Commit Graph

19605 Commits

Author SHA1 Message Date
Nick Mathewson
96cf608b2e Merge branch 'bug22885_squashed' 2017-08-03 09:33:40 -04:00
Nick Mathewson
7f32920648 Don't send missing X-Desc-Gen-Reason on startup
Since we start with desc_clean_since = 0, we should have been
starting with non-null desc_dirty_reason.

Fixes bug 22884; bugfix on 0.2.3.4-alpha when X-Desc-Gen-Reason was
added.
2017-08-03 09:33:33 -04:00
Nick Mathewson
1168e21b45 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-08-03 09:14:12 -04:00
Nick Mathewson
40c7871f46 Merge branch 'maint-0.3.1' 2017-08-03 09:14:12 -04:00
Nick Mathewson
b548371f76 Merge remote-tracking branch 'dgoulet/bug23078_030_01' into maint-0.3.0 2017-08-03 09:12:23 -04:00
Nick Mathewson
17073d7234 Merge branch 'maint-0.3.1' 2017-08-03 09:11:03 -04:00
Nick Mathewson
b13bf65062 Merge branch 'bug23081_025' into maint-0.3.1 2017-08-03 09:10:58 -04:00
Nick Mathewson
3e68db02c4 In ntmain, call set_main_thread() before running the loop.
Patch from Vort; fixes bug 23081; bugfix on fd992deeea in
0.2.1.16-rc when set_main_thread() was introduced.

See the changes file for a list of all the symptoms this bug has
been causing when running Tor as a Windows Service.
2017-08-03 09:09:08 -04:00
Neel Chauhan
5ee6ca8da2 Switch to offsetof() 2017-08-03 08:56:35 -04:00
Nick Mathewson
02fcb29d11 Merge branch 'maint-0.3.1' 2017-08-03 08:44:32 -04:00
Nick Mathewson
93b28972c1 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-08-03 08:44:31 -04:00
Nick Mathewson
9696021593 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-08-03 08:44:31 -04:00
Nick Mathewson
f33c96610f Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-03 08:44:31 -04:00
Nick Mathewson
e220e6e437 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-08-03 08:44:31 -04:00
Karsten Loesing
1280de42a4 Update geoip and geoip6 to the August 3 2017 database. 2017-08-03 10:00:54 +02:00
David Goulet
5b03c7ba6d Fix check_expired_networkstatus_callback() if condition
The condition was always true meaning that we would reconsider updating our
directory information every 2 minutes.

If valid_until is 6am today, then now - 24h == 1pm yesterday which means that
"valid_until < (now - 24h)" is false. But at 6:01am tomorrow, "valid_until <
(now - 24h)" becomes true which is that point that we shouldn't trust the
consensus anymore.

Fixes #23091

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-02 13:28:45 -04:00
Nick Mathewson
c4c5077af2 Merge branch 'maint-0.3.1' 2017-08-02 12:51:46 -04:00
Nick Mathewson
a9a8d53dec Merge branch 'bug23071_031' into maint-0.3.1 2017-08-02 12:51:42 -04:00
Nick Mathewson
ee849ee8b6 Make the hs_ntor_ref logic more correct when there is no sha3 module 2017-08-02 12:44:46 -04:00
Nick Mathewson
8925e84beb version bump to 0.3.0.10-dev 2017-08-02 12:28:34 -04:00
Nick Mathewson
4f7955d5de Bump to 0.3.0.10 2017-08-01 14:38:49 -04:00
David Goulet
ff9c529667 hs: Cleanup logging statement in hs_intropoint.c
One log statement was a warning and has been forgotten. It is triggered for a
successful attempt at introducting from a client.

It has been reported here:
https://lists.torproject.org/pipermail/tor-relays/2017-August/012689.html

Three other log_warn() statement changed to protocol warning because they are
errors that basically can come from the network and thus triggered by anyone.

Fixes #23078.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-01 14:15:47 -04:00
Nick Mathewson
9c294d29ea bump to 0.3.1.5-alpha-dev 2017-08-01 12:08:30 -04:00
Nick Mathewson
58e1c6dd86 Merge remote-tracking branch 'public/bug19769_19025_029' into maint-0.2.9 2017-08-01 11:30:29 -04:00
Nick Mathewson
8500f0e4e1 Merge remote-tracking branch 'public/bug20059_024_v2' into maint-0.2.9 2017-08-01 11:28:36 -04:00
Nick Mathewson
84c4a2bc3f Merge remote-tracking branch 'public/bug20270_029' into maint-0.3.0 2017-08-01 11:24:02 -04:00
Nick Mathewson
7c68b2f1a5 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-01 11:23:00 -04:00
Nick Mathewson
2b94b0ea72 Merge remote-tracking branch 'public/bug22245_024' into maint-0.2.9 2017-08-01 11:22:42 -04:00
Nick Mathewson
1d48712c28 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-01 11:21:19 -04:00
Nick Mathewson
f6ecda8400 Merge remote-tracking branch 'public/bug18100_029' into maint-0.2.9 2017-08-01 11:21:14 -04:00
Nick Mathewson
4a19498edc Merge branch 'maint-0.3.0' into maint-0.3.1 2017-08-01 11:19:30 -04:00
Nick Mathewson
64e5600103 Merge branch 'maint-0.3.1' 2017-08-01 11:19:30 -04:00
Nick Mathewson
9d24a352c0 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-01 11:19:30 -04:00
Nick Mathewson
0e7558ab64 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-08-01 11:19:29 -04:00
Nick Mathewson
925ef048a9 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-08-01 11:19:29 -04:00
Nick Mathewson
a48ae2aa67 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-08-01 11:19:29 -04:00
Nick Mathewson
6862eada65 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-08-01 11:19:29 -04:00
Nick Mathewson
0bfd1c318c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-08-01 11:19:28 -04:00
Nick Mathewson
ec99f038fa Improve the keypin failure message
Closes the human-factors part of ticket 22348.
2017-07-31 20:40:23 -04:00
Nick Mathewson
df3bdc6bde Clean up choose_good_entry_server() doc; add assertion
We used to allow state==NULL here, but we no longer do.

Fixes bug 22779.
2017-07-31 20:35:58 -04:00
Nick Mathewson
8b5b7d470f Fix the hs_ntor integration tests to work with the pysha3 module
The sha3 module should still work.  Fixes bug 23071; bugfix on
0.3.1.1-alpha.
2017-07-31 20:28:42 -04:00
Nick Mathewson
572f23a96e Now that "base -1" is a bug, tell our unit tests to expect bug warnings
Bugfix on accb734c5fc45481231b837; bug not in any released Tor.
2017-07-31 14:30:04 -04:00
Nick Mathewson
2cb8c8d99f Bump to 0.3.1.5-alpha 2017-07-31 14:29:33 -04:00
Nick Mathewson
769a94d9ce Bug 23055: cast, then multiply when doing u32*u32->u64.
No backport, since this bug won't trigger until people make
certificates expiring after the Y2106 deadline.

CID 1415728
2017-07-28 10:33:51 -04:00
Nick Mathewson
accb734c5f Turn base < 0 into a BUG() in our long-parse functions. 2017-07-28 10:26:06 -04:00
Nick Mathewson
decb927685 Add an assertion to try to please coverity.
Coverity, for some reason, thought that weight_scale might be 0,
leading to a divide-by-zero error.
2017-07-28 10:17:57 -04:00
Nick Mathewson
602c52cad4 Coverity deadcode shenanigans on BUG() macro.
We don't actually want Coverity to complain when a BUG() check can
never fail, since such checks can prevent us from introducing bugs
later on.

Closes ticket 23054. Closes CID 1415720, 1415724.
2017-07-28 10:02:38 -04:00
Nick Mathewson
5f0fa480dd Merge branch 'maint-0.3.1' 2017-07-28 09:54:39 -04:00
Nick Mathewson
eb677c5870 Fix an unreachable memory leak in the unit tests
This is CID 1415726.
2017-07-28 09:52:34 -04:00
Nick Mathewson
6252e04a37 Merge branch 'maint-0.3.1' 2017-07-28 09:50:26 -04:00
Nick Mathewson
911e2dc530 Merge branch 'bug23053_029' into maint-0.3.1 2017-07-28 09:50:16 -04:00
Nick Mathewson
9a0f38a349 Fix a small memory leak when parsing unix: ports twice
Fixes bug 23053; CID 1415725.
2017-07-28 09:49:42 -04:00
Nick Mathewson
baf53300d7 Merge branch 'maint-0.3.1' 2017-07-27 20:33:01 -04:00
Nick Mathewson
af3079a492 Try to work around a compile warning in workqueue.c 2017-07-27 20:32:59 -04:00
Nick Mathewson
15ed1c0c83 Merge branch 'maint-0.3.1' 2017-07-27 16:30:52 -04:00
Nick Mathewson
ba334c00da Merge branch 'multi-priority_squashed' into maint-0.3.1 2017-07-27 16:29:34 -04:00
Nick Mathewson
fdd8156ea3 Fix the cpuworker.c documentation to mention all the kinds of work 2017-07-27 16:28:59 -04:00
Nick Mathewson
f5a852de91 Note that threadpool_queue_work...() can't actually return NULL 2017-07-27 16:28:59 -04:00
Nick Mathewson
250c88014d Always start with one additional worker thread
Now that half the threads are permissive and half are strict, we
need to make sure we have at least two threads, so that we'll
have at least one of each kind.
2017-07-27 16:28:59 -04:00
Nick Mathewson
0ae0b5aa41 Queue consensus diffs at LOW priority.
Fixes bug 22883.
2017-07-27 16:28:59 -04:00
Nick Mathewson
bddea78ded Fix a pair of stale comments in workqueue.c
These comments said that each thread had a separate queue, but we
haven't been using that design for some while.
2017-07-27 16:28:59 -04:00
Nick Mathewson
efadebf7c3 Make the chance for priority inversion thread-specific
Instead of choosing a lower-priority job with a 1/37 chance, have
the chance be 1/37 for half the threads, and 1/2147483647 for the
other half.  This way if there are very slow jobs of low priority,
they shouldn't be able to grab all the threads when there is better
work to do.
2017-07-27 16:28:59 -04:00
Nick Mathewson
10e0bff4ca Add support for multi-priority workqueues
Each piece of queued work now has an associated priority value; each
priority goes on a separate queue.

With probability (N-1)/N, the workers will take work from the highest
priority nonempty queue.  Otherwise, they'll look for work in a
queue of lower priority.  This behavior is meant to prevent
starvation for lower-priority tasks.
2017-07-27 16:28:05 -04:00
Nick Mathewson
c2844d5377 Merge branch 'bug22895_027' 2017-07-27 11:27:07 -04:00
cypherpunks
89c0a00a9a Remove unused variables in donna's SSE2 code
Fixes unused-const-variable warnings with GCC on 32-bit x86 systems.

Closes #22895.
2017-07-27 11:26:13 -04:00
Nick Mathewson
ced2dd5f92 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-27 08:23:37 -04:00
Nick Mathewson
b387dd364f Merge branch 'maint-0.3.1' 2017-07-27 08:23:37 -04:00
Nick Mathewson
ad35e595e5 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-27 08:23:36 -04:00
Nick Mathewson
24ddf5862e Merge remote-tracking branch 'public/bug20247_029' into maint-0.2.9 2017-07-27 08:23:34 -04:00
Nick Mathewson
8d3c3f039d Merge branch 'maint-0.3.1' 2017-07-26 12:58:22 -04:00
Nick Mathewson
431c8d09ee Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-26 12:58:22 -04:00
Nick Mathewson
18734d3b25 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-26 12:58:22 -04:00
Nick Mathewson
32b9edeb91 Fix build warnings from Coverity related to our BUG macro
In the Linux kernel, the BUG() macro causes an instant panic.  Our
BUG() macro is different, however: it generates a nonfatal assertion
failure, and is usable as an expression.

Additionally, this patch tells util_bug.h to make all assertion
failures into fatal conditions when we're building with a static
analysis tool, so that the analysis tool can look for instances
where they're reachable.

Fixes bug 23030.
2017-07-26 12:57:49 -04:00
Nick Mathewson
8b5b3b5fb4 Merge branch 'maint-0.3.1' 2017-07-26 12:54:41 -04:00
Nick Mathewson
30a98c765f Merge branch 'bug22927_031' into maint-0.3.1 2017-07-26 12:54:37 -04:00
Nick Mathewson
3c017e823b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-26 12:53:38 -04:00
Nick Mathewson
5141360099 Merge branch 'maint-0.3.1' 2017-07-26 12:53:38 -04:00
Nick Mathewson
d068f3359f Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-26 12:53:38 -04:00
Nick Mathewson
6d3c5b8fb5 Merge branch 'bug22915_029_2' into maint-0.2.9 2017-07-26 12:53:13 -04:00
Nick Mathewson
fca1934c88 Suppress clang4-specific -Wdouble-promotion warnings
Wow, it sure seems like some compilers can't implement isnan() and
friends in a way that pleases themselves!

Fixes bug 22915. Bug trigged by 0.2.8.1-alpha and later; caused by
clang 4.
2017-07-26 12:53:00 -04:00
Nick Mathewson
b9ad49844b This caused my attempt to fix hs_config/valid_service_v2 to fail
_again_.

Third time's the charm?
2017-07-25 13:24:41 -04:00
David Goulet
c9927ce4d5 prop224: Add onion key to service descriptor intro point
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
David Goulet
78e2bc4000 prop224: Add the introduction point onion key to descriptor
A prop224 descriptor was missing the onion key for an introduction point which
is needed to extend to it by the client.

Closes #22979

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
David Goulet
b8ceab9bb3 prop224: Helper to dup a link_specifier_t object
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
David Goulet
2b9575a9c0 prop224: Update hs identifier circuit
Remove the legacy intro point key because both service and client only uses
the ed25519 key even though the intro point chosen is a legacy one.

This also adds the CLIENT_PK key that is needed for the ntor handshake.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
David Goulet
3e537c6fe4 trunnel: Add prop224 RENDEZVOUS1 cell definition
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
Roger Dingledine
bb66a48541 fix wordo in comment 2017-07-25 11:14:39 -04:00
Nick Mathewson
a4217cc52f Fix remaining cases of hs_config failures without af_unix 2017-07-24 15:58:11 -04:00
Nick Mathewson
661e317697 Fix hs_config unit test on systems without unix sockets
Bugfix on 418059dd96f5f427eceffff1daeb2a2f6c4adbeb; jenkins found
this.
2017-07-24 15:13:23 -04:00
Nick Mathewson
6c8c973191 Rename the hybrid_encrypt/decrypt functions; label them as dangerous
We need to keep these around for TAP and old-style hidden services,
but they're obsolete, and we shouldn't encourage anyone to use them.
So I've added "obsolete" to their names, and a comment explaining
what the problem is.

Closes ticket 23026.
2017-07-24 14:34:53 -04:00
Nick Mathewson
db1664e593 Improve comment about why we disable TLS compression.
Closes bug 22964.  Based on Teor's replacement there, but tries
to put the comment in a more logical place, and explain why we're
actually disabling compression in the first place.
2017-07-24 14:17:16 -04:00
David Goulet
10331081c7 test: Remove buggy unit test in test_hs_service
There isn't much of a point of this buggy test afterall to add twice the same
service object but with a different key which ultinately can end up failing
the test because 1/N_BUCKETS of probability that we end up to put the service
in the same bucket.

Fixes #23023

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-24 11:33:52 -04:00
Roger Dingledine
ec5b30ca0b fix whitespace issue 2017-07-23 00:57:10 -04:00
Nick Mathewson
2ae51ed5e2 Fix zstd 1.3.0 trouble: Be more respectful of its state machine
In zstd 1.3.0, once you have called ZSTD_endStream and been told
that your putput buffer is full, it really doesn't want you to call
ZSTD_compressStream again.  ZSTD 1.2.0 didn't seem to mind about
this.

This patch fixes the issue by making sure never to call
ZSTD_endStream if there's any more data on the input buffer to
process, by flushing even when we're about to call "endStream", and
by never calling "compress" or "flush" after "endStream".
2017-07-14 16:31:29 -04:00
Nick Mathewson
0ccdf2f31e Merge branch 'bug17750_029_squashed' 2017-07-14 15:07:09 -04:00
Nick Mathewson
b7566d465f Fix a signed integer overflow in dir/download_status_random_backoff
Fix for 22924. Bugfix on 0.2.9.1-alpha when the test was introducd
-- though it couldn't actually overflow until we fixed 17750.

Additionally, this only seems to overflow on 32-bit, and only when
the compiler doesn't re-order the (possibly dead) assignment out of
the way.  We ran into it on a 32-bit ubuntu trusty builder.
2017-07-14 15:05:30 -04:00
Nick Mathewson
9a1338d9df Fix 32-bit warnings in hs_common.c 2017-07-14 11:33:12 -04:00
Nick Mathewson
f5d2f79aca Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-14 09:11:14 -04:00
Nick Mathewson
52c1754ff6 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-14 09:11:14 -04:00
Nick Mathewson
d0816a040d Merge branch 'maint-0.3.1' 2017-07-14 09:11:14 -04:00
Nick Mathewson
3a7d757140 Merge branch 'bug22916_027' into maint-0.2.9 2017-07-14 09:11:08 -04:00
Nick Mathewson
bbc75faed1 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-14 09:06:44 -04:00
Nick Mathewson
ce5d8c92dd Merge branch 'maint-0.3.1' 2017-07-14 09:06:44 -04:00
Nick Mathewson
c1afbbe8fe Merge branch 'bug22803_030' into maint-0.3.0 2017-07-14 09:06:33 -04:00
Nick Mathewson
3cec1783b7 Fix compiler warnings with openssl-scrypt/libscrypt test on clang
Clang didn't like that we were passing uint64_t values to an API
that wanted uint32_t.  GCC has either not cared, or has figured out
that the values in question were safe to cast to uint32_t.

Fixes bug22916; bugfix on 0.2.7.2-alpha.
2017-07-13 17:49:48 -04:00
Nick Mathewson
ef4ea864ea Merge remote-tracking branch 'dgoulet/ticket21979_032_04' 2017-07-13 17:23:37 -04:00
David Goulet
965e3a6628 prop224: Fix clang warnings
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 17:18:11 -04:00
Nick Mathewson
62d241ad22 Merge remote-tracking branch 'isis/bug19476' 2017-07-13 16:58:45 -04:00
Nick Mathewson
66a564fad8 Merge branch 'maint-0.3.1' 2017-07-13 16:55:06 -04:00
Nick Mathewson
66258f8878 Merge branch 'fewer-diffs' into maint-0.3.1 2017-07-13 16:55:02 -04:00
Nick Mathewson
ec29cae8d7 Merge branch 'maint-0.3.1' 2017-07-13 16:52:20 -04:00
Nick Mathewson
1ea155b28f Merge branch 'bug22520_031' into maint-0.3.1 2017-07-13 16:52:16 -04:00
Nick Mathewson
c73b35d428 Merge branch 'maint-0.3.1' 2017-07-13 16:51:18 -04:00
Nick Mathewson
e6d2059751 Merge remote-tracking branch 'isis/bug22830_0.3.1' into maint-0.3.1 2017-07-13 16:51:09 -04:00
David Goulet
5d64ceb12d prop224: Move service version into config object
It makes more sense to have the version in the configuration object of the
service because it is afterall a torrc option (HiddenServiceVersion).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
3eeebd1b0c prop224: Use the service config object when configuring
Both configuration function now takes the service config object instead of the
service itself.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
f64689f3f0 prop224: Don't use char * for binary data
It turns out that some char * sneaked in our hs_common.c code. Replace those
by uint8_t *.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
1b048fbfaa prop224: Add a clear configuration function
The added function frees any allocated pointers in a service configuration
object and reset all values to 0.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
750c684fff prop224: Don't use an array of config handlers
As per nickm suggestion, an array of config handlers will not play well with
our callgraph tool.

Instead, we'll go with a switch case on the version which has a good side
effect of allowing us to control what we pass to the function intead of a fix
set of parameters.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
e9dd4ed16d prop224: Detect duplicate configuration options
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
cfa6f8358b prop224: Use a common function to parse uint64_t
Add a helper function to parse uint64_t and also does logging so we can reduce
the amount of duplicate code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
28f6431399 Revert "fixup! prop224: Add hs_config.{c|h} with a refactoring"
This reverts commit e2497e2ba038133026a475f0f93c9054187b2a1d.
2017-07-13 16:50:09 -04:00
David Goulet
09b12c4094 test: Add v3 service load keys and accessors
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
418059dd96 test: Add v3 service config and registration test
This tests our hs_config.c API to properly load v3 services and register them
to the global map. It does NOT test the service object validity, that will be
the hs service unit test later on.

At this commit, we have 100% code coverage of hs_config.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
87f6f96f47 hs: Add rend_service_init()
Initialize both the global and staging service lists.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
f76f873199 prop224: Add a function to check for invalid opts
Every hidden service option don't apply to every version so this new function
makes sure we don't have for instance an option that is only for v2 in a v3
configured service.

This works using an exclude lists for a specific version. Right now, there is
only one option that is not allowed in v3. The rest is common.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:08 -04:00
David Goulet
138e03c488 prop224: Load and/or generate v3 service keys
Try to load or/and generate service keys for v3. This write both the public
and private key file to disk along with the hostname file containing the onion
address.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:44 -04:00
David Goulet
f3899acdbf prop224: Service address creation/validation
This also adds unit test and a small python script generating a deterministic
test vector that a unit test tries to match.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:44 -04:00
David Goulet
c086a59ea1 prop224: Configure v3 service from options
This commit adds the support in the HS subsystem for loading a service from a
set of or_options_t and put them in a staging list.

To achieve this, service accessors have been created and a global hash map
containing service object indexed by master public key. However, this is not
used for now. It's ground work for registration process.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:44 -04:00
David Goulet
93774dcb54 test: Add HS v2 service configuration unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:08 -04:00
David Goulet
74193b9321 hs: Use v3 maximum intro points value when decoding v3
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:08 -04:00
David Goulet
765ed5dac1 prop224: Add a init/free_all function for the whole subsystem
Introduces hs_init() located in hs_common.c which initialize the entire HS v3
subsystem. This is done _prior_ to the options being loaded because we need to
allocate global data structure before we load the configuration.

The hs_free_all() is added to release everything from tor_free_all().

Note that both functions do NOT handle v2 service subsystem but does handle
the common interface that both v2 and v3 needs such as the cache and
circuitmap.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:08 -04:00
David Goulet
02e2edeb33 prop224: Add hs_config.{c|h} with a refactoring
Add the hs_config.{c|h} files contains everything that the HS subsystem needs
to load and configure services. Ultimately, it should also contain client
functions such as client authorization.

This comes with a big refactoring of rend_config_services() which has now
changed to only configure a single service and it is stripped down of the
common directives which are now part of the generic handler.

This is ground work for prop224 of course but only touches version 2 services
and add XXX note for version 3.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:08 -04:00
David Goulet
b03853b65f prop224: Initial import of hs_service_t
This object is the foundation of proposal 224 service work. It will change
and be adapted as it's being used more and more in the codebase. So, this
version is just a basic skeleton one that *will* change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:07 -04:00
Isis Lovecruft
c59ba01550
rephist: Remove unused crypto_pk statistics.
These statistics were largely ununsed, and kept track of statistical information
on things like how many time we had done TLS or how many signatures we had
verified.  This information is largely not useful, and would only be logged
after receiving a SIGUSR1 signal (but only if the logging severity level was
less than LOG_INFO).

 * FIXES #19871.
 * REMOVES note_crypto_pk_op(), dump_pk_op(), and pk_op_counts from
   src/or/rephist.c.
 * REMOVES every external call to these functions.
2017-07-13 20:24:48 +00:00
Chelsea H. Komlo
eb355e031e
use CARGO_HOME instead of HOME when building with rust 2017-07-13 18:12:35 +00:00
Nick Mathewson
abb9a5bdda New configuration option MaxConsensusAgeForDiffs
Relay operators (especially bridge operators) can use this to lower
or raise the number of consensuses that they're willing to hold for
diff generation purposes.

This enables a workaround for bug 22883.
2017-07-12 13:15:16 -04:00
Nick Mathewson
3aba8490ba Merge branch 'maint-0.3.1' 2017-07-12 10:16:06 -04:00
Nick Mathewson
5636b160d4 Merge branch 'bug22349_029' into maint-0.3.1 2017-07-12 10:15:49 -04:00
Nick Mathewson
4984d6242a Merge branch 'maint-0.3.1' 2017-07-12 09:24:01 -04:00
Nick Mathewson
e111cfcd54 Restore openssl and libscrypt includes in test_crypto_slow.c
This reverts part of commit 706c44a6ce.

It was a mistake to remove these includes: they were needed on
systems where we have openssl 1.1.0 *and* libscrypt, and where we
were validating the one against the other.

Fixes bug 22892; bugfix on 0.3.1.1-alpha.
2017-07-12 09:23:15 -04:00
Isis Lovecruft
9de12397cf
If writing a heartbeat message fails, retry after MIN_HEARTBEAT_PERIOD.
* FIXES #19476.
2017-07-12 03:08:04 +00:00
cypherpunks
f516c9ca99
Use the return value for choosing intervals 2017-07-12 03:08:02 +00:00
Nick Mathewson
7b2364035a Merge branch 'maint-0.3.1' 2017-07-10 15:27:16 -04:00
Matt Traudt
1ff98a7e89 Make consdiff tests pass on OS X too 2017-07-10 15:27:01 -04:00
Nick Mathewson
db71d42868 Avoid double-typedef errors on freebsd. 2017-07-10 09:28:50 -04:00
David Goulet
b50f39fb6f prop224: Add common intropoint object
Groundwork for more prop224 service and client code. This object contains
common data that both client and service uses.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 15:38:20 -04:00
Nick Mathewson
948158df33 Merge branch 'bug17750_029_squashed' 2017-07-07 13:28:22 -04:00
teor
527c0735f1 Comment that failure schedules always use exponential backoff 2017-07-07 13:18:04 -04:00
teor
32f0cbc0f6 Refactor exponential backoff multipliers into macros
There are only so many times you can type "4".
2017-07-07 13:18:04 -04:00
teor
f30d355903 Add regression tests for 17750 and 20534 2017-07-07 13:18:04 -04:00
teor
344f5a71c5 Use download_status_get_next_attempt_at() more often
This guards against future occurrences of 17750.
2017-07-07 13:18:04 -04:00
teor
f813b05202 Give correct bounds in next_random_exponential_delay() comment 2017-07-07 13:18:04 -04:00
teor
c21cfd28f4 Make clients try fallbacks before authorities
Make clients wait for 6 seconds before trying to download their
consensus from an authority.

Fixes bug 17750, bugfix on 0.2.8.1-alpha.
2017-07-07 13:18:04 -04:00
Nick Mathewson
63ceadb485 Use LANG_ENGLISH in windows error messages
This change prevents us from generating corrupt messages when we
are confused about codepage settings, and makes Windows errors
consistent with the rest of our logs.

Fixes bug 22520; bugfix on 0.1.2.8-alpha.  Patch from "Vort".
2017-07-07 13:12:45 -04:00
Nick Mathewson
8e8abbbbee Fix the expected bug warning in dir/param_voting_lookup tests 2017-07-07 13:06:02 -04:00
Nick Mathewson
eb01f35149 Merge branch 'bug21495' 2017-07-07 13:03:36 -04:00
Nick Mathewson
c7d2a67274 Fix a couple of clang warnings 2017-07-07 11:32:15 -04:00
Nick Mathewson
c387cc5022 Merge branch 'ticket21859_032_01_squashed' 2017-07-07 11:17:53 -04:00
Nick Mathewson
6a64563b1d Fix wide lines 2017-07-07 11:15:27 -04:00
Nick Mathewson
ec3e046986 Use LD_BUG, not LOG_PROTOCOL_WARN, for bad-purpose cases. 2017-07-07 11:14:47 -04:00
George Kadianakis
f35f52e869 Hide crypto_digest_t again and use an accessor for tests. 2017-07-07 11:12:27 -04:00
George Kadianakis
70d08f764d Explicit length checks in create_rend_cpath().
Had to also edit hs_ntor_circuit_key_expansion() to make it happen.
2017-07-07 11:12:27 -04:00
George Kadianakis
c4d17faf81 Explicit length checks in circuit_init_cpath_crypto(). 2017-07-07 11:12:27 -04:00
George Kadianakis
2432499705 Rename get_rend_cpath() to create_rend_cpath().
based on Nick's review.
2017-07-07 11:12:27 -04:00
George Kadianakis
b490ae68c7 Rename rend_circuit_validate_purpose() based on Nick's review. 2017-07-07 11:12:27 -04:00
George Kadianakis
fee95dabcf Turn some warnings into bugs and non-fatal asserts. 2017-07-07 11:12:26 -04:00
George Kadianakis
91da032e9c Improve docs based on Nick's review. 2017-07-07 11:12:26 -04:00
George Kadianakis
9bccc04f8d test: Add service-side unittests for e2e rendezvous circuits. 2017-07-07 11:12:26 -04:00
George Kadianakis
173dd486e3 test: Add client-side unittests for e2e rend circuits. 2017-07-07 11:12:26 -04:00
George Kadianakis
dc3a2037f5 test: Move some test code to test helpers.
Move code to create connection streams and rend_data structures to
test_helpers so that we can use them from the e2e rendezvous circuit
unittests.
2017-07-07 11:12:26 -04:00
George Kadianakis
43a73f6eb6 test: Crypto groundwork for e2e circuit unittests.
- Move some crypto structures so that they are visible by tests.

- Introduce a func to count number of hops in cpath which will be used
  by the tests.

- Mark a function as mockable.
2017-07-07 11:12:26 -04:00
George Kadianakis
9ff5613a34 test: Introduce hs_client_note_connection_attempt_succeeded().
This commit paves the way for the e2e circuit unittests.

Add a stub for the prop224 equivalent of rend_client_note_connection_attempt_ended().

That function was needed for tests, since the legacy function would get
called when we attach streams and our client-side tests would crash with
assert failures on rend_data.

This also introduces hs_client.[ch] to the codebase.
2017-07-07 11:12:26 -04:00
David Goulet
0cb66fc900 prop224: Introduce e2e rendezvous circuit code.
This commit adds most of the work of #21859. It introduces hs_circuit.c
functions that can handle the setup of e2e circuits for prop224 hidden
services, and also for legacy hidden service clients. Entry points are:

		prop224 circuits: hs_circuit_setup_e2e_rend_circ()
		legacy client-side circuits: hs_circuit_setup_e2e_rend_circ_legacy_client()

This commit swaps the old rendclient code to use the new API.

I didn't try to accomodate the legacy service-side code in this API, since
that's too tangled up and it would mess up the new API considerably IMO (all
this service_pending_final_cpath_ref stuff is complicated and I didn't want to
change it).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 11:12:26 -04:00
George Kadianakis
0b2018a4d0 Refactor legacy code to support hs_ident along with rend_data.
The legacy HS circuit code uses rend_data to match between circuits and
streams. We refactor some of that code so that it understands hs_ident
as well which is used for prop224.
2017-07-07 11:12:26 -04:00
George Kadianakis
83249015c2 Refactor circuit_init_cpath_crypto() to do prop224 rend circuits.
circuit_init_cpath_crypto() is responsible for creating the cpath of legacy
SHA1/AES128 circuits currently. We want to use it for prop224 circuits, so we
refactor it to create circuits with SHA3-256 and AES256 as well.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 11:12:26 -04:00
George Kadianakis
ba928e1ac8 Refactor the HS ntor key expansion to fit the e2e circuit API.
We want to use the circuit_init_cpath_crypto() function to setup our
cpath, and that function accepts a key array as input. So let's make our
HS ntor key expansion function also return a key array as output,
instead of a struct.

Also, we actually don't need KH from the key expansion, so the key
expansion output can be one DIGEST256_LEN shorter. See here for more
info: https://trac.torproject.org/projects/tor/ticket/22052#comment:3
2017-07-07 11:12:26 -04:00
David Goulet
f8dc1164ba prop224: Add connection and circuit identifier object
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 11:12:26 -04:00
Nick Mathewson
67b6ba6f2f Avoid a scan_build warning in dirvote_get_intermediate_param_value
Fixes bug 21495.
2017-07-07 11:08:28 -04:00
Nick Mathewson
ed0fb21834 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-07-07 10:56:31 -04:00
Nick Mathewson
66c85cd881 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-07 10:56:31 -04:00
Nick Mathewson
ae756f251f mingw fix: avoid "unused var" warning.
This is a backport of 19615bce64 to
fix bug 22838.
2017-07-07 10:54:24 -04:00
Karsten Loesing
b6acfa491e Update geoip and geoip6 to the July 4 2017 database. 2017-07-07 16:27:54 +02:00
Nick Mathewson
86eb63deb4 Merge remote-tracking branch 'public/bug19648' 2017-07-06 09:32:22 -04:00
Nick Mathewson
139799cdce Merge branch 'bug20488_029_squashed' 2017-07-06 09:29:03 -04:00
Nick Mathewson
41fe94ef15 Improve warning message to stop implying nickname reg is a thing.
Closing ticket 20488.
2017-07-06 09:28:31 -04:00
Nick Mathewson
68a2c75ab7 Merge branch 'maint-0.3.1' 2017-07-05 17:37:14 -04:00
Nick Mathewson
9919638e98 Fix a wide line from 22207 2017-07-05 17:37:06 -04:00
Nick Mathewson
93bd60e5b0 Merge branch 'maint-0.3.1' 2017-07-05 17:00:46 -04:00
Nick Mathewson
2251667ff2 Merge remote-tracking branch 'karsten/task-22207' into maint-0.3.1 2017-07-05 17:00:43 -04:00
Nick Mathewson
55777b3ff9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 16:11:48 -04:00
Nick Mathewson
0dc7d68bb5 Merge branch 'maint-0.3.1' 2017-07-05 16:11:48 -04:00
Nick Mathewson
15b13578e8 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 16:11:48 -04:00
Nick Mathewson
dfc0614840 Only disable -Wfloat-conversion on mingw when it exists.
The 22081 fix disabled -Wfloat-conversion, but -Wfloat-conversion
didn't exist in every relevant mingw; it was added in GCC 4.9.x some
time, if the documentation can be trusted.

Bug not in any released version of tor.
2017-07-05 16:10:45 -04:00
Nick Mathewson
a85ee62e74 Make the strings from #1667 static. 2017-07-05 15:59:17 -04:00
Nick Mathewson
13024c7932 Merge branch 'maint-0.3.1' 2017-07-05 15:57:09 -04:00
Nick Mathewson
9383fa3851 Fix mixed-sign comparison warning in fix for 22797. 2017-07-05 15:56:57 -04:00
Nick Mathewson
759154b1ad Fix unit test memory leak in certs_ok_ed25519.
Fixes bug 22803; bugfix on 0.3.0.1-alpha.
2017-07-05 15:42:25 -04:00
Nick Mathewson
546f5b364b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 13:43:31 -04:00
Nick Mathewson
15fddaffd5 Merge branch 'maint-0.3.1' 2017-07-05 13:43:31 -04:00
Nick Mathewson
5434b2451e Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 13:43:31 -04:00
Nick Mathewson
32c0066e4b Merge branch 'maint-0.2.8' into maint-0.2.9 2017-07-05 13:43:21 -04:00
Nick Mathewson
5ff0f1ab9e Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-07-05 13:42:47 -04:00
Nick Mathewson
6cd6d488dc Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-07-05 13:42:37 -04:00
Nick Mathewson
f6420bceec Merge branch 'maint-0.2.5' into maint-0.2.6 2017-07-05 13:42:32 -04:00
Nick Mathewson
ff8c230d7c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-07-05 13:42:26 -04:00
Nick Mathewson
16d2bce893 Allow setsockopt(IPV6_V6ONLY) in sandbox.
Fixes bug 20247.  We started setting V6ONLY in 0.2.3.13-alpha and
added the sandbox on 0.2.5.1-alpha.
2017-07-05 13:09:21 -04:00
Nick Mathewson
8bc70a2ad2 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 11:19:03 -04:00
Nick Mathewson
d4f08c74fe Merge branch 'maint-0.3.1' 2017-07-05 11:19:03 -04:00
Nick Mathewson
0f97f963e3 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 11:19:03 -04:00
Nick Mathewson
bb97f680e7 Merge branch 'bug22801_028' into maint-0.2.9 2017-07-05 11:18:59 -04:00
Nick Mathewson
e04cc7e27f Merge branch 'maint-0.3.1' 2017-07-05 11:16:51 -04:00
Nick Mathewson
e88aa98451 Merge branch 'teor-bug22797-025' into maint-0.3.1 2017-07-05 11:16:30 -04:00
teor
878e0d45a5 Always allow extra file descriptors when setting the connection maximum
When setting the maximum number of connections allowed by the OS,
always allow some extra file descriptors for other files.

Fixes bug 22797; bugfix on 0.2.0.10-alpha.
2017-07-05 11:15:10 -04:00
Donncha O'Cearbhaill
2be4f793e6 Add a timestamp field to the CIRC_BW and STREAM_BW events
Closes ticket 19254.
2017-07-05 11:14:56 -04:00
Nick Mathewson
cd77ea782e Merge branch 'neena-fix-1667' 2017-07-05 11:01:36 -04:00
Nick Mathewson
03b6cfd591 Extract "not an HTTP proxy" messages. 2017-07-05 11:01:17 -04:00
Nick Mathewson
46e83477c1 Merge branch 'bug15554_032_01_squashed' 2017-07-05 10:15:24 -04:00
George Kadianakis
17bd118b4c Add test that parses a hardcoded v2 descriptor. 2017-07-05 10:14:26 -04:00
Nick Mathewson
13ccca69f1 Merge branch 'onionskin_refactor_2' 2017-07-05 10:01:48 -04:00
cypherpunks
c79e286386 Use the proper syscall in sandbox error messages
Fixes #22750.
2017-07-05 09:56:28 -04:00
Nick Mathewson
3402b14089 Merge remote-tracking branch 'asn/ticket22727_032_02' 2017-07-05 09:49:12 -04:00
Nick Mathewson
b6c8530fc3 Merge remote-tracking branch 'dgoulet/ticket22726_032_02' 2017-07-05 09:36:31 -04:00
Roger Dingledine
943d284752 CREATE_FAST is for when you don't know the onion key
it isn't (anymore) for when you think you can get away with saving some
crypto operations.
2017-07-03 17:20:52 -04:00
Roger Dingledine
69fba1f2cd better comments and mild refactoring 2017-07-03 17:13:08 -04:00
Nick Mathewson
9b44e2e50e Document the new functions from the refactor 2017-07-03 16:54:41 -04:00
Nick Mathewson
2814b86875 Reindent the functions split from circuit_send_next_onion_skin().
This is a whitespace change only.
2017-07-03 16:54:41 -04:00
Nick Mathewson
935f84bd40 Split circuit_send_next_onion_skin() into its three main cases.
This commit is designed to have a very small diff.  Therefore,
the indentation is wrong.  The next commit will fix that.
2017-07-03 16:54:41 -04:00
Nick Mathewson
bb3f74e66b Fix assertion failure related to openbsd strtol().
Fixes bug 22789; bugfix on 0.2.3.8-alpha.
2017-07-03 11:22:27 -04:00
Nick Mathewson
5361032219 Fix -Wfloat-conversion C warnings on mingw in clamp_double_to_int64.
We just have to suppress these warnings: Mingw's math.h uses gcc's
__builtin_choose_expr() facility to declare isnan, isfinite, and
signbit.  But as implemented in at least some versions of gcc,
__builtin_choose_expr() can generate type warnings even from
branches that are not taken.

Fixes bug 22801; bugfix on 0.2.8.1-alpha.
2017-07-03 10:59:31 -04:00
Roger Dingledine
0fe7c42e0e general formatting / whitespace / typo fixes 2017-07-01 17:56:06 -04:00
Nick Mathewson
83dc072e67 Bump version to 0.3.1.4-alpha-dev 2017-06-29 18:45:49 -04:00
Nick Mathewson
d9427c00df bump to 0.3.0.9-dev 2017-06-29 18:44:43 -04:00
Nick Mathewson
a53573559f Bump 0.3.1 to 0.3.1.4-alpha 2017-06-29 16:36:50 -04:00
Nick Mathewson
98ffb2e722 Update maint-0.3.0 to 0.3.0.9 2017-06-29 16:35:40 -04:00
Nick Mathewson
71b9f4f0bb Merge branch 'maint-0.3.1' 2017-06-29 15:57:49 -04:00
Nick Mathewson
1712dc98b0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-29 15:57:48 -04:00
Nick Mathewson
52c4440c48 Merge branch 'trove-2017-006' into maint-0.3.0 2017-06-29 15:57:42 -04:00
Nick Mathewson
3781678a3c Merge branch 'maint-0.3.1' 2017-06-29 11:38:06 -04:00
Nick Mathewson
31a08ba26f Merge remote-tracking branch 'public/bug22670_031' into maint-0.3.1 2017-06-29 11:34:06 -04:00
Nick Mathewson
2c718c1a12 Merge branch 'maint-0.3.1' 2017-06-29 10:43:50 -04:00
Nick Mathewson
bb5968cae1 Merge branch 'ticket22684' 2017-06-29 10:16:15 -04:00
Nick Mathewson
88666d0482 Adjust unit tests to account for fix to bug 22753.
Our mock network put all the guards on the same IPv4 address, which
doesn't fly when we start applying EnforceDistinctSubnets.  So in
this commit, I disable EnforceDistinctSubnets when running the old
guard_restriction_t test.

This commit also adds a regression test for #22753.
2017-06-29 10:11:21 -04:00
Nick Mathewson
665baf5ed5 Consider the exit family when applying guard restrictions.
When the new path selection logic went into place, I accidentally
dropped the code that considered the _family_ of the exit node when
deciding if the guard was usable, and we didn't catch that during
code review.

This patch makes the guard_restriction_t code consider the exit
family as well, and adds some (hopefully redundant) checks for the
case where we lack a node_t for a guard but we have a bridge_info_t
for it.

Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-006
and CVE-2017-0377.
2017-06-29 09:57:00 -04:00
Nick Mathewson
a088a08eeb Log real error message when unable to remove a storagedir file
Attempts to help diagnose 22752.
2017-06-28 14:24:27 -04:00
Nick Mathewson
de5f0d8ba7 Replace crash on missing handle in consdiffmgr with nonfatal assert
Attempts to mitigate 22752.
2017-06-28 14:21:21 -04:00
Nick Mathewson
4c21d4ef7a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-28 14:03:23 -04:00
Nick Mathewson
ec9c6d7723 Merge remote-tracking branch 'teor/bug21507-029' into maint-0.2.9 2017-06-28 14:03:20 -04:00
Nick Mathewson
4060253749 Merge remote-tracking branch 'teor/bug21576_029_v2' into maint-0.2.9 2017-06-28 13:57:54 -04:00
Nick Mathewson
75c6fdd286 whitespace fix 2017-06-28 13:53:52 -04:00
Nick Mathewson
e84127d99e Merge remote-tracking branch 'asn/bug21969_bridges_030' into maint-0.3.0 2017-06-28 13:48:52 -04:00
Nick Mathewson
01404d7c52 Merge branch 'maint-0.3.1' 2017-06-28 12:25:09 -04:00
George Kadianakis
551ad20c43 nodelist: Make HSv3 protover magic numbers a bit more readable. 2017-06-28 18:32:32 +03:00
Alexander Færøy
c239b2fc9c Fix crash in LZMA module when the Sandbox is enabled.
This patch fixes a crash in our LZMA module where liblzma will allocate
slightly more data than it is allowed to by its limit, which leads to a
crash.

See: https://bugs.torproject.org/22751
2017-06-28 10:00:24 -04:00
George Kadianakis
f85c1874ad ed25519: Add tests blinding bad ed25519 pubkeys. 2017-06-28 16:02:21 +03:00
George Kadianakis
0269e4ffba ed25519: Also check that retval in the ref10 implementation. 2017-06-28 14:58:22 +03:00
George Kadianakis
0d9873ac0d ed25519: Check retval of unpack_negative_vartime in donna. 2017-06-28 14:58:22 +03:00
Nick Mathewson
559195ea82 Merge branch 'maint-0.3.1' 2017-06-27 18:28:38 -04:00
Alexander Færøy
0a4af86335 Return "304 not modified" if a client already have the most recent consensus.
This makes our directory code check if a client is trying to fetch a
document that matches a digest from our latest consensus document.

See: https://bugs.torproject.org/22702
2017-06-27 18:25:48 -04:00
Alexander Færøy
07f2940b45 Set published_out for consensus cache entries in spooled_resource_estimate_size().
This patch ensures that the published_out output parameter is set to the
current consensus cache entry's "valid after" field.

See: https://bugs.torproject.org/22702
2017-06-27 18:25:48 -04:00
Nick Mathewson
733ce556ad Merge branch 'asn_bug22006_final_squashed' 2017-06-27 18:21:46 -04:00
Nick Mathewson
3f94041589 no newlines in log messages. 2017-06-27 18:21:35 -04:00
Nick Mathewson
c0f0351e06 whitespace fix 2017-06-27 17:22:53 -04:00
Nick Mathewson
7fff6cfead Merge branch 'asn_bug22006_final_squashed' 2017-06-27 17:19:08 -04:00
George Kadianakis
a155035d20 ed25519: Dirauths validate router ed25519 pubkeys before pinning. 2017-06-27 17:17:58 -04:00
George Kadianakis
e8eee3a50e ed25519: Add unittests for ed25519 pubkey validation. 2017-06-27 17:17:58 -04:00
George Kadianakis
559658ff1c ed25519: Add func that checks for torsion component in pubkeys.
See https://lists.torproject.org/pipermail/tor-dev/2017-April/012213.html .
2017-06-27 17:17:58 -04:00
Nick Mathewson
f367453cb5 Mark descriptors as undownloadable when dirserv_add_() rejects them
As of ac2f6b608a in 0.2.1.19-alpha,
Sebastian fixed bug 888 by marking descriptors as "impossible" by
digest if they got rejected during the
router_load_routers_from_string() phase. This fix stopped clients
and relays from downloading the same thing over and over.

But we never made the same change for descriptors rejected during
dirserv_add_{descriptor,extrainfo}.  Instead, we tried to notice in
advance that we'd reject them with dirserv_would_reject().

This notice-in-advance check stopped working once we added
key-pinning and didn't make a corresponding key-pinning change to
dirserv_would_reject() [since a routerstatus_t doesn't include an
ed25519 key].

So as a fix, let's make the dirserv_add_*() functions mark digests
as undownloadable when they are rejected.

Fixes bug 22349; I am calling this a fix on 0.2.1.19-alpha, though
you could also argue for it being a fix on 0.2.7.2-alpha.
2017-06-27 12:01:46 -04:00
Nick Mathewson
3483f7c003 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-27 11:04:44 -04:00
Nick Mathewson
9a0fd2dbb1 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-27 11:04:44 -04:00
Nick Mathewson
3de27618e6 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-27 11:04:44 -04:00
Nick Mathewson
ccae991662 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-27 11:04:44 -04:00
Nick Mathewson
a242d194c7 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-27 11:04:44 -04:00
Nick Mathewson
711160a46f Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-27 11:04:44 -04:00
Nick Mathewson
32eba3d6aa Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-27 11:04:44 -04:00
Nick Mathewson
0576f9f433 Merge branch 'maint-0.3.1' 2017-06-27 11:04:44 -04:00
Nick Mathewson
8d2978b13c Fix an errant memset() into the middle of a struct in cell_pack().
This mistake causes two possible bugs. I believe they are both
harmless IRL.

BUG 1: memory stomping

When we call the memset, we are overwriting two 0 bytes past the end
of packed_cell_t.body. But I think that's harmless in practice,
because the definition of packed_cell_t is:

// ...
typedef struct packed_cell_t {
  TOR_SIMPLEQ_ENTRY(packed_cell_t) next;
  char body[CELL_MAX_NETWORK_SIZE];
  uint32_t inserted_time;
} packed_cell_t;

So we will overwrite either two bytes of inserted_time, or two bytes
of padding, depending on how the platform handles alignment.

If we're overwriting padding, that's safe.

If we are overwriting the inserted_time field, that's also safe: In
every case where we call cell_pack() from connection_or.c, we ignore
the inserted_time field. When we call cell_pack() from relay.c, we
don't set or use inserted_time until right after we have called
cell_pack(). SO I believe we're safe in that case too.

BUG 2: memory exposure

The original reason for this memset was to avoid the possibility of
accidentally leaking uninitialized ram to the network. Now
remember, if wide_circ_ids is false on a connection, we shouldn't
actually be sending more than 512 bytes of packed_cell_t.body, so
these two bytes can only leak to the network if there is another bug
somewhere else in the code that sends more data than is correct.

Fortunately, in relay.c, where we allocate packed_cell_t in
packed_cell_new() , we allocate it with tor_malloc_zero(), which
clears the RAM, right before we call cell_pack. So those
packed_cell_t.body bytes can't leak any information.

That leaves the two calls to cell_pack() in connection_or.c, which
use stack-alocated packed_cell_t instances.

In or_handshake_state_record_cell(), we pass the cell's contents to
crypto_digest_add_bytes(). When we do so, we get the number of
bytes to pass using the same setting of wide_circ_ids as we passed
to cell_pack(). So I believe that's safe.

In connection_or_write_cell_to_buf(), we also use the same setting
of wide_circ_ids in both calls. So I believe that's safe too.

I introduced this bug with 1c0e87f6d8
back in 0.2.4.11-alpha; it is bug 22737 and CID 1401591
2017-06-27 10:47:20 -04:00
Nick Mathewson
22f441d4ee Merge branch 'maint-0.3.1' 2017-06-27 10:32:50 -04:00
Nick Mathewson
fd16dd2608 Merge branch 'bug22719_031' into maint-0.3.1 2017-06-27 10:31:33 -04:00
David Goulet
c17a04376d nodelist: Add functions to check for HS v3 support
This introduces node_supports_v3_hsdir() and node_supports_ed25519_hs_intro()
that checks the routerstatus_t of a node and if not present, checks the
routerinfo_t.

This is groundwork for proposal 224 service implementation in #20657.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-27 10:24:15 -04:00
David Goulet
82dee76740 hs: Ignore unparseable v3 introduction point
It is possible that at some point in time a client will encounter unknown or
new fields for an introduction point in a descriptor so let them ignore it for
forward compatibility.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-27 10:19:57 -04:00
Nick Mathewson
f6df433b91 Merge branch 'maint-0.3.1' 2017-06-26 14:30:21 -04:00
Nick Mathewson
32596016a2 Merge branch 'bug22105_031' into maint-0.3.1 2017-06-26 14:30:17 -04:00
Nick Mathewson
c29a559e7b Merge branch 'maint-0.3.1' 2017-06-26 14:15:21 -04:00
Nick Mathewson
d72cfb259d Patch for 22720 from huyvq: exit(1) more often
See changes file for full details.
2017-06-26 14:14:56 -04:00
Nick Mathewson
06414b9922 Merge branch 'maint-0.3.1' 2017-06-26 11:39:43 -04:00
Nick Mathewson
8f59661dba Merge branch 'bug22212_squashed' into maint-0.3.1 2017-06-26 11:27:09 -04:00
Mike Perry
0592ee45fc Demote a log message due to libevent delays.
This is a side-effect of being single-threaded. The worst cases of this are
actually Bug #16585.
2017-06-26 11:26:59 -04:00
Nick Mathewson
82a68be69a Merge branch 'maint-0.3.1' 2017-06-26 10:32:57 -04:00
Nick Mathewson
0c7c49483f Fix a coverity warning about a no-op assert with-64 bit size_t
This is CID 1403400
2017-06-26 10:31:13 -04:00
Nick Mathewson
b546d8bc2b Try a little harder to make sure we never call tor_compress_process wrong. 2017-06-26 09:39:59 -04:00
Nick Mathewson
acbe16a9a2 Log even more to try to debug 22719 2017-06-24 13:40:02 -04:00
Nick Mathewson
6caf924605 Add an additional log message to try to diagnose #22719 2017-06-24 11:27:46 -04:00
Mike Perry
79e2e4d3cb Ticket #17857: Padding off-switch for single hop connections
This doesn't apply to currently active connections.. yet...
2017-06-23 16:53:39 -04:00
Nick Mathewson
89d0261eb5 Merge remote-tracking branch 'isis/bug4019' 2017-06-23 14:38:20 -04:00
Nick Mathewson
80360ed9fa Merge branch 'bug3056_squashed' 2017-06-23 09:28:27 -04:00
Nick Mathewson
96fab4aaa6 Improve clarity, safety, and rate of dns spoofing log msg
Closes ticket 3056.
2017-06-23 09:28:17 -04:00
Nick Mathewson
90046a09dd Merge branch 'maint-0.3.1' 2017-06-22 10:56:08 -04:00
Nick Mathewson
2c49a9852d Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-22 10:56:08 -04:00
Nick Mathewson
bdd267e74d Combine our "don't do this if no consensus" entryguards checks
Suggested by asn on 22400 review.
2017-06-22 09:28:30 -04:00
Nick Mathewson
34ecfeb479 whitespace fix 2017-06-22 08:16:48 -04:00
Nick Mathewson
b9d8c8b126 Merge remote-tracking branch 'rl1987/bug22461' 2017-06-22 08:11:36 -04:00
Nick Mathewson
dc9ec519b5 Merge remote-tracking branch 'public/bug7890' 2017-06-22 08:04:12 -04:00
Isis Lovecruft
28344b74ba
config: Fix duplicate error message for nonlocal SocksPorts.
If `validate_only` is true, then just validate the configuration without warning
about it.  This way, we only emit warnings when the listener is actually opened.
(Otherwise, every time we parse the config we will might re-warn and we would
need to keep state; whereas the listeners are only opened once.)

 * FIXES #4019.
2017-06-22 00:28:31 +00:00
Roger Dingledine
005500e14d make assign_onionskin_to_cpuworker failure case more clear
now it looks like the other time we call it
2017-06-21 17:42:10 -04:00
Nick Mathewson
3a8a92fddd Merge branch 'callgraph_reduction_v2' 2017-06-21 16:47:55 -04:00
Nick Mathewson
5dcc6bef1e Add GETINFO targets to determine whether md/desc fetching is enabled
Closes ticket 22684.
2017-06-21 16:45:31 -04:00
Nick Mathewson
1c0a2335cd Extract channel_do_open_actions() from non-open _change_state cases
This reduces the size of the largest SCC in the callgraph by 30
functions, from 58 to 28.
2017-06-21 14:03:00 -04:00
Nick Mathewson
5d3f484f4a Merge branch 'maint-0.3.1' 2017-06-21 13:54:07 -04:00
Nick Mathewson
784b29a2bf Merge branch 'bug22356_029' into maint-0.3.1 2017-06-21 13:54:02 -04:00
Nick Mathewson
35d6313500 Call it a BUG to use -1 in authdir_mode_handles_descs 2017-06-21 13:49:17 -04:00
huyvq
ad97714f22 Remove obsolete authdir_mode_any_nonhidserv()
- Replace it with authdir_mode()
2017-06-21 13:49:17 -04:00
huyvq
18cd1993ca Convert authdir_mode_handles_descs() to alternative wrappers
-authdir_mode_handles_descs(options, ROUTER_PURPOSE_BRIDGE) to authdir_mode_bridge(options).

- authdir_mode_handles_descs(options, ROUTER_PURPOSE_GENERAL) to authdir_mode_v3(options).
2017-06-21 13:49:17 -04:00
huyvq
d92b999757 Convert authdir_mode_handles_descs(options, -1) with authdir_mode(options) 2017-06-21 13:49:17 -04:00
huyvq
0471c905a1 Remove obsolete authdir_mode_any_main() 2017-06-21 13:49:17 -04:00
Kevin Butler
0a96d11539 Better error message for GETINFO desc/(id|name) whenever microdescriptors are in use. Fixes #5847. 2017-06-21 12:19:01 -04:00
Nick Mathewson
6595f55020 unit tests for peek_buf_startswith() 2017-06-21 11:20:33 -04:00
Nick Mathewson
ed4bc55450 Replace peek_buf_startswith() with a safe version
It's not okay to assume that the data in a buf_t is contiguous in
the first chunk.
2017-06-21 11:10:58 -04:00
Nick Mathewson
acf65544bb Fix compilation on 1667 code. 2017-06-21 10:35:35 -04:00
Ravi Chandra Padmala
417d778652 Respond meaningfully to HTTP requests on the control port. Fix #1667
(Squashed with bufferevents portions removed, by nickm)
2017-06-21 10:34:26 -04:00
Nick Mathewson
884c0ffe3b Merge branch 'maint-0.3.1' 2017-06-20 20:29:00 -04:00
Nick Mathewson
e51e7bd38b Merge branch 'bug22502_redux_031' into maint-0.3.1 2017-06-20 20:27:48 -04:00
Nick Mathewson
c999e84436 Merge branch 'bug22672_031' into maint-0.3.1 2017-06-20 20:26:45 -04:00
Nick Mathewson
a9a76aa6ae Merge branch 'maint-0.3.1' 2017-06-20 13:35:44 -04:00
Nick Mathewson
392e5457b8 Merge remote-tracking branch 'argonblue/bug22638' into maint-0.3.1 2017-06-20 13:35:38 -04:00
Nick Mathewson
9328bd524e Enforce the rule that COMPRESS_OK means progress was made.
If COMPRESS_OK occurs but data is neither consumed nor generated,
treat it as a BUG and a COMPRESS_ERROR.

This change is meant to prevent infinite loops in the case where
we've made a mistake in one of our compression backends.

Closes ticket 22672.
2017-06-20 12:26:57 -04:00
Nick Mathewson
945256188a mingw/windows printf lacks %zd ; use %lu and casts instead
(This approach can lose accuracy, but it's only in debug-level messages.)

Fixes windows compilation. Bugfix on recent compress.c changes; bug
not in any released Tor.
2017-06-20 12:12:55 -04:00
Nick Mathewson
5537e1fc45 If we successfully decompress an HTTP body, return immediately.
This prevents us from calling
allowed_anonymous_connection_compression_method() on the unused
guessed method (if any), and rejecting something that was already
safe to use.
2017-06-20 12:08:12 -04:00
Nick Mathewson
d8cd68caf1 If a _guessed_ compression method fails, it is never PROTOCOL_WARN.
Rationale: When use a guessed compression method, we already gave a
PROTOCOL_WARN when our guess differed from the declared method,
AND we gave a PROTOCOL_WARN when the declared method failed.  It is
not a protocol problem that the guessed method failed too; it's just
a recovery attempt that failed.
2017-06-20 12:08:11 -04:00
Nick Mathewson
7b3161f008 It should be a PROTOCOL_WARN when we have an incorrect content-encoding.
Rationale: The server did not obey the protocol, and its
content-encoding got munged. That's what PROTOCOL_WARN is for.
2017-06-20 12:08:11 -04:00
Nick Mathewson
9018da06c7 Short-circuit the no-decompression-needed case, for clarity
This commit is mostly just deindentation.
2017-06-20 11:46:54 -04:00
Nick Mathewson
c0e9698fca Extract "decompress" portion of connection_dir_client_reached_eof() 2017-06-20 11:43:37 -04:00
Taylor Yu
25edb41e6f Fix compress_none.c header comment
The Doxygen \file markup for compress_none.c had the wrong filename.
Fixes #22638.
2017-06-20 11:27:17 -04:00
Nick Mathewson
782eb02b79 Send the correct content-encoding when serving cached_dir_t objects
A cached_dir_t object (for now) is always compressed with
DEFLATE_METHOD, but in handle_get_status_vote() to we were using the
general compression-negotiation code decide what compression to
claim we were using.

This was one of the reasons behind 22502.

Fixes bug 22669; bugfix on 0.3.1.1-alpha
2017-06-20 11:26:51 -04:00
Nick Mathewson
eb632afb17 Correct the fix to bug 22629 to permit trailing non-garbage
This change makes it so that we can decompress concatenated zstd
outputs.
2017-06-20 10:24:22 -04:00
Nick Mathewson
94a1b8b66c Add a unit test for decompressing concatenated inputs. 2017-06-20 10:21:35 -04:00
Nick Mathewson
2341368515 Merge branch 'maint-0.3.1' 2017-06-20 10:06:19 -04:00
Nick Mathewson
1c0459f19a Merge remote-tracking branch 'teor/bug22502' into maint-0.3.1 2017-06-20 10:04:16 -04:00
Nick Mathewson
32e486de97 Don't expand guard sample set unless consensus is "reasonably live"
Fixes what I think is the main root cause of 22400. Bugfix on
0.3.0.1-alpha.
2017-06-19 15:48:47 -04:00
Nick Mathewson
1721487bea Remove hardwired libfuzzer path; closes 22105. 2017-06-19 15:35:46 -04:00
Nick Mathewson
e3efc076c5 Downgrade "assign_to_cpuworker failed" to INFO.
Closes ticket 22356
2017-06-19 15:24:33 -04:00
Nick Mathewson
e01e4e0146 Merge branch 'ticket20575_031_01_squashed' 2017-06-19 14:16:21 -04:00
Nick Mathewson
0379439fe8 refer to the correct version 2017-06-19 14:15:04 -04:00
David Goulet
3f807ec058 config: Deprecate HTTPProxy option
Move the HTTPProxy option to the deprecated list so for now it will only warn
users but feature is still in the code which will be removed in a future
stable version.

Fixes #20575

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-19 14:14:17 -04:00
Nick Mathewson
bf95d678e8 Remove an XXXX RD comment that neither Roger or I understand. Closes 22420 2017-06-19 14:06:07 -04:00
Nick Mathewson
f6946d7a82 Merge remote-tracking branch 'arma/ticket22420' 2017-06-19 14:03:57 -04:00
Nick Mathewson
eff5e29404 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-19 13:52:19 -04:00
Nick Mathewson
71c701927a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-19 13:52:19 -04:00
Nick Mathewson
32948ebc54 Merge branch 'maint-0.3.1' 2017-06-19 13:52:19 -04:00
Nick Mathewson
a3139c9750 Bump master to 0.3.2.0-alpha-dev. For 0.3.1, use maint-0.3.1 2017-06-19 11:57:44 -04:00
Nick Mathewson
59f29970fa Permit the fchmod system call.
Fixes bug 22516; bugfix on 0.2.5.4-alpha.
2017-06-16 14:03:02 -04:00
teor
7d535ea9d3
Add extra logging during compression and decompression
This helps diagnose failures.

Part of #22502.
2017-06-16 09:48:18 +10:00
teor
cbaf0c049c
Return TOR_COMPRESS_BUFFER_FULL when zstd has additional input
Fixes #22628.
2017-06-16 09:47:32 +10:00
teor
617e1da636
Remove a redundant conditional in tor_zstd_compress_process
Part of #22502
2017-06-16 09:46:46 +10:00
teor
7605bd528e
Move a comment to the right place in tor_zstd_compress_process
Part of #22502
2017-06-16 09:45:58 +10:00
teor
952c9073ad
Check for trailing input garbage in tor_compress_impl() when decompressing
Fixes #22629.
2017-06-16 09:41:29 +10:00
teor
8e1b37a4aa
Check if tor_compress_new() returns NULL in tor_compress_impl()
Partial fix to 22626.
2017-06-16 09:38:18 +10:00
Karsten Loesing
5b5e20a478 Add "fingerprint" line to bridge network status.
Implements #22207.
2017-06-11 10:21:36 +02:00
Nick Mathewson
493d9cd17b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-09 09:58:46 -04:00
Nick Mathewson
cd7d006e08 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-09 09:58:46 -04:00
Nick Mathewson
3f40d9ec20 Merge branch 'maint-0.3.0' 2017-06-09 09:58:46 -04:00
Nick Mathewson
307be8d4a7 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-09 09:58:45 -04:00
Nick Mathewson
24ee8595bf Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-09 09:58:45 -04:00
Nick Mathewson
3913f959e3 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-09 09:58:45 -04:00
Nick Mathewson
325c507a09 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-09 09:58:45 -04:00
Karsten Loesing
104e8fa751 Update geoip and geoip6 to the June 8 2017 database. 2017-06-09 15:47:49 +02:00
Nick Mathewson
6e7551c50d Add -dev to version number. 2017-06-08 14:05:32 -04:00
Nick Mathewson
90758b2606 Add -dev to version number. 2017-06-08 14:05:29 -04:00
Nick Mathewson
5e554215dd Add -dev to version number. 2017-06-08 14:05:27 -04:00
Nick Mathewson
5c47b92747 Add -dev to version number. 2017-06-08 14:05:22 -04:00
Nick Mathewson
44c8cb986d Add -dev to version number. 2017-06-08 14:05:18 -04:00
Nick Mathewson
95a88f7283 Add -dev to version number. 2017-06-08 14:05:16 -04:00
Nick Mathewson
f3804f5999 Add -dev to version number. 2017-06-08 14:05:13 -04:00
Nick Mathewson
ec3ce773ad Add -dev to version number. 2017-06-08 14:05:08 -04:00
Nick Mathewson
792931d53d Bump to 0.2.8.14 2017-06-08 09:27:54 -04:00
Nick Mathewson
2efe0275bc Bump to 0.2.7.8 2017-06-08 09:27:34 -04:00
Nick Mathewson
0de4620375 Bump to 0.2.6.12 2017-06-08 09:26:20 -04:00
Nick Mathewson
fa73f59ad3 bump to 0.2.5.14 2017-06-08 09:26:00 -04:00
Nick Mathewson
8e439a66f3 Bump to 0.2.4.29 2017-06-08 09:25:31 -04:00
Nick Mathewson
b533220249 bump to 0.2.9.11 2017-06-08 09:24:38 -04:00
Nick Mathewson
a0664fd0c3 bump to 0.3.0.8 2017-06-08 09:24:28 -04:00
Nick Mathewson
78d4200abe Bump to 0.3.1.3-alpha. 2017-06-08 09:24:16 -04:00
Nick Mathewson
d15d09a968 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-08 09:21:15 -04:00
Nick Mathewson
c1646d6e89 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-08 09:21:15 -04:00
Nick Mathewson
40bccc2004 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-08 09:21:15 -04:00
Nick Mathewson
dec7998f5c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-08 09:21:15 -04:00
Nick Mathewson
987c7cae70 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-08 09:21:15 -04:00
Nick Mathewson
53011e3e54 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-08 09:21:15 -04:00
Nick Mathewson
83135d75a3 Merge branch 'maint-0.3.0' 2017-06-08 09:21:15 -04:00
David Goulet
56a7c5bc15 TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell
On an hidden service rendezvous circuit, a BEGIN_DIR could be sent
(maliciously) which would trigger a tor_assert() because
connection_edge_process_relay_cell() thought that the circuit is an
or_circuit_t but is an origin circuit in reality.

Fixes #22494

Reported-by: Roger Dingledine <arma@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-08 09:21:10 -04:00
Nick Mathewson
9acca04025 Merge branch 'maint-0.3.0' 2017-06-08 09:17:32 -04:00
David Goulet
79b59a2dfc TROVE-2017-004: Fix assertion failure in relay_send_end_cell_from_edge_
This fixes an assertion failure in relay_send_end_cell_from_edge_() when an
origin circuit and a cpath_layer = NULL were passed.

A service rendezvous circuit could do such a thing when a malformed BEGIN cell
is received but shouldn't in the first place because the service needs to send
an END cell on the circuit for which it can not do without a cpath_layer.

Fixes #22493

Reported-by: Roger Dingledine <arma@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-08 09:14:10 -04:00
Nick Mathewson
9ab45d621c Merge branch 'maint-0.3.0' 2017-06-06 11:34:11 -04:00
Nick Mathewson
68c3df69de Repair the unit test behavior of my fix for 22508.
Apparently, the unit tests relied on being able to make ed->x509
link certs even when they hadn't set any server flags in the
options.  So instead of making "client" mean "never generate an
ed->x509 cert", we'll have it mean "it's okay not to generate an
ed->x509 cert".

(Going with a minimal fix here, since this is supposed to be a
stable version.)
2017-06-06 11:32:01 -04:00
Nick Mathewson
14ffcc003d Merge branch 'maint-0.3.0' 2017-06-06 09:32:45 -04:00
Nick Mathewson
4ed0f0d62f Make generate_ed_link_cert() a no-op on clients.
Fixes bug 22508; bug not in any released Tor.
2017-06-06 09:32:11 -04:00
Nick Mathewson
5343d2b03c Merge branch 'maint-0.3.0' 2017-06-05 16:35:40 -04:00
Nick Mathewson
ac1ddd5e5b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-05 16:35:40 -04:00
Nick Mathewson
d561da10dd Rename "link" variable to avoid shadowing warning. 2017-06-05 16:35:37 -04:00
Nick Mathewson
e3b1573be6 Merge branch 'maint-0.3.0' 2017-06-05 15:52:06 -04:00
Nick Mathewson
91f49bc0f0 Fix unit tests to work after own_link_cert assertion
The assert_nonfatal() I had added was triggered by some of the code
that tested the pre-ed case of CERTS cell generation.
2017-06-05 15:51:11 -04:00
Nick Mathewson
d5acdadaef Merge branch 'bug22460_030_01' into maint-0.3.0 2017-06-05 15:44:36 -04:00
Nick Mathewson
d1c1dc229e Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-05 15:44:12 -04:00
Nick Mathewson
9fea00928c Merge branch 'bug22460_case2_029_01_squashed' into maint-0.2.9 2017-06-05 15:28:13 -04:00
Nick Mathewson
ec84fc1d8e Improve documentation on get_{peer,own}_certificate()
Make it clear that we're returning a newly allocated copy.
2017-06-05 15:27:33 -04:00
Nick Mathewson
8e9392c267 Repair link_handshake unit tests to mock tor_tls_get_own_cert()
The tests previously assumed that the link handshake code would be
calling get_my_certs() -- when I changed it to call get_own_cert()
instead for the (case 2) 22460 fix, the tests failed, since the tls
connection wasn't really there.

This change makes us start mocking out the tor_tls_get_own_cert()
function too.

It also corrects the behavior of the mock_get_peer_cert() function
-- it should have been returning a newly allocated copy.
2017-06-05 15:27:33 -04:00
Nick Mathewson
39b7e89c28 Test prerequisites: function to dup a cert, make get_own_cert mockable. 2017-06-05 15:27:33 -04:00
Nick Mathewson
50facb40bb On v3 link handshake, send the correct link certificate
Previously we'd send the _current_ link certificate, which would
cause a handshaking failure when the TLS context rotated.
2017-06-05 15:27:33 -04:00
Nick Mathewson
2e5220cb8b Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-05 14:38:54 -04:00
Nick Mathewson
4ee48cb434 Fix C89 warning (since Tor 0.2.4-5 still care about that.) 2017-06-05 14:38:38 -04:00
Nick Mathewson
db2f18b1f9 Merge branch 'maint-0.3.0' 2017-06-05 12:02:47 -04:00
Nick Mathewson
578a4392e9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-05 12:02:26 -04:00
Nick Mathewson
d75be189df Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-05 12:02:15 -04:00
Nick Mathewson
33fcc0f61d Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-05 12:01:17 -04:00
Nick Mathewson
3f2d1f7f07 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-05 12:00:41 -04:00
Nick Mathewson
9ea3d0877a Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-05 12:00:27 -04:00
Nick Mathewson
1a540b5792 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-05 12:00:08 -04:00
Nick Mathewson
e3ebae4804 Fix undefined behavior in geoip_parse_entry().
Fixes bug 22490; bugfix on 6a241ff3ff in 0.2.4.6-alpha.

Found by teor using clang-5.0's AddressSanitizer stack-use-after-scope.
2017-06-05 10:09:39 -04:00
Nick Mathewson
26d9fffae4 Merge branch 'bug22466_diagnostic_030' 2017-06-05 09:52:09 -04:00
Nick Mathewson
be741d7e63 Merge branch 'maint-0.3.0' 2017-06-05 09:51:57 -04:00
Nick Mathewson
e5bdfd66cf Make code more clear about own_link_cert safety
It's okay to call add_ed25519_cert with a NULL argument: so,
document that.  Also, add a tor_assert_nonfatal() to catch any case
where we have failed to set own_link_cert when conn_in_server_mode.
2017-06-05 09:35:55 -04:00
rl1987
f8c98759e5 Use string_is_valid_hostname in SOCKS4 request parsing codepath 2017-06-04 13:22:45 +02:00
rl1987
7f05f89663 Don't reject SOCKS5 requests that contain IP strings 2017-06-04 13:14:55 +02:00
rl1987
9e2f780923 Refrain from needless SOCKS5 warning 2017-06-03 18:04:47 +02:00
Nick Mathewson
41ed9e978b Regenerate RSA->ed25519 identity crosscertificate as needed 2017-06-01 10:04:52 -04:00
Nick Mathewson
f2068ef862 Use tor_assert_nonfatal() to try to detect #22466 2017-06-01 09:42:32 -04:00
Nick Mathewson
34a6755b94 Fix ed25519 link certificate race on tls context rotation
Whenever we rotate our TLS context, we change our Ed25519
Signing->Link certificate.  But if we've already started a TLS
connection, then we've already sent the old X509 link certificate,
so the new Ed25519 Signing->Link certificate won't match it.

To fix this, we now store a copy of the Signing->Link certificate
when we initialize the handshake state, and send that certificate
as part of our CERTS cell.

Fixes one case of bug22460; bugfix on 0.3.0.1-alpha.
2017-06-01 09:26:24 -04:00
Nick Mathewson
a9be768959 Bugfix: Regenerate more certificates when appropriate
Previously we could sometimes change our signing key, but not
regenerate the certificates (signing->link and signing->auth) that
were signed with it.  Also, we would regularly replace our TLS x.509
link certificate (by rotating our TLS context) but not replace our
signing->link ed25519 certificate.  In both cases, the resulting
inconsistency would make other relays reject our link handshakes.

Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
2017-05-31 18:45:35 -04:00
Andreas Stieger
1763aa058b Fix GCC 7 -Wimplicit-fallthrough warnings (32 bit)
Add magic comments recognized by default -Wimplicit-fallthrough=3
Follow-up to e5f464, fixes Ticket 22446 for 32 bit.
2017-05-31 09:30:35 -04:00
Nick Mathewson
9d59769db7 Improve error message when all permitted Exits are down
The old "No specified non-excluded exit routers seem to be running"
message was somewhat confusing.

Fix for 7890.
2017-05-30 10:59:04 -04:00
David Goulet
5b33d95a3d hs: Correctly validate v3 descriptor encrypted length
The encrypted_data_length_is_valid() function wasn't validating correctly the
length of the encrypted data of a v3 descriptor. The side effect of this is
that an HSDir was rejecting the descriptor and ultimately not storing it.

Fixes #22447

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-30 10:27:42 -04:00
Nick Mathewson
671c5dcde3 Merge remote-tracking branch 'public/bug6298' 2017-05-30 10:27:37 -04:00
Nick Mathewson
0fbe1a2c6f Merge remote-tracking branch 'teor/bug22424' 2017-05-30 08:50:45 -04:00
Nick Mathewson
184d889f8a Merge remote-tracking branch 'jigsaw/fix-22417-without-3-star' 2017-05-30 08:47:14 -04:00
Nick Mathewson
f9615f9d77 Merge remote-tracking branch 'teor/bug22421' 2017-05-30 08:42:20 -04:00
Andreas Stieger
e5f4642db3 Fix GCC 7 -Wimplicit-fallthrough warnings
Add magic comments recognized by default -Wimplicit-fallthrough=3
or break, as required.
2017-05-30 08:33:27 -04:00
Roger Dingledine
d1580ad49b remove obsolete comment
we should have taken out this comment with commit aadff6274
during ticket 16480.
2017-05-30 02:42:32 -04:00
Daniel Pinto
94d321120e Replace 3-star pointer with 2-star pointer 2017-05-28 20:24:48 +01:00
teor
79725289e1
If we do underflow the know usage of a storage, recalculate it
Fixes bug #22424 on 0.3.1.1-alpha.
2017-05-28 22:34:43 +10:00
teor
69b234a0a8
Refactor storage usage reductions into a static function
No behaviour change.

Part of #22424.
2017-05-28 22:28:43 +10:00
teor
334fe6bb6b
Don't underflow usage when it is unknown and a file is removed
Part of #22424.
2017-05-28 22:16:00 +10:00
teor
9e36b0beb9
Always check for usage underflow when removing a file in storage.c
Part of #22424.
2017-05-28 22:12:09 +10:00
teor
f6841ae263
Fix comment typos in storage.c 2017-05-28 22:11:22 +10:00
teor
25ea8be9de
Update the client bootstrap comment in config.c for exponential backoff
This brings the description up to date with the exponential backoff
code introduced in 0.2.9.1-alpha.

Fixes bug #22421.
2017-05-28 21:01:08 +10:00
Daniel Pinto
f8ccf8d9a9 Fix crash with %include
Fixes crash when including a folder that contains a non-empty file
without any values followed by any other non-empty file.
2017-05-28 09:53:14 +01:00
Roger Dingledine
084b64ba2e simplify because relay_crypt_one_payload can't fail 2017-05-28 01:51:22 -04:00
Nick Mathewson
6fcaf83c98 Cleanup MOCK_IMPL (etc) to be findable with etags
A fair number of our mock_impl declarations were messed up so that
even our special AM_ETAGSFLAGS couldn't find them.

This should be a whitespace-only patch.
2017-05-26 14:07:06 -04:00
Nick Mathewson
159a8061cf Mock tor_addr_lookup() during part of addr/basic test.
If this function isn't mocked, then our unit tests break on stupid
networks where localhost is broken or absent. Fixes bug 6298; bugfix
on 0.0.9pre2.
2017-05-26 13:53:32 -04:00
Nick Mathewson
5742e4fd8e bump version to 0.3.1.2-alpha-dev 2017-05-26 10:23:53 -04:00
Nick Mathewson
2550ac7bb1 update version to 0.3.1.2-alpha 2017-05-26 08:58:08 -04:00
Nick Mathewson
ab9976b724 Merge remote-tracking branch 'arma/bug22368' 2017-05-25 08:54:51 -04:00
Roger Dingledine
657297a9f8 Merge branch 'maint-0.3.0' 2017-05-25 00:28:11 -04:00
Roger Dingledine
83439e78cc Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-25 00:27:27 -04:00
teor
ec61ae59a5 Stop leaking keypin-rejected routerinfos on directory authorities
When directory authorities reject a router descriptor due to keypinning,
free the router descriptor rather than leaking the memory.

Fixes bug 22370; bugfix on 0.2.7.2-alpha.
2017-05-25 00:09:40 -04:00
Roger Dingledine
5f74749fba get rid of some dead code (leftover from commit fa04fe1) 2017-05-24 23:37:00 -04:00
Roger Dingledine
d22d565331 add copy of MyFamily element to the descriptor, not the element itself
If we add the element itself, we will later free it when we free the
descriptor, and the next time we go to look at MyFamily, things will
go badly.

Fixes the rest of bug 22368; bugfix on 0.3.1.1-alpha.
2017-05-24 23:37:00 -04:00
Roger Dingledine
a7e75ff796 don't free the values in options->MyFamily when we make a descriptor
If we free them here, we will still attempt to access the freed memory
later on, and also we will double-free when we are freeing the config.

Fixes part of bug 22368.
2017-05-24 23:32:32 -04:00
Nick Mathewson
511c900686 Merge branch 'master' of git-rw.torproject.org:/tor 2017-05-24 10:25:00 -04:00
Nick Mathewson
b80a35e683 Improve the message we log on unexpected dirauth status code
It's still not great, but should be less confusing what's wrong
here.

Closes ticket 1121.
2017-05-24 09:08:59 -04:00
Roger Dingledine
cabad0b6c7 remove unused node_get_published_on function
in retrospect, we should have removed this with commit 1289474d
as part of #11742, which was the last caller of it.
2017-05-24 00:43:44 -04:00
Nick Mathewson
994595ae5d Don't say "downloading 1 descriptor, 4 at a time"
Fixes bug 19648, bugfix on 0.1.1.8-alpha.
2017-05-23 09:47:11 -04:00
teor
af98b862a5
Fix comments of functions that return tor_snprintf
No code changes needed: in the places where we actually check the
return value of these functions, we handle it correctly.
2017-05-23 18:44:45 +10:00
Roger Dingledine
4e3ea6d5c8 fix minor grammar error in comment 2017-05-22 20:06:38 -04:00
Nick Mathewson
d9b1471303 Merge remote-tracking branch 'ahf/bugs/22305' 2017-05-22 11:57:03 -04:00
Alexander Færøy
9604980733 Log a warning if we receive a disallowed compression method for an anonymous connection.
See: https://bugs.torproject.org/22305
2017-05-22 15:52:41 +00:00
Nick Mathewson
281f06a094 bump to 0.3.1.1-alpha 2017-05-22 11:52:19 -04:00
Nick Mathewson
9a50c73104 Merge remote-tracking branch 'ahf/bugs/22305' 2017-05-22 10:57:26 -04:00
Alexander Færøy
5a0eab68e1 Ensure that only GZip and Zlib compression is handled for anonymous connections.
See: https://bugs.torproject.org/22305
2017-05-22 14:45:12 +00:00
Alexander Færøy
2b26ac1390 Refactor error path handling in connection_dir_client_reached_eof().
This patch lifts the return value, rv, variable to the beginning of the
function, adds a 'done' label for clean-up and function exit and makes
the rest of the function use the rv value + goto done; instead of
cleaning up in multiple places.

See: https://bugs.torproject.org/22305
2017-05-22 14:42:18 +00:00
Nick Mathewson
cfe0a45750 Fix a compilation warning about duplicate typedef 2017-05-22 10:39:43 -04:00
Nick Mathewson
e5a929fef8 Raise common code for creating circuit_guard_state_t
This will help if we ever need to add more fields or change the
semantics of existing fields.
2017-05-22 09:13:18 -04:00
Nick Mathewson
b2e9a107b7 Merge remote-tracking branch 'asn/bug21969_bridges' 2017-05-22 09:09:16 -04:00
George Kadianakis
52498b8183 Set guard state on bridge descriptor fetches.
We used to not set the guard state in launch_direct_bridge_descriptor_fetch().
So when a bridge descriptor fetch failed, the guard subsystem would never
learn about the fail (and hence the guard's reachability state would not
be updated).
2017-05-22 15:57:33 +03:00
George Kadianakis
6009c89165 Set guard state on bridge descriptor fetches.
We used to not set the guard state in launch_direct_bridge_descriptor_fetch().
So when a bridge descriptor fetch failed, the guard subsystem would never
learn about the fail (and hence the guard's reachability state would not
be updated).
2017-05-22 15:56:32 +03:00
George Kadianakis
e102ad60d0 Refactor directory_initiate_command() so that it accepts guard_state. 2017-05-22 15:45:46 +03:00
Alexander Færøy
26795da900 Don't add "Accept-Encoding" header if directory connection is anonymous.
See: https://bugs.torproject.org/22305
2017-05-22 12:36:27 +00:00
Nick Mathewson
90894c87a5 Merge branch 'maint-0.3.0' 2017-05-22 08:32:18 -04:00
Nick Mathewson
5c52d3c2c0 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-22 08:32:07 -04:00
Roger Dingledine
6e5486b11a dir auths reject 0.2.9.x for x<5, due to bug 20499
Directory authorities now reject relays running versions
0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
suffer from bug 20499 and don't keep their consensus cache
up-to-date.

Resolves ticket 20509.
2017-05-22 08:31:39 -04:00
Roger Dingledine
0698a0beca fix two typos in comments
closes ticket 22322
2017-05-22 01:43:52 -04:00
Roger Dingledine
a18b41cc77 fix typo in comment 2017-05-19 22:14:56 -04:00
Nick Mathewson
09b3cb0d72 Whoops; I broke check-spaces. 2017-05-19 16:02:58 -04:00
Nick Mathewson
13034e1574 Try another approach to fixing the bug in the #1922 test.
This isn't elegant, but it seems to be the best way around all of
the issues involved in escaping and quoting that we've gotten into
over the years.
2017-05-19 15:50:29 -04:00
Nick Mathewson
19615bce64 mingw fix: avoid "unused var" warning. 2017-05-19 15:50:12 -04:00
Nick Mathewson
8cb08f716d fix a coverity resource leak warning 2017-05-19 15:20:57 -04:00
Nick Mathewson
4e6b13a38a Fix uninitialized-variable warning on options_init_from_string(). 2017-05-19 15:18:27 -04:00
Nick Mathewson
d950ad0dfd Remove call to get_unquoted_path in config_process_include()
parse_config_line_from_str_verbose() already looks for strings
that are surrounded by quotes, and processes them with
unescape_string().  So things were getting decoded twice, which was
(in turn) playing havoc with backslashes on Windows.
2017-05-19 14:09:51 -04:00
Nick Mathewson
3628efe29c Try to fix windows config/include_path_syntax test
It was trying to do %include "foo\", which won't work.  It has to be
%include "foo\\".
2017-05-19 09:55:22 -04:00
Nick Mathewson
dcfed8c1c8 tt_* macros can "goto done;" so define any freeable things before them. 2017-05-19 08:55:14 -04:00
Nick Mathewson
ff1af5550a strlen() returns size_t 2017-05-19 08:54:56 -04:00
Nick Mathewson
69ef94820b Merge branch 'add_rust_squashed' 2017-05-19 08:47:18 -04:00
Sebastian Hahn
70c067102b Allow Rust build using locally supplied crates or crates.io
This adds a couple of configure commands to control whether we're
requiring all dependencies to be available locally (default) or not
(--enable-cargo-online-mode). When building from a tarball, we require
the RUST_DEPENDENCIES variable to point to the local repository of
crates. This also adds src/ext/rust as a git submodule that contains
such a local repository for easy setup.
2017-05-19 08:47:11 -04:00
Sebastian Hahn
d6f9a4f11a cargo-online-mode configure argument
Passing --enable-cargo-online-mode during configure allows cargo to make
network requests while building Tor or running tests. If this flag is
not supplied, the dependencies need to be available in the form of a
local mirror.
2017-05-19 08:47:11 -04:00
Sebastian Hahn
ed15511ac3 Add rustfmt.toml 2017-05-19 08:47:11 -04:00
Sebastian Hahn
f0516ed348 Run cargo test during make check 2017-05-19 08:47:11 -04:00
Sebastian Hahn
f8ef7c65d1 Add some Rust utility functions and print support
This gives an indication in the log that Tor was built with Rust
support, as well as laying some groundwork for further string-returning
APIs to be converted to Rust
2017-05-19 08:47:10 -04:00
Nick Mathewson
92d335b3dc Merge remote-tracking branch 'jigsaw/torrc-dir-fix-1922_squashed2' 2017-05-19 08:46:13 -04:00
Nick Mathewson
d34fa32ece Merge branch 'ticket21953_029' 2017-05-19 06:49:04 -04:00
Nick Mathewson
15cc41e664 Define HeapEnableTerminationOnCorruption if the headers don't.
MSDN says that it's always going to be 1, and they're usually pretty
accurate about that.

Fixes a bug in 21953.
2017-05-19 06:46:49 -04:00
Roger Dingledine
553cd7f0c5 fix typo 2017-05-19 02:06:44 -04:00
Daniel Pinto
ba3a5f82f1 Add support for %include funcionality on torrc #1922
config_get_lines is now split into two functions:
 - config_get_lines which is the same as before we had %include
 - config_get_lines_include which actually processes %include
2017-05-18 23:44:16 +01:00
Nick Mathewson
d1340bd5ac bump to 0.3.0.7-dev 2017-05-18 12:28:28 -04:00
Nick Mathewson
b214c2c095 Merge branch 'maint-0.3.0' 2017-05-18 10:06:27 -04:00
Nick Mathewson
935cd77f62 Merge branch 'bug22252_029' into maint-0.3.0 2017-05-18 10:06:06 -04:00
Alexander Færøy
fcf836d239 Add coverage markers in Zstd + LZMA compression backends.
See: https://bugs.torproject.org/22286
2017-05-17 13:23:54 +00:00
Alexander Færøy
77511aed6c Fix whitespace issue.
See: https://bugs.torproject.org/22286
2017-05-17 13:23:46 +00:00
Alexander Færøy
d74467e858 Check that tor_compress_state_size() returns a value larger than zero.
See: https://bugs.torproject.org/22286
2017-05-17 13:23:33 +00:00
Daniel Pinto
e04da2828d Fixed error on BASEXX_NOPAD LEN and BUFSIZE macros #21872 2017-05-17 00:22:11 +01:00
Alexander Færøy
3772fdf756 Ensure that each compression backend returns a provider version identifier. 2017-05-16 19:08:18 +00:00
Nick Mathewson
2ba58f275c Fix crash when starting with LearnCircuitBuildTimeout 0.
Before we've set our options, we can neither call get_options() nor
networkstatus_get_latest_consensus().

Fixes bug 22252; bugfix on 4d9d2553ba
in 0.2.9.3-alpha.
2017-05-16 11:20:12 -04:00
Nick Mathewson
bbeba2412e Fix resource leak in parse_consensus_request()
We were allocating diff_hash_in_url on some URLs, but not freeing it.

Fixes CID 1409669.  Bug not in any released Tor.
2017-05-16 10:47:41 -04:00
Nick Mathewson
2ca827104d Report deleted consensuses as NOT_FOUND rather than AVAILABLE
This bug happened because of a bogus pointer check in
consdiffmgr_find_consensus(), not in any released Tor.

Fixes CID 1409670.  Good catch, Coverity!
2017-05-16 10:44:24 -04:00
Nick Mathewson
d29f494ec2 Merge branch 'maint-0.3.0' 2017-05-16 08:39:36 -04:00
Nick Mathewson
492f8a7c44 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-16 08:39:22 -04:00
Nick Mathewson
a7bcab2639 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-05-16 08:38:59 -04:00
teor
5b45d73293
Update fallback directory mirrors in May 2017
Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
December 2016 (of which ~126 were still functional), with a list of
151 fallbacks (32 new, 119 existing, 58 removed) generated in May 2017.

Resolves ticket 21564.
2017-05-16 19:02:42 +10:00
Nick Mathewson
8324631dd9 bump version to 0.3.0.7 2017-05-15 18:25:07 -04:00
Nick Mathewson
a546487287 Merge branch 'maint-0.3.0' 2017-05-15 18:24:38 -04:00
Nick Mathewson
294d80044d remove a variable I missed 2017-05-15 18:16:58 -04:00
Nick Mathewson
d3279d4304 Do not try to uncompress an empty spool 2017-05-15 18:13:38 -04:00
Nick Mathewson
460b923026 fix a memory leak 2017-05-15 18:13:20 -04:00
Nick Mathewson
e1b3c1bbec Test fix: always set address in new_dir_conn() 2017-05-15 18:00:38 -04:00
Nick Mathewson
f9d8ade912 Dircache protocol version 2 adds support for diffs 2017-05-15 17:53:36 -04:00
Nick Mathewson
da6b00443c Try not to mess up caches with the X-Or-Diff-From-Consensus header 2017-05-15 17:53:15 -04:00
Nick Mathewson
4531fdbbff Split consensus-request parsing into a separate function
This ought to make the control flow a tiny bit more readable.
2017-05-15 17:51:53 -04:00
Nick Mathewson
eb3c8d376d Prop140, continued: accept "diff/<HASH>" in URLs, per proposal. 2017-05-15 17:42:17 -04:00
Nick Mathewson
afef059795 Merge remote-tracking branch 'public/prop140_aftermath_cfg' 2017-05-15 17:26:47 -04:00
Nick Mathewson
dae1242532 Merge branch 'ahf_bugs_21667_2_squashed' 2017-05-15 17:22:12 -04:00
Alexander Færøy
9e3f304113 Fix dir_handle_get/... test-cases for prop#278 support.
See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Nick Mathewson
65d9408448 dir_handle_get: repair two test cases, note the fixes for 3 others 2017-05-15 17:21:55 -04:00
Alexander Færøy
008194035f Handle non-compressed requests gracefully.
This patch makes us use FALLBACK_COMPRESS_METHOD to try to fetch an
object from the consensus diff manager in case no mutually supported
result was found. This object, if found, is then decompressed using the
spooling system to the client.

See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Alexander Færøy
8d730af0f7 Remove old consensus fetching code from handle_get_current_consensus().
This patch removes the calls to spooled_resource_new() when trying to
download the consensus. All calls should now be going through the
consdiff manager.

See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Alexander Færøy
fade313ba3 Fix too wide line from make check-spaces.
See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Alexander Færøy
ae33deb91d Check for best consensus when no consensusdiff was found.
This patch ensures that we use the current consensus in the case where
no consensus diff was found or a consensus diff wasn't requested.

See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Nick Mathewson
7591518d16 Copy valid/fresh-until and signatories values into diffs. 2017-05-15 17:21:55 -04:00
Nick Mathewson
fd1190581d Store fresh/valid-until and signatories values on all consensus objects. 2017-05-15 17:21:55 -04:00
Nick Mathewson
dcc533fb13 Implement functions to expose valid/fresh-until and voters
These still won't do anything till I get the values to be filled in.

Also, I changed the API a little (with corresponding changes in
directory.c) to match things that it's easier to store.
2017-05-15 17:21:55 -04:00
Nick Mathewson
2f06345db3 Move stub accessor functions a level higher, to consdiffmgr 2017-05-15 17:21:55 -04:00
Alexander Færøy
ef2a62b2ff Fetch the current consensus from the conscache subsystem.
This patch changes handle_get_current_consensus() to make it read the
current consensus document from the consensus caching subsystem.

See: https://bugs.torproject.org/21667
2017-05-15 17:21:55 -04:00
Nick Mathewson
3b8888c544 Initialize the HS cache at startup
Failure to do this caused an assertion failure with #22246 . This
assertion failure can be triggered remotely, so we're tracking it as
medium-severity TROVE-2017-002.
2017-05-15 13:49:29 -04:00
Nick Mathewson
71a21256b0 Merge branch 'bug22245_024' 2017-05-15 11:46:55 -04:00
Nick Mathewson
85f75d617c Add hs_test_helpers.h to noinst_HEADERS 2017-05-15 11:45:20 -04:00
Nick Mathewson
a6514b8a20 Fix a logic error in hibernate.c
Closes bug 22245; bugfix on 0.0.9rc1, when bandwidth accounting was
first introduced.

Found by Andrey Karpov and reported at https://www.viva64.com/en/b/0507/
2017-05-15 11:43:18 -04:00
Nick Mathewson
0e348720fc Fix assertion to actually have a chance of failing
This assertion can only fail if we mess up some of our other code,
but let's try to get it right.

Closes 22244.
2017-05-15 11:27:12 -04:00
Nick Mathewson
1ec45bb546 Merge branch 'bug18100_029' 2017-05-15 11:19:44 -04:00
Nick Mathewson
4473271c66 Fix the TRPOXY typo in connection_edge.c
Also add a get_options() call so it compiles.

Fixes bug 18100; bugfix on 0.2.6.3-alpha. Patch from "d4fq0fQAgoJ".
2017-05-15 11:16:50 -04:00
Nick Mathewson
d3a39cf8d0 Merge remote-tracking branch 'public/bug20270_029' 2017-05-15 10:45:20 -04:00
Alexander Færøy
363f4b8db5
Add stub functions for querying metadata about the consensus. 2017-05-13 01:05:15 +02:00
Alexander Færøy
64116ab97f
Fix tautological constant out-of-range comparison warnings. 2017-05-12 17:59:29 +02:00
Alexander Færøy
a1e8ef0076
Fix DoubleNL warning from make check-spaces. 2017-05-12 17:57:11 +02:00
Nick Mathewson
077d3085ec
actually enable background compresion for consensuses 2017-05-12 17:45:55 +02:00
Nick Mathewson
db370bb8a8
Test fix: expect old consensuses to be deleted if not deflate-compressed 2017-05-12 17:45:44 +02:00
Nick Mathewson
30dfb36148
consdiffmgr: Reload latest consensus entries on start. 2017-05-12 17:45:33 +02:00
Nick Mathewson
8100305e71
consdiffmgr: expose cached consensuses 2017-05-12 17:45:24 +02:00
Nick Mathewson
7b0dcf5c4a
Cleanup logic: only retain zlib-compressed consensuses
Now that we're making a bunch of these with consdiffmgr, we should
throw out all but one when we get a newer consensus.
2017-05-12 17:45:15 +02:00
Nick Mathewson
151cd121a2
consdiffmgr: compress incoming consensuses in the background
Also, compress them in several ways.

This breaks the unit tests; subsequent commits will make them pass
again.
2017-05-12 17:45:07 +02:00
Nick Mathewson
6da31ec484
consdiffmgr: Extract the code for compressing and storing
We're going to use this for consensuses too.
2017-05-12 17:44:55 +02:00
Alexander Færøy
7a3efe25d9
Use different preferences for compression methods when streaming.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
141f6e3211
Add client_meth_pref array to define client compression preference.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
59d17ca2bb
Fix indentation when using the ternary operator in handle_get_status_vote().
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
ef187bc280
Use compression_method_get_human_name() in connection_dir_client_reached_eof()
This patch refactors connection_dir_client_reached_eof() to use
compression_method_get_human_name() to set description1 and
description2 variables.

See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
3a05687c6d
Add API for getting human readable descriptions of a compress_method_t
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
f8218b5ada
Use compression_method_get_by_name() instead of explicit checks.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
cf2f7a1bea
Decide compression method in the various handle_* functions().
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
a3a31fa120
Send "Accept-Encoding" to directory servers.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
6305637197
Use tor_compress_supports_method() instead of constants.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
61b6de5906
Handle Zstandard and LZMA in our check for correct guessed compression.
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
fbef257c43
Handle x-zstd and x-tor-lzma in parse_http_response().
See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Alexander Færøy
ca632144e5
Use dir_compressed(_len) instead of dir_z(_len).
This patch renames `dir_z` to `dir_compressed` and `dir_z_len` to
`dir_compressed_len`.

See: https://bugs.torproject.org/21667
2017-05-12 17:18:45 +02:00
Nick Mathewson
4410271446 Merge branch 'ticket21953_029' 2017-05-12 08:40:30 -04:00
Nick Mathewson
503f101d2b Enable some windows hardening features
One (HeapEnableTerminationOnCorruption) is on-by-default since win8;
the other (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) supposedly only
affects ATL, which (we think) we don't use.  Still, these are good
hygiene. Closes ticket 21953.
2017-05-11 16:39:02 -04:00
Taylor Yu
61a367cadd Untangle cleanup logic in test_hs_intropoint.c
Cleanup logic in test_intro_point_registration() invoked tt_assert()
in a way that could cause it to jump backward into the cleanup code if
the assertion failed, causing Coverity to see a double free (CID
1397192).  Move the tt_assert() calls into a helper function having
the well-defined task of testing hs_circuitmap_free_all().
Fixes #22231.
2017-05-11 13:06:45 -04:00
Nick Mathewson
9905659573 Merge remote-tracking branch 'arma/cleanup22213' 2017-05-11 09:20:12 -04:00
Nick Mathewson
6390a0c3b6 Merge branch 'ticket21871_031_03_squashed' 2017-05-11 08:33:32 -04:00
David Goulet
ae1d4cfdad prop224: Change encryption keys descriptor encoding
A descriptor only contains the curve25519 public key in the enc-key field so
the private key should not be in that data structure. The service data
structures will have access to the full keypair (#20657).

Furthermore, ticket #21871 has highlighted an issue in the proposal 224 about
the encryption key and legacy key being mutually exclusive. This is very wrong
and this commit fixes the code to follow the change to the proposal of that
ticket.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-11 08:33:26 -04:00
Nick Mathewson
dc9274dec3 Merge remote-tracking branch 'argonblue/bug22177' 2017-05-11 07:41:21 -04:00
Nick Mathewson
38003f4350 Merge remote-tracking branch 'argonblue/bug22221' 2017-05-11 07:25:22 -04:00
Roger Dingledine
8f1ddf0cd2 Remove unused "ROUTER_ADDED_NOTIFY_GENERATOR" internal value
We already have a way to return a 400 response code along with a
personalized message response for the uploader.

Resolves ticket 22213.
2017-05-10 20:03:07 -04:00
Roger Dingledine
466e27feae simplify functions now that they don't use options param 2017-05-10 17:57:35 -04:00
Roger Dingledine
2330a3713d Merge branch 'maint-0.3.0' 2017-05-10 17:36:34 -04:00
Roger Dingledine
716d48581d resolve now-unused parameter from #21642 fix 2017-05-10 17:35:36 -04:00
Taylor Yu
3156392e9b Test config line parsing errors
Add tests for lower-level syntax errors in config file lines.
Fixes #22177.
2017-05-10 16:51:40 -04:00
Nick Mathewson
1a497dcd1e Merge branch 'maint-0.3.0' 2017-05-10 16:28:07 -04:00
Nick Mathewson
a868b84599 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-10 16:27:15 -04:00
Nick Mathewson
8f5da804da Merge branch 'prop275_minimal_029' into maint-0.2.9 2017-05-10 16:26:45 -04:00
Taylor Yu
2bf4263800 Resurrect dead code in test_channelpadding.c
A for-loop in test_channelpadding_timers() would never run because it
was trying to increment a counter up to CHANNELS_TO_TEST/3 after an
earlier block already incremented it to CHANNELS_TO_TEST/2.

Fixes #22221, CID 1405983.
2017-05-10 13:57:18 -04:00
Nick Mathewson
ee3ccd2fac #22211 Fix a comment in routerparse.c 2017-05-10 11:16:07 -04:00
Nick Mathewson
d76cffda60 Merge remote-tracking branch 'public/my-family-list-fix-4498' 2017-05-10 11:12:24 -04:00
Nick Mathewson
8266d193a6 Restore wget behavior when fetching compressed objects
We do this by treating the presence of .z as meaning ZLIB_METHOD,
even if Accept-Encoding does not include deflate.

This fixes bug 22206; bug not in any released tor.
2017-05-10 11:09:52 -04:00
Nick Mathewson
5dab99d6a8 Fix compilation on libevent2-only systems
Patch from rubiate; fixes bug 22219.  Remember, we don't support
libevent1 any more.
2017-05-10 11:08:49 -04:00
Nick Mathewson
95fa7d1cf8 In channelpadding tests that touch libevent, call event_reinit().
This is necessary to avoid crashes and test failures on kevent-based
systems.

Fixes bug 22209; bug not in any released Tor.
2017-05-10 11:01:13 -04:00
Roger Dingledine
0266c4ac81 add an XXX with a minor bug in dirserv_add_multiple_descriptors 2017-05-10 03:11:29 -04:00
Nick Mathewson
9f5b71a7ca Add a check and a cast in rephist.c to fix a warning 2017-05-09 11:13:22 -04:00
Nick Mathewson
b2cb3c33ac Tidy or_options_t by removing obsolete options.
Nothing was setting or inspecting these fields, and they were marked
as OBSOLETE() in config.c -- but somehow we still had them in the
or_options_t structure.  Ouch.
2017-05-09 10:40:24 -04:00
Nick Mathewson
2a1013948d Merge branch 'dgoulet_ticket22060_031_01_squashed' 2017-05-09 10:32:21 -04:00
David Goulet
b867295ffd config: Parse ports at the start of options_validate()
There was a bug that got exposed with the removal of ORListenAddress. Within
server_mode(), we now only check ORPort_set which is set in parse_ports().

However, options_validate() is using server_mode() at the start to check if we
need to look at the uname but then the ORPort_set is unset at that point
because the port parsing was done just after. This commit fixes that.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
7f95ef6e66 config: Remove {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
039e2a24da config: Remove TLSECGroup option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
8aedc589ed config: Remove WarnUnsafeSocks option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
60cf5ac297 config: Remove CloseHSServiceRendCircuitsImmediatelyOnTimeout option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
87e9dc48d1 config: Remove CloseHSClientCircuitsImmediatelyOnTimeout option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
bc34654ba2 config: Remove FastFirstHopPK option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
09bc858dd5 config: Remove ExcludeSingleHopRelays option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
d52a1e2faa config: Remove AllowSingleHopExits option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
fea72571df config: Remove AllowSingleHopCircuits option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
2b9823b310 config: Remove AllowInvalidNodes option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:51 -04:00
David Goulet
0958e3b208 test: Remove HS decode valid intro point test
The descriptor fields can't be validated properly during encoding because they
are signed by a descriptor signing key that we don't have in the unit test.

Removing the test case for now but ultimately we need an independent
implementation that can encode descriptor and test our decoding functions with
that.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:37 -04:00
David Goulet
0cc18ef64c test: Move duplicate HS test code and unify it
Create the hs_test_helpers.{c|h} files that contains helper functions to
create introduction point, descriptor and compare descriptor.

Used by both the hs cache and hs descriptor tests. Unify them to avoid code
duplication.

Also, this commit fixes the usage of the signing key that was wrongly used
when creating a cross signed certificate.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:37 -04:00
Nick Mathewson
ff7e8531ec Report common reasons for rejecting a relay before uncommon ones
"You're running 0.2.2; upgrade!" is more sensible than "You have no
ntor key!"

Closes ticket 20270; bugfix on 0.2.9.3-alpha.
2017-05-09 10:28:51 -04:00
Nick Mathewson
2f714d60a4 Minor cleanups in test_config.
Use a more standard indentation style for the end block; remove
redundant if() around tor_free.
2017-05-09 08:20:14 -04:00
Nick Mathewson
b8abedfeee Split MyFamily into user-specified version and normalized version
This change prevents a no-longer-supported behavior where we change
options that would later be written back to torrc with a SAVECONF.

Also, use the "Pointer to final pointer" trick to build the
normalized list, to avoid special-casing the first element.
2017-05-09 08:19:26 -04:00
Nick Mathewson
674c1d2594 Fix an implicit conversion warning 2017-05-09 07:26:14 -04:00
Nick Mathewson
7751df61ca Fix a warning about a shadowed global 2017-05-09 07:25:52 -04:00
Nick Mathewson
ef2248d09b Fix a warning about an extraneous semicolon 2017-05-09 07:25:34 -04:00
Nick Mathewson
2e4f3b36bd clang-i386: use house style for public-when-testing variables
This fixes a warning from jenkins.
2017-05-08 15:38:05 -04:00
Nick Mathewson
4d6c79d1de Fix some clang-i386 warnings in master. 2017-05-08 15:34:37 -04:00
Nick Mathewson
fb97f76e71 whitespace fixes 2017-05-08 13:57:08 -04:00
Nick Mathewson
4d30dde156 Merge branch 'netflow_padding-v6-rebased2-squashed' 2017-05-08 13:54:59 -04:00
Mike Perry
9f8e462c89 Fix some channelpadding test issues.
asan was finding an alignment issue with a cast, so set the field in the
trunnel struct and then encode it instead. Also, enable log capture and
verification.
2017-05-08 13:49:23 -04:00
Mike Perry
02a5835c27 Fix issues from dgoulet's code review.
https://gitlab.com/dgoulet/tor/merge_requests/24
2017-05-08 13:49:23 -04:00
Mike Perry
687a85950a Cache netflow-related consensus parameters.
Checking all of these parameter lists for every single connection every second
seems like it could be an expensive waste.

Updating globally cached versions when there is a new consensus will still
allow us to apply consensus parameter updates to all existing connections
immediately.
2017-05-08 13:49:23 -04:00
Mike Perry
ae4d8c9c74 Fix a breakage in test_options.c.
IMO, these tests should be calling options_init() to properly set everything
to default values, but when that is done, about a dozen tests fail. Setting
the one default value that broke the tests for my branch. Sorry for being
lame.
2017-05-08 13:49:22 -04:00
Mike Perry
20a3d4efac Remove a PredictedPortsRelevantTime test.
The option was deprecated by bug #17592.
2017-05-08 13:49:22 -04:00
Mike Perry
76c9330f9d Bug 17604: Converge on only one long-lived TLS conn between relays.
Accomplished via the following:

1. Use NETINFO cells to determine if both peers will agree on canonical
   status. Prefer connections where they agree to those where they do not.
2. Alter channel_is_better() to prefer older orconns in the case of multiple
   canonical connections, and use the orconn with more circuits on it in case
   of age ties.

Also perform some hourly accounting on how many of these types of connections
there are and log it at info or notice level.
2017-05-08 13:49:22 -04:00
Mike Perry
d5a151a067 Bug 17592: Clean up connection timeout logic.
This unifies CircuitIdleTimeout and PredictedCircsRelevanceTime into a single
option, and randomizes it.

It also gives us control over the default value as well as relay-to-relay
connection lifespan through the consensus.

Conflicts:
	src/or/circuituse.c
	src/or/config.c
	src/or/main.c
	src/test/testing_common.c
2017-05-08 13:49:22 -04:00
Mike Perry
b0e92634d8 Netflow record collapsing defense.
This defense will cause Cisco, Juniper, Fortinet, and other routers operating
in the default configuration to collapse netflow records that would normally
be split due to the 15 second flow idle timeout.

Collapsing these records should greatly reduce the utility of default netflow
data for correlation attacks, since all client-side records should become 30
minute chunks of total bytes sent/received, rather than creating multiple
separate records for every webpage load/ssh command interaction/XMPP chat/whatever
else happens to be inactive for more than 15 seconds.

The defense adds consensus parameters to govern the range of timeout values
for sending padding packets, as well as for keeping connections open.

The defense only sends padding when connections are otherwise inactive, and it
does not pad connections used solely for directory traffic at all. By default
it also doesn't pad inter-relay connections.

Statistics on the total padding in the last 24 hours are exported to the
extra-info descriptors.
2017-05-08 13:49:21 -04:00
Nick Mathewson
35025ee51f Merge branch 'maint-0.3.0' 2017-05-08 13:40:41 -04:00
Nick Mathewson
d792d2a14d Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-08 13:40:26 -04:00
Nick Mathewson
0df22e8f5f Merge branch 'bug21943_029' into maint-0.2.9 2017-05-08 13:40:14 -04:00
Nick Mathewson
03fdf232bf Merge remote-tracking branch 'ahf/coverity/1405875' 2017-05-08 08:19:13 -04:00
Nick Mathewson
300f8e6f0a Merge branch 'maint-0.3.0' 2017-05-08 08:07:49 -04:00
Nick Mathewson
f5876917aa Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-08 08:07:38 -04:00
Nick Mathewson
5ff0b519ec Merge branch 'maint-0.2.8' into maint-0.2.9 2017-05-08 08:07:32 -04:00
Nick Mathewson
dc34cd7a04 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-05-08 08:07:19 -04:00
Nick Mathewson
71dd1d716a Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-05-08 08:07:11 -04:00
Nick Mathewson
159ddf6dde Merge branch 'maint-0.2.5' into maint-0.2.6 2017-05-08 08:07:04 -04:00
Nick Mathewson
68d6720452 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-05-08 08:06:59 -04:00
Karsten Loesing
5207e41ffe Update geoip and geoip6 to the May 2 2017 database. 2017-05-08 10:09:42 +02:00
Nick Mathewson
9decf86711 Merge remote-tracking branch 'dgoulet/ticket21978_031_02' 2017-05-05 16:32:25 -04:00
Alexander Færøy
7344a4fdc6
Remove dead code in test_options_validate_impl().
Dead branch found by Coverity in CID #1405875.
2017-05-05 17:07:18 +02:00
Nick Mathewson
c276c10d3b Turn consdiffmgr.cache_max_age_hours into a parameter 2017-05-05 09:11:06 -04:00
Nick Mathewson
c985592874 prop140 clients now only try to get diffs from recent consensuses
Rationale: If it's a year old, the relay won't have a diff to it.

This is as specified in prop140
2017-05-05 09:11:06 -04:00
Alexander Færøy
60e97953ef
Fix memory leak found in CID #1405876. 2017-05-05 11:35:12 +02:00
Nick Mathewson
c6fe65fcaf Grammar fix in a log message 2017-05-04 08:58:06 -04:00
Nick Mathewson
baf489fc08 Fix: our directory.c code expects header constants to end with a : 2017-05-04 08:57:34 -04:00
Nick Mathewson
6beb7028d8 Do not BUG on missing sha3-as-signed field
This can happen if you've been running an earlier alpha on your
relay.  Instead, just ignore the entry.
2017-05-04 08:50:21 -04:00
Nick Mathewson
e1d31f2a2f Update the consdiff directory code based on #22143 fixes
These are mostly just identifier renames, except for one place in
routerparse.c where we switch to using a correct hash.
2017-05-04 08:49:02 -04:00
Nick Mathewson
a8eccb6363 Turn DEFAULT_IF_MODIFIED_SINCE_DELAY into a const 2017-05-04 08:37:41 -04:00
Nick Mathewson
c12d2cb2dc Request (and try to use) consensus diffs. 2017-05-04 08:37:41 -04:00
Nick Mathewson
912b0641e9 Generate X-Or-Diff-From-Consensus headers correctly. 2017-05-04 08:37:41 -04:00
Nick Mathewson
94ae99067f Remove excess indentation from previous commit.
Review this with 'diff -b' to confirm
2017-05-04 08:37:41 -04:00
Nick Mathewson
afa39cef6c Extract the consensus-only part of directory_get_from_dirserver
Right now it just sets an if-modified-since header, but it's about
to get even bigger.

This patch avoids changing indentation; the next patch will be
whitespace fixes.
2017-05-04 08:37:41 -04:00
Nick Mathewson
57710c1587 New function to add additional headers to a directory request 2017-05-04 08:37:41 -04:00
Nick Mathewson
112286338b Store the sha3 of a networkstatus as part of the networkstatus_t
Also store it in the cached_dir_t.
2017-05-04 08:37:41 -04:00
Nick Mathewson
0418357ffd Serve consensus diffs on request. 2017-05-04 08:37:41 -04:00
Nick Mathewson
e5f82969ca Support writing Content-Encoding headers other than deflate
Right now this only sends "deflate" or "identity", but there's more
to come.
2017-05-04 08:37:41 -04:00
Nick Mathewson
e051c47e98 Remove old unused indentation from handle_get_current_consensus
This commit removes a pair of meaningless braces, and changes
whitespace only.
2017-05-04 08:37:41 -04:00
Nick Mathewson
a32083bd03 Add consensus_cache_entry spooling support to spooled_resource_t 2017-05-04 08:37:41 -04:00
Nick Mathewson
24ba1864d8 Merge branch 'ticket22143_squashed' 2017-05-04 08:36:59 -04:00
Nick Mathewson
df2bcaeb4a Add a test for $ with non-delete commands. 2017-05-04 08:36:50 -04:00
Nick Mathewson
87f6979a03 Remove some unused digests from test_consdiffmgr.c
These were unused before I started working on #22143 -- I just found
them while I was lookinging for digests to update.
2017-05-04 08:36:50 -04:00
Nick Mathewson
3af9704e45 bug#22143/prop#140: in consdiffmgr, store and use digest-as-signed
We need to index diffs by the digest-as-signed of their source
consensus, so that we can find them even from consensuses whose
signatures are encoded differently.
2017-05-04 08:36:50 -04:00
Nick Mathewson
c8baa9b783 bug#22143/prop#140: Use <n>,$d commands in diffs to remove signatures
In this patch I add support for "delete through end of file" in our
ed diff handler, and generate our diffs so that they remove
everything after in the consensus after the signatures begin.
2017-05-04 08:36:50 -04:00
Taylor Yu
38a13b91a8 Fix additional leaks in #22103 tests
test_options_validate_impl() incorrectly executed subsequent phases of
config parsing and validation after an expected error.  This caused
msg to leak when those later phases (which would likely produce errors
as well) overwrote it.
2017-05-03 13:47:06 -04:00
Nick Mathewson
5acddbbbf7 bug#22143/prop#140: identify input diffs by their digest-as-signed
See may 3 changes to prop140 for more background.
2017-05-03 13:09:08 -04:00
Nick Mathewson
77d9dd39c3 Merge remote-tracking branch 'argonblue/bug22103_fixtest' 2017-05-03 09:33:37 -04:00
David Goulet
90b840af60 control: Fix NULL pointer access in HS desc event
This was introduced 90562fc23a adding a code
path where we pass a NULL pointer for the HSDir fingerprint to the control
event subsystem. The HS desc failed function wasn't handling properly that
pointer for a NULL value.

Two unit tests are also added in this commit to make sure we handle properly
the case of a NULL hsdir fingerprint and a NULL content as well.

Fixes #22138

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-03 09:26:17 -04:00
Taylor Yu
7b64f1773d Fix memory management for #22103 tests
Code movement in the commit introducings tests for #22103 uncovered a
latent memory management bug.

Refactor the log message checking from test_options_checkmsgs() into a
helper test_options_checklog().  This avoids a memory leak (and
possible double-free) in a test failure condition.

Don't reuse variables (especially pointers to allocated memory!) for
multiple unrelated purposes.

Fixes CID 1405778.
2017-05-03 08:59:29 -04:00
Nick Mathewson
e0b1fd4d3d Merge branch 'refactor_dir_client_handler' 2017-05-02 20:42:00 -04:00
Nick Mathewson
7bc9f93abb Merge branch 'teor_connection-with-client-v2_squashed' 2017-05-02 19:18:04 -04:00
teor
f9af7e8bd0 Accurately identify client connections by their lack of peer authentication
This means that we bail out earlier if asked to extend to a client.

Follow-up to 21407.
Fixes bug 21406; bugfix on 0.2.4.23.
2017-05-02 19:17:56 -04:00
Taylor Yu
a91f948cca Add tests for #22103
Also factor out the error message comparisions from
test_options_validate_impl() into a separate function so it can check
for error messages in different phases of config parsing.
2017-05-02 16:13:14 -04:00
Taylor Yu
5494087ed7 Delete useless checks in confparse.c
config_parse_interval() and config_parse_msec_interval() were checking
whether the variable "ok" (a pointer to an int) was null, rather than
derefencing it.  Both functions are static, and all existing callers
pass a valid pointer to those static functions.  The callers do check
the variables (also confusingly named "ok") whose addresses they pass
as the "ok" arguments, so even if the pointer check were corrected to
be a dereference, it would be redundant.

Fixes #22103.
2017-05-02 16:12:30 -04:00
Nick Mathewson
e0c937f316 Reindent the just-extracted directory response handler functions 2017-05-02 13:11:44 -04:00
Nick Mathewson
db86b9194d Break connection_dir_client_reached_eof() into smaller functions
This was a >630-line function, which doesn't make anybody happy.  It
was also mostly composed of a bunch of if-statements that handled
different directory responses differently depending on the original
purpose of the directory connection.  The logical refactoring here
is to move the body of each switch statement into a separate handler
function, and to invoke those functions from a separate switch
statement.

This commit leaves whitespace mostly untouched, for ease of review.
I'll reindent in the next commit.
2017-05-02 13:06:25 -04:00
Nick Mathewson
fd437f2a02 Remove special-casing for NO_METHOD in consdiffmgr.c 2017-05-02 08:37:57 -04:00
Nick Mathewson
584ab1f29b Merge branch 'compress_none_v2_squashed' 2017-05-02 08:33:35 -04:00
Nick Mathewson
3836d9481f Add unit tests for the NO_METHOD compressor
These required some special-casing, since some of the assumption
about real compression algorithms don't actually hold for the
identity transform.  Specifically, we had assumed:

  - compression functions typically change the lengths of their
    inputs.
  - decompression functions can detect truncated inputs
  - compression functions have detectable headers

None of those is true for the identity transformation.
2017-05-02 08:31:32 -04:00
Nick Mathewson
1bc21111d8 Treat the identity transformation as another kind of compression.
This will allow us to treat NO_METHOD as a real compression method,
and to simplify code that currently does

   if (compressing) {
      compress
   } else {
      copy
   }
2017-05-02 08:31:32 -04:00
Nick Mathewson
465448e659 Merge branch 'dgoulet_bug22042_031_01_squashed' 2017-05-01 16:08:23 -04:00
David Goulet
aadb99e5f9 control: Fix comment of control_event_hs_descriptor_content
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-01 15:50:38 -04:00
David Goulet
90562fc23a hs: Trigger control event when client can't pick HSDir
Inform the control port with an HS_DESC failed event when the client is unable
to pick an HSDir. It's followed by an empty HS_DESC_CONTENT event. In order to
achieve that, some control port code had to be modified to accept a NULL HSDir
identity digest.

This commit also adds a trigger of a failed event when we are unable to
base64-decode the descriptor cookie.

Fixes #22042

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-01 15:50:38 -04:00
Nick Mathewson
c486ef57a3 Rename x-lzma to x-tor-lzma
We shouldn't call it lzma, because we are imposing a limit on the
memory needed for decoding.
2017-05-01 15:31:28 -04:00
Nick Mathewson
4837421d7c Merge remote-tracking branch 'ahf/bugs/21665' 2017-05-01 14:22:49 -04:00
Sebastian Hahn
915fa39d0f Add --enable-rust configure switch
Introduce a way to optionally enable Rust integration for our builds. No
actual Rust code is added yet and specifying the flag has no effect
other than failing the build if rustc and cargo are unavailable.
2017-04-29 08:55:57 +02:00
Nick Mathewson
b8f7488e94 Fix a brazen memleak in consdiffmgr_add_consensus() 2017-04-28 15:41:52 -04:00
Nick Mathewson
531835f561 Increase MALLOC_MP_LIM to 16MB
Increase the maximum allowed size passed to mprotect(PROT_WRITE)
from 1MB to 16MB. This was necessary with the glibc allocator
in order to allow worker threads to allocate more memory --
which in turn is necessary because of our new use of worker
threads for compression.

Closes ticket #22096. Found while working on #21648.
2017-04-28 10:55:10 -04:00
Nick Mathewson
00a12337ff Merge branches 'consdiffmgr_orig_squashed' and 'actually_compute_diffs_squashed' 2017-04-27 21:43:06 -04:00
Nick Mathewson
1e1581a24e Pre-compress consensus diffs with supported consensus methods. 2017-04-27 21:40:46 -04:00
Nick Mathewson
a1172b6774 Store archived consensuses compressed on disk.
I'm just using gzip compression now, for performance.
2017-04-27 21:40:46 -04:00
Nick Mathewson
7a0964279f Functionality to ensure there is space to add files to cache. 2017-04-27 21:40:13 -04:00
Nick Mathewson
920475f293 New force-delete option on consensus_cache_delete_pending()
If we're out of file space in the storage directory, we'll need to
get rid of old files fast.
2017-04-27 21:40:13 -04:00
Nick Mathewson
466e914088 Lower the file limit in consdiffmgr, to support seccomp2 2017-04-27 21:40:13 -04:00
Nick Mathewson
ab73bda060 Pass incoming consensus documents to the consdiffmgr code 2017-04-27 21:40:12 -04:00
Nick Mathewson
16d6ab6640 Fix use-after-free bug in storage_dir sandbox code. 2017-04-27 21:40:12 -04:00
Nick Mathewson
7b8d48a6cb Clean the consdiffmgr cache and launch new diffs as needed. 2017-04-27 21:40:12 -04:00
Nick Mathewson
fba8d7b222 Initialize consdiffmgr when running as (or becoming) a server. 2017-04-27 21:40:12 -04:00
Alexander Færøy
0672b33f1e
Enforce 16 MB upper bound of memory usage in LZMA decoder.
This patch changes two things in our LZMA compression backend:

- We lower the preset values for all `compression_level_t` values to
  ensure that we can run the LZMA decoder with less than 65 MB of memory
  available. This seems to have a small impact on the real world usage
  and fits well with our needs.

- We set the upper bound of memory usage for the LZMA decoder to 16 MB.

See: https://bugs.torproject.org/21665
2017-04-27 20:09:20 +02:00
Alexander Færøy
e5122b91a9
Only compare the first 3 bytes when trying to detect LZMA compression.
This patch changes the logic in `detect_compression_method()` to only
use the 3 first bytes when checking if a given input is LZMA encoded.
2017-04-27 20:07:08 +02:00
Nick Mathewson
480dab4f2f Use a cast to try to avoid a tautalogical comparison warning 2017-04-27 11:58:26 -04:00
Nick Mathewson
10a4f9cd07 Merge branch 'parse_accept_encoding' 2017-04-27 11:31:31 -04:00
Nick Mathewson
2903c329aa Move the "supported compression bitmask" into compress.[ch] 2017-04-27 11:30:51 -04:00
Nick Mathewson
49deb1e1b8 Document and test nul-terminating behavior of tor_uncompress()
We added this as a safety feature, but there are a few places in the
code that actually depend on it.
2017-04-27 10:59:48 -04:00
Nick Mathewson
199e61feb5 whitespace fix 2017-04-27 10:55:39 -04:00
Nick Mathewson
ba9f235e17 Re-enable the partial-input test for zstd.
There were two issues here: first, zstd didn't exhibit the right
behavior unless it got a very large input.  That's fine.

The second issue was a genuine bug, fixed by 39cfaba9e2.
2017-04-27 10:43:38 -04:00
Nick Mathewson
39cfaba9e2 Fix handling of "final" flag in zstd decompression
We were returning "DONE" on truncated input streams, which was not
what we wanted.
2017-04-27 10:42:05 -04:00
Nick Mathewson
166aa8d741 Have a separate entry point for each compresion test 2017-04-27 10:25:52 -04:00
Nick Mathewson
36e62ae7e2 Merge remote-tracking branch 'ahf/bugs/22085' 2017-04-27 10:12:48 -04:00
Nick Mathewson
33a2fd065d Merge branch 'dirreq' 2017-04-27 10:08:32 -04:00
Alexander Færøy
e0a3819dcc
Test support for multiple compression backends in the buffer code.
This patch refactors the buffer compression tests to support multiple
comprssion backends.

See: https://bugs.torproject.org/22085
2017-04-27 15:51:14 +02:00
Alexander Færøy
22e6ad6f26
Clean up mentions of 'zlib' and rename the mentions to 'compressed'.
This patch cleans up in various places where 'zlib' is mentioned.
2017-04-27 15:51:14 +02:00
Alexander Færøy
7bececbd69
Refactor compression tests into a single test.
This patch refactors our compression tests such that deflate, gzip,
lzma, and zstd are all tested using the same code.

Additionally we use run-time checks to see if the given compression
method is supported instead of using HAVE_LZMA and HAVE_ZSTD.

See: https://bugs.torproject.org/22085
2017-04-27 15:51:14 +02:00
Nick Mathewson
b4fe0a6a03 Improve control flow in authority_certs_fetch_resource_impl 2017-04-27 09:30:08 -04:00
Nick Mathewson
52316f9969 Include UPLOAD_RENDDESC_V2 in PURPOSE_IS_UPLOAD
This was only used in one place before, and it's safe to update it.
2017-04-27 09:27:00 -04:00
Nick Mathewson
7ae7e3c2d8 bump to 0.3.0.6-dev 2017-04-26 15:37:27 -04:00
Nick Mathewson
7fb9586953 Fix compilation when lzma or zstd is absent 2017-04-26 15:00:40 -04:00
Nick Mathewson
4038202f89 Avoid a warning from the use of floating-point in zstd
Replace "(preset - 0.5) * 1mb" with "preset * 1mb - 0.5 mb", to
avoid warning about converting double to size_t.
2017-04-26 14:21:45 -04:00
Nick Mathewson
be0557f759 Merge remote-tracking branch 'ahf/bugs/22066' 2017-04-26 14:20:01 -04:00
Alexander Færøy
e42c204f67
Approximate memory usage needed for the Zstandard backend.
This patch adds support for measuring the approximated memory usage by
the individual `tor_zstd_compress_state_t` object instances.

See: https://bugs.torproject.org/22066
2017-04-26 19:54:18 +02:00
Alexander Færøy
2aa28e7cb7
Better documentation for tor_uncompress().
This patch fixes the documentation string for `tor_uncompress()` to
ensure that it does not explicitly mention zlib or gzip since we now
support multiple compression backends.
2017-04-26 19:54:18 +02:00
Alexander Færøy
341824687a
Approximate memory usage needed for the LZMA backend.
This patch adds support for measuring the approximated memory usage by
the individual `tor_lzma_compress_state_t` object instances.

The LZMA library provides the functions `lzma_easy_encoder_memusage()`
and `lzma_easy_decoder_memusage()` which is used to find the estimated
usage in bytes.

See: https://bugs.torproject.org/22066
2017-04-26 19:54:18 +02:00
Nick Mathewson
31b79f02ab Bump version to 0.3.0.6 2017-04-26 13:30:39 -04:00
Nick Mathewson
99e943998d Add getpid() to the seccomp2 sandbox.
We hadn't needed this before, because most getpid() callers on Linux
were looking at the vDSO version of getpid().  I don't know why at
least one version of OpenSSL seems to be ignoring the vDSO, but this
change should fix it.

Fixes bug 21943; bugfix on 0.2.5.1-alpha when the sandbox was
introduced.
2017-04-26 12:56:06 -04:00
Sebastian Hahn
71c8974af0 Fix coverity cid 1405509
Locking in the init function is not necessary, but coverity gets
confused about it. So let's trick it.
2017-04-26 08:48:24 +02:00
Sebastian Hahn
ee478bdf38 Fix coverity cid 1405510
This is a false positive, but let's appease coverity.
2017-04-26 08:45:38 +02:00
Alexander Færøy
08d86e8408
Store compression overhead from tor_compress_state_t.
The `tor_compress_state_t` data-type is used as a wrapper around the
more specialized state-types used by the various compression backends.
This patch ensures that the overhead of this "thin" wrapper type is
included in the value returned by `tor_compress_get_total_allocation()`.

See: https://bugs.torproject.org/22066
2017-04-26 02:56:21 +02:00
Alexander Færøy
fac8ac0e4a
Remove unused header from the Zstandard compression backend.
Since we stopped looking at Zstandard error codes there is no need to
include the zstd_errors.h header file anymore.
2017-04-26 02:54:34 +02:00
Nick Mathewson
24f7059704 Configure sandbox using consdiffmgr; free cdm on exit. 2017-04-25 19:52:34 -04:00
Nick Mathewson
65ff0f8267 Bitmask out the compression methods that we do not support 2017-04-25 19:07:17 -04:00
Nick Mathewson
fec3050ea9 Tests for parse_accept_encoding 2017-04-25 19:01:05 -04:00
Nick Mathewson
fd48b757d3 Parse recognized entries from the Accept-Encoding header. 2017-04-25 19:01:05 -04:00
Nick Mathewson
2655a72d89 Use x-lzma, not x-lzma2, as the identifier 2017-04-25 19:00:52 -04:00
Nick Mathewson
9e081a44a9 Teach consdiffmgr to remember two digests: one compressed, one not. 2017-04-25 16:49:47 -04:00
Nick Mathewson
0274ea749a Function to convert compression methods to/from strings. 2017-04-25 16:47:46 -04:00
Alexander Færøy
236cf49670
Add stub function for libor-trace.
OS X's ar(1) doesn't allow us to create an archive with no object files.
This patch adds a stub file with a stub function in it to make OS X
happy again.
2017-04-25 18:02:19 +02:00
Nick Mathewson
43db91bd87 Teach cov-exclude to detect runaway LCOV_EXCL_START lines
Also, fix two instances of runaway LCOV_EXCL_START lines.
2017-04-25 10:59:19 -04:00
Nick Mathewson
7a37cbbea3 Whitespace fixes. 2017-04-25 10:54:34 -04:00
Nick Mathewson
49868340f7 Merge branch 'unified_compress_squashed' 2017-04-25 10:51:13 -04:00
Nick Mathewson
49a5b50b31 zlib: Turn UINT_MAX overrun into an error, not an assert. 2017-04-25 10:50:50 -04:00
Nick Mathewson
4b01b45ec1 Add a "best compression" flag. 2017-04-25 10:50:50 -04:00
Nick Mathewson
880fb3e3a9 Combine all *compress/*uncompress backend function into one
Since we have a streaming API for each compression backend, we don't
need a non-streaming API for each: we can build a common
non-streaming API at the front-end.
2017-04-25 10:50:50 -04:00
Nick Mathewson
232c9e14a8 Merge branch 'atomic_counters' 2017-04-25 10:46:23 -04:00
Nick Mathewson
ec7c512d27 Merge remote-tracking branch 'dgoulet/bug21293_031_01' 2017-04-25 10:43:53 -04:00
David Goulet
cb8ac1f331 trace: Add a basic event-tracing infrastructure.
This commit adds the src/trace directory containing the basics for our tracing
subsystem. It is not used in the code base. The "src/trace/debug.h" file
contains an example on how we can map our tor trace events to log_debug().

The tracing subsystem can only be enabled by tracing framework at compile
time. This commit introduces the "--enable-tracing-debug" option that will
make all "tor_trace()" function be maped to "log_debug()".

Closes #13802

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-25 10:37:31 -04:00
Nick Mathewson
4266ec766a Use atomic counters for compressor allocation. 2017-04-25 10:29:07 -04:00
David Goulet
368b091329 relay: Change LD_BUG log to LD_PROTOCOL_WARN
That log statement can be triggered if somebody on the Internet behaves badly
which is possible with buggy implementation for instance.

Fixes #21293

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-25 09:27:34 -04:00
Alexander Færøy
91dd4a00f7
Rename shadowing variable in compress_zlib.c.
This patch renames the `compress` parameter of the
`tor_zlib_compress_new()` function to `_compress` to avoid shadowing the
`compress()` function in zlib.h.
2017-04-25 14:56:55 +02:00
Nick Mathewson
ba405f86bf Merge branch 'ahf_prop278_21662_squashed' 2017-04-25 08:12:59 -04:00
Alexander Færøy
2210b330e7 Fix newlines in compression headers.
See: https://bugs.torproject.org/21662
2017-04-25 08:11:32 -04:00
Alexander Færøy
cf912259ba Remove tor_compress_memory_level().
This patch splits up `tor_compress_memory_level()` into static functions
in the individual compression backends, which allows us to tune the
values per compression backend rather than globally.

See: https://bugs.torproject.org/21662
2017-04-25 08:11:32 -04:00
Alexander Færøy
69a41e8bc6 Use switch-statement in tor_{compress,uncompress}.
Use a switch-statement in `tor_compress()` and `tor_uncompress()` for
the given `compress_method_t` parameter. This allows us to have the
compiler detect if we forgot add a handler in these functions for a
newly added enumeration value.

See: https://bugs.torproject.org/21662
2017-04-25 08:10:10 -04:00
Alexander Færøy
c2d1d949de Use tor_compress_supports_method() before printing library versions.
This patch ensures that Tor checks if a given compression method is
supported before printing the version string when calling `tor
--library-versions`.

Additionally, we use the `tor_compress_supports_method()` to check if a
given version is supported for Tor's start-up version string, but here
we print "N/A" if a given compression method is unavailable.

See: https://bugs.torproject.org/21662
2017-04-25 08:10:10 -04:00
Alexander Færøy
6b905b38bb Add API entry-point for getting compression method version numbers.
This patch adds `tor_compress_version_str()` and
`tor_compress_header_version_str()` to get the version strings of the
different compression schema providers. Both functions returns `NULL` in
case a given `compress_method_t` is unknown or unsupported.

See: https://bugs.torproject.org/21662
2017-04-25 08:10:10 -04:00
Alexander Færøy
1c77d8690c Add function to check if a given compression method is supported.
This patch adds support for checking if a given `compress_method_t` is
supported by the currently running Tor instance using
`tor_compress_supports_method()`.

See: https://bugs.torproject.org/21662
2017-04-25 08:10:09 -04:00
Alexander Færøy
04682d302a Add tor_compress_get_total_allocation() function.
This patch adds the `tor_compress_get_total_allocation()` which returns
an approximate number of bytes currently in use by all the different
compression backends.

See: https://bugs.torproject.org/21662
2017-04-25 08:10:09 -04:00
Alexander Færøy
be4dc54634 Display LZMA and Zstandard versions when starting Tor.
See: https://bugs.torproject.org/21662
2017-04-25 08:10:09 -04:00
Alexander Færøy
2fa7b722ce Show liblzma and libzstd versions in tor --library-versions.
See: https://bugs.torproject.org/21662
2017-04-25 08:10:09 -04:00
Alexander Færøy
380736d045 Add Zstandard support.
See: https://bugs.torproject.org/21662
2017-04-25 08:10:09 -04:00
Alexander Færøy
ce1feae9d9 Add --enable-zstd to our configure script.
This patch adds support for enabling support for Zstandard to our configure
script. By default, the --enable-zstd option is set to "auto" which means if
libzstd is available we'll build Tor with Zstandard support.

See: https://bugs.torproject.org/21662
2017-04-25 08:10:09 -04:00
Alexander Færøy
bf1c07cb07 Add LZMA support.
See: https://bugs.torproject.org/21662
2017-04-25 08:10:06 -04:00
Alexander Færøy
157af1d26e Add --enable-lzma to our configure script.
This patch adds support for enabling support for LZMA to our configure
script. By default, the --enable-lzma option is set to "auto" which
means if liblzma is available we'll build Tor with LZMA support.

See: https://bugs.torproject.org/21662
2017-04-25 08:06:02 -04:00
Alexander Færøy
c171af0487 Use a switch-statement when checking for compression method.
This patch changes the way `tor_compress_new()`,
`tor_compress_process()`, and `tor_compress_free()` handles different
compression methods. This should give us compiler warnings in case an
additional compression method is added, but the developer forgets to add
handlers in the three aforementioned functions.

See https://bugs.torproject.org/21663
2017-04-25 08:06:01 -04:00
Alexander Færøy
300ac49685 Add compress_zlib.obj to src/common/Makefile.nmake.
See https://bugs.torproject.org/21663
2017-04-25 08:06:01 -04:00
Alexander Færøy
04583df452 Rename the torgzip module to compress.
See https://bugs.torproject.org/21663
2017-04-25 08:06:01 -04:00
Alexander Færøy
9d5bc1a935 Move zlib compression code into its own module.
This patch refactors the `torgzip` module to allow us to extend a common
compression API to support multiple compression backends.

Additionally we move the gzip/zlib code into its own module under the
name `compress_zlib`.

See https://bugs.torproject.org/21664
2017-04-25 08:06:01 -04:00
Nick Mathewson
db95a6e171 Fix implicit conversion warnings in the period_num tests 2017-04-24 15:38:16 -04:00
David Goulet
6f27843d57 hs: Refactor rend_add_service()
Remove duplicate code that validates a service object which is now in
rend_validate_service().

Add some comments on why we nullify a service in the code path of
rend_config_services().

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-24 14:51:34 -04:00
David Goulet
ed7c0170c4 hs: Add rend_validate_service() function
This new function validates a service object and is used everytime a service
is successfully loaded from the configuration file.

It is currently copying the validation that rend_add_service() also does which
means both functions validate. It will be decoupled in the next commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-24 14:39:54 -04:00
Nick Mathewson
4cefda85e4 Merge remote-tracking branch 'dgoulet/ticket21980_031_01' 2017-04-24 12:42:11 -04:00
Nick Mathewson
d949589c09 Fix some leaks in the consdiffmgr tests 2017-04-24 11:45:13 -04:00
Nick Mathewson
e55c1412c1 Fix a signed/unsigned comparison warning on 32-bit 2017-04-24 11:41:11 -04:00
Nick Mathewson
b7567a6282 Merge branch 'consdiffmgr_squashed' 2017-04-24 11:02:22 -04:00
Nick Mathewson
eb14faa0c1 Remove a checklist item that was already tested
The item referred to the cdm_ht_set_status() case where the item was
not already in the hashtable.  But that already happens naturally
when we scan the directory on startup... and we already have a test
for that.
2017-04-24 11:01:40 -04:00
Nick Mathewson
af86895581 consdiffmgr test: do not launch a diff task that is already pending 2017-04-24 11:01:40 -04:00
Nick Mathewson
2e9e2d023b consdiffmgr: tests for consdiffmgr_validate() 2017-04-24 11:01:40 -04:00
Nick Mathewson
6cc21aa89c consdiffmgr: add tests for cdm_entry_get_sha3_value 2017-04-24 11:01:40 -04:00
Nick Mathewson
bb38657b77 consdiffmgr test: add a test for updating ht on clean/rescan.
This brings us back up to ~94% coverage
2017-04-24 11:01:40 -04:00
Nick Mathewson
de0142cd9d Expand diff-management test to cover reloading items from disk 2017-04-24 11:01:40 -04:00
Nick Mathewson
43d683e0ad Fix reference leak & handle leak in consensus_diff_worker_replyfn
Found by previous test.
2017-04-24 11:01:40 -04:00
Nick Mathewson
831e656baa consdiffmgr tests: add tests to validate diff lookup/application
This commit adds some helper functions to look up the diff from one
consensus and to make sure that applying it leads to another.  Then
we add them throughout the existing test cases.  Doing this turned
up a reference-leaking bug in consensus_diff_worker_replyfn.
2017-04-24 11:01:40 -04:00
Nick Mathewson
605bcfbf71 consdiffmgr: Enable in-progress test that was not previously working
Also, add a list of additional tests to write.
2017-04-24 11:01:40 -04:00
Nick Mathewson
7ca86b9cd6 Add a hashtable to consdiffmgr to keep track of diff status
In several places in the old code, we had problems that only an
in-memory index of diff status could solve, including:
   * Remembering which diffs were in-progress, so that we didn't
     re-launch them.
   * Remembering which diffs had failed, so that we didn't try to
     recompute them over and over.
   * Having a fast way to look up the diff from a given consensus to
     the latest consensus of a given flavor.

This patch adds a hashtable mapping from (flavor, source diff), to
solve the problem.  It maps to a cache entry handle, rather than to
a cache entry directly, so that it doesn't affect the reference
counts of the cache entries, and so that we don't otherwise need to
worry about lifetime management.
2017-04-24 11:01:40 -04:00
Nick Mathewson
69a212ff3d Consdiffmgr: extract "get a sha3 digest" function.
I'll be using this a lot in the hashtable tweaks here.
2017-04-24 11:01:40 -04:00
Nick Mathewson
655f1c8e01 consdiffmgr: function to re-validate stored sha3 digests at startup 2017-04-24 11:00:28 -04:00
Nick Mathewson
6c86e63029 Consdiffmgr: use aggressive-release flag on consensuses
This conscache flag tells conscache that it should munmap the
document as soon as reasonably possible, since its usage pattern is
expected to not have a lot of time-locality.
2017-04-24 10:59:25 -04:00
Nick Mathewson
82bb8afb60 Add handle support to consensus_cache_entry_t
This will allow us to have weak references to cache entries.
2017-04-24 10:59:25 -04:00
Nick Mathewson
5726fec9c2 Consdiffmgr test: Make sure that diffs are removable
A diff is removable as soon as it no longer takes you to the most
recent consensus of the appropriate flavor.
2017-04-24 10:59:25 -04:00
Nick Mathewson
35f6b678ab Test the easiest cases of consdiffmgr_cleanup.
One more to go: deleting the old diffs.
2017-04-24 10:59:25 -04:00
Nick Mathewson
1fade37287 consdiffmgr non-test: check for initialization failure
Unfortunately, this test doesn't work, so I've left it
defined-out. There is currently no way in our unit tests to catch a
fatal assertion failure.
2017-04-24 10:59:25 -04:00
Nick Mathewson
d418f28cb5 consdiffmgr test: survive failures to compute a diff. 2017-04-24 10:59:25 -04:00
Nick Mathewson
b9c2f135bd Another consdiffmgr test: only generate the diffs that are needed
This test makes sure that we only generate the diffs we actually
want, rather than regenerating all the diffs every time anything
changes.
2017-04-24 10:59:25 -04:00
Nick Mathewson
7fc37d41b4 Unit tests for consdiffmgr module
Initial tests. These just try adding a few consensuses, looking
them up, and making sure that consensus diffs are generated in a
more or less reasonable-looking way.  It's enough for 87% coverage,
but it leaves out a lot of functionality.
2017-04-24 10:59:25 -04:00
Nick Mathewson
fe584f4012 Make cpuworker_queue_work function mockable.
I'll be using this in the unit tests for consdiffmgr.
2017-04-24 10:59:25 -04:00
Nick Mathewson
bc91808c47 Add a "Consensus diff manager" module.
This module's job is to remember old consensus documents, to
calculate their diffs on demand, and to .

There are some incomplete points in this code; I've marked them with
"XXXX". I intend to fix them in separate commits, since I believe
doing it in separate commits will make the branch easier to review.
2017-04-24 10:59:24 -04:00
George Kadianakis
39b5dca720 ed25519: Add python code to test our ed25519 validation.
See
https://lists.torproject.org/pipermail/tor-dev/2017-April/012213.html .
2017-04-24 16:34:53 +03:00
Nick Mathewson
9ba10d714a Merge branch 'consdiff_numeric_squashed' 2017-04-24 09:33:55 -04:00
Sebastian Hahn
a16de7a7cf consdiff: Reject ranges with non-numeric chars
Fixes bug #21964
2017-04-24 09:33:48 -04:00
Nick Mathewson
8ff2a8c0e2 Merge remote-tracking branch 'dgoulet/bug22032_031_01' 2017-04-24 09:30:30 -04:00
Taylor Yu
7bc636fdc9 Add regression test for #22304 2017-04-24 09:20:59 -04:00
Nick Mathewson
8b89faf424 Merge branch 'maint-0.3.0' 2017-04-24 09:20:43 -04:00