- tor-commits - lists.torproject.org

[tor/master] Add a data-independent variant of memcmp and a d-i memeq function.
by nickm＠torproject.org 12 May '11

12 May '11

commit 4b19730c8234de3587bd50256fcb11660fb07388 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 9 18:39:23 2011 -0400 Add a data-independent variant of memcmp and a d-i memeq function. The tor_memcmp code is by Robert Ransom, and the tor_memeq code is by me. Both incorporate some ideas from DJB's stuff. --- changes/bug3122_memcmp | 7 +++ configure.in | 18 +++++++ src/common/Makefile.am | 4 +- src/common/di_ops.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++++ src/common/di_ops.h | 28 ++++++++++ src/or/test.c | 55 ++++++++++++++++++++ 6 files changed, 243 insertions(+), 2 deletions(-) diff --git a/changes/bug3122_memcmp b/changes/bug3122_memcmp new file mode 100644 index 0000000..a049476 --- /dev/null +++ b/changes/bug3122_memcmp @@ -0,0 +1,7 @@ + o Security fixes + - Replace all potentially sensitive memory comparison operations + with versions whose runtime does not depend on the data being + compared. This will help resist a class of attacks where an + adversary can use variations in timing information to learn + sensitive data. Fix for one case of bug 3122. (Safe memcmp + implementation by Robert Ransom based partially on code by DJB.) diff --git a/configure.in b/configure.in index 1fddaca..eead014 100644 --- a/configure.in +++ b/configure.in @@ -626,6 +626,24 @@ if test "$tor_cv_twos_complement" != no ; then [Define to 1 iff we represent negative integers with two's complement]) fi +# What does shifting a negative value do? +AC_CACHE_CHECK([whether right-shift on negative values does sign-extension], tor_cv_sign_extend, +[AC_RUN_IFELSE([AC_LANG_SOURCE( +[[int main () { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])], + [tor_cv_sign_extend=yes], + [tor_cv_sign_extend=no], + [tor_cv_sign_extend=cross])]) + +if test "$tor_cv_sign_extend" = cross ; then + # Cross-compiling; let's hope that the target isn't raving mad. + AC_MSG_NOTICE([Cross-compiling: we'll assume that right-shifting negative integers causes sign-extension]) +fi + +if test "$tor_cv_sign_extend" != no ; then + AC_DEFINE([RSHIFT_DOES_SIGN_EXTEND], 1, + [Define to 1 iff right-shifting a negative value performs sign-extension]) +fi + # Whether we should use the dmalloc memory allocation debugging library. AC_MSG_CHECKING(whether to use dmalloc (debug memory allocation library)) AC_ARG_WITH(dmalloc, diff --git a/src/common/Makefile.am b/src/common/Makefile.am index 105c413..db94a98 100644 --- a/src/common/Makefile.am +++ b/src/common/Makefile.am @@ -10,7 +10,7 @@ libor_extra_source= endif libor_a_SOURCES = address.c log.c util.c compat.c container.c mempool.c \ - memarea.c $(libor_extra_source) + memarea.c di_ops.c $(libor_extra_source) libor_crypto_a_SOURCES = crypto.c aes.c tortls.c torgzip.c -noinst_HEADERS = address.h log.h crypto.h test.h util.h compat.h aes.h torint.h tortls.h strlcpy.c strlcat.c torgzip.h container.h ht.h mempool.h memarea.h ciphers.inc +noinst_HEADERS = address.h log.h crypto.h test.h util.h compat.h aes.h torint.h tortls.h strlcpy.c strlcat.c torgzip.h container.h ht.h mempool.h memarea.h di_ops.h ciphers.inc diff --git a/src/common/di_ops.c b/src/common/di_ops.c new file mode 100644 index 0000000..c1e292f --- /dev/null +++ b/src/common/di_ops.c @@ -0,0 +1,133 @@ +/* Copyright (c) 2011, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file di_ops.c + * \brief Functions for data-independent operations + **/ + +#include "orconfig.h" +#include "di_ops.h" + +/** + * Timing-safe version of memcmp. As memcmp, compare the sz bytes + * at a with the sz bytes at , and returns less than 0 if the + * bytes at a lexically precede those at b, 0 if the byte ranges + * are equal, and greater than zero if the bytes at a lexically follow + * those at . + * + * This implementation differs from memcmp in that its timing behavior is not + * data-dependent: it should return in the same amount of time regardless of + * the contents of a and b. + */ +int +tor_memcmp(const void *a, const void *b, size_t len) +{ + const uint8_t *x = a; + const uint8_t *y = b; + size_t i = len; + int retval = 0; + + /* This loop goes from the end of the arrays to the start. At the + * start of every iteration, before we decrement i, we have set + * "retval" equal to the result of memcmp(a+i,b+i,len-i). During the + * loop, we update retval by leaving it unchanged if x[i]==y[i] and + * setting it to x[i]-y[i] if x[i]!= y[i]. + * + * The following assumes we are on a system with two's-complement + * arithmetic. We check for this at configure-time with the check + * that sets USING_TWOS_COMPLEMENT. If we aren't two's complement, then + * torint.h will stop compilation with an error. + */ + while (i--) { + int v1 = x[i]; + int v2 = y[i]; + int equal_p = v1 ^ v2; + + /* The following sets bits 8 and above of equal_p to 'equal_p == + * 0', and thus to v1 == v2. (To see this, note that if v1 == + * v2, then v1^v2 == equal_p == 0, so equal_p-1 == -1, which is the + * same as ~0 on a two's-complement machine. Then note that if + * v1 != v2, then 0 < v1 ^ v2 < 256, so 0 <= equal_p - 1 < 255.) + */ + --equal_p; + + equal_p >>= 8; + /* Thanks to (sign-preserving) arithmetic shift, equal_p is now + * equal to -(v1 == v2), which is exactly what we need below. + * (Since we're assuming two's-complement arithmetic, -1 is the + * same as ~0 (all bits set).) + * + * (The result of an arithmetic shift on a negative value is + * actually implementation-defined in standard C. So how do we + * get away with assuming it? Easy. We check.) */ +#if ((-60 >> 8) != -1) +#error "According to cpp, right-shift doesn't perform sign-extension." +#endif +#ifndef RSHIFT_DOES_SIGN_EXTEND +#error "According to configure, right-shift doesn't perform sign-extension." +#endif + + /* If v1 == v2, equal_p is ~0, so this will leave retval + * unchanged; otherwise, equal_p is 0, so this will zero it. */ + retval &= equal_p; + + /* If v1 == v2, then this adds 0, and leaves retval unchanged. + * Otherwise, we just zeroed retval, so this sets it to v1 - v2. */ + retval += (v1 - v2); + + /* There. Now retval is equal to its previous value if v1 == v2, and + * equal to v1 - v2 if v1 != v2. */ + } + + return retval; +} + +/** + * Timing-safe memory comparison. Return true if the sz bytes at + * a are the same as the sz bytes at , and 0 otherwise. + * + * This implementation differs from !memcmp(a,b,sz) in that its timing + * behavior is not data-dependent: it should return in the same amount of time + * regardless of the contents of a and b. It differs from + * !tor_memcmp(a,b,sz) by being faster. + */ +int +tor_memeq(const void *a, const void *b, size_t sz) +{ + /* Treat a and b as byte ranges. */ + const uint8_t *ba = a, *bb = b; + uint32_t any_difference = 0; + while (sz--) { + /* Set byte_diff to all of those bits that are different in *ba and *bb, + * and advance both ba and bb. */ + const uint8_t byte_diff = *ba++ ^ *bb++; + + /* Set bits in any_difference if they are set in byte_diff. */ + any_difference |= byte_diff; + } + + /* Now any_difference is 0 if there are no bits different between + * a and b, and is nonzero if there are bits different between a + * and b. Now for paranoia's sake, let's convert it to 0 or 1. + * + * (If we say "!any_difference", the compiler might get smart enough + * to optimize-out our data-independence stuff above.) + * + * To unpack: + * + * If any_difference == 0: + * any_difference - 1 == ~0 + * (any_difference - 1) >> 8 == 0x00ffffff + * 1 & ((any_difference - 1) >> 8) == 1 + * + * If any_difference != 0: + * 0 < any_difference < 256, so + * 0 < any_difference - 1 < 255 + * (any_difference - 1) >> 8 == 0 + * 1 & ((any_difference - 1) >> 8) == 0 + */ + + return 1 & ((any_difference - 1) >> 8); +} + diff --git a/src/common/di_ops.h b/src/common/di_ops.h new file mode 100644 index 0000000..1b223d9 --- /dev/null +++ b/src/common/di_ops.h @@ -0,0 +1,28 @@ +/* Copyright (c) 2003-2004, Roger Dingledine + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2011, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file di_ops.h + * \brief Headers for di_ops.c + **/ + +#ifndef TOR_DI_OPS_H +#define TOR_DI_OPS_H + +#include "orconfig.h" +#include "torint.h" + +int tor_memcmp(const void *a, const void *b, size_t sz); +int tor_memeq(const void *a, const void *b, size_t sz); +#define tor_memneq(a,b,sz) (!tor_memeq((a),(b),(sz))) + +/** Alias for the platform's memcmp() function. This function is + * not data-independent: we define this alias so that we can + * mark cases where we are deliberately using a data-dependent memcmp() + * implementation. + */ +#define fast_memcmp(a,b,c) (memcmp((a),(b),(c))) + +#endif diff --git a/src/or/test.c b/src/or/test.c index b08f202..dc71db4 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -43,6 +43,7 @@ const char tor_svn_revision[] = ""; #include "torgzip.h" #include "mempool.h" #include "memarea.h" +#include "di_ops.h" #ifdef USE_DMALLOC #include <dmalloc.h> @@ -1331,6 +1332,59 @@ test_util(void) ; } +static void +test_util_di_ops(void) +{ +#define LT -1 +#define GT 1 +#define EQ 0 + const struct { + const char *a; int want_sign; const char *b; + } examples[] = { + { "Foo", EQ, "Foo" }, + { "foo", GT, "bar", }, + { "foobar", EQ ,"foobar" }, + { "foobar", LT, "foobaw" }, + { "foobar", GT, "f00bar" }, + { "foobar", GT, "boobar" }, + { "", EQ, "" }, + { NULL, 0, NULL }, + }; + + int i; + + for (i = 0; examples[i].a; ++i) { + size_t len = strlen(examples[i].a); + int eq1, eq2, neq1, neq2, cmp1, cmp2; + test_eq(len, strlen(examples[i].b)); + /* We do all of the operations, with operands in both orders. */ + eq1 = tor_memeq(examples[i].a, examples[i].b, len); + eq2 = tor_memeq(examples[i].b, examples[i].a, len); + neq1 = tor_memneq(examples[i].a, examples[i].b, len); + neq2 = tor_memneq(examples[i].b, examples[i].a, len); + cmp1 = tor_memcmp(examples[i].a, examples[i].b, len); + cmp2 = tor_memcmp(examples[i].b, examples[i].a, len); + + /* Check for correctness of cmp1 */ + if (cmp1 < 0 && examples[i].want_sign != LT) + test_fail(); + else if (cmp1 > 0 && examples[i].want_sign != GT) + test_fail(); + else if (cmp1 == 0 && examples[i].want_sign != EQ) + test_fail(); + + /* Check for consistency of everything else with cmp1 */ + test_eq(eq1, eq2); + test_eq(neq1, neq2); + test_eq(cmp1, -cmp2); + test_eq(eq1, cmp1 == 0); + test_eq(neq1, !eq1); + } + + done: + ; +} + /** Helper: assert that IPv6 addresses a and b are the same. On * failure, reports an error, describing the addresses as e1 and * e2, and reporting the line number as line. */ @@ -4753,6 +4807,7 @@ static struct { SUBENT(crypto, aes_iv), SUBENT(crypto, base32_decode), ENT(util), + SUBENT(util, di_ops), SUBENT(util, ip6_helpers), SUBENT(util, gzip), SUBENT(util, datadir),

1 0

[tor/master] Add a "di_ops.h" include to util.h
by nickm＠torproject.org 12 May '11

12 May '11

commit 1d703ed22b249567c2df31db9035a4dda66483ca Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue May 10 16:19:58 2011 -0400 Add a "di_ops.h" include to util.h --- src/common/util.h | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/common/util.h b/src/common/util.h index fcea9c5..7bc5286 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -14,6 +14,7 @@ #include "orconfig.h" #include "torint.h" #include "compat.h" +#include "di_ops.h" #include <stdio.h> #include <stdlib.h>

1 0

[tor/maint-0.2.2] Hand-tune the new tor_memcmp instances in 0.2.2
by nickm＠torproject.org 12 May '11

12 May '11

commit 8fb38331c3213caef2d2e003e02cdb361504f14f Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed May 11 16:32:30 2011 -0400 Hand-tune the new tor_memcmp instances in 0.2.2 --- src/or/dirserv.c | 2 +- src/or/dirvote.c | 4 ++-- src/or/eventdns.c | 2 +- src/or/microdesc.c | 2 +- src/or/routerlist.c | 2 +- src/or/routerparse.c | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 1fd0cd2..eadc2d7 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2087,7 +2087,7 @@ routerstatus_format_entry(char *buf, size_t buf_len, /* This assert can fire for the control port, because * it can request NS documents before all descriptors * have been fetched. */ - if (tor_memcmp(desc->cache_info.signed_descriptor_digest, + if (tor_memneq(desc->cache_info.signed_descriptor_digest, rs->descriptor_digest, DIGEST_LEN)) { char rl_d[HEX_DIGEST_LEN+1]; diff --git a/src/or/dirvote.c b/src/or/dirvote.c index a017cfb..dd156bd 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -2211,7 +2211,7 @@ networkstatus_add_detached_signatures(networkstatus_t *target, } for (alg = DIGEST_SHA1; alg < N_DIGEST_ALGORITHMS; ++alg) { if (!tor_mem_is_zero(digests->d[alg], DIGEST256_LEN)) { - if (tor_memeq(target->digests.d[alg], digests->d[alg], DIGEST256_LEN)) { + if (fast_memeq(target->digests.d[alg], digests->d[alg], DIGEST256_LEN)) { ++n_matches; } else { *msg_out = "Mismatched digest."; @@ -3615,7 +3615,7 @@ vote_routerstatus_find_microdesc_hash(char *digest256_out, * the first part. */ while (1) { num_len = strspn(cp, "1234567890"); - if (num_len == mlen && tor_memeq(mstr, cp, mlen)) { + if (num_len == mlen && fast_memeq(mstr, cp, mlen)) { /* This is the line. */ char buf[BASE64_DIGEST256_LEN+1]; /* XXXX ignores extraneous stuff if the digest is too long. This diff --git a/src/or/eventdns.c b/src/or/eventdns.c index 33238b2..fc005df 100644 --- a/src/or/eventdns.c +++ b/src/or/eventdns.c @@ -2253,7 +2253,7 @@ sockaddr_is_loopback(const struct sockaddr *addr) return (ntohl(sin->sin_addr.s_addr) & 0xff000000) == 0x7f000000; } else if (addr->sa_family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr; - return tor_memeq(sin6->sin6_addr.s6_addr, LOOPBACK_S6, 16); + return fast_memeq(sin6->sin6_addr.s6_addr, LOOPBACK_S6, 16); } return 0; } diff --git a/src/or/microdesc.c b/src/or/microdesc.c index 139f2f8..b87e0d9 100644 --- a/src/or/microdesc.c +++ b/src/or/microdesc.c @@ -414,7 +414,7 @@ microdesc_cache_rebuild(microdesc_cache_t *cache, int force) SMARTLIST_FOREACH_BEGIN(wrote, microdesc_t *, md) { tor_assert(md->saved_location == SAVED_IN_CACHE); md->body = (char*)cache->cache_content->data + md->off; - tor_assert(tor_memeq(md->body, "onion-key", 9)); + tor_assert(fast_memeq(md->body, "onion-key", 9)); } SMARTLIST_FOREACH_END(md); smartlist_free(wrote); diff --git a/src/or/routerlist.c b/src/or/routerlist.c index c54025b..6c649ab 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -3105,7 +3105,7 @@ routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old, sdmap_remove(rl->desc_digest_map, ri_old->cache_info.signed_descriptor_digest); - if (tor_memcmp(ri_old->cache_info.extra_info_digest, + if (tor_memneq(ri_old->cache_info.extra_info_digest, ri_new->cache_info.extra_info_digest, DIGEST_LEN)) { ei_tmp = eimap_remove(rl->extra_info_map, ri_old->cache_info.extra_info_digest); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 12d1dfe..389f22f 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -4538,7 +4538,7 @@ tor_version_compare(tor_version_t *a, tor_version_t *b) else if ((i = a->git_tag_len - b->git_tag_len)) return i; else if (a->git_tag_len) - return tor_memcmp(a->git_tag, b->git_tag, a->git_tag_len); + return fast_memcmp(a->git_tag, b->git_tag, a->git_tag_len); else return 0; }

1 0

[tor/maint-0.2.2] Re-apply the automated conversion to 0.2.2 to make handle any memcmps that snuck in
by nickm＠torproject.org 12 May '11

12 May '11

commit 0cbcbc3412b667537b6ec54da0a4c9173a19d6de Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed May 11 16:27:27 2011 -0400 Re-apply the automated conversion to 0.2.2 to make handle any memcmps that snuck in --- src/common/container.c | 2 +- src/or/connection_or.c | 2 +- src/or/dirserv.c | 4 ++-- src/or/dirvote.c | 4 ++-- src/or/eventdns.c | 2 +- src/or/microdesc.c | 4 ++-- src/or/networkstatus.c | 2 +- src/or/routerlist.c | 4 ++-- src/or/routerparse.c | 6 +++--- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/common/container.c b/src/common/container.c index 5476c60..09d4bb1 100644 --- a/src/common/container.c +++ b/src/common/container.c @@ -824,7 +824,7 @@ smartlist_uniq_digests(smartlist_t *sl) static int _compare_digests256(const void **_a, const void **_b) { - return memcmp((const char*)*_a, (const char*)*_b, DIGEST256_LEN); + return tor_memcmp((const char*)*_a, (const char*)*_b, DIGEST256_LEN); } /** Sort the list of DIGEST256_LEN-byte digests into ascending order. */ diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 4ce08af..ed174c9 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -748,7 +748,7 @@ connection_or_set_bad_connections(const char *digest, int force) return; DIGESTMAP_FOREACH(orconn_identity_map, identity, or_connection_t *, conn) { - if (!digest || !memcmp(digest, conn->identity_digest, DIGEST_LEN)) + if (!digest || tor_memeq(digest, conn->identity_digest, DIGEST_LEN)) connection_or_group_set_badness(conn, force); } DIGESTMAP_FOREACH_END; } diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 1f4489a..1fd0cd2 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2087,7 +2087,7 @@ routerstatus_format_entry(char *buf, size_t buf_len, /* This assert can fire for the control port, because * it can request NS documents before all descriptors * have been fetched. */ - if (memcmp(desc->cache_info.signed_descriptor_digest, + if (tor_memcmp(desc->cache_info.signed_descriptor_digest, rs->descriptor_digest, DIGEST_LEN)) { char rl_d[HEX_DIGEST_LEN+1]; @@ -2103,7 +2103,7 @@ routerstatus_format_entry(char *buf, size_t buf_len, "(router %s)\n", rl_d, rs_d, id); - tor_assert(!memcmp(desc->cache_info.signed_descriptor_digest, + tor_assert(tor_memeq(desc->cache_info.signed_descriptor_digest, rs->descriptor_digest, DIGEST_LEN)); }; diff --git a/src/or/dirvote.c b/src/or/dirvote.c index a95cea4..a017cfb 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -2211,7 +2211,7 @@ networkstatus_add_detached_signatures(networkstatus_t *target, } for (alg = DIGEST_SHA1; alg < N_DIGEST_ALGORITHMS; ++alg) { if (!tor_mem_is_zero(digests->d[alg], DIGEST256_LEN)) { - if (!memcmp(target->digests.d[alg], digests->d[alg], DIGEST256_LEN)) { + if (tor_memeq(target->digests.d[alg], digests->d[alg], DIGEST256_LEN)) { ++n_matches; } else { *msg_out = "Mismatched digest."; @@ -3615,7 +3615,7 @@ vote_routerstatus_find_microdesc_hash(char *digest256_out, * the first part. */ while (1) { num_len = strspn(cp, "1234567890"); - if (num_len == mlen && !memcmp(mstr, cp, mlen)) { + if (num_len == mlen && tor_memeq(mstr, cp, mlen)) { /* This is the line. */ char buf[BASE64_DIGEST256_LEN+1]; /* XXXX ignores extraneous stuff if the digest is too long. This diff --git a/src/or/eventdns.c b/src/or/eventdns.c index 9e3b426..33238b2 100644 --- a/src/or/eventdns.c +++ b/src/or/eventdns.c @@ -2253,7 +2253,7 @@ sockaddr_is_loopback(const struct sockaddr *addr) return (ntohl(sin->sin_addr.s_addr) & 0xff000000) == 0x7f000000; } else if (addr->sa_family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr; - return !memcmp(sin6->sin6_addr.s6_addr, LOOPBACK_S6, 16); + return tor_memeq(sin6->sin6_addr.s6_addr, LOOPBACK_S6, 16); } return 0; } diff --git a/src/or/microdesc.c b/src/or/microdesc.c index 5740c40..139f2f8 100644 --- a/src/or/microdesc.c +++ b/src/or/microdesc.c @@ -48,7 +48,7 @@ _microdesc_hash(microdesc_t *md) static INLINE int _microdesc_eq(microdesc_t *a, microdesc_t *b) { - return !memcmp(a->digest, b->digest, DIGEST256_LEN); + return tor_memeq(a->digest, b->digest, DIGEST256_LEN); } HT_PROTOTYPE(microdesc_map, microdesc_t, node, @@ -414,7 +414,7 @@ microdesc_cache_rebuild(microdesc_cache_t *cache, int force) SMARTLIST_FOREACH_BEGIN(wrote, microdesc_t *, md) { tor_assert(md->saved_location == SAVED_IN_CACHE); md->body = (char*)cache->cache_content->data + md->off; - tor_assert(!memcmp(md->body, "onion-key", 9)); + tor_assert(tor_memeq(md->body, "onion-key", 9)); } SMARTLIST_FOREACH_END(md); smartlist_free(wrote); diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index ff20566..1aa4e4a 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -494,7 +494,7 @@ networkstatus_check_consensus_signature(networkstatus_t *consensus, authority_cert_t *cert = authority_cert_get_by_digests(sig->identity_digest, sig->signing_key_digest); - tor_assert(!memcmp(sig->identity_digest, voter->identity_digest, + tor_assert(tor_memeq(sig->identity_digest, voter->identity_digest, DIGEST_LEN)); if (!is_v3_auth) { diff --git a/src/or/routerlist.c b/src/or/routerlist.c index b0909eb..c54025b 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -3083,7 +3083,7 @@ routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old, &ri_new->cache_info); } - same_descriptors = ! memcmp(ri_old->cache_info.signed_descriptor_digest, + same_descriptors = tor_memeq(ri_old->cache_info.signed_descriptor_digest, ri_new->cache_info.signed_descriptor_digest, DIGEST_LEN); @@ -3105,7 +3105,7 @@ routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old, sdmap_remove(rl->desc_digest_map, ri_old->cache_info.signed_descriptor_digest); - if (memcmp(ri_old->cache_info.extra_info_digest, + if (tor_memcmp(ri_old->cache_info.extra_info_digest, ri_new->cache_info.extra_info_digest, DIGEST_LEN)) { ei_tmp = eimap_remove(rl->extra_info_map, ri_old->cache_info.extra_info_digest); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 3b669ad..12d1dfe 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -3499,8 +3499,8 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos) is_duplicate = 0; SMARTLIST_FOREACH(siglist, document_signature_t *, s, { if (s->alg == alg && - !memcmp(id_digest, s->identity_digest, DIGEST_LEN) && - !memcmp(sk_digest, s->signing_key_digest, DIGEST_LEN)) { + tor_memeq(id_digest, s->identity_digest, DIGEST_LEN) && + tor_memeq(sk_digest, s->signing_key_digest, DIGEST_LEN)) { is_duplicate = 1; } }); @@ -4538,7 +4538,7 @@ tor_version_compare(tor_version_t *a, tor_version_t *b) else if ((i = a->git_tag_len - b->git_tag_len)) return i; else if (a->git_tag_len) - return memcmp(a->git_tag, b->git_tag, a->git_tag_len); + return tor_memcmp(a->git_tag, b->git_tag, a->git_tag_len); else return 0; }

1 0

[tor/maint-0.2.2] Merge remote-tracking branch 'public/bug3122_memcmp_squashed' into maint-0.2.1
by nickm＠torproject.org 12 May '11

12 May '11

1 0

[tor/maint-0.2.2] Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
by nickm＠torproject.org 12 May '11

12 May '11

commit 98870f2eada31ee7efca62ab7adf98cb843e2937 Merge: 59a6df8 1f67827 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu May 12 19:25:21 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2

1 0

[tor/maint-0.2.2] Merge remote-tracking branch 'public/bug3122_memcmp_022' into maint-0.2.2
by nickm＠torproject.org 12 May '11

12 May '11

1 0

[tor/maint-0.2.2] Hand-conversion and audit phase of memcmp transition
by nickm＠torproject.org 12 May '11

12 May '11

commit 59f9097d5c3dc010847c359888d31757d1c97904 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue May 10 16:58:38 2011 -0400 Hand-conversion and audit phase of memcmp transition Here I looked at the results of the automated conversion and cleaned them up as follows: If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I changed it to a fast_memcmp or fast_memeq. Otherwise if there was a tor_memcmp that could turn into a tor_memneq or tor_memeq, I converted it. This wants close attention. [*] I'm erring on the side of caution here, and leaving some things as tor_memcmp that could in my opinion use the data-dependent fast_memcmp variant. --- src/common/compat.c | 4 +++- src/common/container.c | 2 +- src/common/crypto.c | 2 +- src/common/di_ops.h | 2 ++ src/common/torgzip.c | 2 +- src/common/util.c | 21 +++++++++++++-------- src/common/util.h | 4 ++-- src/or/circuitbuild.c | 2 +- src/or/circuitlist.c | 2 +- src/or/circuituse.c | 2 +- src/or/connection_edge.c | 4 ++-- src/or/connection_or.c | 2 +- src/or/control.c | 8 ++++---- src/or/directory.c | 12 ++++++------ src/or/dirserv.c | 12 ++++++------ src/or/dirvote.c | 38 +++++++++++++++++++------------------- src/or/eventdns.c | 2 +- src/or/networkstatus.c | 8 ++++---- src/or/onion.c | 4 ++-- src/or/relay.c | 2 +- src/or/rendclient.c | 2 +- src/or/rendmid.c | 2 +- src/or/rendservice.c | 4 ++-- src/or/rephist.c | 4 ++-- src/or/router.c | 2 +- src/or/routerlist.c | 18 +++++++++--------- src/or/routerparse.c | 23 ++++++++++++----------- 27 files changed, 100 insertions(+), 90 deletions(-) diff --git a/src/common/compat.c b/src/common/compat.c index ea46d43..3965108 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -312,6 +312,8 @@ tor_vsnprintf(char *str, size_t size, const char *format, va_list args) * needle, return a pointer to the first occurrence of the needle * within the haystack, or NULL if there is no such occurrence. * + * This function is not timing-safe. + * * Requires that nlen be greater than zero. */ const void * @@ -336,7 +338,7 @@ tor_memmem(const void *_haystack, size_t hlen, while ((p = memchr(p, first, end-p))) { if (p+nlen > end) return NULL; - if (tor_memeq(p, needle, nlen)) + if (fast_memeq(p, needle, nlen)) return p; ++p; } diff --git a/src/common/container.c b/src/common/container.c index d1d5ce3..c741eb0 100644 --- a/src/common/container.c +++ b/src/common/container.c @@ -223,7 +223,7 @@ smartlist_digest_isin(const smartlist_t *sl, const char *element) int i; if (!sl) return 0; for (i=0; i < sl->num_used; i++) - if (tor_memcmp((const char*)sl->list[i],element,DIGEST_LEN)==0) + if (tor_memeq((const char*)sl->list[i],element,DIGEST_LEN)) return 1; return 0; } diff --git a/src/common/crypto.c b/src/common/crypto.c index 9269428..f3268fe 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -845,7 +845,7 @@ crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data, tor_free(buf); return -1; } - if (tor_memcmp(buf, digest, DIGEST_LEN)) { + if (tor_memneq(buf, digest, DIGEST_LEN)) { log_warn(LD_CRYPTO, "Signature mismatched with digest."); tor_free(buf); return -1; diff --git a/src/common/di_ops.h b/src/common/di_ops.h index 1b223d9..4a212b0 100644 --- a/src/common/di_ops.h +++ b/src/common/di_ops.h @@ -24,5 +24,7 @@ int tor_memeq(const void *a, const void *b, size_t sz); * implementation. */ #define fast_memcmp(a,b,c) (memcmp((a),(b),(c))) +#define fast_memeq(a,b,c) (0==memcmp((a),(b),(c))) +#define fast_memneq(a,b,c) (0!=memcmp((a),(b),(c))) #endif diff --git a/src/common/torgzip.c b/src/common/torgzip.c index 51b29ba..f5709aa 100644 --- a/src/common/torgzip.c +++ b/src/common/torgzip.c @@ -356,7 +356,7 @@ tor_gzip_uncompress(char **out, size_t *out_len, compress_method_t detect_compression_method(const char *in, size_t in_len) { - if (in_len > 2 && tor_memeq(in, "\x1f\x8b", 2)) { + if (in_len > 2 && fast_memeq(in, "\x1f\x8b", 2)) { return GZIP_METHOD; } else if (in_len > 2 && (in[0] & 0x0f) == 8 && (ntohs(get_uint16(in)) % 31) == 0) { diff --git a/src/common/util.c b/src/common/util.c index cb2cfed..879a0e4 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -459,7 +459,7 @@ strcmp_len(const char *s1, const char *s2, size_t s1_len) return -1; if (s1_len > s2_len) return 1; - return tor_memcmp(s1, s2, s2_len); + return fast_memcmp(s1, s2, s2_len); } /** Compares the first strlen(s2) characters of s1 with s2. Returns as for @@ -501,17 +501,17 @@ strcasecmpend(const char *s1, const char *s2) /** Compare the value of the string prefix with the start of the * memlen-byte memory chunk at mem. Return as for strcmp. * - * [As tor_memcmp(mem, prefix, strlen(prefix)) but returns -1 if memlen is less - * than strlen(prefix).] + * [As fast_memcmp(mem, prefix, strlen(prefix)) but returns -1 if memlen is + * less than strlen(prefix).] */ int -memcmpstart(const void *mem, size_t memlen, +fast_memcmpstart(const void *mem, size_t memlen, const char *prefix) { size_t plen = strlen(prefix); if (memlen < plen) return -1; - return tor_memcmp(mem, prefix, plen); + return fast_memcmp(mem, prefix, plen); } /** Return a pointer to the first char of s that is not whitespace and @@ -644,14 +644,16 @@ tor_mem_is_zero(const char *mem, size_t len) 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, }; while (len >= sizeof(ZERO)) { - if (tor_memcmp(mem, ZERO, sizeof(ZERO))) + /* It's safe to use fast_memcmp here, since the very worst thing an + * attacker could learn is how many initial bytes of a secret were zero */ + if (fast_memcmp(mem, ZERO, sizeof(ZERO))) return 0; len -= sizeof(ZERO); mem += sizeof(ZERO); } /* Deal with leftover bytes. */ if (len) - return tor_memeq(mem, ZERO, len); + return fast_memeq(mem, ZERO, len); return 1; } @@ -660,7 +662,10 @@ tor_mem_is_zero(const char *mem, size_t len) int tor_digest_is_zero(const char *digest) { - return tor_mem_is_zero(digest, DIGEST_LEN); + static const uint8_t ZERO_DIGEST[] = { + 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 + }; + return tor_memeq(digest, ZERO_DIGEST, DIGEST_LEN); } /* Helper: common code to check whether the result of a strtol or strtoul or diff --git a/src/common/util.h b/src/common/util.h index 7bc5286..1012a11 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -172,8 +172,8 @@ int strcasecmpstart(const char *s1, const char *s2) int strcmpend(const char *s1, const char *s2) ATTR_PURE ATTR_NONNULL((1,2)); int strcasecmpend(const char *s1, const char *s2) ATTR_PURE ATTR_NONNULL((1,2)); -int memcmpstart(const void *mem, size_t memlen, - const char *prefix) ATTR_PURE; +int fast_memcmpstart(const void *mem, size_t memlen, + const char *prefix) ATTR_PURE; void tor_strstrip(char *s, const char *strip) ATTR_NONNULL((1,2)); long tor_parse_long(const char *s, int base, long min, diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 8527bea..208a9cb 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -430,7 +430,7 @@ circuit_n_conn_done(or_connection_t *or_conn, int status) continue; } else { /* We expected a key. See if it's the right one. */ - if (tor_memcmp(or_conn->identity_digest, + if (tor_memneq(or_conn->identity_digest, circ->n_hop->identity_digest, DIGEST_LEN)) continue; } diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 686524d..9cf331e 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -241,7 +241,7 @@ circuit_get_all_pending_on_or_conn(smartlist_t *out, or_connection_t *or_conn) continue; } else { /* We expected a key. See if it's the right one. */ - if (tor_memcmp(or_conn->identity_digest, + if (tor_memneq(or_conn->identity_digest, circ->n_hop->identity_digest, DIGEST_LEN)) continue; } diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 8568488..41c1899 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -94,7 +94,7 @@ circuit_is_acceptable(circuit_t *circ, edge_connection_t *conn, char digest[DIGEST_LEN]; if (hexdigest_to_digest(conn->chosen_exit_name, digest) < 0) return 0; /* broken digest, we don't want it */ - if (tor_memcmp(digest, build_state->chosen_exit->identity_digest, + if (tor_memneq(digest, build_state->chosen_exit->identity_digest, DIGEST_LEN)) return 0; /* this is a circuit to somewhere else */ if (tor_digest_is_zero(digest)) { diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 31abf6a..0ec2002 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -530,7 +530,7 @@ connection_ap_fail_onehop(const char *failed_digest, if (!edge_conn->want_onehop) continue; if (hexdigest_to_digest(edge_conn->chosen_exit_name, digest) < 0 || - tor_memcmp(digest, failed_digest, DIGEST_LEN)) + tor_memneq(digest, failed_digest, DIGEST_LEN)) continue; if (tor_digest_is_zero(digest)) { /* we don't know the digest; have to compare addr:port */ @@ -2904,7 +2904,7 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) if (conn->chosen_exit_name) { routerinfo_t *chosen_exit = router_get_by_nickname(conn->chosen_exit_name, 1); - if (!chosen_exit || tor_memcmp(chosen_exit->cache_info.identity_digest, + if (!chosen_exit || tor_memneq(chosen_exit->cache_info.identity_digest, exit->cache_info.identity_digest, DIGEST_LEN)) { /* doesn't match */ // log_debug(LD_APP,"Requested node '%s', considering node '%s'. No.", diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 759657a..d402563 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1024,7 +1024,7 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn, int as_advertised = 1; tor_assert(has_cert); tor_assert(has_identity); - if (tor_memcmp(digest_rcvd_out, conn->identity_digest, DIGEST_LEN)) { + if (tor_memneq(digest_rcvd_out, conn->identity_digest, DIGEST_LEN)) { /* I was aiming for a particular digest. I didn't get it! */ char seen[HEX_DIGEST_LEN+1]; char expected[HEX_DIGEST_LEN+1]; diff --git a/src/or/control.c b/src/or/control.c index d47f35b..f91afaf 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -346,7 +346,7 @@ write_escaped_data(const char *data, size_t len, char **out) } *outp++ = *data++; } - if (outp < *out+2 || tor_memcmp(outp-2, "\r\n", 2)) { + if (outp < *out+2 || fast_memcmp(outp-2, "\r\n", 2)) { *outp++ = '\r'; *outp++ = '\n'; } @@ -512,7 +512,7 @@ connection_printf_to_buf(control_connection_t *conn, const char *format, ...) return; } len = strlen(buf); - if (tor_memcmp("\r\n\0", buf+len-2, 3)) { + if (fast_memcmp("\r\n\0", buf+len-2, 3)) { buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-1] = '\0'; buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-2] = '\n'; buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-3] = '\r'; @@ -611,7 +611,7 @@ send_control_event_impl(uint16_t event, event_format_t which, int extended, } len = strlen(buf); - if (tor_memcmp("\r\n\0", buf+len-2, 3)) { + if (fast_memcmp("\r\n\0", buf+len-2, 3)) { /* if it is not properly terminated, do it now */ buf[SEND_CONTROL1_EVENT_BUFFERSIZE-1] = '\0'; buf[SEND_CONTROL1_EVENT_BUFFERSIZE-2] = '\n'; @@ -1128,7 +1128,7 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len, goto err; } bad_cookie = 1; - } else if (tor_memcmp(authentication_cookie, password, password_len)) { + } else if (tor_memneq(authentication_cookie, password, password_len)) { if (!also_password) { log_warn(LD_CONTROL, "Got mismatched authentication cookie"); errstr = "Authentication cookie did not match expected value."; diff --git a/src/or/directory.c b/src/or/directory.c index bc146c7..01f3375 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -2358,7 +2358,7 @@ client_likes_consensus(networkstatus_t *v, const char *want_url) SMARTLIST_FOREACH(v->voters, networkstatus_voter_info_t *, vi, { if (vi->signature && - tor_memeq(vi->identity_digest, want_digest, want_len)) { + fast_memeq(vi->identity_digest, want_digest, want_len)) { have++; break; }; @@ -3451,17 +3451,17 @@ dir_routerdesc_download_failed(smartlist_t *failed, int status_code, * every 10 or 60 seconds (FOO_DESCRIPTOR_RETRY_INTERVAL) in main.c. */ } -/** Helper. Compare two fp_pair_t objects, and return -1, 0, or 1 as - * appropriate. */ +/** Helper. Compare two fp_pair_t objects, and return negative, 0, or + * positive as appropriate. */ static int _compare_pairs(const void **a, const void **b) { const fp_pair_t *fp1 = *a, *fp2 = *b; int r; - if ((r = tor_memcmp(fp1->first, fp2->first, DIGEST_LEN))) + if ((r = fast_memcmp(fp1->first, fp2->first, DIGEST_LEN))) return r; else - return tor_memcmp(fp1->second, fp2->second, DIGEST_LEN); + return fast_memcmp(fp1->second, fp2->second, DIGEST_LEN); } /** Divide a string res of the form FP1-FP2+FP3-FP4...[.z], where each @@ -3577,7 +3577,7 @@ dir_split_resource_into_fingerprints(const char *resource, char *cp = smartlist_get(fp_tmp, i); char *last = smartlist_get(fp_tmp2, smartlist_len(fp_tmp2)-1); - if ((decode_hex && tor_memcmp(cp, last, DIGEST_LEN)) + if ((decode_hex && fast_memcmp(cp, last, DIGEST_LEN)) || (!decode_hex && strcasecmp(cp, last))) smartlist_add(fp_tmp2, cp); else diff --git a/src/or/dirserv.c b/src/or/dirserv.c index efb169b..e367cb1 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1991,7 +1991,7 @@ routerstatus_format_entry(char *buf, size_t buf_len, id, dd); return -1; }; - if (tor_memcmp(desc->cache_info.signed_descriptor_digest, + if (fast_memcmp(desc->cache_info.signed_descriptor_digest, rs->descriptor_digest, DIGEST_LEN)) { char rl_d[HEX_DIGEST_LEN+1]; @@ -2007,7 +2007,7 @@ routerstatus_format_entry(char *buf, size_t buf_len, "(router %s)\n", rl_d, rs_d, id); - tor_assert(tor_memeq(desc->cache_info.signed_descriptor_digest, + tor_assert(fast_memeq(desc->cache_info.signed_descriptor_digest, rs->descriptor_digest, DIGEST_LEN)); }; @@ -2083,9 +2083,9 @@ _compare_routerinfo_by_ip_and_bw(const void **a, const void **b) /* They're equal! Compare by identity digest, so there's a * deterministic order and we avoid flapping. */ - return tor_memcmp(first->cache_info.identity_digest, - second->cache_info.identity_digest, - DIGEST_LEN); + return fast_memcmp(first->cache_info.identity_digest, + second->cache_info.identity_digest, + DIGEST_LEN); } /** Given a list of routerinfo_t in routers, return a new digestmap_t @@ -2844,7 +2844,7 @@ dirserv_orconn_tls_done(const char *address, SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, { if (!strcasecmp(address, ri->address) && or_port == ri->or_port && as_advertised && - tor_memeq(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN)) { + fast_memeq(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN)) { /* correct digest. mark this router reachable! */ if (!bridge_auth || ri->purpose == ROUTER_PURPOSE_BRIDGE) { log_info(LD_DIRSERV, "Found router %s to be reachable. Yay.", diff --git a/src/or/dirvote.c b/src/or/dirvote.c index c0cb130..9e763bd 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -231,7 +231,7 @@ static int _compare_votes_by_authority_id(const void **_a, const void **_b) { const networkstatus_t *a = *_a, *b = *_b; - return tor_memcmp(get_voter(a)->identity_digest, + return fast_memcmp(get_voter(a)->identity_digest, get_voter(b)->identity_digest, DIGEST_LEN); } @@ -248,7 +248,7 @@ _compare_dir_src_ents_by_authority_id(const void **_a, const void **_b) a_id = a->is_legacy ? a_v->legacy_id_digest : a_v->identity_digest; b_id = b->is_legacy ? b_v->legacy_id_digest : b_v->identity_digest; - return tor_memcmp(a_id, b_id, DIGEST_LEN); + return fast_memcmp(a_id, b_id, DIGEST_LEN); } /** Given a sorted list of strings in, add every member to out @@ -311,10 +311,10 @@ static int compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b) { int r; - if ((r = tor_memcmp(a->status.identity_digest, b->status.identity_digest, + if ((r = fast_memcmp(a->status.identity_digest, b->status.identity_digest, DIGEST_LEN))) return r; - if ((r = tor_memcmp(a->status.descriptor_digest, b->status.descriptor_digest, + if ((r = fast_memcmp(a->status.descriptor_digest, b->status.descriptor_digest, DIGEST_LEN))) return r; if ((r = (int)(b->status.published_on - a->status.published_on))) @@ -768,7 +768,7 @@ networkstatus_compute_consensus(smartlist_t *votes, strmap_set_lc(name_to_id_map, rs->status.nickname, rs->status.identity_digest); } else if (d != conflict && - tor_memcmp(d, rs->status.identity_digest, DIGEST_LEN)) { + fast_memcmp(d, rs->status.identity_digest, DIGEST_LEN)) { /* Authorities disagree about this nickname. */ strmap_set_lc(name_to_id_map, rs->status.nickname, conflict); } else { @@ -792,7 +792,7 @@ networkstatus_compute_consensus(smartlist_t *votes, } else if (!d) { /* We have no name officially mapped to this digest. */ strmap_set_lc(name_to_id_map, rs->status.nickname, unknown); - } else if (tor_memeq(d, rs->status.identity_digest, DIGEST_LEN)) { + } else if (fast_memeq(d, rs->status.identity_digest, DIGEST_LEN)) { /* Authorities disagree about this nickname. */ strmap_set_lc(name_to_id_map, rs->status.nickname, conflict); } else { @@ -823,7 +823,7 @@ networkstatus_compute_consensus(smartlist_t *votes, if (index[v_sl_idx] < size[v_sl_idx]) { rs = smartlist_get(v->routerstatus_list, index[v_sl_idx]); if (!lowest_id || - tor_memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN) < 0) + fast_memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN) < 0) lowest_id = rs->status.identity_digest; } }); @@ -841,7 +841,7 @@ networkstatus_compute_consensus(smartlist_t *votes, if (index[v_sl_idx] >= size[v_sl_idx]) continue; /* out of entries. */ rs = smartlist_get(v->routerstatus_list, index[v_sl_idx]); - if (tor_memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN)) + if (fast_memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN)) continue; /* doesn't include this router. */ /* At this point, we know that we're looking at a routerstatus with * identity "lowest". @@ -881,7 +881,7 @@ networkstatus_compute_consensus(smartlist_t *votes, * routerinfo and its contents are. */ rs = compute_routerstatus_consensus(matching_descs); /* Copy bits of that into rs_out. */ - tor_assert(tor_memeq(lowest_id, rs->status.identity_digest, DIGEST_LEN)); + tor_assert(fast_memeq(lowest_id, rs->status.identity_digest, DIGEST_LEN)); memcpy(rs_out.identity_digest, lowest_id, DIGEST_LEN); memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest, DIGEST_LEN); @@ -905,7 +905,7 @@ networkstatus_compute_consensus(smartlist_t *votes, const char *d = strmap_get_lc(name_to_id_map, rs_out.nickname); if (!d) { is_named = is_unnamed = 0; - } else if (tor_memeq(d, lowest_id, DIGEST_LEN)) { + } else if (fast_memeq(d, lowest_id, DIGEST_LEN)) { is_named = 1; is_unnamed = 0; } else { is_named = 0; is_unnamed = 1; @@ -972,11 +972,11 @@ networkstatus_compute_consensus(smartlist_t *votes, SMARTLIST_FOREACH(matching_descs, vote_routerstatus_t *, vsr, { /* Check if the vote where this status comes from had the * proper descriptor */ - tor_assert(tor_memeq(rs_out.identity_digest, + tor_assert(fast_memeq(rs_out.identity_digest, vsr->status.identity_digest, DIGEST_LEN)); if (vsr->status.has_exitsummary && - tor_memeq(rs_out.descriptor_digest, + fast_memeq(rs_out.descriptor_digest, vsr->status.descriptor_digest, DIGEST_LEN)) { tor_assert(vsr->status.exitsummary); @@ -1192,7 +1192,7 @@ networkstatus_add_detached_signatures(networkstatus_t *target, return -1; } /* Are they the same consensus? */ - if (tor_memcmp(target->networkstatus_digest, sigs->networkstatus_digest, + if (fast_memcmp(target->networkstatus_digest, sigs->networkstatus_digest, DIGEST_LEN)) { *msg_out = "Digest mismatch when adding detached signatures to consensus"; return -1; @@ -1799,11 +1799,11 @@ dirvote_add_vote(const char *vote_body, const char **msg_out, int *status_out) /* Now see whether we already have a vote from this authority. */ SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v, { - if (tor_memeq(v->vote->cert->cache_info.identity_digest, + if (fast_memeq(v->vote->cert->cache_info.identity_digest, vote->cert->cache_info.identity_digest, DIGEST_LEN)) { networkstatus_voter_info_t *vi_old = get_voter(v->vote); - if (tor_memeq(vi_old->vote_digest, vi->vote_digest, DIGEST_LEN)) { + if (fast_memeq(vi_old->vote_digest, vi->vote_digest, DIGEST_LEN)) { /* Ah, it's the same vote. Not a problem. */ log_info(LD_DIR, "Discarding a vote we already have."); if (*status_out < 200) @@ -2218,23 +2218,23 @@ dirvote_get_vote(const char *fp, int flags) if (by_id) { if (pending_vote_list && include_pending) { SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, pv, - if (tor_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN)) + if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN)) return pv->vote_body); } if (previous_vote_list && include_previous) { SMARTLIST_FOREACH(previous_vote_list, pending_vote_t *, pv, - if (tor_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN)) + if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN)) return pv->vote_body); } } else { if (pending_vote_list && include_pending) { SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, pv, - if (tor_memeq(pv->vote->networkstatus_digest, fp, DIGEST_LEN)) + if (fast_memeq(pv->vote->networkstatus_digest, fp, DIGEST_LEN)) return pv->vote_body); } if (previous_vote_list && include_previous) { SMARTLIST_FOREACH(previous_vote_list, pending_vote_t *, pv, - if (tor_memeq(pv->vote->networkstatus_digest, fp, DIGEST_LEN)) + if (fast_memeq(pv->vote->networkstatus_digest, fp, DIGEST_LEN)) return pv->vote_body); } } diff --git a/src/or/eventdns.c b/src/or/eventdns.c index 42885a2..bef6062 100644 --- a/src/or/eventdns.c +++ b/src/or/eventdns.c @@ -463,7 +463,7 @@ sockaddr_eq(const struct sockaddr *sa1, const struct sockaddr *sa2, const struct sockaddr_in6 *sin1, *sin2; sin1 = (const struct sockaddr_in6 *)sa1; sin2 = (const struct sockaddr_in6 *)sa2; - if (tor_memcmp(sin1->sin6_addr.s6_addr, sin2->sin6_addr.s6_addr, 16)) + if (tor_memneq(sin1->sin6_addr.s6_addr, sin2->sin6_addr.s6_addr, 16)) return 0; else if (include_port && sin1->sin6_port != sin2->sin6_port) return 0; diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index e91ff93..dcd8159 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -336,7 +336,7 @@ networkstatus_get_voter_by_id(networkstatus_t *vote, if (!vote || !vote->voters) return NULL; SMARTLIST_FOREACH(vote->voters, networkstatus_voter_info_t *, voter, - if (tor_memeq(voter->identity_digest, identity, DIGEST_LEN)) + if (fast_memeq(voter->identity_digest, identity, DIGEST_LEN)) return voter); return NULL; } @@ -356,7 +356,7 @@ networkstatus_check_voter_signature(networkstatus_t *consensus, size_t signed_digest_len; if (crypto_pk_get_digest(cert->signing_key, d)<0) return -1; - if (tor_memcmp(voter->signing_key_digest, d, DIGEST_LEN)) + if (tor_memneq(voter->signing_key_digest, d, DIGEST_LEN)) return -1; signed_digest_len = crypto_pk_keysize(cert->signing_key); signed_digest = tor_malloc(signed_digest_len); @@ -365,7 +365,7 @@ networkstatus_check_voter_signature(networkstatus_t *consensus, signed_digest_len, voter->signature, voter->signature_len) != DIGEST_LEN || - tor_memcmp(signed_digest, consensus->networkstatus_digest, DIGEST_LEN)) { + tor_memneq(signed_digest, consensus->networkstatus_digest, DIGEST_LEN)) { log_warn(LD_DIR, "Got a bad signature on a networkstatus vote"); voter->bad_signature = 1; } else { @@ -1296,7 +1296,7 @@ routerstatus_has_changed(const routerstatus_t *a, const routerstatus_t *b) tor_assert(tor_memeq(a->identity_digest, b->identity_digest, DIGEST_LEN)); return strcmp(a->nickname, b->nickname) || - tor_memcmp(a->descriptor_digest, b->descriptor_digest, DIGEST_LEN) || + fast_memneq(a->descriptor_digest, b->descriptor_digest, DIGEST_LEN) || a->addr != b->addr || a->or_port != b->or_port || a->dir_port != b->dir_port || diff --git a/src/or/onion.c b/src/or/onion.c index ecd04a5..4c26deb 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -311,7 +311,7 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state, if (len < 0) goto err; - if (tor_memcmp(key_material, handshake_reply+DH_KEY_LEN, DIGEST_LEN)) { + if (tor_memneq(key_material, handshake_reply+DH_KEY_LEN, DIGEST_LEN)) { /* H(K) does *not* match. Something fishy. */ log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on onion handshake. " "Bug or attack."); @@ -398,7 +398,7 @@ fast_client_handshake(const uint8_t *handshake_state,/*DIGEST_LEN bytes*/ if (crypto_expand_key_material(tmp, sizeof(tmp), out, out_len)) { goto done; } - if (tor_memcmp(out, handshake_reply_out+DIGEST_LEN, DIGEST_LEN)) { + if (tor_memneq(out, handshake_reply_out+DIGEST_LEN, DIGEST_LEN)) { /* H(K) does *not* match. Something fishy. */ log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on fast handshake. " "Bug or attack."); diff --git a/src/or/relay.c b/src/or/relay.c index 61971a4..59e2c5c 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -89,7 +89,7 @@ relay_digest_matches(crypto_digest_env_t *digest, cell_t *cell) crypto_digest_add_bytes(digest, (char*) cell->payload, CELL_PAYLOAD_SIZE); crypto_digest_get_digest(digest, calculated_integrity, 4); - if (tor_memcmp(received_integrity, calculated_integrity, 4)) { + if (tor_memneq(received_integrity, calculated_integrity, 4)) { // log_fn(LOG_INFO,"Recognized=0 but bad digest. Not recognizing."); // (%d vs %d).", received_integrity, calculated_integrity); /* restore digest to its old form */ diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 100ea40..7bda705 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -748,7 +748,7 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request, goto err; /* Check whether the digest is right... */ - if (tor_memcmp(keys, request+DH_KEY_LEN, DIGEST_LEN)) { + if (tor_memneq(keys, request+DH_KEY_LEN, DIGEST_LEN)) { log_warn(LD_PROTOCOL, "Incorrect digest of key material."); goto err; } diff --git a/src/or/rendmid.c b/src/or/rendmid.c index c8e614d..d73f0a1 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -57,7 +57,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request, log_warn(LD_BUG, "Internal error computing digest."); goto err; } - if (tor_memcmp(expected_digest, request+2+asn1len, DIGEST_LEN)) { + if (tor_memneq(expected_digest, request+2+asn1len, DIGEST_LEN)) { log_warn(LD_PROTOCOL, "Hash of session info was not as expected."); reason = END_CIRC_REASON_TORPROTOCOL; goto err; diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 2c5eb97..d1cc7f4 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -962,7 +962,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, /* first DIGEST_LEN bytes of request is intro or service pk digest */ crypto_pk_get_digest(intro_key, intro_key_digest); - if (tor_memcmp(intro_key_digest, request, DIGEST_LEN)) { + if (tor_memneq(intro_key_digest, request, DIGEST_LEN)) { base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, (char*)request, REND_SERVICE_ID_LEN); log_warn(LD_REND, "Got an INTRODUCE2 cell for the wrong service (%s).", @@ -1306,7 +1306,7 @@ rend_service_launch_establish_intro(rend_service_t *service, return -1; } - if (tor_memcmp(intro->extend_info->identity_digest, + if (tor_memneq(intro->extend_info->identity_digest, launched->build_state->chosen_exit->identity_digest, DIGEST_LEN)) { char cann[HEX_DIGEST_LEN+1], orig[HEX_DIGEST_LEN+1]; base16_encode(cann, sizeof(cann), diff --git a/src/or/rephist.c b/src/or/rephist.c index dee74ed..a3d8bcc 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -103,7 +103,7 @@ get_or_history(const char* id) { or_history_t *hist; - if (tor_mem_is_zero(id, DIGEST_LEN)) + if (tor_digest_is_zero(id)) return NULL; hist = digestmap_get(history_map, id); @@ -130,7 +130,7 @@ get_link_history(const char *from_id, const char *to_id) orhist = get_or_history(from_id); if (!orhist) return NULL; - if (tor_mem_is_zero(to_id, DIGEST_LEN)) + if (tor_digest_is_zero(to_id)) return NULL; lhist = (link_history_t*) digestmap_get(orhist->link_history_map, to_id); if (!lhist) { diff --git a/src/or/router.c b/src/or/router.c index bfb6d5c..cc60041 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -634,7 +634,7 @@ init_keys(void) ds->type = type; } if (v3_digest_set && (ds->type & V3_AUTHORITY) && - tor_memcmp(v3_digest, ds->v3_identity_digest, DIGEST_LEN)) { + tor_memneq(v3_digest, ds->v3_identity_digest, DIGEST_LEN)) { log_warn(LD_DIR, "V3 identity key does not match identity declared in " "DirServer line. Adjusting."); memcpy(ds->v3_identity_digest, v3_digest, DIGEST_LEN); diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 454bb1c..9f04620 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2263,7 +2263,7 @@ signed_descriptor_get_body_impl(signed_descriptor_t *desc, tor_assert(r); if (!with_annotations) { - if (tor_memcmp("router ", r, 7) && tor_memcmp("extra-info ", r, 11)) { + if (fast_memcmp("router ", r, 7) && fast_memcmp("extra-info ", r, 11)) { char *cp = tor_strndup(r, 64); log_err(LD_DIR, "descriptor at %p begins with unexpected string %s. " "Is another process running in our data directory? Exiting.", @@ -2765,7 +2765,7 @@ routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old, routerlist_insert(rl, ri_new); return; } - if (tor_memcmp(ri_old->cache_info.identity_digest, + if (tor_memneq(ri_old->cache_info.identity_digest, ri_new->cache_info.identity_digest, DIGEST_LEN)) { /* digests don't match; digestmap_set won't replace */ rimap_remove(rl->identity_map, ri_old->cache_info.identity_digest); @@ -2791,7 +2791,7 @@ routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old, if (!tor_digest_is_zero(sd->extra_info_digest)) sdmap_set(rl->desc_by_eid_map, sd->extra_info_digest, sd); } else { - if (tor_memcmp(ri_old->cache_info.signed_descriptor_digest, + if (tor_memneq(ri_old->cache_info.signed_descriptor_digest, ri_new->cache_info.signed_descriptor_digest, DIGEST_LEN)) { /* digests don't match; digestmap_set didn't replace */ @@ -3118,7 +3118,7 @@ _compare_old_routers_by_identity(const void **_a, const void **_b) { int i; const signed_descriptor_t *r1 = *_a, *r2 = *_b; - if ((i = tor_memcmp(r1->identity_digest, r2->identity_digest, DIGEST_LEN))) + if ((i = fast_memcmp(r1->identity_digest, r2->identity_digest, DIGEST_LEN))) return i; return (int)(r1->published_on - r2->published_on); } @@ -3378,7 +3378,7 @@ routerlist_remove_old_routers(void) cur_id = r->identity_digest; hi = i; } - if (tor_memcmp(cur_id, r->identity_digest, DIGEST_LEN)) { + if (tor_memneq(cur_id, r->identity_digest, DIGEST_LEN)) { routerlist_remove_old_cached_routers_with_id(now, cutoff, i+1, hi, retain); cur_id = r->identity_digest; @@ -4192,7 +4192,7 @@ update_consensus_router_descriptor_downloads(time_t now) routerinfo_t *ri; ++n_have; if (!(ri = router_get_by_digest(rs->identity_digest)) || - tor_memcmp(ri->cache_info.signed_descriptor_digest, + tor_memneq(ri->cache_info.signed_descriptor_digest, sd->signed_descriptor_digest, DIGEST_LEN)) { /* We have a descriptor with this digest, but either there is no * entry in routerlist with the same ID (!ri), or there is one, @@ -4665,7 +4665,7 @@ routerinfo_incompatible_with_extrainfo(routerinfo_t *ri, extrainfo_t *ei, /* The identity must match exactly to have been generated at the same time * by the same router. */ - if (tor_memcmp(ri->cache_info.identity_digest, ei->cache_info.identity_digest, + if (tor_memneq(ri->cache_info.identity_digest, ei->cache_info.identity_digest, DIGEST_LEN)) { if (msg) *msg = "Extrainfo nickname or identity did not match routerinfo"; goto err; /* different servers */ @@ -4676,7 +4676,7 @@ routerinfo_incompatible_with_extrainfo(routerinfo_t *ri, extrainfo_t *ei, if (crypto_pk_public_checksig(ri->identity_pkey, signed_digest, sizeof(signed_digest), ei->pending_sig, ei->pending_sig_len) != DIGEST_LEN || - tor_memcmp(signed_digest, ei->cache_info.signed_descriptor_digest, + tor_memneq(signed_digest, ei->cache_info.signed_descriptor_digest, DIGEST_LEN)) { ei->bad_sig = 1; tor_free(ei->pending_sig); @@ -4836,7 +4836,7 @@ static int _compare_routerinfo_by_id_digest(const void **a, const void **b) { routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b; - return tor_memcmp(first->cache_info.identity_digest, + return fast_memcmp(first->cache_info.identity_digest, second->cache_info.identity_digest, DIGEST_LEN); } diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 9931d0f..7ff0e2c 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -959,7 +959,7 @@ check_signature_token(const char *digest, } // log_debug(LD_DIR,"Signed %s hash starts %s", doctype, // hex_str(signed_digest,4)); - if (tor_memcmp(digest, signed_digest, DIGEST_LEN)) { + if (tor_memneq(digest, signed_digest, DIGEST_LEN)) { log_warn(LD_DIR, "Error reading %s: signature does not match.", doctype); tor_free(signed_digest); return -1; @@ -1347,7 +1347,7 @@ router_parse_entry_from_string(const char *s, const char *end, escaped(tok->args[0])); goto err; } - if (tor_memcmp(d,router->cache_info.identity_digest, DIGEST_LEN)!=0) { + if (tor_memneq(d,router->cache_info.identity_digest, DIGEST_LEN)) { log_warn(LD_DIR, "Fingerprint '%s' does not match identity digest.", tok->args[0]); goto err; @@ -1669,7 +1669,7 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string) cert->cache_info.identity_digest)) goto err; - if (tor_memcmp(cert->cache_info.identity_digest, fp_declared, DIGEST_LEN)) { + if (tor_memneq(cert->cache_info.identity_digest, fp_declared, DIGEST_LEN)) { log_warn(LD_DIR, "Digest of certificate key didn't match declared " "fingerprint"); goto err; @@ -2005,7 +2005,7 @@ static int _compare_routerstatus_entries(const void **_a, const void **_b) { const routerstatus_t *a = *_a, *b = *_b; - return tor_memcmp(a->identity_digest, b->identity_digest, DIGEST_LEN); + return fast_memcmp(a->identity_digest, b->identity_digest, DIGEST_LEN); } /** Helper: used in call to _smartlist_uniq to clear out duplicate entries. */ @@ -2098,7 +2098,7 @@ networkstatus_v2_parse_from_string(const char *s) log_warn(LD_DIR, "Couldn't compute signing key digest"); goto err; } - if (tor_memcmp(tmp_digest, ns->identity_digest, DIGEST_LEN)) { + if (tor_memneq(tmp_digest, ns->identity_digest, DIGEST_LEN)) { log_warn(LD_DIR, "network-status fingerprint did not match dir-signing-key"); goto err; @@ -2394,7 +2394,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, goto err; } if (ns->type != NS_TYPE_CONSENSUS && - tor_memcmp(ns->cert->cache_info.identity_digest, + tor_memneq(ns->cert->cache_info.identity_digest, voter->identity_digest, DIGEST_LEN)) { log_warn(LD_DIR,"Mismatch between identities in certificate and vote"); goto err; @@ -2499,7 +2499,8 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, rs1 = smartlist_get(ns->routerstatus_list, i-1); rs2 = smartlist_get(ns->routerstatus_list, i); } - if (tor_memcmp(rs1->identity_digest, rs2->identity_digest, DIGEST_LEN) >= 0) { + if (fast_memcmp(rs1->identity_digest, rs2->identity_digest, DIGEST_LEN) + >= 0) { log_warn(LD_DIR, "Vote networkstatus entries not sorted by identity " "digest"); goto err; @@ -2555,7 +2556,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, } if (ns->type != NS_TYPE_CONSENSUS) { - if (tor_memcmp(declared_identity, ns->cert->cache_info.identity_digest, + if (tor_memneq(declared_identity, ns->cert->cache_info.identity_digest, DIGEST_LEN)) { log_warn(LD_DIR, "Digest mismatch between declared and actual on " "network-status vote."); @@ -3744,7 +3745,7 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out, crypto_pk_get_digest(result->pk, public_key_hash); rend_get_descriptor_id_bytes(test_desc_id, public_key_hash, secret_id_part); - if (tor_memcmp(desc_id_out, test_desc_id, DIGEST_LEN)) { + if (tor_memneq(desc_id_out, test_desc_id, DIGEST_LEN)) { log_warn(LD_REND, "Parsed descriptor ID does not match " "computed descriptor ID."); goto err; @@ -3834,7 +3835,7 @@ rend_decrypt_introduction_points(char **ipos_decrypted, tor_free(dec); return -1; } - if (memcmpstart(dec, declen, "introduction-point ")) { + if (fast_memcmpstart(dec, declen, "introduction-point ")) { log_warn(LD_REND, "Decrypted introduction points don't " "look like we could parse them."); tor_free(dec); @@ -3903,7 +3904,7 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, parsed->intro_nodes = smartlist_create(); area = memarea_new(); - while (!memcmpstart(current_ipo, end_of_intro_points-current_ipo, + while (!fast_memcmpstart(current_ipo, end_of_intro_points-current_ipo, "introduction-point ")) { /* Determine end of string. */ const char *eos = tor_memstr(current_ipo, end_of_intro_points-current_ipo,

1 0

[tor/maint-0.2.2] Merge remote-tracking branch 'public/3122_memcmp_squashed' into bug3122_memcmp_022
by nickm＠torproject.org 12 May '11

12 May '11

commit 44ad73457303ed0bf80f6c4c645a62e03b42149b Merge: 7206d78 59f9097 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed May 11 16:23:42 2011 -0400 Merge remote-tracking branch 'public/3122_memcmp_squashed' into bug3122_memcmp_022 Conflicts throughout. All resolved in favor of taking HEAD and adding tor_mem* or fast_mem* ops as appropriate. src/common/Makefile.am src/or/circuitbuild.c src/or/directory.c src/or/dirserv.c src/or/dirvote.c src/or/networkstatus.c src/or/rendclient.c src/or/rendservice.c src/or/router.c src/or/routerlist.c src/or/routerparse.c src/or/test.c changes/bug3122_memcmp | 7 +++ configure.in | 18 ++++++ src/common/Makefile.am | 4 +- src/common/address.c | 2 +- src/common/compat.c | 4 +- src/common/container.c | 8 ++-- src/common/container.h | 4 +- src/common/crypto.c | 2 +- src/common/di_ops.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++ src/common/di_ops.h | 30 ++++++++++ src/common/torgzip.c | 2 +- src/common/util.c | 21 +++++--- src/common/util.h | 5 +- src/or/circuitbuild.c | 12 ++-- src/or/circuitlist.c | 10 ++-- src/or/circuituse.c | 2 +- src/or/connection_edge.c | 4 +- src/or/connection_or.c | 8 ++-- src/or/control.c | 14 +++--- src/or/directory.c | 10 ++-- src/or/dirserv.c | 8 ++-- src/or/dirvote.c | 36 ++++++------ src/or/eventdns.c | 2 +- src/or/networkstatus.c | 38 +++++++------- src/or/onion.c | 4 +- src/or/relay.c | 2 +- src/or/rendclient.c | 6 +- src/or/rendcommon.c | 8 ++-- src/or/rendmid.c | 2 +- src/or/rendservice.c | 16 +++--- src/or/rephist.c | 4 +- src/or/router.c | 6 +- src/or/routerlist.c | 60 ++++++++++---------- src/or/routerparse.c | 27 +++++----- 34 files changed, 358 insertions(+), 161 deletions(-) diff --cc src/common/Makefile.am index b1e03cd,db94a98..2d009bd --- a/src/common/Makefile.am +++ b/src/common/Makefile.am @@@ -12,21 -10,7 +12,21 @@@ libor_extra_source endif libor_a_SOURCES = address.c log.c util.c compat.c container.c mempool.c \ - memarea.c util_codedigest.c $(libor_extra_source) - memarea.c di_ops.c $(libor_extra_source) ++ memarea.c di_ops.c util_codedigest.c $(libor_extra_source) libor_crypto_a_SOURCES = crypto.c aes.c tortls.c torgzip.c +libor_event_a_SOURCES = compat_libevent.c + - noinst_HEADERS = address.h torlog.h crypto.h util.h compat.h aes.h torint.h tortls.h strlcpy.c strlcat.c torgzip.h container.h ht.h mempool.h memarea.h ciphers.inc compat_libevent.h tortls_states.h ++noinst_HEADERS = address.h torlog.h crypto.h util.h compat.h aes.h torint.h tortls.h strlcpy.c strlcat.c torgzip.h container.h ht.h mempool.h memarea.h ciphers.inc compat_libevent.h tortls_states.h di_ops.h + +common_sha1.i: $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(noinst_HEADERS) + if test "@SHA1SUM@" != none; then \ + @SHA1SUM@ $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(noinst_HEADERS) | @SED@ -n 's/^$.*$$$/"\1\\n"/p' > common_sha1.i; \ + elif test "@OPENSSL@" != none; then \ + @OPENSSL@ sha1 $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(noinst_HEADERS) | @SED@ -n 's/SHA1($.*$)= $.*$/"\2 \1\\n"/p' > common_sha1.i; \ + else \ + rm common_sha1.i; \ + touch common_sha1.i; \ + fi -noinst_HEADERS = address.h log.h crypto.h test.h util.h compat.h aes.h torint.h tortls.h strlcpy.c strlcat.c torgzip.h container.h ht.h mempool.h memarea.h di_ops.h ciphers.inc +util_codedigest.o: common_sha1.i +crypto.o: sha256.c diff --cc src/common/util.c index 38c0ad0,879a0e4..86f4141 --- a/src/common/util.c +++ b/src/common/util.c @@@ -739,16 -662,12 +741,19 @@@ tor_mem_is_zero(const char *mem, size_ int tor_digest_is_zero(const char *digest) { - return tor_mem_is_zero(digest, DIGEST_LEN); + static const uint8_t ZERO_DIGEST[] = { + 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 + }; + return tor_memeq(digest, ZERO_DIGEST, DIGEST_LEN); } +/** Return true iff the DIGEST256_LEN bytes in digest are all zero. */ +int +tor_digest256_is_zero(const char *digest) +{ + return tor_mem_is_zero(digest, DIGEST256_LEN); +} + /* Helper: common code to check whether the result of a strtol or strtoul or * strtoll is correct. */ #define CHECK_STRTOX_RESULT() \ diff --cc src/or/circuitbuild.c index 2189e0e,208a9cb..a9986d3 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@@ -4504,10 -2997,11 +4504,10 @@@ get_configured_bridge_by_addr_port_dige SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, bridge) { if (tor_digest_is_zero(bridge->identity) && - tor_addr_eq_ipv4h(&bridge->addr, ri->addr) && - bridge->port == ri->or_port) + !tor_addr_compare(&bridge->addr, addr, CMP_EXACT) && + bridge->port == port) return bridge; - if (!memcmp(bridge->identity, digest, DIGEST_LEN)) - if (tor_memeq(bridge->identity, ri->cache_info.identity_digest, - DIGEST_LEN)) ++ if (tor_memeq(bridge->identity, digest, DIGEST_LEN)) return bridge; } SMARTLIST_FOREACH_END(bridge); diff --cc src/or/directory.c index 68734e6,01f3375..309d997 --- a/src/or/directory.c +++ b/src/or/directory.c @@@ -2434,9 -2356,9 +2434,9 @@@ client_likes_consensus(networkstatus_t continue; }; - SMARTLIST_FOREACH(v->voters, networkstatus_voter_info_t *, vi, { - if (vi->signature && - fast_memeq(vi->identity_digest, want_digest, want_len)) { + SMARTLIST_FOREACH_BEGIN(v->voters, networkstatus_voter_info_t *, vi) { + if (smartlist_len(vi->sigs) && - !memcmp(vi->identity_digest, want_digest, want_len)) { ++ tor_memeq(vi->identity_digest, want_digest, want_len)) { have++; break; }; diff --cc src/or/dirserv.c index 860ac1f,e367cb1..1f4489a --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@@ -3152,23 -2841,15 +3152,23 @@@ dirserv_orconn_tls_done(const char *add tor_assert(address); tor_assert(digest_rcvd); - SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, { + /* XXX023 Doing a loop like this is stupid. We should just look up the + * router by digest_rcvd, and see if address, orport, and as_advertised + * match up. -NM */ + SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, ri) { if (!strcasecmp(address, ri->address) && or_port == ri->or_port && as_advertised && - !memcmp(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN)) { + fast_memeq(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN)) { /* correct digest. mark this router reachable! */ if (!bridge_auth || ri->purpose == ROUTER_PURPOSE_BRIDGE) { - log_info(LD_DIRSERV, "Found router %s to be reachable. Yay.", - ri->nickname); - rep_hist_note_router_reachable(digest_rcvd, now); + tor_addr_t addr, *addrp=NULL; + log_info(LD_DIRSERV, "Found router %s to be reachable at %s:%d. Yay.", + ri->nickname, address, ri->or_port ); + if (tor_addr_from_str(&addr, ri->address) != -1) + addrp = &addr; + else + log_warn(LD_BUG, "Couldn't parse IP address \"%s\"", ri->address); + rep_hist_note_router_reachable(digest_rcvd, addrp, or_port, now); ri->last_reachable = now; } } diff --cc src/or/dirvote.c index 750c649,9e763bd..a95cea4 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@@ -1765,11 -879,9 +1765,11 @@@ networkstatus_compute_consensus(smartli /* Figure out the most popular opinion of what the most recent * routerinfo and its contents are. */ - rs = compute_routerstatus_consensus(matching_descs); + memset(microdesc_digest, 0, sizeof(microdesc_digest)); + rs = compute_routerstatus_consensus(matching_descs, consensus_method, + microdesc_digest); /* Copy bits of that into rs_out. */ - tor_assert(!memcmp(lowest_id, rs->status.identity_digest, DIGEST_LEN)); + tor_assert(fast_memeq(lowest_id, rs->status.identity_digest, DIGEST_LEN)); memcpy(rs_out.identity_digest, lowest_id, DIGEST_LEN); memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest, DIGEST_LEN); @@@ -2970,19 -1797,15 +2970,19 @@@ dirvote_add_vote(const char *vote_body goto err; } + /* Fetch any new router descriptors we just learned about */ + update_consensus_router_descriptor_downloads(time(NULL), 1, vote); + /* Now see whether we already have a vote from this authority. */ SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v, { - if (! memcmp(v->vote->cert->cache_info.identity_digest, + if (fast_memeq(v->vote->cert->cache_info.identity_digest, vote->cert->cache_info.identity_digest, DIGEST_LEN)) { networkstatus_voter_info_t *vi_old = get_voter(v->vote); - if (!memcmp(vi_old->vote_digest, vi->vote_digest, DIGEST_LEN)) { + if (fast_memeq(vi_old->vote_digest, vi->vote_digest, DIGEST_LEN)) { /* Ah, it's the same vote. Not a problem. */ - log_info(LD_DIR, "Discarding a vote we already have."); + log_info(LD_DIR, "Discarding a vote we already have (from %s).", + vi->address); if (*status_out < 200) *status_out = 200; goto discard; @@@ -3491,12 -2229,12 +3491,12 @@@ dirvote_get_vote(const char *fp, int fl } else { if (pending_vote_list && include_pending) { SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, pv, - if (!memcmp(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN)) - if (fast_memeq(pv->vote->networkstatus_digest, fp, DIGEST_LEN)) ++ if (fast_memeq(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN)) return pv->vote_body); } if (previous_vote_list && include_previous) { SMARTLIST_FOREACH(previous_vote_list, pending_vote_t *, pv, - if (!memcmp(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN)) - if (fast_memeq(pv->vote->networkstatus_digest, fp, DIGEST_LEN)) ++ if (fast_memeq(pv->vote->digests.d[DIGEST_SHA1], fp, DIGEST_LEN)) return pv->vote_body); } } diff --cc src/or/networkstatus.c index a50d3ca,dcd8159..ff20566 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@@ -414,39 -341,35 +414,39 @@@ networkstatus_get_voter_by_id(networkst return NULL; } -/** Check whether the signature on voter is correctly signed by - * the signing key of cert. Return -1 if cert doesn't match the +/** Check whether the signature sig is correctly signed with the + * signing key in cert. Return -1 if cert doesn't match the * signing key; otherwise set the good_signature or bad_signature flag on * voter, and return 0. */ -/* (private; exposed for testing.) */ int -networkstatus_check_voter_signature(networkstatus_t *consensus, - networkstatus_voter_info_t *voter, - authority_cert_t *cert) +networkstatus_check_document_signature(const networkstatus_t *consensus, + document_signature_t *sig, + const authority_cert_t *cert) { - char d[DIGEST_LEN]; + char key_digest[DIGEST_LEN]; + const int dlen = sig->alg == DIGEST_SHA1 ? DIGEST_LEN : DIGEST256_LEN; char *signed_digest; size_t signed_digest_len; - if (crypto_pk_get_digest(cert->signing_key, d)<0) + + if (crypto_pk_get_digest(cert->signing_key, key_digest)<0) return -1; - if (memcmp(sig->signing_key_digest, key_digest, DIGEST_LEN) || - memcmp(sig->identity_digest, cert->cache_info.identity_digest, - DIGEST_LEN)) - if (tor_memneq(voter->signing_key_digest, d, DIGEST_LEN)) ++ if (tor_memneq(sig->signing_key_digest, key_digest, DIGEST_LEN) || ++ tor_memneq(sig->identity_digest, cert->cache_info.identity_digest, ++ DIGEST_LEN)) return -1; + signed_digest_len = crypto_pk_keysize(cert->signing_key); signed_digest = tor_malloc(signed_digest_len); if (crypto_pk_public_checksig(cert->signing_key, signed_digest, signed_digest_len, - voter->signature, - voter->signature_len) != DIGEST_LEN || - tor_memneq(signed_digest, consensus->networkstatus_digest, DIGEST_LEN)) { + sig->signature, + sig->signature_len) < dlen || - memcmp(signed_digest, consensus->digests.d[sig->alg], dlen)) { ++ tor_memneq(signed_digest, consensus->digests.d[sig->alg], dlen)) { log_warn(LD_DIR, "Got a bad signature on a networkstatus vote"); - voter->bad_signature = 1; + sig->bad_signature = 1; } else { - voter->good_signature = 1; + sig->good_signature = 1; } tor_free(signed_digest); return 0; @@@ -1613,31 -1432,11 +1613,31 @@@ networkstatus_set_current_consensus(con goto done; } - if (current_consensus && - tor_memeq(c->networkstatus_digest, current_consensus->networkstatus_digest, - DIGEST_LEN)) { + if (!strcmp(flavor, "ns")) { + consensus_fname = get_datadir_fname("cached-consensus"); + unverified_fname = get_datadir_fname("unverified-consensus"); + if (current_consensus) { + current_digests = &current_consensus->digests; + current_valid_after = current_consensus->valid_after; + } + } else { + cached_dir_t *cur; + char buf[128]; + tor_snprintf(buf, sizeof(buf), "cached-%s-consensus", flavor); + consensus_fname = get_datadir_fname(buf); + tor_snprintf(buf, sizeof(buf), "unverified-%s-consensus", flavor); + unverified_fname = get_datadir_fname(buf); + cur = dirserv_get_consensus(flavor); + if (cur) { + current_digests = &cur->digests; + current_valid_after = cur->published; + } + } + + if (current_digests && - !memcmp(&c->digests, current_digests, sizeof(c->digests))) { ++ tor_memeq(&c->digests, current_digests, sizeof(c->digests))) { /* We already have this one. That's a failure. */ - log_info(LD_DIR, "Got a consensus we already have"); + log_info(LD_DIR, "Got a %s consensus we already have", flavor); goto done; } diff --cc src/or/rendclient.c index e4a6d09,7bda705..77e11c2 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@@ -154,27 -98,42 +154,27 @@@ rend_client_send_introduction(origin_ci } /* first 20 bytes of payload are the hash of Bob's pk */ - if (entry->parsed->version == 0) { /* un-versioned descriptor */ - intro_key = entry->parsed->pk; - } else { /* versioned descriptor */ - intro_key = NULL; - SMARTLIST_FOREACH(entry->parsed->intro_nodes, rend_intro_point_t *, - intro, { - if (tor_memeq(introcirc->build_state->chosen_exit->identity_digest, - intro->extend_info->identity_digest, DIGEST_LEN)) { - intro_key = intro->intro_key; - break; - } - }); - if (!intro_key) { - /** XXX This case probably means that the intro point vanished while - * we were building a circuit to it. In the future, we should find - * out how that happened and whether we should kill the circuits to - * removed intro points immediately. See task 1073. */ - int num_intro_points = smartlist_len(entry->parsed->intro_nodes); - if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, - 0, &entry) > 0) { - log_info(LD_REND, "We have both a v0 and a v2 rend desc for this " - "service. The v2 desc doesn't contain the introduction " - "point (and key) to send an INTRODUCE1/2 cell to this " - "introduction point. Assuming the introduction point " - "is for v0 rend clients and using the service key " - "from the v0 desc instead. (This is probably a bug, " - "because we shouldn't even have both a v0 and a v2 " - "descriptor for the same service.)"); - /* See flyspray task 1024. */ - intro_key = entry->parsed->pk; - } else { - log_info(LD_REND, "Internal error: could not find intro key; we " - "only have a v2 rend desc with %d intro points.", - num_intro_points); - goto perm_err; - } + intro_key = NULL; + SMARTLIST_FOREACH(entry->parsed->intro_nodes, rend_intro_point_t *, + intro, { - if (!memcmp(introcirc->build_state->chosen_exit->identity_digest, ++ if (tor_memeq(introcirc->build_state->chosen_exit->identity_digest, + intro->extend_info->identity_digest, DIGEST_LEN)) { + intro_key = intro->intro_key; + break; + } + }); + if (!intro_key) { + log_info(LD_REND, "Could not find intro key for %s at %s; we " + "have a v2 rend desc with %d intro points. " + "Trying a different intro point...", + safe_str_client(introcirc->rend_data->onion_address), + introcirc->build_state->chosen_exit->nickname, + smartlist_len(entry->parsed->intro_nodes)); + + if (rend_client_reextend_intro_circuit(introcirc)) { + goto perm_err; + } else { + return -1; } } if (crypto_pk_get_digest(intro_key, payload)<0) { diff --cc src/or/rendcommon.c index f8e7f9b,c83573b..da33fec --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@@ -1067,9 -1101,9 +1067,9 @@@ rend_cache_store(const char *desc, size rend_service_descriptor_free(parsed); return 0; } - if (e && e->len == desc_len && !memcmp(desc,e->desc,desc_len)) { + if (e && e->len == desc_len && tor_memeq(desc,e->desc,desc_len)) { log_info(LD_REND,"We already have this service descriptor %s.", - safe_str(query)); + safe_str_client(query)); e->received = time(NULL); rend_service_descriptor_free(parsed); return 0; diff --cc src/or/rendservice.c index cd8f9ea,d1cc7f4..35e8b90 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@@ -465,8 -506,9 +465,8 @@@ rend_config_services(or_options_t *opti int keep_it = 0; tor_assert(oc->rend_data); SMARTLIST_FOREACH(surviving_services, rend_service_t *, ptr, { - if (!memcmp(ptr->pk_digest, oc->rend_data->rend_pk_digest, + if (tor_memeq(ptr->pk_digest, oc->rend_data->rend_pk_digest, - DIGEST_LEN) && - ptr->descriptor_version == oc->rend_data->rend_desc_version) { + DIGEST_LEN)) { keep_it = 1; break; } @@@ -753,15 -797,17 +753,15 @@@ rend_service_load_keys(void return r; } -/** Return the service whose public key has a digest of digest and - * which publishes the given descriptor version. Return NULL if no - * such service exists. +/** Return the service whose public key has a digest of digest, or + * NULL if no such service exists. */ static rend_service_t * -rend_service_get_by_pk_digest_and_version(const char* digest, - uint8_t version) +rend_service_get_by_pk_digest(const char* digest) { SMARTLIST_FOREACH(rend_service_list, rend_service_t*, s, - if (!memcmp(s->pk_digest,digest,DIGEST_LEN)) - if (tor_memeq(s->pk_digest,digest,DIGEST_LEN) && - s->descriptor_version == version) return s); ++ if (tor_memeq(s->pk_digest,digest,DIGEST_LEN)) + return s); return NULL; } @@@ -1555,9 -1593,10 +1555,9 @@@ find_intro_circuit(rend_intro_point_t * tor_assert(intro); while ((circ = circuit_get_next_by_pk_and_purpose(circ,pk_digest, CIRCUIT_PURPOSE_S_INTRO))) { - if (!memcmp(circ->build_state->chosen_exit->identity_digest, + if (tor_memeq(circ->build_state->chosen_exit->identity_digest, intro->extend_info->identity_digest, DIGEST_LEN) && - circ->rend_data && - circ->rend_data->rend_desc_version == desc_version) { + circ->rend_data) { return circ; } } @@@ -1565,9 -1604,10 +1565,9 @@@ circ = NULL; while ((circ = circuit_get_next_by_pk_and_purpose(circ,pk_digest, CIRCUIT_PURPOSE_S_ESTABLISH_INTRO))) { - if (!memcmp(circ->build_state->chosen_exit->identity_digest, + if (tor_memeq(circ->build_state->chosen_exit->identity_digest, intro->extend_info->identity_digest, DIGEST_LEN) && - circ->rend_data && - circ->rend_data->rend_desc_version == desc_version) { + circ->rend_data) { return circ; } } diff --cc src/or/router.c index 65afd49,cc60041..a7148ea --- a/src/or/router.c +++ b/src/or/router.c @@@ -1260,8 -1119,7 +1260,8 @@@ router_my_exit_policy_is_reject_star(vo int router_digest_is_me(const char *digest) { - return identitykey && tor_memeq(identitykey_digest, digest, DIGEST_LEN); + return (server_identitykey && - !memcmp(server_identitykey_digest, digest, DIGEST_LEN)); ++ tor_memeq(server_identitykey_digest, digest, DIGEST_LEN)); } /** Return true iff I'm a server and digest is equal to diff --cc src/or/routerlist.c index f567ccd,9f04620..b0909eb --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@@ -3328,15 -2999,16 +3328,15 @@@ router_add_to_routerlist(routerinfo_t * SMARTLIST_FOREACH(networkstatus_v2_list, networkstatus_v2_t *, ns, { routerstatus_t *rs = - networkstatus_v2_find_entry(ns, router->cache_info.identity_digest); + networkstatus_v2_find_entry(ns, id_digest); - if (rs && !memcmp(rs->descriptor_digest, + if (rs && tor_memeq(rs->descriptor_digest, router->cache_info.signed_descriptor_digest, DIGEST_LEN)) rs->need_to_mirror = 0; }); if (consensus) { - routerstatus_t *rs = networkstatus_vote_find_entry(consensus, - router->cache_info.identity_digest); + routerstatus_t *rs = networkstatus_vote_find_entry(consensus, id_digest); - if (rs && !memcmp(rs->descriptor_digest, + if (rs && tor_memeq(rs->descriptor_digest, router->cache_info.signed_descriptor_digest, DIGEST_LEN)) { in_consensus = 1; diff --cc src/or/routerparse.c index d0138e6,7ff0e2c..3b669ad --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@@ -1095,7 -959,7 +1095,7 @@@ check_signature_token(const char *diges } // log_debug(LD_DIR,"Signed %s hash starts %s", doctype, // hex_str(signed_digest,4)); - if (memcmp(digest, signed_digest, digest_len)) { - if (tor_memneq(digest, signed_digest, DIGEST_LEN)) { ++ if (tor_memneq(digest, signed_digest, digest_len)) { log_warn(LD_DIR, "Error reading %s: signature does not match.", doctype); tor_free(signed_digest); return -1; @@@ -2190,11 -2001,11 +2190,11 @@@ routerstatus_parse_entry_from_string(me } /** Helper to sort a smartlist of pointers to routerstatus_t */ -static int -_compare_routerstatus_entries(const void **_a, const void **_b) +int +compare_routerstatus_entries(const void **_a, const void **_b) { const routerstatus_t *a = *_a, *b = *_b; - return memcmp(a->identity_digest, b->identity_digest, DIGEST_LEN); + return fast_memcmp(a->identity_digest, b->identity_digest, DIGEST_LEN); } /** Helper: used in call to _smartlist_uniq to clear out duplicate entries. */

1 0

[tor/maint-0.2.2] fwd-port test_util_di_ops into tinytest format
by nickm＠torproject.org 12 May '11

12 May '11

commit 9964c314c6c6af4b921875c973f28f8d01b2e9a2 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed May 11 16:25:51 2011 -0400 fwd-port test_util_di_ops into tinytest format --- src/test/test_util.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 54 insertions(+), 0 deletions(-) diff --git a/src/test/test_util.c b/src/test/test_util.c index b1fafc8..0da45df 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -1209,6 +1209,59 @@ test_util_load_win_lib(void *ptr) } #endif +static void +test_util_di_ops(void) +{ +#define LT -1 +#define GT 1 +#define EQ 0 + const struct { + const char *a; int want_sign; const char *b; + } examples[] = { + { "Foo", EQ, "Foo" }, + { "foo", GT, "bar", }, + { "foobar", EQ ,"foobar" }, + { "foobar", LT, "foobaw" }, + { "foobar", GT, "f00bar" }, + { "foobar", GT, "boobar" }, + { "", EQ, "" }, + { NULL, 0, NULL }, + }; + + int i; + + for (i = 0; examples[i].a; ++i) { + size_t len = strlen(examples[i].a); + int eq1, eq2, neq1, neq2, cmp1, cmp2; + test_eq(len, strlen(examples[i].b)); + /* We do all of the operations, with operands in both orders. */ + eq1 = tor_memeq(examples[i].a, examples[i].b, len); + eq2 = tor_memeq(examples[i].b, examples[i].a, len); + neq1 = tor_memneq(examples[i].a, examples[i].b, len); + neq2 = tor_memneq(examples[i].b, examples[i].a, len); + cmp1 = tor_memcmp(examples[i].a, examples[i].b, len); + cmp2 = tor_memcmp(examples[i].b, examples[i].a, len); + + /* Check for correctness of cmp1 */ + if (cmp1 < 0 && examples[i].want_sign != LT) + test_fail(); + else if (cmp1 > 0 && examples[i].want_sign != GT) + test_fail(); + else if (cmp1 == 0 && examples[i].want_sign != EQ) + test_fail(); + + /* Check for consistency of everything else with cmp1 */ + test_eq(eq1, eq2); + test_eq(neq1, neq2); + test_eq(cmp1, -cmp2); + test_eq(eq1, cmp1 == 0); + test_eq(neq1, !eq1); + } + + done: + ; +} + #define UTIL_LEGACY(name) \ { #name, legacy_test_helper, 0, &legacy_setup, test_util_ ## name } @@ -1229,6 +1282,7 @@ struct testcase_t util_tests[] = { UTIL_LEGACY(threads), UTIL_LEGACY(sscanf), UTIL_LEGACY(strtok), + UTIL_LEGACY(di_ops), UTIL_TEST(find_str_at_start_of_line, 0), UTIL_TEST(asprintf, 0), UTIL_TEST(listdir, 0),

1 0