[or-cvs] r13382: Remove some dead code; fix some XXX020s; turn some XXX020s i (in tor/trunk: . src/common src/or)
nickm at seul.org
nickm at seul.org
Tue Feb 5 19:40:28 UTC 2008
Author: nickm
Date: 2008-02-05 14:40:26 -0500 (Tue, 05 Feb 2008)
New Revision: 13382
Modified:
tor/trunk/
tor/trunk/src/common/crypto.c
tor/trunk/src/common/mempool.c
tor/trunk/src/common/tortls.c
tor/trunk/src/common/tortls.h
tor/trunk/src/common/util.c
tor/trunk/src/or/or.h
Log:
r17903 at catbus: nickm | 2008-02-05 14:40:03 -0500
Remove some dead code; fix some XXX020s; turn some XXX020s into XXXX_IP6s (i.e., "needs to be fixed when we add ipv6 support").
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r17903] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/src/common/crypto.c
===================================================================
--- tor/trunk/src/common/crypto.c 2008-02-05 19:40:21 UTC (rev 13381)
+++ tor/trunk/src/common/crypto.c 2008-02-05 19:40:26 UTC (rev 13382)
@@ -487,7 +487,7 @@
*/
if (!PEM_write_bio_RSAPublicKey(b, env->key)) {
crypto_log_errors(LOG_WARN, "writing public key to string");
- /* XXX020 leaks b? maybe "BIO_free(b);" would be smart here. -RD */
+ BIO_free(b);
return -1;
}
@@ -1277,7 +1277,7 @@
crypto_digest_get_digest(crypto_digest_env_t *digest,
char *out, size_t out_len)
{
- static unsigned char r[DIGEST_LEN]; /*XXXXX020 why static? */
+ unsigned char r[DIGEST_LEN];
SHA_CTX tmpctx;
tor_assert(digest);
tor_assert(out);
Modified: tor/trunk/src/common/mempool.c
===================================================================
--- tor/trunk/src/common/mempool.c 2008-02-05 19:40:21 UTC (rev 13381)
+++ tor/trunk/src/common/mempool.c 2008-02-05 19:40:26 UTC (rev 13382)
@@ -49,11 +49,6 @@
* - We keep a list of full chunks (so we can have a "nuke everything"
* function). Obmalloc's pools leave full chunks to float unanchored.
*
- * [XXXX020 Another way to support 'nuke everything' would be to keep
- * _all_ the chunks in a doubly-linked-list. This would have more
- * space overhead per chunk, but less pointer manipulation overhead
- * than the current approach.]
- *
* LIMITATIONS:
* - Not even slightly threadsafe.
* - Likes to have lots of items per chunks.
Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c 2008-02-05 19:40:21 UTC (rev 13381)
+++ tor/trunk/src/common/tortls.c 2008-02-05 19:40:26 UTC (rev 13382)
@@ -889,7 +889,7 @@
} else {
#ifdef V2_HANDSHAKE_CLIENT
/* If we got no ID cert, we're a v2 handshake. */
- X509 *cert = SSL_get_peer_certificate(tls->ssl);/*XXXX020 refcnt?*/
+ X509 *cert = SSL_get_peer_certificate(tls->ssl);
STACK_OF(X509) *chain = SSL_get_peer_cert_chain(tls->ssl);
int n_certs = sk_X509_num(chain);
if (n_certs > 1 || (n_certs == 1 && cert != sk_X509_value(chain, 0)))
@@ -1198,111 +1198,6 @@
return r;
}
-#if 0
-/** DOCDOC
- *
- * Returns 1 on "verification is done", 0 on "still need LINK_AUTH."
- */
-int
-tor_tls_verify_certs_v2(int severity, tor_tls_t *tls,
- const char *cert_str, size_t cert_len,
- const char *id_cert_str, size_t id_cert_len,
- crypto_pk_env_t **cert_key_out,
- char *conn_cert_digest_out,
- crypto_pk_env_t **id_key_out,
- char *id_digest_out)
-{
- X509 *cert = NULL, *id_cert = NULL;
- EVP_PKEY *id_pkey = NULL, *cert_pkey = NULL;
- int free_id_cert = 0, peer_used_tls_cert = 0;
- int r = -1;
-
- tor_assert(cert_key_out);
- tor_assert(conn_cert_digest_out);
- tor_assert(id_key_out);
- tor_assert(id_digest_out);
-
- *cert_key_out = NULL;
-
- if (cert_str && cert_len) {
- /*XXXX020 warn on error. */
- const unsigned char *cp = (const unsigned char*) cert_str;
- cert = d2i_X509(NULL, &cp, cert_len);
- }
- if (id_cert_str && id_cert_len) {
- /*XXXX020 warn on error. */
- const unsigned char *cp = (const unsigned char*) id_cert_str;
- id_cert = d2i_X509(NULL, &cp, id_cert_len);
- if (id_cert)
- free_id_cert = 1;
- }
-
- if (cert) {
- int cmp = 0;
- X509 *cert_tmp = SSL_get_peer_certificate(tls->ssl);
- if (cert_tmp) {
- peer_used_tls_cert = 1;
- cmp = X509_cmp(cert, cert_tmp);
- X509_free(cert_tmp);
- }
- if (cmp != 0) {
- log_fn(severity, LD_PROTOCOL,
- "Certificate in CERT cell didn't match TLS cert.");
- goto done;
- }
- }
-
- if (!cert || !id_cert) {
- X509 *c=NULL, *id=NULL;
- try_to_extract_certs_from_tls(severity, tls, &c, &id);
- if (c) {
- if (!cert)
- cert = c;
- else
- X509_free(c);
- }
- if (id && !id_cert)
- id_cert = id;
- }
- if (!id_cert || !cert)
- goto done;
-
- if (!(id_pkey = X509_get_pubkey(id_cert)) ||
- X509_verify(cert, id_pkey) <= 0) {
- log_fn(severity,LD_PROTOCOL,"X509_verify on cert and pkey returned <= 0");
- tls_log_errors(severity,"verifying certificate");
- goto done;
- }
-
- if (!(*id_key_out = _crypto_new_pk_env_evp_pkey(id_pkey)))
- goto done;
- crypto_pk_get_digest(*id_key_out, id_digest_out);
- if (!(cert_pkey = X509_get_pubkey(cert)))
- goto done;
- if (!(*cert_key_out = _crypto_new_pk_env_evp_pkey(cert_pkey)))
- goto done;
-
- {
- unsigned int len = 0;
- X509_digest(cert, EVP_sha1(), (unsigned char*)conn_cert_digest_out, &len);
- tor_assert(len == DIGEST_LEN);
- }
-
- r = peer_used_tls_cert ? 1 : 0;
- done:
- if (cert)
- X509_free(cert);
- if (id_cert && free_id_cert)
- X509_free(id_cert);
- if (id_pkey)
- EVP_PKEY_free(id_pkey);
- if (cert_pkey)
- EVP_PKEY_free(cert_pkey);
-
- return r;
-}
-#endif
-
/** Check whether the certificate set on the connection <b>tls</b> is
* expired or not-yet-valid, give or take <b>tolerance</b>
* seconds. Return 0 for valid, -1 for failure.
Modified: tor/trunk/src/common/tortls.h
===================================================================
--- tor/trunk/src/common/tortls.h 2008-02-05 19:40:21 UTC (rev 13381)
+++ tor/trunk/src/common/tortls.h 2008-02-05 19:40:26 UTC (rev 13382)
@@ -22,7 +22,7 @@
/* Possible return values for most tor_tls_* functions. */
#define _MIN_TOR_TLS_ERROR_VAL -9
#define TOR_TLS_ERROR_MISC -9
-/* Rename to unexpected close or something. XXX020 */
+/* Rename to unexpected close or something. XXXX */
#define TOR_TLS_ERROR_IO -8
#define TOR_TLS_ERROR_CONNREFUSED -7
#define TOR_TLS_ERROR_CONNRESET -6
Modified: tor/trunk/src/common/util.c
===================================================================
--- tor/trunk/src/common/util.c 2008-02-05 19:40:21 UTC (rev 13381)
+++ tor/trunk/src/common/util.c 2008-02-05 19:40:26 UTC (rev 13382)
@@ -2409,7 +2409,7 @@
/** Compare two addresses <b>a1</b> and <b>a2</b> for equality under a
* etmask of <b>mbits</b> bits. Return -1, 0, or 1.
*
- * XXXX020Temporary function to allow masks as bitcounts everywhere. This
+ * XXXX_IP6 Temporary function to allow masks as bitcounts everywhere. This
* will be replaced with an IPv6-aware version as soon as 32-bit addresses are
* no longer passed around.
*/
@@ -2646,7 +2646,7 @@
memset(addr_out, 0, sizeof(tor_addr_t));
if (!strcmp(address, "*")) {
- addr_out->family = AF_INET; /* AF_UNSPEC ???? XXXXX020 */
+ addr_out->family = AF_INET; /* AF_UNSPEC ???? XXXX_IP6 */
any_flag = 1;
} else if (tor_inet_pton(AF_INET6, address, &addr_out->addr.in6_addr) > 0) {
addr_out->family = AF_INET6;
@@ -2714,7 +2714,7 @@
bits);
goto err;
}
- /* XXXX020 is this really what we want? */
+ /* XXXX_IP6 is this really what we want? */
bits = 96 + bits%32; /* map v4-mapped masks onto 96-128 bits */
}
} else { /* pick an appropriate mask, as none was given */
@@ -2827,7 +2827,7 @@
/** Take a 32-bit host-order ipv4 address <b>v4addr</b> and store it in the
* tor_addr *<b>dest</b>.
*
- * XXXX020 Temporary, for use while 32-bit int addresses are still being
+ * XXXX_IP6 Temporary, for use while 32-bit int addresses are still being
* passed around.
*/
void
@@ -2876,7 +2876,7 @@
tor_assert(addr1 && addr2);
- /* XXXX020 this code doesn't handle mask bits right it's using v4-mapped v6
+ /* XXXX_IP6 this code doesn't handle mask bits right it's using v4-mapped v6
* addresses. If I ask whether ::ffff:1.2.3.4 and ::ffff:1.2.7.8 are the
* same in the first 16 bits, it will say "yes." That's not so intuitive.
*/
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2008-02-05 19:40:21 UTC (rev 13381)
+++ tor/trunk/src/or/or.h 2008-02-05 19:40:26 UTC (rev 13382)
@@ -860,7 +860,7 @@
* could write? */
time_t timestamp_created; /**< When was this connection_t created? */
- /* XXXX020 make this ipv6-capable */
+ /* XXXX_IP6 make this ipv6-capable */
int socket_family; /**< Address family of this connection's socket. Usually
* AF_INET, but it can also be AF_UNIX, or in the future
* AF_INET6 */
@@ -1129,7 +1129,7 @@
maskbits_t maskbits; /**< Accept/reject all addresses <b>a</b> such that the
* first <b>maskbits</b> bits of <b>a</b> match
* <b>addr</b>. */
- /* XXXX020 make this ipv6-capable */
+ /* XXXX_IP6 make this ipv6-capable */
uint32_t addr; /**< Base address to accept or reject. */
uint16_t prt_min; /**< Lowest port number to accept/reject. */
uint16_t prt_max; /**< Highest port number to accept/reject. */
@@ -1956,7 +1956,7 @@
/** An entry specifying a set of addresses and ports that should be remapped
* to another address and port before exiting this exit node. */
typedef struct exit_redirect_t {
- /* XXXX020 make this whole mess ipv6-capable. (Does anybody use it? */
+ /* XXXX_IP6 make this whole mess ipv6-capable. (Does anybody use it? */
uint32_t addr;
uint16_t port_min;
More information about the tor-commits
mailing list