1. 12 Aug, 2020 2 commits
  2. 11 Aug, 2020 8 commits
  3. 10 Aug, 2020 4 commits
  4. 06 Aug, 2020 2 commits
  5. 31 Jul, 2020 1 commit
  6. 30 Jul, 2020 2 commits
  7. 29 Jul, 2020 1 commit
  8. 28 Jul, 2020 1 commit
  9. 27 Jul, 2020 1 commit
  10. 24 Jul, 2020 1 commit
  11. 23 Jul, 2020 3 commits
  12. 09 Jul, 2020 8 commits
  13. 08 Jul, 2020 1 commit
  14. 07 Jul, 2020 3 commits
  15. 06 Jul, 2020 2 commits
    • Alexander Færøy's avatar
      Use ((x + 7) >> 3) instead of (x >> 3) when converting from bits to bytes. · 7b2d1070
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      This patch changes our bits-to-bytes conversion logic in the NSS
      implementation of `tor_tls_cert_matches_key()` from using (x >> 3) to
      ((x + 7) >> 3) since DER bit-strings are allowed to contain a number of
      bits that is not a multiple of 8.
      
      Additionally, we add a comment on why we cannot use the
      `DER_ConvertBitString()` macro from NSS, as we would potentially apply
      the bits-to-bytes conversion logic twice, which would lead to an
      insignificant amount of bytes being compared in
      `SECITEM_ItemsAreEqual()` and thus turn the logic into being a
      prefix match instead of a full match.
      
      The `DER_ConvertBitString()` macro is defined in NSS as:
      
          /*
          ** Macro to convert der decoded bit string into a decoded octet
          ** string. All it needs to do is fiddle with the length code.
          */
          #define DER_ConvertBitString(item)            \
              {                                         \
                  (item)->len = ((item)->len + 7) >> 3; \
              }
      
      Thanks to Taylor Yu for spotting this problem.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      7b2d1070
    • Alexander Færøy's avatar
      Add constness to length variables in `tor_tls_cert_matches_key`. · 06f1e959
      Alexander Færøy authored and Nick Mathewson's avatar Nick Mathewson committed
      We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
      `tor_tls_cert_matches_key` to ensure that we don't accidentally alter
      the variables.
      
      This patch is part of the fix for TROVE-2020-001.
      
      See: https://bugs.torproject.org/33119
      06f1e959