From: Nick Mathewson Date: Wed, 27 Jan 2016 18:10:17 +0000 (-0500) Subject: Restrict the meaning of digests_t to sha1+sha256. X-Git-Tag: tor-0.2.8.2-alpha~105^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39b597c2fd8b45ff61573c70c36e8a4846cf3a0e;p=thirdparty%2Ftor.git Restrict the meaning of digests_t to sha1+sha256. This saves CPU and RAM when handling consensuses and x509 certs. Closes ticket 17795; bug not in any released tor. --- diff --git a/src/common/crypto.c b/src/common/crypto.c index a42c461b14..9f1ce93f98 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1655,7 +1655,7 @@ crypto_digest_all(digests_t *ds_out, const char *m, size_t len) memset(ds_out, 0, sizeof(*ds_out)); if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0) return -1; - for (i = DIGEST_SHA256; i < N_DIGEST_ALGORITHMS; ++i) { + for (i = DIGEST_SHA256; i < N_COMMON_DIGEST_ALGORITHMS; ++i) { switch (i) { case DIGEST_SHA256: /* FALLSTHROUGH */ case DIGEST_SHA3_256: @@ -1664,6 +1664,7 @@ crypto_digest_all(digests_t *ds_out, const char *m, size_t len) break; case DIGEST_SHA512: case DIGEST_SHA3_512: /* FALLSTHROUGH */ + tor_assert(0); /* These won't fit. */ if (crypto_digest512(ds_out->d[i], m, len, i) < 0) return -1; break; diff --git a/src/common/crypto.h b/src/common/crypto.h index fa2ed610c7..73b94b77db 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -100,8 +100,10 @@ typedef enum { DIGEST_SHA3_512 = 4, } digest_algorithm_t; #define N_DIGEST_ALGORITHMS (DIGEST_SHA3_512+1) +#define N_COMMON_DIGEST_ALGORITHMS (DIGEST_SHA256+1) -/** A set of all the digests we know how to compute, taken on a single + +/** A set of all the digests we commonly compute, taken on a single * string. Any digests that are shorter than 512 bits are right-padded * with 0 bits. * @@ -110,7 +112,7 @@ typedef enum { * once. **/ typedef struct { - char d[N_DIGEST_ALGORITHMS][DIGEST512_LEN]; + char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]; } digests_t; typedef struct crypto_pk_t crypto_pk_t;