Loading src/common/crypto.c +7 −21 Original line number Diff line number Diff line Loading @@ -1327,7 +1327,7 @@ crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out) /** Compute all digests of the DER encoding of <b>pk</b>, and store them * in <b>digests_out</b>. Return 0 on success, -1 on failure. */ int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out) crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out) { unsigned char *buf = NULL; int len; Loading @@ -1335,7 +1335,7 @@ crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out) len = i2d_RSAPublicKey(pk->key, &buf); if (len < 0 || buf == NULL) return -1; if (crypto_digest_all(digests_out, (char*)buf, len) < 0) { if (crypto_common_digests(digests_out, (char*)buf, len) < 0) { OPENSSL_free(buf); return -1; } Loading Loading @@ -1649,33 +1649,19 @@ crypto_digest512(char *digest, const char *m, size_t len, == -1); } /** Set the digests_t in <b>ds_out</b> to contain every digest on the /** Set the common_digests_t in <b>ds_out</b> to contain every digest on the * <b>len</b> bytes in <b>m</b> that we know how to compute. Return 0 on * success, -1 on failure. */ int crypto_digest_all(digests_t *ds_out, const char *m, size_t len) crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len) { int i; tor_assert(ds_out); memset(ds_out, 0, sizeof(*ds_out)); if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0) return -1; for (i = DIGEST_SHA256; i < N_DIGEST_ALGORITHMS; ++i) { switch (i) { case DIGEST_SHA256: /* FALLSTHROUGH */ case DIGEST_SHA3_256: if (crypto_digest256(ds_out->d[i], m, len, i) < 0) return -1; break; case DIGEST_SHA512: case DIGEST_SHA3_512: /* FALLSTHROUGH */ if (crypto_digest512(ds_out->d[i], m, len, i) < 0) return -1; break; default: if (crypto_digest256(ds_out->d[DIGEST_SHA256], m, len, DIGEST_SHA256) < 0) return -1; } } return 0; } Loading src/common/crypto.h +7 −5 Original line number Diff line number Diff line Loading @@ -100,8 +100,9 @@ typedef enum { DIGEST_SHA3_512 = 4, } digest_algorithm_t; #define N_DIGEST_ALGORITHMS (DIGEST_SHA3_512+1) #define N_COMMON_DIGEST_ALGORITHMS (DIGEST_SHA256+1) /** A set of all the digests we know how to compute, taken on a single /** A set of all the digests we commonly compute, taken on a single * string. Any digests that are shorter than 512 bits are right-padded * with 0 bits. * Loading @@ -110,8 +111,8 @@ typedef enum { * once. **/ typedef struct { char d[N_DIGEST_ALGORITHMS][DIGEST512_LEN]; } digests_t; char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]; } common_digests_t; typedef struct crypto_pk_t crypto_pk_t; typedef struct crypto_cipher_t crypto_cipher_t; Loading Loading @@ -191,7 +192,8 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to, int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len); crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len); int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out); int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out); int crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out); int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space); int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out); Loading Loading @@ -220,7 +222,7 @@ int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm); int crypto_digest512(char *digest, const char *m, size_t len, digest_algorithm_t algorithm); int crypto_digest_all(digests_t *ds_out, const char *m, size_t len); int crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len); struct smartlist_t; void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out, const char *prepend, Loading src/common/tortls.c +4 −4 Original line number Diff line number Diff line Loading @@ -685,13 +685,13 @@ MOCK_IMPL(STATIC tor_x509_cert_t *, cert->cert = x509_cert; crypto_digest_all(&cert->cert_digests, crypto_common_digests(&cert->cert_digests, (char*)cert->encoded, cert->encoded_len); if ((pkey = X509_get_pubkey(x509_cert)) && (rsa = EVP_PKEY_get1_RSA(pkey))) { crypto_pk_t *pk = crypto_new_pk_from_rsa_(rsa); crypto_pk_get_all_digests(pk, &cert->pkey_digests); crypto_pk_get_common_digests(pk, &cert->pkey_digests); cert->pkey_digests_set = 1; crypto_pk_free(pk); EVP_PKEY_free(pkey); Loading Loading @@ -754,7 +754,7 @@ tor_x509_cert_get_der(const tor_x509_cert_t *cert, /** Return a set of digests for the public key in <b>cert</b>, or NULL if this * cert's public key is not one we know how to take the digest of. */ const digests_t * const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert) { if (cert->pkey_digests_set) Loading @@ -764,7 +764,7 @@ tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert) } /** Return a set of digests for the public key in <b>cert</b>. */ const digests_t * const common_digests_t * tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert) { return &cert->cert_digests; Loading src/common/tortls.h +6 −4 Original line number Diff line number Diff line Loading @@ -82,8 +82,8 @@ struct tor_x509_cert_t { uint8_t *encoded; size_t encoded_len; unsigned pkey_digests_set : 1; digests_t cert_digests; digests_t pkey_digests; common_digests_t cert_digests; common_digests_t pkey_digests; }; /** Holds a SSL object and its associated data. Members are only Loading Loading @@ -238,8 +238,10 @@ tor_x509_cert_t *tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len); void tor_x509_cert_get_der(const tor_x509_cert_t *cert, const uint8_t **encoded_out, size_t *size_out); const digests_t *tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert); const digests_t *tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert); const common_digests_t *tor_x509_cert_get_id_digests( const tor_x509_cert_t *cert); const common_digests_t *tor_x509_cert_get_cert_digests( const tor_x509_cert_t *cert); int tor_tls_get_my_certs(int server, const tor_x509_cert_t **link_cert_out, const tor_x509_cert_t **id_cert_out); Loading src/or/channeltls.c +3 −2 Original line number Diff line number Diff line Loading @@ -1819,7 +1819,8 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) chan->conn->handshake_state->authenticated = 1; { const digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert); const common_digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert); crypto_pk_t *identity_rcvd; if (!id_digests) ERR("Couldn't compute digests for key in ID cert"); Loading Loading @@ -2109,7 +2110,7 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan) { crypto_pk_t *identity_rcvd = tor_tls_cert_get_key(chan->conn->handshake_state->id_cert); const digests_t *id_digests = const common_digests_t *id_digests = tor_x509_cert_get_id_digests(chan->conn->handshake_state->id_cert); /* This must exist; we checked key type when reading the cert. */ Loading Loading
src/common/crypto.c +7 −21 Original line number Diff line number Diff line Loading @@ -1327,7 +1327,7 @@ crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out) /** Compute all digests of the DER encoding of <b>pk</b>, and store them * in <b>digests_out</b>. Return 0 on success, -1 on failure. */ int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out) crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out) { unsigned char *buf = NULL; int len; Loading @@ -1335,7 +1335,7 @@ crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out) len = i2d_RSAPublicKey(pk->key, &buf); if (len < 0 || buf == NULL) return -1; if (crypto_digest_all(digests_out, (char*)buf, len) < 0) { if (crypto_common_digests(digests_out, (char*)buf, len) < 0) { OPENSSL_free(buf); return -1; } Loading Loading @@ -1649,33 +1649,19 @@ crypto_digest512(char *digest, const char *m, size_t len, == -1); } /** Set the digests_t in <b>ds_out</b> to contain every digest on the /** Set the common_digests_t in <b>ds_out</b> to contain every digest on the * <b>len</b> bytes in <b>m</b> that we know how to compute. Return 0 on * success, -1 on failure. */ int crypto_digest_all(digests_t *ds_out, const char *m, size_t len) crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len) { int i; tor_assert(ds_out); memset(ds_out, 0, sizeof(*ds_out)); if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0) return -1; for (i = DIGEST_SHA256; i < N_DIGEST_ALGORITHMS; ++i) { switch (i) { case DIGEST_SHA256: /* FALLSTHROUGH */ case DIGEST_SHA3_256: if (crypto_digest256(ds_out->d[i], m, len, i) < 0) return -1; break; case DIGEST_SHA512: case DIGEST_SHA3_512: /* FALLSTHROUGH */ if (crypto_digest512(ds_out->d[i], m, len, i) < 0) return -1; break; default: if (crypto_digest256(ds_out->d[DIGEST_SHA256], m, len, DIGEST_SHA256) < 0) return -1; } } return 0; } Loading
src/common/crypto.h +7 −5 Original line number Diff line number Diff line Loading @@ -100,8 +100,9 @@ typedef enum { DIGEST_SHA3_512 = 4, } digest_algorithm_t; #define N_DIGEST_ALGORITHMS (DIGEST_SHA3_512+1) #define N_COMMON_DIGEST_ALGORITHMS (DIGEST_SHA256+1) /** A set of all the digests we know how to compute, taken on a single /** A set of all the digests we commonly compute, taken on a single * string. Any digests that are shorter than 512 bits are right-padded * with 0 bits. * Loading @@ -110,8 +111,8 @@ typedef enum { * once. **/ typedef struct { char d[N_DIGEST_ALGORITHMS][DIGEST512_LEN]; } digests_t; char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]; } common_digests_t; typedef struct crypto_pk_t crypto_pk_t; typedef struct crypto_cipher_t crypto_cipher_t; Loading Loading @@ -191,7 +192,8 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to, int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len); crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len); int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out); int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out); int crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out); int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space); int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out); Loading Loading @@ -220,7 +222,7 @@ int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm); int crypto_digest512(char *digest, const char *m, size_t len, digest_algorithm_t algorithm); int crypto_digest_all(digests_t *ds_out, const char *m, size_t len); int crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len); struct smartlist_t; void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out, const char *prepend, Loading
src/common/tortls.c +4 −4 Original line number Diff line number Diff line Loading @@ -685,13 +685,13 @@ MOCK_IMPL(STATIC tor_x509_cert_t *, cert->cert = x509_cert; crypto_digest_all(&cert->cert_digests, crypto_common_digests(&cert->cert_digests, (char*)cert->encoded, cert->encoded_len); if ((pkey = X509_get_pubkey(x509_cert)) && (rsa = EVP_PKEY_get1_RSA(pkey))) { crypto_pk_t *pk = crypto_new_pk_from_rsa_(rsa); crypto_pk_get_all_digests(pk, &cert->pkey_digests); crypto_pk_get_common_digests(pk, &cert->pkey_digests); cert->pkey_digests_set = 1; crypto_pk_free(pk); EVP_PKEY_free(pkey); Loading Loading @@ -754,7 +754,7 @@ tor_x509_cert_get_der(const tor_x509_cert_t *cert, /** Return a set of digests for the public key in <b>cert</b>, or NULL if this * cert's public key is not one we know how to take the digest of. */ const digests_t * const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert) { if (cert->pkey_digests_set) Loading @@ -764,7 +764,7 @@ tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert) } /** Return a set of digests for the public key in <b>cert</b>. */ const digests_t * const common_digests_t * tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert) { return &cert->cert_digests; Loading
src/common/tortls.h +6 −4 Original line number Diff line number Diff line Loading @@ -82,8 +82,8 @@ struct tor_x509_cert_t { uint8_t *encoded; size_t encoded_len; unsigned pkey_digests_set : 1; digests_t cert_digests; digests_t pkey_digests; common_digests_t cert_digests; common_digests_t pkey_digests; }; /** Holds a SSL object and its associated data. Members are only Loading Loading @@ -238,8 +238,10 @@ tor_x509_cert_t *tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len); void tor_x509_cert_get_der(const tor_x509_cert_t *cert, const uint8_t **encoded_out, size_t *size_out); const digests_t *tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert); const digests_t *tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert); const common_digests_t *tor_x509_cert_get_id_digests( const tor_x509_cert_t *cert); const common_digests_t *tor_x509_cert_get_cert_digests( const tor_x509_cert_t *cert); int tor_tls_get_my_certs(int server, const tor_x509_cert_t **link_cert_out, const tor_x509_cert_t **id_cert_out); Loading
src/or/channeltls.c +3 −2 Original line number Diff line number Diff line Loading @@ -1819,7 +1819,8 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) chan->conn->handshake_state->authenticated = 1; { const digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert); const common_digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert); crypto_pk_t *identity_rcvd; if (!id_digests) ERR("Couldn't compute digests for key in ID cert"); Loading Loading @@ -2109,7 +2110,7 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan) { crypto_pk_t *identity_rcvd = tor_tls_cert_get_key(chan->conn->handshake_state->id_cert); const digests_t *id_digests = const common_digests_t *id_digests = tor_x509_cert_get_id_digests(chan->conn->handshake_state->id_cert); /* This must exist; we checked key type when reading the cert. */ Loading
