diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/common/crypto.c | 32 | ||||
-rw-r--r-- | src/common/crypto.h | 2 | ||||
-rw-r--r-- | src/common/tortls.c | 6 | ||||
-rw-r--r-- | src/common/util.c | 30 |
4 files changed, 40 insertions, 30 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 12a57dfa5..5304180e3 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -452,7 +452,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env, return r; } -/* Return true iff env has a good key. +/* Return true iff env has a valid key. */ int crypto_pk_check_key(crypto_pk_env_t *env) { @@ -543,10 +543,10 @@ int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, i return r; } -/* Check a 'fromlen' bytes signature from 'from' with the public key - * in 'env', using PKCS1 padding. On success, write the signed data - * to 'to', and return the number of bytes written. On failure, - * return -1. +/* Check the signature in 'from' ('fromlen' bytes long) with the + * public key in 'env', using PKCS1 padding. On success, write the + * signed data to 'to', and return the number of bytes written. + * On failure, return -1. */ int crypto_pk_public_checksig(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to) { @@ -554,8 +554,10 @@ int crypto_pk_public_checksig(crypto_pk_env_t *env, const unsigned char *from, i tor_assert(env && from && to); r = RSA_public_decrypt(fromlen, (unsigned char*)from, to, env->key, RSA_PKCS1_PADDING); - if (r<0) + if (r<0) { crypto_log_errors(LOG_WARN, "checking RSA signature"); + return -1; + } return r; } @@ -573,8 +575,10 @@ int crypto_pk_private_sign(crypto_pk_env_t *env, const unsigned char *from, int return -1; r = RSA_private_encrypt(fromlen, (unsigned char*)from, to, env->key, RSA_PKCS1_PADDING); - if (r<0) + if (r<0) { crypto_log_errors(LOG_WARN, "generating RSA signature"); + return -1; + } return r; } @@ -770,7 +774,7 @@ int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, int dest_len) } /* Decode an ASN.1-encoded public key from str; return the result on - * success and -1 on failure. + * success and NULL on failure. */ crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, int len) { @@ -879,8 +883,8 @@ int crypto_cipher_generate_key(crypto_cipher_env_t *env) return crypto_rand(CIPHER_KEY_LEN, env->key); } -/* Set the symmetric key for the cipehr in 'env' to CIPHER_KEY_LEN - * bytes from 'key'. Does not initialize the cipher. +/* Set the symmetric key for the cipher in 'env' to the first + * CIPHER_KEY_LEN bytes of 'key'. Does not initialize the cipher. */ int crypto_cipher_set_key(crypto_cipher_env_t *env, const unsigned char *key) { @@ -1177,7 +1181,7 @@ int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey, int pubkey_len) * bytes of shared key material and write them to 'secret_out'. * * (We generate key material by computing - * SHA11( g^xy || "\x00" ) || SHA1( g^xy || "\x01" ) || ... + * SHA1( g^xy || "\x00" ) || SHA1( g^xy || "\x01" ) || ... * where || is concatenation.) * */ @@ -1336,7 +1340,8 @@ int crypto_pseudo_rand_int(unsigned int max) { /* Base-64 encode 'srclen' bytes of data from 'src'. Write the result * into 'dest', if it will fit within 'destlen' bytes. Return the - * number of bytes written on success; -1 on failure. + * number of bytes written on success; -1 if destlen is too short, + * or other failure. */ int base64_encode(char *dest, int destlen, const char *src, int srclen) @@ -1359,7 +1364,8 @@ base64_encode(char *dest, int destlen, const char *src, int srclen) /* Base-64 decode 'srclen' bytes of data from 'src'. Write the result * into 'dest', if it will fit within 'destlen' bytes. Return the - * number of bytes written on success; -1 on failure. + * number of bytes written on success; -1 if destlen is too short, + * or other failure. */ int base64_decode(char *dest, int destlen, const char *src, int srclen) diff --git a/src/common/crypto.h b/src/common/crypto.h index 4d763cf7b..a6b269f5d 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -16,7 +16,7 @@ /* Length of our DH keys. */ #define DH_BYTES (1024/8) -/* Constants used to indicate disired public-key padding functions. */ +/* Constants used to indicate desired public-key padding functions. */ #define PK_NO_PADDING 60000 #define PK_PKCS1_PADDING 60001 #define PK_PKCS1_OAEP_PADDING 60002 diff --git a/src/common/tortls.c b/src/common/tortls.c index 05cc0200e..e480f79e7 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -33,7 +33,7 @@ typedef struct tor_tls_context_st { SSL_CTX *ctx; } tor_tls_context; -/* Holds a SSL object and it associated data. +/* Holds a SSL object and its associated data. */ struct tor_tls_st { SSL *ssl; @@ -41,7 +41,7 @@ struct tor_tls_st { enum { TOR_TLS_ST_HANDSHAKE, TOR_TLS_ST_OPEN, TOR_TLS_ST_GOTCLOSE, TOR_TLS_ST_SENTCLOSE, TOR_TLS_ST_CLOSED - } state; /* The current SSL state, depending on which operatios have + } state; /* The current SSL state, depending on which operations have * completed successfully. */ int isServer; int wantwrite_n; /* 0 normally, >0 if we returned wantwrite last time */ @@ -99,7 +99,7 @@ tls_log_errors(int severity, const char *doing) * _TOR_TLS_ZERORETURN instead of reporting zero-return errors. * * If an error has occurred, log it at level 'severity' and describe the - * current action as 'doing.' + * current action as 'doing'. */ static int tor_tls_get_error(tor_tls *tls, int r, int extra, diff --git a/src/common/util.c b/src/common/util.c index b788f675c..f2c6cf7ad 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -281,9 +281,9 @@ void smartlist_free(smartlist_t *sl) { } /* Change the capacity of the smartlist to 'n', so that we can grow - * the list upt to'n' elements with no further reallocation or wasted + * the list up to 'n' elements with no further reallocation or wasted * space. If 'n' is less than or equal to the number of elements - * currently in the list, reduces the list's capacity as much as + * currently in the list, reduce the list's capacity as much as * possible without losing elements. */ void smartlist_set_capacity(smartlist_t *sl, int n) { @@ -320,7 +320,7 @@ void smartlist_add(smartlist_t *sl, void *element) { sl->list[sl->num_used++] = element; } -/* Append each elements from S2 to the end of S1. */ +/* Append each element from S2 to the end of S1. */ void smartlist_add_all(smartlist_t *sl, const smartlist_t *s2) { SMARTLIST_FOREACH(s2, void *, element, smartlist_add(sl, element)); @@ -440,7 +440,7 @@ int smartlist_len(const smartlist_t *sl) return sl->num_used; } /* Insert the value 'val' as the new 'idx'th element of 'sl', moving all - * items previously at 'idx' or later forward on space. + * items previously at 'idx' or later forward one space. */ void smartlist_insert(smartlist_t *sl, int idx, void *val) { @@ -785,7 +785,8 @@ void tor_gettimeofday(struct timeval *timeval) { return; } -/* Returns the number of microseconds elapsed between *start and *end. +/* Return the number of microseconds elapsed between *start and *end. + * If start is after end, return 0. */ long tv_udiff(struct timeval *start, struct timeval *end) @@ -981,9 +982,12 @@ void spawn_exit() * socketpair.) * * Currently, only (AF_UNIX, SOCK_STREAM, 0 ) sockets are supported. - * Note that on systems without socketpair, this call will sometimes - * fail if localhost is inaccessible (for example, if the networking - * stack is down). + * + * Note that on systems without socketpair, this call will fail if + * localhost is inaccessible (for example, if the networking + * stack is down). And even if it succeeds, the socket pair will not + * be able to read while localhost is down later (the socket pair may + * even close, depending on OS-specific timeouts). **/ int tor_socketpair(int family, int type, int protocol, int fd[2]) @@ -1131,8 +1135,8 @@ file_status_t file_status(const char *fname) return FN_ERROR; } -/* Check whether dirname exists and is private. If yes returns 0. If - * it does not exist, and create is set, try to creat it and return 0 +/* Check whether dirname exists and is private. If yes return 0. If + * it does not exist, and create is set, try to create it and return 0 * on success. Else return -1. */ int check_private_dir(const char *dirname, int create) { @@ -1336,7 +1340,7 @@ int is_internal_IP(uint32_t ip) { /* Hold the result of our call to 'uname'. */ static char uname_result[256]; -/* True iff uname_Result is set. */ +/* True iff uname_result is set. */ static int uname_result_is_set = 0; /* Return a pointer to a description of our platform. @@ -1465,7 +1469,7 @@ void start_daemon(char *cp) {} void finish_daemon(void) {} #endif -/* Write the current process ID, followed by NL, into 'filaname', +/* Write the current process ID, followed by NL, into 'filename', */ void write_pidfile(char *filename) { #ifndef MS_WINDOWS @@ -1536,7 +1540,7 @@ int switch_id(char *user, char *group) { /* Set *addr to the IP address (in dotted-quad notation) stored in c. * Return 1 on success, 0 if c is badly formatted. (Like inet_aton(c,addr), - * but works on Windows.) + * but works on Windows and Solaris.) */ int tor_inet_aton(const char *c, struct in_addr* addr) { |