or.h should really include only the minimum of stuff from or/*,
common/*, and lib/*.

Also, stop supporting empty HKDF input key material

These tests would report errors, but wouldn't report the offending
strings.

 * ADD new /src/common/crypto_rand.[ch] module.
 * ADD new /src/common/crypto_util.[ch] module (contains the memwipe()
   function, since all crypto_* modules need this).
 * FIXES part of #24658: https://bugs.torproject.org/24658

Most of these buffers were never actually inspected, but it's still
bad style.

Alexander Færøy authored Jun 05, 2017 and Nick Mathewson committed Aug 24, 2017

This patch fixes the operator usage in src/test/*.c to use the symbolic
operators instead of the normal C comparison operators.

This patch was generated using:

    ./scripts/coccinelle/test-operator-cleanup src/test/*.[ch]

We need to keep these around for TAP and old-style hidden services,
but they're obsolete, and we shouldn't encourage anyone to use them.
So I've added "obsolete" to their names, and a comment explaining
what the problem is.

Closes ticket 23026.

Test base64_decode() with odd sized decoded lengths, including
unpadded encodings and padded encodings with "right-sized" output
buffers.  Convert calls to base64_decode_nopad() to base64_decode()
because base64_decode_nopad() is redundant.

Create a new test_crypto_openssl to test openssl-only crypto.c
functionality.

David Goulet authored Dec 12, 2016 and Nick Mathewson committed Dec 14, 2016

Signed-off-by: David Goulet <dgoulet@torproject.org>

(This will be used by prop224)

Previously, the IV and key were stored in the structure, even though
they mostly weren't needed.  The only purpose they had was to
support a seldom-used API where you could pass NULL when creating
a cipher in order to get a random key/IV, and then pull that key/IV
back out.

This saves 32 bytes per AES instance, and makes it easier to support
different key lengths.

The point of diminishing returns has been reached.

This shaves another 3-4 seconds off the main-path tests for me,
which is again worth it, according to XKCD#1204.

The functions it warns about are:
  assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
  strdup, strndup, calloc.

Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.

nikkolasg authored Jun 17, 2016 and Nick Mathewson committed Jun 20, 2016

base16_decodes() now returns the number of decoded bytes. It's interface
changes from returning a "int" to a "ssize_t". Every callsite now checks the
returned value.

Fixes #14013

Signed-off-by: David Goulet <dgoulet@torproject.org>

This is a big-ish patch, but it's very straightforward.  Under this
clang warning, we're not actually allowed to have a global variable
without a previous extern declaration for it.  The cases where we
violated this rule fall into three roughly equal groups:
  * Stuff that should have been static.
  * Stuff that was global but where the extern was local to some
    other C file.
  * Stuff that was only global when built for the unit tests, that
    needed a conditional extern in the headers.

The first two were IMO genuine problems; the last is a wart of how
we build tests.

Coverity noticed that we check tor_sscanf's return value everywhere
else.

Fixes the 0.2.9 instance of bug #19213, which prevented mingw64 from
working.  This case wasn't in any released Tor.

Fix the new crypto tests, which used truncate(3).