Loading src/core/or/connection_or.c +20 −3 Original line number Diff line number Diff line Loading @@ -2641,6 +2641,12 @@ connection_or_send_certs_cell(or_connection_t *conn) return 0; } #ifdef TOR_UNIT_TESTS int testing__connection_or_pretend_TLSSECRET_is_supported = 0; #else #define testing__connection_or_pretend_TLSSECRET_is_supported 0 #endif /** Return true iff <b>challenge_type</b> is an AUTHCHALLENGE type that * we can send and receive. */ int Loading @@ -2648,6 +2654,11 @@ authchallenge_type_is_supported(uint16_t challenge_type) { switch (challenge_type) { case AUTHTYPE_RSA_SHA256_TLSSECRET: #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS return 1; #else return testing__connection_or_pretend_TLSSECRET_is_supported; #endif case AUTHTYPE_ED25519_SHA256_RFC5705: return 1; case AUTHTYPE_RSA_SHA256_RFC5705: Loading Loading @@ -2690,10 +2701,12 @@ connection_or_send_auth_challenge_cell(or_connection_t *conn) tor_assert(sizeof(ac->challenge) == 32); crypto_rand((char*)ac->challenge, sizeof(ac->challenge)); if (authchallenge_type_is_supported(AUTHTYPE_RSA_SHA256_TLSSECRET)) auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_TLSSECRET); /* Disabled, because everything that supports this method also supports * the much-superior ED25519_SHA256_RFC5705 */ /* auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_RFC5705); */ if (authchallenge_type_is_supported(AUTHTYPE_ED25519_SHA256_RFC5705)) auth_challenge_cell_add_methods(ac, AUTHTYPE_ED25519_SHA256_RFC5705); auth_challenge_cell_set_n_methods(ac, auth_challenge_cell_getlen_methods(ac)); Loading Loading @@ -2855,7 +2868,11 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, /* HMAC of clientrandom and serverrandom using master key : 32 octets */ if (old_tlssecrets_algorithm) { tor_tls_get_tlssecrets(conn->tls, auth->tlssecrets); if (tor_tls_get_tlssecrets(conn->tls, auth->tlssecrets) < 0) { log_fn(LOG_PROTOCOL_WARN, LD_OR, "Somebody asked us for an older TLS " "authentication method (AUTHTYPE_RSA_SHA256_TLSSECRET) " "which we don't support."); } } else { char label[128]; tor_snprintf(label, sizeof(label), Loading src/core/or/connection_or.h +1 −0 Original line number Diff line number Diff line Loading @@ -160,6 +160,7 @@ STATIC void note_or_connect_failed(const or_connection_t *or_conn); #ifdef TOR_UNIT_TESTS extern int certs_cell_ed25519_disabled_for_testing; extern int testing__connection_or_pretend_TLSSECRET_is_supported; #endif #endif /* !defined(TOR_CONNECTION_OR_H) */ src/core/or/protover.c +4 −1 Original line number Diff line number Diff line Loading @@ -374,7 +374,11 @@ protover_get_supported_protocols(void) "HSIntro=3-4 " "HSRend=1-2 " "Link=1-5 " #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS "LinkAuth=1,3 " #else "LinkAuth=3 " #endif "Microdesc=1-2 " "Relay=1-2"; } Loading Loading @@ -920,4 +924,3 @@ protover_free_all(void) } #endif /* !defined(HAVE_RUST) */ src/lib/crypt_ops/crypto_init.c +11 −0 Original line number Diff line number Diff line Loading @@ -191,3 +191,14 @@ crypto_get_header_version_string(void) return crypto_nss_get_header_version_str(); #endif } /** Return true iff Tor is using the NSS library. */ int tor_is_using_nss(void) { #ifdef ENABLE_NSS return 1; #else return 0; #endif } src/lib/crypt_ops/crypto_init.h +2 −0 Original line number Diff line number Diff line Loading @@ -31,4 +31,6 @@ const char *crypto_get_library_name(void); const char *crypto_get_library_version_string(void); const char *crypto_get_header_version_string(void); int tor_is_using_nss(void); #endif /* !defined(TOR_CRYPTO_H) */ Loading
src/core/or/connection_or.c +20 −3 Original line number Diff line number Diff line Loading @@ -2641,6 +2641,12 @@ connection_or_send_certs_cell(or_connection_t *conn) return 0; } #ifdef TOR_UNIT_TESTS int testing__connection_or_pretend_TLSSECRET_is_supported = 0; #else #define testing__connection_or_pretend_TLSSECRET_is_supported 0 #endif /** Return true iff <b>challenge_type</b> is an AUTHCHALLENGE type that * we can send and receive. */ int Loading @@ -2648,6 +2654,11 @@ authchallenge_type_is_supported(uint16_t challenge_type) { switch (challenge_type) { case AUTHTYPE_RSA_SHA256_TLSSECRET: #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS return 1; #else return testing__connection_or_pretend_TLSSECRET_is_supported; #endif case AUTHTYPE_ED25519_SHA256_RFC5705: return 1; case AUTHTYPE_RSA_SHA256_RFC5705: Loading Loading @@ -2690,10 +2701,12 @@ connection_or_send_auth_challenge_cell(or_connection_t *conn) tor_assert(sizeof(ac->challenge) == 32); crypto_rand((char*)ac->challenge, sizeof(ac->challenge)); if (authchallenge_type_is_supported(AUTHTYPE_RSA_SHA256_TLSSECRET)) auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_TLSSECRET); /* Disabled, because everything that supports this method also supports * the much-superior ED25519_SHA256_RFC5705 */ /* auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_RFC5705); */ if (authchallenge_type_is_supported(AUTHTYPE_ED25519_SHA256_RFC5705)) auth_challenge_cell_add_methods(ac, AUTHTYPE_ED25519_SHA256_RFC5705); auth_challenge_cell_set_n_methods(ac, auth_challenge_cell_getlen_methods(ac)); Loading Loading @@ -2855,7 +2868,11 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, /* HMAC of clientrandom and serverrandom using master key : 32 octets */ if (old_tlssecrets_algorithm) { tor_tls_get_tlssecrets(conn->tls, auth->tlssecrets); if (tor_tls_get_tlssecrets(conn->tls, auth->tlssecrets) < 0) { log_fn(LOG_PROTOCOL_WARN, LD_OR, "Somebody asked us for an older TLS " "authentication method (AUTHTYPE_RSA_SHA256_TLSSECRET) " "which we don't support."); } } else { char label[128]; tor_snprintf(label, sizeof(label), Loading
src/core/or/connection_or.h +1 −0 Original line number Diff line number Diff line Loading @@ -160,6 +160,7 @@ STATIC void note_or_connect_failed(const or_connection_t *or_conn); #ifdef TOR_UNIT_TESTS extern int certs_cell_ed25519_disabled_for_testing; extern int testing__connection_or_pretend_TLSSECRET_is_supported; #endif #endif /* !defined(TOR_CONNECTION_OR_H) */
src/core/or/protover.c +4 −1 Original line number Diff line number Diff line Loading @@ -374,7 +374,11 @@ protover_get_supported_protocols(void) "HSIntro=3-4 " "HSRend=1-2 " "Link=1-5 " #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS "LinkAuth=1,3 " #else "LinkAuth=3 " #endif "Microdesc=1-2 " "Relay=1-2"; } Loading Loading @@ -920,4 +924,3 @@ protover_free_all(void) } #endif /* !defined(HAVE_RUST) */
src/lib/crypt_ops/crypto_init.c +11 −0 Original line number Diff line number Diff line Loading @@ -191,3 +191,14 @@ crypto_get_header_version_string(void) return crypto_nss_get_header_version_str(); #endif } /** Return true iff Tor is using the NSS library. */ int tor_is_using_nss(void) { #ifdef ENABLE_NSS return 1; #else return 0; #endif }
src/lib/crypt_ops/crypto_init.h +2 −0 Original line number Diff line number Diff line Loading @@ -31,4 +31,6 @@ const char *crypto_get_library_name(void); const char *crypto_get_library_version_string(void); const char *crypto_get_header_version_string(void); int tor_is_using_nss(void); #endif /* !defined(TOR_CRYPTO_H) */
