a/src/or/hs_client.c
+++ b/src/or/hs_client.c
@@ -13,6 +13,8 @@
#include "hs_ident.h"
#include "connection_edge.h"
#include "container.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "rendclient.h"
#include "hs_descriptor.h"
#include "hs_cache.h"
diff --git a/src/or/hs_common.c b/src/or/hs_common.c
index aa34b0e8f..5b0c4c07f 100644
--- a/src/or/hs_common.c
+++ b/src/or/hs_common.c
@@ -15,6 +15,8 @@
#include "config.h"
#include "circuitbuild.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "networkstatus.h"
#include "nodelist.h"
#include "hs_cache.h"
diff --git a/src/or/hs_control.c b/src/or/hs_control.c
index 87b4e3fca..87c41bf96 100644
--- a/src/or/hs_control.c
+++ b/src/or/hs_control.c
@@ -8,6 +8,7 @@
#include "or.h"
#include "control.h"
+#include "crypto_util.h"
#include "hs_common.h"
#include "hs_control.h"
#include "hs_descriptor.h"
diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index 7388807bc..eb48cb060 100644
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -59,6 +59,8 @@
#include "ed25519_cert.h" /* Trunnel interface. */
#include "hs_descriptor.h"
#include "circuitbuild.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "parsecommon.h"
#include "rendcache.h"
#include "hs_cache.h"
diff --git a/src/or/hs_descriptor.h b/src/or/hs_descriptor.h
index 09979410e..8195c6efb 100644
--- a/src/or/hs_descriptor.h
+++ b/src/or/hs_descriptor.h
@@ -16,6 +16,7 @@
#include "container.h"
#include "crypto.h"
#include "crypto_ed25519.h"
+#include "ed25519_cert.h" /* needed for trunnel */
#include "torcert.h"
/* Trunnel */
diff --git a/src/or/hs_ident.c b/src/or/hs_ident.c
index 0bce2f625..3603e329d 100644
--- a/src/or/hs_ident.c
+++ b/src/or/hs_ident.c
@@ -7,6 +7,7 @@
* subsytem.
**/
+#include "crypto_util.h"
#include "hs_ident.h"
/* Return a newly allocated circuit identifier. The given public key is copied
diff --git a/src/or/hs_ntor.c b/src/or/hs_ntor.c
index a416bc46c..809fa83bb 100644
--- a/src/or/hs_ntor.c
+++ b/src/or/hs_ntor.c
@@ -25,6 +25,7 @@
*/
#include "or.h"
+#include "crypto_util.h"
#include "hs_ntor.h"
/* String constants used by the ntor HS protocol */
diff --git a/src/or/hs_service.c b/src/or/hs_service.c
index ba8abc423..fdd5e449c 100644
--- a/src/or/hs_service.c
+++ b/src/or/hs_service.c
@@ -15,6 +15,8 @@
#include "circuituse.h"
#include "config.h"
#include "connection.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "directory.h"
#include "main.h"
#include "networkstatus.h"
diff --git a/src/or/main.c b/src/or/main.c
index a0d2ae075..b3f0a85cd 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -70,6 +70,7 @@
#include "control.h"
#include "cpuworker.h"
#include "crypto_s2k.h"
+#include "crypto_rand.h"
#include "directory.h"
#include "dirserv.h"
#include "dirvote.h"
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 235b95b70..e223b6f1b 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -48,6 +48,8 @@
#include "connection_or.h"
#include "consdiffmgr.h"
#include "control.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "directory.h"
#include "dirserv.h"
#include "dirvote.h"
diff --git a/src/or/onion.c b/src/or/onion.c
index 0c88c4d7e..829be12ba 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -67,6 +67,7 @@
#include "circuitlist.h"
#include "config.h"
#include "cpuworker.h"
+#include "crypto_util.h"
#include "networkstatus.h"
#include "onion.h"
#include "onion_fast.h"
diff --git a/src/or/onion_fast.c b/src/or/onion_fast.c
index de9103b1f..9f9b2199d 100644
--- a/src/or/onion_fast.c
+++ b/src/or/onion_fast.c
@@ -29,6 +29,8 @@
#include "or.h"
#include "onion_fast.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
/** Release all state held in <b>victim</b>. */
void
diff --git a/src/or/onion_ntor.c b/src/or/onion_ntor.c
index 8ad876a58..02d43cb72 100644
--- a/src/or/onion_ntor.c
+++ b/src/or/onion_ntor.c
@@ -23,6 +23,7 @@
#define ONION_NTOR_PRIVATE
#include "crypto.h"
#include "crypto_digest.h"
+#include "crypto_util.h"
#include "onion_ntor.h"
#include "torlog.h"
#include "util.h"
diff --git a/src/or/onion_tap.c b/src/or/onion_tap.c
index c71fa236e..44737034f 100644
--- a/src/or/onion_tap.c
+++ b/src/or/onion_tap.c
@@ -29,6 +29,8 @@
#include "or.h"
#include "config.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "onion_tap.h"
#include "rephist.h"
diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c
index 8700fe126..57a7d1cd6 100644
--- a/src/or/proto_socks.c
+++ b/src/or/proto_socks.c
@@ -9,6 +9,7 @@
#include "buffers.h"
#include "control.h"
#include "config.h"
+#include "crypto_util.h"
#include "ext_orport.h"
#include "proto_socks.h"
#include "reasons.h"
diff --git a/src/or/relay.c b/src/or/relay.c
index 5651579c3..96f43ca60 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -61,6 +61,8 @@
#include "connection_edge.h"
#include "connection_or.h"
#include "control.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "geoip.h"
#include "hs_cache.h"
#include "main.h"
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 9a1b97c6d..61dde8869 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -15,6 +15,8 @@
#include "config.h"
#include "connection.h"
#include "connection_edge.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "directory.h"
#include "hs_common.h"
#include "hs_circuit.h"
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index 230da4be5..50ca04838 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -14,6 +14,8 @@
#include "circuitbuild.h"
#include "config.h"
#include "control.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "hs_common.h"
#include "rendclient.h"
#include "rendcommon.h"
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index cc2242977..91ee321bc 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -16,6 +16,8 @@
#include "circuituse.h"
#include "config.h"
#include "control.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "directory.h"
#include "hs_common.h"
#include "hs_config.h"
diff --git a/src/or/rephist.c b/src/or/rephist.c
index ac3e9f502..fe52d206c 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -78,6 +78,7 @@
#include "circuitlist.h"
#include "circuituse.h"
#include "config.h"
+#include "crypto_rand.h"
#include "networkstatus.h"
#include "nodelist.h"
#include "rephist.h"
diff --git a/src/or/router.c b/src/or/router.c
index e5996f665..c52831348 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -13,6 +13,8 @@
#include "config.h"
#include "connection.h"
#include "control.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "crypto_curve25519.h"
#include "directory.h"
#include "dirserv.h"
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 1933aaf4b..43460da8c 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -16,6 +16,7 @@
#include "or.h"
#include "config.h"
+#include "crypto_util.h"
#include "router.h"
#include "crypto_pwbox.h"
#include "routerkeys.h"
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index bc3abb236..8793c64ed 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -99,6 +99,7 @@
#include "config.h"
#include "connection.h"
#include "control.h"
+#include "crypto_rand.h"
#include "directory.h"
#include "dirserv.h"
#include "dirvote.h"
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 79499f2e6..9967e139f 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -58,6 +58,7 @@
#include "or.h"
#include "config.h"
#include "circuitstats.h"
+#include "crypto_util.h"
#include "dirserv.h"
#include "dirvote.h"
#include "parsecommon.h"
diff --git a/src/or/shared_random.c b/src/or/shared_random.c
index 13416d6bc..745566877 100644
--- a/src/or/shared_random.c
+++ b/src/or/shared_random.c
@@ -91,6 +91,8 @@
#include "shared_random.h"
#include "config.h"
#include "confparse.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "dirvote.h"
#include "networkstatus.h"
#include "routerkeys.h"
diff --git a/src/or/shared_random_state.c b/src/or/shared_random_state.c
index 53782af59..80470e4e9 100644
--- a/src/or/shared_random_state.c
+++ b/src/or/shared_random_state.c
@@ -14,6 +14,7 @@
#include "shared_random.h"
#include "config.h"
#include "confparse.h"
+#include "crypto_util.h"
#include "dirvote.h"
#include "networkstatus.h"
#include "router.h"
diff --git a/src/or/torcert.c b/src/or/torcert.c
index 51935ddf7..1c5afd965 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -27,7 +27,7 @@
#include "or.h"
#include "config.h"
-#include "crypto.h"
+#include "crypto_util.h"
#include "torcert.h"
#include "ed25519_cert.h"
#include "torlog.h"
diff --git a/src/test/bench.c b/src/test/bench.c
index 92d7a244f..c99860acc 100644
--- a/src/test/bench.c
+++ b/src/test/bench.c
@@ -23,6 +23,7 @@
#include "crypto_curve25519.h"
#include "onion_ntor.h"
#include "crypto_ed25519.h"
+#include "crypto_rand.h"
#include "consdiff.h"
#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
diff --git a/src/test/rend_test_helpers.c b/src/test/rend_test_helpers.c
index 095bfecf2..9ac3894b0 100644
--- a/src/test/rend_test_helpers.c
+++ b/src/test/rend_test_helpers.c
@@ -2,6 +2,7 @@
/* See LICENSE for licensing information */
#include "or.h"
+#include "crypto_rand.h"
#include "test.h"
#include "rendcommon.h"
#include "rend_test_helpers.h"
diff --git a/src/test/test-memwipe.c b/src/test/test-memwipe.c
index 89d946d50..aaaf2e7f6 100644
--- a/src/test/test-memwipe.c
+++ b/src/test/test-memwipe.c
@@ -7,7 +7,7 @@
#include <sys/types.h>
#include <stdlib.h>
-#include "crypto.h"
+#include "crypto_util.h"
#include "compat.h"
#include "util.h"
diff --git a/src/test/test-timers.c b/src/test/test-timers.c
index a0b5b535c..a5c3a3b96 100644
--- a/src/test/test-timers.c
+++ b/src/test/test-timers.c
@@ -11,7 +11,7 @@
#include "compat.h"
#include "compat_libevent.h"
-#include "crypto.h"
+#include "crypto_rand.h"
#include "timers.h"
#include "util.h"
diff --git a/src/test/test.c b/src/test/test.c
index db70a24fc..6fe0dc7a3 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -9,6 +9,7 @@
**/
#include "orconfig.h"
+#include "crypto_rand.h"
#include <stdio.h>
#ifdef HAVE_FCNTL_H
diff --git a/src/test/test_address_set.c b/src/test/test_address_set.c
index df022f539..f7441a649 100644
--- a/src/test/test_address_set.c
+++ b/src/test/test_address_set.c
@@ -2,6 +2,7 @@
/* See LICENSE for licensing information */
#include "or.h"
+#include "crypto_rand.h"
#include "address_set.h"
#include "microdesc.h"
#include "networkstatus.h"
diff --git a/src/test/test_buffers.c b/src/test/test_buffers.c
index 057d9fa2d..868f6a8ba 100644
--- a/src/test/test_buffers.c
+++ b/src/test/test_buffers.c
@@ -8,6 +8,7 @@
#include "or.h"
#include "buffers.h"
#include "buffers_tls.h"
+#include "crypto_rand.h"
#include "proto_http.h"
#include "proto_socks.h"
#include "test.h"
diff --git a/src/test/test_cell_formats.c b/src/test/test_cell_formats.c
index 88cdef383..54d971678 100644
--- a/src/test/test_cell_formats.c
+++ b/src/test/test_cell_formats.c
@@ -12,6 +12,7 @@
#include "connection_edge.h"
#include "connection_or.h"
#include "config.h"
+#include "crypto_rand.h"
#include "onion.h"
#include "onion_tap.h"
#include "onion_fast.h"
diff --git a/src/test/test_channel.c b/src/test/test_channel.c
index 812ec6c1a..d2ce94962 100644
--- a/src/test/test_channel.c
+++ b/src/test/test_channel.c
@@ -12,6 +12,7 @@
#include "circuitmux_ewma.h"
/* For var_cell_free */
#include "connection_or.h"
+#include "crypto_rand.h"
/* For packed_cell stuff */
#define RELAY_PRIVATE
#include "relay.h"
diff --git a/src/test/test_consdiffmgr.c b/src/test/test_consdiffmgr.c
index a9a4b6a98..3b91baca3 100644
--- a/src/test/test_consdiffmgr.c
+++ b/src/test/test_consdiffmgr.c
@@ -9,6 +9,7 @@
#include "consdiff.h"
#include "consdiffmgr.h"
#include "cpuworker.h"
+#include "crypto_rand.h"
#include "networkstatus.h"
#include "routerparse.h"
#include "workqueue.h"
diff --git a/src/test/test_containers.c b/src/test/test_containers.c
index c4dba7375..3fc3523af 100644
--- a/src/test/test_containers.c
+++ b/src/test/test_containers.c
@@ -5,6 +5,7 @@
#include "orconfig.h"
#include "or.h"
+#include "crypto_rand.h"
#include "fp_pair.h"
#include "test.h"
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index c8443fd3b..24eef156b 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -5,7 +5,7 @@
#include "orconfig.h"
#define CRYPTO_CURVE25519_PRIVATE
-#define CRYPTO_PRIVATE
+#define CRYPTO_RAND_PRIVATE
#include "or.h"
#include "test.h"
#include "aes.h"
@@ -13,6 +13,7 @@
#include "siphash.h"
#include "crypto_curve25519.h"
#include "crypto_ed25519.h"
+#include "crypto_rand.h"
#include "ed25519_vectors.inc"
/** Run unit tests for Diffie-Hellman functionality. */
diff --git a/src/test/test_crypto_openssl.c b/src/test/test_crypto_openssl.c
index 090cb4242..a01627750 100644
--- a/src/test/test_crypto_openssl.c
+++ b/src/test/test_crypto_openssl.c
@@ -5,9 +5,9 @@
#include "orconfig.h"
-#define CRYPTO_PRIVATE
+#define CRYPTO_RAND_PRIVATE
-#include "crypto.h"
+#include "crypto_rand.h"
#include "util.h"
#include "util_format.h"
#include "compat.h"
diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c
index 2afb71ff5..0e1f5bd22 100644
--- a/src/test/test_crypto_slow.c
+++ b/src/test/test_crypto_slow.c
@@ -9,6 +9,7 @@
#include "test.h"
#include "crypto_s2k.h"
#include "crypto_pwbox.h"
+#include "crypto_rand.h"
#if defined(HAVE_LIBSCRYPT_H) && defined(HAVE_LIBSCRYPT_SCRYPT)
#define HAVE_LIBSCRYPT
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index 5fac045b2..7d3b5344b 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -23,6 +23,7 @@
#include "config.h"
#include "control.h"
#include "crypto_ed25519.h"
+#include "crypto_rand.h"
#include "directory.h"
#include "dirserv.h"
#include "dirvote.h"
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index cb9d9e559..8ae967f3a 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -8,6 +8,7 @@
#include "or.h"
#include "dos.h"
#include "circuitlist.h"
+#include "crypto_rand.h"
#include "geoip.h"
#include "channel.h"
#include "microdesc.h"
diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c
index 92a860360..85490d6bd 100644
--- a/src/test/test_entrynodes.c
+++ b/src/test/test_entrynodes.c
@@ -16,6 +16,7 @@
#include "circuitlist.h"
#include "config.h"
#include "confparse.h"
+#include "crypto_rand.h"
#include "directory.h"
#include "entrynodes.h"
#include "nodelist.h"
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index cadef257f..e05342cb8 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -10,6 +10,7 @@
#include "connection_or.h"
#include "config.h"
#include "control.h"
+#include "crypto_rand.h"
#include "ext_orport.h"
#include "main.h"
#include "test.h"
diff --git a/src/test/test_helpers.c b/src/test/test_helpers.c
index ab453d3bd..42e911431 100644
--- a/src/test/test_helpers.c
+++ b/src/test/test_helpers.c
@@ -18,6 +18,7 @@
#include "config.h"
#include "confparse.h"
#include "connection.h"
+#include "crypto_rand.h"
#include "main.h"
#include "nodelist.h"
#include "relay.h"
diff --git a/src/test/test_hs_cell.c b/src/test/test_hs_cell.c
index 1b3c788a6..5c5236b39 100644
--- a/src/test/test_hs_cell.c
+++ b/src/test/test_hs_cell.c
@@ -14,6 +14,7 @@
#include "log_test_helpers.h"
#include "crypto_ed25519.h"
+#include "crypto_rand.h"
#include "hs_cell.h"
#include "hs_intropoint.h"
#include "hs_service.h"
diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c
index 8c273c963..e5661ac86 100644
--- a/src/test/test_hs_common.c
+++ b/src/test/test_hs_common.c
@@ -17,6 +17,7 @@
#include "hs_test_helpers.h"
#include "connection_edge.h"
+#include "crypto_rand.h"
#include "hs_common.h"
#include "hs_client.h"
#include "hs_service.h"
diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
index 388b85f97..988f77f2f 100644
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -10,6 +10,7 @@
#include "crypto_ed25519.h"
#include "crypto_digest.h"
+#include "crypto_rand.h"
#include "ed25519_cert.h"
#include "or.h"
#include "hs_descriptor.h"
diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c
index fe3236c33..4253c9a38 100644
--- a/src/test/test_hs_intropoint.c
+++ b/src/test/test_hs_intropoint.c
@@ -13,7 +13,7 @@
#include "test.h"
#include "log_test_helpers.h"
-#include "crypto.h"
+#include "crypto_rand.h"
#include "or.h"
#include "circuitlist.h"
diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c
index de74fdb30..cad12481c 100644
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@@ -33,7 +33,7 @@
#include "circuitbuild.h"
#include "circuitlist.h"
#include "circuituse.h"
-#include "crypto.h"
+#include "crypto_rand.h"
#include "dirvote.h"
#include "networkstatus.h"
#include "nodelist.h"
diff --git a/src/test/test_nodelist.c b/src/test/test_nodelist.c
index a873003d7..9499fd038 100644
--- a/src/test/test_nodelist.c
+++ b/src/test/test_nodelist.c
@@ -7,6 +7,7 @@
**/
#include "or.h"
+#include "crypto_rand.h"
#include "networkstatus.h"
#include "nodelist.h"
#include "torcert.h"
diff --git a/src/test/test_oom.c b/src/test/test_oom.c
index c172fe60c..abf889645 100644
--- a/src/test/test_oom.c
+++ b/src/test/test_oom.c
@@ -13,6 +13,7 @@
#include "compat_libevent.h"
#include "connection.h"
#include "config.h"
+#include "crypto_rand.h"
#include "relay.h"
#include "test.h"
#include "test_helpers.h"
diff --git a/src/test/test_routerlist.c b/src/test/test_routerlist.c
index c19d66ef9..e56a868e0 100644
--- a/src/test/test_routerlist.c
+++ b/src/test/test_routerlist.c
@@ -18,6 +18,7 @@
#include "connection.h"
#include "container.h"
#include "control.h"
+#include "crypto_rand.h"
#include "directory.h"
#include "dirvote.h"
#include "entrynodes.h"
diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c
index 4fe9ee45f..7928518ef 100644
--- a/src/test/test_shared_random.c
+++ b/src/test/test_shared_random.c
@@ -9,6 +9,7 @@
#include "or.h"
#include "test.h"
#include "config.h"
+#include "crypto_rand.h"
#include "dirvote.h"
#include "shared_random.h"
#include "shared_random_state.h"
diff --git a/src/test/test_storagedir.c b/src/test/test_storagedir.c
index a27074c21..26606f9b6 100644
--- a/src/test/test_storagedir.c
+++ b/src/test/test_storagedir.c
@@ -2,6 +2,7 @@
/* See LICENSE for licensing information */
#include "or.h"
+#include "crypto_rand.h"
#include "storagedir.h"
#include "test.h"
diff --git a/src/test/test_util.c b/src/test/test_util.c
index ce8567d9a..e3a9eca2d 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -12,6 +12,7 @@
#include "buffers.h"
#include "config.h"
#include "control.h"
+#include "crypto_rand.h"
#include "test.h"
#include "memarea.h"
#include "util_process.h"
diff --git a/src/test/test_util_format.c b/src/test/test_util_format.c
index 683d5fdac..10645fe11 100644
--- a/src/test/test_util_format.c
+++ b/src/test/test_util_format.c
@@ -6,6 +6,7 @@
#include "test.h"
+#include "crypto_rand.h"
#define UTIL_FORMAT_PRIVATE
#include "util_format.h"
diff --git a/src/test/test_workqueue.c b/src/test/test_workqueue.c
index 2b0317371..972b655c1 100644
--- a/src/test/test_workqueue.c
+++ b/src/test/test_workqueue.c
@@ -7,8 +7,8 @@
#include "compat_threads.h"
#include "onion.h"
#include "workqueue.h"
-#include "crypto.h"
#include "crypto_curve25519.h"
+#include "crypto_rand.h"
#include "compat_libevent.h"
#include <stdio.h>
diff --git a/src/test/testing_common.c b/src/test/testing_common.c
index b9b36d96d..3e3b5a43f 100644
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@ -12,6 +12,7 @@
#include "or.h"
#include "control.h"
#include "config.h"
+#include "crypto_rand.h"
#include "rephist.h"
#include "backtrace.h"
#include "test.h"
diff --git a/src/test/testing_rsakeys.c b/src/test/testing_rsakeys.c
index 7a24c0ed1..94d3db328 100644
--- a/src/test/testing_rsakeys.c
+++ b/src/test/testing_rsakeys.c
@@ -3,6 +3,7 @@
* Copyright (c) 2007-2017, The Tor Project, Inc. */
/* See LICENSE for licensing information */
+#include "crypto_rand.h"
#include "orconfig.h"
#include "or.h"
#include "test.h"
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index 639a6fbc2..aafefdad7 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -40,6 +40,8 @@ ENABLE_GCC_WARNING(redundant-decls)
#include "torlog.h"
#include "crypto.h"
#include "crypto_digest.h"
+#include "crypto_rand.h"
+#include "crypto_util.h"
#include "address.h"
#include "util_format.h"
diff --git a/src/trunnel/trunnel-local.h b/src/trunnel/trunnel-local.h
index b7c2ab98e..8aa6d0dda 100644
--- a/src/trunnel/trunnel-local.h
+++ b/src/trunnel/trunnel-local.h
@@ -4,7 +4,7 @@
#include "util.h"
#include "compat.h"
-#include "crypto.h"
+#include "crypto_util.h"
#define trunnel_malloc tor_malloc
#define trunnel_calloc tor_calloc
1
0
[tor/master] crypto: Remove unnecessary includes from src/common/crypto.[ch]
by nickm@torproject.org 03 May '18
by nickm@torproject.org 03 May '18
03 May '18
commit 64e6551b8bb934335251c6965355660ec26e712d
Author: Isis Lovecruft <isis(a)torproject.org>
Date: Fri Apr 6 21:37:40 2018 +0000
crypto: Remove unnecessary includes from src/common/crypto.[ch]
* FIXES part of #24658: https://bugs.torproject.org/24658
---
src/common/crypto.c | 3 ---
src/common/crypto.h | 3 ---
2 files changed, 6 deletions(-)
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 8d5897e49..9c40243f8 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -36,14 +36,11 @@
DISABLE_GCC_WARNING(redundant-decls)
#include <openssl/err.h>
-#include <openssl/rsa.h>
-#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/conf.h>
-#include <openssl/hmac.h>
ENABLE_GCC_WARNING(redundant-decls)
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 61a2952d2..dcec90314 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -17,13 +17,10 @@
#include <stdio.h>
#include "torint.h"
-#include "testsupport.h"
#include "compat.h"
#include "util.h"
#include "crypto_rsa.h"
-#include "keccak-tiny/keccak-tiny.h"
-
/** Length of our symmetric cipher's keys of 128-bit. */
#define CIPHER_KEY_LEN 16
/** Length of our symmetric cipher's IV of 128-bit. */
1
0
03 May '18
commit e32fc0806d07b0ff83978132c56f7cbd1a2ad2ce
Author: Isis Lovecruft <isis(a)torproject.org>
Date: Fri Apr 6 21:42:15 2018 +0000
refactor: Alphabetise some includes in /src/or/*.
---
src/or/addressmap.c | 2 +-
src/or/ext_orport.c | 2 +-
src/or/hs_client.c | 28 ++++++++++++++--------------
src/or/rendclient.c | 4 ++--
src/or/rendcommon.c | 6 +++---
src/or/routerparse.c | 16 ++++++++--------
6 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/src/or/addressmap.c b/src/or/addressmap.c
index f691ef9aa..3cd153307 100644
--- a/src/or/addressmap.c
+++ b/src/or/addressmap.c
@@ -23,8 +23,8 @@
#include "control.h"
#include "crypto_rand.h"
#include "dns.h"
-#include "routerset.h"
#include "nodelist.h"
+#include "routerset.h"
/** A client-side struct to remember requests to rewrite addresses
* to new addresses. These structs are stored in the hash table
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 8fff0f955..b842442ca 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -20,11 +20,11 @@
#include "or.h"
#include "connection.h"
#include "connection_or.h"
-#include "ext_orport.h"
#include "control.h"
#include "config.h"
#include "crypto_rand.h"
#include "crypto_util.h"
+#include "ext_orport.h"
#include "main.h"
#include "proto_ext_or.h"
#include "util.h"
diff --git a/src/or/hs_client.c b/src/or/hs_client.c
index f07426052..26e8785d9 100644
--- a/src/or/hs_client.c
+++ b/src/or/hs_client.c
@@ -9,31 +9,31 @@
#define HS_CLIENT_PRIVATE
#include "or.h"
-#include "hs_circuit.h"
-#include "hs_ident.h"
+#include "circpathbias.h"
+#include "circuitbuild.h"
+#include "circuitlist.h"
+#include "circuituse.h"
+#include "config.h"
+#include "connection.h"
#include "connection_edge.h"
#include "container.h"
#include "crypto_rand.h"
#include "crypto_util.h"
-#include "rendclient.h"
-#include "hs_descriptor.h"
+#include "directory.h"
#include "hs_cache.h"
#include "hs_cell.h"
-#include "config.h"
-#include "directory.h"
+#include "hs_circuit.h"
#include "hs_client.h"
#include "hs_control.h"
-#include "router.h"
-#include "routerset.h"
-#include "circuitlist.h"
-#include "circuituse.h"
-#include "connection.h"
-#include "nodelist.h"
-#include "circpathbias.h"
+#include "hs_descriptor.h"
+#include "hs_ident.h"
#include "hs_ntor.h"
-#include "circuitbuild.h"
#include "networkstatus.h"
+#include "nodelist.h"
#include "reasons.h"
+#include "rendclient.h"
+#include "router.h"
+#include "routerset.h"
/* Return a human-readable string for the client fetch status code. */
static const char *
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 61dde8869..7ef12a4fa 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -15,12 +15,13 @@
#include "config.h"
#include "connection.h"
#include "connection_edge.h"
+#include "control.h"
#include "crypto_rand.h"
#include "crypto_util.h"
#include "directory.h"
-#include "hs_common.h"
#include "hs_circuit.h"
#include "hs_client.h"
+#include "hs_common.h"
#include "main.h"
#include "networkstatus.h"
#include "nodelist.h"
@@ -31,7 +32,6 @@
#include "router.h"
#include "routerlist.h"
#include "routerset.h"
-#include "control.h"
static extend_info_t *rend_client_get_random_intro_impl(
const rend_cache_entry_t *rend_query,
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index 50ca04838..3a7dfe28f 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -16,18 +16,18 @@
#include "control.h"
#include "crypto_rand.h"
#include "crypto_util.h"
+#include "hs_client.h"
#include "hs_common.h"
+#include "hs_intropoint.h"
+#include "networkstatus.h"
#include "rendclient.h"
#include "rendcommon.h"
#include "rendmid.h"
-#include "hs_intropoint.h"
-#include "hs_client.h"
#include "rendservice.h"
#include "rephist.h"
#include "router.h"
#include "routerlist.h"
#include "routerparse.h"
-#include "networkstatus.h"
/** Return 0 if one and two are the same service ids, else -1 or 1 */
int
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 9967e139f..b00b1c636 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -56,27 +56,27 @@
#define ROUTERPARSE_PRIVATE
#include "or.h"
-#include "config.h"
#include "circuitstats.h"
+#include "config.h"
#include "crypto_util.h"
#include "dirserv.h"
#include "dirvote.h"
+#include "entrynodes.h"
+#include "memarea.h"
+#include "microdesc.h"
+#include "networkstatus.h"
#include "parsecommon.h"
#include "policies.h"
#include "protover.h"
#include "rendcommon.h"
-#include "router.h"
-#include "routerlist.h"
-#include "memarea.h"
-#include "microdesc.h"
-#include "networkstatus.h"
#include "rephist.h"
+#include "router.h"
#include "routerkeys.h"
+#include "routerlist.h"
#include "routerparse.h"
-#include "entrynodes.h"
-#include "torcert.h"
#include "sandbox.h"
#include "shared_random.h"
+#include "torcert.h"
#undef log
#include <math.h>
1
0
[tor/master] crypto: Alphabetise some #includes in /src/common/crypto*.
by nickm@torproject.org 03 May '18
by nickm@torproject.org 03 May '18
03 May '18
commit 88190026b3286b32ac22c1bbd999b7f1de2aa79f
Author: Isis Lovecruft <isis(a)torproject.org>
Date: Fri Apr 6 21:40:17 2018 +0000
crypto: Alphabetise some #includes in /src/common/crypto*.
* FIXES part of #24658: https://bugs.torproject.org/24658
---
src/common/crypto.c | 4 ++--
src/common/crypto_curve25519.c | 2 +-
src/common/crypto_ed25519.c | 3 +--
src/common/crypto_format.c | 2 +-
src/common/crypto_pwbox.c | 4 ++--
src/common/crypto_rsa.c | 6 +++---
src/common/crypto_s2k.c | 6 +++---
src/common/include.am | 6 +++---
8 files changed, 16 insertions(+), 17 deletions(-)
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 9c40243f8..ae7b519f9 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -23,14 +23,14 @@
#endif /* defined(_WIN32) */
#define CRYPTO_PRIVATE
-#include "crypto.h"
#include "compat_openssl.h"
+#include "crypto.h"
#include "crypto_curve25519.h"
+#include "crypto_digest.h"
#include "crypto_ed25519.h"
#include "crypto_format.h"
#include "crypto_rand.h"
#include "crypto_rsa.h"
-#include "crypto_digest.h"
#include "crypto_util.h"
DISABLE_GCC_WARNING(redundant-decls)
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index 0719c2f85..becd70669 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -23,8 +23,8 @@
#include "container.h"
#include "crypto.h"
#include "crypto_curve25519.h"
-#include "crypto_format.h"
#include "crypto_digest.h"
+#include "crypto_format.h"
#include "crypto_rand.h"
#include "crypto_util.h"
#include "util.h"
diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
index baddb77dd..25e0cd034 100644
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -22,9 +22,8 @@
#endif
#include "crypto.h"
-
-#include "crypto_digest.h"
#include "crypto_curve25519.h"
+#include "crypto_digest.h"
#include "crypto_ed25519.h"
#include "crypto_format.h"
#include "crypto_rand.h"
diff --git a/src/common/crypto_format.c b/src/common/crypto_format.c
index c0cade2f5..a76203207 100644
--- a/src/common/crypto_format.c
+++ b/src/common/crypto_format.c
@@ -17,9 +17,9 @@
#include "container.h"
#include "crypto.h"
#include "crypto_curve25519.h"
+#include "crypto_digest.h"
#include "crypto_ed25519.h"
#include "crypto_format.h"
-#include "crypto_digest.h"
#include "crypto_util.h"
#include "util.h"
#include "util_format.h"
diff --git a/src/common/crypto_pwbox.c b/src/common/crypto_pwbox.c
index e49ca226e..c2bd1d26c 100644
--- a/src/common/crypto_pwbox.c
+++ b/src/common/crypto_pwbox.c
@@ -9,10 +9,10 @@
*/
#include "crypto.h"
-#include "crypto_s2k.h"
-#include "crypto_pwbox.h"
#include "crypto_digest.h"
+#include "crypto_pwbox.h"
#include "crypto_rand.h"
+#include "crypto_s2k.h"
#include "crypto_util.h"
#include "di_ops.h"
#include "util.h"
diff --git a/src/common/crypto_rsa.c b/src/common/crypto_rsa.c
index 0e006b0eb..0a88b0e77 100644
--- a/src/common/crypto_rsa.c
+++ b/src/common/crypto_rsa.c
@@ -9,13 +9,13 @@
* \brief Block of functions related with RSA utilities and operations.
**/
-#include "crypto_rsa.h"
#include "crypto.h"
-#include "compat_openssl.h"
#include "crypto_curve25519.h"
-#include "crypto_format.h"
#include "crypto_digest.h"
+#include "crypto_format.h"
+#include "compat_openssl.h"
#include "crypto_rand.h"
+#include "crypto_rsa.h"
#include "crypto_util.h"
DISABLE_GCC_WARNING(redundant-decls)
diff --git a/src/common/crypto_s2k.c b/src/common/crypto_s2k.c
index 7d7f475b6..8543760ec 100644
--- a/src/common/crypto_s2k.c
+++ b/src/common/crypto_s2k.c
@@ -12,13 +12,13 @@
#define CRYPTO_S2K_PRIVATE
-#include "crypto.h"
-#include "util.h"
#include "compat.h"
-#include "crypto_s2k.h"
+#include "crypto.h"
#include "crypto_digest.h"
#include "crypto_rand.h"
+#include "crypto_s2k.h"
#include "crypto_util.h"
+#include "util.h"
#include <openssl/evp.h>
diff --git a/src/common/include.am b/src/common/include.am
index f0cbd0e1d..81ae8fc27 100644
--- a/src/common/include.am
+++ b/src/common/include.am
@@ -115,12 +115,12 @@ LIBOR_CRYPTO_A_SRC = \
src/common/compress_zstd.c \
src/common/crypto.c \
src/common/crypto_digest.c \
- src/common/crypto_rsa.c \
+ src/common/crypto_format.c \
src/common/crypto_openssl_mgt.c \
src/common/crypto_pwbox.c \
src/common/crypto_rand.c \
+ src/common/crypto_rsa.c \
src/common/crypto_s2k.c \
- src/common/crypto_format.c \
src/common/crypto_util.c \
src/common/tortls.c \
src/common/crypto_curve25519.c \
@@ -173,9 +173,9 @@ COMMONHEADERS = \
src/common/crypto_ed25519.h \
src/common/crypto_format.h \
src/common/crypto_openssl_mgt.h \
- src/common/crypto_rsa.h \
src/common/crypto_pwbox.h \
src/common/crypto_rand.h \
+ src/common/crypto_rsa.h \
src/common/crypto_s2k.h \
src/common/crypto_util.h \
src/common/di_ops.h \
1
0
[tor/master] refactor: Remove unnecessary `#include "crypto.h"` throughout codebase.
by nickm@torproject.org 03 May '18
by nickm@torproject.org 03 May '18
03 May '18
commit 809f6fae848f53d2096bef1b2e99bcc929872e2a
Author: Isis Lovecruft <isis(a)torproject.org>
Date: Fri Apr 6 22:04:50 2018 +0000
refactor: Remove unnecessary `#include "crypto.h"` throughout codebase.
* FIXES part of #24658: https://bugs.torproject.org/24658
---
src/common/aes.c | 1 -
src/common/crypto_curve25519.c | 1 -
src/common/crypto_ed25519.c | 1 -
src/common/crypto_format.c | 1 -
src/ext/ed25519/ref10/randombytes.h | 2 +-
src/or/hs_cache.h | 1 -
src/or/hs_circuit.h | 1 -
src/or/hs_ident.h | 1 -
src/test/test_dir_common.c | 1 -
9 files changed, 1 insertion(+), 9 deletions(-)
diff --git a/src/common/aes.c b/src/common/aes.c
index 5d0841dfa..6033bbe1f 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -17,7 +17,6 @@
#endif
#include <openssl/opensslv.h>
-#include "crypto.h"
#include "crypto_openssl_mgt.h"
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index becd70669..996d94c6e 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -21,7 +21,6 @@
#include <sys/stat.h>
#endif
#include "container.h"
-#include "crypto.h"
#include "crypto_curve25519.h"
#include "crypto_digest.h"
#include "crypto_format.h"
diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
index 25e0cd034..9c13e3bdf 100644
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -21,7 +21,6 @@
#include <sys/stat.h>
#endif
-#include "crypto.h"
#include "crypto_curve25519.h"
#include "crypto_digest.h"
#include "crypto_ed25519.h"
diff --git a/src/common/crypto_format.c b/src/common/crypto_format.c
index a76203207..460e85bac 100644
--- a/src/common/crypto_format.c
+++ b/src/common/crypto_format.c
@@ -15,7 +15,6 @@
#include <sys/stat.h>
#endif
#include "container.h"
-#include "crypto.h"
#include "crypto_curve25519.h"
#include "crypto_digest.h"
#include "crypto_ed25519.h"
diff --git a/src/ext/ed25519/ref10/randombytes.h b/src/ext/ed25519/ref10/randombytes.h
index 8bf31631f..a21dde854 100644
--- a/src/ext/ed25519/ref10/randombytes.h
+++ b/src/ext/ed25519/ref10/randombytes.h
@@ -1,4 +1,4 @@
/* Added for Tor. */
-#include "crypto.h"
+#include "crypto_rand.h"
#define randombytes(b, n) \
(crypto_strongest_rand((b), (n)), 0)
diff --git a/src/or/hs_cache.h b/src/or/hs_cache.h
index a141634cc..0d0085ffd 100644
--- a/src/or/hs_cache.h
+++ b/src/or/hs_cache.h
@@ -11,7 +11,6 @@
#include <stdint.h>
-#include "crypto.h"
#include "crypto_ed25519.h"
#include "hs_common.h"
#include "hs_descriptor.h"
diff --git a/src/or/hs_circuit.h b/src/or/hs_circuit.h
index 2f5beaa16..f69137e1d 100644
--- a/src/or/hs_circuit.h
+++ b/src/or/hs_circuit.h
@@ -10,7 +10,6 @@
#define TOR_HS_CIRCUIT_H
#include "or.h"
-#include "crypto.h"
#include "crypto_ed25519.h"
#include "hs_service.h"
diff --git a/src/or/hs_ident.h b/src/or/hs_ident.h
index 91ec389aa..8f9da30c3 100644
--- a/src/or/hs_ident.h
+++ b/src/or/hs_ident.h
@@ -21,7 +21,6 @@
#ifndef TOR_HS_IDENT_H
#define TOR_HS_IDENT_H
-#include "crypto.h"
#include "crypto_ed25519.h"
#include "hs_common.h"
diff --git a/src/test/test_dir_common.c b/src/test/test_dir_common.c
index fdf43533a..a353ddb79 100644
--- a/src/test/test_dir_common.c
+++ b/src/test/test_dir_common.c
@@ -5,7 +5,6 @@
#include "orconfig.h"
#define DIRVOTE_PRIVATE
-#include "crypto.h"
#include "test.h"
#include "container.h"
#include "or.h"
1
0
[tor/master] rust: Expose our (P)RNGs in Rust and provide safe wrappers.
by nickm@torproject.org 03 May '18
by nickm@torproject.org 03 May '18
03 May '18
commit 49639b282602c5389e30f906f535c29ddaa62308
Author: Isis Lovecruft <isis(a)torproject.org>
Date: Tue Apr 10 19:05:42 2018 +0000
rust: Expose our (P)RNGs in Rust and provide safe wrappers.
* FIXES #24660: https://bugs.torproject.org/24660
---
src/rust/Cargo.lock | 18 ++++
src/rust/Cargo.toml | 4 +-
src/rust/external/crypto_rand.rs | 95 ++++++++++++++++++++
src/rust/external/lib.rs | 4 +-
src/rust/rand/Cargo.toml | 24 +++++
src/rust/rand/lib.rs | 15 ++++
src/rust/rand/prng.rs | 184 +++++++++++++++++++++++++++++++++++++++
src/rust/rand/rng.rs | 94 ++++++++++++++++++++
8 files changed, 436 insertions(+), 2 deletions(-)
diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock
index 91c0502c6..714e29edc 100644
--- a/src/rust/Cargo.lock
+++ b/src/rust/Cargo.lock
@@ -23,6 +23,23 @@ dependencies = [
]
[[package]]
+name = "rand"
+version = "0.0.1"
+dependencies = [
+ "external 0.0.1",
+ "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)",
+ "rand_core 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "tor_allocate 0.0.1",
+ "tor_log 0.1.0",
+ "tor_util 0.0.1",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
name = "smartlist"
version = "0.0.1"
dependencies = [
@@ -63,3 +80,4 @@ dependencies = [
[metadata]
"checksum libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)" = "f54263ad99207254cf58b5f701ecb432c717445ea2ee8af387334bdd1a03fdff"
+"checksum rand_core 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "0224284424a4b818387b58d59336c288f99b48f69681aa60cc681fe038bbca5d"
diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
index 4ae8033eb..d47cd6422 100644
--- a/src/rust/Cargo.toml
+++ b/src/rust/Cargo.toml
@@ -1,6 +1,8 @@
[workspace]
members = ["tor_util", "protover", "smartlist", "external", "tor_allocate",
-"tor_rust", "tor_log"]
+"tor_rust", "tor_log",
+ "rand",
+]
[profile.release]
debug = true
diff --git a/src/rust/external/crypto_rand.rs b/src/rust/external/crypto_rand.rs
new file mode 100644
index 000000000..19b9ab281
--- /dev/null
+++ b/src/rust/external/crypto_rand.rs
@@ -0,0 +1,95 @@
+// Copyright (c) 2018, The Tor Project, Inc.
+// Copyright (c) 2018, isis agora lovecruft
+// See LICENSE for licensing information
+
+//! Bindings to external (P)RNG interfaces and utilities in
+//! src/common/crypto_rand.[ch].
+//!
+//! We wrap our C implementations in src/common/crypto_rand.[ch] here in order
+//! to provide wrappers with native Rust types, and then provide more Rusty
+//! types and and trait implementations in src/rust/crypto/rand/.
+
+use std::time::Duration;
+
+use libc::c_char;
+use libc::c_double;
+use libc::c_int;
+use libc::c_uint;
+use libc::c_void;
+use libc::size_t;
+use libc::time_t;
+use libc::uint8_t;
+use libc::uint64_t;
+
+extern "C" {
+ fn crypto_seed_rng() -> c_int;
+ fn crypto_strongest_rand(out: *mut uint8_t, out_len: size_t);
+ fn crypto_rand_time_range(min: time_t, max: time_t) -> time_t;
+ fn crypto_rand_double() -> c_double;
+ // fn crypto_random_hostname(min_rand_len: c_int, max_rand_len: c_int,
+ // prefix: *const c_char, suffix: *const c_char) -> *mut c_char;
+}
+
+/// Seed OpenSSL's random number generator with bytes from the operating
+/// system.
+///
+/// # Returns
+///
+/// `true` on success; `false` on failure.
+pub fn c_tor_crypto_seed_rng() -> bool {
+ let ret: c_int;
+
+ unsafe {
+ ret = crypto_seed_rng();
+ }
+ match ret {
+ 0 => return true,
+ _ => return false,
+ }
+}
+
+/// Fill the bytes of `dest` with strong random data.
+pub fn c_tor_crypto_strongest_rand(dest: &mut [u8]) {
+ // We'll let the C side panic if the len is larger than
+ // MAX_STRONGEST_RAND_SIZE, rather than potentially panicking here. A
+ // paranoid caller should assert on the length of dest *before* calling this
+ // function.
+ unsafe {
+ crypto_strongest_rand(dest.as_mut_ptr(), dest.len() as size_t);
+ }
+}
+
+/// Get a random time, in seconds since the Unix Epoch.
+///
+/// # Returns
+///
+/// A `std::time::Duration` of seconds since the Unix Epoch.
+pub fn c_tor_crypto_rand_time_range(min: &Duration, max: &Duration) -> Duration {
+ let ret: time_t;
+
+ unsafe {
+ ret = crypto_rand_time_range(min.as_secs() as time_t, max.as_secs() as time_t);
+ }
+
+ Duration::from_secs(ret as u64)
+}
+
+/// Return a pseudorandom 64-bit float, chosen uniformly from the range [0.0, 1.0).
+pub fn c_tor_crypto_rand_double() -> f64 {
+ unsafe {
+ crypto_rand_double()
+ }
+}
+
+#[cfg(test)]
+mod test {
+ use super::*;
+
+ #[test]
+ fn test_layout_tor_weak_rng_t() {
+ assert_eq!(::std::mem::size_of::<tor_weak_rng_t>(), 0usize,
+ concat!("Size of: ", stringify!(tor_weak_rng_t)));
+ assert_eq!(::std::mem::align_of::<tor_weak_rng_t>(), 1usize,
+ concat!("Alignment of ", stringify!(tor_weak_rng_t)));
+ }
+}
diff --git a/src/rust/external/lib.rs b/src/rust/external/lib.rs
index 0af0d6452..5fd74cf4c 100644
--- a/src/rust/external/lib.rs
+++ b/src/rust/external/lib.rs
@@ -1,4 +1,4 @@
-//! Copyright (c) 2016-2017, The Tor Project, Inc. */
+//! Copyright (c) 2016-2018, The Tor Project, Inc. */
//! See LICENSE for licensing information */
//! Interface for external calls to tor C ABI
@@ -9,6 +9,8 @@
extern crate libc;
+mod crypto_rand;
mod external;
+pub use crypto_rand::*;
pub use external::*;
diff --git a/src/rust/rand/Cargo.toml b/src/rust/rand/Cargo.toml
new file mode 100644
index 000000000..cab71afa7
--- /dev/null
+++ b/src/rust/rand/Cargo.toml
@@ -0,0 +1,24 @@
+# TODO: Note that this package should be merged into the "crypto" crate after #24659 is merged.
+
+[package]
+authors = ["The Tor Project"]
+version = "0.0.1"
+name = "rand"
+publish = false
+
+[features]
+testing = ["tor_log/testing"]
+
+[dependencies]
+libc = "=0.2.39"
+rand_core = "=0.1.0"
+
+external = { path = "../external" }
+tor_allocate = { path = "../tor_allocate" }
+tor_log = { path = "../tor_log" }
+tor_util = { path = "../tor_util" }
+
+[lib]
+name = "rand"
+path = "lib.rs"
+crate_type = ["rlib", "staticlib"]
diff --git a/src/rust/rand/lib.rs b/src/rust/rand/lib.rs
new file mode 100644
index 000000000..ee034cf1f
--- /dev/null
+++ b/src/rust/rand/lib.rs
@@ -0,0 +1,15 @@
+// Copyright (c) 2018, The Tor Project, Inc.
+// Copyright (c) 2018, isis agora lovecruft
+// See LICENSE for licensing information
+
+// External dependencies
+extern crate rand_core;
+
+// Internal dependencies
+extern crate external;
+#[cfg(not(test))]
+#[macro_use]
+extern crate tor_log;
+
+pub mod rng;
+pub mod prng;
diff --git a/src/rust/rand/prng.rs b/src/rust/rand/prng.rs
new file mode 100644
index 000000000..ed3f5161e
--- /dev/null
+++ b/src/rust/rand/prng.rs
@@ -0,0 +1,184 @@
+// Copyright (c) 2018, The Tor Project, Inc.
+// Copyright (c) 2018, isis agora lovecruft
+// See LICENSE for licensing information
+
+//! Wrappers for Tor's pseudo-random number generator to provide implementations
+//! of `rand_core` traits.
+
+use rand_core::impls;
+#[cfg(test)] use rand_core::CryptoRng;
+use rand_core::Error;
+use rand_core::RngCore;
+use rand_core::SeedableRng;
+
+/// A cryptographically-/insecure/ psuedo-random number generator based
+/// on a mixed congruential generator.
+///
+/// Specifically the PRNG state, `X`, is mutated by the following
+/// discontinuous linear equation:
+///
+/// ```text
+/// X_{i} = (a X_{i-1} + b) mod n
+/// ```
+///
+/// where, in our case, we reuse the same parameters as OpenBSD and glibc,
+/// `a=1103515245`, `b=12345`, and `n=2147483647`, which should produce a
+/// maximal period over the range `0..u32::MAX`.
+///
+/// # Note
+///
+/// We reimplement the C here, rather than wrapping it, as it's one line of
+/// pure-Rust code (meaning it can also trivially be used in Rust tests without
+/// running into potential linker issues), as opposed to a few lines of `unsafe`
+/// calls to C.
+///
+/// # Warning
+///
+/// This should hopefully go without saying, but this PRNG is completely
+/// insecure and should never be used for anything an adversary should be unable
+/// to predict.
+//
+// C_RUST_COUPLED: `tor_weak_rng_t` /src/common/util.c
+pub struct TorInsecurePrng {
+ state: u32,
+}
+
+impl SeedableRng for TorInsecurePrng {
+ type Seed = [u8; 4];
+
+ /// Create a new PRNG from a random 32-bit seed.
+ //
+ // C_RUST_COUPLED: `tor_init_weak_random()` /src/common/util.c
+ fn from_seed(seed: Self::Seed) -> Self {
+ let mut combined: u32 = seed[0].to_le() as u32;
+
+ // Rather than using std::mem::transmute, we'll just bitwise-OR them
+ // into each other.
+ combined = (seed[1].to_le() as u32) << 8 | combined;
+ combined = (seed[2].to_le() as u32) << 16 | combined;
+ combined = (seed[2].to_le() as u32) << 24 | combined;
+
+ TorInsecurePrng{ state: (combined & 0x7fffffff).to_le() }
+ }
+}
+
+impl TorInsecurePrng {
+ /// This is the equivalent function to `tor_weak_random()`.
+ //
+ // C_RUST_COUPLED: `tor_weak_random()` /src/common/util.c
+ pub fn next_i32(&mut self) -> i32 {
+ // The C code appears to purposefully overflow the 32-bit state integer.
+ self.state = (self.state.wrapping_mul(1103515245).wrapping_add(12345) & 0x7fffffff).to_le();
+ self.state as i32
+ }
+}
+
+
+impl RngCore for TorInsecurePrng {
+ // C_RUST_COUPLED: `tor_weak_random()` /src/common/util.c
+ fn next_u32(&mut self) -> u32 {
+ let x: u32 = self.next_i32() as u32;
+ let y: u32 = self.next_i32() as u32;
+
+ // We have to add two samples together due to modding 0x7fffffff
+ x + y
+ }
+
+ fn next_u64(&mut self) -> u64 {
+ impls::next_u64_via_u32(self)
+ }
+
+ fn fill_bytes(&mut self, dest: &mut [u8]) {
+ impls::fill_bytes_via_u32(self, dest);
+ }
+
+ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+ Ok(self.fill_bytes(dest))
+ }
+}
+
+/// If we're running tests, it's fine to pretend this PRNG is cryptographically
+/// secure. (This allows us to test which require an implementation of
+/// `CryptoRng` without actually initialising all the OpenSSL C code.)
+#[cfg(test)]
+impl CryptoRng for TorInsecurePrng {}
+
+#[cfg(test)]
+mod test {
+ use super::*;
+
+ #[test]
+ fn next_u32_shouldnt_return_same_number_twice_in_a_row() {
+ // This test will fail 1 out of 2^{64} times (5.42 e-20), but the
+ // probability of a particle radiating off a star and hitting your RAM
+ // is roughly 1.4 e-15 per byte of RAM per second, so if this fails,
+ // blame ~~Cosmic Rays~~ and not anyone named isis.
+ let mut prng: TorInsecurePrng = TorInsecurePrng::from_seed([0xDE, 0xAD, 0x15, 0x15]);
+
+ let one: u32 = prng.next_u32();
+ let two: u32 = prng.next_u32();
+
+ assert!(one != two);
+ }
+
+ #[test]
+ fn next_u32_should_have_uniform_distribution_average() {
+ let mut prng: TorInsecurePrng = TorInsecurePrng::from_seed([0xDE, 0xAD, 0x15, 0x15]);
+ let mut accumulator: Vec<u32> = Vec::new();
+ let n: u64 = 10_000;
+
+ for _ in 0 .. n as usize {
+ accumulator.push(prng.next_u32());
+ }
+ let total: u64 = accumulator.iter().fold(0, |acc,&x| acc + (x as u64));
+ let average = total / n;
+ println!("average is {:?}", average);
+
+ assert!(average <= 0x7fffffff + 0xf00000);
+ assert!(average >= 0x7fffffff - 0xf00000);
+ }
+
+ #[test]
+ fn next_u32_shouldnt_have_bit_bias() {
+ // Since the modulus in the mixed congruential generator isn't a power
+ // of two, the bits should not have any statistical bias.
+ let mut prng: TorInsecurePrng = TorInsecurePrng::from_seed([0xDE, 0xAD, 0x15, 0x15]);
+ let mut accumulator: Vec<u32> = Vec::new();
+ let n: u64 = 10_000;
+
+ for _ in 0 .. n as usize {
+ accumulator.push(prng.next_u32().count_ones());
+ }
+ let total: u64 = accumulator.iter().fold(0, |acc,&x| acc + (x as u64));
+ let average = total / n;
+ println!("average is {:?}", average);
+
+ assert!(average == 16);
+ }
+
+ #[test]
+ fn next_u64_shouldnt_return_same_number_twice_in_a_row() {
+ // This test will fail 1 out of 2^{128} times (2.94 e-39), but the
+ // probability of a particle radiating off a star and hitting your RAM
+ // is roughly 1.4 e-15 per byte of RAM per second, so if this fails,
+ // blame ~~Cosmic Rays~~ and not anyone named isis.
+ let mut prng: TorInsecurePrng = TorInsecurePrng::from_seed([0xDE, 0xAD, 0x15, 0x15]);
+
+ let one: u64 = prng.next_u64();
+ let two: u64 = prng.next_u64();
+
+ assert!(one != two);
+ }
+
+ #[test]
+ fn fill_bytes_shouldnt_leave_all_zeroes() {
+ // Again, 1 in 256^8 (5.42 e-20) chances this fails.
+ // ~~Cosmic Rays~~, I tell you.
+ let mut prng: TorInsecurePrng = TorInsecurePrng::from_seed([0xDE, 0xAD, 0x15, 0x15]);
+ let mut bytes: [u8; 8] = [0u8; 8];
+
+ prng.fill_bytes(&mut bytes);
+
+ assert!(bytes != [0u8; 8]);
+ }
+}
diff --git a/src/rust/rand/rng.rs b/src/rust/rand/rng.rs
new file mode 100644
index 000000000..a334f5f09
--- /dev/null
+++ b/src/rust/rand/rng.rs
@@ -0,0 +1,94 @@
+// Copyright (c) 2018, The Tor Project, Inc.
+// Copyright (c) 2018, isis agora lovecruft
+// See LICENSE for licensing information
+
+//! Wrappers for Tor's random number generator to provide implementations of
+//! `rand_core` traits.
+
+// This is the real implementation, in use in production, which calls into our C
+// wrappers in /src/common/crypto_rand.c, which call into OpenSSL, system
+// libraries, and make syscalls.
+#[cfg(not(test))]
+mod internal {
+ use std::u64;
+
+ use rand_core::CryptoRng;
+ use rand_core::Error;
+ use rand_core::RngCore;
+ use rand_core::impls::next_u32_via_fill;
+ use rand_core::impls::next_u64_via_fill;
+
+ use external::c_tor_crypto_strongest_rand;
+ use external::c_tor_crypto_seed_rng;
+
+ use tor_log::LogDomain;
+ use tor_log::LogSeverity;
+
+ /// Largest strong entropy request permitted.
+ //
+ // C_RUST_COUPLED: `MAX_STRONGEST_RAND_SIZE` /src/common/crypto_rand.c
+ const MAX_STRONGEST_RAND_SIZE: usize = 256;
+
+ /// A wrapper around OpenSSL's RNG.
+ pub struct TorRng {
+ // This private, zero-length field forces the struct to be treated the
+ // same as its opaque C couterpart.
+ _unused: [u8; 0],
+ }
+
+ /// Mark `TorRng` as being suitable for cryptographic purposes.
+ impl CryptoRng for TorRng {}
+
+ impl TorRng {
+ // C_RUST_COUPLED: `crypto_seed_rng()` /src/common/crypto_rand.c
+ #[allow(dead_code)]
+ fn new() -> Self {
+ if !c_tor_crypto_seed_rng() {
+ tor_log_msg!(LogSeverity::Warn, LogDomain::General,
+ "TorRng::from_seed()",
+ "The RNG could not be seeded!");
+ }
+ // XXX also log success at info level —isis
+ TorRng{ _unused: [0u8; 0] }
+ }
+ }
+
+ impl RngCore for TorRng {
+ // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c
+ fn next_u32(&mut self) -> u32 {
+ next_u32_via_fill(self)
+ }
+
+ // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c
+ fn next_u64(&mut self) -> u64 {
+ next_u64_via_fill(self)
+ }
+
+ // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c
+ fn fill_bytes(&mut self, dest: &mut [u8]) {
+ debug_assert!(dest.len() <= MAX_STRONGEST_RAND_SIZE);
+
+ c_tor_crypto_strongest_rand(dest);
+ }
+
+ // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c
+ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+ Ok(self.fill_bytes(dest))
+ }
+ }
+}
+
+// For testing, we expose the pure-Rust implementation of a
+// cryptographically-insecure PRNG which mirrors the implementation of
+// `tor_weak_rng_t` in C.
+#[cfg(test)]
+mod internal {
+ use prng::TorInsecurePrng;
+
+ pub type TorRng = TorInsecurePrng;
+}
+
+// Finally, expose the public functionality of whichever appropriate internal
+// module.
+pub use self::internal::*;
+
1
0