Commit Graph

745 Commits

Author SHA1 Message Date
teor
e52d725977
doc: Improve the monotonic time module and function documentation
Explain what "monotonic" actually means, and document some results that
have surprised people.

Fixes bug 29640; bugfix on 0.2.9.1-alpha.
2019-03-04 11:25:14 +10:00
rl1987
5d53862139 Split crypto_digest.c
* Move out code that depends on NSS to crypto_digest_nss.c
* Move out code that depends on OpenSSL to crypto_digest_openssl.c
* Keep the general code that is not specific to any of the above in
  crypto_digest.c
2019-03-02 20:07:05 +02:00
David Goulet
13e93bdfd5 Merge branch 'tor-github/pr/718' 2019-03-01 09:36:23 -05:00
Nick Mathewson
64f594499a Document crypto_fast_rng_one_in_n. 2019-03-01 08:20:54 -05:00
David Goulet
b402a0887f Merge branch 'tor-github/pr/655' 2019-02-26 11:30:44 -05:00
George Kadianakis
7fbfdf2af7 Merge branch 'tor-github/pr/611' 2019-02-26 12:33:23 +02:00
Nick Mathewson
065e7da8e6 Re-enable and fix unit test for nofork mappings
This test was previously written to use the contents of the system
headers to decide whether INHERIT_NONE or INHERIT_ZERO was going to
work.  But that won't work across different environments, such as
(for example) when the kernel doesn't match the headers.  Instead,
we add a testing-only feature to the code to track which of these
options actually worked, and verify that it behaved as we expected.

Closes ticket 29541; bugfix not on any released version of Tor.
2019-02-25 08:55:25 -05:00
Nick Mathewson
b3416476b4 Remove all uses of weak_rng.
I'm not removing the weak_rng code itself yet, since it is possible
that we will want to revert one of these.
2019-02-20 12:24:34 -05:00
Nick Mathewson
97b9dfe305 Add a convenience macro to get a fast one-in-n calculation 2019-02-20 12:21:05 -05:00
Nick Mathewson
b25cd5cfe1 Implement code to manage a per-thread instance of crypto_fast_rng()
The subsystems API makes this really simple, fortunately.

Closes ticket 29536
2019-02-19 15:36:08 -05:00
David Goulet
6c173d00f5 Merge branch 'tor-github/pr/702' 2019-02-14 11:43:10 -05:00
George Kadianakis
00b073b1bc Merge branch 'maint-0.3.5' 2019-02-14 18:01:07 +02:00
George Kadianakis
d83c299eba Merge branch 'tor-github/pr/689' into maint-0.3.5 2019-02-14 18:00:05 +02:00
Nick Mathewson
f3cbd6426c Implement a fast aes-ctr prng
This module is currently implemented to use the same technique as
libottery (later used by the bsds' arc4random replacement), using
AES-CTR-256 as its underlying stream cipher.  It's backtracking-
resistant immediately after each call, and prediction-resistant
after a while.

Here's how it works:

We generate psuedorandom bytes using AES-CTR-256.  We generate BUFLEN bytes
at a time.  When we do this, we keep the first SEED_LEN bytes as the key
and the IV for our next invocation of AES_CTR, and yield the remaining
BUFLEN - SEED_LEN bytes to the user as they invoke the PRNG.  As we yield
bytes to the user, we clear them from the buffer.

Every RESEED_AFTER times we refill the buffer, we mix in an additional
SEED_LEN bytes from our strong PRNG into the seed.

If the user ever asks for a huge number of bytes at once, we pull SEED_LEN
bytes from the PRNG and use them with our stream cipher to fill the user's
request.
2019-02-14 09:26:40 -05:00
Nick Mathewson
622a9a8a36 Extract the common body of our random-int functions into a macro
This is the second part of refactoring the random-int-in-range code.
2019-02-14 09:26:40 -05:00
David Goulet
d5de1a0a55 Merge branch 'tor-github/pr/651' 2019-02-13 11:02:02 -05:00
David Goulet
6efc2a0e1f Merge branch 'tor-github/pr/650' into maint-0.3.5 2019-02-13 10:56:24 -05:00
Nick Mathewson
49ec29044d Add more openssl includes to fix no-deprecated compilation
Closes ticket 29026; patch from Mangix.
2019-02-08 08:51:23 -05:00
Nick Mathewson
b9abdcd6bc Fix compilation when openssl is compiled without engine support.
Patch from Mangix. Closes part of ticket 29026.
2019-02-08 08:50:43 -05:00
Nick Mathewson
a49149fc13 Extract numeric CSPRNG functions into a new module.
Some of the code for getting a random value within a range wants to
be shared between crypto_rand() and the new crypto_fast_rng() code.
2019-02-06 22:06:05 -05:00
Nick Mathewson
21d184a184 Remove extraneous #if/#endif wrapper in crypto_rand.c
I don't know how this got here, but this kind of a wrapper only
belongs in a header file.
2019-02-06 22:05:39 -05:00
Nick Mathewson
8ca808f81d Code for anonymous mappings via mmap() or CreateFileMapping().
Using an anonymous mmap() is a good way to get pages that we can set
kernel-level flags on, like minherit() or madvise() or mlock().
We're going to use that so that we can make uninheritable locked
pages to store PRNG data.
2019-02-06 22:03:30 -05:00
Nick Mathewson
d23704bf26 Merge branch 'ticket28668_035' into ticket28668_040 2019-01-23 14:50:22 -05:00
Nick Mathewson
6144cf99ad Capture more BUG warnings in util/time test
These are ones that happen on windows only.

Fixes bug 29161.
2019-01-23 12:37:12 -05:00
Peter Gerber
db3ee1d862
Allow getsockopt(…, SOL_SOCKET, SO_ACCEPTCONN, …) in sandbox
SO_ACCEPTCONN checks whether socket listening is enabled and is
used ever since 9369152aae has been merged.

Closes ticket #29150
2019-01-22 21:51:25 +00:00
Nick Mathewson
21dd3ece62 Merge branch 'maint-0.3.5' 2019-01-22 11:55:56 -05:00
Nick Mathewson
4159d103d6 Merge branch 'bug29042_035' into maint-0.3.5 2019-01-22 11:55:53 -05:00
Nick Mathewson
9b0dd1ae04 Add a function to compute an XOF in one shot.
Motivation:
  1. It's convenient.
  2. It's all that openssl supports.

Part of 28837.
2019-01-17 12:43:20 -05:00
Nick Mathewson
c393171403 Use openssl's version of sha3 when available.
Part of 28837.
2019-01-17 12:43:20 -05:00
Nick Mathewson
16430fdaf5 Merge branch 'maint-0.3.5' 2019-01-16 14:43:53 -05:00
Kris Katterjohn
cbcf75d728 Update and fix a couple of comments in meminfo.c
This fixes a typo and also notes that HW_PHYSMEM64 is defined on
NetBSD (not just OpenBSD).

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2019-01-16 14:40:15 -05:00
Kris Katterjohn
0f3d88a159 Use HW_PHYSMEM instead of HW_USERMEM in get_total_system_memory_impl
The code checked for sysctl being available and HW_PHYSMEM being
defined, but HW_USERMEM was actually being used with sysctl instead
of HW_PHYSMEM.

The case for OpenBSD, etc. use HW_PHYSMEM64 (which is obviously a
64-bit variant of HW_PHYSMEM) and the case for OSX uses HW_MEMSIZE
(which appears to be a 64-bit variant of HW_PHYSMEM).

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2019-01-16 14:40:15 -05:00
Nick Mathewson
0981ac4c59 Log more messages when failing to decode RSA keys
We log these messages at INFO level, except when we are reading a
private key from a file, in which case we log at WARN.

This fixes a regression from when we re-wrote our PEM code to be
generic between nss and openssl.

Fixes bug 29042, bugfix on 0.3.5.1-alpha.
2019-01-16 14:35:30 -05:00
Nick Mathewson
2f683465d4 Bump copyright date to 2019 2019-01-16 12:33:22 -05:00
Nick Mathewson
efe55b8898 Bump copyright date to 2019. 2019-01-16 12:32:32 -05:00
Nick Mathewson
b169c8c14f Merge remote-tracking branch 'asn-github/adaptive_padding-final' 2019-01-14 14:48:00 -05:00
Nick Mathewson
99947c3ce0 Merge remote-tracking branch 'teor/bug29015' 2019-01-14 13:59:07 -05:00
Kris Katterjohn
df1a8a657e Actually close the stdout pipe on error in process_unix_exec
When cleaning up after an error in process_unix_exec, the stdin
pipe was being double closed instead of closing both the stdin
and stdout pipes.  This occurred in two places.

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2019-01-11 18:55:09 -05:00
Nick Mathewson
5dd926caa6 Include the beginnings of a FAQ about which timer to use. 2019-01-11 09:08:51 -05:00
Taylor R Campbell
d82a8a7f9d Add some more type checking.
NOTE: This commit breaks the build, because there was a mistake in an
earlier change of exactly the sort that this is meant to detect!  I'm
leaving it broken for illustration.
2019-01-11 14:41:28 +02:00
Taylor R Campbell
0f8253bddb Use the distribution abstraction as an abstraction. 2019-01-11 14:40:50 +02:00
Taylor R Campbell
531df9590d Move ceil call back into the geometric sampler.
Test exactly what the geometric sampler returns, because that's what
the downstream callers of it are going to use.

While here, also assert that the geometric sampler returns a positive
integer.  (Our geometric distribution is the one suported on {1, 2,
3, ...} that returns the number of trials before the first success,
not the one supported on {0, 1, 2, ...} that returns the number of
failures before the first success.)
2019-01-11 14:40:50 +02:00
George Kadianakis
e0e0338dc4 Rename crypto_rand_uint32() -> crypto_rand_u32()
See https://github.com/torproject/tor/pull/624#discussion_r246453777
2019-01-10 13:06:08 +02:00
Nick Mathewson
0ed966fde1 Merge branch 'maint-0.3.5' 2019-01-09 09:38:27 -05:00
Nick Mathewson
694e3c57fd Merge remote-tracking branch 'tor-github/pr/636' into maint-0.3.5 2019-01-09 09:38:22 -05:00
Nick Mathewson
e6a4401200 Merge branch 'maint-0.3.5' 2019-01-09 08:52:10 -05:00
Kris Katterjohn
c13a81f7f9 Fix (and make consistent) the use of OpenBSD preprocessor macro tests
Prior to this commit, the testsuite was failing on OpenBSD.  After
this commit the testsuite runs fine on OpenBSD.

It was previously decided to test for the OpenBSD macro (rather than
__OpenBSD__, etc.) because OpenBSD forks seem to have the former
macro defined.  sys/param.h must be included for the OpenBSD macro
definition; however, many files tested for the OpenBSD macro without
having this header included.

This commit includes sys/param.h in the files where the OpenBSD macro
is used (and sys/param.h is not already included), and it also
changes some instances of the __OpenBSD__ macro to OpenBSD.

See commit 27df23abb6 which changed
everything to use OpenBSD instead of __OpenBSD__ or OPENBSD.  See
also tickets #6982 and #20980 (the latter ticket is where it was
decided to use the OpenBSD macro).

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2019-01-09 08:51:57 -05:00
Nick Mathewson
f9a7701ff1 Merge branch 'ticket28856_v2' 2019-01-09 08:46:40 -05:00
teor
671c34d9b4
lib/net: improve the docs for tor_{ersatz_,}socketpair()
Add some details about IP family support, and point to
tor_socketpair() from tor_ersatz_socketpair().

Closes ticket 29015.
2019-01-08 14:45:17 +10:00
Kris Katterjohn
c59b572e93 Fix tor_ersatz_socketpair on IPv6-only systems
In get_local_listener used by tor_ersatz_socketpair, the address
family used when binding the IPv6 socket was AF_INET instead of
AF_INET6.

Fixes bug 28995; bugfix on 0.3.5.1-alpha.

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2019-01-07 17:28:21 -06:00
Nick Mathewson
4e4f93d364 Add a #ifdef HAVE_UNISTD_H check to buffers.c
Reported on tor-dev by Gisle Vanem.  Bug not in any released Tor

(The suggested patch used _MSC_VER, but that's not how we do stuff
with autoconf.  With autoconf, you detect the feature you want,
rather than trying to list all the systems that do or do not have
it.)
2019-01-03 09:52:19 -05:00
Nick Mathewson
9ba690e33f Merge branch 'maint-0.3.5' 2019-01-03 09:45:56 -05:00
Nick Mathewson
abdc6aede2 Merge branch 'ticket28851_035_squashed' into maint-0.3.5 2019-01-03 09:45:53 -05:00
Nick Mathewson
b82717b273 Stop re-checking our hardcoded dh parameters on every startup
Closes ticket 28851.
2019-01-03 09:45:43 -05:00
Nick Mathewson
47176eb678 Merge branch 'maint-0.3.5' 2019-01-03 09:44:15 -05:00
Nick Mathewson
98736cf36a Merge remote-tracking branch 'public/ticket28838_035' into maint-0.3.5 2019-01-03 09:44:10 -05:00
Nick Mathewson
27853938a1 Merge branch 'maint-0.3.5' 2019-01-03 09:02:40 -05:00
Nick Mathewson
ed62f0fa15 Merge branch 'maint-0.3.4' into maint-0.3.5 2019-01-03 09:02:39 -05:00
Nick Mathewson
3e7f13a4ef Merge branch 'maint-0.3.5' 2019-01-02 16:15:39 -05:00
Nick Mathewson
b33bcb1e63 Add an errno.h include to freespace.c to fix bug 28974. 2019-01-02 15:19:52 -05:00
George Kadianakis
926fc93be5 Concentrate all TOR_USEC_PER_SEC definitions in a single header file.
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
2019-01-02 15:25:55 +02:00
George Kadianakis
2ccf326837 Implement and test probability distributions used by WTF-PAD.
This project introduces the prob_distr.c subsystem which implements all the
probability distributions that WTF-PAD needs. It also adds unittests for all of
them.

Code and tests courtesy of Riastradh.

Co-authored-by: Taylor R Campbell <campbell+tor@mumble.net>
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
2019-01-02 15:25:55 +02:00
George Kadianakis
a336d816a6 Circuit padding tests.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:25:55 +02:00
Mike Perry
3ba7581129 Provide a smartlist reverse-order traversal.
We need this for padding negotiation so that we can have later machine
revisions supercede earlier ones.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:09:13 +02:00
Nick Mathewson
70dd6d07bb Merge branch 'orconn-tracker_squashed' 2018-12-21 14:22:11 -05:00
Nick Mathewson
fd58e5e498 Fix priority on process subsystem level: it uses "net" 2018-12-21 14:12:20 -05:00
Nick Mathewson
ab4395d082 Merge branch 'ticket28847' 2018-12-21 13:26:47 -05:00
Alexander Færøy
2322b56389 Fix typo in time_sys.h. 2018-12-21 13:26:38 -05:00
Alexander Færøy
cf4b3dbd44 Use the subsystem list to initialize and shutdown process module.
This patch makes the process module use the subsystem list for
initializing and shutting down.

See: https://bugs.torproject.org/28847
2018-12-21 13:26:38 -05:00
Taylor Yu
b0f974633a Add LD_BTRACK log domain for bootstrap tracker
Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Nick Mathewson
5c85ba3077 Merge remote-tracking branch 'tor-github/pr/608' 2018-12-20 11:42:26 -05:00
Nick Mathewson
a517daa56f base32_decode(): Return number of bytes written on success.
This makes it consistent with base64_decode().

Closes ticket 28913.
2018-12-20 08:36:25 -05:00
Alexander Færøy
f7e175db57 Forward declare smartlist_t in process.h
This allows other libraries to include process.h without including
the smartlist_t headers first.

See: https://bugs.torproject.org/28847
2018-12-20 14:36:04 +01:00
Alexander Færøy
7762088967 No need to log ordinary EOF conditions as LOG_WARN.
Let's not use log_warn() when a pipe is closed under what should be
considered normal conditions.

See: https://bugs.torproject.org/28179
2018-12-20 13:12:53 +01:00
Alexander Færøy
412fbe9f17 Make example CancelIoEx() code use CancelIo().
This patch changes the CancelIoEx() example code to use CancelIo(),
which is available for older versions of Windows too. I still think the
kernel handles this nicely by sending broken pipes if either side
closes the pipe while I/O operations are pending.

See: https://bugs.torproject.org/28179
2018-12-20 13:11:24 +01:00
Alexander Færøy
f58e597d42 Handle ERROR_BROKEN_PIPE in completion routines.
Handle `ERROR_BROKEN_PIPE` from ReadFileEx() and WriteFileEx() in
process_win32_stdin_write_done() and
process_win32_handle_read_completion() instead of in the early handler.
This most importantmly makes sure that `reached_eof` is set to true when
these errors appears.

See: https://bugs.torproject.org/28179
2018-12-20 13:04:49 +01:00
Alexander Færøy
36e24782f8 Remember to set reached_eof when our handles are reporting errors.
This patch adds some missing calls to set `reached_eof` of our handles
when various error conditions happens or when we close our handle (which
happens at `process_terminate()`.

See: https://bugs.torproject.org/28179
2018-12-20 13:02:22 +01:00
Alexander Færøy
c6e041e3d8 Handle errors even after success from ReadFileEx() and WriteFileEx().
This patch adds some additional error checking after calls to
ReadFileEx() and WriteFileEx(). I have not managed to get this code to
reach the branch where `error_code` is NOT `ERROR_SUCCESS`, but MSDN
says one should check for this condition so we do so just to be safe.

See: https://bugs.torproject.org/28179
2018-12-20 12:57:20 +01:00
Alexander Færøy
44586a89ef Delay checking process for termination until both stdout and stderr are closed.
This patch makes us delay checking for whether we have an exit code
value (via GetExitCodeProcess()) until both stdout and stderr have been
closed by the operating system either by the process itself or by
process cleanup after termination.

See: https://bugs.torproject.org/28179
2018-12-20 12:53:28 +01:00
Alexander Færøy
1d8dcb416c Remember to close the child process' ends of the pipes.
This prevents us from leaking the HANDLE for stdout, stderr, and stdin.

See: https://bugs.torproject.org/28179
2018-12-20 12:47:04 +01:00
Nick Mathewson
bb091da1e7 Merge branch 'ticket28839_v2_squashed' 2018-12-18 18:59:05 -05:00
Alexander Færøy
ca7a2ecc51 Avoid breaking the event loop prematurely.
This patch makes sure that we terminate the event loop from the event
loop timer instead of directly in the process' exit handler. This allows
us to run the event loop an additional time to ensure that the SleepEx()
call on Windows is called and the data from stdout/stderr is delivered
to us.

Additionally we ensure that we don't try to read or write data from a
Unix process that have been terminated in the main loop, since its file
descriptors are closed at that time.

See: https://bugs.torproject.org/28179
2018-12-18 13:35:29 -05:00
Nick Mathewson
8a01f0eaab lib/process may include lib/buf. 2018-12-17 17:58:49 -05:00
Nick Mathewson
4ad59bfbc2 Update location of buffers.h 2018-12-17 17:01:50 -05:00
Nick Mathewson
e969d9c6b4 Merge branch 'ticket28179_squashed' into ticket28179_squashed_merged 2018-12-17 16:41:01 -05:00
Alexander Færøy
c8b8b15f0e Ensure that line_size >= 1 before trying to trim input string.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
fab22509d7 Make Windows process event timer API available for dormant interface.
This patch changes the API of the Windows backend of the Process
subsystem to allow the dormant interface to disable the Process event
timer.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
a33a77d9cd Document the format of process_t::arguments.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
0d796cce17 Use errno directly if we are not reading/writing from/to a socket.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
cacdd29087 Use const char * instead of char * for line parameter for process callbacks.
This patch changes the type definition of the process callbacks to use
`const char *` instead of `char *`.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
5585cbd08f Change the Process exit_callback to return bool.
This patch changes our process_t's exit_callback to return a boolean
value.  If the returned value is true, the process subsystem will call
process_free() on the given process_t.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
22cb3c6ce9 Call close() on stdin/stdout/stderr in process_terminate().
Call close() on all process handles after we have called kill(pid,
SIGTERM).

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ccc1963890 Move remaining code from subprocess.{h,c} to more appropriate places.
This patch moves the remaining code from subprocess.{h,c} to more
appropriate places in the process.c and process_win32.c module.

We also delete the now empty subprocess module files.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
f7d13425fc Delete old process_handle_t code.
This patch removes the old process_handle_t code. Everything should by
now be using the process_t interface.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ad4cc89c5d Add "PT" log domain.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
b0d268a822 Add process_reset_environment() to the Process subsystem.
This patch adds a new function that allows us to reset the environment
of a given process_t with a list of key/value pairs.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
4f611a1df7 Add process_terminate().
This patch adds support for process termination to the Process
subsystem.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
338137221c Make sure we call process_notify_event_exit() as the last thing in different callbacks.
This patch makes sure that we call process_notify_event_exit() after we
have done any modifications we need to do to the state of a process_t.
This allows application developers to call process_free() in the
exit_callback of the process.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
e982fb1dae Add documentation for the is_socket and error argument of read_to_chunk().
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
89393a77e5 Add process_get_pid() to the Process subsystem.
This patch adds support for getting the unique process identifier from a
given process_t. This patch implements both support for both the Unix
and Microsoft Windows backend.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
bb784cf4f3 Add Windows backend for the Process subsystem.
This patch adds support for Microsoft Windows in the Process subsystem.

Libevent does not support mixing different types of handles (sockets,
named pipes, etc.) on Windows in its core event loop code. This have
historically meant that Tor have avoided attaching any non-networking
handles to the event loop. This patch uses a slightly different approach
to roughly support the same features for the Process subsystem as we do
with the Unix backend.

In this patch we use Windows Extended I/O functions (ReadFileEx() and
WriteFileEx()) which executes asynchronously in the background and
executes a completion routine when the scheduled read or write operation
have completed. This is much different from the Unix backend where the
operating system signals to us whenever a file descriptor is "ready" to
either being read from or written to.

To make the Windows operating system execute the completion routines of
ReadFileEx() and WriteFileEx() we must get the Tor process into what
Microsoft calls an "alertable" state. To do this we execute SleepEx()
with a zero millisecond sleep time from a main loop timer that ticks
once a second.  This moves the process into the "alertable" state and
when we return from the zero millisecond timeout all the outstanding I/O
completion routines will be called and we can schedule the next reads
and writes.

The timer loop is also responsible for detecting whether our child
processes have terminated since the last timer tick.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
2e957027e2 Add Unix backend for the Process subsystem.
This patch adds the Unix backend for the Process subsystem. The Unix
backend attaches file descriptors from the child process's standard in,
out and error to Tor's libevent based main loop using traditional Unix
pipes. We use the already available `waitpid` module to get events
whenever the child process terminates.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
35509978dd Add new Process subsystem.
This patch adds a new Process subsystem for running external programs in
the background of Tor. The design is focused around a new type named
`process_t` which have an API that allows the developer to easily write
code that interacts with the given child process. These interactions
includes:

- Easy API for writing output to the child process's standard input
  handle.
- Receive callbacks whenever the child has output on either its standard
  output or standard error handles.
- Receive callback when the child process terminates.

We also support two different "protocols" for handling output from the
child process. The default protocol is the "line" protocol where the
process output callbacks will be invoked only when there is complete
lines (either "\r\n" or "\n" terminated). We also support the "raw"
protocol where the read callbacks will get whatever the operating system
delivered to us in a single read operation.

This patch does not include any operating system backends, but the Unix
and Windows backends will be included in separate commits.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Nick Mathewson
29254812a3 Remove strcmp_len(): it is now unused
(See 28856.)
2018-12-17 09:04:25 -05:00
Nick Mathewson
3c35c0d441 Add a function to provide an upper bound on base64 decoded length 2018-12-14 13:51:51 -05:00
Nick Mathewson
041e9235c1 Lower the loop_max constant in curve25519_basepoint_spot_check()
The point of this function is to make sure that the ed25519-based
implementation of curve25519_basepoint() actually works when we
start tor, and use the regular fallback implementation if it
doesn't.  But it accounts for 9% of our startup time in the case
when we have directory information, and I think it's safe to make
the test shorter.  After all, it has yet to find any actual bugs in
curved25519_scalarmult_basepoint_donna() on any platforms.

Closes ticket 28838.
2018-12-13 11:26:09 -05:00
Nick Mathewson
69264f96f3 Merge branch 'dormant_persist_squashed' 2018-12-13 08:26:10 -05:00
Nick Mathewson
b5c04173c8 Change interaction between dormant mode and clock jumps.
When the clock jumps, and we have a record of last user activity,
adjust that record.  This way if I'm inactive for 10 minutes and
then the laptop is sleeping for an hour, I'll still count as having
been inactive for 10 minutes.

Previously, we treat every jump as if it were activity, which is
ridiculous, and would prevent a Tor instance with a jumpy clock from
ever going dormant.
2018-12-13 08:25:54 -05:00
Nick Mathewson
f0a8664677 Add code to parse K=V lines into config_line_t format.
Closes ticket 28755
2018-12-12 11:07:08 -05:00
Nick Mathewson
ca4b86f90a Merge remote-tracking branch 'tor-github/pr/508' 2018-12-05 08:19:02 -05:00
Nick Mathewson
701eaef980 Move net.inet.ip.random_id code to lib/net/ 2018-12-01 11:36:03 -05:00
Alexander Færøy
2b41b857bd Add LD_PROCESS as log domain.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
31b3a6577c Add buf_flush_to_pipe() and buf_read_from_pipe().
This patch adds two new functions: buf_flush_to_pipe() and
buf_read_from_pipe(), which makes use of our new buf_flush_to_fd() and
buf_read_from_fd() functions.

See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
771930b84c Refactor buf_read_from_socket() into buf_read_from_fd().
This patch refactors buf_read_from_socket() into buf_read_from_fd(), and
creates a specialized function for buf_read_from_socket(), which uses
buf_read_from_fd().

See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
c71f9df07b Refactor buf_flush_to_socket() into buf_flush_to_fd().
This patch refactors buf_flush_to_socket() into buf_flush_to_fd() and
creates a specialization function for buf_flush_to_socket() that makes
use of buf_flush_to_fd().

See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
340260281a Refactor flush_chunk() to work on pipes as well as sockets.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
5f26ae833e Refactor read_to_chunk() such that it supports both pipes and sockets.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Nick Mathewson
8a15d0f69b Merge branch 'maint-0.3.5' 2018-11-26 17:25:28 -05:00
teor
44ced9b750 Merge branch 'bug28096-029-squashed' into bug28096-035-squashed
Move the get_uname() changes from src/common/compat.c to
src/lib/osinfo/uname.c
2018-11-15 12:23:29 +10:00
Nick Mathewson
eaff47352a Make sure sandbox-related getaddrinfo() functions always exist. 2018-11-14 16:12:29 -05:00
Nick Mathewson
e429e31ad1 Normalize .may_include to always have paths, and paths to include 2018-11-14 16:07:35 -05:00
Nick Mathewson
c0a7527eb8 Remove dependency on lib/net from lib/sandbox.
This was trivial, and the easiest way to remove the remaining
.may_include circularities.
2018-11-14 16:07:03 -05:00
Nick Mathewson
f6b8c7da66 Move buffers.c out of lib/containers to resolve a circularity. 2018-11-14 16:07:03 -05:00
Nick Mathewson
c9f9c9bc49 Make memarea use smartlist_core, not container. 2018-11-14 16:07:03 -05:00
Nick Mathewson
a6a7a1f3ed Merge branch 'maint-0.3.5' 2018-11-13 16:48:26 -05:00
Nick Mathewson
021187f915 Merge branch 'bug28183_029' into maint-0.3.5 2018-11-13 16:48:21 -05:00
Nick Mathewson
d000e798ac Merge branch 'maint-0.3.5' 2018-11-13 08:27:29 -05:00
Nick Mathewson
ae4c94bb64 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-11-13 08:27:29 -05:00
Nick Mathewson
d1e9285b1d Merge branch 'maint-0.3.5' 2018-11-11 18:05:45 -05:00
Nick Mathewson
896d0ebb99 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-11-11 18:05:45 -05:00
Nick Mathewson
bf4f55a13d Merge branch 'subsystems' 2018-11-09 15:01:49 -05:00
Nick Mathewson
c6336727ca Rename subsystem callback functions to make them consistent 2018-11-09 11:12:12 -05:00
Nick Mathewson
e80595f562 fixup! Make initialization for the "err" library into a subsystem.
Check for failure to install backtrace handler.
2018-11-09 11:00:31 -05:00
Nick Mathewson
61695e3d62 Document that subsystem callbacks are optional. 2018-11-09 10:58:20 -05:00
Nick Mathewson
4fe4bcf8a1 Explain that configuration should happen elsewhere, but not init. 2018-11-09 10:55:18 -05:00
Nick Mathewson
5d73f87ced Merge branch 'maint-0.3.5' 2018-11-09 10:49:48 -05:00
Nick Mathewson
2ac2d0a426 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-11-09 10:49:47 -05:00
Roger Dingledine
6e828ced56 simplify now that it uses tor's copyright and license 2018-11-07 11:02:26 -05:00
Nick Mathewson
a7a060a637 Switch ctassert.h to 3bsd (with permission) 2018-11-07 10:37:02 -05:00
Nick Mathewson
770653ff45 Allow lib/cc to include its own files. 2018-11-06 16:59:39 -05:00
Nick Mathewson
d9508d8ede Change copyright statement (with permission) 2018-11-06 15:42:18 -05:00
Nick Mathewson
6b706bcf19 Remove a tab. 2018-11-06 15:41:32 -05:00
Nick Mathewson
3c9dd9ef2d Add parentheses to the ctassert macro expansions 2018-11-06 15:41:14 -05:00
Nick Mathewson
e69a4ad6b3 Add a user of CTASSERT(). 2018-11-06 15:39:58 -05:00
Taylor R Campbell
1a6060fa42 New macro CTASSERT(condition) to assert condition at compile-time.
To get it, use: #include "lib/cc/ctassert.h"
2018-11-06 15:36:58 -05:00
Nick Mathewson
8020d6fb05 Merge remote-tracking branch 'tor-github/pr/464' 2018-11-06 15:33:25 -05:00
Nick Mathewson
bcba6a4918 Merge branch 'maint-0.3.5' 2018-11-06 15:17:52 -05:00
Kris Katterjohn
daaa2751ed Include sys/time.h in timers.c and time_fmt.c
This fixes compilation on OpenBSD.

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2018-11-06 15:15:22 -05:00
Nick Mathewson
32b23a4c40 Make tortls use the subsystems interface
This one only needs a shutdown right now.
2018-11-05 09:22:02 -05:00
Nick Mathewson
019a044e5e Turn "compress" into a subsystem. 2018-11-05 09:22:02 -05:00
Nick Mathewson
207253df8d Move monotonic time setup into a subsystem 2018-11-05 09:22:02 -05:00
Nick Mathewson
cad61f0f6d Move prefork, postfork, and thread-exit hooks into subsys
So far, crypto is the only module that uses them, but others are
likely to do so in the future.
2018-11-05 09:22:02 -05:00
Nick Mathewson
50436ccea4 Add crypto module as a subsystem. 2018-11-05 09:22:02 -05:00
Nick Mathewson
cfe5b35edb Move networking startup/cleanup logic into a subsystem. 2018-11-05 09:22:02 -05:00
Nick Mathewson
05b54f6a6a Use subsystems manager for subsystems used in tests. 2018-11-05 09:22:02 -05:00
Nick Mathewson
a0ee54549f Turn the wallclock module into a subsystem.
(This may be slightly gratuitous.)
2018-11-05 09:22:02 -05:00
Nick Mathewson
d3e4afcc9b Turn the logging code into a subsystem 2018-11-05 09:22:02 -05:00
Nick Mathewson
b8c50eabfe Add a subsystem for our threading support 2018-11-05 09:22:02 -05:00
Nick Mathewson
178c1821b2 Make the windows process parameter initialization a subsystem
Also, move it from "main" into lib/process
2018-11-05 09:22:02 -05:00
Nick Mathewson
175153a329 Make initialization for the "err" library into a subsystem. 2018-11-05 09:22:02 -05:00
Nick Mathewson
6e7ff8cba0 Move the code that knows our tor version into a lowest-level lib 2018-11-05 09:22:02 -05:00
Nick Mathewson
7bb76b24cf Code to manage the list of subsystems. 2018-11-05 09:22:02 -05:00
Nick Mathewson
a6c7e01584 Merge branch 'bug27963_wallclock' into maint-0.3.5 2018-11-02 09:39:13 -04:00
Nick Mathewson
084a5a13c7 Merge branch 'bug27963_wallclock' 2018-11-02 09:38:26 -04:00
Nick Mathewson
0ce1f2d466 Declare the subsystem structure. 2018-11-01 12:55:52 -04:00
Nick Mathewson
084924360a Merge branch 'ticket23082_squashed' 2018-10-30 09:05:42 -04:00
rl1987
1425549ca6 Code cleanups for tor_addr_parse() 2018-10-30 09:05:11 -04:00
rl1987
742cd15649 Move a check for trailing colon to tor_inet_pton()
That way, string_is_valid_ipv6_address() can benefit from it
2018-10-30 09:05:11 -04:00
Nick Mathewson
b77889fc5f Merge branch 'maint-0.3.5' 2018-10-24 10:20:53 -04:00
cypherpunks
3704c4a012 string: add BOM helper 2018-10-23 00:33:48 +00:00
Nick Mathewson
d1d66866b2 Rename a function; it is used to convert a value _From_ le.
We can't use htons()/ntohs() -- those are no-ops on exactly the
wrong platforms.
2018-10-19 08:42:28 -04:00
Nick Mathewson
f8a1dc64f9 Fix a misspelled macro test that was breaking big-endian OPE
Fixes bug 28115; bugfix on 0.3.5.1-alpha.
2018-10-19 08:41:25 -04:00
cypherpunks
a56451af42 evloop: fix docs for threadpool_register_reply_event
Commit 6a5f62f68f ultimately didn't
include the base argument, and the callback is named cb.
2018-10-17 20:27:19 +00:00
cypherpunks
f07ab5b95c evloop: fix docs
alert_sockets_t was moved in 544ab27a94.
2018-10-17 20:27:19 +00:00
Nick Mathewson
8b3ec74e5f Merge remote-tracking branch 'public/bug27990' 2018-10-16 08:02:01 -04:00
Nick Mathewson
feed41bed3 Merge branch 'maint-0.3.4' 2018-10-15 12:47:46 -04:00
Nick Mathewson
23ce9a60fb Merge branch 'maint-0.3.4' 2018-10-15 10:48:35 -04:00
Nick Mathewson
4983322cc7 Merge branch 'maint-0.3.4' 2018-10-15 10:37:53 -04:00
Nick Mathewson
2dccef0eb4 Merge branch 'bug27772_squashed' 2018-10-14 15:31:52 -04:00
Nick Mathewson
7c8f20ba44 In tor_tls_get_my_certs(), set cert ptrs even on failure
Nothing should ever look at them on failure, but in some cases,
the unit tests don't check for failure, and then GCC-LTO freaks out.

Fixes part of 27772.
2018-10-14 15:25:16 -04:00
Nick Mathewson
267b8d16b1 Add timeval.h include to compat_pthreads.c for timeradd()
OpenSolaris apparently doesn't have timeradd(), so we added a
replacement, but we weren't including it here after the big
refactoring in 0.3.5.1-alpha.

Fixes bug 27963; bugfix on 0.3.5.1-alpha.
2018-10-10 12:19:56 -04:00
Nick Mathewson
d3d6c59557 Add sys/time.h include back to procmon.c 2018-10-10 11:26:38 -04:00
Nick Mathewson
361eaa9931 Merge remote-tracking branch 'public/ticket27856' 2018-10-09 09:04:53 -04:00
Nick Mathewson
58299b2927 Merge remote-tracking branch 'public/bug27728' 2018-10-01 12:06:39 -05:00
Nick Mathewson
b058f64cc0 Detect an unlikely integer overflow. 2018-09-27 16:30:02 -04:00
Nick Mathewson
9e1a3be064 Prevent duplicate initialization of NSS DH module
Allowing this didn't do any actual harm, since there aren't any
shared structures or leakable objects here.  Still, it's bad style
and might cause trouble in the future.

Closes ticket 27856.
2018-09-27 13:26:47 -04:00
Nick Mathewson
34402ece8c geoip: fix windows compilation 2018-09-27 11:02:58 -04:00
Nick Mathewson
c8f2a6d2fe Extract the non-stats part of geoip into a new src/lib/geoip. 2018-09-27 10:26:01 -04:00
Nick Mathewson
6c739c3fb2 Fix arm compilation with openssl <1.1
Bug 27781; bugfix on 0.3.5.1-alpha.
2018-09-24 11:11:29 -04:00
Nick Mathewson
4e2028152d Fix an NSS socket leak-on-error found by dgoulet 2018-09-20 13:53:04 -04:00
Nick Mathewson
d6c564e09a Use the correct macro to detect an invalid socket in tortls_nss.c
Fixes bug 27782; bugfix on 0.3.5.1-alpha
2018-09-20 12:55:31 -04:00
Nick Mathewson
62b709bc26 Release ownership of the dummy socket that tortls_nss.c will close
Related to #27795 -- since NSS will close the socket, we must not
count it as owned by Tor.
2018-09-20 12:53:39 -04:00
Nick Mathewson
1c1e84281d Add a tor_release_socket_ownership() function. 2018-09-20 12:46:47 -04:00
Nick Mathewson
1f377e910f Merge branch 'maint-0.3.4' 2018-09-20 10:43:08 -04:00
Nick Mathewson
7ace8d5a61 Assert that some trunnel _new() functions return non-NULL
The trunnel functions are written under the assumption that their
allocators can fail, so GCC LTO thinks they might return NULL.  In
point of fact, they're using tor_malloc() and friends, which can't
fail, but GCC won't necessarily figure that out.

Fixes part of #27772.
2018-09-18 14:43:57 -04:00
Nick Mathewson
ea5792f333 Make crypto_strongest_rand() non-mockable
Instead, have it call a mockable function.  We don't want
crypto_strongest_rand() to be mockable, since doing so creates a
type error when we call it from ed25519-donna, which we do not build
in a test mode.

Fixes bug 27728; bugfix on 0.3.5.1-alpha
2018-09-18 12:40:18 -04:00
George Kadianakis
43324b0e4d Fix minor memleak in edge-case of crypto_rsa.c function. 2018-09-18 14:01:15 +03:00
Nick Mathewson
f606b3cfd1 Lower the maximum size of a private key file to 16 MB
This shouldn't be a user-visible change: nobody has a 16 MB RSA
key that they're trying to use with Tor.

I'm doing this to fix CID 1439330 / ticket 27730, where coverity
complains (on 64-bit) that we are making a comparison that is never
true.
2018-09-17 11:08:56 -04:00
Nick Mathewson
991bec67ee When Tor is compiled with NSS, don't claim support for LinkAuth=1
Closes ticket 27288
2018-09-16 13:28:29 -04:00
Nick Mathewson
035166e7bf Add a missing function for windows 2018-09-14 15:02:11 -04:00
Nick Mathewson
af39649aad Explicitly ignore BIO_set_close() return val to fix #27711 2018-09-14 13:09:10 -04:00
Nick Mathewson
79f8641ee5 Merge branch 'nss_countbytes_squashed' 2018-09-14 12:45:30 -04:00
Nick Mathewson
ac93c911ce Allow malloc includes in tls library 2018-09-14 12:44:56 -04:00
Nick Mathewson
126819c947 Add support for lower-level byte counting with NSS
This is harder than with OpenSSL, since OpenSSL counts the bytes on
its own and NSS doesn't.  To fix this, we need to define a new
PRFileDesc layer that has its own byte-counting support.

Closes ticket 27289.
2018-09-14 12:44:56 -04:00
Nick Mathewson
0e4fcd3996 Merge branch 'nss_27664' 2018-09-14 10:24:46 -04:00
Nick Mathewson
e43ae24e7d Merge branch 'nss_27451' 2018-09-14 10:22:38 -04:00
Nick Mathewson
d8280216c0 Include torint.h in socketpair.c for intptr_t definition. 2018-09-13 17:54:26 -04:00
Nick Mathewson
92357a07bd Fix a 32-bit off_t/size_t warning in crypto_rsa.c
Bug not in any released Tor.
2018-09-13 17:49:39 -04:00
Nick Mathewson
2d05500a1e Merge remote-tracking branch 'UntoSten/inform-about-conf-includes' 2018-09-13 13:35:59 -04:00
Nick Mathewson
75d6609eb1 Run crypto_prefork() before start_daemon().
Without this, RunAsDaemon breaks NSS.

Fixes bug 27664; bug not in any released Tor.
2018-09-13 08:58:28 -04:00
Nick Mathewson
b4f20ec8a6 Merge remote-tracking branch 'tor-github/pr/280' 2018-09-12 16:13:23 -04:00
Nick Mathewson
ae5692994f Add a tor_tls_release_socket() function.
This function tells the underlying TLS object that it shouldn't
close the fd on exit.  Mostly, we hope not to have to use it, since
the NSS implementation is kludgey, but it should allow us to fix
2018-09-12 11:12:05 -04:00
Nick Mathewson
19dbc385d5 Merge remote-tracking branch 'tor-github/pr/298' 2018-09-12 09:38:52 -04:00
Nick Mathewson
8294c40c96 Merge remote-tracking branch 'tor-github/pr/318' 2018-09-12 08:12:19 -04:00
Nick Mathewson
a52d5d5309 Refactor initialization in curve25519_basepoint_spot_check
This is an attempt to work around what I think may be a bug in
OSS-Fuzz, which thinks that uninitialized data might be passed to
the curve25519 functions.
2018-09-09 10:21:13 -04:00
Nick Mathewson
9ca1af9a87 Merge remote-tracking branch 'dgoulet/ticket20700_035_03' 2018-09-07 15:03:32 -04:00
Suphanat Chunhapanya
10f4c46e50 test: Build an HSv3 descriptor with authorized client
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Nick Mathewson
13d0855a89 Merge remote-tracking branch 'teor/bug27521' 2018-09-07 10:29:45 -04:00
Nick Mathewson
ee6d8bcf71 Merge branch 'maint-0.3.4' 2018-09-07 09:15:56 -04:00
teor
3b6d1676ec
Comment: Fix typos in get_interface_addresses_win32()
Closes 27521.
2018-09-07 11:32:57 +10:00
Nick Mathewson
22e2403145 Revert "Avoid double-close on TCP sockets under NSS."
This reverts commit b5fddbd241.

The commit here was supposed to be a solution for #27451 (fd
management with NSS), but instead it caused an assertion failure.

Fixes bug 27500; but not in any released Tor.
2018-09-06 11:06:30 -04:00
Nick Mathewson
bcfab63ca5 Merge remote-tracking branch 'teor/ticket27467' 2018-09-06 09:24:47 -04:00
teor
d0965561a5
Remove GetAdaptersAddresses_fn_t
The code that used it was removed as part of the 26481 refactor.

Closes ticket 27467.
2018-09-06 12:54:03 +10:00
Nick Mathewson
b8a2bdbdc8 Backport to older NSS, which does not have SEC_DerSignDataWithAlgorithmID 2018-09-05 16:49:15 -04:00
Nick Mathewson
5656144290 Fix checkspaces 2018-09-05 16:48:53 -04:00
Nick Mathewson
710aa122e4 Suppress strict-prototypes warnings in one more batch of NSS headers 2018-09-05 16:36:18 -04:00
Nick Mathewson
8cd091a8d3 Add a last-ditch memwipe() implementation for nss+old glibc
On new glibc versions, there's an explicit_bzero().  With openssl,
there's openssl_memwipe().

When no other approach works, use memwipe() and a memory barrier.
2018-09-05 16:34:01 -04:00
Nick Mathewson
824160fd82 Fix a type, and hopefully the win64 builds. 2018-09-05 09:36:15 -04:00
Nick Mathewson
dc7c979453 Add note about use of tor_memcmp() 2018-09-05 09:11:53 -04:00
Nick Mathewson
79a7fbb79b Fix a reverse-inull warning from coverity in new code. 2018-09-05 08:34:14 -04:00
Nick Mathewson
03efb67b42 Debug one last reference-counting issue that only appeared on openssl master 2018-09-04 20:46:46 -04:00
Nick Mathewson
0db5c54957 Merge branch 'nss_squashed' into nss_merge 2018-09-04 20:21:07 -04:00
Nick Mathewson
d644c93ae9 Resolve openssl-only memory leaks 2018-09-04 19:45:28 -04:00
Nick Mathewson
c50537fd94 Fix a pair of remaining leaks in tortls_nss.c
Fun fact: PR_Close leaks memory if its socket is not valid.
2018-09-04 19:45:21 -04:00
Nick Mathewson
274efb1263 Use FREE_AND_NULL for impl types 2018-09-04 14:52:35 -04:00
Nick Mathewson
ad94d43fc5 Port test_tortls_verify to not depend on openssl internals 2018-09-04 14:52:35 -04:00
Nick Mathewson
59c1b34b72 Remove tor_tls_check_lifetime as unused.
Everything that might have used it, uses tor_tls_cert_is_valid() instead.
2018-09-04 14:52:35 -04:00
Nick Mathewson
7acb8c8d18 Document winsock includes better 2018-09-04 14:52:35 -04:00
Nick Mathewson
70c27b7e39 Fix documentation of initialized fields in crypto_init.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
edbb5ef5b2 Make some additional RSA functions const 2018-09-04 14:52:35 -04:00
Nick Mathewson
600e046ed3 Rename crypto_pk_check_key(), use it more reasonably, add tests
This function was a wrapper around RSA_check_key() in openssl, which
checks for invalid RSA private keys (like those where p or q are
composite, or where d is not the inverse of e, or where n != p*q).
We don't need a function like this in NSS, since unlike OpenSSL, NSS
won't let you import a bogus private key.

I've renamed the function and changed its return type to make it
more reasonable, and added a unit test for trying to read a key
where n != p*q.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3b5d6ef15b Unify functions for reading/writing PEM keys, to avoid duplication. 2018-09-04 14:52:35 -04:00
Nick Mathewson
f46a7eafb8 Do not leak a reference to "slot" when decoding private key. 2018-09-04 14:52:35 -04:00
Nick Mathewson
36f3bdac03 Update prefork and postfork NSS code for unit tests. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52ac539b99 Test a few more tortls.c functions 2018-09-04 14:52:35 -04:00
Nick Mathewson
7163389b55 Several unit tests to improve test coverage of x509*.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
02086a216f Remove tor_x509_get_cert_impl as unneeded. 2018-09-04 14:52:35 -04:00
Nick Mathewson
b5fddbd241 Avoid double-close on TCP sockets under NSS. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52d5f4da12 Avoid spurious error logs when using NSS
The tls_log_errors() function now behaves differently for NSS than
it did for OpenSSL, so we need to tweak it a bit.
2018-09-04 14:52:35 -04:00
Nick Mathewson
dd04fc35c6 Remove tor_tls_shutdown()
This function was supposed to implement a half-duplex mode for our
TLS connections.  However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me.  It's probably best to remove it.  We can add a tested one
later if we need one in the future.
2018-09-04 14:52:35 -04:00
Nick Mathewson
5205c7fd90 Initial NSS support for TLS.
This is enough to get a chutney network to bootstrap, though a bunch
of work remains.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3507fead10 Merge branch 'tor_api_owning_control' 2018-09-04 11:04:21 -04:00
cypherpunks
d32b08af6f string: add string_is_utf8() helper
Ticket #27373.
2018-09-03 13:54:43 +00:00
rl1987
01eb164574 Reject addresses with needless trailing colon 2018-08-31 19:34:14 +03:00
rl1987
23ed863da4 Improve bracket handling in tor_addr_parse()
* Actually check for second bracket
* Only attempt parsing IPv4 address when no brackets found
2018-08-31 18:55:36 +03:00
Mike Perry
93ff8b411a Merge branch 'ticket25573-034' into ticket25573-master 2018-08-29 17:10:06 +00:00
Nick Mathewson
219f6ea516 Fix log.c comments about assert vs tor_assert vs raw_assert. 2018-08-28 15:58:16 -04:00
Nick Mathewson
c567b8fcb4 NSS support for x509 certs
7 unit tests are failing at this point, but they're all TLS-related.
2018-08-22 16:11:45 -04:00
Nick Mathewson
7c5339677f Log error strings in crypto_nss_log_errors().
I'll need this for debugging.
2018-08-22 12:36:25 -04:00
Nick Mathewson
de66bd397c Merge branch 'maint-0.3.4' 2018-08-21 19:20:37 -04:00
Nick Mathewson
5245a296c5 Make some x509 functions generic; remove some fields NSS doesn't need 2018-08-21 12:25:33 -04:00
Nick Mathewson
b9ca8f2356 Extract internal-only parts of x509.h 2018-08-21 12:25:33 -04:00
Nick Mathewson
108d9879eb Extract the non-generic part of tor_tls_context_decref(). 2018-08-21 12:25:33 -04:00
Nick Mathewson
96f8e19802 Implement PBKDF2 with NSS.
This was a gap that we left in the last commit.
2018-08-21 12:25:33 -04:00
Nick Mathewson
6a88d8f6b4 When enabling NSS, disable OpenSSL.
We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.

Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
   - tor-gencert
   - pbkdf2
2018-08-21 12:25:33 -04:00
Nick Mathewson
1992c76130 Split tls modules and their tests into openssl and generic.
Also, add a stubbed-out nss version of the modules.  The tests won't
pass with NSS yet since the NSS modules don't do anything.

This is a good patch to read with --color-moved.
2018-08-21 12:25:33 -04:00
Nick Mathewson
91c1e88b7a Refactor some of the certificate-manipulation logic 2018-08-21 12:25:33 -04:00
Nick Mathewson
598bc78bfa Extract tortls structures into a new header; clean up a little 2018-08-21 12:25:33 -04:00
Nick Mathewson
9a4f05b05c Split X509 code out of tortls.c 2018-08-21 12:25:33 -04:00
Nick Mathewson
aa45511250 Implement RSA for NSS. 2018-08-21 12:24:08 -04:00
Nick Mathewson
b94e7de7db Refactor crypto_rsa to use pem module.
This cleans up a lot of junk from crypto_rsa_openssl, and will
save us duplicated code in crypto_rsa_nss (when it exists).

(Actually, it already exists, but I am going to use git rebase so
that this commit precedes the creation of crypto_rsa_nss.)
2018-08-21 12:24:08 -04:00
Nick Mathewson
9566ed6fd9 Add rudimentary support for PEM-encoding, since NSS doesn't do that. 2018-08-21 12:24:08 -04:00
Nick Mathewson
0812f1cbc2 Use a constant for "65537" 2018-08-21 12:24:08 -04:00
Nick Mathewson
824009cde5 Rename openssl-bridging functions in crypto_rsa
These functions exist only to expose RSA keys to other places in Tor
that use OpenSSL; let's be specific about their purpose.
2018-08-21 12:24:08 -04:00
Nick Mathewson
38212d2e40 Remove a redundant function. 2018-08-21 12:24:08 -04:00
Nick Mathewson
0f971d7c91 Rename functions that encode/decode private keys
It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.
2018-08-21 12:24:08 -04:00
Nick Mathewson
752ffa2197 Extract openssl RSA functionality into its own file. 2018-08-21 12:24:08 -04:00
rl1987
5ab2110eb6 Rework predicted_ports_prediction_time_remaining() to fix CID 1438153 2018-08-19 21:03:01 +03:00
Unto Sten
ba3c785092 Inform users about configuration file and directory includes
This patch makes it clearer to users what settings Tor daemon
is actually using. I think it is pretty important.
2018-08-17 14:08:59 +03:00
Nick Mathewson
e56f0c9d33 Adjust windows stubs for new start/finish_daemon() return types 2018-08-14 16:44:59 -04:00
Nick Mathewson
a57c27a1c7 Call crypto_postfork on start_daemon() instead. 2018-08-08 17:32:26 -04:00
Nick Mathewson
622a2c6bee Make finish_daemon() return a boolean to say whether it did anything. 2018-08-08 16:59:53 -04:00
Nick Mathewson
26f1167e71 Merge branch 'bug26779_033' into bug26779_035 2018-08-08 15:50:29 -04:00
Nick Mathewson
7787150521 Merge branch 'maint-0.3.4' 2018-08-08 09:26:23 -04:00
Nick Mathewson
622a057e7e Merge remote-tracking branch 'public/string_coverage' 2018-08-03 07:03:29 -04:00
Nick Mathewson
f83b417bf8 Suppress strict-prototypes warning in crypto_nss_mgt.c 2018-08-02 08:41:33 -04:00
Nick Mathewson
727f1676d6 Fix double-link of crypto_openssl_mgt.c 2018-08-02 08:38:59 -04:00
Nick Mathewson
b590cc0449 Add a cast to make clang happier. 2018-08-02 08:36:24 -04:00
Nick Mathewson
ff7229b32c Document new helper functions in socketpair.c 2018-08-01 11:01:52 -04:00
Nick Mathewson
1b7b9c7e63 Reindent tor_ersatz_socketpair 2018-08-01 11:01:52 -04:00
Nick Mathewson
fc0dc5aa9e Refactor tor_ersatz_socketpair() not to need socket.
This change also makes tor_ersatz_socketpair() follow the same
interface as socketpair() rather than tor_socketpair(), so it now
needs to be wrapped in the same code as socketpair() does.
2018-08-01 11:01:52 -04:00
Nick Mathewson
9b24609af0 Remove dependency from socketpair.c on address.h
Also refactor some annoying code in tor_ersatz_socketpair.
2018-08-01 09:24:22 -04:00
Nick Mathewson
2884639ad6 Extract tor_ersatz_socketpair into a new c file
I'm doing this because I want to make it a lower-level function
again, so that we can use it without linking in the rest of the
universe.
2018-08-01 08:47:27 -04:00
Nick Mathewson
a4c0a0e81e Fix issues with crypto_ope compilation now that crypto.h is gone 2018-07-31 19:56:42 -04:00
Nick Mathewson
fdaa483098 Merge branch 'nss_dh_squashed' into nss_dh_squashed_merged 2018-07-31 19:56:23 -04:00
Nick Mathewson
17f922d371 Only link crypto_dh_openssl.c once
(We do this unconditionally, since we still need it for tortls.c)
2018-07-31 19:46:00 -04:00
Nick Mathewson
17ea931ac7 Implement DH in NSS. 2018-07-31 19:46:00 -04:00
Nick Mathewson
32bbc8f6b5 Refactor the dependency between tortls and crypto_dh.
We only ever need this to get us a DH ephemeral key object,
so make a function that does just that.
2018-07-31 19:46:00 -04:00
Nick Mathewson
ac9a470c64 Extract the shared part of crypto_dh_compute_secret. 2018-07-31 19:46:00 -04:00
Nick Mathewson
60a5b78480 Extract the OpenSSL DH functionality to a new file. 2018-07-31 19:46:00 -04:00