Commit Graph

29895 Commits

Author SHA1 Message Date
Nick Mathewson
03efb67b42 Debug one last reference-counting issue that only appeared on openssl master 2018-09-04 20:46:46 -04:00
Nick Mathewson
eeba944ee0 Fix an easy refcounting bug in a unit test 2018-09-04 20:25:25 -04:00
Nick Mathewson
0db5c54957 Merge branch 'nss_squashed' into nss_merge 2018-09-04 20:21:07 -04:00
Nick Mathewson
d644c93ae9 Resolve openssl-only memory leaks 2018-09-04 19:45:28 -04:00
Nick Mathewson
c50537fd94 Fix a pair of remaining leaks in tortls_nss.c
Fun fact: PR_Close leaks memory if its socket is not valid.
2018-09-04 19:45:21 -04:00
Nick Mathewson
274efb1263 Use FREE_AND_NULL for impl types 2018-09-04 14:52:35 -04:00
Nick Mathewson
ad94d43fc5 Port test_tortls_verify to not depend on openssl internals 2018-09-04 14:52:35 -04:00
Nick Mathewson
59c1b34b72 Remove tor_tls_check_lifetime as unused.
Everything that might have used it, uses tor_tls_cert_is_valid() instead.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3cdf0497f9 Add unit test for bridge-style TLS initialization. 2018-09-04 14:52:35 -04:00
Nick Mathewson
7acb8c8d18 Document winsock includes better 2018-09-04 14:52:35 -04:00
Nick Mathewson
70c27b7e39 Fix documentation of initialized fields in crypto_init.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
3b10108a2a Fix documentation of ENABLE_NSS 2018-09-04 14:52:35 -04:00
Nick Mathewson
edbb5ef5b2 Make some additional RSA functions const 2018-09-04 14:52:35 -04:00
Nick Mathewson
600e046ed3 Rename crypto_pk_check_key(), use it more reasonably, add tests
This function was a wrapper around RSA_check_key() in openssl, which
checks for invalid RSA private keys (like those where p or q are
composite, or where d is not the inverse of e, or where n != p*q).
We don't need a function like this in NSS, since unlike OpenSSL, NSS
won't let you import a bogus private key.

I've renamed the function and changed its return type to make it
more reasonable, and added a unit test for trying to read a key
where n != p*q.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3b5d6ef15b Unify functions for reading/writing PEM keys, to avoid duplication. 2018-09-04 14:52:35 -04:00
Nick Mathewson
b892133fb9 Do not leave a certificate allocated after testing dirvote_add() 2018-09-04 14:52:35 -04:00
Nick Mathewson
f46a7eafb8 Do not leak a reference to "slot" when decoding private key. 2018-09-04 14:52:35 -04:00
Nick Mathewson
36f3bdac03 Update prefork and postfork NSS code for unit tests. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52ac539b99 Test a few more tortls.c functions 2018-09-04 14:52:35 -04:00
Nick Mathewson
7163389b55 Several unit tests to improve test coverage of x509*.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
02086a216f Remove tor_x509_get_cert_impl as unneeded. 2018-09-04 14:52:35 -04:00
Nick Mathewson
b5fddbd241 Avoid double-close on TCP sockets under NSS. 2018-09-04 14:52:35 -04:00
Nick Mathewson
c18967d6c8 changes file for our NSS support 2018-09-04 14:52:35 -04:00
Nick Mathewson
52d5f4da12 Avoid spurious error logs when using NSS
The tls_log_errors() function now behaves differently for NSS than
it did for OpenSSL, so we need to tweak it a bit.
2018-09-04 14:52:35 -04:00
Nick Mathewson
dd04fc35c6 Remove tor_tls_shutdown()
This function was supposed to implement a half-duplex mode for our
TLS connections.  However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me.  It's probably best to remove it.  We can add a tested one
later if we need one in the future.
2018-09-04 14:52:35 -04:00
Nick Mathewson
5205c7fd90 Initial NSS support for TLS.
This is enough to get a chutney network to bootstrap, though a bunch
of work remains.
2018-09-04 14:52:35 -04:00
Nick Mathewson
fd994f55c4 Merge remote-tracking branch 'rl1987/doc26908' 2018-09-04 11:08:49 -04:00
Nick Mathewson
1e71e2c104 c99 style in loop 2018-09-04 11:04:55 -04:00
Nick Mathewson
3507fead10 Merge branch 'tor_api_owning_control' 2018-09-04 11:04:21 -04:00
Nick Mathewson
94b04d6c64 Merge branch 'bug24104_029_squashed' 2018-09-04 10:44:36 -04:00
rl1987
19f73f6336 Add changes file 2018-09-02 21:14:03 +03:00
rl1987
ce4f73f8a3 Update sample torrc files to warn about not using BridgeRelay and MyFamily together 2018-09-02 21:11:52 +03:00
rl1987
5db6cf7cbd In manpage, warn about combination of MyFamily and BridgeRelay being bad 2018-09-02 21:06:34 +03:00
juga0
81f4223329 Test for descriptor does not change when hibernating 2018-09-01 18:47:20 -04:00
juga0
d4e51a2eeb Add missing router_tests to test.h 2018-09-01 18:47:20 -04:00
juga0
e033d98f79 Check descriptor bandwidth changed if not hibernating
There should be a separate check to update descriptor when start
or end hibernating.
2018-09-01 18:47:20 -04:00
juga0
1066fdd8d1 Add test for check_descriptor_bandwidth_changed 2018-09-01 18:47:20 -04:00
juga0
e13ddee166 Allow mocking rep_hist_bandwidth_assess 2018-09-01 18:47:20 -04:00
juga0
842b18ab26 Add test log helpers for msgs not containing str 2018-09-01 18:47:20 -04:00
juga0
bbb82a5249 Add changes file 2018-09-01 18:47:20 -04:00
juga0
6210d568ec Make bandwidth change factor a constant
used to determine large changes in bandwidth.
2018-09-01 18:47:20 -04:00
Neel Chauhan
1c62adb65b Change mention of is_extrainfo router_parse_list_from_string() to want_extrainfo 2018-08-29 21:05:24 -04:00
Nick Mathewson
94605f08fb Merge branch 'ticket27246_035_01_squashed' 2018-08-29 15:05:05 -04:00
Nick Mathewson
6c0c08bbb5 Expand the comments on ASN.1-encoded TAP keys 2018-08-29 15:04:54 -04:00
Nick Mathewson
7f1895c39a Changes for 27246 2018-08-29 15:02:59 -04:00
David Goulet
2f6bc74914 router: Keep RSA onion public key in ASN.1 format
The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding
which is 140 for a 1024 RSA key.

We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor
(microdesc_t). Scaling this to 6000 relays, and considering client usually
only have microdescriptors, we save 1.608 MB of RAM which is considerable for
mobile client.

This commit makes it that we keep the RSA onion public key (used for TAP
handshake) in ASN.1 format instead of an OpenSSL RSA object.

Changes is done in both routerinfo_t and microdesc_t.

Closes #27246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-29 15:01:38 -04:00
Nick Mathewson
810152b20f Merge branch 'maint-0.3.4' 2018-08-29 11:17:31 -04:00
Nick Mathewson
0ea622aa3a Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-29 11:17:31 -04:00
Nick Mathewson
a28c14aad5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-29 11:17:31 -04:00
Nick Mathewson
b40f9967fa Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-29 11:17:31 -04:00