| Commit message (Expand) | Author | Age |
|---|
| * | Merge branch 'ntor-resquashed'•••Conflicts:
src/or/cpuworker.c
src/or/or.h
src/test/bench.c
| Nick Mathewson | 2013-01-03 |
| |\ |
|
| | * | Check all crypto_rand return values for ntor. | Nick Mathewson | 2013-01-03 |
| | * | Use safe_mem_is_zero for checking curve25519 output for 0-ness•••This should make the intent more explicit. Probably needless, though.
| Nick Mathewson | 2013-01-03 |
| | * | Implement a constant-time safe_mem_is_zero. | Nick Mathewson | 2013-01-03 |
| | * | Make libcurve25519_donna get built as a .a•••This lets us give it compiler flags differing from the rest of
libor-crypto.a
| Nick Mathewson | 2013-01-03 |
| | * | Move curve25519 keypair type to src/common; give it functions•••This patch moves curve25519_keypair_t from src/or/onion_ntor.h to
src/common/crypto_curve25519.h, and adds new functions to generate,
load, and store keypairs.
| Nick Mathewson | 2013-01-02 |
| | * | Refactor strong os-RNG into its own function•••Previously, we only used the strong OS entropy source as part of
seeding OpenSSL's RNG. But with curve25519, we'll have occasion to
want to generate some keys using extremely-good entopy, as well as the
means to do so. So let's!
This patch refactors the OS-entropy wrapper into its own
crypto_strongest_rand() function, and makes our new
curve25519_secret_key_generate function try it as appropriate.
| Nick Mathewson | 2013-01-02 |
| | * | Add a wrapper around, and test and build support for, curve25519.•••We want to use donna-c64 when we have a GCC with support for
64x64->uint128_t multiplying. If not, we want to use libnacl if we
can, unless it's giving us the unsafe "ref" implementation. And if
that isn't going to work, we'd like to use the
portable-and-safe-but-slow 32-bit "donna" implementation.
We might need more library searching for the correct libnacl,
especially once the next libnacl release is out -- it's likely to have
bunches of better curve25519 implementations.
I also define a set of curve25519 wrapper functions, though it really
shouldn't be necessary.
We should eventually make the -donna*.c files get build with
-fomit-frame-pointer, since that can make a difference.
| Nick Mathewson | 2013-01-02 |
| | * | Add a data-invariant linear-search map structure•••I'm going to use this for looking op keys server-side for ntor.
| Nick Mathewson | 2013-01-02 |
| | * | Implement HKDF from RFC5869•••This is a customizable extract-and-expand HMAC-KDF for deriving keys.
It derives from RFC5869, which derives its rationale from Krawczyk,
H., "Cryptographic Extraction and Key Derivation: The HKDF Scheme",
Proceedings of CRYPTO 2010, 2010, <http://eprint.iacr.org/2010/264>.
I'm also renaming the existing KDF, now that Tor has two of them.
This is the key derivation scheme specified in ntor.
There are also unit tests.
| Nick Mathewson | 2012-12-06 |
| | * | Add a crypto_dh_dup, for benchmark support | Nick Mathewson | 2012-12-06 |
| * | | Fix a couple of harmless clang3.2 warnings | Sebastian Hahn | 2012-12-31 |
| * | | One last fix for a warning on non-EC systems | Nick Mathewson | 2012-12-25 |
| * | | Be more noncomittal about performance improvement of uint128 backend. | Nick Mathewson | 2012-12-25 |
| * | | Make ECDHE group configurable: 224 for public, 256 for bridges (default) | Nick Mathewson | 2012-12-25 |
| * | | Inform the user if they're passing up a 10x ECDH speedup. | Nick Mathewson | 2012-12-25 |
| * | | Let servers choose better ciphersuites when clients support them•••This implements the server-side of proposal 198 by detecting when
clients lack the magic list of ciphersuites that indicates that
they're lying faking some ciphers they don't really have. When
clients lack this list, we can choose any cipher that we'd actually
like. The newly allowed ciphersuites are, currently, "All ECDHE-RSA
ciphers that openssl supports, except for ECDHE-RSA-RC4".
The code to detect the cipher list relies on on (ab)use of
SSL_set_session_secret_cb.
| Nick Mathewson | 2012-12-25 |
| * | | Remove the address argument from client cipher classification fns | Nick Mathewson | 2012-12-25 |
| * | | Cache the type of client cipher list we have in the tor_tls_t•••We already use this classification for deciding whether (as a server)
to do a v2/v3 handshake, and we're about to start using it for
deciding whether we can use good ciphersuites too.
| Nick Mathewson | 2012-12-25 |
| * | | prop198: Detect the list of ciphersuites we used to lie about having•••This is less easy than you might think; we can't just look at the
client ciphers list, since openssl doesn't remember client ciphers if
it doesn't know about them. So we have to keep a list of the "v2"
ciphers, with the ones we don't know about removed.
| Nick Mathewson | 2012-12-25 |
| * | | Configure SSL context to know about using P-256 for ECDHE. | Nick Mathewson | 2012-12-25 |
| * | | Nuke uses of memcmp outside of unit tests•••We want to be saying fast_mem{cmp,eq,neq} when we're doing a
comparison that's allowed to exit early, or tor_mem{cmp,eq,neq} when
we need a data-invariant timing. Direct use of memcmp tends to imply
that we haven't thought about the issue.
| Nick Mathewson | 2012-12-13 |
| * | | Merge branch 'win64-7260'•••Conflicts:
src/or/dns.c
| Nick Mathewson | 2012-12-07 |
| |\ \
| |/
|/| |
|
| | * | Add a TOR_SOCKET_T_FORMAT construction for logging sockets.•••We need this since win64 has a 64-bit SOCKET type.
Based on a patch from yayooo for 7260, forward-ported to 0.2.4.
| Nick Mathewson | 2012-11-02 |
| | * | Add a PID_T_FORMAT for writing pids to logs•••This is based on code by yayooo for 7260, but:
- It allows for SIZEOF_PID_T == SIZEOF_SHORT
- It addresses some additional cases where we weren't getting any
warnings only because we were casting pid_t to int.
| Nick Mathewson | 2012-11-02 |
| | * | Remove an unused variable; part of mingw64 patch from yayooo | Nick Mathewson | 2012-11-02 |
| | * | Compile (with warnings) with mingw64•••Patch from yayooo for bug 7260, forward-ported to 0.2.4.
| Nick Mathewson | 2012-11-02 |
| * | | Merge branch 'bug7013_take2_squashed' | Nick Mathewson | 2012-11-27 |
| |\ \ |
|
| | * | | Introduce tor_addr_port_parse() and use it to parse ServerTransportListenAddr. | George Kadianakis | 2012-11-27 |
| * | | | Note limitation of parse_rfc_1123_time•••RFC1123 suggests that we should handle two-year times, and a full
range of time zones, and other stuff too. We don't.
| Nick Mathewson | 2012-11-23 |
| * | | | In comments and logs, say "UTC" not "GMT"•••Fix for #6113.
Note that the RFC1123 times we generate still all say 'GMT'. I'm
going to suggest this is not worth changing.
| Nick Mathewson | 2012-11-23 |
| * | | | Refer to RFC 4648 instead of the obsolete RFC 3548•••Affects comments only. For ticket 6849.
| Nick Mathewson | 2012-11-23 |
| * | | | Add some missing doxygen for ipv6 exit code | Nick Mathewson | 2012-11-14 |
| * | | | Add a function to set a tor_addr_t to a null address | Nick Mathewson | 2012-11-14 |
| * | | | Add a new family-specific syntax for tor_addr_parse_mask_ports•••By default, "*" means "All IPv4 addresses" with
tor_addr_parse_mask_ports, so I won't break anything. But if the new
EXTENDED_STAR flag is provided, then * means "any address", *4 means
"any IPv4 address" (that is, 0.0.0.0/0), and "*6" means "any IPv6
address" (that is, [::]/0).
This is going to let us have a syntax for specifying exit policies in
torrc that won't drive people mad.
Also, add a bunch of unit tests for tor_addr_parse_mask_ports to test
these new features, and to increase coverage.
| Nick Mathewson | 2012-11-14 |
| * | | | Merge remote-tracking branch 'origin/maint-0.2.3' | Nick Mathewson | 2012-11-08 |
| |\ \ \ |
|
| | * | | | Turn a memwipe in tor_process_handle_destroy() back to memset•••It broke linking on tor-resolve.c, and it's not actually sanitizing
anything sensitive. Fix for bug 7420; bug not on ony released Tor.
| Nick Mathewson | 2012-11-08 |
| * | | | | Merge remote-tracking branch 'origin/maint-0.2.3'•••Conflicts:
src/common/crypto.c
src/or/rendservice.c
| Nick Mathewson | 2012-11-08 |
| |\| | | |
|
| | * | | | Add and use and unlikely-to-be-eliminated memwipe()•••Apparently some compilers like to eliminate memset() operations on
data that's about to go out-of-scope. I've gone with the safest
possible replacement, which might be a bit slow. I don't think this
is critical path in any way that will affect performance, but if it
is, we can work on that in 0.2.4.
Fixes bug 7352.
| Nick Mathewson | 2012-11-08 |
| * | | | | Add warning message when a managed proxy dies during configuration. | George Kadianakis | 2012-11-06 |
| | |_|/
|/| | |
|
| * | | | touch-ups | Roger Dingledine | 2012-10-26 |
| * | | | Change changes file and comment for 7189, for making it 0.2.4-only for now | Nick Mathewson | 2012-10-24 |
| * | | | Merge remote-tracking branch 'public/bug7189_tentative' | Nick Mathewson | 2012-10-24 |
| |\ \ \ |
|
| | * | | | Only disable TLS tickets when being/acting as a server.•••Fix for bug 7189.
| Nick Mathewson | 2012-10-24 |
| | |/ / |
|
| | * | | Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 | Nick Mathewson | 2012-10-23 |
| | |\ \ |
|
| | | * | | Fix binary search on lists of 0 or 1 element.•••The implementation we added has a tendency to crash with lists of 0 or
one element. That can happen if we get a consensus vote, v2
consensus, consensus, or geoip file with 0 or 1 element. There's a
DOS opportunity there that authorities could exploit against one
another, and which an evil v2 authority could exploit against anything
downloading v2 directory information..
This fix is minimalistic: It just adds a special-case for 0- and
1-element lists. For 0.2.4 (the current alpha series) we'll want a
better patch.
This is bug 7191; it's a fix on 0.2.0.10-alpha.
| Nick Mathewson | 2012-10-23 |
| * | | | | Rewrite smartlist_bsearch_idx() to not be broken for lists of length zero or ... | Andrea Shepard | 2012-10-23 |
| | |_|/
|/| | |
|
| * | | | Merge remote-tracking branch 'origin/maint-0.2.3' | Nick Mathewson | 2012-10-19 |
| |\| | |
|
| | * | | Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 | Nick Mathewson | 2012-10-19 |
| | |\| |
|
| | | * | Disable TLS Session Tickets, which we were apparently getting for free•••OpenSSL 1.0.0 added an implementation of TLS session tickets, a
"feature" that let session resumption occur without server-side state
by giving clients an encrypted "ticket" that the client could present
later to get the session going again with the same keys as before.
OpenSSL was giving the keys to decrypt these tickets the lifetime of
the SSL contexts, which would have been terrible for PFS if we had
long-lived SSL contexts. Fortunately, we don't. Still, it's pretty
bad. We should also drop these, since our use of the extension stands
out with our non-use of session cacheing.
Found by nextgens. Bugfix on all versions of Tor when built with
openssl 1.0.0 or later. Fixes bug 7139.
| Nick Mathewson | 2012-10-19 |