commit 268d01ada5f4a11c5d8e63215288eb593dbfb9ed Author: David Goulet dgoulet@torproject.org Date: Fri Jul 10 10:03:06 2020 -0400
Rename blacklist and whitelist wording
Closes #40033
Signed-off-by: David Goulet dgoulet@torproject.org --- src/app/config/fallback_dirs.inc | 6 +++--- src/core/or/circuitbuild.c | 22 +++++++++++----------- src/core/or/connection_or.c | 2 +- src/feature/client/entrynodes.c | 4 ++-- src/feature/dirparse/ns_parse.c | 4 ++-- src/feature/hs/hs_service.c | 2 +- src/feature/nodelist/authcert.c | 2 +- src/feature/nodelist/authcert.h | 2 +- src/feature/nodelist/networkstatus.c | 4 ++-- src/lib/sandbox/sandbox.c | 2 +- 10 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/src/app/config/fallback_dirs.inc b/src/app/config/fallback_dirs.inc index 793f65ce88..ba7e848715 100644 --- a/src/app/config/fallback_dirs.inc +++ b/src/app/config/fallback_dirs.inc @@ -3,10 +3,10 @@ /* timestamp=20190625114911 */ /* timestamp0=20190625114911 */ /* timestamp1=20190628085927 */ -/* source=whitelist */ +/* source=allowlist */ /* ===== */ -/* 0: Whitelist excluded 1550 of 1711 candidates. */ -/* 1: Whitelist excluded 1601 of 1765 candidates. */ +/* 0: Allowlist excluded 1550 of 1711 candidates. */ +/* 1: Allowlist excluded 1601 of 1765 candidates. */ /* Checked IPv4 DirPorts served a consensus within 15.0s. */ /* 0: diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index cef70e3e76..db8c5b3113 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -1771,7 +1771,7 @@ pick_restricted_middle_node(router_crn_flags_t flags, { const node_t *middle_node = NULL;
- smartlist_t *whitelisted_live_middles = smartlist_new(); + smartlist_t *allowlisted_live_middles = smartlist_new(); smartlist_t *all_live_nodes = smartlist_new();
tor_assert(pick_from); @@ -1779,21 +1779,21 @@ pick_restricted_middle_node(router_crn_flags_t flags, /* Add all running nodes to all_live_nodes */ router_add_running_nodes_to_smartlist(all_live_nodes, flags);
- /* Filter all_live_nodes to only add live *and* whitelisted middles - * to the list whitelisted_live_middles. */ + /* Filter all_live_nodes to only add live *and* allowlisted middles + * to the list allowlisted_live_middles. */ SMARTLIST_FOREACH_BEGIN(all_live_nodes, node_t *, live_node) { if (routerset_contains_node(pick_from, live_node)) { - smartlist_add(whitelisted_live_middles, live_node); + smartlist_add(allowlisted_live_middles, live_node); } } SMARTLIST_FOREACH_END(live_node);
/* Honor ExcludeNodes */ if (exclude_set) { - routerset_subtract_nodes(whitelisted_live_middles, exclude_set); + routerset_subtract_nodes(allowlisted_live_middles, exclude_set); }
if (exclude_list) { - smartlist_subtract(whitelisted_live_middles, exclude_list); + smartlist_subtract(allowlisted_live_middles, exclude_list); }
/** @@ -1809,9 +1809,9 @@ pick_restricted_middle_node(router_crn_flags_t flags, * If there are a lot of nodes in here, assume they did not load balance * and do it for them, but also warn them that they may be Doing It Wrong. */ - if (smartlist_len(whitelisted_live_middles) <= + if (smartlist_len(allowlisted_live_middles) <= MAX_SANE_RESTRICTED_NODES) { - middle_node = smartlist_choose(whitelisted_live_middles); + middle_node = smartlist_choose(allowlisted_live_middles); } else { static ratelim_t pinned_notice_limit = RATELIM_INIT(24*3600); log_fn_ratelim(&pinned_notice_limit, LOG_NOTICE, LD_CIRC, @@ -1819,17 +1819,17 @@ pick_restricted_middle_node(router_crn_flags_t flags, "in %d total nodes. This is a lot of nodes. " "You may want to consider using a Tor controller " "to select and update a smaller set of nodes instead.", - position_hint, smartlist_len(whitelisted_live_middles)); + position_hint, smartlist_len(allowlisted_live_middles));
/* NO_WEIGHTING here just means don't take node flags into account * (ie: use consensus measurement only). This is done so that * we don't further surprise the user by not using Exits that they * specified at all */ - middle_node = node_sl_choose_by_bandwidth(whitelisted_live_middles, + middle_node = node_sl_choose_by_bandwidth(allowlisted_live_middles, NO_WEIGHTING); }
- smartlist_free(whitelisted_live_middles); + smartlist_free(allowlisted_live_middles); smartlist_free(all_live_nodes);
return middle_node; diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c index b88d1b6afb..8865f7246c 100644 --- a/src/core/or/connection_or.c +++ b/src/core/or/connection_or.c @@ -1160,7 +1160,7 @@ static time_t or_connect_failure_map_next_cleanup_ts = 0; * port. * * We need to identify a connection failure with these three values because we - * want to avoid to wrongfully blacklist a relay if someone is trying to + * want to avoid to wrongfully block a relay if someone is trying to * extend to a known identity digest but with the wrong IP/port. For instance, * it can happen if a relay changed its port but the client still has an old * descriptor with the old port. We want to stop connecting to that diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index 6e8259142d..9b20684bf7 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -1576,12 +1576,12 @@ guard_create_exit_restriction(const uint8_t *exit_id) }
/** If we have fewer than this many possible usable guards, don't set - * MD-availability-based restrictions: we might blacklist all of them. */ + * MD-availability-based restrictions: we might denylist all of them. */ #define MIN_GUARDS_FOR_MD_RESTRICTION 10
/** Return true if we should set md dirserver restrictions. We might not want * to set those if our guard options are too restricted, since we don't want - * to blacklist all of them. */ + * to denylist all of them. */ static int should_set_md_dirserver_restriction(void) { diff --git a/src/feature/dirparse/ns_parse.c b/src/feature/dirparse/ns_parse.c index ac9325a608..f89c1b91cf 100644 --- a/src/feature/dirparse/ns_parse.c +++ b/src/feature/dirparse/ns_parse.c @@ -1354,8 +1354,8 @@ networkstatus_parse_vote_from_string(const char *s, goto err; } if (ns->type != NS_TYPE_CONSENSUS) { - if (authority_cert_is_blacklisted(ns->cert)) { - log_warn(LD_DIR, "Rejecting vote signature made with blacklisted " + if (authority_cert_is_denylisted(ns->cert)) { + log_warn(LD_DIR, "Rejecting vote signature made with denylisted " "signing key %s", hex_str(ns->cert->signing_key_digest, DIGEST_LEN)); goto err; diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 995c1ca78b..b56b7f4368 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -3904,7 +3904,7 @@ hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
/** Add to file_list every filename used by a configured hidden service, and to * dir_list every directory path used by a configured hidden service. This is - * used by the sandbox subsystem to whitelist those. */ + * used by the sandbox subsystem to allowlist those. */ void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list) diff --git a/src/feature/nodelist/authcert.c b/src/feature/nodelist/authcert.c index 97e44d53e3..8ca22f818e 100644 --- a/src/feature/nodelist/authcert.c +++ b/src/feature/nodelist/authcert.c @@ -745,7 +745,7 @@ static const char *BAD_SIGNING_KEYS[] = { * which, because of the old openssl heartbleed vulnerability, should * never be trusted. */ int -authority_cert_is_blacklisted(const authority_cert_t *cert) +authority_cert_is_denylisted(const authority_cert_t *cert) { char hex_digest[HEX_DIGEST_LEN+1]; int i; diff --git a/src/feature/nodelist/authcert.h b/src/feature/nodelist/authcert.h index 33065589ba..4c3d79ceed 100644 --- a/src/feature/nodelist/authcert.h +++ b/src/feature/nodelist/authcert.h @@ -41,7 +41,7 @@ void authority_cert_dl_failed(const char *id_digest, void authority_certs_fetch_missing(networkstatus_t *status, time_t now, const char *dir_hint); int authority_cert_dl_looks_uncertain(const char *id_digest); -int authority_cert_is_blacklisted(const authority_cert_t *cert); +int authority_cert_is_denylisted(const authority_cert_t *cert);
void authority_cert_free_(authority_cert_t *cert); #define authority_cert_free(cert) \ diff --git a/src/feature/nodelist/networkstatus.c b/src/feature/nodelist/networkstatus.c index f63d598ef7..dfff1f704b 100644 --- a/src/feature/nodelist/networkstatus.c +++ b/src/feature/nodelist/networkstatus.c @@ -471,8 +471,8 @@ networkstatus_check_document_signature(const networkstatus_t *consensus, DIGEST_LEN)) return -1;
- if (authority_cert_is_blacklisted(cert)) { - /* We implement blacklisting for authority signing keys by treating + if (authority_cert_is_denylisted(cert)) { + /* We implement denylisting for authority signing keys by treating * all their signatures as always bad. That way we don't get into * crazy loops of dropping and re-fetching signatures. */ log_warn(LD_DIR, "Ignoring a consensus signature made with deprecated" diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index 2b4181e7f8..820e4fd1a5 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -935,7 +935,7 @@ sb_epoll_ctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter) * the seccomp filter sandbox. * * NOTE: if multiple filters need to be added, the PR_SECCOMP parameter needs - * to be whitelisted in this function. + * to be allowlisted in this function. */ static int sb_prctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)