Loading changes/ticket21841 0 → 100644 +4 −0 Original line number Diff line number Diff line o Code simplification and refactoring: - Isolate our usage of the openssl headers so that they are only used from our crypto wrapper modules, and from tests that examing those modules' internals. Closes ticket 21841. src/common/crypto.c +12 −0 Original line number Diff line number Diff line Loading @@ -3459,3 +3459,15 @@ crypto_global_cleanup(void) /** @} */ #ifdef USE_DMALLOC /** Tell the crypto library to use Tor's allocation functions rather than * calling libc's allocation functions directly. Return 0 on success, -1 * on failure. */ int crypto_use_tor_alloc_functions(void) { int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_); return r ? 0 : -1; } #endif src/common/crypto.h +4 −0 Original line number Diff line number Diff line Loading @@ -131,6 +131,10 @@ int crypto_early_init(void) ATTR_WUR; int crypto_global_init(int hardwareAccel, const char *accelName, const char *accelPath) ATTR_WUR; #ifdef USE_DMALLOC int crypto_use_tor_alloc_functions(void); #endif void crypto_thread_cleanup(void); int crypto_global_cleanup(void); Loading src/common/crypto_ed25519.c +8 −8 Original line number Diff line number Diff line Loading @@ -32,8 +32,6 @@ #include "ed25519/ref10/ed25519_ref10.h" #include "ed25519/donna/ed25519_donna_tor.h" #include <openssl/sha.h> static void pick_ed25519_impl(void); /** An Ed25519 implementation, as a set of function pointers. */ Loading Loading @@ -442,14 +440,16 @@ ed25519_keypair_from_curve25519_keypair(ed25519_keypair_t *out, { const char string[] = "Derive high part of ed25519 key from curve25519 key"; ed25519_public_key_t pubkey_check; SHA512_CTX ctx; uint8_t sha512_output[64]; crypto_digest_t *ctx; uint8_t sha512_output[DIGEST512_LEN]; memcpy(out->seckey.seckey, inp->seckey.secret_key, 32); SHA512_Init(&ctx); SHA512_Update(&ctx, out->seckey.seckey, 32); SHA512_Update(&ctx, string, sizeof(string)); SHA512_Final(sha512_output, &ctx); ctx = crypto_digest512_new(DIGEST_SHA512); crypto_digest_add_bytes(ctx, (const char*)out->seckey.seckey, 32); crypto_digest_add_bytes(ctx, (const char*)string, sizeof(string)); crypto_digest_get_digest(ctx, (char *)sha512_output, sizeof(sha512_output)); crypto_digest_free(ctx); memcpy(out->seckey.seckey + 32, sha512_output, 32); ed25519_public_key_generate(&out->pubkey, &out->seckey); Loading src/common/tortls.c +19 −0 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ #include "orconfig.h" #define TORTLS_PRIVATE #define TORTLS_OPENSSL_PRIVATE #include <assert.h> #ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/ Loading Loading @@ -2263,6 +2264,24 @@ check_cert_lifetime_internal(int severity, const X509 *cert, return 0; } #ifdef TOR_UNIT_TESTS /* Testing only: return a new x509 cert with the same contents as <b>inp</b>, but with the expiration time <b>new_expiration_time</b>, signed with <b>signing_key</b>. */ STATIC tor_x509_cert_t * tor_x509_cert_replace_expiration(const tor_x509_cert_t *inp, time_t new_expiration_time, crypto_pk_t *signing_key) { X509 *newc = X509_dup(inp->cert); X509_time_adj(X509_get_notAfter(newc), 0, &new_expiration_time); EVP_PKEY *pk = crypto_pk_get_evp_pkey_(signing_key, 1); tor_assert(X509_sign(newc, pk, EVP_sha256())); EVP_PKEY_free(pk); return tor_x509_cert_new(newc); } #endif /** Return the number of bytes available for reading from <b>tls</b>. */ int Loading Loading
changes/ticket21841 0 → 100644 +4 −0 Original line number Diff line number Diff line o Code simplification and refactoring: - Isolate our usage of the openssl headers so that they are only used from our crypto wrapper modules, and from tests that examing those modules' internals. Closes ticket 21841.
src/common/crypto.c +12 −0 Original line number Diff line number Diff line Loading @@ -3459,3 +3459,15 @@ crypto_global_cleanup(void) /** @} */ #ifdef USE_DMALLOC /** Tell the crypto library to use Tor's allocation functions rather than * calling libc's allocation functions directly. Return 0 on success, -1 * on failure. */ int crypto_use_tor_alloc_functions(void) { int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_); return r ? 0 : -1; } #endif
src/common/crypto.h +4 −0 Original line number Diff line number Diff line Loading @@ -131,6 +131,10 @@ int crypto_early_init(void) ATTR_WUR; int crypto_global_init(int hardwareAccel, const char *accelName, const char *accelPath) ATTR_WUR; #ifdef USE_DMALLOC int crypto_use_tor_alloc_functions(void); #endif void crypto_thread_cleanup(void); int crypto_global_cleanup(void); Loading
src/common/crypto_ed25519.c +8 −8 Original line number Diff line number Diff line Loading @@ -32,8 +32,6 @@ #include "ed25519/ref10/ed25519_ref10.h" #include "ed25519/donna/ed25519_donna_tor.h" #include <openssl/sha.h> static void pick_ed25519_impl(void); /** An Ed25519 implementation, as a set of function pointers. */ Loading Loading @@ -442,14 +440,16 @@ ed25519_keypair_from_curve25519_keypair(ed25519_keypair_t *out, { const char string[] = "Derive high part of ed25519 key from curve25519 key"; ed25519_public_key_t pubkey_check; SHA512_CTX ctx; uint8_t sha512_output[64]; crypto_digest_t *ctx; uint8_t sha512_output[DIGEST512_LEN]; memcpy(out->seckey.seckey, inp->seckey.secret_key, 32); SHA512_Init(&ctx); SHA512_Update(&ctx, out->seckey.seckey, 32); SHA512_Update(&ctx, string, sizeof(string)); SHA512_Final(sha512_output, &ctx); ctx = crypto_digest512_new(DIGEST_SHA512); crypto_digest_add_bytes(ctx, (const char*)out->seckey.seckey, 32); crypto_digest_add_bytes(ctx, (const char*)string, sizeof(string)); crypto_digest_get_digest(ctx, (char *)sha512_output, sizeof(sha512_output)); crypto_digest_free(ctx); memcpy(out->seckey.seckey + 32, sha512_output, 32); ed25519_public_key_generate(&out->pubkey, &out->seckey); Loading
src/common/tortls.c +19 −0 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ #include "orconfig.h" #define TORTLS_PRIVATE #define TORTLS_OPENSSL_PRIVATE #include <assert.h> #ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/ Loading Loading @@ -2263,6 +2264,24 @@ check_cert_lifetime_internal(int severity, const X509 *cert, return 0; } #ifdef TOR_UNIT_TESTS /* Testing only: return a new x509 cert with the same contents as <b>inp</b>, but with the expiration time <b>new_expiration_time</b>, signed with <b>signing_key</b>. */ STATIC tor_x509_cert_t * tor_x509_cert_replace_expiration(const tor_x509_cert_t *inp, time_t new_expiration_time, crypto_pk_t *signing_key) { X509 *newc = X509_dup(inp->cert); X509_time_adj(X509_get_notAfter(newc), 0, &new_expiration_time); EVP_PKEY *pk = crypto_pk_get_evp_pkey_(signing_key, 1); tor_assert(X509_sign(newc, pk, EVP_sha256())); EVP_PKEY_free(pk); return tor_x509_cert_new(newc); } #endif /** Return the number of bytes available for reading from <b>tls</b>. */ int Loading
