Merge branch 'bug17795'

src/common/crypto.c

@@ -1327,7 +1327,7 @@ crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
 /** Compute all digests of the DER encoding of <b>pk</b>, and store them
  * in <b>digests_out</b>.  Return 0 on success, -1 on failure. */
 int
-crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out)
+crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out)
 {
   unsigned char *buf = NULL;
   int len;
@@ -1335,7 +1335,7 @@ crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out)
   len = i2d_RSAPublicKey(pk->key, &buf);
   if (len < 0 || buf == NULL)
     return -1;
-  if (crypto_digest_all(digests_out, (char*)buf, len) < 0) {
+  if (crypto_common_digests(digests_out, (char*)buf, len) < 0) {
     OPENSSL_free(buf);
     return -1;
   }
@@ -1649,33 +1649,19 @@ crypto_digest512(char *digest, const char *m, size_t len,
             == -1);
 }
 
-/** Set the digests_t in <b>ds_out</b> to contain every digest on the
+/** Set the common_digests_t in <b>ds_out</b> to contain every digest on the
  * <b>len</b> bytes in <b>m</b> that we know how to compute.  Return 0 on
  * success, -1 on failure. */
 int
-crypto_digest_all(digests_t *ds_out, const char *m, size_t len)
+crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len)
 {
-  int i;
   tor_assert(ds_out);
   memset(ds_out, 0, sizeof(*ds_out));
   if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0)
     return -1;
-  for (i = DIGEST_SHA256; i < N_DIGEST_ALGORITHMS; ++i) {
-      switch (i) {
-        case DIGEST_SHA256: /* FALLSTHROUGH */
-        case DIGEST_SHA3_256:
-          if (crypto_digest256(ds_out->d[i], m, len, i) < 0)
-            return -1;
-          break;
-        case DIGEST_SHA512:
-        case DIGEST_SHA3_512: /* FALLSTHROUGH */
-          if (crypto_digest512(ds_out->d[i], m, len, i) < 0)
-            return -1;
-          break;
-        default:
-          return -1;
-      }
-  }
+  if (crypto_digest256(ds_out->d[DIGEST_SHA256], m, len, DIGEST_SHA256) < 0)
+    return -1;
+
   return 0;
 }
 

src/common/crypto.h

@@ -100,8 +100,9 @@ typedef enum {
   DIGEST_SHA3_512 = 4,
 } digest_algorithm_t;
 #define  N_DIGEST_ALGORITHMS (DIGEST_SHA3_512+1)
+#define  N_COMMON_DIGEST_ALGORITHMS (DIGEST_SHA256+1)
 
-/** A set of all the digests we know how to compute, taken on a single
+/** A set of all the digests we commonly compute, taken on a single
  * string.  Any digests that are shorter than 512 bits are right-padded
  * with 0 bits.
  *
@@ -110,8 +111,8 @@ typedef enum {
  * once.
  **/
 typedef struct {
-  char d[N_DIGEST_ALGORITHMS][DIGEST512_LEN];
-} digests_t;
+  char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN];
+} common_digests_t;
 
 typedef struct crypto_pk_t crypto_pk_t;
 typedef struct crypto_cipher_t crypto_cipher_t;
@@ -191,7 +192,8 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to,
 int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len);
 crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len);
 int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
-int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out);
+int crypto_pk_get_common_digests(crypto_pk_t *pk,
+                                 common_digests_t *digests_out);
 int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
 int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);
 
@@ -220,7 +222,7 @@ int crypto_digest256(char *digest, const char *m, size_t len,
                      digest_algorithm_t algorithm);
 int crypto_digest512(char *digest, const char *m, size_t len,
                      digest_algorithm_t algorithm);
-int crypto_digest_all(digests_t *ds_out, const char *m, size_t len);
+int crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len);
 struct smartlist_t;
 void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
                                     const char *prepend,

src/common/tortls.c

@@ -685,13 +685,13 @@ MOCK_IMPL(STATIC tor_x509_cert_t *,
 
   cert->cert = x509_cert;
 
-  crypto_digest_all(&cert->cert_digests,
+  crypto_common_digests(&cert->cert_digests,
                     (char*)cert->encoded, cert->encoded_len);
 
   if ((pkey = X509_get_pubkey(x509_cert)) &&
       (rsa = EVP_PKEY_get1_RSA(pkey))) {
     crypto_pk_t *pk = crypto_new_pk_from_rsa_(rsa);
-    crypto_pk_get_all_digests(pk, &cert->pkey_digests);
+    crypto_pk_get_common_digests(pk, &cert->pkey_digests);
     cert->pkey_digests_set = 1;
     crypto_pk_free(pk);
     EVP_PKEY_free(pkey);
@@ -754,7 +754,7 @@ tor_x509_cert_get_der(const tor_x509_cert_t *cert,
 
 /** Return a set of digests for the public key in <b>cert</b>, or NULL if this
  * cert's public key is not one we know how to take the digest of. */
-const digests_t *
+const common_digests_t *
 tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
 {
   if (cert->pkey_digests_set)
@@ -764,7 +764,7 @@ tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
 }
 
 /** Return a set of digests for the public key in <b>cert</b>. */
-const digests_t *
+const common_digests_t *
 tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert)
 {
   return &cert->cert_digests;

src/common/tortls.h

@@ -82,8 +82,8 @@ struct tor_x509_cert_t {
   uint8_t *encoded;
   size_t encoded_len;
   unsigned pkey_digests_set : 1;
-  digests_t cert_digests;
-  digests_t pkey_digests;
+  common_digests_t cert_digests;
+  common_digests_t pkey_digests;
 };
 
 /** Holds a SSL object and its associated data.  Members are only
@@ -238,8 +238,10 @@ tor_x509_cert_t *tor_x509_cert_decode(const uint8_t *certificate,
                             size_t certificate_len);
 void tor_x509_cert_get_der(const tor_x509_cert_t *cert,
                       const uint8_t **encoded_out, size_t *size_out);
-const digests_t *tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert);
-const digests_t *tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert);
+const common_digests_t *tor_x509_cert_get_id_digests(
+                      const tor_x509_cert_t *cert);
+const common_digests_t *tor_x509_cert_get_cert_digests(
+                      const tor_x509_cert_t *cert);
 int tor_tls_get_my_certs(int server,
                          const tor_x509_cert_t **link_cert_out,
                          const tor_x509_cert_t **id_cert_out);

src/or/channeltls.c

@@ -1819,7 +1819,8 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
 
     chan->conn->handshake_state->authenticated = 1;
     {
-      const digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert);
+      const common_digests_t *id_digests =
+        tor_x509_cert_get_id_digests(id_cert);
       crypto_pk_t *identity_rcvd;
       if (!id_digests)
         ERR("Couldn't compute digests for key in ID cert");
@@ -2109,7 +2110,7 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
   {
     crypto_pk_t *identity_rcvd =
       tor_tls_cert_get_key(chan->conn->handshake_state->id_cert);
-    const digests_t *id_digests =
+    const common_digests_t *id_digests =
       tor_x509_cert_get_id_digests(chan->conn->handshake_state->id_cert);
 
     /* This must exist; we checked key type when reading the cert. */

src/or/connection_or.c

@@ -2318,7 +2318,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
 
   {
     const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL;
-    const digests_t *my_digests, *their_digests;
+    const common_digests_t *my_digests, *their_digests;
     const uint8_t *my_id, *their_id, *client_id, *server_id;
     if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
       goto err;

src/or/dirserv.c

@@ -1230,7 +1230,7 @@ free_cached_dir_(void *_d)
 void
 dirserv_set_cached_consensus_networkstatus(const char *networkstatus,
                                            const char *flavor_name,
-                                           const digests_t *digests,
+                                           const common_digests_t *digests,
                                            time_t published)
 {
   cached_dir_t *new_networkstatus;
@@ -1239,7 +1239,7 @@ dirserv_set_cached_consensus_networkstatus(const char *networkstatus,
     cached_consensuses = strmap_new();
 
   new_networkstatus = new_cached_dir(tor_strdup(networkstatus), published);
-  memcpy(&new_networkstatus->digests, digests, sizeof(digests_t));
+  memcpy(&new_networkstatus->digests, digests, sizeof(common_digests_t));
   old_networkstatus = strmap_set(cached_consensuses, flavor_name,
                                  new_networkstatus);
   if (old_networkstatus)

src/or/dirserv.h

@@ -63,9 +63,9 @@ int directory_too_idle_to_fetch_descriptors(const or_options_t *options,
 
 cached_dir_t *dirserv_get_consensus(const char *flavor_name);
 void dirserv_set_cached_consensus_networkstatus(const char *consensus,
-                                                const char *flavor_name,
-                                                const digests_t *digests,
-                                                time_t published);
+                                              const char *flavor_name,
+                                              const common_digests_t *digests,
+                                              time_t published);
 void dirserv_clear_old_networkstatuses(time_t cutoff);
 int dirserv_get_routerdesc_fingerprints(smartlist_t *fps_out, const char *key,
                                         const char **msg,

src/or/dirvote.c

@@ -2114,7 +2114,7 @@ networkstatus_add_detached_signatures(networkstatus_t *target,
 
   /** Make sure all the digests we know match, and at least one matches. */
   {
-    digests_t *digests = strmap_get(sigs->digests, flavor);
+    common_digests_t *digests = strmap_get(sigs->digests, flavor);
     int n_matches = 0;
     int alg;
     if (!digests) {

src/or/networkstatus.c

@@ -1526,7 +1526,7 @@ networkstatus_set_current_consensus(const char *consensus,
   const unsigned dl_certs = !(flags & NSSET_DONT_DOWNLOAD_CERTS);
   const unsigned accept_obsolete = flags & NSSET_ACCEPT_OBSOLETE;
   const unsigned require_flavor = flags & NSSET_REQUIRE_FLAVOR;
-  const digests_t *current_digests = NULL;
+  const common_digests_t *current_digests = NULL;
   consensus_waiting_for_certs_t *waiting = NULL;
   time_t current_valid_after = 0;
   int free_consensus = 1; /* Free 'c' at the end of the function */

src/or/or.h

@@ -1935,7 +1935,7 @@ typedef struct cached_dir_t {
   size_t dir_len; /**< Length of <b>dir</b> (not counting its NUL). */
   size_t dir_z_len; /**< Length of <b>dir_z</b>. */
   time_t published; /**< When was this object published. */
-  digests_t digests; /**< Digests of this object (networkstatus only) */
+  common_digests_t digests; /**< Digests of this object (networkstatus only) */
   int refcnt; /**< Reference count for this cached_dir_t. */
 } cached_dir_t;
 
@@ -2573,7 +2573,7 @@ typedef struct networkstatus_t {
   struct authority_cert_t *cert; /**< Vote only: the voter's certificate. */
 
   /** Digests of this document, as signed. */
-  digests_t digests;
+  common_digests_t digests;
 
   /** List of router statuses, sorted by identity digest.  For a vote,
    * the elements are vote_routerstatus_t; for a consensus, the elements

src/or/routerkeys.c

@@ -927,7 +927,7 @@ generate_ed_link_cert(const or_options_t *options, time_t now)
     return -1;
   }
 
-  const digests_t *digests = tor_x509_cert_get_cert_digests(link);
+  const common_digests_t *digests = tor_x509_cert_get_cert_digests(link);
 
   if (link_cert_cert &&
       ! EXPIRES_SOON(link_cert_cert, options->TestingLinkKeySlop) &&
@@ -972,7 +972,7 @@ should_make_new_ed_keys(const or_options_t *options, const time_t now)
   if (tor_tls_get_my_certs(1, &link, &id) < 0 || link == NULL)
     return 1;
 
-  const digests_t *digests = tor_x509_cert_get_cert_digests(link);
+  const common_digests_t *digests = tor_x509_cert_get_cert_digests(link);
 
   if (!fast_memeq(digests->d[DIGEST_SHA256],
                   link_cert_cert->signed_key.pubkey,

src/or/routerparse.c

@@ -538,7 +538,7 @@ static int router_get_hash_impl(const char *s, size_t s_len, char *digest,
                                 char end_char,
                                 digest_algorithm_t alg);
 static int router_get_hashes_impl(const char *s, size_t s_len,
-                                  digests_t *digests,
+                                  common_digests_t *digests,
                                   const char *start_str, const char *end_str,
                                   char end_char);
 static void token_clear(directory_token_t *tok);
@@ -638,7 +638,7 @@ router_get_router_hash(const char *s, size_t s_len, char *digest)
 /** Set <b>digests</b> to all the digests of the consensus document in
  * <b>s</b> */
 int
-router_get_networkstatus_v3_hashes(const char *s, digests_t *digests)
+router_get_networkstatus_v3_hashes(const char *s, common_digests_t *digests)
 {
   return router_get_hashes_impl(s,strlen(s),digests,
                                 "network-status-version",
@@ -2847,7 +2847,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
   smartlist_t *rs_tokens = NULL, *footer_tokens = NULL;
   networkstatus_voter_info_t *voter = NULL;
   networkstatus_t *ns = NULL;
-  digests_t ns_digests;
+  common_digests_t ns_digests;
   const char *cert, *end_of_header, *end_of_footer, *s_dup = s;
   directory_token_t *tok;
   int ok;
@@ -3443,15 +3443,16 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
   return ns;
 }
 
-/** Return the digests_t that holds the digests of the
+/** Return the common_digests_t that holds the digests of the
  * <b>flavor_name</b>-flavored networkstatus according to the detached
- * signatures document <b>sigs</b>, allocating a new digests_t as neeeded. */
-static digests_t *
+ * signatures document <b>sigs</b>, allocating a new common_digests_t as
+ * neeeded. */
+static common_digests_t *
 detached_get_digests(ns_detached_signatures_t *sigs, const char *flavor_name)
 {
-  digests_t *d = strmap_get(sigs->digests, flavor_name);
+  common_digests_t *d = strmap_get(sigs->digests, flavor_name);
   if (!d) {
-    d = tor_malloc_zero(sizeof(digests_t));
+    d = tor_malloc_zero(sizeof(common_digests_t));
     strmap_set(sigs->digests, flavor_name, d);
   }
   return d;
@@ -3459,7 +3460,7 @@ detached_get_digests(ns_detached_signatures_t *sigs, const char *flavor_name)
 
 /** Return the list of signatures of the <b>flavor_name</b>-flavored
  * networkstatus according to the detached signatures document <b>sigs</b>,
- * allocating a new digests_t as neeeded. */
+ * allocating a new common_digests_t as neeeded. */
 static smartlist_t *
 detached_get_signatures(ns_detached_signatures_t *sigs,
                         const char *flavor_name)
@@ -3481,7 +3482,7 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
    * networkstatus_parse_vote_from_string(). */
   directory_token_t *tok;
   memarea_t *area = NULL;
-  digests_t *digests;
+  common_digests_t *digests;
 
   smartlist_t *tokens = smartlist_new();
   ns_detached_signatures_t *sigs =
@@ -4444,7 +4445,7 @@ router_get_hash_impl(const char *s, size_t s_len, char *digest,
 
 /** As router_get_hash_impl, but compute all hashes. */
 static int
-router_get_hashes_impl(const char *s, size_t s_len, digests_t *digests,
+router_get_hashes_impl(const char *s, size_t s_len, common_digests_t *digests,
                        const char *start_str,
                        const char *end_str, char end_c)
 {
@@ -4453,7 +4454,7 @@ router_get_hashes_impl(const char *s, size_t s_len, digests_t *digests,
                                   &start,&end)<0)
     return -1;
 
-  if (crypto_digest_all(digests, start, end-start)) {
+  if (crypto_common_digests(digests, start, end-start)) {
     log_warn(LD_BUG,"couldn't compute digests");
     return -1;
   }

src/or/routerparse.h

@@ -14,7 +14,8 @@
 
 int router_get_router_hash(const char *s, size_t s_len, char *digest);
 int router_get_dir_hash(const char *s, char *digest);
-int router_get_networkstatus_v3_hashes(const char *s, digests_t *digests);
+int router_get_networkstatus_v3_hashes(const char *s,
+                                       common_digests_t *digests);
 int router_get_extrainfo_hash(const char *s, size_t s_len, char *digest);
 #define DIROBJ_MAX_SIG_LEN 256
 char *router_get_dirobj_signature(const char *digest,

src/test/test_crypto.c

@@ -1090,7 +1090,7 @@ test_crypto_digests(void *arg)
 {
   crypto_pk_t *k = NULL;
   ssize_t r;
-  digests_t pkey_digests;
+  common_digests_t pkey_digests;
   char digest[DIGEST_LEN];
 
   (void)arg;
@@ -1104,7 +1104,7 @@ test_crypto_digests(void *arg)
   tt_mem_op(hex_str(digest, DIGEST_LEN),OP_EQ,
              AUTHORITY_SIGNKEY_A_DIGEST, HEX_DIGEST_LEN);
 
-  r = crypto_pk_get_all_digests(k, &pkey_digests);
+  r = crypto_pk_get_common_digests(k, &pkey_digests);
 
   tt_mem_op(hex_str(pkey_digests.d[DIGEST_SHA1], DIGEST_LEN),OP_EQ,
              AUTHORITY_SIGNKEY_A_DIGEST, HEX_DIGEST_LEN);

src/test/test_dir.c

@@ -1999,11 +1999,13 @@ test_a_networkstatus(
     tt_assert(con_md3);
 
     /* All three should have the same digest. */
-    tt_mem_op(&con->digests,OP_EQ, &con2->digests, sizeof(digests_t));
-    tt_mem_op(&con->digests,OP_EQ, &con3->digests, sizeof(digests_t));
+    tt_mem_op(&con->digests,OP_EQ, &con2->digests, sizeof(common_digests_t));
+    tt_mem_op(&con->digests,OP_EQ, &con3->digests, sizeof(common_digests_t));
 
-    tt_mem_op(&con_md->digests,OP_EQ, &con_md2->digests, sizeof(digests_t));
-    tt_mem_op(&con_md->digests,OP_EQ, &con_md3->digests, sizeof(digests_t));
+    tt_mem_op(&con_md->digests,OP_EQ, &con_md2->digests,
+              sizeof(common_digests_t));
+    tt_mem_op(&con_md->digests,OP_EQ, &con_md3->digests,
+              sizeof(common_digests_t));
 
     /* Extract a detached signature from con3. */
     detached_text1 = get_detached_sigs(con3, con_md3);
@@ -2017,7 +2019,7 @@ test_a_networkstatus(
     tt_int_op(dsig1->fresh_until,OP_EQ, con3->fresh_until);
     tt_int_op(dsig1->valid_until,OP_EQ, con3->valid_until);
     {
-      digests_t *dsig_digests = strmap_get(dsig1->digests, "ns");
+      common_digests_t *dsig_digests = strmap_get(dsig1->digests, "ns");
       tt_assert(dsig_digests);
       tt_mem_op(dsig_digests->d[DIGEST_SHA1], OP_EQ,
                 con3->digests.d[DIGEST_SHA1], DIGEST_LEN);

src/test/test_dir_handle_get.c

@@ -1764,7 +1764,7 @@ static void
 status_vote_current_consensus_ns_test(char **header, char **body,
                                       size_t *body_len)
 {
-  digests_t digests;
+  common_digests_t digests;
   dir_connection_t *conn = NULL;
 
   #define NETWORK_STATUS "some network status string"

src/test/test_tortls.c

@@ -539,10 +539,10 @@ test_tortls_x509_cert_get_id_digests(void *ignored)
 {
   (void)ignored;
   tor_x509_cert_t *cert;
-  digests_t *d;
-  const digests_t *res;
+  common_digests_t *d;
+  const common_digests_t *res;
   cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
-  d = tor_malloc_zero(sizeof(digests_t));
+  d = tor_malloc_zero(sizeof(common_digests_t));
   d->d[0][0] = 42;
 
   res = tor_x509_cert_get_id_digests(cert);