Nss rsa #259
Merged
Nss rsa #259
Conversation
When it is set, include the NSS headers and libraries as appropriate. Doesn't actually use them yet, though.
These are now part of crypto_init.c. The openssl-only parts now live in crypto_openssl_mgt.c. I recommend reviewing this patch with -b and --color-moved.
This is largely conjectural, based on online documentation for NSS and NSPR.
We need this in our unit tests, since otherwise NSS will notice we've forked and start cussing us out. I suspect we'll need a different hack for daemonizing, but this should be enough for tinytest to work.
This was a fairly straightforward port, once I realized which layer I should be calling into.
This is comparatively straightforward too, except for a couple of
twists:
* For as long as we're building with two crypto libraries, we
want to seed _both_ their RNGs, and use _both_ their RNGs to
improve the output of crypto_strongest_rand()
* The NSS prng will sometimes refuse to generate huge outputs.
When it does, we stretch the output with SHAKE. We only need
this for the tests.
We only ever need this to get us a DH ephemeral key object, so make a function that does just that.
Notably, there's a test to make sure that it round-trips with OpenSSL, if OpenSSL is enabled.
(We do this unconditionally, since we still need it for tortls.c)
nmathewson
force-pushed
the
nss_rsa
branch
2 times, most recently
from
b7fef99
to
857aed8
It is not nice to expose a private key's contents without having the function name advertise the fact. Fortunately, we weren't misusing these yet.
These functions exist only to expose RSA keys to other places in Tor that use OpenSSL; let's be specific about their purpose.
This cleans up a lot of junk from crypto_rsa_openssl, and will save us duplicated code in crypto_rsa_nss (when it exists). (Actually, it already exists, but I am going to use git rebase so that this commit precedes the creation of crypto_rsa_nss.)
asn-d6
reviewed
Aug 29, 2018
asn-d6
reviewed
Aug 29, 2018
asn-d6
reviewed
Aug 29, 2018
src/lib/crypt_ops/crypto_rsa.c
Outdated
| crypto_pk_base64_decode_private(const char *str, size_t len) | ||
| { | ||
| crypto_pk_t *pk = NULL; | ||
|
|
It's not documented in this function what len is here. It's the siez of str and also the size of der? Shouldn't base64_decode() expand the data such that it doesn't fit?
asn-d6
reviewed
Aug 29, 2018
asn-d6
reviewed
Aug 29, 2018
asn-d6
reviewed
Aug 29, 2018
asn-d6
reviewed
Aug 29, 2018
asn-d6
reviewed
Aug 29, 2018
asn-d6
reviewed
Aug 29, 2018
| crypto_pk_asn1_encode(const crypto_pk_t *pk, char *dest, size_t dest_len) | ||
| { | ||
| tor_assert(pk); | ||
| if (pk->pubkey == NULL) |
Should we use check_key?
asn-d6
reviewed
Aug 29, 2018
review
asn-d6
reviewed
Aug 29, 2018
review
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
No description provided.
The text was updated successfully, but these errors were encountered: