Commit Graph

3663 Commits

Author SHA1 Message Date
Nick Mathewson
e818a71905 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-21 09:35:54 -04:00
Nick Mathewson
2cadd93cea Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-21 09:35:51 -04:00
Nick Mathewson
5b04392c15 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-21 09:35:23 -04:00
Nick Mathewson
c7ce6b9821 Split main.c into main.c and mainloop.c
The main.c code is responsible for initialization and shutdown;
the mainloop.c code is responsible for running the main loop of Tor.

Splitting the "generic event loop" part of mainloop.c from the
event-loop-specific part is not done as part of this patch.
2018-09-21 09:14:06 -04:00
Nick Mathewson
98ef3e82e4 Move the non-crypto parts of onion.c out of src/core/crypto
The parts for handling cell formats should be in src/core/or.

The parts for handling onionskin queues should be in src/core/or.

Only the crypto wrapper belongs in src/core/crypto.
2018-09-21 09:14:05 -04:00
rl1987
d40b0e73c2 Check Python version in test_rebind.py 2018-09-21 10:57:41 +03:00
rl1987
81199eaf0e Remove misleading first line in test_rebind.py
test_rebind.py actually does not require Python 3.

Bugfix on 5a11670fcaad0a58de48425ba80510effbe35628; bug not in any
Tor release.
2018-09-21 10:57:41 +03:00
cypherpunks
db89b4b152 rust/protover: fix null deref in protover_all_supported()
Fortunately with the current callers it couldn't happen in practice.

Fix on d1820c1516.
2018-09-21 04:57:26 +00:00
Nick Mathewson
e7ac8fabcc Merge remote-tracking branch 'dgoulet/ticket27410_035_01' 2018-09-20 16:22:16 -04:00
Nick Mathewson
813019cc57 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:41:44 -04:00
Nick Mathewson
a406255cf3 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:19:47 -04:00
Nick Mathewson
72e30f26ec Fix a pair of errors in bug23512 2018-09-20 14:18:09 -04:00
Nick Mathewson
bd6007d898 Merge branch 'split_routerlist_dirserv_v2' 2018-09-20 11:07:50 -04:00
Nick Mathewson
b54a5e704f Split most of dirserv.c into several new modules
In dirauth:
  * bwauth.c reads and uses bandwidth files
  * guardfraction.c reads and uses the guardfraction file
  * reachability.c tests relay reachability
  * recommend_pkg.c handles the recommended-packages lines.
  * recv_descs.c handles fingerprint files and processing incoming
    routerinfos that relays upload to us
  * voteflag.c computes flag thresholds and sets those thresholds on
    routerstatuses when computing votes

In control:
  * fmt_serverstatus.c generates the ancient "v1 server status"
    format that controllers expect.

In nodelist:
  * routerstatus_fmt.c formats routerstatus entries for a consensus,
    a vote, or for the controller.
2018-09-20 11:07:42 -04:00
Nick Mathewson
1f377e910f Merge branch 'maint-0.3.4' 2018-09-20 10:43:08 -04:00
Nick Mathewson
08e3b88f07 Split routerlist.c into 4 separate modules
There are now separate modules for:
    * the list of router descriptors
    * the list of authorities and fallbacks
    * managing authority certificates
    * selecting random nodes
2018-09-19 17:08:57 -04:00
David Goulet
cb81a69f90 test: hs-v3 desc has arrived unit test
That unit test makes sure we don't have pending SOCK request if the descriptor
turns out to be unusable.

Part of #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
Nick Mathewson
6d33f65638 Use the correct function signatures in test_relaycell.c
This is now officially an antipattern: please let's never copy a
function declaration in two places again.  That's what headers are
for.
2018-09-18 15:51:11 -04:00
Nick Mathewson
ea5792f333 Make crypto_strongest_rand() non-mockable
Instead, have it call a mockable function.  We don't want
crypto_strongest_rand() to be mockable, since doing so creates a
type error when we call it from ed25519-donna, which we do not build
in a test mode.

Fixes bug 27728; bugfix on 0.3.5.1-alpha
2018-09-18 12:40:18 -04:00
Nick Mathewson
50367d06f2 Merge remote-tracking branch 'tor-github/pr/352' 2018-09-18 08:44:58 -04:00
Nick Mathewson
4199c8b2d0 Merge remote-tracking branch 'github/bug27073_029' 2018-09-18 08:16:42 -04:00
Mike Perry
8a83c4b613 Merge branch 'bug23512-v4-033' into bug23512-v4-master 2018-09-18 00:17:14 +00:00
Mike Perry
ad10cafd9f Bug 23512: Test fix: cmux is now allocated by new_fake_channel() 2018-09-17 23:31:48 +00:00
Mike Perry
72cef61028 Merge branch 'bug23512-v4-032' into bug23512-v4-033 2018-09-17 23:31:34 +00:00
Mike Perry
dfd3823047 Bug 23512: Mock assert_circuit_ok in tests.
This mocking was not available in 0.2.9.
2018-09-17 23:12:53 +00:00
Mike Perry
36e81e1f59 Merge branch 'bug23512-v4-029' into bug23512-v4-032 2018-09-17 23:12:45 +00:00
Mike Perry
6af352172d Bug 23512: Test recording bytes in circ queues. 2018-09-17 22:24:25 +00:00
Nick Mathewson
b729bc202c Add tortls.h includes to expose critical macro. Fix #27734. 2018-09-16 22:08:02 -04:00
Nick Mathewson
a8ac21fbb5 Don't try to link C from rust doctests for nss detection
This is really annoying, since we can't use cfg(test) for doctests.
2018-09-16 14:34:31 -04:00
Nick Mathewson
078debb0de Merge branch 'bug25573-034-typefix' 2018-09-16 13:46:12 -04:00
Nick Mathewson
7fd61cf536 Fix duplicate declaration of pathbias_count_valid_cells. 2018-09-16 13:45:43 -04:00
Nick Mathewson
991bec67ee When Tor is compiled with NSS, don't claim support for LinkAuth=1
Closes ticket 27288
2018-09-16 13:28:29 -04:00
Alexander Færøy
3477a73af9 Add proxy headers as early as possible.
This patch moves the logic that adds the proxy headers to an earlier
point in the exit connection lifetime, which ensures that the
application data cannot be written to the outbuf before the proxy header
is added.

See: https://bugs.torproject.org/4700
2018-09-15 22:17:57 +02:00
Alexander Færøy
9b511dc5d6 Change HiddenServiceExportCircuitID to take a string parameter: the protocol.
This patch changes HiddenServiceExportCircuitID so instead of being a
boolean it takes a string, which is the protocol. Currently only the
'haproxy' protocol is defined.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
Alexander Færøy
8f085841ef Encode the 32-bit Global Identifier as 2 x 16-bit in the IPv6 address.
Without this patch we would encode the IPv6 address' last part as
::ffffffff instead of ::ffff:ffff when the GID is UINT32_MAX.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
George Kadianakis
b2092f1ced Add unittest for HiddenServiceExportCircuitID.
Had to move a function to test helpers.
2018-09-15 16:52:32 +03:00
Nick Mathewson
6e5e1be737 Make circuitmux ewma timing test more tolerant on 32bit osx
Since we use a 32-bit approximation for millisecond conversion here,
we can't expect so much precision.

Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
2018-09-14 08:40:12 -04:00
cypherpunks
e24195c7c1 protover: reject invalid protocol names
The spec only allows the characters [A-Za-z0-9-].

Fix on b2b2e1c7f2.
Fixes #27316; bugfix on 0.2.9.4-alpha.
2018-09-14 02:18:04 +00:00
Nick Mathewson
7a0ff5beb2 In conditionvar_timeout test, wait for threads to timeout
Previously we just waited 200msec, which was not enough on slow/busy
systems.

Fixes bug 27073; bugfix on 0.2.6.3-alpha when the test was introduced.
2018-09-13 20:47:41 -04:00
Nick Mathewson
b943721b2a Merge branch 'bug27224_take2_squashed' 2018-09-13 16:43:06 -04:00
Nick Mathewson
874eca6a8c Add a test case with a matching ip but mismatched identity. 2018-09-13 16:38:33 -04:00
rl1987
9741921094 Unit tests for ticket 27224.
Since this is a refactoring ticket, these tests should pass before
and after the changes are made.
2018-09-13 16:25:14 -04:00
Nick Mathewson
e8b81d7dc5 Merge branches 'bug27684' and 'bug27685' 2018-09-13 13:09:57 -04:00
Nick Mathewson
15596f6c0c Fix a memory leak in tortls/openssl/try_to_extract_certs_from_tls
Since this is an "intrusive" test, it only shows up for openssl <1.1

This is a bugfix on 0.3.5.x; bug not in any released Tor.
2018-09-13 12:47:42 -04:00
Nick Mathewson
d28018ea1e Fix a memory leak in tortls/openssl/context_new test.
Bugfix on 0.3.5.x; bugfix not on any released Tor.
2018-09-13 12:43:37 -04:00
Nick Mathewson
f308e81fa7 Merge branch 'maint-0.3.4' 2018-09-12 17:25:40 -04:00
Nick Mathewson
f8d5fb42a3 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-12 17:24:41 -04:00
Nick Mathewson
19dbc385d5 Merge remote-tracking branch 'tor-github/pr/298' 2018-09-12 09:38:52 -04:00
Nick Mathewson
62743912bc Merge branch 'pr278_squashed' 2018-09-12 09:06:35 -04:00
rl1987
7b27d98eae Actually, just disable test_rebind.sh on Appveyor 2018-09-12 09:06:16 -04:00
rl1987
d30e47fd4e Disable test_rebind.sh on Windows 2018-09-12 09:06:16 -04:00
rl1987
5a11670fca Update/fix CI build
Update integration test to Python 3
2018-09-12 09:06:16 -04:00
rl1987
4811869d7a Pick random ports in test_rebind.py 2018-09-12 09:06:16 -04:00
rl1987
3f34fc921c Tweak test_rebind.py for future-proofness 2018-09-12 09:06:16 -04:00
rl1987
762c27b907 Integration test for socket rebinding
squash! Integration test for socket rebinding
2018-09-12 09:06:16 -04:00
Nick Mathewson
8294c40c96 Merge remote-tracking branch 'tor-github/pr/318' 2018-09-12 08:12:19 -04:00
cypherpunks
e9ef7d5ab4 test/protover: remove version zero from tests
This isn't legal according to dir-spec.txt.

We can write separate tests for it if the spec
is changed to make it legal.
2018-09-12 02:47:29 +00:00
Nick Mathewson
5a2374b074 Merge remote-tracking branch 'tor-github/pr/315' 2018-09-11 15:55:30 -04:00
Nick Mathewson
75ad1a1f2f Merge remote-tracking branch 'onionk/doublevote1' 2018-09-11 13:16:49 -04:00
Taylor Yu
617160895c Defer reporting directory bootstrap progress
Existing cached directory information can cause misleadingly high
bootstrap percentages.  To improve user experience, defer reporting of
directory information progress until at least one connection has
succeeded to a relay or bridge.

Closes ticket 27169.
2018-09-10 15:20:50 -05:00
David Goulet
7ff67d0e90 test: Fix coverity CID 1439129
One HSv3 unit test used "tor_memeq()" without checking the return value. This
commit changes that to use "tt_mem_op()" to actually make the test validate
something :).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:28:35 -04:00
David Goulet
064d3e7497 test: Fix coverity CID 1439130
Trivial fix of removing an uneeded NULL check in an HS v3 unit test.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:22:31 -04:00
David Goulet
58d74ad943 test: Fix coverity CID 1439131
Simple uninitialized object that we could free in an HS v3 unit test.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:20:58 -04:00
Nick Mathewson
9ca1af9a87 Merge remote-tracking branch 'dgoulet/ticket20700_035_03' 2018-09-07 15:03:32 -04:00
George Kadianakis
3695ef6343 HSv3: Don't assert when reading bad client-side privkeys. 2018-09-07 14:05:07 -04:00
George Kadianakis
1e9428dc61 HSv3: Add subcredential in client auth KDF on the service-side.
Also update some client auth test vectors that broke...
2018-09-07 14:05:07 -04:00
David Goulet
c76d00abfa hs-v3: Make hs_desc_build_fake_authorized_client() return an object
Return a newly allocated fake client authorization object instead of taking
the object as a parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5e1d36c7db bug: Use PATH_SEPARATOR instead of slash
In function get_fname_suffix, previously it uses /, but in fact it
should use PATH_SEPARATOR.
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
83c8419e73 hs-v3: Rename client_pk to client_auth_pk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:08 -04:00
Suphanat Chunhapanya
9f975e9995 hs-v3: Rename client_sk to client_auth_sk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:07 -04:00
Suphanat Chunhapanya
b61403c787 test: HS v3 client auth is config equal function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
3b08b23997 hs-v3: Make all descriptor content free functions public
Series of functions that we now need in hs_service.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
69fb25b0f6 test: HS v3 descriptor decoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
63576b0166 hs-v3: Refactor the descriptor decryption/decoding
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
9c36219236 test: HS v3 client authorization loading secret key
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fd6bec923c test: HS v3 descriptor encoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fa50aee366 hs-v3: Encrypt the descriptor using a cookie
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
10f4c46e50 test: Build an HSv3 descriptor with authorized client
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
0dab4ac2dd test: HS v3 building a descriptor with client auth
This commit tests that the descriptor building result, when the client
authorization is enabled, includes everything that is needed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
15af47ede0 test: HS v3 loading client auth keys service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Nick Mathewson
8815960c46 Merge remote-tracking branch 'tor-github/pr/294' 2018-09-06 09:47:32 -04:00
Nick Mathewson
3b61bdb5ae Try to fix new coverity warnings in unit tests. 2018-09-05 08:30:35 -04:00
Nick Mathewson
03efb67b42 Debug one last reference-counting issue that only appeared on openssl master 2018-09-04 20:46:46 -04:00
Nick Mathewson
eeba944ee0 Fix an easy refcounting bug in a unit test 2018-09-04 20:25:25 -04:00
Nick Mathewson
0db5c54957 Merge branch 'nss_squashed' into nss_merge 2018-09-04 20:21:07 -04:00
Nick Mathewson
d644c93ae9 Resolve openssl-only memory leaks 2018-09-04 19:45:28 -04:00
Nick Mathewson
c50537fd94 Fix a pair of remaining leaks in tortls_nss.c
Fun fact: PR_Close leaks memory if its socket is not valid.
2018-09-04 19:45:21 -04:00
Nick Mathewson
274efb1263 Use FREE_AND_NULL for impl types 2018-09-04 14:52:35 -04:00
Nick Mathewson
ad94d43fc5 Port test_tortls_verify to not depend on openssl internals 2018-09-04 14:52:35 -04:00
Nick Mathewson
59c1b34b72 Remove tor_tls_check_lifetime as unused.
Everything that might have used it, uses tor_tls_cert_is_valid() instead.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3cdf0497f9 Add unit test for bridge-style TLS initialization. 2018-09-04 14:52:35 -04:00
Nick Mathewson
600e046ed3 Rename crypto_pk_check_key(), use it more reasonably, add tests
This function was a wrapper around RSA_check_key() in openssl, which
checks for invalid RSA private keys (like those where p or q are
composite, or where d is not the inverse of e, or where n != p*q).
We don't need a function like this in NSS, since unlike OpenSSL, NSS
won't let you import a bogus private key.

I've renamed the function and changed its return type to make it
more reasonable, and added a unit test for trying to read a key
where n != p*q.
2018-09-04 14:52:35 -04:00
Nick Mathewson
b892133fb9 Do not leave a certificate allocated after testing dirvote_add() 2018-09-04 14:52:35 -04:00
Nick Mathewson
36f3bdac03 Update prefork and postfork NSS code for unit tests. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52ac539b99 Test a few more tortls.c functions 2018-09-04 14:52:35 -04:00
Nick Mathewson
7163389b55 Several unit tests to improve test coverage of x509*.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
dd04fc35c6 Remove tor_tls_shutdown()
This function was supposed to implement a half-duplex mode for our
TLS connections.  However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me.  It's probably best to remove it.  We can add a tested one
later if we need one in the future.
2018-09-04 14:52:35 -04:00
Nick Mathewson
5205c7fd90 Initial NSS support for TLS.
This is enough to get a chutney network to bootstrap, though a bunch
of work remains.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3507fead10 Merge branch 'tor_api_owning_control' 2018-09-04 11:04:21 -04:00
Nick Mathewson
94b04d6c64 Merge branch 'bug24104_029_squashed' 2018-09-04 10:44:36 -04:00
cypherpunks
d32b08af6f string: add string_is_utf8() helper
Ticket #27373.
2018-09-03 13:54:43 +00:00
juga0
81f4223329 Test for descriptor does not change when hibernating 2018-09-01 18:47:20 -04:00
juga0
d4e51a2eeb Add missing router_tests to test.h 2018-09-01 18:47:20 -04:00
juga0
1066fdd8d1 Add test for check_descriptor_bandwidth_changed 2018-09-01 18:47:20 -04:00
juga0
842b18ab26 Add test log helpers for msgs not containing str 2018-09-01 18:47:20 -04:00
Nick Mathewson
94605f08fb Merge branch 'ticket27246_035_01_squashed' 2018-08-29 15:05:05 -04:00
David Goulet
2f6bc74914 router: Keep RSA onion public key in ASN.1 format
The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding
which is 140 for a 1024 RSA key.

We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor
(microdesc_t). Scaling this to 6000 relays, and considering client usually
only have microdescriptors, we save 1.608 MB of RAM which is considerable for
mobile client.

This commit makes it that we keep the RSA onion public key (used for TAP
handshake) in ASN.1 format instead of an OpenSSL RSA object.

Changes is done in both routerinfo_t and microdesc_t.

Closes #27246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-29 15:01:38 -04:00
Mike Perry
93ff8b411a Merge branch 'ticket25573-034' into ticket25573-master 2018-08-29 17:10:06 +00:00
Mike Perry
ce894e20b5 Ticket #25573: Count TRUNCATED cells.
TRUNCATED cells were ignored while in path bias. Now they are obeyed, and
cause us to tear down the circuit. The actual impact is minimal, since we
would just wait around for a probe that would never arrive before.

This commit changes client behavior.
2018-08-29 04:12:15 +00:00
Mike Perry
144647031a Ticket #25573: Check half-opened stream ids when choosing a new one
Avoid data corrupton by avoiding mixing up old stream ids with new ones.

This commit changes client behavior.
2018-08-29 04:12:15 +00:00
Mike Perry
c56f63eadb Ticket #25573: Track half-closed stream ids
We allow their CONNECTEDs, RESOLVEDs, ENDs, SENDMEs, and DATA cells to not
count as dropped until the windows are empty, or we get an END.

This commit does not change behavior. It only changes CIRC_BW event field
values.
2018-08-29 04:12:09 +00:00
Nick Mathewson
3d7a705d3a Merge remote-tracking branch 'onionk/prototest1' 2018-08-28 21:32:46 -04:00
Nick Mathewson
48632455a5 Merge branch 'bug26367_035_01' 2018-08-28 16:02:04 -04:00
David Goulet
4976eca826 hs: Render obsolete Tor2web
Remove support for Tor2web in the code and build system. At this commit, tor
doesn't have Tor2web support anymore.

Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html

Close #26367

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
Nick Mathewson
219f6ea516 Fix log.c comments about assert vs tor_assert vs raw_assert. 2018-08-28 15:58:16 -04:00
Nick Mathewson
2bc4c55d7d Merge remote-tracking branch 'tor-github/pr/245' 2018-08-28 15:44:06 -04:00
rl1987
3890ad2578 Stricter HiddenServicePort parsing 2018-08-28 18:32:31 +03:00
Nick Mathewson
64c3c6a790 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-27 09:39:08 -04:00
Nick Mathewson
0483f7f64c Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-27 09:39:08 -04:00
Nick Mathewson
103dd68ba8 Merge branch 'maint-0.3.4' 2018-08-27 09:39:08 -04:00
teor
70a07fa90b
When running make test-network-all, use the mixed+hs-v2 network
No behaviour change.

A previous fix to chutney removed v3 onion services from the
mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
confusing.

Fixes bug 27345; bugfix on 0.3.2.1-alpha.
2018-08-27 23:07:20 +10:00
Nick Mathewson
bb65b53966 Fix a compilation warning on i386 with clang 2018-08-24 16:13:30 -04:00
Nick Mathewson
7217bdacb5 Merge remote-tracking branch 'tor-github/pr/289' 2018-08-24 12:57:18 -04:00
Nick Mathewson
d50f90bfc4 Merge branch 'maint-0.3.4' 2018-08-23 19:37:32 -04:00
Nick Mathewson
e01ea64f0a Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-23 19:36:45 -04:00
Nick Mathewson
36bb11a650 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-23 19:36:45 -04:00
Nick Mathewson
6e0872e867 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-23 19:36:45 -04:00
teor
cc4ea34a26
Silence a compilation warning on MSVC 2017 and clang-cl
test.c no longer uses lround(), so we don't need to declare it,
and we can use math.h for fabs().

Fixes bug 27185; bugfix on 0.2.2.2-alpha.
2018-08-24 09:15:04 +10:00
Nick Mathewson
c567b8fcb4 NSS support for x509 certs
7 unit tests are failing at this point, but they're all TLS-related.
2018-08-22 16:11:45 -04:00
David Goulet
cb466ee7d6 key: Make ed_key_init_from_file() take an or_options_t
Part of #27215, we need to call the ed_key_init_from_file function during
option_validate() which is before the global_options variable is set.

This commit make ed_key_init_from_file() stop using get_options() and instead
now has a or_options_t parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:32:57 -04:00
George Kadianakis
5febea0d54 Fix revision counter bugs caused by bad SRV start time computation.
Bug description: For each descriptor, its revision counter is the OPE
ciphertext of the number of seconds since the start time of its SRV value.
This bug caused us to confuse the SRV start time in the middle of the lifetime
of a descriptor in some edge-cases, which caused descriptor rejects.

Bug cause: The bug occurs when we fetch a 23:00 consensus after
midnight (e.g. at 00:08 when not all dirauths have fetched the latest 00:00
consensus). In that case, the voting schedule (which was used for SRV start
time calculation) would return a valid-after past-midnight, whereas our
consensus would be pre-midnight, and that would confuse the SRV start time
computation which is used by HS revision counters (because we would reset the
start time of SRV, without rotating descriptors).

Bug fix: We now use our local consensus time to calculate the SRV start time,
instead of the voting schedule. The voting schedule does not work as originally
envisioned in this case, because it was created for voting by dirauths and not
for scheduling stuff on clients.
2018-08-22 18:09:47 +03:00
Nick Mathewson
8148c0717d Change log_test_helpers macros to use printf, not pasting
This ensures that our test failure messages actually tell us what
strings Tor was expecting.  I will need this to debug some test
failures.
2018-08-22 10:55:55 -04:00
Nick Mathewson
8691046ac6 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-22 09:37:31 -04:00
Nick Mathewson
c1ad40627b Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-22 09:37:31 -04:00
Nick Mathewson
9068e2fa28 Mark cert_matches_key as not-intrusive; fix stretch compilation. 2018-08-22 09:37:26 -04:00
Nick Mathewson
e619fd02ef Merge remote-tracking branch 'tor-github/pr/287' 2018-08-21 20:08:55 -04:00
Nick Mathewson
bf5704051c Merge remote-tracking branch 'teor/travis-osx-master' 2018-08-21 20:04:13 -04:00
Nick Mathewson
aac1e17f22 Merge remote-tracking branch 'teor/travis-osx-034' into maint-0.3.4 2018-08-21 20:04:03 -04:00
Nick Mathewson
f0633bc491 Merge remote-tracking branch 'teor/travis-osx-033' into maint-0.3.3 2018-08-21 20:03:56 -04:00
Nick Mathewson
a29e9a901d Merge remote-tracking branch 'teor/travis-osx-032' into maint-0.3.2 2018-08-21 20:03:41 -04:00
Neel Chauhan
3bf4493cb9 Remove duplicate include in src/test/test_address.c 2018-08-21 20:01:48 -04:00
Nick Mathewson
de66bd397c Merge branch 'maint-0.3.4' 2018-08-21 19:20:37 -04:00
Nick Mathewson
f68aab83ba Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-21 19:20:31 -04:00
Nick Mathewson
245025a3df Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-21 19:16:40 -04:00
Nick Mathewson
d52f406001 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-21 19:16:40 -04:00
Nick Mathewson
5245a296c5 Make some x509 functions generic; remove some fields NSS doesn't need 2018-08-21 12:25:33 -04:00
Nick Mathewson
b9ca8f2356 Extract internal-only parts of x509.h 2018-08-21 12:25:33 -04:00
Nick Mathewson
6a88d8f6b4 When enabling NSS, disable OpenSSL.
We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.

Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
   - tor-gencert
   - pbkdf2
2018-08-21 12:25:33 -04:00
Nick Mathewson
1992c76130 Split tls modules and their tests into openssl and generic.
Also, add a stubbed-out nss version of the modules.  The tests won't
pass with NSS yet since the NSS modules don't do anything.

This is a good patch to read with --color-moved.
2018-08-21 12:25:33 -04:00
Nick Mathewson
598bc78bfa Extract tortls structures into a new header; clean up a little 2018-08-21 12:25:33 -04:00