Commit Graph

4123 Commits

Author SHA1 Message Date
Nick Mathewson
13a2acba3c Merge remote-tracking branch 'ffmancera/bug24658-openssl' 2018-01-23 14:02:45 -05:00
Nick Mathewson
0dbe3ddc33 Make Tor support TLS1.3 ciphers with OpenSSL 1.1.1
Without this patch, not only will TLS1.3 not work with Tor, but
OpenSSL 1.1.1 with TLS1.3 enabled won't build any connections at
all: It requires that either TLS1.3 be disabled, or some TLS1.3
ciphersuites be listed.

Closes ticket 24978.
2018-01-23 09:23:21 -05:00
Fernando Fernandez Mancera
f2fca51976 Move the openssl namespace back into .c files.
As we're trying not to have all the other modules in Tor, we moved the openssl
namespace includes back into crypto.c and crypto_openssl_mgt.c files.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-01-22 16:48:33 +01:00
Fernando Fernandez Mancera
5cd74b4884 Add crypto_openssl_mgt.[ch] for compiling dependencies.
Included crypto_openssl_mgt.[ch] into the appropiate files in order to resolve
compiling and dependencies issues.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-19 18:56:13 +01:00
Fernando Fernandez Mancera
b3aa7be26c Tweaks into functions and variables in crypto_openssl_mgt.[ch]
Renamed free_openssl() to crypto_openssl_free_all(). Also we made variables and
functions static again.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-19 18:07:49 +01:00
Nick Mathewson
e7907f15f9 Don't call Libevent's event_base_free() on NULL.
It doesn't crash, but it produces a warning.

Fixes bug 24933; bugfix on 322abc030e. Bug
not in any released Tor.
2018-01-19 09:45:10 -05:00
Fernando Fernandez Mancera
7684949d37 Rename crypto_openssl.[ch] to crypto_openssl_mgt.[ch]
Rename crypto_openssl.[ch] to crypto_openssl_mgt.[ch] because it is possible we
need crypto_openssl.[ch] in the future.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-18 21:13:17 +01:00
Nick Mathewson
77026f8a87 Merge branch 'bug22798_029_squashed' 2018-01-17 13:26:41 -05:00
Nick Mathewson
1efb84215e Improve Windows performance with SIO_IDEAL_SEND_BACKLOG_QUERY.
Patch written by "Vort" on trac. Addresses ticket 22798.
2018-01-17 10:40:00 -05:00
Nick Mathewson
60dfdd9b15 Merge branch 'bug21074_029' 2018-01-17 09:07:50 -05:00
Nick Mathewson
0bfd5a6597 Add a cast to avoid a signed/unsigned comparison 2018-01-17 09:06:32 -05:00
Nick Mathewson
454d854363 Merge branch 'bug21074_029' 2018-01-16 14:13:39 -05:00
Nick Mathewson
edc87b263f Merge remote-tracking branch 'ffmancera/bug24861' 2018-01-12 13:29:53 -05:00
Fernando Fernandez Mancera
06368e5310 Fix minGW compatibility issue with zu format specifier.
Define TOR_PRIuSZ as minGW compiler doesn't support zu format specifier for
size_t type.

Fixes #24861 on ac9eebd.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-12 17:44:30 +01:00
Nick Mathewson
42751e2123 On shutdown, mark openssl as uninitialized.
This causes openssl to get completely reinitialized on startup,
which is probably a good idea.
2018-01-11 13:00:15 -05:00
Nick Mathewson
05ac3d0458 Merge branch 'restart_nocrash' 2018-01-11 12:45:25 -05:00
Nick Mathewson
c8c258a433 Merge branch 'bug24733_squashed_2' 2018-01-10 12:57:23 -05:00
Nick Mathewson
519fa1a3e6 Document the alignment limitation of tor_free() 2018-01-10 12:57:13 -05:00
Nick Mathewson
f71bbd20a4 Extract the raw_free() of ifc_buf into a new function.
Explain the problem more correctly.
2018-01-10 12:57:13 -05:00
teor
54899b404c Stop invoking undefined behaviour by using tor_free() on an unaligned pointer
... in get_interface_addresses_ioctl().

This pointer alignment issue exists on x86_64 macOS, but is unlikely to exist
elsewhere. (i386 macOS only requires 4-byte alignment, and other OSs have
8-byte ints.)

Fixes bug 24733; not in any released version of tor.
2018-01-10 12:57:13 -05:00
Fernando Fernandez Mancera
7353c9496e Add free_openssl() to crypto_openssl module.
Add free_openssl() function to free the memory allocated for OpenSSL version
management variables. It is required since OpenSSL management has been isolated
from the crypto module.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-08 15:31:41 +01:00
Fernando Fernandez Mancera
4022277272 Refactor crypto.[ch] into smaller OpenSSL module.
Add two new files (crypto_openssl.c, crypto_openssl.h) as new module of
crypto.[ch]. This new module includes all functions and dependencies related
to OpenSSL management. Those have been removed from crypto.[ch].

All new changes related to OpenSSL management must be done in these files.

Follows #24658

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-08 14:02:17 +01:00
Roger Dingledine
4f83d6d6ad Merge branch 'maint-0.3.2' 2018-01-05 18:44:08 -05:00
Roger Dingledine
5f2c7a8567 remove redundant "implement this" from log message 2018-01-05 18:23:07 -05:00
Nick Mathewson
68ca6d2e19 Don't treat a setrlimit failure as fatal.
Fixes bug 21074; bugfix on 4689243242 in 0.0.9rc5 when we
started doing setrlimit() in the first place.
2018-01-04 13:21:29 -05:00
Nick Mathewson
bac0bcbba1 type error fix for monotime_coarse_add_msec on windows 2017-12-20 17:45:59 -05:00
Nick Mathewson
a499be33b8 Merge branch 'maint-0.3.2' 2017-12-20 11:19:23 -05:00
Nick Mathewson
f7e393eb4c Another attempt at fixing the STACK warning in tortls.c
Patch suggestion from catalyst.

Related to 24423
2017-12-13 10:09:10 -05:00
Nick Mathewson
dd6dec2665 Add a function to add msec to a monotime.
We'll use this for the channel padding logic.
2017-12-13 08:54:29 -05:00
Nick Mathewson
4c877ae874 Add monotime functions for clearing monotonic times
We need this to replace some of our "msec" users with monotime
users.
2017-12-13 08:29:23 -05:00
Nick Mathewson
426110dfa2 Merge branch 'maint-0.3.2' 2017-12-12 19:46:53 -05:00
Nick Mathewson
15b41fa6ae Make sandbox.c compile when libseccomp-dev is installed on arm64
Fixes ticket 24424.  Patch from weasel.
2017-12-12 19:46:03 -05:00
Nick Mathewson
9c604e2bbb Fix compilation: logfile_is_external() must accept const* 2017-12-12 09:21:12 -05:00
Nick Mathewson
6c5a73f87a Merge remote-tracking branch 'ahf-oniongit/bugs/24362' 2017-12-12 09:18:52 -05:00
Alexander Færøy
cbc465a3d1 Simplify explicit conditional checks into an inlined function.
This patch lifts the check for whether a given log file (`logfile_t`) is
an "external logfile" (handled by an external logging system such as
syslog, android's logging subsystem, or as an external C callback
function) into a function on its own.

See: https://bugs.torproject.org/24362
2017-12-12 01:17:57 +00:00
Nick Mathewson
828333e38c Merge remote-tracking branch 'public/bug24099_031' into maint-0.3.1 2017-12-11 16:48:44 -05:00
Nick Mathewson
d5400d50e7 Merge branch 'maint-0.3.2' 2017-12-11 16:43:51 -05:00
Nick Mathewson
418d8bbe92 Merge branch 'stack_fixes_032_v2' into maint-0.3.2 2017-12-11 16:25:04 -05:00
Nick Mathewson
3da15bcbe8 Stop checking for sandbox:new_element() failures: it can't fail.
(It can't fail because the tor_malloc*() family of functions can
never return NULL)

Found with STACK
2017-12-11 16:06:25 -05:00
Nick Mathewson
06ffafcb9d Set DH parameters to NULL on shutdown
If we don't do this, we will use freed memory on restart.

Part of 24581.
2017-12-11 11:52:19 -05:00
Nick Mathewson
322abc030e On exit, free the event_base and set its pointer to NULL.
When we didn't do this before, we'd have some still-reachable memory
warnings, and we'd find ourselves crashing when we tried to
reinitialize libevent.

Part of 24581 (don't crash when restarting Tor in-process)
2017-12-11 11:52:19 -05:00
Nick Mathewson
ea929e8456 Merge remote-tracking branch 'public/feature24427' 2017-12-11 09:59:46 -05:00
Alexander Færøy
b0b8f7c30c Add support for Android's logging subsystem.
This patch adds support for Android's logging subsystem in Tor. When
debugging Android applications it is useful to be able to collect
information about the application running on the platform via the
various system services that is available on the platform.

This patch allows you to add "Log notice android" to your torrc and have
Tor send everything above and including the notice severity to Android's
ring buffer which can be inspected using the 'adb logcat' program.

See: https://bugs.torproject.org/24362
2017-12-11 13:22:39 +00:00
Nick Mathewson
58e8094816 Fix compilation with --disable-memory-sentinels
We'd broken this with the recent _free() rewrite.
2017-12-11 08:01:54 -05:00
Nick Mathewson
5ee0cccd49 Merge branch 'macro_free_v2_squashed' 2017-12-08 14:58:43 -05:00
Nick Mathewson
fa0d24286b Convert remaining function (mostly static) to new free style 2017-12-08 14:47:19 -05:00
Nick Mathewson
17dcce3fe1 Fix wide lines introduced by previous patch. 2017-12-08 14:47:19 -05:00
Nick Mathewson
285632a61b Replace all FREE_AND_NULL* uses to take a type and a free function.
This commit was made mechanically by this perl script:

\#!/usr/bin/perl -w -i -p

next if /^#define FREE_AND_NULL/;
s/\bFREE_AND_NULL\((\w+),/FREE_AND_NULL\(${1}_t, ${1}_free_,/;
s/\bFREE_AND_NULL_UNMATCHED\(/FREE_AND_NULL\(/;
2017-12-08 14:47:19 -05:00
Nick Mathewson
95531ddfbf Let's have only one FREE_AND_NULL variant.
This commit removes the old FREE_AND_NULL, and renames the old
FREE_AND_NULL_UNMATCHED so that it is now called FREE_AND_NULL.

This will break all the FREE_AND_NULL_* users; the next commit will
fix them.
2017-12-08 14:47:19 -05:00
Nick Mathewson
1d348989b0 Make tor_free only evaluate its input once (at least on gcc and clang) 2017-12-08 14:47:19 -05:00
Nick Mathewson
db024adc90 Switch to a safer FREE_AND_NULL implementation
This one only evaluates the input once, so it cannot mess up even if
there are side effects.
2017-12-08 14:47:19 -05:00
Nick Mathewson
c92ac9f5cb Convert the rest of src/common's headers to use FREE_AND_NULL 2017-12-08 14:47:19 -05:00
Nick Mathewson
021fdd39e4 Use mach_approximate_time() for coarse time where available.
This lets us have a coarse-time implementation with reasonable
performance characteristics on OSX and iOS.

Implements 24427.
2017-12-08 09:24:02 -05:00
Nick Mathewson
afceb431ed add a missing windows underscore 2017-12-07 15:14:49 -05:00
Nick Mathewson
046acf208b Fix a compiler warning 2017-12-06 15:46:54 -05:00
Nick Mathewson
5f518c69aa Merge remote-tracking branch 'public/monotime_coarse_stamps' 2017-12-06 15:43:50 -05:00
Nick Mathewson
a798ba6e9b Merge branch 'maint-0.3.2' 2017-12-05 12:10:06 -05:00
Nick Mathewson
779e4b9dcf Tweaks to strings in 24500 2017-12-05 12:09:57 -05:00
Fernando Fernandez Mancera
313360e6e6 Make errno error log more useful for getrandom()
Making errno error log more useful for getrandom() call. Adding if statement to
make difference between ENOSYS and other errors.

Fixes #24500

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-05 12:05:09 -05:00
Nick Mathewson
cef844d017 Merge branch 'maint-0.3.2' 2017-11-30 12:07:59 -05:00
Nick Mathewson
fd73a168ca Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-30 12:07:59 -05:00
Nick Mathewson
ee48eb1eb5 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-30 12:07:59 -05:00
Nick Mathewson
7e2b012b46 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-30 12:07:59 -05:00
Nick Mathewson
5fc0587c04 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-30 12:07:59 -05:00
Nick Mathewson
ba4a9cf0c0 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-30 12:07:59 -05:00
Nick Mathewson
1880a6a88e Avoid asking for passphrase on junky PEM input
Fixes bug 24246 and TROVE-2017-011.

This bug is so old, it's in Matej's code.  Seems to have been
introduced with e01522bbed.
2017-11-27 15:25:03 -05:00
Nick Mathewson
c3c0a05f51 Add a new notion of "stamps" to be a fast 32-bit monotonic timestamp
The goal here is to replace our use of msec-based timestamps with
something less precise, but easier to calculate.  We're doing this
because calculating lots of msec-based timestamps requires lots of
64/32 division operations, which can be inefficient on 32-bit
platforms.

We make sure that these stamps can be calculated using only the
coarse monotonic timer and 32-bit bitwise operations.
2017-11-27 09:43:15 -05:00
Nick Mathewson
bf882b0373 re-run ./scripts/maint/annotate_ifdef_directives 2017-11-21 14:07:43 -05:00
Nick Mathewson
5da0a73838 Merge branch 'ticket23953_033_squashed' 2017-11-21 14:06:57 -05:00
Nick Mathewson
25f882a9cf Use stdatomic.h for atomic_counter_t where available.
Closes ticket 23953.
2017-11-21 14:06:48 -05:00
Nick Mathewson
517032b8ce Merge branch 'maint-0.3.2' 2017-11-21 12:41:39 -05:00
Nick Mathewson
ba94dc28e8 Merge branches 'bug24099_031' and 'bug24086_031' into maint-0.3.2 2017-11-21 12:37:46 -05:00
Nick Mathewson
729f9a286c Merge branch 'maint-0.3.2' 2017-11-20 13:22:10 -05:00
Nick Mathewson
846df5b3cd Merge remote-tracking branches 'public/ticket24315_029' and 'public/bug24198_029' into maint-0.3.2 2017-11-20 13:20:25 -05:00
Nick Mathewson
cabcb752d7 In storagedir, take more care with errno on empty or mislabeled file
Required for 24099 fix -- we won't be able to act based on errno
unless we can trust it.
2017-11-20 10:10:13 -05:00
Nick Mathewson
2f086888b1 Make all the crypto free() functions macros that clear their targets 2017-11-17 12:01:30 -05:00
Nick Mathewson
94db8f32e4 Make all the free() functions from container.h clear their targets 2017-11-17 12:01:19 -05:00
Nick Mathewson
c1bdb80aba Add a macro to call a free_ function and clear a variable 2017-11-17 11:45:47 -05:00
Nick Mathewson
2d3904aba6 Check the libc version to decide whether to allow openat. 2017-11-16 14:06:38 -05:00
Nick Mathewson
d2d6a1b082 Make our seccomp2 sandbox handle Glibc 2.26
There are three changes here:
  * We need to allow epoll_pwait.
  * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
  * We need to use openat() instead of open().

Note that this fix is not complete, since the openat() change is
turned off.  The next commit will make the openat() change happen
when we're running glibc 2.26 or later.

Fix for 24315.
2017-11-16 13:56:22 -05:00
Nick Mathewson
7461cd3067 Permit kill(pid, 0) in the seccomp2 sandbox.
We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
2017-11-16 12:44:47 -05:00
Nick Mathewson
a321f8f4af Merge branch 'buf_for_stringbuffer_squashed' 2017-11-02 10:01:30 -04:00
Nick Mathewson
095e15f8ac Add a zero-copy buffer move implementation. 2017-11-02 10:00:32 -04:00
Nick Mathewson
d5ba4851bd Add buf_t API helpers for using buffers to construct outputs. 2017-11-02 10:00:32 -04:00
Nick Mathewson
cd606d5ad3 Merge remote-tracking branch 'public/owning_control_fd' 2017-11-01 13:28:31 -04:00
Nick Mathewson
b76a161e01 Merge branch 'fix-torrcd-sandbox-22605v2' 2017-10-31 13:58:33 -04:00
Nick Mathewson
30a681553f Merge remote-tracking branch 'public/exit_carefully' 2017-10-27 11:13:05 -04:00
Nick Mathewson
fa78546dbc Make sure all C files have copyright/license notices 2017-10-27 10:59:36 -04:00
Nick Mathewson
f5e9e2748f Merge branch 'protover-rust-impl_squashed' 2017-10-27 10:05:30 -04:00
Chelsea Holland Komlo
91bca5c31b move to allocating c strings from rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
be583a34a3 use tor allocator for string allocation in rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
0c04b54d4d minimize scope for unsafe
update documentation

missing check for null
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
d1820c1516 rust implementation of protover 2017-10-27 10:02:08 -04:00
Nick Mathewson
f0c3b62381 Expose a new function to make the event loop exit once and for all.
Instead of calling tor_cleanup(), exit(x), we can now call
tor_shutdown_event_loop_and_exit.
2017-10-20 11:39:17 -04:00
Nick Mathewson
35746a9ee7 Comment-only change: annotate exit() calls.
Sometimes when we call exit(), it's because the process is
completely hopeless: openssl has a broken AES-CTR implementation, or
the clock is in the 1960s, or something like that.

But sometimes, we should return cleanly from tor_main() instead, so
that embedders can keep embedding us and start another Tor process.

I've gone through all the exit() and _exit() calls to annotate them
with "exit ok" or "XXXX bad exit" -- the next step will be to fix
the bad exit()s.

First step towards 23848.
2017-10-19 13:42:28 -04:00
Nick Mathewson
0956242158 Mark some unreachable code in compat_winthreads.c as unreachable 2017-10-19 13:21:48 -04:00
Nick Mathewson
4eb5753bd2 New function for Tor to treat itself as the "owner" of a socket
Our socket accounting functions assumed that we'd never be asked to
close a socket that we didn't open ourselves.  But now we want to
support taking control sockets that we inherit -- so we need a way
of taking ownership of them, so we don't freak out later on when we
close them.
2017-10-18 12:17:44 -04:00
Nick Mathewson
5bcd8dc5c4 Make the mark_socket_open() no-op treat the socket as used.
This is preliminary for extracting the "take socket ownership" code
into its own function.
2017-10-18 12:13:26 -04:00
Nick Mathewson
b0ddaac074 Make some assertions nonfatal to help prevent bug23690 recurrence. 2017-09-29 10:29:33 -04:00
Alexander Færøy
8d6940814a
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
2017-09-28 20:17:41 +02:00