Commit Graph

24982 Commits

Author SHA1 Message Date
Nick Mathewson
c75cf802d3 Merge branch 'ticket28879' into maint-0.3.5 2019-01-03 21:34:35 -05:00
Nick Mathewson
7232f04939 Merge branch 'ticket28880' 2019-01-03 21:33:40 -05:00
Nick Mathewson
a7cbbf279e Merge branch 'ticket28852' 2019-01-03 21:31:08 -05:00
Nick Mathewson
4e4f93d364 Add a #ifdef HAVE_UNISTD_H check to buffers.c
Reported on tor-dev by Gisle Vanem.  Bug not in any released Tor

(The suggested patch used _MSC_VER, but that's not how we do stuff
with autoconf.  With autoconf, you detect the feature you want,
rather than trying to list all the systems that do or do not have
it.)
2019-01-03 09:52:19 -05:00
Nick Mathewson
9ba690e33f Merge branch 'maint-0.3.5' 2019-01-03 09:45:56 -05:00
Nick Mathewson
abdc6aede2 Merge branch 'ticket28851_035_squashed' into maint-0.3.5 2019-01-03 09:45:53 -05:00
Nick Mathewson
b82717b273 Stop re-checking our hardcoded dh parameters on every startup
Closes ticket 28851.
2019-01-03 09:45:43 -05:00
Nick Mathewson
47176eb678 Merge branch 'maint-0.3.5' 2019-01-03 09:44:15 -05:00
Nick Mathewson
98736cf36a Merge remote-tracking branch 'public/ticket28838_035' into maint-0.3.5 2019-01-03 09:44:10 -05:00
Nick Mathewson
27853938a1 Merge branch 'maint-0.3.5' 2019-01-03 09:02:40 -05:00
Nick Mathewson
3e64553f76 Merge branch 'maint-0.3.3' into maint-0.3.4 2019-01-03 09:02:39 -05:00
Nick Mathewson
ed62f0fa15 Merge branch 'maint-0.3.4' into maint-0.3.5 2019-01-03 09:02:39 -05:00
Nick Mathewson
bf413829cb Detect openssl bug 7712 and work around it.
In theory it would be better to detect this bug in advance, but this
approach is much simpler, and therefore safer to backport.

This closes tor issue 28973.
2019-01-03 09:00:47 -05:00
rl1987
dbf1725a13 Completely remove 'GETINFO status/version/num-{concurring,versioning}' 2019-01-03 10:36:38 +02:00
Nick Mathewson
3e7f13a4ef Merge branch 'maint-0.3.5' 2019-01-02 16:15:39 -05:00
Nick Mathewson
968235ce6f Explicitly ignore check_result() result in test_voting_flags_minimal
Otherwise, coverity complains at is.
2019-01-02 15:45:52 -05:00
Nick Mathewson
b33bcb1e63 Add an errno.h include to freespace.c to fix bug 28974. 2019-01-02 15:19:52 -05:00
George Kadianakis
56a45eb409 Disable current padding machines.
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
2019-01-02 15:25:55 +02:00
George Kadianakis
926fc93be5 Concentrate all TOR_USEC_PER_SEC definitions in a single header file.
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
2019-01-02 15:25:55 +02:00
George Kadianakis
dd04917851 Use the new probability distribution code in WTF-PAD.
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
Co-authored-by: Taylor R Campbell <campbell+tor@mumble.net>
2019-01-02 15:25:55 +02:00
George Kadianakis
2ccf326837 Implement and test probability distributions used by WTF-PAD.
This project introduces the prob_distr.c subsystem which implements all the
probability distributions that WTF-PAD needs. It also adds unittests for all of
them.

Code and tests courtesy of Riastradh.

Co-authored-by: Taylor R Campbell <campbell+tor@mumble.net>
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
2019-01-02 15:25:55 +02:00
Mike Perry
8ad497bb57 Config option to specify specific MiddleNodes.
Hope is this will make it easier to test on the live tor network.

Does not need to be merged if we don't want to, but will come in handy
for researchers.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:25:55 +02:00
George Kadianakis
a336d816a6 Circuit padding tests.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:25:55 +02:00
Mike Perry
d62340018c Add relay crypto mock points for tests.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:35 +02:00
Mike Perry
9aaf72ea58 Circuit padding implementation.
This implements all of the event handling, state machines, and padding
decisions for circuit padding.

I recommend reviewing this after you look at the call-in points into it from
the rest of Tor.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:31 +02:00
Mike Perry
7be71903da Circuit padding cell event callbacks.
These callbacks allow the padding state machines to react to various types of
sent and received relay cells.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:27 +02:00
Mike Perry
43701e1ebe Circuit padding machine creation events.
These event callbacks allow circuit padding to decide when to attempt to
launch and negotiate new padding machines, and when to tear old ones down.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:23 +02:00
Mike Perry
4ca1df6b32 Add padding negotiation trunnel output.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:20 +02:00
Mike Perry
659a4f06d4 Circuit padding ProtoVer plumbing.
This helps us to determine if a middle node can pad to us or not.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:16 +02:00
Mike Perry
70e9245f6f Initialize circuit padding machines and global state.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:13 +02:00
Mike Perry
2f7b5a2d44 Hook up circuit padding to circuit_t.
Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:12:09 +02:00
Mike Perry
2a24e21fb0 Circuit padding header.
This is a good code review start point, to get an overview of the interfaces
and types used in circuit padding.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:09:37 +02:00
Mike Perry
3ba7581129 Provide a smartlist reverse-order traversal.
We need this for padding negotiation so that we can have later machine
revisions supercede earlier ones.

Co-authored-by: George Kadianakis <desnacked@riseup.net>
2019-01-02 15:09:13 +02:00
Kris Katterjohn
c11247e957 Fix a buffer overflow in setup_cfg() in src/test/test_voting_flags.c
signed_descriptor_digest has a length of DIGEST_LEN but the memset
used to fill it used DIGEST256_LEN.

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2018-12-23 17:46:08 -06:00
Nick Mathewson
99713b176b Merge branch 'maint-0.3.5' 2018-12-21 15:42:58 -05:00
Nick Mathewson
a9eec33649 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-12-21 15:42:57 -05:00
Nick Mathewson
70dd6d07bb Merge branch 'orconn-tracker_squashed' 2018-12-21 14:22:11 -05:00
Taylor Yu
f0f971409a Add tests for bootstrap tracker
Part of ticket 27617.
2018-12-21 14:15:35 -05:00
Taylor Yu
85542ee5a0 The big bootstrap phase redefinition
Redefine the set of bootstrap phases to allow display of finer-grained
progress in the early connection stages of connecting to a relay.

This includes adding intermediate phases for proxy and PT connections.

Also add a separate new phase to indicate obtaining enough directory
info to build circuits so we can report that independently of actually
initiating an ORCONN to build the first application circuit.
Previously, we would claim to be connecting to a relay when we had
merely finished obtaining directory info.

Part of ticket 27167.
2018-12-21 14:15:35 -05:00
Taylor Yu
936c93e562 Hook up control_event_bootstrap() to btrack_orconn
Replace a few invocations of control_event_bootstrap() with calls from
the bootstrap tracker subsystem.  This mostly leaves behavior
unchanged.  The actual behavior changes come in the next commit.

Part of ticket 27167.
2018-12-21 14:15:35 -05:00
Taylor Yu
9d29abb34e Add a comment about bto_update_best. 2018-12-21 14:15:21 -05:00
Nick Mathewson
fd58e5e498 Fix priority on process subsystem level: it uses "net" 2018-12-21 14:12:20 -05:00
Nick Mathewson
ab4395d082 Merge branch 'ticket28847' 2018-12-21 13:26:47 -05:00
Alexander Færøy
bc836d559d Don't initialize the process module manually in tests.
It's not longer needed for us to initialize the process module in tests.

See: https://bugs.torproject.org/28847
2018-12-21 13:26:38 -05:00
Alexander Færøy
2322b56389 Fix typo in time_sys.h. 2018-12-21 13:26:38 -05:00
Alexander Færøy
cf4b3dbd44 Use the subsystem list to initialize and shutdown process module.
This patch makes the process module use the subsystem list for
initializing and shutting down.

See: https://bugs.torproject.org/28847
2018-12-21 13:26:38 -05:00
David Goulet
2420e84ba4 mainloop: Reactivate the linked connection event with a non empty list
Linked connections aren't woken up by libevent due to I/O but rather
artificially so we can, by chunks, empty the spooled object(s).

Commit 5719dfb48f (in 0.3.4.1-alpha) made it
that the schedule_active_linked_connections_event would be only called once at
startup but this is wrong because then we would never go through again the
active linked connections.

Fortunately, everytime a new linked connection is created, the event is
activated and thus we would go through the active list again. On a busy relay,
this issue is mitigated by that but on a slower relays or bridge, a connection
could get stuck for a while until a new directory information request would
show up.

Fixes #28717, #28912
2018-12-21 11:25:23 -05:00
Taylor Yu
b0ae6a332a Add bootstrap tracker subsystem
Add a tracker for bootstrap progress, tracking events related to
origin circuit and ORCONN states.  This uses the ocirc_event and
orconn_event publish-subscribe subsystems.

Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Taylor Yu
b0f974633a Add LD_BTRACK log domain for bootstrap tracker
Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Taylor Yu
a0b4fa1f16 Add origin circuit event pubsub system
Add a publish-subscribe subsystem to publish messages about changes to
origin circuits.

Functions in circuitbuild.c and circuitlist.c publish messages to this
subsystem.

Move circuit event constants out of control.h so that subscribers
don't have to include all of control.h to take actions based on
messages they receive.

Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Taylor Yu
271b50f54a Add ORCONN event pubsub system
Add a publish-subscribe subsystem to publish messages about changes to
OR connections.

connection_or_change_state() in connection_or.c and
control_event_or_conn_event() in control.c publish messages to this
subsystem via helper functions.

Move state constants from connection_or.h to orconn_state.h so that
subscribers don't have to include all of connection_or.h to take
actions based on changes in OR connection state.  Move event constants
from control.h for similar reasons.

Part of ticket 27167.
2018-12-20 18:46:17 -06:00
Taylor Yu
308dde0c38 Remove unused old_state var in connection_or.c
connection_or_change_state() saved an old_state to pass to
channel_tls_handle_state_change_on_orconn(), which promptly cast it to
void.  Remove this unused variable and parameter.
2018-12-20 17:54:49 -06:00
Nick Mathewson
e4109020e9 Merge remote-tracking branch 'tor-github/pr/609' 2018-12-20 16:42:35 -05:00
Alexander Færøy
ab0d7d2dd4 Escape the PT K/V data before sending it to the logger.
See: https://bugs.torproject.org/28846
2018-12-20 19:05:50 +01:00
Nick Mathewson
5c85ba3077 Merge remote-tracking branch 'tor-github/pr/608' 2018-12-20 11:42:26 -05:00
Nick Mathewson
22c5ad682c Add base32 to the round-trip fuzzer 2018-12-20 08:37:04 -05:00
Alexander Færøy
01819faaba Remove Process initializer/shutdown function from main.c.
See: https://bugs.torproject.org/28847
2018-12-20 14:36:59 +01:00
Nick Mathewson
a517daa56f base32_decode(): Return number of bytes written on success.
This makes it consistent with base64_decode().

Closes ticket 28913.
2018-12-20 08:36:25 -05:00
Alexander Færøy
f7e175db57 Forward declare smartlist_t in process.h
This allows other libraries to include process.h without including
the smartlist_t headers first.

See: https://bugs.torproject.org/28847
2018-12-20 14:36:04 +01:00
Nick Mathewson
973a5db808 Merge remote-tracking branch 'tor-github/pr/445' 2018-12-20 07:53:57 -05:00
Alexander Færøy
7762088967 No need to log ordinary EOF conditions as LOG_WARN.
Let's not use log_warn() when a pipe is closed under what should be
considered normal conditions.

See: https://bugs.torproject.org/28179
2018-12-20 13:12:53 +01:00
Alexander Færøy
412fbe9f17 Make example CancelIoEx() code use CancelIo().
This patch changes the CancelIoEx() example code to use CancelIo(),
which is available for older versions of Windows too. I still think the
kernel handles this nicely by sending broken pipes if either side
closes the pipe while I/O operations are pending.

See: https://bugs.torproject.org/28179
2018-12-20 13:11:24 +01:00
Alexander Færøy
f58e597d42 Handle ERROR_BROKEN_PIPE in completion routines.
Handle `ERROR_BROKEN_PIPE` from ReadFileEx() and WriteFileEx() in
process_win32_stdin_write_done() and
process_win32_handle_read_completion() instead of in the early handler.
This most importantmly makes sure that `reached_eof` is set to true when
these errors appears.

See: https://bugs.torproject.org/28179
2018-12-20 13:04:49 +01:00
Alexander Færøy
36e24782f8 Remember to set reached_eof when our handles are reporting errors.
This patch adds some missing calls to set `reached_eof` of our handles
when various error conditions happens or when we close our handle (which
happens at `process_terminate()`.

See: https://bugs.torproject.org/28179
2018-12-20 13:02:22 +01:00
Alexander Færøy
c6e041e3d8 Handle errors even after success from ReadFileEx() and WriteFileEx().
This patch adds some additional error checking after calls to
ReadFileEx() and WriteFileEx(). I have not managed to get this code to
reach the branch where `error_code` is NOT `ERROR_SUCCESS`, but MSDN
says one should check for this condition so we do so just to be safe.

See: https://bugs.torproject.org/28179
2018-12-20 12:57:20 +01:00
Alexander Færøy
44586a89ef Delay checking process for termination until both stdout and stderr are closed.
This patch makes us delay checking for whether we have an exit code
value (via GetExitCodeProcess()) until both stdout and stderr have been
closed by the operating system either by the process itself or by
process cleanup after termination.

See: https://bugs.torproject.org/28179
2018-12-20 12:53:28 +01:00
Alexander Færøy
1d8dcb416c Remember to close the child process' ends of the pipes.
This prevents us from leaking the HANDLE for stdout, stderr, and stdin.

See: https://bugs.torproject.org/28179
2018-12-20 12:47:04 +01:00
Alexander Færøy
fe2f4f3ec5 Remember to check for whether we actually did exit in tests.
See: https://bugs.torproject.org/28179
2018-12-20 12:45:52 +01:00
Alexander Færøy
4efe4cc2f9 Add support for STATUS messages from Pluggable Transports.
This patch adds support for the new STATUS message that PT's can emit
from their standard out. The STATUS message uses the `config_line_t` K/V
format that was recently added in Tor.

See: https://bugs.torproject.org/28846
2018-12-20 03:55:02 +01:00
Alexander Færøy
426c52b377 Use K/V parser to handle LOG messages for pluggable transports.
This patch changes the LOG pluggable transport message to use the recent
K/V parser that landed in Tor. This allows PT's to specify the log
severity level as well as the message. A mapping between the PT log
severity levels and Tor's log serverity level is provided.

See: https://bugs.torproject.org/28846
2018-12-20 03:41:28 +01:00
Nick Mathewson
1c47459e5a Merge branch 'maint-0.3.5' 2018-12-19 15:36:08 -05:00
Nick Mathewson
b7018b1a24 Merge branch 'ticket28883_035' into maint-0.3.5 2018-12-19 15:36:03 -05:00
Nick Mathewson
ed0bc85ed0 Merge branch 'ticket28853' 2018-12-18 18:59:56 -05:00
Nick Mathewson
bb091da1e7 Merge branch 'ticket28839_v2_squashed' 2018-12-18 18:59:05 -05:00
Nick Mathewson
7113a339dc Avoid a needless decode/re-encode step in assigning onion keys
Previously we had decoded the asn.1 to get a public key, and then
discarded the asn.1 so that we had to re-encode the key to store it
in the onion_pkey field of a microdesc_t or routerinfo_t.

Now we can just do a tor_memdup() instead, which should be loads
faster.
2018-12-18 18:58:08 -05:00
Nick Mathewson
0556942284 Use a single path for all PEM-like objects in get_next_token()
Previously, we would decode the PEM wrapper for keys twice: once in
get_next_token, and once later in PEM decode.  Now we just do all of
the wrapper and base64 stuff in get_next_token, and store the
base64-decoded part in the token object for keys and non-keys alike.

This change should speed up parsing slightly by letting us skip a
bunch of stuff in crypto_pk_read_*from_string(), including the tag
detection parts of pem_decode(), and an extra key allocation and
deallocation pair.

Retaining the base64-decoded part in the token object will allow us
to speed up our microdesc parsing, since it is the asn1 portion that
we actually want to retain.
2018-12-18 18:58:08 -05:00
Nick Mathewson
372df7a630 Merge branch 'maint-0.3.5' 2018-12-18 13:56:22 -05:00
Nick Mathewson
26bbeb298d Merge branch 'bug28612_squashed' into maint-0.3.5 2018-12-18 13:55:57 -05:00
Nick Mathewson
1c2abea30a Call run_tor_main_loop() in ntmain.c, rather than do_main_loop().
Fixes bug 28612; bugfix on 0.3.5.3-alpha.
2018-12-18 13:55:08 -05:00
Nick Mathewson
0af0f78dff Merge branch 'maint-0.3.5' 2018-12-18 13:52:39 -05:00
Nick Mathewson
702fd6f0f2 Merge branch 'ticket28881_035' into maint-0.3.5 2018-12-18 13:52:36 -05:00
Nick Mathewson
4894d44ab8 Always initialize addr in parse_port_config()
It was always analyzed before use, but scan-build wasn't able to
persuade itself of that.

Closes ticket 28881.
2018-12-18 13:52:25 -05:00
Nick Mathewson
a3e6f2467b Merge remote-tracking branch 'tor-github/pr/595' 2018-12-18 13:51:21 -05:00
Alexander Færøy
ca7a2ecc51 Avoid breaking the event loop prematurely.
This patch makes sure that we terminate the event loop from the event
loop timer instead of directly in the process' exit handler. This allows
us to run the event loop an additional time to ensure that the SleepEx()
call on Windows is called and the data from stdout/stderr is delivered
to us.

Additionally we ensure that we don't try to read or write data from a
Unix process that have been terminated in the main loop, since its file
descriptors are closed at that time.

See: https://bugs.torproject.org/28179
2018-12-18 13:35:29 -05:00
Nick Mathewson
bf71dce01a Bump version to 0.3.5.6-rc-dev 2018-12-18 13:33:49 -05:00
Nick Mathewson
c61cd5775c Revert "Log bootstrap tag names"
This reverts commit 1b855af5e3.
2018-12-18 08:09:43 -05:00
Nick Mathewson
d8f41c2870 Bump to 0.3.5.6-rc 2018-12-18 08:04:04 -05:00
rl1987
c659603ac5 Unit test to check that we can parse NETINFO cell with unsupported address type 2018-12-18 12:11:33 +02:00
rl1987
c92c0cbc9f Actually allow unrecognized address types in NETINFO cell
Ignore the address value instead of failing with error condition in case
unrecognized address type is found.
2018-12-18 12:10:08 +02:00
Nick Mathewson
8a01f0eaab lib/process may include lib/buf. 2018-12-17 17:58:49 -05:00
Nick Mathewson
4ad59bfbc2 Update location of buffers.h 2018-12-17 17:01:50 -05:00
Nick Mathewson
e969d9c6b4 Merge branch 'ticket28179_squashed' into ticket28179_squashed_merged 2018-12-17 16:41:01 -05:00
Alexander Færøy
c8b8b15f0e Ensure that line_size >= 1 before trying to trim input string.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
651cdd05b7 Add an additional space when we check for the PROTO_LOG handler.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
fab22509d7 Make Windows process event timer API available for dormant interface.
This patch changes the API of the Windows backend of the Process
subsystem to allow the dormant interface to disable the Process event
timer.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
a33a77d9cd Document the format of process_t::arguments.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
0d796cce17 Use errno directly if we are not reading/writing from/to a socket.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
cacdd29087 Use const char * instead of char * for line parameter for process callbacks.
This patch changes the type definition of the process callbacks to use
`const char *` instead of `char *`.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ec2ae3ed8b Change EVENT_TRANSPORT_LOG to EVENT_PT_LOG.
This patch changes our EVENT_TRANSPORT_LOG event to be EVENT_PT_LOG. The
new message includes the path to the PT executable instead of the
transport name, since one PT binary can include multiple transport they
sometimes might need to log messages that are not specific to a given
transport.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
5585cbd08f Change the Process exit_callback to return bool.
This patch changes our process_t's exit_callback to return a boolean
value.  If the returned value is true, the process subsystem will call
process_free() on the given process_t.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
22cb3c6ce9 Call close() on stdin/stdout/stderr in process_terminate().
Call close() on all process handles after we have called kill(pid,
SIGTERM).

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
bc6983afed Use run_main_loop_until_done() for process_t tests.
This patch changes the slow process_t tests to use
run_main_loop_until_done() instead of do_main_loop() since
do_main_loop() initializes a lot of subsystem callbacks that we don't
need to run in our tests.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
6e508e9eb4 Fix tests on kqueue() based platforms.
This patch disables fork()'ing of the slow process tests. This fixes the
tests on the MacOS and other kqueue() based platforms.

Without this patch the main loop exits eearly with EBADF as error.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ccc1963890 Move remaining code from subprocess.{h,c} to more appropriate places.
This patch moves the remaining code from subprocess.{h,c} to more
appropriate places in the process.c and process_win32.c module.

We also delete the now empty subprocess module files.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
f7d13425fc Delete old process_handle_t code.
This patch removes the old process_handle_t code. Everything should by
now be using the process_t interface.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
289ed0849d Add tests for process environment functionality of process_t.
This patch adds tests for the process_environment_t interaction in
process_t.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
9b6a10a26f Add slow test for process_t for main loop interaction.
This patch adds test cases for process_t which uses Tor's main loop.
This allows us to test that the callbacks are actually invoked by the
main loop when we expect them.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
e3ceaebba2 Add support for logging messages from pluggable transports.
This patch adds support for the "LOG" protocol message from a pluggable
transport. This allows pluggable transport developers to relay log
messages from their binary to Tor, which will both emit them as log
messages from the Tor process itself, but also pass them on via the
control port.

See: https://bugs.torproject.org/28180
See: https://bugs.torproject.org/28181
See: https://bugs.torproject.org/28182
2018-12-17 16:39:28 -05:00
Alexander Færøy
bfb94dd2ca Use process_t for managed proxies.
This patch makes the managed proxy subsystem use the process_t data
structure such that we can get events from the PT process while Tor is
running and not just when the PT process is being configured.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
ad4cc89c5d Add "PT" log domain.
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
b0d268a822 Add process_reset_environment() to the Process subsystem.
This patch adds a new function that allows us to reset the environment
of a given process_t with a list of key/value pairs.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
4f611a1df7 Add process_terminate().
This patch adds support for process termination to the Process
subsystem.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
338137221c Make sure we call process_notify_event_exit() as the last thing in different callbacks.
This patch makes sure that we call process_notify_event_exit() after we
have done any modifications we need to do to the state of a process_t.
This allows application developers to call process_free() in the
exit_callback of the process.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
e982fb1dae Add documentation for the is_socket and error argument of read_to_chunk().
See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
89393a77e5 Add process_get_pid() to the Process subsystem.
This patch adds support for getting the unique process identifier from a
given process_t. This patch implements both support for both the Unix
and Microsoft Windows backend.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
bb784cf4f3 Add Windows backend for the Process subsystem.
This patch adds support for Microsoft Windows in the Process subsystem.

Libevent does not support mixing different types of handles (sockets,
named pipes, etc.) on Windows in its core event loop code. This have
historically meant that Tor have avoided attaching any non-networking
handles to the event loop. This patch uses a slightly different approach
to roughly support the same features for the Process subsystem as we do
with the Unix backend.

In this patch we use Windows Extended I/O functions (ReadFileEx() and
WriteFileEx()) which executes asynchronously in the background and
executes a completion routine when the scheduled read or write operation
have completed. This is much different from the Unix backend where the
operating system signals to us whenever a file descriptor is "ready" to
either being read from or written to.

To make the Windows operating system execute the completion routines of
ReadFileEx() and WriteFileEx() we must get the Tor process into what
Microsoft calls an "alertable" state. To do this we execute SleepEx()
with a zero millisecond sleep time from a main loop timer that ticks
once a second.  This moves the process into the "alertable" state and
when we return from the zero millisecond timeout all the outstanding I/O
completion routines will be called and we can schedule the next reads
and writes.

The timer loop is also responsible for detecting whether our child
processes have terminated since the last timer tick.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
2e957027e2 Add Unix backend for the Process subsystem.
This patch adds the Unix backend for the Process subsystem. The Unix
backend attaches file descriptors from the child process's standard in,
out and error to Tor's libevent based main loop using traditional Unix
pipes. We use the already available `waitpid` module to get events
whenever the child process terminates.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Alexander Færøy
35509978dd Add new Process subsystem.
This patch adds a new Process subsystem for running external programs in
the background of Tor. The design is focused around a new type named
`process_t` which have an API that allows the developer to easily write
code that interacts with the given child process. These interactions
includes:

- Easy API for writing output to the child process's standard input
  handle.
- Receive callbacks whenever the child has output on either its standard
  output or standard error handles.
- Receive callback when the child process terminates.

We also support two different "protocols" for handling output from the
child process. The default protocol is the "line" protocol where the
process output callbacks will be invoked only when there is complete
lines (either "\r\n" or "\n" terminated). We also support the "raw"
protocol where the read callbacks will get whatever the operating system
delivered to us in a single read operation.

This patch does not include any operating system backends, but the Unix
and Windows backends will be included in separate commits.

See: https://bugs.torproject.org/28179
2018-12-17 16:39:28 -05:00
Taylor R Campbell
ed71e1e89c Create a temporary directory for tor's DataDirectory in test_rebind.
Fixes #28562.

While here, put the argument count test and usage message _before_ we
attempt to read from sys.argv.
2018-12-17 10:32:28 -05:00
Nick Mathewson
315c21d2e2 test_rebind: wait for tor to timeout, even if it is logging a lot
Fixes bug 28883; bugfix on 0.3.5.4-alpha.
2018-12-17 09:53:17 -05:00
Nick Mathewson
ce3d501040 Fix null-pointer-deref warning from scan-build in test_hs_service.c 2018-12-17 09:28:33 -05:00
Nick Mathewson
d58a597a55 Fix dead assignment warning in test_hs_service.c 2018-12-17 09:28:08 -05:00
Nick Mathewson
f50558ce8c Fix dead-assignment warning in test_shared_random.c 2018-12-17 09:27:40 -05:00
Nick Mathewson
82fb40c8dc Fix dead-assignment warnings in test_config.c
Found by scan-build.
2018-12-17 09:26:57 -05:00
Nick Mathewson
16199a54a2 Check hostname before using it in send_resolved_hostname_cell()
Also, turn an absent hostname into a BUG(), not a crash.

Found by scan-build.

Closes ticket 28879; bugfix on 0.1.2.7-alpha
2018-12-17 09:15:37 -05:00
Nick Mathewson
29254812a3 Remove strcmp_len(): it is now unused
(See 28856.)
2018-12-17 09:04:25 -05:00
Nick Mathewson
a0fad3981e Replace use of strcmp_len() with new mem_eq_token().
The strcmp_len() function was somewhat misconceived, since we're
only using it to test whether a length+extent string is equal to a
NUL-terminated string or not.  By simplifying it and making it
inlined, we should be able to make it a little faster.

(It *does* show up in profiles.)

Closes ticket 28856.
2018-12-17 09:03:04 -05:00
rl1987
5b2acbec0e Refrain from closing connection if found one unrecognized address in NETINFO cell 2018-12-16 10:19:37 +02:00
rl1987
3bec371d04 Refrain from hardcoding address length and type in netinfo.trunnel 2018-12-16 10:05:35 +02:00
Nick Mathewson
3dd1f064a7 Rewrite the core of parse_short_policy() to be faster.
The old implementation did some funky out-of-order lexing, and
tended to parse every port twice if the %d-%d pattern didn't match.

Closes ticket 28853.
2018-12-14 16:07:10 -05:00
Nick Mathewson
9dc53bc68f Remove a needless memset() in get_token_arguments()
I believe we originally added this for "just in case" safety, but it
isn't actually needed -- we never copy uninitialized stack here.
What's more, this one memset is showing up on our startup profiles,
so we ought to remove it.

Closes ticket 28852.
2018-12-14 14:48:12 -05:00
Nick Mathewson
6dc90d290d Use 25% less RAM for base64-encoded directory objects
We were allocating N bytes to decode an N-byte base64 encoding,
when 3N/4 would have been enough.
2018-12-14 13:51:51 -05:00
Nick Mathewson
3c35c0d441 Add a function to provide an upper bound on base64 decoded length 2018-12-14 13:51:51 -05:00
Nick Mathewson
cf7342ab6f Add a benchmark for parsing a microdescriptor 2018-12-14 13:51:51 -05:00
Rob Jansen
325348b360 allow any value for HearbeatPeriod in testing Tor networks 2018-12-14 09:22:23 -05:00
Nick Mathewson
4bc3983f64 Add a DROPOWNERSHIP controller command to undo TAKEOWNERSHIP.
Closes ticket 28843.
2018-12-13 19:35:02 -05:00
Nick Mathewson
f8dac5c900 Merge branch 'maint-0.3.5' 2018-12-13 19:01:29 -05:00
Nick Mathewson
94a7998158 Merge remote-tracking branch 'tlyu-github/ticket28731-035' into maint-0.3.5 2018-12-13 18:57:00 -05:00
Nick Mathewson
041e9235c1 Lower the loop_max constant in curve25519_basepoint_spot_check()
The point of this function is to make sure that the ed25519-based
implementation of curve25519_basepoint() actually works when we
start tor, and use the regular fallback implementation if it
doesn't.  But it accounts for 9% of our startup time in the case
when we have directory information, and I think it's safe to make
the test shorter.  After all, it has yet to find any actual bugs in
curved25519_scalarmult_basepoint_donna() on any platforms.

Closes ticket 28838.
2018-12-13 11:26:09 -05:00
Nick Mathewson
69264f96f3 Merge branch 'dormant_persist_squashed' 2018-12-13 08:26:10 -05:00
Nick Mathewson
e3b7fd2a81 Unit tests for back-end functions for persistent dormant state 2018-12-13 08:25:54 -05:00
Nick Mathewson
b5c04173c8 Change interaction between dormant mode and clock jumps.
When the clock jumps, and we have a record of last user activity,
adjust that record.  This way if I'm inactive for 10 minutes and
then the laptop is sleeping for an hour, I'll still count as having
been inactive for 10 minutes.

Previously, we treat every jump as if it were activity, which is
ridiculous, and would prevent a Tor instance with a jumpy clock from
ever going dormant.
2018-12-13 08:25:54 -05:00
Nick Mathewson
4afc6b172a Merge branch 'ticket28755_v2_squashed' 2018-12-12 11:07:38 -05:00
Nick Mathewson
845e8dbe59 Fuzzing module for various string operations, currently focusing on
encoding and decoding.

There are bunches of places where we don't want to invest in a full
fuzzer, but we would like to make sure that some string operation
can handle all its possible inputs.  This fuzzer uses the first byte
of its input to decide what to do with the rest of the input.  Right
now, all the possibilities are decoding a string, and seeing whether
it is decodeable.  If it is, we try to re-encode it and do the whole
thing again, to make sure we get the same result.

This turned up a lot of bugs in the key-value parser, and I think it
will help in other cases too.

Closes ticket 28808.
2018-12-12 11:07:08 -05:00
Nick Mathewson
f0a8664677 Add code to parse K=V lines into config_line_t format.
Closes ticket 28755
2018-12-12 11:07:08 -05:00
Nick Mathewson
b915b6cd21 Merge remote-tracking branch 'github/prop297' 2018-12-11 09:44:57 -05:00
Nick Mathewson
6506b1ee9f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-12-11 09:41:05 -05:00
Nick Mathewson
e1273d7d1b Merge branch 'maint-0.3.4' into maint-0.3.5 2018-12-11 09:41:05 -05:00
Nick Mathewson
27e4269929 Merge branch 'maint-0.3.5' 2018-12-11 09:41:05 -05:00
Nick Mathewson
c1f9191581 Merge branch 'maint-0.2.9' into maint-0.3.3 2018-12-11 09:41:04 -05:00
Nick Mathewson
ce501a529f Merge remote-tracking branch 'catalyst-github/ticket27402' 2018-12-11 09:37:41 -05:00
Taylor Yu
1b855af5e3 Log bootstrap tag names
Add the bootstrap tag name to the log messages, so people
troubleshooting connection problems can look up a symbol instead of a
number.  Closes ticket 28731.
2018-12-10 17:22:28 -06:00
teor
4991b29311 Fallbacks: Update the hard-coded fallback list in December 2018
Merge Phoul's two lists into teor's list.

Replace the 150 fallbacks originally introduced in Tor 0.3.3.1-alpha in
January 2018 (of which ~115 were still functional), with a list of
157 fallbacks (92 new, 65 existing, 85 removed) generated in
December 2018.

Closes ticket 24803.
2018-12-10 17:02:19 +10:00
teor
78e177d622 Fallbacks: Update the hard-coded fallback list in December 2018
Replace the 150 fallbacks originally introduced in Tor 0.3.3.1-alpha in
January 2018 (of which ~115 were still functional), with a list of
148 fallbacks (89 new, 59 existing, 91 removed) generated in
December 2018.

Closes ticket 24803.
2018-12-07 16:43:10 +10:00
Nick Mathewson
2ccb9e9444 Merge branch 'maint-0.3.5' 2018-12-06 09:26:34 -05:00
Nick Mathewson
c1f86f7492 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-12-06 09:26:33 -05:00
Nick Mathewson
c4f7953d8b Merge branch 'maint-0.3.3' into maint-0.3.4 2018-12-06 09:26:32 -05:00
Nick Mathewson
00341d97f3 Merge branch 'maint-0.2.9' into maint-0.3.3 2018-12-06 09:26:32 -05:00
Karsten Loesing
57798eb1cb Update geoip and geoip6 to the December 5 2018 database. 2018-12-05 21:02:39 +01:00
Nick Mathewson
46a321fbdd Merge branch 'maint-0.3.5' 2018-12-05 10:25:12 -05:00
Nick Mathewson
967efc0d28 Merge remote-tracking branch 'tor-github/pr/546' into maint-0.3.5 2018-12-05 10:23:28 -05:00
Nick Mathewson
1eb3719a62 Merge remote-tracking branch 'public/prop298' 2018-12-05 09:43:03 -05:00
Nick Mathewson
1f95e80351 Merge branch 'prop293_squashed' 2018-12-05 09:24:51 -05:00
Nick Mathewson
a2f81b644b Write tests for mark_my_descriptor_dirty_if_too_old() 2018-12-05 09:24:45 -05:00
Nick Mathewson
00509aaafa Merge remote-tracking branch 'tor-github/pr/553' 2018-12-05 08:28:54 -05:00
Nick Mathewson
ca4b86f90a Merge remote-tracking branch 'tor-github/pr/508' 2018-12-05 08:19:02 -05:00
Nick Mathewson
c01507a5fe remember why we are doing getsockopt() 2018-12-05 08:14:21 -05:00
David Goulet
cec616a0c8 hs-v3: Don't BUG() if descriptor is found on SOCKS connection retry
When retrying all SOCKS connection because new directory information just
arrived, do not BUG() if a connection in state AP_CONN_STATE_RENDDESC_WAIT is
found to have a usable descriptor.

There is a rare case when this can happen as detailed in #28669 so the right
thing to do is put that connection back in circuit wait state so the
descriptor can be retried.

Fixes #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:34:04 -05:00
David Goulet
43bd4d7509 hs-v3: Add the helper function mark_conn_as_waiting_for_circuit
This helper function marks an entry connection as pending for a circuit and
changes its state to AP_CONN_STATE_CIRCUIT_WAIT. The timestamps are set to
now() so it can be considered as new.

No behaviour change, this helper function will be used in next commit.

Part of #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:34:04 -05:00
David Goulet
00b59d9281 conn: Use connection_ap_mark_as_waiting_for_renddesc()
Use the helper function connection_ap_mark_as_waiting_for_renddesc()
introduced in previous commit everywhere in the code where an AP connection
state is transitionned to AP_CONN_STATE_RENDDESC_WAIT.

Part of #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:10:00 -05:00
David Goulet
d0682fe0f1 conn: Add an helper to mark a connection as waiting for an HS descriptor
The transition for a connection to either become or go back in
AP_CONN_STATE_RENDDESC_WAIT state must make sure that the entry connection is
_not_ in the waiting for circuit list.

This commit implements the helper function
connection_ap_mark_as_waiting_for_renddesc() that removes the entry connection
from the pending list and then change its state. This code pattern is used in
many places in the code where next commit will remove this code duplication to
use this new helper function.

Part of #28669

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-12-04 14:00:08 -05:00
Nick Mathewson
4f55884315 Add an option to start tor in dormant mode for the first time. 2018-12-04 12:08:24 -05:00
Nick Mathewson
b25b8150c2 Remember in our state file how long we've spent since user activity
Rather than initializing the "Dormant" status to "off" and the "last
activity" count to "now", initialize them based on our state file:
stay dormant if we were dormant, or remember the amount of time
we've spent inactive.
2018-12-04 11:59:11 -05:00
Nick Mathewson
31a6d9f499 Add tests for parsing each routerstatus flag. 2018-12-03 13:40:08 -05:00
Nick Mathewson
92af8e5113 Add a framework for testing set_routerstatus_from_routerinfo().
Additionally, use it to test that is_staledesc is set correctly.

Eventually we'll want to test all the other flags, but I'm aiming
for only adding coverage on the changed code here.
2018-12-03 13:22:23 -05:00
Nick Mathewson
417a324a85 Make input argument const in set_routerstatus_from_routerinfo. 2018-12-03 12:34:29 -05:00
Nick Mathewson
32213fa9ad Keep list of dirauth flags in sync between dirvote.c and fuzz_vrs.c
Suggested by Teor on PR
2018-12-03 12:18:45 -05:00
rl1987
db9ab3754a Print error message we get from socket.connect_ex when it fails 2018-12-03 14:49:33 +02:00
rl1987
25f3b82445 More logging for #28229 2018-12-03 14:40:37 +02:00
rl1987
9369152aae Check that new listener connection is actually listening 2018-12-03 14:28:32 +02:00
Nick Mathewson
0d9dc13e08 Merge remote-tracking branch 'tor-github/pr/544' 2018-12-02 19:50:04 -05:00
Nick Mathewson
8221b5d587 Merge remote-tracking branch 'tor-github/pr/559' 2018-12-02 19:38:40 -05:00
teor
612b21b8ea
comment: replace cached-routers with cached-descriptors
cached-routers has been gone for a long time
2018-12-03 10:19:34 +10:00
Nick Mathewson
0015d00842 Use tor_strdup() in place of malloc+strncpy+terminate. 2018-12-01 20:46:06 -05:00
Nick Mathewson
8accf71c44 Merge remote-tracking branch 'tor-github/pr/556' 2018-12-01 20:35:38 -05:00
Nick Mathewson
2b2b97484a Merge branch 'ticket27490a_squashed' 2018-12-01 20:32:18 -05:00
Neel Chauhan
ad031b64ce Add regression test for ClientAutoIPv6ORPort 2018-12-01 14:55:57 -05:00
Neel Chauhan
81f2828d67 In fascist_firewall_use_ipv6(), say we can use IPv6 if ClientAutoIPv6ORPort is 1 2018-12-01 14:55:57 -05:00
Neel Chauhan
822cb93cab Add new option ClientAutoIPv6ORPort to switch between IPv4 and IPv6 OR ports 2018-12-01 14:55:57 -05:00
rl1987
353d2a091d Fix coverage build 2018-12-01 14:31:17 -05:00
rl1987
39e158db36 tor-resolve: Rework SOCKS5 response parsing with trunnel 2018-12-01 14:31:17 -05:00
rl1987
8b9d6581f6 tor-resolve: Rework SOCKS5 method negotiation client part with trunnel 2018-12-01 14:31:17 -05:00
rl1987
1051969a1d tor-resolve: parse SOCKS4a reply 2018-12-01 14:31:17 -05:00
rl1987
d49baa77b5 Allow socks4_server_reply version to be 0 (for tor-resolve) 2018-12-01 14:31:17 -05:00
rl1987
83af6d6149 tor-resolve: Use trunnel code for SOCKS5 request generation 2018-12-01 14:31:17 -05:00
rl1987
30582b940e tor-resolve: link tor-resolve binary with trunnel lib 2018-12-01 14:31:17 -05:00
rl1987
a2bb172225 tor-resolve: generate SOCKS4a request with trunnel 2018-12-01 14:31:17 -05:00
Nick Mathewson
701eaef980 Move net.inet.ip.random_id code to lib/net/ 2018-12-01 11:36:03 -05:00
Nick Mathewson
d4d4a4b2dd Merge remote-tracking branch 'tor-github/pr/527' 2018-12-01 11:30:53 -05:00
Nick Mathewson
51d94cea33 Merge branch 'maint-0.3.5' 2018-12-01 11:26:55 -05:00
Nick Mathewson
1a97379e5e Merge remote-tracking branch 'tor-github/pr/554' into maint-0.3.5 2018-12-01 11:26:52 -05:00
Nick Mathewson
7e9985b75a Merge remote-tracking branch 'tor-github/pr/536' 2018-12-01 11:24:02 -05:00
Nick Mathewson
af9dc12fab Merge branch 'maint-0.3.5' 2018-12-01 11:20:10 -05:00
rl1987
945c4dfda0 Also log a Tor log entry when it has a substring we are waiting for 2018-12-01 11:18:03 -05:00
rl1987
4c4ed413ee 1 ms. resolution for Tor logs 2018-12-01 11:18:03 -05:00
rl1987
0bb25931dc Log everything from tor down to debug loglevel 2018-12-01 11:18:03 -05:00
rl1987
320f5f30b3 In test_rebind.py, log stuff with timestamps 2018-12-01 11:18:03 -05:00
Nick Mathewson
e3a19b1c78 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-12-01 11:15:09 -05:00
Nick Mathewson
cf3f7753c3 Merge branch 'maint-0.3.5' 2018-12-01 11:15:09 -05:00
Nick Mathewson
e82023d2f7 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-12-01 11:15:09 -05:00
Taylor Yu
7685f8ad35 Use table lookup for bootstrap_status_to_string
It also no longer distinguishes the case of internal-only paths, which
was often wrong anyway.  Closes ticket 27402.
2018-11-30 16:54:01 -06:00
Taylor Yu
1fe6507d29 Split bootstrap event reporting out of control.c
Part of ticket 27402.
2018-11-30 16:49:44 -06:00
Neel Chauhan
d18a167ff3 sr: Switch from tor_assert() to BUG()
Closes #19566

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-11-30 12:16:18 -05:00
David Goulet
a51dad4272 test: Fix a warning underflow in rend_cache/clean
Because the test is adding entries to the "rend_cache" directly, the
rend_cache_increment_allocation() was never called which made the
rend_cache_clean() call trigger that underflow warning:

rend_cache/clean: [forking] Nov 29 09:55:04.024 [warn] rend_cache_decrement_allocation(): Bug: Underflow in rend_cache_decrement_allocation (on Tor 0.4.0.0-alpha-dev 2240fe63feb9a8cf)

The test is still good and valid.

Fixes #28660

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-11-29 10:02:50 -05:00
teor
7a45bc74a4 Dir: when Tor's clock is behind, use a future consensus to bootstrap
When Tor's clock is behind the clocks on the authorities, allow Tor to
bootstrap successfully.

Fixes bug 28591; bugfix on 0.2.0.9-alpha.
2018-11-29 00:50:24 +10:00
teor
bd29b3531a Dir: Refactor ns expiry check to remove duplicate code
Instead of checking NS_EXPIRY_SLOP, use
networkstatus_consensus_reasonably_live().

Preparation for 28591.
2018-11-29 00:50:16 +10:00
Alexander Færøy
2b41b857bd Add LD_PROCESS as log domain.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
31b3a6577c Add buf_flush_to_pipe() and buf_read_from_pipe().
This patch adds two new functions: buf_flush_to_pipe() and
buf_read_from_pipe(), which makes use of our new buf_flush_to_fd() and
buf_read_from_fd() functions.

See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
771930b84c Refactor buf_read_from_socket() into buf_read_from_fd().
This patch refactors buf_read_from_socket() into buf_read_from_fd(), and
creates a specialized function for buf_read_from_socket(), which uses
buf_read_from_fd().

See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
c71f9df07b Refactor buf_flush_to_socket() into buf_flush_to_fd().
This patch refactors buf_flush_to_socket() into buf_flush_to_fd() and
creates a specialization function for buf_flush_to_socket() that makes
use of buf_flush_to_fd().

See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
340260281a Refactor flush_chunk() to work on pipes as well as sockets.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
5f26ae833e Refactor read_to_chunk() such that it supports both pipes and sockets.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Alexander Færøy
2a3eef4404 Remove unused int pid member of managed_proxy_t.
See: https://bugs.torproject.org/28179
2018-11-27 19:31:08 +01:00
Nick Mathewson
8a15d0f69b Merge branch 'maint-0.3.5' 2018-11-26 17:25:28 -05:00
Nick Mathewson
feb41b7c30 Merge remote-tracking branch 'teor/bug28096-035-squashed' into maint-0.3.5 2018-11-26 17:24:41 -05:00
Nick Mathewson
c292e505ff Merge remote-tracking branch 'tor-github/pr/539' 2018-11-26 17:22:37 -05:00
Nick Mathewson
fc1ad9ab65 Merge remote-tracking branch 'tor-github/pr/495' 2018-11-26 17:17:40 -05:00
Nick Mathewson
7d8e0cc9ab Merge branch 'dormant_v2_squashed' 2018-11-26 16:33:31 -05:00
Nick Mathewson
02843c4a4e Test for check_network_participation_callback() 2018-11-26 16:32:40 -05:00
Nick Mathewson
55512ef022 Test netstatus.c tracking of user participation status 2018-11-26 16:32:40 -05:00
Nick Mathewson
3743f79695 Add options to control dormant-client feature.
The DormantClientTimeout option controls how long Tor will wait before
going dormant.  It also provides a way to disable the feature by setting
DormantClientTimeout to e.g. "50 years".

The DormantTimeoutDisabledByIdleStreams option controls whether open but
inactive streams count as "client activity".  To implement it, I had to
make it so that reading or writing on a client stream *always* counts as
activity.

Closes ticket 28429.
2018-11-26 16:32:40 -05:00
David Goulet
d37dbb09c2 hs-v3: Do not close RP circuits when deleting an ephemeral service
Bug reported on tor-dev@ and here is the detail explanation of the issue:
https://lists.torproject.org/pipermail/tor-dev/2018-November/013558.html

Fixes bug #28619

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-11-26 14:45:53 -05:00
rl1987
e92f900191 Try silencing Coverity false positive CID 1441482
Bugfix on 469f47ef8dc8b18104108f0437c860ec88fca6ad; bug not in any released
Tor version.
2018-11-26 17:35:32 +02:00
Nick Mathewson
881b85cf32 Treat the StaleDesc flag as making our descriptor dirty.
Relay side of prop293.
2018-11-25 10:12:20 -05:00
Nick Mathewson
36f808c936 Vote on the StaleDesc flag from prop293
The StaleDesc flag tells relays that they need to upload a new
descriptor soon, or they will drop out of the consensus.
2018-11-25 10:05:13 -05:00
Nick Mathewson
7da06e43da No longer exit for missing required protocolversions on an old consensus
Specifically, if the consensus is older than the (estimted or
measured) release date for this version of tor, we assume that the
required versions may have changed in between that consensus and
this release.

Implements ticket 27735 and proposal 297.
2018-11-24 20:44:37 -05:00
Nick Mathewson
05dee063c8 Emit router families in canonical form
This patch has routers use the same canonicalization logic as
authorities when encoding their family lists.  Additionally, they
now warn if any router in their list is given by nickname, since
that's error-prone.

This patch also adds some long-overdue tests for family formatting.
2018-11-24 16:35:58 -05:00
Nick Mathewson
f82eb6269f Extract get_declared_family() into its own function.
This will help as we refactor it.
2018-11-24 12:11:40 -05:00
Nick Mathewson
0a0c612b79 Add a consensus method in which md families get canonicalized.
Implements prop298. Closes ticket 28266.
2018-11-24 12:01:09 -05:00
Nick Mathewson
d29e3a02d5 Add a function to canonicalize nodefamilies per prop298
This is the same as the regular canonical nodefamily format, except
that unrecognized elements are preserved.
2018-11-24 10:53:38 -05:00
Nick Mathewson
0e9a963b6b Revise nodefamily.c to match proposal 298
Prop298 says that family entries should be formatted with
$hexids in uppercase, nicknames in lower case, $hexid~names
truncated, and everything sorted lexically.  These changes implement
that ordering for nodefamily.c.

We don't _strictly speaking_ need to nodefamily.c formatting use
this for prop298 microdesc generation, but it seems silly to have
two separate canonicalization algorithms.
2018-11-24 10:30:15 -05:00
Taylor R Campbell
997a8b0ca7 Create a temporary directory for tor's DataDirectory in test_rebind.
Fixes #28562.

While here, put the argument count test and usage message _before_ we
attempt to read from sys.argv.
2018-11-23 12:51:39 -05:00
teor
805f75182a Entry Nodes: Test on reasonably live consensuses
As well as live consensuses.

Tests for 24661.
2018-11-22 17:47:12 +10:00
teor
390112d07e Entry Nodes: refactor tests to use macros
Part of 24661.
2018-11-22 17:46:52 +10:00
teor
3741f9e524
Fix a comment typo in test_hs_common.c 2018-11-22 16:56:06 +10:00
teor
cebc39bcd5
Test: make unit tests use a reasonably live consensus
Cleanup after 24661.
2018-11-22 16:54:46 +10:00
teor
657618ba9b
Entry Nodes: Mark outdated dirservers in reasonably live consensuses
Fixes bug 28569; bugfix on Tor 0.3.2.5-alpha.
2018-11-22 16:54:34 +10:00
teor
d1ac5613fc
Entry Nodes: Use a reasonably live consensus to select guards
Fixes bug 24661; bugfix on 0.3.0.1-alpha.
2018-11-22 16:54:22 +10:00
teor
ffc7b81b5d
Test: Fix memory leaks and missing unmocks in entry guard tests
test_entry_guard_outdated_dirserver_exclusion leaks memory, and is
missing some unmocks.

Fixes 28554; bugfix on 0.3.0.1-alpha.
2018-11-22 16:42:32 +10:00
Nick Mathewson
469f47ef8d Fix a fun heisenbug in memoize_protover_flags()
After we clear the protover map for getting full, we need to
re-create it, since we are about to use it.

This is a bugfix for bug 28558. It is a bugfix for the code from
ticket 27225, which is not in any released Tor.  Found by Google
OSS-Fuzz, as issue 11475.
2018-11-21 07:56:33 -05:00
Nick Mathewson
34cadefe34 Merge branch 'maint-0.3.5' 2018-11-20 09:04:35 -05:00
Taylor Yu
0489288aa2 Update control_free_all() for #27169
Reset the added bootstrap tracking state introduced by ticket 27169.
Fixes bug 28524; bugfix on 0.3.5.1-alpha.
2018-11-19 15:48:08 -06:00
Fabian Keil
71651ea4aa Complain if net.inet.ip.random_id is not set on FreeBSD-based servers
Apparently a couple of operators haven't gotten the memos [0] yet
and it looks like FreeBSD's default value will not change any time
soon [1].

[0]:
https://lists.torproject.org/pipermail/tor-relays/2014-March/004199.html
https://lists.torproject.org/pipermail/tor-relays/2014-November/005687.html
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195828

[1]:
https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041942.html
2018-11-19 16:28:00 +01:00
Nick Mathewson
8183640ada Merge branch 'maint-0.3.5' 2018-11-19 10:18:57 -05:00
Alexander Færøy
3260914db0 Add missing library to build tor-print-ed-signing-cert.
To succesful compile tor-print-ed-signing-cert.exe on Windows we
sometimes need to include the @TOR_LIB_GDI@ library.

See: https://bugs.torproject.org/28485
2018-11-19 10:18:44 -05:00
Nick Mathewson
48b08f0592 Merge branch 'ticket27359_v2_squashed' 2018-11-19 08:26:49 -05:00
Nick Mathewson
0e762c0cf5 Test new functions in nodelist.c 2018-11-19 08:26:10 -05:00
Nick Mathewson
4f9548f893 Expose more nodelist.c functions to tests 2018-11-19 08:26:10 -05:00
Nick Mathewson
aa1d767e6b Aim for 100% test coverage on nodefamily.c 2018-11-19 08:26:10 -05:00
Nick Mathewson
426c9561c5 Use nodefamily_t in microdescriptors.
Closes ticket 27359.
2018-11-19 08:26:10 -05:00
Nick Mathewson
83be4d2bbd Backend for compact node-family representation.
This representation is meant to save memory in microdescriptors --
we can't use it in routerinfo_t yet, since those families need to be
encoded losslessly for directory voting to work.

This representation saves memory in three ways:
   1. It uses only one allocation per family.  (The old way used a
      smartlist (2 allocs) plus one strdup per entry.)
   2. It stores identity digests in binary, not hex.
   3. It keeps families in a canonical format, memoizes, and
      reference-counts them.

Part of #27359.
2018-11-19 08:26:10 -05:00
rl1987
411780d563 Make ROUTERLIST_PRUNING_INTERVAL 1 hr. 2018-11-17 10:19:25 +02:00
Nick Mathewson
942c2da48e Bump to 0.3.5.5-alpha-dev 2018-11-16 11:32:04 -05:00
Nick Mathewson
35558c39dd Merge remote-tracking branch 'dgoulet/ticket27471_035_02' into maint-0.3.5 2018-11-16 08:57:56 -05:00
Nick Mathewson
c9906cc3f6 Bump to 0.3.5.5-alpha 2018-11-16 08:28:45 -05:00
Nick Mathewson
fe1fb4b0c3 Merge remote-tracking branch 'public/ticket27686_034' into maint-0.3.4 2018-11-15 17:01:54 -05:00
Nick Mathewson
80a6228aac Merge branch 'bug25573-034-typefix' into maint-0.3.4 2018-11-15 16:58:16 -05:00
Nick Mathewson
15e752e6b1 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-15 16:54:56 -05:00
Nick Mathewson
cbe04d4550 Merge branch 'maint-0.2.9' into maint-0.3.3 2018-11-15 16:54:16 -05:00
Nick Mathewson
63312e0299 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-15 16:47:25 -05:00
Nick Mathewson
aebe8a82c9 Merge branch 'bug26913_033' into maint-0.3.3 2018-11-15 16:47:22 -05:00
Nick Mathewson
8569166c70 Merge remote-tracking branch 'public/bug24104_029_squashed' into maint-0.2.9
Resolved conflicts with the 26269 fix in 015fcd0e11.
2018-11-15 16:43:50 -05:00
Nick Mathewson
1e6ffeaeaa Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-15 16:37:41 -05:00
Nick Mathewson
34e4d5a783 Merge remote-tracking branch 'dgoulet/bug27550_033_01' into maint-0.3.3 2018-11-15 16:37:02 -05:00
Nick Mathewson
31cc0d2c0b Merge branch 'maint-0.3.5' 2018-11-15 16:11:29 -05:00
Nick Mathewson
4b6b58ed8e Merge branch 'bug27740_035_fix' into maint-0.3.5 2018-11-15 16:11:06 -05:00
Nick Mathewson
53ccdb6945 Make sure that we are always a net participant when being a server
Otherwise, if we're dormant, and we set ORPort, nothing makes us become
non-dormant.
2018-11-15 11:17:27 -05:00
Nick Mathewson
2f28cd1dc8 Rename and fix docs on FLUSH_ON_DISABLE
Also rename "...flush_and_disable()" to "...schedule_and_disable()"
2018-11-15 11:17:22 -05:00
Nick Mathewson
d0e6abd087 Reset dormancy status when the clock jumps. 2018-11-15 11:17:22 -05:00
Nick Mathewson
ce6209cee4 Add a periodic event to become dormant.
This event makes us become dormant if we have seen no activity in a
long time.

Note that being any kind of a server, or running an onion service,
always counts as being active.

Note that right now, just having an open stream that Tor
did not open on its own (for a directory request) counts as "being
active", so if you have an idle ssh connection, that will keep Tor
from becoming dormant.

Many of the features here should become configurable; I'd like
feedback on which.
2018-11-15 11:17:22 -05:00
Nick Mathewson
2c15b65381 Make the NET_PARTICIPANT role dependent on user activity
This patch implements all of 28337, except for the part where we
turn off the role if we've been idle for a long time.
2018-11-15 11:17:22 -05:00
Nick Mathewson
ccbb36048f write_stats_file() is indeed NET_PARTICIPANT; remove comment. 2018-11-15 11:17:22 -05:00
Nick Mathewson
dc21f1f662 reset_padding_counts is only once per 24h; it can be all. 2018-11-15 11:17:22 -05:00
Nick Mathewson
4bf79fa4fa Turn second_elapsed_callback into a normal periodic event. 2018-11-15 11:17:22 -05:00
Nick Mathewson
303e5c70e0 Move the responsibility for delayed shutdown into the mainloop
This is part of 28422, so we don't have to call
consider_hibernation() once per second when we're dormant.

This commit does not remove delayed shutdown from hibernate.c: it
uses it as a backup shutdown mechanism, in case the regular shutdown
timer mechanism fails for some reason.
2018-11-15 11:17:22 -05:00
Nick Mathewson
e535ec8542 Remove run_scheduled_events() as a separate function.
(There was nothing else in second_elapsed_callbck() that couldn't go
here.)
2018-11-15 11:17:22 -05:00
Nick Mathewson
a0380b705d Move control_per_second_events() into a callback with its own role
Part of making extra-dormant mode work; closes ticket 28421.
2018-11-15 11:17:22 -05:00
Nick Mathewson
db53bfe8f7 Annotate 1/s callback elements with NET_PARTICIPANT status. 2018-11-15 11:17:22 -05:00
Nick Mathewson
b9a88bd53a Add new "ALL" and "NET_PARTICIPANT" roles for periodic events
The previous "ALL" role was the OR of a bunch of other roles,
which is a mistake: it's better if "ALL" means "all".

The "NET_PARTICIPANT" role refers to the anything that is actively
building circuits, downloading directory information, and
participating in the Tor network.  For now, it is set to
!net_is_disabled(), but we're going to use it to implement a new
"extra dormant mode".

Closes ticket 28336.
2018-11-15 11:17:22 -05:00
Nick Mathewson
6d84972eb8 Add a function to schedule a periodic event once, then disable it 2018-11-15 11:17:22 -05:00
Nick Mathewson
2070765c7c Use macros to make the periodic event table less verbose. 2018-11-15 11:17:22 -05:00
teor
44ced9b750 Merge branch 'bug28096-029-squashed' into bug28096-035-squashed
Move the get_uname() changes from src/common/compat.c to
src/lib/osinfo/uname.c
2018-11-15 12:23:29 +10:00
teor
2fbc58cf07 Windows: fix uname on recent Windows versions
Correctly identify Windows 8.1, Windows 10, and Windows Server 2008
and later from their NT versions.

On recent Windows versions, the GetVersionEx() function may report
an earlier Windows version than the running OS. To avoid user
confusion, add "[or later]" to Tor's version string on affected
versions of Windows.

Remove Windows versions that were never supported by the
GetVersionEx() function.

Stop duplicating the latest Windows version in get_uname().

Fixes bug 28096; bugfix on 0.2.2.34; reported by Keifer Bly.
2018-11-15 12:19:11 +10:00
Nick Mathewson
eaff47352a Make sure sandbox-related getaddrinfo() functions always exist. 2018-11-14 16:12:29 -05:00
Nick Mathewson
e420154ce7 Add an include to main.c 2018-11-14 16:07:36 -05:00
Nick Mathewson
6ca29ea409 Add libtor-buf-testing to build.rs 2018-11-14 16:07:36 -05:00
Nick Mathewson
4ecd5da306 Add .may_include to ext/timeouts. 2018-11-14 16:07:36 -05:00
Nick Mathewson
d32795bb6e Make "ext" participate in may_include.
Also, resolve a circular dependency involving the use of lib/log by
csiphash.c.
2018-11-14 16:07:36 -05:00
Nick Mathewson
e429e31ad1 Normalize .may_include to always have paths, and paths to include 2018-11-14 16:07:35 -05:00
Nick Mathewson
c0a7527eb8 Remove dependency on lib/net from lib/sandbox.
This was trivial, and the easiest way to remove the remaining
.may_include circularities.
2018-11-14 16:07:03 -05:00
Nick Mathewson
f6b8c7da66 Move buffers.c out of lib/containers to resolve a circularity. 2018-11-14 16:07:03 -05:00
Nick Mathewson
c9f9c9bc49 Make memarea use smartlist_core, not container. 2018-11-14 16:07:03 -05:00
Nick Mathewson
12175987fc Merge branch 'maint-0.3.5' 2018-11-14 15:43:49 -05:00
Nick Mathewson
d598d834f5 Merge branch 'ticket27750_034_01_squashed' into maint-0.3.5 2018-11-14 15:43:46 -05:00
David Goulet
c99f220f78 conn: Close the read side of a closing connection when write limit is reached
In conn_close_if_marked(), we can decide to keep a connection open that still
has data to flush on the wire if it is being rate limited on the write side.

However, in this process, we were also looking at the read() side which can
still have token in its bucket and thus not stop the reading. This lead to a
BUG() introduced in 0.3.4.1-alpha that was expecting the read side to be
closed due to the rate limit but which only applies on the write side.

This commit removes any bandwidth check on the read side and simply stop the
read side on the connection regardless of the bucket state. If we keep the
connection open to flush it out before close, we should not read anything.

Fixes #27750

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-11-14 15:42:52 -05:00
Nick Mathewson
cec58ae55c Merge branch 'maint-0.3.5' 2018-11-14 07:56:52 -05:00
Nick Mathewson
a58b19465d Merge remote-tracking branch 'teor/bug28441-035' into maint-0.3.5 2018-11-14 07:56:48 -05:00
Nick Mathewson
1043532a51 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-14 07:55:07 -05:00
Nick Mathewson
3deb01e1a4 Merge branch 'maint-0.3.5' 2018-11-14 07:55:07 -05:00
Nick Mathewson
eba989bf0e Merge branch 'maint-0.3.4' into maint-0.3.5 2018-11-14 07:55:07 -05:00
Nick Mathewson
db3acb3aa3 Work around check-spaces. 2018-11-14 07:54:57 -05:00
Martin Kepplinger
7ba1f39116 libtorrunner: fix memory leak in child() error path
This avoids leaking memory in case libtorrunner's child() function fails.
2018-11-14 07:49:51 -05:00
Nick Mathewson
586c3a7c90 Merge branch 'maint-0.3.5' 2018-11-14 07:42:56 -05:00
teor
16ca6fdfdb
log: stop talking about the Named flag in log messages
Clients have ignored the Named flag since 0.3.2.

Fixes bug 28441; bugfix on 0.3.2.1-alpha.
2018-11-14 18:16:34 +10:00
teor
9daf06d171
comment: circuit_list_path_impl() does not check Named any more 2018-11-14 18:06:14 +10:00
teor
a7aa3f76ec
comment: Fix a typo in nodes_in_same_family() 2018-11-14 18:06:05 +10:00
Nick Mathewson
a6a7a1f3ed Merge branch 'maint-0.3.5' 2018-11-13 16:48:26 -05:00
Nick Mathewson
021187f915 Merge branch 'bug28183_029' into maint-0.3.5 2018-11-13 16:48:21 -05:00
David Goulet
342f2b1873 Merge branch 'tor-github/pr/501' 2018-11-13 10:48:23 -05:00
David Goulet
8fb318860e Merge branch 'maint-0.3.5' 2018-11-13 10:43:03 -05:00
David Goulet
6f2151be9a Merge branch 'tor-github/pr/487' into maint-0.3.5 2018-11-13 10:37:25 -05:00
Neel Chauhan
ec93385cb2 Comment for rend_cache_failure in feature/rend/rendcache.c: "usuable" should be "usable" 2018-11-13 10:33:51 -05:00
Nick Mathewson
42be1c668b Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-13 08:27:29 -05:00
Nick Mathewson
d000e798ac Merge branch 'maint-0.3.5' 2018-11-13 08:27:29 -05:00
Nick Mathewson
ae4c94bb64 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-11-13 08:27:29 -05:00
Nick Mathewson
54d1a2d805 Merge branch 'maint-0.2.9' into maint-0.3.3 2018-11-13 08:27:17 -05:00
Nick Mathewson
1a11702a9a Fix a compiler warning in aes.c.
Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.

Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.
2018-11-12 15:39:28 -05:00
Nick Mathewson
0e5378feec seccomp2: Add "shutdown" to the list of permitted system calls.
We don't use this syscall, but openssl apparently does.

(This syscall puts a socket into a half-closed state. Don't worry:
It doesn't shut down the system or anything.)

Fixes bug 28183; bugfix on 0.2.5.1-alpha where the sandbox was
introduced.
2018-11-12 08:23:58 -05:00
Nick Mathewson
1fce9d1296 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-11 18:05:45 -05:00
Nick Mathewson
d1e9285b1d Merge branch 'maint-0.3.5' 2018-11-11 18:05:45 -05:00
Nick Mathewson
896d0ebb99 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-11-11 18:05:45 -05:00
Nick Mathewson
93b6d41374 Merge branch 'maint-0.2.9' into maint-0.3.3 2018-11-11 18:05:45 -05:00
Nick Mathewson
46796623f9 Fix a bug in usage of SSL_set1_groups_list()
Apparently, even though the manpage says it returns an int, it
can return a long instead and cause a warning.

Bug not in any released Tor.  Part of #28399
2018-11-11 18:03:50 -05:00
rl1987
100136ca86 Create new periodic event for pruning old info about Tor routers 2018-11-11 20:31:24 +02:00
Nick Mathewson
e27dff08a3 Merge branch 'maint-0.3.5' 2018-11-11 11:57:54 -05:00
Nick Mathewson
6b2ff4fff8 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-11 11:57:53 -05:00
Nick Mathewson
76ed869ff9 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-11-11 11:57:53 -05:00
Nick Mathewson
d0c3723c38 Merge branch 'maint-0.2.9' into maint-0.3.3 2018-11-11 11:57:52 -05:00
Karsten Loesing
5ba3d09a89 Update geoip and geoip6 to the November 6 2018 database. 2018-11-11 11:25:59 +01:00
Nick Mathewson
91355c0fac Annotate subsystem list with their levels. 2018-11-09 22:17:18 -05:00
Nick Mathewson
bf4f55a13d Merge branch 'subsystems' 2018-11-09 15:01:49 -05:00
Nick Mathewson
60d1081236 Log before performing a subsystem operation 2018-11-09 11:56:26 -05:00
Nick Mathewson
ba722e4799 Add list of levels in subsystem_list.c 2018-11-09 11:15:27 -05:00
Nick Mathewson
c6336727ca Rename subsystem callback functions to make them consistent 2018-11-09 11:12:12 -05:00
Nick Mathewson
e80595f562 fixup! Make initialization for the "err" library into a subsystem.
Check for failure to install backtrace handler.
2018-11-09 11:00:31 -05:00
Nick Mathewson
61695e3d62 Document that subsystem callbacks are optional. 2018-11-09 10:58:20 -05:00
Nick Mathewson
4fe4bcf8a1 Explain that configuration should happen elsewhere, but not init. 2018-11-09 10:55:18 -05:00
Nick Mathewson
5d73f87ced Merge branch 'maint-0.3.5' 2018-11-09 10:49:48 -05:00
Nick Mathewson
591a189fa4 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-09 10:49:47 -05:00
Nick Mathewson
2ac2d0a426 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-11-09 10:49:47 -05:00
Nick Mathewson
c06b7f090c Merge branch 'maint-0.2.9' into maint-0.3.3 2018-11-09 10:49:47 -05:00
Nick Mathewson
1ba1a1ceca Always declare groups when building with openssl 1.1.1 APIs
Failing to do on clients was causing TLS 1.3 negotiation to fail.

Fixes bug 28245; bugfix on 0.2.9.15, when we added TLS 1.3 support.
2018-11-09 10:10:25 -05:00
Nick Mathewson
6560346a45 Bump version to 0.3.5.4-alpha-dev. 2018-11-08 09:00:59 -05:00
Nick Mathewson
8e3bae566a Merge branch 'maint-0.3.5' 2018-11-07 16:27:26 -05:00
Nick Mathewson
212bd9778b Make the hibernate.c changes for systemd compile. 2018-11-07 16:27:20 -05:00
Nick Mathewson
f229c4e66a Bump to 0.3.5.4-alpha 2018-11-07 14:40:26 -05:00
Nick Mathewson
c7b6ed1d80 Merge remote-tracking branch 'tor-github/pr/271' 2018-11-07 11:21:13 -05:00
Roger Dingledine
6e828ced56 simplify now that it uses tor's copyright and license 2018-11-07 11:02:26 -05:00
Nick Mathewson
9e48d9a920 Change version on master to 0.4.0.0-alpha-dev. 2018-11-07 10:54:03 -05:00
Nick Mathewson
9807da9c20 Merge branch 'ticket27225_squashed' 2018-11-07 10:47:29 -05:00
Nick Mathewson
6d93820499 Memoize summarize_protover_flags()
Our tests showed that this function is responsible for a huge number
of our malloc/free() calls.  It's a prime candidate for being
memoized.

Closes ticket 27225.
2018-11-07 10:47:07 -05:00
Nick Mathewson
a7a060a637 Switch ctassert.h to 3bsd (with permission) 2018-11-07 10:37:02 -05:00
Neel Chauhan
f89f14802e At intro points, don't close circuits on NACKs 2018-11-06 17:04:08 -05:00
Nick Mathewson
770653ff45 Allow lib/cc to include its own files. 2018-11-06 16:59:39 -05:00
Nick Mathewson
d9508d8ede Change copyright statement (with permission) 2018-11-06 15:42:18 -05:00
Nick Mathewson
6b706bcf19 Remove a tab. 2018-11-06 15:41:32 -05:00
Nick Mathewson
3c9dd9ef2d Add parentheses to the ctassert macro expansions 2018-11-06 15:41:14 -05:00
Nick Mathewson
e69a4ad6b3 Add a user of CTASSERT(). 2018-11-06 15:39:58 -05:00
Taylor R Campbell
1a6060fa42 New macro CTASSERT(condition) to assert condition at compile-time.
To get it, use: #include "lib/cc/ctassert.h"
2018-11-06 15:36:58 -05:00
Nick Mathewson
c8892b53ec Merge remote-tracking branch 'tor-github/pr/466' 2018-11-06 15:35:45 -05:00
Nick Mathewson
8020d6fb05 Merge remote-tracking branch 'tor-github/pr/464' 2018-11-06 15:33:25 -05:00
Nick Mathewson
ba28704b29 Merge branch 'maint-0.3.5' 2018-11-06 15:22:11 -05:00
Nick Mathewson
c60f3ea607 Merge remote-tracking branch 'tor-github/pr/474' into maint-0.3.5 2018-11-06 15:21:45 -05:00
Nick Mathewson
bb9044381e Merge branch 'maint-0.3.5' 2018-11-06 15:20:01 -05:00
Nick Mathewson
8a5590ebac Merge remote-tracking branch 'tor-github/pr/484' into maint-0.3.5 2018-11-06 15:19:04 -05:00
Nick Mathewson
bcba6a4918 Merge branch 'maint-0.3.5' 2018-11-06 15:17:52 -05:00
Kris Katterjohn
daaa2751ed Include sys/time.h in timers.c and time_fmt.c
This fixes compilation on OpenBSD.

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>
2018-11-06 15:15:22 -05:00
Roger Dingledine
3a2cb83685 refuse to start with relative paths + RunAsDaemon
Resume refusing to start with relative file paths and RunAsDaemon
set (regression from the fix for bug 22731).

Fixes bug 28298; bugfix on 0.3.3.1-alpha.
2018-11-06 15:50:56 +01:00
Nick Mathewson
313b5b956c Merge branch 'maint-0.3.5' 2018-11-06 09:16:25 -05:00
Nick Mathewson
9431d35074 Merge branch 'bug28348_034' into bug28348_035 2018-11-06 07:42:55 -05:00
Nick Mathewson
2aff02eb3d Actually disable NEED_NET periodic events when DisableNetwork is set
Fixes bug 28348; bugfix on 0.3.4.1-alpha
2018-11-06 07:40:02 -05:00
Nick Mathewson
32b23a4c40 Make tortls use the subsystems interface
This one only needs a shutdown right now.
2018-11-05 09:22:02 -05:00
Nick Mathewson
019a044e5e Turn "compress" into a subsystem. 2018-11-05 09:22:02 -05:00
Nick Mathewson
207253df8d Move monotonic time setup into a subsystem 2018-11-05 09:22:02 -05:00
Nick Mathewson
cad61f0f6d Move prefork, postfork, and thread-exit hooks into subsys
So far, crypto is the only module that uses them, but others are
likely to do so in the future.
2018-11-05 09:22:02 -05:00
Nick Mathewson
50436ccea4 Add crypto module as a subsystem. 2018-11-05 09:22:02 -05:00
Nick Mathewson
cfe5b35edb Move networking startup/cleanup logic into a subsystem. 2018-11-05 09:22:02 -05:00
Nick Mathewson
05b54f6a6a Use subsystems manager for subsystems used in tests. 2018-11-05 09:22:02 -05:00
Nick Mathewson
a0ee54549f Turn the wallclock module into a subsystem.
(This may be slightly gratuitous.)
2018-11-05 09:22:02 -05:00
Nick Mathewson
d3e4afcc9b Turn the logging code into a subsystem 2018-11-05 09:22:02 -05:00
Nick Mathewson
b8c50eabfe Add a subsystem for our threading support 2018-11-05 09:22:02 -05:00
Nick Mathewson
178c1821b2 Make the windows process parameter initialization a subsystem
Also, move it from "main" into lib/process
2018-11-05 09:22:02 -05:00
Nick Mathewson
175153a329 Make initialization for the "err" library into a subsystem. 2018-11-05 09:22:02 -05:00
Nick Mathewson
6e7ff8cba0 Move the code that knows our tor version into a lowest-level lib 2018-11-05 09:22:02 -05:00
Nick Mathewson
7bb76b24cf Code to manage the list of subsystems. 2018-11-05 09:22:02 -05:00
Neel Chauhan
45b28167d7 In count_acceptable_nodes(), count direct and indirect nodes with node_has_preferred_descriptor() 2018-11-05 08:26:02 -05:00
Alex Xu (Hello71)
0d6d3e1f26
Notify systemd of ShutdownWaitLength 2018-11-05 11:46:28 +10:00
Nick Mathewson
674ef53a7e Add a warning if we can't write networkstatus-bridges
Fixes CID 1440818.
2018-11-02 13:32:43 -04:00
Nick Mathewson
18a4eaf5c1 Avoid mmap leak if we get a consensus diff we can't use.
Fixes CID 1440819; bug not in any released Tor.
2018-11-02 13:30:55 -04:00
Nick Mathewson
3e2423d19b Update address tests to avoid offending coverity. 2018-11-02 13:29:24 -04:00
Nick Mathewson
865514e66e Merge branch 'ticket28100_squashed' 2018-11-02 13:19:24 -04:00
Alex Xu (Hello71)
1b75de85b3 Don't overwrite the Content-Type when compressing 2018-11-02 13:19:14 -04:00
Nick Mathewson
f0bd6c2c9d Merge branch 'maint-0.3.5' 2018-11-02 13:14:37 -04:00
Nick Mathewson
996f24fcd3 Merge branch 'bug27968_squashed' into maint-0.3.5 2018-11-02 13:14:32 -04:00
teor
e36e4a9671 Sort the imports in test_rebind.py
Cleanup after #27968.
2018-11-02 13:14:23 -04:00
teor
a02d6c560d Make test_rebind.py timeout when waiting for a log message
Closes #27968.
2018-11-02 13:14:23 -04:00
teor
cd674a10ad Refactor test_rebind.py to consistently print FAIL on failure
Part of #27968.
2018-11-02 13:14:23 -04:00
teor
8f43b8fb47 Avoid a race condition in test_rebind.py
If tor terminates due to SIGNAL HALT before test_rebind.py calls
tor_process.terminate(), an OSError 3 (no such process) is thrown.

Fixes part of bug 27968 on 0.3.5.1-alpha.
2018-11-02 13:14:23 -04:00
Nick Mathewson
5acf6f8717 Bump to 0.3.4.9-dev 2018-11-02 13:01:32 -04:00
Nick Mathewson
a6c7e01584 Merge branch 'bug27963_wallclock' into maint-0.3.5 2018-11-02 09:39:13 -04:00
Nick Mathewson
084a5a13c7 Merge branch 'bug27963_wallclock' 2018-11-02 09:38:26 -04:00
Nick Mathewson
d8d4fe83d0 Bump to 0.3.4.9 2018-11-02 09:08:45 -04:00
Nick Mathewson
bfe8f50cc8 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-02 09:06:37 -04:00
Nick Mathewson
6bd069630a Merge branch 'bug26470_032' into maint-0.3.3 2018-11-02 09:06:32 -04:00
Nick Mathewson
f288f2478a Merge branch 'bug26896_034' into maint-0.3.4 2018-11-02 09:05:14 -04:00
Nick Mathewson
8ed4f1ee84 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-11-02 09:04:25 -04:00
Nick Mathewson
e847909b71 Merge remote-tracking branch 'dgoulet/ticket27410_032_01' into maint-0.3.3 2018-11-02 09:04:20 -04:00
Nick Mathewson
0ce1f2d466 Declare the subsystem structure. 2018-11-01 12:55:52 -04:00
George Kadianakis
da716fdfbb Add tests for the string_is_utf8_no_bom() function. 2018-11-01 12:55:04 +02:00
Fernando Fernandez Mancera
f60607ee96 Improve log message in hs_service.c
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-11-01 12:40:52 +02:00
Nick Mathewson
383b44553c Merge branch 'ticket24393_036_01_squashed' 2018-10-31 11:07:15 -04:00
Neel Chauhan
e9adc200aa Add test for nodes_in_same_family() 2018-10-31 11:07:03 -04:00
Nick Mathewson
0d124488f8 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-10-31 11:02:58 -04:00
Nick Mathewson
158db532eb Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-31 11:01:41 -04:00
Nick Mathewson
2a4506776e Merge branch 'maint-0.3.5' 2018-10-31 11:01:41 -04:00
Nick Mathewson
59043665f8 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-10-31 11:01:41 -04:00
Nick Mathewson
bcc1a71808 Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-31 11:01:40 -04:00
Nick Mathewson
0a824bd889 Merge remote-tracking branch 'tor-github/pr/436' into maint-0.2.9 2018-10-31 11:01:36 -04:00
Nick Mathewson
988d4903a3 Merge branch 'networkstatus_mmap' into networkstatus_mmap_merge 2018-10-31 09:04:12 -04:00
Nick Mathewson
a182301152 Fix memory leak (#28257, CID 1440805). 2018-10-31 08:30:48 -04:00
Neel Chauhan
067b16eae2 Check IPv6 subnets as well as IPv4 subnets where possible when choosing client paths 2018-10-30 15:02:43 -04:00
David Goulet
aa1ae1343a Merge branch 'maint-0.3.5' 2018-10-30 11:44:14 -04:00
David Goulet
488969fe9c Merge branch 'tor-github/pr/438' into maint-0.3.5 2018-10-30 11:43:54 -04:00
David Goulet
124c43704c Merge branch 'maint-0.3.5' 2018-10-30 11:37:44 -04:00
David Goulet
95559279e1 Merge branch 'tor-github/pr/415' into maint-0.3.5 2018-10-30 11:36:36 -04:00
David Goulet
cdb065d6b2 Merge branch 'maint-0.3.5' 2018-10-30 10:55:10 -04:00
Neel Chauhan
cd9914d9f9 Add test for HiddenServiceAuthorizeClient and v3 onion services 2018-10-30 10:49:03 -04:00
Neel Chauhan
82b3a02302 Detect the onion service version and then check for invalid options unless we have set HiddenServiceVersion 2018-10-30 10:48:56 -04:00
Nick Mathewson
6ba7f9f0a4 Merge branch 'maint-0.3.5' 2018-10-30 09:35:11 -04:00
Nick Mathewson
97324a731f Merge remote-tracking branch 'tor-github/pr/431' into maint-0.3.5 2018-10-30 09:35:07 -04:00
Nick Mathewson
cf2cb783b7 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-30 09:34:04 -04:00
Nick Mathewson
22338d63c4 Merge remote-tracking branch 'tor-github/pr/431' into bug27740_035_fix 2018-10-30 09:33:58 -04:00
Nick Mathewson
038bc21f88 Merge remote-tracking branch 'tor-github/pr/346' into maint-0.3.3 2018-10-30 09:33:36 -04:00
Nick Mathewson
de55df0260 remove now-unused "use" statement. 2018-10-30 09:28:10 -04:00
Nick Mathewson
30d853a906 Merge remote-tracking branch 'tor-github/pr/425' 2018-10-30 09:16:55 -04:00
Nick Mathewson
084924360a Merge branch 'ticket23082_squashed' 2018-10-30 09:05:42 -04:00
rl1987
1425549ca6 Code cleanups for tor_addr_parse() 2018-10-30 09:05:11 -04:00
rl1987
742cd15649 Move a check for trailing colon to tor_inet_pton()
That way, string_is_valid_ipv6_address() can benefit from it
2018-10-30 09:05:11 -04:00
Nick Mathewson
c19bb4d62e Merge branch 'maint-0.3.5' 2018-10-30 08:45:49 -04:00
Nick Mathewson
262b0fe7a0 Merge remote-tracking branch 'tor-github/pr/381' into maint-0.3.5 2018-10-30 08:39:57 -04:00
Nick Mathewson
632e040659 Try to restore a proper fix for bug27740 in 0.3.5.
(I messed up the merge in 289a7dbac32a981897e12a3c250f0b6c67eec809.)
2018-10-30 07:37:20 -04:00
Nick Mathewson
c4b6b57388 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-29 15:57:31 -04:00
Nick Mathewson
fda8b5de78 Merge branch 'maint-0.3.5' 2018-10-29 15:57:31 -04:00
Nick Mathewson
1dcaeab466 Merge remote-tracking branch 'tor-github/pr/446' 2018-10-29 14:49:15 -04:00
Alex Crichton
8285784966 Only pass -C default-linker-libraries with sanitizers
This'll help retain test compatibility until 1.31.0 is released!
2018-10-29 10:00:23 -07:00
George Kadianakis
5c2212c734 HSv3: Correctly memwipe client auth keystream.
Wipe the whole thing, not just the size of the pointer.
2018-10-26 14:55:17 +03:00
rl1987
bdf6540edf Add a comment about address type field to netinfo.trunnel 2018-10-26 12:58:42 +03:00
rl1987
5cc86e364f Generate NETINFO cell using trunnel 2018-10-26 12:58:42 +03:00
rl1987
d3e6112bb2 Use trunnel for NETINFO cell parsing 2018-10-26 12:58:42 +03:00
rl1987
b59eedc259 Add trunnel spec and impl for NETINFO cells 2018-10-26 12:58:42 +03:00
rl1987
b7edfcbf6b In configured_nameserver_address, check if tor_addr_from_sockaddr succeeded 2018-10-26 10:26:47 +03:00
Nick Mathewson
52a82bc53c Add a couple more checks to test_parsecommon.c
These checks should make coverity stop giving us a "dereference
before null check" warning here.
2018-10-25 09:24:30 -04:00
Nick Mathewson
e9ff3e7d4a Merge branch 'bug28202_033' into bug28202_035 2018-10-25 09:16:08 -04:00
Nick Mathewson
8013e3e8b6 Merge branch 'bug28202_029' into bug28202_033 2018-10-25 09:14:06 -04:00
Nick Mathewson
0878bb961f Fix two other cases of (buf + N > end) pattern
Related to fix for 28202.
2018-10-25 09:08:02 -04:00
Nick Mathewson
368413a321 Fix possible UB in an end-of-string check in get_next_token().
Remember, you can't check to see if there are N bytes left in a
buffer by doing (buf + N < end), since the buf + N computation might
take you off the end of the buffer and result in undefined behavior.

Fixes 28202; bugfix on 0.2.0.3-alpha.
2018-10-25 09:06:13 -04:00
Nick Mathewson
76da5f8b80 Merge branch 'ticket28177' 2018-10-24 12:59:51 -04:00
Nick Mathewson
594140574e Fix remaining cases of using consensus without a len parameter.
(Thanks to cyberpunks for noting two of them!)
2018-10-24 11:06:34 -04:00
David Goulet
b063ca0604 node: Make node_supports_v3_rendezvous_point() also check for the key
It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-24 10:30:26 -04:00
Nick Mathewson
b77889fc5f Merge branch 'maint-0.3.5' 2018-10-24 10:20:53 -04:00
Nick Mathewson
6851a08090 Merge branch 'ticket28115_035' into maint-0.3.5 2018-10-24 10:20:41 -04:00
Nick Mathewson
c0bd800d26 Re-alphabetize the list of tests in tests.[ch] 2018-10-24 09:09:40 -04:00
Nick Mathewson
c6d3bebb1e Merge remote-tracking branch 'tor-github/pr/409' 2018-10-24 09:06:29 -04:00
Nick Mathewson
c3e14a3236 Merge branch 'maint-0.3.5' 2018-10-24 09:02:06 -04:00
cypherpunks
bfab7b9d35 rust/tor_log: fix C_RUST_COUPLED documentation
This file was moved in 97b15a1d7c
and moved again in e7f5f48d68.
2018-10-24 09:02:04 -04:00
Nick Mathewson
fd6078b33a Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-23 19:50:53 -04:00
Nick Mathewson
b2c52f5d6d Remove a now-unused rust "use". 2018-10-23 19:50:45 -04:00
Nick Mathewson
05d65cb067 Merge branch 'maint-0.3.5' 2018-10-23 19:22:05 -04:00
Nick Mathewson
289a7dbac3 Merge branch 'maint-0.3.4' into maint-0.3.5 2018-10-23 19:21:44 -04:00
Nick Mathewson
7edc594ee7 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-23 19:18:23 -04:00
Nick Mathewson
169bc670dd Merge remote-tracking branch 'onionk/rust-allsupportednull1' into maint-0.3.3 2018-10-23 19:17:48 -04:00
George Kadianakis
a614731144 Documentation: Move the hs_service_descriptor_t elements around.
Move the elements around to concentrate mutable and immutable elements
together. This commit changes no code, check with --color-moved.
2018-10-23 16:43:54 +03:00
George Kadianakis
df78fb2451 Documentation: Document which descriptor elements are (im)mutable. 2018-10-23 16:43:54 +03:00
George Kadianakis
29c194e022 Func rename: Make it clear that update_all_descriptors() does intro points.
With the new refresh_service_descriptor() function we had both
refresh_service_descriptor() and update_service_descriptor() which is basically
the same thing.

This commit renames update_service_descriptor() to
update_service_descriptor_intro_points() to make it clear it's not a generic
refresh and it's only about intro points.

Commit changes no code.
2018-10-23 16:43:54 +03:00
teor
939657771c
Treat backtrace test failures as expected on most BSD-derived systems
Treat backtrace test failures as expected on NetBSD, OpenBSD, and
macOS/Darwin, until we solve bug 17808.

(FreeBSD failures have been treated as expected since 18204 in 0.2.8.)

Fixes bug 27948; bugfix on 0.2.5.2-alpha.
2018-10-23 11:21:10 +10:00
cypherpunks
f874ab2640 dircache: make dirauths reject non UTF-8 descriptors and extrainfo
Ticket #27367.
2018-10-23 00:33:51 +00:00
cypherpunks
3704c4a012 string: add BOM helper 2018-10-23 00:33:48 +00:00
David Goulet
81c466c34a hs-v3: Create desc signing key cert before uploading
Before this commit, we would create the descriptor signing key certificate
when first building the descriptor.

In some extreme cases, it lead to the expiry of the certificate which triggers
a BUG() when encoding the descriptor before uploading.

Ticket #27838 details a possible scenario in which this can happen. It is an
edge case where tor losts internet connectivity, notices it and closes all
circuits. When it came back up, the HS subsystem noticed that it had no
introduction circuits, created them and tried to upload the descriptor.

However, in the meantime, if tor did lack a live consensus because it is
currently seeking to download one, we would consider that we don't need to
rotate the descriptors leading to using the expired signing key certificate.

That being said, this commit does a bit more to make this process cleaner.
There are a series of things that we need to "refresh" before uploading a
descriptor: signing key cert, intro points and revision counter.

A refresh function is added to deal with all mutable descriptor fields. It in
turn simplified a bit the code surrounding the creation of the plaintext data.

We keep creating the cert when building the descriptor in order to accomodate
the unit tests. However, it is replaced every single time the descriptor is
uploaded.

Fixes #27838

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-22 16:34:41 -04:00
Nick Mathewson
afc22ec539 Merge remote-tracking branch 'tor-github/pr/421' 2018-10-22 08:49:55 -04:00
Roger Dingledine
7aa9fc1637 clean up a tor2web comment 2018-10-21 23:46:09 -04:00
rl1987
98cef6807e Exclude test and a supporting function when evdns_base_get_nameserver_addr() is not available 2018-10-20 20:34:08 +03:00
rl1987
d827902cb1 Unit test for DNS fallback in configure_nameservers 2018-10-20 20:34:08 +03:00
rl1987
91fa12aedc Fallback to local DNS when no other nameservers are known 2018-10-20 20:34:08 +03:00
Nick Mathewson
275e831cea Merge remote-tracking branch 'tor-github/pr/396' 2018-10-19 14:29:01 -04:00
Nick Mathewson
1ae9116601 Merge remote-tracking branch 'onionk/rust-protocommas1' into maint-0.3.5 2018-10-19 14:20:57 -04:00
Nick Mathewson
a05a113062 Merge remote-tracking branch 'onionk/rust-protocommas1' 2018-10-19 14:20:43 -04:00
Nick Mathewson
d1d66866b2 Rename a function; it is used to convert a value _From_ le.
We can't use htons()/ntohs() -- those are no-ops on exactly the
wrong platforms.
2018-10-19 08:42:28 -04:00
Nick Mathewson
f8a1dc64f9 Fix a misspelled macro test that was breaking big-endian OPE
Fixes bug 28115; bugfix on 0.3.5.1-alpha.
2018-10-19 08:41:25 -04:00
Nick Mathewson
62401812c7 Merge remote-tracking branch 'dgoulet/ticket27471_035_02' 2018-10-18 13:01:41 -04:00
David Goulet
8b2e72106a test: Add test for closing intro circuits when storing a new descriptor
This is client side and related to 27471 for previous commit that fixes this
issue.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 12:56:51 -04:00
David Goulet
9ba16c4d03 hs-v3: Close client intro circuits if the descriptor is replaced
When storing a descriptor in the client cache, if we are about to replace an
existing descriptor, make sure to close every introduction circuits of the old
descriptor so we don't have leftovers lying around.

Ticket 27471 describes a situation where tor is sending an INTRODUCE1 cell on
an introduction circuit for which it doesn't have a matching intro point
object (taken from the descriptor).

The main theory is that, after a new descriptor showed up, the introduction
points changed which led to selecting an introduction circuit not used by the
service anymore thus for which we are unable to find the corresponding
introduction point within the descriptor we just fetched.

Closes #27471.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 12:56:51 -04:00
David Goulet
56f713b8a4 hs-v3: Always generate the descriptor cookie
It won't be used if there are no authorized client configured. We do that so
we can easily support the addition of a client with a HUP signal which allow
us to avoid more complex code path to generate that cookie if we have at least
one client auth and we had none before.

Fixes #27995

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 11:46:07 -04:00
Nick Mathewson
0a41d17c15 Merge branch 'ticket27549_035_01_squashed' 2018-10-18 10:16:30 -04:00
David Goulet
3a8f32067d hs-v3: Consolidate descriptor cookie computation code
Both client and service had their own code for this. Consolidate into one
place so we avoid duplication.

Closes #27549

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 10:16:07 -04:00
Nick Mathewson
d1eac7830f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-18 09:12:58 -04:00
Nick Mathewson
e979a56bb6 Merge branch 'maint-0.3.5' 2018-10-18 09:12:58 -04:00
Taylor Yu
7f6c0fce46 Merge branch 'bug27800-034' into bug27800-035 2018-10-17 16:00:11 -05:00
Taylor Yu
4e7f65ee5d Merge branch 'bug27800-033' into tor-034 2018-10-17 15:42:58 -05:00
Taylor Yu
93fd924bdb Log more info for duplicate ed25519 IDs
Occasionally, key pinning doesn't catch a relay that shares an ed25519
ID with another relay.  Log the identity fingerprints and the shared
ed25519 ID when this happens, instead of making a BUG() warning.

Fixes bug 27800; bugfix on 0.3.2.1-alpha.
2018-10-17 15:39:55 -05:00
cypherpunks
a56451af42 evloop: fix docs for threadpool_register_reply_event
Commit 6a5f62f68f ultimately didn't
include the base argument, and the callback is named cb.
2018-10-17 20:27:19 +00:00
cypherpunks
f07ab5b95c evloop: fix docs
alert_sockets_t was moved in 544ab27a94.
2018-10-17 20:27:19 +00:00
Nick Mathewson
fd2e0ac1c3 Bump to 0.3.6.0-alpha-dev. 2018-10-17 14:46:38 -04:00
Nick Mathewson
389bae0e8b Bump to 0.3.5.3-alpha-dev 2018-10-17 14:46:00 -04:00
Roger Dingledine
df78a2730c merge in some fixes i found in a sandbox 2018-10-17 13:56:41 -04:00
Nick Mathewson
b1891068f1 Merge branch 'maint-0.3.4' 2018-10-17 13:02:23 -04:00
David Goulet
2000d04cb6 conn: Stop writing when our write bandwidth limist is exhausted
Commit 488e2b00bf introduced an issue, most
likely introduced by a bad copy paste, that made us stop reading on the
connection if our write bandwidth limit was reached.

The problem is that because "read_blocked_on_bw" was never set, the connection
was never reenabled for reading.

This is most likely the cause of #27813 where bytes were accumulating in the
kernel TCP bufers because tor was not doing reads. Only relays with
RelayBandwidthRate would suffer from this but affecting all relays connecting
to them. And using that tor option is recommended and best practice so many
many relays have it enabled.

Fixes #28089.
2018-10-17 12:25:12 -04:00
Nick Mathewson
d70ca3554e Bump to 0.3.5.3-alpha 2018-10-17 09:26:32 -04:00
Nick Mathewson
34cd1fc523 Merge remote-tracking branch 'tor-github/pr/406' 2018-10-16 21:33:38 -04:00
cypherpunks
2f0744b3e6 rust/tor_util: drop unsafe block in cstr!
This is unnecessary just to get an empty string, there's Default::default().

Fix on 8fff331bb0.
2018-10-17 00:16:21 +00:00
Nick Mathewson
63c5e09a40 Merge remote-tracking branch 'tor-github/pr/408' 2018-10-16 19:10:05 -04:00
Nick Mathewson
e97adaf8dc Argh. The unset value for OwningControllerFD is NOT -1. 2018-10-16 17:57:04 -04:00
Nick Mathewson
56a3cef4d7 Merge branch 'bug27849_redux' 2018-10-16 17:33:58 -04:00
Nick Mathewson
698629f5a9 Merge remote-tracking branch 'tor-github/pr/404' 2018-10-16 17:29:50 -04:00
Nick Mathewson
8a0b741487 Add a tor_free() in tor_gencert to fix a coverity warning 2018-10-16 17:18:46 -04:00
rl1987
7fd82a4570 One testcase for annotation handling in tokenize_string() 2018-10-16 18:04:54 +03:00
rl1987
f10d664fd1 Test AT_END checking in tokenize_string() 2018-10-16 18:04:54 +03:00
rl1987
1a4edceee9 Add testcase for too many elements in tokenize_string() input 2018-10-16 18:04:54 +03:00
rl1987
7c8bf2f7c7 Add testcase for too few elements in tokenize_string() input 2018-10-16 18:04:54 +03:00
rl1987
78c446af7e Unit-test multiple line parsing with tokenize_string() 2018-10-16 18:04:54 +03:00
rl1987
81731a290d Unit-test some error conditions in get_next_token() 2018-10-16 18:04:54 +03:00
rl1987
6c5ba2662a Test object parsing in get_next_token() 2018-10-16 18:04:54 +03:00
rl1987
38a7033d33 Fix memory management in test_parsecommon_get_next_token_parse_keys 2018-10-16 18:04:54 +03:00
rl1987
7764d6dfc9 Test RSA private key parsing with get_next_token() 2018-10-16 18:04:54 +03:00
rl1987
569d8d8cd7 Test-case for public key parsing using get_next_token() 2018-10-16 18:04:52 +03:00
rl1987
5c891dba77 Test argument concatenation in get_next_token() 2018-10-16 18:04:20 +03:00
rl1987
7829e3a868 First testcase for get_next_token() 2018-10-16 18:04:20 +03:00
rl1987
55412c4f3d Add new source file to test target 2018-10-16 18:04:17 +03:00
Neel Chauhan
f93ee8e4c4 Fix typo in comment for hs_cell_parse_introduce2() 2018-10-16 10:59:42 -04:00
David Goulet
b5731cdf2e mainloop: Set client role if ControlPort is set
It turns out that if _only_ the ControlPort is set and nothing else, tor would
simply not bootstrap and thus not start properly. Commit 67a41b6306
removed that requirement for tor to be considered a "client".

Unfortunately, this made the mainloop enable basically nothing if only the
ControlPort is set in the torrc.

This commit now makes it that we also consider the ControlPort when deciding
if we are a Client or not. It does not revert 67a41b6306 meaning
options_any_client_port_set() stays the same, not looking at the control port.

Fixes #27849.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-16 08:11:49 -04:00
Nick Mathewson
b7fbd1f329 Merge branch 'maint-0.3.4' 2018-10-16 08:04:34 -04:00
David Goulet
38599de2dd test: Update approx_time before the test starts
This way we have the same time source when the IP is created and tested later.

Fixes #27810

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-16 08:03:55 -04:00
Nick Mathewson
8b3ec74e5f Merge remote-tracking branch 'public/bug27990' 2018-10-16 08:02:01 -04:00
Nick Mathewson
11161395af Merge branch 'maint-0.3.4' 2018-10-15 12:52:54 -04:00
Nick Mathewson
633e99575f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 12:52:54 -04:00
Nick Mathewson
6b2ef2c559 Fix another tor_assert(0) case 2018-10-15 12:52:48 -04:00
Nick Mathewson
feed41bed3 Merge branch 'maint-0.3.4' 2018-10-15 12:47:46 -04:00
Nick Mathewson
d1ec7bb06e Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 12:47:46 -04:00
Nick Mathewson
86e0be421f Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-15 12:47:46 -04:00
Nick Mathewson
5b28190c67 Fix make check-spaces. 2018-10-15 12:47:19 -04:00
Nick Mathewson
23ce9a60fb Merge branch 'maint-0.3.4' 2018-10-15 10:48:35 -04:00
Nick Mathewson
3462f8ed64 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 10:48:35 -04:00
Nick Mathewson
796e36e535 Adjust tor_assert_unreached()
This version of the macro makes it obvious to the compiler that
"tor_assert_unreached()" will always abort().
2018-10-15 10:46:26 -04:00
Nick Mathewson
4983322cc7 Merge branch 'maint-0.3.4' 2018-10-15 10:37:53 -04:00
Nick Mathewson
fd528a0884 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-15 10:37:52 -04:00
Nick Mathewson
dff7d3d00a Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-15 10:37:49 -04:00
Nick Mathewson
b113399658 Merge branch 'bug27709_029' into maint-0.2.9 2018-10-15 10:34:39 -04:00
Nick Mathewson
5e582c7ffa Explain a bit more about branch prediction in the unit-test case 2018-10-15 10:16:34 -04:00
rl1987
89c4a3a0b6 Write a comment to explain may_need_rebind condition 2018-10-15 16:18:31 +03:00
rl1987
9bb00a74bc Refrain from listener rebinding when address families differ 2018-10-15 16:18:31 +03:00
Nick Mathewson
df2b46d18c Remove a double-newline and improve a comment 2018-10-14 15:33:39 -04:00
Nick Mathewson
2dccef0eb4 Merge branch 'bug27772_squashed' 2018-10-14 15:31:52 -04:00
Nick Mathewson
6925b61cfd Fix various GCC LTO warnings in the unit tests. 2018-10-14 15:25:16 -04:00
Nick Mathewson
7c8f20ba44 In tor_tls_get_my_certs(), set cert ptrs even on failure
Nothing should ever look at them on failure, but in some cases,
the unit tests don't check for failure, and then GCC-LTO freaks out.

Fixes part of 27772.
2018-10-14 15:25:16 -04:00
Nick Mathewson
dddecee291 Initialize some locals in socks5 parsing code.
These confused GCC LTO, which thought they might be used
uninitialized.  I'm pretty sure that as long as 'res' indicates
success, they will always be set to something, but let's unconfuse
the compiler in any case.
2018-10-14 15:25:16 -04:00
Nick Mathewson
370d9922a4 Use the correct function signatures in test_relaycell.c
This is now officially an antipattern: please let's never copy a
function declaration in two places again.  That's what headers are
for.
2018-10-14 15:25:16 -04:00
Nick Mathewson
965549aa07 Use assertions so GCC LTO doesn't worry about TLS channel conversion
Part of #27772
2018-10-14 15:25:16 -04:00
Nick Mathewson
67351f6724 Merge remote-tracking branch 'tor-github/pr/380' 2018-10-12 11:39:37 -04:00
Jay Bitron
b0c41e3ec2
Fix the missing unpack function in mmdb-convert.py 2018-10-10 14:12:53 -07:00
Nick Mathewson
267b8d16b1 Add timeval.h include to compat_pthreads.c for timeradd()
OpenSolaris apparently doesn't have timeradd(), so we added a
replacement, but we weren't including it here after the big
refactoring in 0.3.5.1-alpha.

Fixes bug 27963; bugfix on 0.3.5.1-alpha.
2018-10-10 12:19:56 -04:00
Nick Mathewson
a23c36ebcd Merge branch 'maint-0.3.4' 2018-10-10 11:34:49 -04:00
Nick Mathewson
e5fe8b0e3a Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-10 11:34:49 -04:00
Nick Mathewson
b057623bed Merge branch 'maint-0.2.9' into maint-0.3.3 2018-10-10 11:34:48 -04:00
Karsten Loesing
119df9c1c0 Update geoip and geoip6 to the October 9 2018 database. 2018-10-10 17:26:41 +02:00
Nick Mathewson
d3d6c59557 Add sys/time.h include back to procmon.c 2018-10-10 11:26:38 -04:00
Nick Mathewson
da86a70bd8 Merge remote-tracking branch 'tor-github/pr/384' 2018-10-10 09:24:48 -04:00
Nick Mathewson
7409aa58d1 Merge remote-tracking branch 'tor-github/pr/385' 2018-10-09 12:46:46 -04:00
Nick Mathewson
361eaa9931 Merge remote-tracking branch 'public/ticket27856' 2018-10-09 09:04:53 -04:00
Neel Chauhan
3cc089ce59 Add newline between hs_client_get_random_intro_from_edge() and hs_client_receive_introduce_ack() 2018-10-05 19:54:26 -04:00
rl1987
9d886185c1 Make sure we're removing conn from old_conns *once* 2018-10-03 15:51:59 +03:00
rl1987
2b146bdb9a Refrain from using SMARTLIST_DEL_CURRENT in retry_all_listeners 2018-10-03 15:31:49 +03:00
Alex Crichton
38d644c94b Remove rlib+staticlib configuration for Rust crates
Only the final crate needs to be a `staticlib`, no need for all the
intermediate steps to produce staticlibs!
2018-10-01 22:58:44 -07:00
Alex Crichton
757a2360a4 Remove [features] from workspace Cargo.toml
Unfortunately Cargo doesn't actually parse these! Cargo should probably
print a warning saying they're not used...
2018-10-01 22:57:38 -07:00
Alex Crichton
74c1e44746 Fix segfaults related to sanitizers+jemalloc
It looks to be the case that Rust's standard allocator, jemalloc, is
incompatible with sanitizers. The incompatibility, for whatever reason,
seems to cause segfaults at runtime when jemalloc is linked with
sanitizers.

Without actually trying to figure out what's going on here this commit
instead takes the hammer of "let's remove jemalloc when testing". The
`tor_allocate` crate now by default switches to the system allocator
(eventually this will want to be the tor allocator). Most crates then
link to `tor_allocate` ot pick this up, but the `smartlist` crate had to
manually switch to the system allocator in testing and the `external`
crate had to be sure to link to `tor_allocate`.

The final gotcha here is that this patch also switches to
unconditionally passing `--target` to Cargo. For weird and arcane
reasons passing `--target` with the host target of the compiler (which
Cargo otherwise uses as the default) is different than not passing
`--target` at all. This ensure that our custom `RUSTFLAGS` with
sanitizer options doesn't make its way into build scripts, just the
final testing artifacts.
2018-10-01 22:55:59 -07:00
Alex Crichton
6ebb2c46d5 Remove the link_rust.sh.in script
This is no longer necessary with upstream rust-lang/rust changes as well
as some local tweaks. Namely:

* The `-fsanitize=address`-style options are now passed via `-C
  link-args` through `RUSTFLAGS`. This obviates the need for the shell
  script.
* The `-C default-linker-libraries`, disabling `-nodefaultlibs`, is
  passed through `RUSTFLAGS`, which is necessary to ensure that
  `-fsanitize=address` links correctly.
* The `-C linker` option is passed to ensure we're using the same C
  compiler as normal C code, although it has a bit of hackery to only
  get the `gcc` out of `gcc -std=c99`
2018-10-01 22:50:08 -07:00
Nick Mathewson
43211c3a0c Merge remote-tracking branch 'public/bug27893' 2018-10-01 12:12:33 -05:00
Nick Mathewson
58299b2927 Merge remote-tracking branch 'public/bug27728' 2018-10-01 12:06:39 -05:00
Nick Mathewson
c4e29001c4 Fix a bug where we would crash on --version.
Bug not in any released Tor.

test-stem would have caught this.
2018-10-01 12:01:51 -05:00
Nick Mathewson
886dc8b0a5 Remove routerparse include from files that dont use it 2018-10-01 11:35:11 -05:00
Nick Mathewson
d199348664 Remove versions.h include from routerparse.h 2018-10-01 11:22:47 -05:00
Nick Mathewson
5f9839ee42 Remove unused headers from routerparse.c 2018-10-01 11:17:33 -05:00
Nick Mathewson
35db3f8162 Extract addr-policy parsing code. 2018-10-01 11:17:19 -05:00
Nick Mathewson
95e2eb9083 Move summarize_protover_flags to versions.c 2018-10-01 10:48:55 -05:00
Nick Mathewson
4201203845 extract networkstatus parsing to its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
cd23903427 Pull detached-signatures code into dirauth. 2018-10-01 10:46:00 -05:00
Nick Mathewson
2be35f4d61 Split microdescriptor parser into its own file. 2018-10-01 10:46:00 -05:00
Nick Mathewson
aff5bf5464 Remove addr_policy_assert_ok() as unused 2018-10-01 00:09:00 -05:00
Nick Mathewson
3100831762 Remove dump_distinct_digest_count()
It was disabled-by-default for ages, and it no longer compiles. I
think it's safe to call it obsolete.
2018-10-01 00:09:00 -05:00
Nick Mathewson
a77b2e984e Remove router_get_dir_hash as unused. 2018-10-01 00:09:00 -05:00
Nick Mathewson
82f4d3ca75 Move v2 hs parsing into feature/rend 2018-10-01 00:09:00 -05:00
Nick Mathewson
430ca38f70 Split the authority-cert and signature/hash code from routerparse 2018-10-01 00:09:00 -05:00
Nick Mathewson
2f5dc48699 Extract the version-managing code from routerparse.c
Leave the versions.h include in routerparse.h for now; I'll remove
it later.
2018-10-01 00:04:58 -05:00
Nick Mathewson
fec3b3bb93 Extract logic for dumping unparseable junk from routerparse.c 2018-10-01 00:04:58 -05:00
Nick Mathewson
6785aa4010 Move routerparse and parsecommon to their own module. 2018-10-01 00:04:06 -05:00
Nick Mathewson
b058f64cc0 Detect an unlikely integer overflow. 2018-09-27 16:30:02 -04:00
Nick Mathewson
9e65e7a36f Merge branch 'split_stats' 2018-09-27 16:26:06 -04:00
Nick Mathewson
9e1a3be064 Prevent duplicate initialization of NSS DH module
Allowing this didn't do any actual harm, since there aren't any
shared structures or leakable objects here.  Still, it's bad style
and might cause trouble in the future.

Closes ticket 27856.
2018-09-27 13:26:47 -04:00
Nick Mathewson
d0b2b5a202 Always initialize the periodic events list.
Various places in our code try to activate these events or check
their status, so we should make sure they're initialized as early as
possible.  Fixes bug 27861; bugfix on 0.3.5.1-alpha.
2018-09-27 13:24:36 -04:00
Nick Mathewson
8812f562a0 Fix a memory leak in --dump-config
When freeing a configuration object from confparse.c in
dump_config(), we need to call the appropriate higher-level free
function (like or_options_free()) and not just config_free().

This only happens with options (since they're the one where
options_validate allocates extra stuff) and only when running
--dump-config with something other than minimal (since
OPTIONS_DUMP_MINIMAL doesn't hit this code).

Fixes bug 27893; bugfix on 0.3.2.1-alpha.
2018-09-27 13:05:19 -04:00
Nick Mathewson
316453065d Mark a variable static. 2018-09-27 11:59:39 -04:00
Nick Mathewson
34402ece8c geoip: fix windows compilation 2018-09-27 11:02:58 -04:00
Nick Mathewson
c8f2a6d2fe Extract the non-stats part of geoip into a new src/lib/geoip. 2018-09-27 10:26:01 -04:00
Nick Mathewson
fa32574bdb Remove excess dependencies from geoip.c 2018-09-27 10:15:39 -04:00
Nick Mathewson
f403af2207 Split geoip from geoip-related stats.
This commit just moves the code to two separate files. The geoip
code still has a few needless dependencies on core/* and features/*.
2018-09-27 09:36:52 -04:00
Nick Mathewson
79208ee852 Move the n_v3_ns_requests field out of geoip_country_t
This is preparation for splitting geoip.c into stats and non-stats
portions.
2018-09-27 09:04:08 -04:00
Nick Mathewson
241c1505cc Move the predicted ports code out of rephist.c
It differs from the rest of the rephist code in that it's actually
necessary for Tor to operate, so it should probably go somewhere
else.  I'm not sure where yet, so I'll leave it in the same
directory, but give it its own file.
2018-09-27 08:21:17 -04:00
Nick Mathewson
de0b07c634 Merge branch 'router_split' 2018-09-26 09:47:59 -04:00
Nick Mathewson
5e5e019b31 Merge remote-tracking branch 'dgoulet/bug27550_035_01' 2018-09-26 08:36:09 -04:00
Nick Mathewson
5fe05de4fe Remove extra includes from router.c 2018-09-25 18:33:13 -04:00
Nick Mathewson
4f0bc0c8f5 Revise things that had included router.h before
Make them only include the headers that they needed, and sort their
headers while we're at it.
2018-09-25 17:57:58 -04:00
Nick Mathewson
3ff58e47d2 Move the "is the network disabled?" functions out of router.c
Since this is completely core functionality, I'm putting it in
core/mainloop, even though it depends on feature/hibernate. We'll
have to sort that out in the future.
2018-09-25 17:22:14 -04:00
Nick Mathewson
b8df2318e9 Move routerinfo_t functions out of router.c
(It turns out that some of the functions in router.h didn't even
exist any more, so I just got to delete their declarations completely.)
2018-09-25 16:48:00 -04:00
Nick Mathewson
efa978124f Extract nickname-checking functions from router.c 2018-09-25 16:22:11 -04:00
Nick Mathewson
5c86f3c297 Move the various _describe() functions out of router.c
Note that I haven't separated the headers yet (there's still an
2018-09-25 16:13:47 -04:00
Nick Mathewson
fcd0f76134 Extract all the "am I a server" functions from router.c 2018-09-25 16:00:50 -04:00
Nick Mathewson
70539e3d5e Move all authdir_mode_*() functions into authmode.h 2018-09-25 15:39:24 -04:00
Nick Mathewson
9385b7ec5f Rename dirauth/mode.h to dirauth/authmode.h
This is preparation for having a routermode.h as well
2018-09-25 15:18:21 -04:00
Nick Mathewson
8a350e088b Move self-test functionality into its own file. 2018-09-25 15:14:57 -04:00
Nick Mathewson
934859cf80 Move key-loading and crosscert-checking out of feature/relay
This is also used by onion services, so it needs to go in another
module.
2018-09-25 15:14:57 -04:00
cypherpunks
5e74db95c2 rust: run rustfmt 2018-09-24 18:00:56 +00:00
David Goulet
18085abfcc hs-v3: Silence some logging for client authorization
If a tor client gets a descriptor that it can't decrypt, chances are that the
onion requires client authorization.

If a tor client is configured with client authorization for an onion but
decryption fails, it means that the configured keys aren't working anymore.

In both cases, we'll log notice the former and log warn the latter and the
rest of the decryption errors are now at info level.

Two logs statement have been removed because it was redundant and printing the
fetched descriptor in the logs when 80% of it is encrypted wat not helping.

Fixes #27550

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-24 12:49:00 -04:00
Nick Mathewson
9767cf8cc0 Merge branch 'bug26913_033' 2018-09-24 11:17:09 -04:00
Nick Mathewson
6c739c3fb2 Fix arm compilation with openssl <1.1
Bug 27781; bugfix on 0.3.5.1-alpha.
2018-09-24 11:11:29 -04:00
Nick Mathewson
f57d8722e0 Fix the 0.3.4 part of bug 27781 (arm compilation)
Because with arm on OpenSSL <1.1 we don't define USE_EVP_AES_CTR, we
need to include crypto_util.h here.
2018-09-24 11:08:27 -04:00
Nick Mathewson
78295904f7 Merge branch 'ticket26744' 2018-09-24 10:56:50 -04:00
cypherpunks
b91bc1babc rust/protover: remove redundant ExceedsMax checks
This is already checked elsewhere.
2018-09-24 14:30:43 +00:00
Nick Mathewson
ae0cb94b69 Initialize mainloop events earlier, since other stuff may run them.
Fixes a stem test failure; bugfix on c7ce6b9821. Bug
not in any released Tor.
2018-09-22 17:40:04 -04:00
Nick Mathewson
7d9bea6a77 But, actually move systemd_watchdog_timer free into mainloop.c 2018-09-21 16:49:20 -04:00
Nick Mathewson
7eea45c5c4 Move systemd_watchdog_timer free into mainloop.c 2018-09-21 16:46:17 -04:00
Nick Mathewson
08d934b3fe Missing include in ntmain.c 2018-09-21 16:32:14 -04:00
Nick Mathewson
169f238c23 Merge remote-tracking branch 'onionk/protover-rust1' 2018-09-21 16:28:32 -04:00
cypherpunks
5c0dd1aa90 move protover_rust.c to core/or/
Missed in 667a6e8fe9.
2018-09-21 20:14:53 +00:00
Nick Mathewson
63e08f56b8 Merge remote-tracking branch 'tor-github/pr/365' 2018-09-21 16:13:59 -04:00
Nick Mathewson
7ed7fe230b Add an include to get --disable-module-dirauth happy again 2018-09-21 15:03:42 -04:00
Nick Mathewson
b7bd162af7 Merge remote-tracking branch 'dgoulet/ticket27774_035_03' 2018-09-21 13:02:12 -04:00
Nick Mathewson
194acfb51d Split directory.c code into several modules
Parts of this C file naturally belong in dircache, dirclient, and
dircommon: so, move them there.
2018-09-21 12:57:22 -04:00
Nick Mathewson
0e4c42a912 Merge remote-tracking branch 'ahf-github/asn/bugs4700_2' 2018-09-21 09:40:16 -04:00
Nick Mathewson
9399c579e5 Merge branch 'split_mainloop_onion' 2018-09-21 09:37:23 -04:00
Nick Mathewson
9b0a17a74f Merge branch 'maint-0.3.4' 2018-09-21 09:36:31 -04:00
Nick Mathewson
e818a71905 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-21 09:35:54 -04:00
Nick Mathewson
2cadd93cea Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-21 09:35:51 -04:00
Nick Mathewson
5b04392c15 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-21 09:35:23 -04:00
Nick Mathewson
96d1f2e6d0 Merge remote-tracking branch 'dgoulet/ticket27797_035_01' 2018-09-21 09:33:03 -04:00
Nick Mathewson
c7ce6b9821 Split main.c into main.c and mainloop.c
The main.c code is responsible for initialization and shutdown;
the mainloop.c code is responsible for running the main loop of Tor.

Splitting the "generic event loop" part of mainloop.c from the
event-loop-specific part is not done as part of this patch.
2018-09-21 09:14:06 -04:00
Nick Mathewson
98ef3e82e4 Move the non-crypto parts of onion.c out of src/core/crypto
The parts for handling cell formats should be in src/core/or.

The parts for handling onionskin queues should be in src/core/or.

Only the crypto wrapper belongs in src/core/crypto.
2018-09-21 09:14:05 -04:00
Nick Mathewson
55122bfe04 Bump to 0.3.5.2-alpha-dev 2018-09-21 09:11:33 -04:00
David Goulet
49e4bda50b fixup! hs-v3: Silence some logging for client authorization 2018-09-21 08:52:47 -04:00
David Goulet
79265a6fb6 hs-v3: Don't BUG() if the RP node_t is invalid client side
When sending the INTRODUCE1 cell, we acquire the needed data for the cell but
if the RP node_t has invalid data, we'll fail the send and completely kill the
SOCKS connection.

Instead, close the rendezvous circuit and return a transient error meaning
that Tor can recover by selecting a new rendezvous point. We'll also do the
same when we are unable to encode the INTRODUCE1 cell for which at that point,
we'll simply take another shot at a new rendezvous point.

Fixes #27774

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-21 08:44:12 -04:00
Nick Mathewson
63219eda8a Put dirlist_free_all back in routerlist_free_all for unit tests 2018-09-21 08:10:39 -04:00
rl1987
d40b0e73c2 Check Python version in test_rebind.py 2018-09-21 10:57:41 +03:00
rl1987
81199eaf0e Remove misleading first line in test_rebind.py
test_rebind.py actually does not require Python 3.

Bugfix on 5a11670fcaad0a58de48425ba80510effbe35628; bug not in any
Tor release.
2018-09-21 10:57:41 +03:00
cypherpunks
42558df7c8 rust/protover: return C-allocated string in protover_all_supported()
The result of CString::into_raw() is not safe to free
with free() except under finicky and fragile circumstances
that we definitely don't meet right now.

This was missed in be583a34a3.
2018-09-21 05:16:22 +00:00
cypherpunks
db89b4b152 rust/protover: fix null deref in protover_all_supported()
Fortunately with the current callers it couldn't happen in practice.

Fix on d1820c1516.
2018-09-21 04:57:26 +00:00
Nick Mathewson
1a85ac8c2d Bump to 0.3.5.2-alpha 2018-09-20 16:36:07 -04:00
Nick Mathewson
e7ac8fabcc Merge remote-tracking branch 'dgoulet/ticket27410_035_01' 2018-09-20 16:22:16 -04:00
Nick Mathewson
2ed0d240e8 Merge remote-tracking branch 'dgoulet/ticket27410_032_01' 2018-09-20 16:22:02 -04:00
Alexander Færøy
8ecaf41003 Support 'none' in torrc for HiddenServiceExportCircuitID.
See: https://bugs.torproject.org/4700
2018-09-20 20:59:42 +02:00
Nick Mathewson
813019cc57 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:41:44 -04:00
Nick Mathewson
1da9741bca Remove another needless typedef 2018-09-20 14:34:44 -04:00
Nick Mathewson
a406255cf3 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:19:47 -04:00
Nick Mathewson
72e30f26ec Fix a pair of errors in bug23512 2018-09-20 14:18:09 -04:00
Nick Mathewson
4e2028152d Fix an NSS socket leak-on-error found by dgoulet 2018-09-20 13:53:04 -04:00
Nick Mathewson
d6c564e09a Use the correct macro to detect an invalid socket in tortls_nss.c
Fixes bug 27782; bugfix on 0.3.5.1-alpha
2018-09-20 12:55:31 -04:00
Nick Mathewson
62b709bc26 Release ownership of the dummy socket that tortls_nss.c will close
Related to #27795 -- since NSS will close the socket, we must not
count it as owned by Tor.
2018-09-20 12:53:39 -04:00
Nick Mathewson
f25323fe3f Fix socket accounting with ORConn sockets.
When we close a socket via tor_tls_free(), we previously had no way
for our socket accounting logic to learn about it.  This meant that
the socket accounting code would think we had run out of sockets,
and freak out.

Fixes bug 27795; bugfix on 0.3.5.1-alpha.
2018-09-20 12:52:29 -04:00
Nick Mathewson
1c1e84281d Add a tor_release_socket_ownership() function. 2018-09-20 12:46:47 -04:00
Nick Mathewson
bd6007d898 Merge branch 'split_routerlist_dirserv_v2' 2018-09-20 11:07:50 -04:00
Nick Mathewson
b54a5e704f Split most of dirserv.c into several new modules
In dirauth:
  * bwauth.c reads and uses bandwidth files
  * guardfraction.c reads and uses the guardfraction file
  * reachability.c tests relay reachability
  * recommend_pkg.c handles the recommended-packages lines.
  * recv_descs.c handles fingerprint files and processing incoming
    routerinfos that relays upload to us
  * voteflag.c computes flag thresholds and sets those thresholds on
    routerstatuses when computing votes

In control:
  * fmt_serverstatus.c generates the ancient "v1 server status"
    format that controllers expect.

In nodelist:
  * routerstatus_fmt.c formats routerstatus entries for a consensus,
    a vote, or for the controller.
2018-09-20 11:07:42 -04:00
David Goulet
fa6d5dd268 hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 11:01:23 -04:00
Nick Mathewson
1f377e910f Merge branch 'maint-0.3.4' 2018-09-20 10:43:08 -04:00
Nick Mathewson
163230e240 Merge remote-tracking branch 'github/bug27139_034' into maint-0.3.4 2018-09-20 10:43:05 -04:00
David Goulet
e3713f17fb node: Make node_supports_v3_rendezvous_point() also check for the key
It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 08:50:27 -04:00
Nick Mathewson
08e3b88f07 Split routerlist.c into 4 separate modules
There are now separate modules for:
    * the list of router descriptors
    * the list of authorities and fallbacks
    * managing authority certificates
    * selecting random nodes
2018-09-19 17:08:57 -04:00
David Goulet
cb81a69f90 test: hs-v3 desc has arrived unit test
That unit test makes sure we don't have pending SOCK request if the descriptor
turns out to be unusable.

Part of #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
David Goulet
f4f809fe3d hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
Nick Mathewson
119159677b Comment fix. 2018-09-18 16:44:24 -04:00
Nick Mathewson
88a93ccc7b Merge branch 'ticket27686_035' 2018-09-18 16:40:30 -04:00
Nick Mathewson
6d33f65638 Use the correct function signatures in test_relaycell.c
This is now officially an antipattern: please let's never copy a
function declaration in two places again.  That's what headers are
for.
2018-09-18 15:51:11 -04:00
Nick Mathewson
7ace8d5a61 Assert that some trunnel _new() functions return non-NULL
The trunnel functions are written under the assumption that their
allocators can fail, so GCC LTO thinks they might return NULL.  In
point of fact, they're using tor_malloc() and friends, which can't
fail, but GCC won't necessarily figure that out.

Fixes part of #27772.
2018-09-18 14:43:57 -04:00
Nick Mathewson
620108ea77 Assert that we aren't returning a pointer to a local variable.
GCC got confused here with LTO enabled.

Fixes part of #27772.
2018-09-18 14:34:49 -04:00
Nick Mathewson
ea5792f333 Make crypto_strongest_rand() non-mockable
Instead, have it call a mockable function.  We don't want
crypto_strongest_rand() to be mockable, since doing so creates a
type error when we call it from ed25519-donna, which we do not build
in a test mode.

Fixes bug 27728; bugfix on 0.3.5.1-alpha
2018-09-18 12:40:18 -04:00
teor
7bf9c93ab3 Merge remote-tracking branch 'nickm/bug27741_033' into bug27741_035
Resolve conflicts due to rustfmt, and run rustfmt on the merged code.
2018-09-18 23:32:57 +10:00
Nick Mathewson
50367d06f2 Merge remote-tracking branch 'tor-github/pr/352' 2018-09-18 08:44:58 -04:00
Nick Mathewson
52191064ac Merge branch 'maint-0.3.4' 2018-09-18 08:33:13 -04:00
Nick Mathewson
2ddbaf9cdc Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-18 08:31:14 -04:00
Nick Mathewson
75b95e1c8e Merge remote-tracking branch 'onionk/rust-allsupported1' into maint-0.3.3 2018-09-18 08:31:08 -04:00
Nick Mathewson
4199c8b2d0 Merge remote-tracking branch 'github/bug27073_029' 2018-09-18 08:16:42 -04:00
Nick Mathewson
9252814646 Merge remote-tracking branch 'tor-github/pr/344' 2018-09-18 08:15:02 -04:00
Nick Mathewson
50001d1c5b Merge remote-tracking branch 'asn-github/bug27764' 2018-09-18 08:10:25 -04:00
Nick Mathewson
7ca0f66b82 Bump to 0.3.5.1-alpha-dev 2018-09-18 07:52:27 -04:00
George Kadianakis
43324b0e4d Fix minor memleak in edge-case of crypto_rsa.c function. 2018-09-18 14:01:15 +03:00
Mike Perry
8a83c4b613 Merge branch 'bug23512-v4-033' into bug23512-v4-master 2018-09-18 00:17:14 +00:00
Mike Perry
ad10cafd9f Bug 23512: Test fix: cmux is now allocated by new_fake_channel() 2018-09-17 23:31:48 +00:00
Mike Perry
72cef61028 Merge branch 'bug23512-v4-032' into bug23512-v4-033 2018-09-17 23:31:34 +00:00
Mike Perry
dd15998d28 Remove duplicate TLS define from kist code.
Duplicate comes from introducing this define into 0.2.9, which did not yet
have KIST.
2018-09-17 23:21:58 +00:00
Mike Perry
dfd3823047 Bug 23512: Mock assert_circuit_ok in tests.
This mocking was not available in 0.2.9.
2018-09-17 23:12:53 +00:00
Mike Perry
36e81e1f59 Merge branch 'bug23512-v4-029' into bug23512-v4-032 2018-09-17 23:12:45 +00:00
Mike Perry
6af352172d Bug 23512: Test recording bytes in circ queues. 2018-09-17 22:24:25 +00:00
Mike Perry
bbaa398d26 Bug 23512: Report queued cells on or circs as written.
This avoids asymmetry in our public relay stats, which can be exploited for
guard discovery and other attacks.
2018-09-17 22:19:42 +00:00
Mike Perry
7dc435e6bc Promote rep_hist bw functions to uint64_t.
The rest of rephist uses uint64_t internally. Let's make these take it too,
so we don't have to worry about overflowing size_t on 32 bit systems.
2018-09-17 22:19:05 +00:00
Nick Mathewson
80ad15921c Remove extraneous argument from Rust protover_compute_vote()
This argument was added to match an older idea for the C api, but we
decided not to do it that way in C.

Fixes bug 27741; bugfix on 0.3.3.6 / TROVE-2018-005 fix.
2018-09-17 11:57:56 -04:00
Nick Mathewson
4fd761a418 Make CacheDirectoryGroupReadable an autobool.
Since the default cache directory is the same as the default data
directory, we don't want the default CacheDirectoryGroupReadable
value (0) to override an explicitly set "DataDirectoryGroupReadable
1".

To fix this, I'm making CacheDirectoryGroupReadable into an
autobool, and having the default (auto) value mean "Use the value of
DataDirectoryGroupReadable if the directories are the same, and 0
otherwise."

Fixes bug 26913; bugfix on 0.3.3.1-alpha when the CacheDirectory
option was introduced.
2018-09-17 11:44:59 -04:00
Nick Mathewson
f606b3cfd1 Lower the maximum size of a private key file to 16 MB
This shouldn't be a user-visible change: nobody has a 16 MB RSA
key that they're trying to use with Tor.

I'm doing this to fix CID 1439330 / ticket 27730, where coverity
complains (on 64-bit) that we are making a comparison that is never
true.
2018-09-17 11:08:56 -04:00
Nick Mathewson
307275a5e4 Bump to 0.3.5.1-alpha 2018-09-17 09:12:42 -04:00
Nick Mathewson
b729bc202c Add tortls.h includes to expose critical macro. Fix #27734. 2018-09-16 22:08:02 -04:00
Nick Mathewson
a8ac21fbb5 Don't try to link C from rust doctests for nss detection
This is really annoying, since we can't use cfg(test) for doctests.
2018-09-16 14:34:31 -04:00
Nick Mathewson
078debb0de Merge branch 'bug25573-034-typefix' 2018-09-16 13:46:12 -04:00
Nick Mathewson
7fd61cf536 Fix duplicate declaration of pathbias_count_valid_cells. 2018-09-16 13:45:43 -04:00
Nick Mathewson
991bec67ee When Tor is compiled with NSS, don't claim support for LinkAuth=1
Closes ticket 27288
2018-09-16 13:28:29 -04:00
traumschule
863e2fcb48 Update description of onion_extend_cpath() (#27333) 2018-09-16 04:01:17 +02:00
cypherpunks
1ed5e009cb rust/protover: reject extra commas
The C implementation had gotten this wrong too, in a slightly different way.

Introduced in 5af03c1ef3.

Fixes #27197; bugfix on 0.3.3.3-alpha.
2018-09-15 23:19:31 +00:00
Alexander Færøy
3477a73af9 Add proxy headers as early as possible.
This patch moves the logic that adds the proxy headers to an earlier
point in the exit connection lifetime, which ensures that the
application data cannot be written to the outbuf before the proxy header
is added.

See: https://bugs.torproject.org/4700
2018-09-15 22:17:57 +02:00
Alexander Færøy
9b511dc5d6 Change HiddenServiceExportCircuitID to take a string parameter: the protocol.
This patch changes HiddenServiceExportCircuitID so instead of being a
boolean it takes a string, which is the protocol. Currently only the
'haproxy' protocol is defined.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
Alexander Færøy
8f085841ef Encode the 32-bit Global Identifier as 2 x 16-bit in the IPv6 address.
Without this patch we would encode the IPv6 address' last part as
::ffffffff instead of ::ffff:ffff when the GID is UINT32_MAX.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
George Kadianakis
b2092f1ced Add unittest for HiddenServiceExportCircuitID.
Had to move a function to test helpers.
2018-09-15 16:52:32 +03:00
George Kadianakis
6069185bcc Save original virtual port in edge conn HS ident. 2018-09-15 16:32:24 +03:00
George Kadianakis
5d34a8cbbb Improve export_hs_client_circuit_id() function.
- Change default values.
- Beautify.
- Documentation.
2018-09-15 16:32:23 +03:00
George Kadianakis
27d7491f5a Introduce per-service HiddenServiceExportCircuitID torrc option.
Moves code to a function, better viewed with --color-moved.
2018-09-15 16:31:22 +03:00
Nick Mathewson
035166e7bf Add a missing function for windows 2018-09-14 15:02:11 -04:00
Nick Mathewson
af39649aad Explicitly ignore BIO_set_close() return val to fix #27711 2018-09-14 13:09:10 -04:00
Nick Mathewson
4bdba5fa4b Merge branch 'maint-0.3.4' 2018-09-14 12:56:31 -04:00
Nick Mathewson
6f47734ea8 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-14 12:56:30 -04:00
Nick Mathewson
a546e07600 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-14 12:56:30 -04:00
David Goulet
0971b3ce4d hs-v3: Don't BUG() on directory permission check failure
In hs_config.c, we do validate the permission of the hidden service directory
but we do not try to create it. So, in the event that the directory doesn't
exists, we end up in the loading key code path which checks for the
permission and possibly creates the directory. On failure, don't BUG() since
there is a perfectly valid use case for that function to fail.

Fixes #27335

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-14 12:56:26 -04:00
Nick Mathewson
6e940829cc Merge remote-tracking branch 'dgoulet/ticket27040_035_01' 2018-09-14 12:54:13 -04:00
Nick Mathewson
79f8641ee5 Merge branch 'nss_countbytes_squashed' 2018-09-14 12:45:30 -04:00
Nick Mathewson
ac93c911ce Allow malloc includes in tls library 2018-09-14 12:44:56 -04:00
Nick Mathewson
126819c947 Add support for lower-level byte counting with NSS
This is harder than with OpenSSL, since OpenSSL counts the bytes on
its own and NSS doesn't.  To fix this, we need to define a new
PRFileDesc layer that has its own byte-counting support.

Closes ticket 27289.
2018-09-14 12:44:56 -04:00
David Goulet
33c99cf565 hs-v2: Demote log warning to info when we don't have a consensus
Fixes #27040

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-14 12:04:01 -04:00
Nick Mathewson
bb465be085 Revise our assertion and bug macros to work with -Wparentheses
On GCC and Clang, there's a feature to warn you about bad
conditionals like "if (a = b)", which should be "if (a == b)".
However, they don't warn you if there are extra parentheses around
"a = b".

Unfortunately, the tor_assert() macro and all of its kin have been
passing their inputs through stuff like PREDICT_UNLIKELY(expr) or
PREDICT_UNLIKELY(!(expr)), both of which expand to stuff with more
parentheses around "expr", thus suppressing these warnings.

To fix this, this patch introduces new macros that do not wrap
expr.  They're only used when GCC or Clang is enabled (both define
__GNUC__), since they require GCC's "({statement expression})"
syntax extension.  They're only used when we're building the
unit-test variant of the object files, since they suppress the
branch-prediction hints.

I've confirmed that tor_assert(), tor_assert_nonfatal(),
tor_assert_nonfatal_once(), BUG(), and IF_BUG_ONCE() all now give
compiler warnings when their argument is an assignment expression.

Fixes bug 27709.

Bugfix on 0.0.6, where we first introduced the "tor_assert()" macro.
2018-09-14 11:39:37 -04:00
cypherpunks
5c47f725b0 rust/protover: delete ProtoSet::retain
As the comment noted, it was horribly inefficient.
2018-09-14 15:10:22 +00:00
cypherpunks
c613d55134 rust/protover: use .and_not_in() instead of .retain() in all_supported()
.retain() would allocating a Vec of billions of integers and check them
one at a time to separate the supported versions from the unsupported.
This leads to a memory DoS.

Closes ticket 27206. Bugfix on e6625113c9.
2018-09-14 15:08:55 +00:00
cypherpunks
578f7326ed rust/protover: add ProtoSet::and_not_in()
This is a way more efficient version of retain().
2018-09-14 15:08:54 +00:00
Nick Mathewson
8f689e0eb2 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-14 10:48:01 -04:00
Nick Mathewson
7e406ec40f Merge branch 'maint-0.3.4' 2018-09-14 10:48:01 -04:00
Nick Mathewson
281854bab7 If options_act() fails, restore the previous value of global_options
Before 0.3.3.1-alpha, we would exit() in this case immediately.  But
now that we leave tor_main() more conventionally, we need to make
sure we restore things so as not to cause a double free.

Fixes bug 27708; bugfix on 0.3.3.1-alpha.
2018-09-14 10:34:45 -04:00
Nick Mathewson
0e4fcd3996 Merge branch 'nss_27664' 2018-09-14 10:24:46 -04:00
Nick Mathewson
e43ae24e7d Merge branch 'nss_27451' 2018-09-14 10:22:38 -04:00
Nick Mathewson
eaeb4c1082 Fix compilation of 27686 on master. 2018-09-14 10:22:11 -04:00
Nick Mathewson
994de7db53 Merge branch 'ticket27686_034' into x 2018-09-14 10:16:44 -04:00
Nick Mathewson
ab92f93421 Teach the OOM module to handle half-open stream info. #27686 2018-09-14 10:16:27 -04:00
Nick Mathewson
1ca03633fe Tweak message; only log it on a relay. 2018-09-14 09:32:39 -04:00
Nick Mathewson
12320e7f3e Merge remote-tracking branch 'neel/b21530' 2018-09-14 09:27:03 -04:00
Nick Mathewson
82b1282772 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-14 09:25:34 -04:00
Nick Mathewson
84e3ada71b Merge remote-tracking branch 'onionk/rust-protokeyword1-035' 2018-09-14 09:25:31 -04:00
Nick Mathewson
bb012d7941 Merge remote-tracking branch 'tor-github/pr/329' 2018-09-14 09:22:23 -04:00
Nick Mathewson
b67f3b751a Merge branch 'ticket27247' 2018-09-14 09:14:12 -04:00
Nick Mathewson
6e5e1be737 Make circuitmux ewma timing test more tolerant on 32bit osx
Since we use a 32-bit approximation for millisecond conversion here,
we can't expect so much precision.

Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
2018-09-14 08:40:12 -04:00
Nick Mathewson
f02e8b5944 Avoid integer overflow on fast 32-bit millisecond conversion.
Multiply-then-divide is more accurate, but it runs into trouble when
our input is above INT32_MAX/numerator.  So when our value is too
large, do divide-then-multiply instead.

Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
2018-09-14 08:39:45 -04:00
Nick Mathewson
4eabc6db47 Use a slightly more accurate formula for OSX 32-bit msec conversion
We use an optimized but less accurate formula for converting coarse
time differences to milliseconds on 32-bit OSX platforms, so that we
can avoid 64-bit division.

The old numbers were off by 0.4%.  The new numbers are off by .006%.

This should make the unit tests a bit cleaner, and our tolerances a
bit closer.
2018-09-14 08:35:06 -04:00
Nick Mathewson
88c9730817 Re-order includes to expose intptr_t to tor_api_internal.h 2018-09-14 07:11:37 -04:00
cypherpunks
bf9dc697fa Merge branch 'rust-protokeyword1-034' into rust-protokeyword1-035 2018-09-14 02:33:59 +00:00
cypherpunks
574d59c640 Merge branch 'rust-protokeyword1' into rust-protokeyword1-034 2018-09-14 02:26:31 +00:00
cypherpunks
e24195c7c1 protover: reject invalid protocol names
The spec only allows the characters [A-Za-z0-9-].

Fix on b2b2e1c7f2.
Fixes #27316; bugfix on 0.2.9.4-alpha.
2018-09-14 02:18:04 +00:00
Neel Chauhan
2c093c96b2 Add log message for Tor being non-exit by default 2018-09-13 21:50:06 -04:00
Nick Mathewson
7a0ff5beb2 In conditionvar_timeout test, wait for threads to timeout
Previously we just waited 200msec, which was not enough on slow/busy
systems.

Fixes bug 27073; bugfix on 0.2.6.3-alpha when the test was introduced.
2018-09-13 20:47:41 -04:00
Nick Mathewson
d8280216c0 Include torint.h in socketpair.c for intptr_t definition. 2018-09-13 17:54:26 -04:00
Nick Mathewson
92357a07bd Fix a 32-bit off_t/size_t warning in crypto_rsa.c
Bug not in any released Tor.
2018-09-13 17:49:39 -04:00
Nick Mathewson
83b8a76f0c Fix a shadowed-global warning in geoip.c
Bugfix on 5ab2110eb6b4ae9082430081cb2800018cf0dcd6; bug not in any
released Tor.
2018-09-13 17:48:33 -04:00
Nick Mathewson
b943721b2a Merge branch 'bug27224_take2_squashed' 2018-09-13 16:43:06 -04:00
rl1987
1e77376e1a Avoid calling node_get_all_orports() from node_is_a_configured_bridge()
All node_get_all_orports() does is allocate and return a smartlist
with at most two tor_addr_port_t members that match ORPort's of
node configuration. This is harmful for memory efficiency, as it
allocates the same stuff every time it is called. However,
node_is_a_configured_bridge() does not need to call it, as it
already has all the information to check if there is configured
bridge for a given node.

The new code is arranged in a way that hopefully makes each succeeding
linear search through bridge_list less likely.
2018-09-13 16:38:33 -04:00
Nick Mathewson
874eca6a8c Add a test case with a matching ip but mismatched identity. 2018-09-13 16:38:33 -04:00
rl1987
9741921094 Unit tests for ticket 27224.
Since this is a refactoring ticket, these tests should pass before
and after the changes are made.
2018-09-13 16:25:14 -04:00
Nick Mathewson
85aba48a66 Merge branch 'bug26470_032' 2018-09-13 13:53:42 -04:00
Mike Perry
efa2075670 Ticket #27678: Emit CIRC_BW events immediately for dropped cells.
We determine that a cell was dropped by inspecting CIRC_BW fields. If we did
not update the delivered or overhead fields after processing the cell, the
cell was dropped/not processed.

Also emit CIRC_BW events for cases where we decide to close the circuit in
this function, so vanguards can print messages about dropped cells in those
cases, too.
2018-09-13 17:45:45 +00:00
Mike Perry
80ffedd3ca Control port call to emit a CIRC_BW event for a single circuit.
This commit only moves code. No functionality has been changed.
2018-09-13 17:44:56 +00:00
Nick Mathewson
2d05500a1e Merge remote-tracking branch 'UntoSten/inform-about-conf-includes' 2018-09-13 13:35:59 -04:00
Nick Mathewson
787da5185c Merge remote-tracking branch 'onionk/strcmpstart1' 2018-09-13 13:30:53 -04:00
Nick Mathewson
e8b81d7dc5 Merge branches 'bug27684' and 'bug27685' 2018-09-13 13:09:57 -04:00
Nick Mathewson
15596f6c0c Fix a memory leak in tortls/openssl/try_to_extract_certs_from_tls
Since this is an "intrusive" test, it only shows up for openssl <1.1

This is a bugfix on 0.3.5.x; bug not in any released Tor.
2018-09-13 12:47:42 -04:00
Nick Mathewson
d28018ea1e Fix a memory leak in tortls/openssl/context_new test.
Bugfix on 0.3.5.x; bugfix not on any released Tor.
2018-09-13 12:43:37 -04:00
cypherpunks
7c26f88fd7 rust/protover: validate unknown protocol names use only allowed characters 2018-09-13 16:33:58 +00:00
Nick Mathewson
9697c2da46 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-13 11:46:04 -04:00
Nick Mathewson
3ddfd5ff25 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-13 11:46:04 -04:00
Nick Mathewson
8253428253 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-13 11:46:04 -04:00
Nick Mathewson
d44eb16b23 Merge branch 'maint-0.3.4' 2018-09-13 11:46:04 -04:00
Nick Mathewson
75d6609eb1 Run crypto_prefork() before start_daemon().
Without this, RunAsDaemon breaks NSS.

Fixes bug 27664; bug not in any released Tor.
2018-09-13 08:58:28 -04:00
David Goulet
4b646e30d8 conn: Fix memleaks in retry_all_listeners
Fixes #27670

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-12 17:51:56 -04:00
Nick Mathewson
fed2c26e60 Report UNIX connection addresses that we opened correctly.
This is an aside on ticket27670.
2018-09-12 17:42:24 -04:00
Nick Mathewson
f308e81fa7 Merge branch 'maint-0.3.4' 2018-09-12 17:25:40 -04:00
Nick Mathewson
f8d5fb42a3 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-12 17:24:41 -04:00
Nick Mathewson
b4f20ec8a6 Merge remote-tracking branch 'tor-github/pr/280' 2018-09-12 16:13:23 -04:00
Nick Mathewson
9f5f67bda2 Use tor_tls_release_socket() to avoid double-closed sockets on NSS
Closes ticket 27451; bug not in any released Tor.
2018-09-12 11:32:15 -04:00
Nick Mathewson
ae5692994f Add a tor_tls_release_socket() function.
This function tells the underlying TLS object that it shouldn't
close the fd on exit.  Mostly, we hope not to have to use it, since
the NSS implementation is kludgey, but it should allow us to fix
2018-09-12 11:12:05 -04:00
Nick Mathewson
bfc847255a Merge remote-tracking branch 'dgoulet/ticket27545_035_01' 2018-09-12 10:18:11 -04:00
cypherpunks
cb9fa3b04c nodelist: fix docs for networkstatus_read_cached_consensus_impl
Fix on c12d2cb2dc.
2018-09-12 14:13:03 +00:00
cypherpunks
ab91302fd0 nodelist: use strcmpstart() instead of strncmp()
in rend_parse_v2_service_descriptor.
Fix on c58675ca72
2018-09-12 14:03:06 +00:00
Nick Mathewson
19dbc385d5 Merge remote-tracking branch 'tor-github/pr/298' 2018-09-12 09:38:52 -04:00
Nick Mathewson
62743912bc Merge branch 'pr278_squashed' 2018-09-12 09:06:35 -04:00
rl1987
7b27d98eae Actually, just disable test_rebind.sh on Appveyor 2018-09-12 09:06:16 -04:00
rl1987
d30e47fd4e Disable test_rebind.sh on Windows 2018-09-12 09:06:16 -04:00
rl1987
5a11670fca Update/fix CI build
Update integration test to Python 3
2018-09-12 09:06:16 -04:00
rl1987
4811869d7a Pick random ports in test_rebind.py 2018-09-12 09:06:16 -04:00
rl1987
d8157097b4 Always include socket rebinding code 2018-09-12 09:06:16 -04:00
rl1987
3f34fc921c Tweak test_rebind.py for future-proofness 2018-09-12 09:06:16 -04:00
rl1987
762c27b907 Integration test for socket rebinding
squash! Integration test for socket rebinding
2018-09-12 09:06:16 -04:00
rl1987
fbd50f5994 Avoid mentioning ticket number in comments 2018-09-12 09:06:16 -04:00
rl1987
9f5431c79f Comments/explanation for #17873 2018-09-12 09:06:16 -04:00
rl1987
74a474a2e7 Minor code cleanups 2018-09-12 09:06:16 -04:00
rl1987
27c868eff1 Log a notice *after* creating connection 2018-09-12 09:06:16 -04:00
rl1987
d548453abd Log a notice when changing to/from wildcard IP address 2018-09-12 09:06:14 -04:00
rl1987
9f7ed1d04e Always close old listeners in retry_all_listeners 2018-09-12 09:05:39 -04:00
rl1987
f04e0bd5d6 Refrain from compiling socket rebinding code on system that don't need it 2018-09-12 09:05:39 -04:00
rl1987
c99bb8b6ea Try rebinding new listener after closing old one if first bind failed with EADDRINUSE 2018-09-12 09:05:36 -04:00
Nick Mathewson
73a37d1e54 Check waitpid return value and exit status in tinytest.c
It's possible for a unit test to report success via its pipe, but to
fail as it tries to clean up and exit.  Notably, this happens on a
leak sanitizer failure.

Fixes bug 27658; bugfix on 0.2.2.4-alpha when tinytest was
introduced.
2018-09-12 08:57:18 -04:00
Mahrud Sayrafi
be142194cd Encode Circuit ID as src IP in Proxy Protocol for Opportunistic Onions 2018-09-12 15:20:26 +03:00
Nick Mathewson
8294c40c96 Merge remote-tracking branch 'tor-github/pr/318' 2018-09-12 08:12:19 -04:00
cypherpunks
03c4d0ab9c rust/protover: fix check for overlapping ranges
Closes ticket 27649. Bugfix on e6625113c9.
2018-09-12 02:47:59 +00:00
cypherpunks
b88a2f28ae rust/protover: remove version zero from tests
This isn't legal according to dir-spec.txt.

We can write separate tests for it if the spec
is changed to make it legal.
2018-09-12 02:47:59 +00:00
cypherpunks
e9ef7d5ab4 test/protover: remove version zero from tests
This isn't legal according to dir-spec.txt.

We can write separate tests for it if the spec
is changed to make it legal.
2018-09-12 02:47:29 +00:00
Nick Mathewson
5a2374b074 Merge remote-tracking branch 'tor-github/pr/315' 2018-09-11 15:55:30 -04:00
Nick Mathewson
affbe376f9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-11 15:53:06 -04:00
Mike Perry
ae1aea4cc4 Bug 25505: Check circuitmux queues before padding. 2018-09-11 15:53:03 -04:00
Nick Mathewson
2d0a6d7691 Merge remote-tracking branch 'mikeperry/bug25505' 2018-09-11 14:32:39 -04:00
Nick Mathewson
7852499812 Merge remote-tracking branch 'tor-github/pr/312' 2018-09-11 14:05:16 -04:00
Nick Mathewson
75ad1a1f2f Merge remote-tracking branch 'onionk/doublevote1' 2018-09-11 13:16:49 -04:00
Nick Mathewson
328bcbf305 Merge remote-tracking branch 'tor-github/pr/313' 2018-09-11 12:23:21 -04:00
Nick Mathewson
a7d0cbd462 Merge remote-tracking branch 'tor-github/pr/314' 2018-09-11 12:19:13 -04:00
Nick Mathewson
8a873a5695 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-11 12:04:56 -04:00
Nick Mathewson
8afc100cb5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-11 12:04:56 -04:00
Nick Mathewson
f741505642 Merge branch 'maint-0.3.4' 2018-09-11 12:04:56 -04:00
Nick Mathewson
3119cb5062 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-11 12:04:55 -04:00
Nick Mathewson
04bb70199b Followup: Make authority_cert_parse_from_string() take length too 2018-09-11 11:43:26 -04:00
Nick Mathewson
7e3005af30 Replace "read consensus from disk" with "map consensus from disk".
Implements 27244, and should save a bunch of RAM on clients.
2018-09-11 11:43:26 -04:00
Nick Mathewson
abaca3fc8c Revise networkstatus parsing code to use lengths
This way the networkstatus can be parsed without being
NUL-terminated, so we can implement 27244 and mmap our consensus objects.
2018-09-11 11:43:26 -04:00
Suphanat Chunhapanya
57c82b74b4 hs-v3: Shuffle the list of authorized clients
This commit makes it that the authorized clients in the descriptor are in
random order instead of ordered by how they were read on disk.

Fixes #27545

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-11 11:23:49 -04:00
Nick Mathewson
e014b72b73 Stop memcpy'ing uncompressed consensuses when making diffs 2018-09-11 11:16:50 -04:00
Nick Mathewson
5595b21227 Consdiff: use lengths on inputs so they don't need NUL at the end
This is part of #27244, so that we can safely mmap consensus
documents.
2018-09-11 11:16:50 -04:00
Nick Mathewson
e5601f14ed Initialize 't' in ge25519_scalarmult_base_niels()
OSS-Fuzz's version of memorysanitizer can't tell that this value is
not going to be used unsafely.
2018-09-11 10:35:18 -04:00
Karsten Loesing
19429fac23 Update geoip and geoip6 to the September 6 2018 database. 2018-09-11 09:26:59 +02:00
Taylor Yu
617160895c Defer reporting directory bootstrap progress
Existing cached directory information can cause misleadingly high
bootstrap percentages.  To improve user experience, defer reporting of
directory information progress until at least one connection has
succeeded to a relay or bridge.

Closes ticket 27169.
2018-09-10 15:20:50 -05:00
David Goulet
672620901b hs-v3: Silence some logging for client authorization
If a tor client gets a descriptor that it can't decrypt, chances are that the
onion requires client authorization.

If a tor client is configured with client authorization for an onion but
decryption fails, it means that the configured keys aren't working anymore.

In both cases, we'll log notice the former and log warn the latter and the
rest of the decryption errors are now at info level.

Two logs statement have been removed because it was redundant and printing the
fetched descriptor in the logs when 80% of it is encrypted wat not helping.

Fixes #27550

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 15:04:22 -04:00
rl1987
1ec54b3556 Bugfix: sizeof(socklen) doesn't make sense when calling connect()
Bugfix on 2f657a1416f2f81dd1be900269c4ae9bdb29f52d; bug not in
any Tor release.
2018-09-10 21:50:30 +03:00
Taylor Yu
687bf3ea64 Track bootstrap phase independently of progress
Track bootstrap phase (enumerated by bootstrap_status_t) independently
from the bootstrap progress (which can represent intermediate
progress).  This allows control_event_bootstrap_problem() to avoid
doing a linear search through the bootstrap progress space to find the
current bootstrap phase.
2018-09-10 13:18:32 -05:00
Taylor Yu
5733d3f71f Refactor control_event_bootstrap_core() more
Eliminate a few conditional expressions in
control_event_bootstrap_core() by overwriting the status parameter.
2018-09-10 13:18:32 -05:00
Taylor Yu
15c24d669f Refactor control_event_bootstrap() somewhat
Move the mostly-invariant part of control_event_boostrap() into a
helper control_event_bootstrap_core().  The helper doesn't modify any
state beyond doing logging and control port notifications.
2018-09-10 13:18:32 -05:00
Taylor Yu
e2988e044d Deindent much of control_event_bootstrap 2018-09-10 13:18:32 -05:00
Taylor Yu
eee62e13d9 Make control_event_bootstrap() return void
Simplify control_event_bootstrap() by making it return void again.  It
is currently a fairly complicated function, and it's made more
complicated by returning an int to signal whether it logged at NOTICE
or INFO.

The callers conditionally log messages at level NOTICE based on this
return value.  Change the callers to unconditionally log their verbose
human-readable messages at level INFO to keep NOTICE logs less
cluttered.

This partially reverts the changes of #14950.
2018-09-10 13:18:32 -05:00
David Goulet
7ff67d0e90 test: Fix coverity CID 1439129
One HSv3 unit test used "tor_memeq()" without checking the return value. This
commit changes that to use "tt_mem_op()" to actually make the test validate
something :).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:28:35 -04:00
David Goulet
064d3e7497 test: Fix coverity CID 1439130
Trivial fix of removing an uneeded NULL check in an HS v3 unit test.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:22:31 -04:00
David Goulet
58d74ad943 test: Fix coverity CID 1439131
Simple uninitialized object that we could free in an HS v3 unit test.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:20:58 -04:00
George Kadianakis
34a2cbb249 Address coverity warnings (CID 1439133/1439132).
>>>>    CID 1439133:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.

>>>>    CID 1439132:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.
2018-09-10 16:54:19 +03:00
Nick Mathewson
96601a6805 Bump to 0.3.4.8-dev 2018-09-10 09:42:40 -04:00
Nick Mathewson
05f5f65006 Bump to 0.3.3.10-dev. 2018-09-10 09:42:12 -04:00
Nick Mathewson
ec4a7641f1 Bump to 0.3.2.12-dev 2018-09-10 09:41:34 -04:00
Nick Mathewson
b203dedaf5 Bump to 0.2.9.17-dev 2018-09-10 09:41:22 -04:00
rl1987
1e296bc6de Call event_set_mem_functions during initialization 2018-09-09 18:58:03 +03:00
Nick Mathewson
a52d5d5309 Refactor initialization in curve25519_basepoint_spot_check
This is an attempt to work around what I think may be a bug in
OSS-Fuzz, which thinks that uninitialized data might be passed to
the curve25519 functions.
2018-09-09 10:21:13 -04:00
Roger Dingledine
776c1a5d1a make ipv6-only config complaint clearer
(a relay operator hit this on #tor-relays and couldn't make sense
of it. i couldn't either until i went to go read the code.)
2018-09-08 17:08:22 -04:00
Nick Mathewson
33a0c619a8 Do not store cached_dir_t for consensus in RAM if not a dircache.
There are three reasons we use a cached_dir_t to hold a consensus:
  1. to serve that consensus to a client
  2. to apply a consensus diff to an existing consensus
  3. to send the consensus to a controller.

But case 1 is dircache-only.  Case 2 and case 3 both fall back to
networkstatus_read_cached_consensus().  So there's no reason for us
to store this as a client.  Avoiding this saves about 23% of our RAM
usage, according to our experiments last month.

This is, semantically, a partial revert of e5c608e535.

Fixes bug 27247; bugfix on 0.3.0.1-alpha.
2018-09-07 19:48:56 -04:00
Nick Mathewson
95060eacae Use networkstatus_read_cached_consensus() for GETINFO
We already had fallback code for "dir/status-vote/current/consensus"
to read from disk if we didn't have a cached_dir_t available.  But
there's a function in networkstatus_t that does it for us, so let's
do that.
2018-09-07 19:48:56 -04:00
Nick Mathewson
43e400f340 Bump to 0.3.3.10 2018-09-07 15:11:18 -04:00
Nick Mathewson
cdaf9aec8e Bump to 0.3.2.12 2018-09-07 15:11:07 -04:00
Nick Mathewson
da29074fc4 Bump to 0.2.9.17 2018-09-07 15:10:49 -04:00
Nick Mathewson
9ca1af9a87 Merge remote-tracking branch 'dgoulet/ticket20700_035_03' 2018-09-07 15:03:32 -04:00
George Kadianakis
3695ef6343 HSv3: Don't assert when reading bad client-side privkeys. 2018-09-07 14:05:07 -04:00
George Kadianakis
6583d1e709 HSv3: Add subcredential in client auth KDF on the client-side. 2018-09-07 14:05:07 -04:00
George Kadianakis
1e9428dc61 HSv3: Add subcredential in client auth KDF on the service-side.
Also update some client auth test vectors that broke...
2018-09-07 14:05:07 -04:00
David Goulet
c76d00abfa hs-v3: Make hs_desc_build_fake_authorized_client() return an object
Return a newly allocated fake client authorization object instead of taking
the object as a parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5e1d36c7db bug: Use PATH_SEPARATOR instead of slash
In function get_fname_suffix, previously it uses /, but in fact it
should use PATH_SEPARATOR.
2018-09-07 14:03:55 -04:00
David Goulet
8e57986e7d hs-v3: Improve v3 client authorization logging
Part of #20700.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5b2871d2f2 hs-v3: Log client auth load activities client side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
7ace28c952 hs-v3: Log client auth load activities service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
83c8419e73 hs-v3: Rename client_pk to client_auth_pk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:08 -04:00
Suphanat Chunhapanya
9f975e9995 hs-v3: Rename client_sk to client_auth_sk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:07 -04:00
Suphanat Chunhapanya
b61403c787 test: HS v3 client auth is config equal function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
8f64931d67 hs-v3: Republish descriptors if client auth changes
When reloading tor, check if our the configured client authorization have
changed from what we previously had. If so, republish the updated descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
3b08b23997 hs-v3: Make all descriptor content free functions public
Series of functions that we now need in hs_service.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
53dd1699ba hs-v3: Re-enable the decoding in the encoding function
Previously, the validation by decoding a created descriptor was disabled
because the interface had to be entirely changed and not implemented at the
time.

This commit re-enabled it because it is now implemented.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
69fb25b0f6 test: HS v3 descriptor decoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
7acb720027 hs-v3: Decrypt the descriptor with client private key
Parse the client authorization section from the descriptor, use the client
private key to decrypt the auth clients, and then use the descriptor cookie to
decrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:39 -04:00
Suphanat Chunhapanya
63576b0166 hs-v3: Refactor the descriptor decryption/decoding
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
462d4097ce hs-v3: Refactor secret data building logic
Because this secret data building logic is not only used by the descriptor
encoding process but also by the descriptor decoding, refactor the function to
take both steps into account.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
9c36219236 test: HS v3 client authorization loading secret key
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
8e81fcd51a hs-v3: Load client authorization secret key from file
The new ClientOnionAuthDir option is introduced which is where tor looks to
find the HS v3 client authorization files containing the client private key
material.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fd6bec923c test: HS v3 descriptor encoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fa50aee366 hs-v3: Encrypt the descriptor using a cookie
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
10f4c46e50 test: Build an HSv3 descriptor with authorized client
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
0dab4ac2dd test: HS v3 building a descriptor with client auth
This commit tests that the descriptor building result, when the client
authorization is enabled, includes everything that is needed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
08bbcffc0e hs-v3: Generate all descriptor related keys
We need to generate all the related keys when building the descriptor, so that
we can encrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
15af47ede0 test: HS v3 loading client auth keys service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
b894b40e64 hs-v3: Load all client auth keys to the service
This commit loads all client public keys from every file in
`authorized_clients/` directory.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:07 -04:00
Nick Mathewson
13d0855a89 Merge remote-tracking branch 'teor/bug27521' 2018-09-07 10:29:45 -04:00
Nick Mathewson
fa38bbb700 Bump to 0.3.4.8 2018-09-07 09:49:29 -04:00
Nick Mathewson
732ea9120c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 09:15:56 -04:00
Nick Mathewson
8849b2ca3c Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 09:15:56 -04:00
Nick Mathewson
ee6d8bcf71 Merge branch 'maint-0.3.4' 2018-09-07 09:15:56 -04:00
Nick Mathewson
0366ae224c Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-07 09:15:52 -04:00
Nick Mathewson
2ec88a2a6d Tell openssl to build its TLS contexts with security level 1
Fixes bug 27344, where we'd break compatibility with old tors by
rejecting RSA1024 and DH1024.
2018-09-07 09:15:06 -04:00
Nick Mathewson
579770b706 Merge branch 'maint-0.3.4' 2018-09-07 08:46:46 -04:00
Nick Mathewson
056003d602 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 08:46:45 -04:00
Nick Mathewson
a78504dbe6 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 08:46:45 -04:00
Nick Mathewson
eacaff6ccc Merge remote-tracking branch 'teor/bug27461-032' into maint-0.3.2 2018-09-07 08:46:41 -04:00
Nick Mathewson
9fcb3ef787 Merge remote-tracking branch 'teor/bug27461-029' into maint-0.2.9 2018-09-07 08:46:35 -04:00
Nick Mathewson
7e91eb83d8 Merge branch 'maint-0.3.4' 2018-09-07 08:45:10 -04:00
Nick Mathewson
df18cf0e8f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 08:44:40 -04:00
Nick Mathewson
a4930de5e9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 08:44:40 -04:00
Nick Mathewson
a5ed62f96c Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-07 08:44:39 -04:00
Nick Mathewson
912ae2b8dc Merge remote-tracking branch 'teor/bug27463-029' into maint-0.2.9 2018-09-07 08:44:36 -04:00
Nick Mathewson
08d5fd39d8 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 08:42:19 -04:00
Nick Mathewson
b6de39e5f4 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 08:42:19 -04:00
Nick Mathewson
a08e6e711f Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-07 08:42:19 -04:00
teor
d2105ff5d5
Merge branch 'bug27461-029' into bug27461-032
Fix a minor merge conflict due to an #endif comment.
2018-09-07 13:00:34 +10:00
teor
8ef4bb7f3e
Windows: Stop calling SetProcessDEPPolicy() on 64-bit Windows
It is not supported, and always fails. Some compilers warn about the
function pointer cast on 64-bit Windows.

Fixes bug 27461; bugfix on 0.2.2.23-alpha.
2018-09-07 12:58:11 +10:00
teor
9d5c6317b5
hs: Silence a spurious warning in rend_client_send_introduction()
gcc 8 warns that extend_info_t.nickname might be truncated by strncpy().

But it doesn't know that nickname can either contain a hex id, or a
nicknames. hex ids are only used for general and HSDir circuits.

Fixes bug 27463; bugfix on 0.1.1.2-alpha.
2018-09-07 12:40:11 +10:00
teor
3b6d1676ec
Comment: Fix typos in get_interface_addresses_win32()
Closes 27521.
2018-09-07 11:32:57 +10:00
teor
1570f17f97
Windows: Silence a spurious warning in the GetAdaptersAddresses cast
GetProcAddress() returns FARPROC, which is (long long int(*)()) on
64-bit Windows:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms683212(v=vs.85).aspx

But GetAdaptersAddresses() is (long unsigned int(*)()), on both 32-bit
and 64-bit Windows:
https://docs.microsoft.com/en-us/windows/desktop/api/iphlpapi/nf-iphlpapi-getadaptersaddresses

So gcc 8 issues a spurious "incompatible function pointer" warning
about the cast to GetAdaptersAddresses_fn_t.

Silence this warning by casting to a void function pointer, before
the cast to GetAdaptersAddresses_fn_t.

This issue is already fixed by 26481 in 0.3.5 and later, by removing
the lookup and cast.

Fixes bug 27465; bugfix on 0.2.3.11-alpha.
2018-09-07 11:03:10 +10:00
Nick Mathewson
22e2403145 Revert "Avoid double-close on TCP sockets under NSS."
This reverts commit b5fddbd241.

The commit here was supposed to be a solution for #27451 (fd
management with NSS), but instead it caused an assertion failure.

Fixes bug 27500; but not in any released Tor.
2018-09-06 11:06:30 -04:00
Nick Mathewson
8815960c46 Merge remote-tracking branch 'tor-github/pr/294' 2018-09-06 09:47:32 -04:00
Nick Mathewson
e95b13f8ce Merge remote-tracking branch 'ageis/control-getinfo-uptime' 2018-09-06 09:30:55 -04:00
Nick Mathewson
bcfab63ca5 Merge remote-tracking branch 'teor/ticket27467' 2018-09-06 09:24:47 -04:00
teor
d0965561a5
Remove GetAdaptersAddresses_fn_t
The code that used it was removed as part of the 26481 refactor.

Closes ticket 27467.
2018-09-06 12:54:03 +10:00
Nick Mathewson
b8a2bdbdc8 Backport to older NSS, which does not have SEC_DerSignDataWithAlgorithmID 2018-09-05 16:49:15 -04:00
Nick Mathewson
5656144290 Fix checkspaces 2018-09-05 16:48:53 -04:00
Nick Mathewson
710aa122e4 Suppress strict-prototypes warnings in one more batch of NSS headers 2018-09-05 16:36:18 -04:00
Nick Mathewson
8cd091a8d3 Add a last-ditch memwipe() implementation for nss+old glibc
On new glibc versions, there's an explicit_bzero().  With openssl,
there's openssl_memwipe().

When no other approach works, use memwipe() and a memory barrier.
2018-09-05 16:34:01 -04:00
Nick Mathewson
824160fd82 Fix a type, and hopefully the win64 builds. 2018-09-05 09:36:15 -04:00
Nick Mathewson
dc7c979453 Add note about use of tor_memcmp() 2018-09-05 09:11:53 -04:00
Nick Mathewson
79a7fbb79b Fix a reverse-inull warning from coverity in new code. 2018-09-05 08:34:14 -04:00
Nick Mathewson
3b61bdb5ae Try to fix new coverity warnings in unit tests. 2018-09-05 08:30:35 -04:00
Nick Mathewson
03efb67b42 Debug one last reference-counting issue that only appeared on openssl master 2018-09-04 20:46:46 -04:00
Nick Mathewson
eeba944ee0 Fix an easy refcounting bug in a unit test 2018-09-04 20:25:25 -04:00
Nick Mathewson
0db5c54957 Merge branch 'nss_squashed' into nss_merge 2018-09-04 20:21:07 -04:00
Nick Mathewson
d644c93ae9 Resolve openssl-only memory leaks 2018-09-04 19:45:28 -04:00
Nick Mathewson
c50537fd94 Fix a pair of remaining leaks in tortls_nss.c
Fun fact: PR_Close leaks memory if its socket is not valid.
2018-09-04 19:45:21 -04:00
Nick Mathewson
274efb1263 Use FREE_AND_NULL for impl types 2018-09-04 14:52:35 -04:00
Nick Mathewson
ad94d43fc5 Port test_tortls_verify to not depend on openssl internals 2018-09-04 14:52:35 -04:00
Nick Mathewson
59c1b34b72 Remove tor_tls_check_lifetime as unused.
Everything that might have used it, uses tor_tls_cert_is_valid() instead.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3cdf0497f9 Add unit test for bridge-style TLS initialization. 2018-09-04 14:52:35 -04:00
Nick Mathewson
7acb8c8d18 Document winsock includes better 2018-09-04 14:52:35 -04:00
Nick Mathewson
70c27b7e39 Fix documentation of initialized fields in crypto_init.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
edbb5ef5b2 Make some additional RSA functions const 2018-09-04 14:52:35 -04:00
Nick Mathewson
600e046ed3 Rename crypto_pk_check_key(), use it more reasonably, add tests
This function was a wrapper around RSA_check_key() in openssl, which
checks for invalid RSA private keys (like those where p or q are
composite, or where d is not the inverse of e, or where n != p*q).
We don't need a function like this in NSS, since unlike OpenSSL, NSS
won't let you import a bogus private key.

I've renamed the function and changed its return type to make it
more reasonable, and added a unit test for trying to read a key
where n != p*q.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3b5d6ef15b Unify functions for reading/writing PEM keys, to avoid duplication. 2018-09-04 14:52:35 -04:00
Nick Mathewson
b892133fb9 Do not leave a certificate allocated after testing dirvote_add() 2018-09-04 14:52:35 -04:00
Nick Mathewson
f46a7eafb8 Do not leak a reference to "slot" when decoding private key. 2018-09-04 14:52:35 -04:00
Nick Mathewson
36f3bdac03 Update prefork and postfork NSS code for unit tests. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52ac539b99 Test a few more tortls.c functions 2018-09-04 14:52:35 -04:00
Nick Mathewson
7163389b55 Several unit tests to improve test coverage of x509*.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
02086a216f Remove tor_x509_get_cert_impl as unneeded. 2018-09-04 14:52:35 -04:00
Nick Mathewson
b5fddbd241 Avoid double-close on TCP sockets under NSS. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52d5f4da12 Avoid spurious error logs when using NSS
The tls_log_errors() function now behaves differently for NSS than
it did for OpenSSL, so we need to tweak it a bit.
2018-09-04 14:52:35 -04:00
Nick Mathewson
dd04fc35c6 Remove tor_tls_shutdown()
This function was supposed to implement a half-duplex mode for our
TLS connections.  However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me.  It's probably best to remove it.  We can add a tested one
later if we need one in the future.
2018-09-04 14:52:35 -04:00
Nick Mathewson
5205c7fd90 Initial NSS support for TLS.
This is enough to get a chutney network to bootstrap, though a bunch
of work remains.
2018-09-04 14:52:35 -04:00
Nick Mathewson
fd994f55c4 Merge remote-tracking branch 'rl1987/doc26908' 2018-09-04 11:08:49 -04:00
Nick Mathewson
1e71e2c104 c99 style in loop 2018-09-04 11:04:55 -04:00
Nick Mathewson
3507fead10 Merge branch 'tor_api_owning_control' 2018-09-04 11:04:21 -04:00
Nick Mathewson
94b04d6c64 Merge branch 'bug24104_029_squashed' 2018-09-04 10:44:36 -04:00
cypherpunks
f8c0f694b7 app/config: reject non-UTF-8 ContactInfo
Closes ticket #27428.
2018-09-03 14:31:03 +00:00
cypherpunks
d32b08af6f string: add string_is_utf8() helper
Ticket #27373.
2018-09-03 13:54:43 +00:00
rl1987
ce4f73f8a3 Update sample torrc files to warn about not using BridgeRelay and MyFamily together 2018-09-02 21:11:52 +03:00
juga0
81f4223329 Test for descriptor does not change when hibernating 2018-09-01 18:47:20 -04:00
juga0
d4e51a2eeb Add missing router_tests to test.h 2018-09-01 18:47:20 -04:00
juga0
e033d98f79 Check descriptor bandwidth changed if not hibernating
There should be a separate check to update descriptor when start
or end hibernating.
2018-09-01 18:47:20 -04:00
juga0
1066fdd8d1 Add test for check_descriptor_bandwidth_changed 2018-09-01 18:47:20 -04:00
juga0
e13ddee166 Allow mocking rep_hist_bandwidth_assess 2018-09-01 18:47:20 -04:00
juga0
842b18ab26 Add test log helpers for msgs not containing str 2018-09-01 18:47:20 -04:00
juga0
6210d568ec Make bandwidth change factor a constant
used to determine large changes in bandwidth.
2018-09-01 18:47:20 -04:00
rl1987
01eb164574 Reject addresses with needless trailing colon 2018-08-31 19:34:14 +03:00
David Fifield
feae813e1b Add tests for tor_addr_parse, separate from tor_addr_port_parse. 2018-08-31 18:57:42 +03:00
rl1987
23ed863da4 Improve bracket handling in tor_addr_parse()
* Actually check for second bracket
* Only attempt parsing IPv4 address when no brackets found
2018-08-31 18:55:36 +03:00
Neel Chauhan
1c62adb65b Change mention of is_extrainfo router_parse_list_from_string() to want_extrainfo 2018-08-29 21:05:24 -04:00
Nick Mathewson
94605f08fb Merge branch 'ticket27246_035_01_squashed' 2018-08-29 15:05:05 -04:00
Nick Mathewson
6c0c08bbb5 Expand the comments on ASN.1-encoded TAP keys 2018-08-29 15:04:54 -04:00
David Goulet
2f6bc74914 router: Keep RSA onion public key in ASN.1 format
The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding
which is 140 for a 1024 RSA key.

We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor
(microdesc_t). Scaling this to 6000 relays, and considering client usually
only have microdescriptors, we save 1.608 MB of RAM which is considerable for
mobile client.

This commit makes it that we keep the RSA onion public key (used for TAP
handshake) in ASN.1 format instead of an OpenSSL RSA object.

Changes is done in both routerinfo_t and microdesc_t.

Closes #27246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-29 15:01:38 -04:00
Mike Perry
7685c39f9d Add half_edge_t to noinst_HEADERS. 2018-08-29 18:46:01 +00:00
Mike Perry
93ff8b411a Merge branch 'ticket25573-034' into ticket25573-master 2018-08-29 17:10:06 +00:00
Mike Perry
ce894e20b5 Ticket #25573: Count TRUNCATED cells.
TRUNCATED cells were ignored while in path bias. Now they are obeyed, and
cause us to tear down the circuit. The actual impact is minimal, since we
would just wait around for a probe that would never arrive before.

This commit changes client behavior.
2018-08-29 04:12:15 +00:00
Mike Perry
144647031a Ticket #25573: Check half-opened stream ids when choosing a new one
Avoid data corrupton by avoiding mixing up old stream ids with new ones.

This commit changes client behavior.
2018-08-29 04:12:15 +00:00
Mike Perry
c56f63eadb Ticket #25573: Track half-closed stream ids
We allow their CONNECTEDs, RESOLVEDs, ENDs, SENDMEs, and DATA cells to not
count as dropped until the windows are empty, or we get an END.

This commit does not change behavior. It only changes CIRC_BW event field
values.
2018-08-29 04:12:09 +00:00
Nick Mathewson
3d7a705d3a Merge remote-tracking branch 'onionk/prototest1' 2018-08-28 21:32:46 -04:00
Mike Perry
dac7d92918 Mark smartlist_bsearch as taking a const list.
It does not modify the actual list.
2018-08-29 00:03:41 +00:00
Roger Dingledine
6da8c6e9a5 make a comment more right
(from #20874 fix)
2018-08-28 16:13:58 -04:00
Nick Mathewson
b26db5dddb Merge remote-tracking branch 'onionk/connection-comments1' 2018-08-28 16:07:46 -04:00
Nick Mathewson
48632455a5 Merge branch 'bug26367_035_01' 2018-08-28 16:02:04 -04:00
David Goulet
8f13c3d3ed hs: Remove rend_client_non_anonymous_mode_enabled
The removal of Tor2Web made this function useless.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
f661d856fd hs: Remove rend_client_allow_non_anonymous_connection
By removing Tor2Web, there is no way a client can be non anonymous so we
remove that function and the callsites.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
67cd67611c circ: Remove useless param from cannibalization function
Because we just removed Tor2web support, the need_specific_rp is not needed
anymore when cannibalizing a circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
4976eca826 hs: Render obsolete Tor2web
Remove support for Tor2web in the code and build system. At this commit, tor
doesn't have Tor2web support anymore.

Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html

Close #26367

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
Nick Mathewson
219f6ea516 Fix log.c comments about assert vs tor_assert vs raw_assert. 2018-08-28 15:58:16 -04:00
Nick Mathewson
2bc4c55d7d Merge remote-tracking branch 'tor-github/pr/245' 2018-08-28 15:44:06 -04:00
Nick Mathewson
3b960df4f9 Merge branch 'bug26896_034' 2018-08-28 12:35:50 -04:00
rl1987
3890ad2578 Stricter HiddenServicePort parsing 2018-08-28 18:32:31 +03:00
David Goulet
d9bfc9e2e3 fixup! hs: Learn service version by trying to load the keys 2018-08-28 08:36:28 -04:00
Nick Mathewson
64c3c6a790 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-27 09:39:08 -04:00
Nick Mathewson
0483f7f64c Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-27 09:39:08 -04:00
Nick Mathewson
103dd68ba8 Merge branch 'maint-0.3.4' 2018-08-27 09:39:08 -04:00
teor
70a07fa90b
When running make test-network-all, use the mixed+hs-v2 network
No behaviour change.

A previous fix to chutney removed v3 onion services from the
mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
confusing.

Fixes bug 27345; bugfix on 0.3.2.1-alpha.
2018-08-27 23:07:20 +10:00
cypherpunks
0cd72a2833 core/mainloop: more comments documenting connection.c 2018-08-27 01:32:34 +00:00
cypherpunks
309961138b core/mainloop: fix documentation of connection_handle_write_impl()
Inaccurate since ​d9746bd468f551d1ada57d962b20eddd15256ce9.
2018-08-27 01:07:01 +00:00
Nick Mathewson
4c1c818ffa Update to 0.3.4.7-rc-dev 2018-08-24 16:49:56 -04:00
Nick Mathewson
bb65b53966 Fix a compilation warning on i386 with clang 2018-08-24 16:13:30 -04:00
Nick Mathewson
7217bdacb5 Merge remote-tracking branch 'tor-github/pr/289' 2018-08-24 12:57:18 -04:00
Nick Mathewson
622231ce2e Merge remote-tracking branch 'teor/bug27237' 2018-08-24 12:44:46 -04:00
Nick Mathewson
b1d0fa04fb Merge branch 'maint-0.3.4' 2018-08-24 12:35:26 -04:00
Nick Mathewson
658171318f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-24 12:35:23 -04:00
Nick Mathewson
33e4e30d0a Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-24 12:32:10 -04:00
Nick Mathewson
98e1a1d106 Merge branch 'ticket27286_032_v2' into maint-0.3.2 2018-08-24 12:32:06 -04:00
Nick Mathewson
14be9cba4e Update the protocol versions recommendations to remove LinkAuth=1
LinkAuth method 1 is the one where we pull the TLS master secrets
out of the OpenSSL data structures and authenticate them with
RSA. Right now we list method 1 as required for clients and relays.
That's a problem, since we can't reasonably support it with NSS. So
let's remove it as a requirement and a recommendation.

As for method 3: I'd like to recommend it it, but that would make
0.2.9 start warning.  Let's not do that till at least some time
after 0.3.5 (the next LTS) is stable.

Closes ticket 27286
2018-08-24 12:31:01 -04:00
Nick Mathewson
08a1619e7f Merge branch 'maint-0.3.4' 2018-08-24 12:05:39 -04:00
teor
dd27e17ccc Bootstrap: add some extra logging
Diagnostics for 27236.
2018-08-24 12:05:36 -04:00
teor
3ebbc1c84d Bootstrap: allow internal-only onion service networks to bootstrap
This fix requires chutney's 27230 fix to bridge client bootstrap.

Part of 27236.
2018-08-24 12:05:29 -04:00
Nick Mathewson
4748fd23da Bump to 0.3.4.7-rc 2018-08-24 09:13:20 -04:00
Nick Mathewson
f36b3faa75 Merge branch 'maint-0.3.4' 2018-08-24 08:32:33 -04:00
teor
7a5896d5d4
Bootstrap: try harder to get descriptors in non-exit test networks
Use the mid weight for the third hop when there are no exits.

Fixes bug 27237; bugfix on 0.2.6.2-alpha.
2018-08-24 12:49:05 +10:00
teor
588c77677a
Bootstrap: stop requiring descriptors to count exits as usable
Instead, count exits as usable if they have the exit flag, and
present if they also have a non-reject exit policy.

Requiring a threshold of usable descriptors avoids directories trickling
exit descriptors to clients to discover their ExitNodes settings.

Part of 27236.
2018-08-24 12:08:11 +10:00
Nick Mathewson
d50f90bfc4 Merge branch 'maint-0.3.4' 2018-08-23 19:37:32 -04:00
Nick Mathewson
e01ea64f0a Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-23 19:36:45 -04:00
Nick Mathewson
36bb11a650 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-23 19:36:45 -04:00
Nick Mathewson
6e0872e867 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-23 19:36:45 -04:00
teor
cc4ea34a26
Silence a compilation warning on MSVC 2017 and clang-cl
test.c no longer uses lround(), so we don't need to declare it,
and we can use math.h for fabs().

Fixes bug 27185; bugfix on 0.2.2.2-alpha.
2018-08-24 09:15:04 +10:00
Nick Mathewson
2ae92ab973 Merge branch 'maint-0.3.4' 2018-08-23 14:26:04 -04:00
teor
fadcab920b
Bootstrap: check the exit policy and flag on descriptors
Previously, Tor would only check the exit flag. In small networks, Tor
could bootstrap once it received a consensus with exits, without fetching
the new descriptors for those exits.

After bootstrap, Tor delays descriptor fetches, leading to failures in
fast networks like chutney.

Fixes 27236; bugfix on 0.2.6.3-alpha.
2018-08-24 01:13:53 +10:00
teor
692efdad09
Update the message logged on relays when DirCache is disabled
Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the Guard
flag.

Fixes bug 24312; bugfix on 0.3.3.5-rc.
2018-08-23 19:13:25 +10:00
Dominique Ingoglia
8747afc5e0
Change the wording of the DirCache warning 2018-08-23 19:13:15 +10:00
Nick Mathewson
c567b8fcb4 NSS support for x509 certs
7 unit tests are failing at this point, but they're all TLS-related.
2018-08-22 16:11:45 -04:00
Nick Mathewson
7c5339677f Log error strings in crypto_nss_log_errors().
I'll need this for debugging.
2018-08-22 12:36:25 -04:00
David Goulet
e8557ba00d hs: Change default version from 2 to 3
Closes #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:42:23 -04:00
David Goulet
61ad81c36e hs: Learn service version by trying to load the keys
In order to switch the default HS version from 2 to 3, we need tor to be smart
and be able to decide on the version by trying to load the service keys during
configuration validation.

Part of #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:38:28 -04:00
David Goulet
cb466ee7d6 key: Make ed_key_init_from_file() take an or_options_t
Part of #27215, we need to call the ed_key_init_from_file function during
option_validate() which is before the global_options variable is set.

This commit make ed_key_init_from_file() stop using get_options() and instead
now has a or_options_t parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:32:57 -04:00
George Kadianakis
5febea0d54 Fix revision counter bugs caused by bad SRV start time computation.
Bug description: For each descriptor, its revision counter is the OPE
ciphertext of the number of seconds since the start time of its SRV value.
This bug caused us to confuse the SRV start time in the middle of the lifetime
of a descriptor in some edge-cases, which caused descriptor rejects.

Bug cause: The bug occurs when we fetch a 23:00 consensus after
midnight (e.g. at 00:08 when not all dirauths have fetched the latest 00:00
consensus). In that case, the voting schedule (which was used for SRV start
time calculation) would return a valid-after past-midnight, whereas our
consensus would be pre-midnight, and that would confuse the SRV start time
computation which is used by HS revision counters (because we would reset the
start time of SRV, without rotating descriptors).

Bug fix: We now use our local consensus time to calculate the SRV start time,
instead of the voting schedule. The voting schedule does not work as originally
envisioned in this case, because it was created for voting by dirauths and not
for scheduling stuff on clients.
2018-08-22 18:09:47 +03:00
Nick Mathewson
8148c0717d Change log_test_helpers macros to use printf, not pasting
This ensures that our test failure messages actually tell us what
strings Tor was expecting.  I will need this to debug some test
failures.
2018-08-22 10:55:55 -04:00
Nick Mathewson
c1ad40627b Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-22 09:37:31 -04:00
Nick Mathewson
8691046ac6 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-22 09:37:31 -04:00
Nick Mathewson
573b6e4f2f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-22 09:37:31 -04:00
Nick Mathewson
9068e2fa28 Mark cert_matches_key as not-intrusive; fix stretch compilation. 2018-08-22 09:37:26 -04:00
Nick Mathewson
e619fd02ef Merge remote-tracking branch 'tor-github/pr/287' 2018-08-21 20:08:55 -04:00
Nick Mathewson
bf5704051c Merge remote-tracking branch 'teor/travis-osx-master' 2018-08-21 20:04:13 -04:00
Nick Mathewson
aac1e17f22 Merge remote-tracking branch 'teor/travis-osx-034' into maint-0.3.4 2018-08-21 20:04:03 -04:00
Nick Mathewson
f0633bc491 Merge remote-tracking branch 'teor/travis-osx-033' into maint-0.3.3 2018-08-21 20:03:56 -04:00
Nick Mathewson
a29e9a901d Merge remote-tracking branch 'teor/travis-osx-032' into maint-0.3.2 2018-08-21 20:03:41 -04:00
Neel Chauhan
3bf4493cb9 Remove duplicate include in src/test/test_address.c 2018-08-21 20:01:48 -04:00
Nick Mathewson
de66bd397c Merge branch 'maint-0.3.4' 2018-08-21 19:20:37 -04:00
Nick Mathewson
f68aab83ba Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-21 19:20:31 -04:00
Nick Mathewson
245025a3df Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-21 19:16:40 -04:00
Nick Mathewson
d52f406001 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-21 19:16:40 -04:00
Nick Mathewson
5245a296c5 Make some x509 functions generic; remove some fields NSS doesn't need 2018-08-21 12:25:33 -04:00
Nick Mathewson
b9ca8f2356 Extract internal-only parts of x509.h 2018-08-21 12:25:33 -04:00
Nick Mathewson
108d9879eb Extract the non-generic part of tor_tls_context_decref(). 2018-08-21 12:25:33 -04:00
Nick Mathewson
96f8e19802 Implement PBKDF2 with NSS.
This was a gap that we left in the last commit.
2018-08-21 12:25:33 -04:00
Nick Mathewson
6a88d8f6b4 When enabling NSS, disable OpenSSL.
We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.

Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
   - tor-gencert
   - pbkdf2
2018-08-21 12:25:33 -04:00
Nick Mathewson
1992c76130 Split tls modules and their tests into openssl and generic.
Also, add a stubbed-out nss version of the modules.  The tests won't
pass with NSS yet since the NSS modules don't do anything.

This is a good patch to read with --color-moved.
2018-08-21 12:25:33 -04:00
Nick Mathewson
91c1e88b7a Refactor some of the certificate-manipulation logic 2018-08-21 12:25:33 -04:00
Nick Mathewson
598bc78bfa Extract tortls structures into a new header; clean up a little 2018-08-21 12:25:33 -04:00
Nick Mathewson
9a4f05b05c Split X509 code out of tortls.c 2018-08-21 12:25:33 -04:00
Nick Mathewson
3ccb94d7b6 The RSA_free in this test is no longer needed or wanted 2018-08-21 12:24:08 -04:00
Nick Mathewson
aa45511250 Implement RSA for NSS. 2018-08-21 12:24:08 -04:00
Nick Mathewson
cb5cfe3177 Also reinitialize the pregenerated keys postfork. 2018-08-21 12:24:08 -04:00
Nick Mathewson
b94e7de7db Refactor crypto_rsa to use pem module.
This cleans up a lot of junk from crypto_rsa_openssl, and will
save us duplicated code in crypto_rsa_nss (when it exists).

(Actually, it already exists, but I am going to use git rebase so
that this commit precedes the creation of crypto_rsa_nss.)
2018-08-21 12:24:08 -04:00
Nick Mathewson
9566ed6fd9 Add rudimentary support for PEM-encoding, since NSS doesn't do that. 2018-08-21 12:24:08 -04:00
Nick Mathewson
0812f1cbc2 Use a constant for "65537" 2018-08-21 12:24:08 -04:00
Nick Mathewson
824009cde5 Rename openssl-bridging functions in crypto_rsa
These functions exist only to expose RSA keys to other places in Tor
that use OpenSSL; let's be specific about their purpose.
2018-08-21 12:24:08 -04:00
Nick Mathewson
38212d2e40 Remove a redundant function. 2018-08-21 12:24:08 -04:00
Nick Mathewson
0f971d7c91 Rename functions that encode/decode private keys
It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.
2018-08-21 12:24:08 -04:00
Nick Mathewson
752ffa2197 Extract openssl RSA functionality into its own file. 2018-08-21 12:24:08 -04:00
Nick Mathewson
9bb0ac4bf1 Merge branch 'coverage_6aug_squashed' 2018-08-21 12:14:51 -04:00
Nick Mathewson
fe00a481fc Add a unit test for tor_log_mallinfo() 2018-08-21 12:14:41 -04:00
Nick Mathewson
f124037cde Add unit tests for parsing "extended" format of config lines. 2018-08-21 12:14:41 -04:00
Nick Mathewson
21a9d03445 fixup! Check for duplicate-close in connection_dir_finished_flusing() 2018-08-21 11:15:07 -04:00
Nick Mathewson
ff0be08059 Fix a bug warning when sending an error on an HTTPTunnelPort conn
Fixes bug 26470; bugfix on 0.3.2.1-alpha.
2018-08-21 10:12:04 -04:00
Nick Mathewson
18183de060 Check for duplicate-close in connection_dir_finished_flusing()
Fix for 26896.
2018-08-21 09:50:48 -04:00
Neel Chauhan
eb2b130ad9 If ExitRelay is not specified, emulate the behavior of "ExitRelay 0" 2018-08-20 20:25:23 -04:00
Nick Mathewson
85a8792344 Rewrite test_tortls_cert_matches_key()
Unlike the old test, this test no will no longer mess around with
the forbidden internals of any openssl data structures.

Additionally, it verifies several other behaviors of
tor_tls_cert_matches_key() that we had wanted to verify, such as
the possibility of the certificate's key not matching.

Fixes bug 27226; bugfix on 0.2.5.1-alpha.
2018-08-20 17:43:41 -04:00
Nick Mathewson
c1f476a3d5 Use our x509 wrapper code in tor_tls_cert_matches_key()
This allows us to mock our own tor_tls_get_peer_certificate()
function in order to test ..cert_matches_key(), which will in turn
allow us to simplify test_tortls_cert_matches_key() considerably.

Prep work for the fix for 27226.
2018-08-20 17:42:38 -04:00
Neel Chauhan
aab6aea197 Fix typo in comment for getinfo_helper_current_time() 2018-08-20 11:49:35 -04:00
rl1987
5ab2110eb6 Rework predicted_ports_prediction_time_remaining() to fix CID 1438153 2018-08-19 21:03:01 +03:00
cypherpunks
6c0e7a9e1a test/protover: add double-voting test 2018-08-19 02:21:46 +00:00
cypherpunks
fecd583c0e rust: abort on panic in all profiles
Until https://github.com/rust-lang/rust/issues/52652 is fixed,
unwinding on panic is potentially unsound in a mixed C/Rust codebase.

The codebase is supposed to be panic-free already, but just to be safe.

This started mattering at commit d1820c1516.

Fixes #27199; bugfix on tor-0.3.3.1-alpha.
2018-08-18 19:23:28 +00:00
rl1987
ed0ee340d4 Refactoring: Move code that creates listener for port into new function 2018-08-18 11:26:38 +03:00
cypherpunks
18416b2cf0 test/protover: add test for whitespace parsing bug 2018-08-17 17:25:24 +00:00
cypherpunks
4f3e6d5027 test/protover: add test for hyphen parsing bug 2018-08-17 17:21:46 +00:00
Nick Mathewson
700f5bcc43 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-17 09:38:26 -04:00
Nick Mathewson
e0b8c53f56 Merge branch 'maint-0.3.4' 2018-08-17 09:38:26 -04:00
Nick Mathewson
87aacbfbba Merge remote-tracking branch 'onionk/rust-protospace' into maint-0.3.3 2018-08-17 09:38:08 -04:00
cypherpunks
7b7dd9ae1c rust/protover: don't accept whitespace in ProtoSet::from_str()
It's impossible for spaces to get here, since spaces are used as
separators between individual protocol entries higher up.

And it shouldn't ignore whitespace that isn't a literal space
character, because that would differ from the C implementation.

These were added in 9925d2e687.

Fixes #27177. Bugfix on 0.3.3.5-rc.
2018-08-17 13:34:03 +00:00
Nick Mathewson
ac721bd3b4 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-17 09:29:46 -04:00
Nick Mathewson
bedc0b0b8f Merge branch 'maint-0.3.4' 2018-08-17 09:29:46 -04:00
cypherpunks
cc93f175ed rust/protover: fix hyphen parsing bug in ProtoSet::from_str()
It was parsing "1-2-3" as if it were 1-2, ignoring the 2nd hyphen
and everything after.

Introduced in d1820c1516.

Fixes #27164; bugfix on 0.3.3.1-alpha.
2018-08-17 13:27:24 +00:00
Nick Mathewson
042aed3f1d Merge remote-tracking branch 'onionk/rust-docs1' 2018-08-17 09:07:06 -04:00
Unto Sten
ba3c785092 Inform users about configuration file and directory includes
This patch makes it clearer to users what settings Tor daemon
is actually using. I think it is pretty important.
2018-08-17 14:08:59 +03:00
Neel Chauhan
64d9ea1413
In addrs_in_same_network_family(), choose IP subnet size based on IP type 2018-08-17 13:37:51 +10:00
cypherpunks
fc7fed6155 rust/protover: fix docs for UnvalidatedProtoEntry::from_str
This got shuffled around in b786b146ed
and hasn't been accurate since 124caf28e6.
2018-08-17 02:38:23 +00:00
cypherpunks
e65a4fa42c rust/protover: fix parsing docs
The function takes an already validated utf-8 string, and
it never checks if the version numbers are an empty string.
That parse error happens later.

Fix on 701c2b69f5
2018-08-17 02:38:23 +00:00
cypherpunks
7bb658a633 rust/protover: fix ProtoEntry::from_str docs
Texxt was copied from a function that returned a single
tuple in 88b2f170e4.
2018-08-17 02:38:23 +00:00
Nick Mathewson
c8aecd14fe Merge branch 'pr275_squashed' 2018-08-16 08:43:05 -04:00
cypherpunks
6b609ce435 rust: run rustfmt 2018-08-16 08:42:57 -04:00
cypherpunks
ceac10fc3d rust: max_width=100, other rustfmt settings. #27071
These are the 12 stable and documented configuration options,
set to their default values.

use_small_heuristics is only stabilized in rustfmt 0.9, so maintain
support for 0.8.x for now by commenting it out.

comment_width is unstable and did nothing, since wrap_comments defaults
to false.

Default values gotten from `rustfmt --print-config default rustfmt.toml`.

e7932fa9c2/Configurations.md
2018-08-16 08:42:57 -04:00
cypherpunks
fef2ba2267 rust/docs: fix critical typo for missing_docs lint
Fix typo from fe66d06a45.
The exclamation point is what lets an attribute apply to
an entire crate, without the ! it's practically a placebo.

Fix on commits af182d4ab5 and
b6059297d7, and note there are
still missing docs in both crypto and protover, for now.

https://doc.rust-lang.org/reference/attributes.html
2018-08-16 08:42:57 -04:00
Nick Mathewson
936e2aa0de Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-16 08:37:11 -04:00
Nick Mathewson
b49355915b Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-16 08:37:11 -04:00
Nick Mathewson
7e50d43f07 Merge branch 'maint-0.3.4' 2018-08-16 08:37:11 -04:00
George Kadianakis
c798957b59 Keep descriptor rotation time after HUP occurs. 2018-08-16 08:36:48 -04:00
Nick Mathewson
d029a5162d Merge branch 'ticket27096' 2018-08-16 08:32:06 -04:00
rl1987
fb137b30fc Exclude setenv/unsetenv code on Windows 2018-08-16 08:31:45 -04:00
rl1987
f454c28303 Fix test to pass without HOME env being set 2018-08-16 08:31:45 -04:00
Nick Mathewson
6c1d2549df Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-15 02:16:23 -04:00
Nick Mathewson
1868982de6 Merge remote-tracking branch 'public/bug26779_033' into maint-0.3.3 2018-08-15 02:16:19 -04:00
Nick Mathewson
b329cdf768 Merge remote-tracking branch 'public/bug26779_035' 2018-08-15 02:14:17 -04:00
Nick Mathewson
e56f0c9d33 Adjust windows stubs for new start/finish_daemon() return types 2018-08-14 16:44:59 -04:00
Neel Chauhan
f282375fb7 Add regression test for Bug #20874 2018-08-11 18:09:01 -04:00
Nick Mathewson
c775689e96 Merge remote-tracking branch 'tor-github/pr/244' 2018-08-11 10:05:15 -04:00
Nick Mathewson
61d5bcc1a2 Merge remote-tracking branch 'tor-github/pr/268' 2018-08-11 10:04:04 -04:00
Nick Mathewson
b7ed61167f Merge remote-tracking branch 'tor-github/pr/239' 2018-08-10 12:35:06 -04:00
teor
546c134801
Rust: Use --all-features in test_rust.sh for 0.3.3 and 0.3.4
Re-applies 0.3.3 changes after 24629.
2018-08-10 16:37:19 +10:00
teor
19038ff4bb
Revert "Rust: Use --all-features in test_rust.sh for 0.3.3 and 0.3.4"
This reverts commit e1291aa84a.
2018-08-10 13:30:16 +10:00
teor
ace98493bd
Merge branch 'travis-osx-034' into travis-osx-master
Replace master .travis.yml with 034 .travis.yml.
All the changes in master have been backported to the
034 .travis.yml already.

Replace master src/test/test_rust.sh with 034
src/test/test_rust.sh, which was backported from
master. One 033/034-specific commit needs to be
reverted.
2018-08-10 13:28:19 +10:00
teor
6e0be81211
Merge branch 'travis-osx-033' into travis-osx-034
Replace 034 .travis.yml with 033 .travis.yml.
Subsequent commits will restore 034 functionality.

Replace 034 src/test/test_rust.sh with 033
src/test/test_rust.sh, which was backported from
master.
2018-08-10 13:15:16 +10:00
teor
e1291aa84a
Rust: Use --all-features in test_rust.sh for 0.3.3 and 0.3.4
Re-applies 0.3.3 changes after 24629.
2018-08-10 13:11:27 +10:00
teor
229a75a49a
Rust: use a consistent working directory in builds and tests
cd to ${abs_top_builddir}/src/rust before running cargo in
src/test/test_rust.sh.

Fixes bug 26497; bugfix on 0.3.3.2-alpha.
2018-08-10 11:54:26 +10:00
teor
0f3fd10ee0
Stop setting $CARGO_HOME in src/rust/tor_rust/include.am
cargo will use the user's $CARGO_HOME, or $HOME/.cargo by default.

Fixes bug 26497; bugfix on 0.3.1.5-alpha.
2018-08-10 11:47:36 +10:00
teor
2b9dd0f9c0
Merge branch 'travis-osx-032' into travis-osx-033
Replace 033 .travis.yml with 032 .travis.yml.
Subsequent commits will restore 033 functionality.

src/rust/tor_util/include.am is deleted in 033.
Subsequent commits will apply 032 changes to
src/rust/tor_rust/include.am.

Replace 033 src/test/test_rust.sh with 032
src/test/test_rust.sh, which was backported from
master.
2018-08-10 11:43:17 +10:00
teor
c9ad16ca2a
Fix $abs_top_srcdir in test_rust.sh
Consistently use ../../.. as a fallback for $abs_top_srcdir in
test_rust.sh.

Fixes bug 27093; bugfix on 0.3.4.3-alpha.
2018-08-10 11:22:36 +10:00
teor
ce19477ffc
Stop setting $CARGO_HOME
cargo will use the user's $CARGO_HOME, or $HOME/.cargo by default.

Fixes bug 26497; bugfix on 0.3.1.5-alpha.
2018-08-10 11:14:32 +10:00
teor
2a35b085ee
Rust: backport src/test/test_rust.sh from master
Preparation for 26497.
2018-08-10 11:09:18 +10:00
Nick Mathewson
5980cb8a19 Merge branch 'maint-0.3.4' 2018-08-09 08:47:26 -04:00
Nick Mathewson
b4362b99cf Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-09 08:47:25 -04:00
Nick Mathewson
fde551a387 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-09 08:47:25 -04:00
Nick Mathewson
8982719f6a Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-09 08:47:24 -04:00
Karsten Loesing
fe19b40fe9 Update geoip and geoip6 to the August 7 2018 database. 2018-08-09 09:44:38 +02:00
Neel Chauhan
a207511bb0 In cell_queues_check_size(), add DNS cache size to total memory allocation 2018-08-08 20:52:57 -04:00
Nick Mathewson
df444e482b Provide examples of tor_api_get_provider_version() output
At the same time, sternly warn any person thinking about relying on
any particular format too strictly.  If you do this, and your
program breaks, it is your bug, not mine.
2018-08-08 18:10:28 -04:00
Nick Mathewson
159141a8c6 Merge branch 'ticket26947' 2018-08-08 18:07:32 -04:00
Nick Mathewson
0f0dac0bfc Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-08 18:06:15 -04:00
Nick Mathewson
da4f4cb269 Merge branch 'maint-0.3.4' 2018-08-08 18:06:15 -04:00
Nick Mathewson
c4d0d9bd24 Merge branch 'bug26948_033' into maint-0.3.3 2018-08-08 18:06:11 -04:00
Nick Mathewson
a57c27a1c7 Call crypto_postfork on start_daemon() instead. 2018-08-08 17:32:26 -04:00
Nick Mathewson
622a2c6bee Make finish_daemon() return a boolean to say whether it did anything. 2018-08-08 16:59:53 -04:00
Nick Mathewson
4f300d547d When RunAsDaemon is set, crypto_postfork() as needed 2018-08-08 16:50:23 -04:00
Nick Mathewson
26f1167e71 Merge branch 'bug26779_033' into bug26779_035 2018-08-08 15:50:29 -04:00
Nick Mathewson
b66386865e Detect broken stdatomic.h, and pretend that it isn't there at all
I hope that the debian clang maintainers will look at debian bug
903709 soon. But until they do, this should keep our users and our
CI happy on sid with clang.

Closes ticket 26779.
2018-08-08 15:49:39 -04:00
rl1987
7a1007861f Print stacktrace when crypto_pk_get_digest() fails in router_build_fresh_descriptor() 2018-08-08 18:56:27 +03:00
rl1987
9c242e950b Consider all routerinfo errors other than "not a server" transient 2018-08-08 18:47:43 +03:00
Nick Mathewson
aaa5ca366e Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-08 09:26:23 -04:00
Nick Mathewson
7787150521 Merge branch 'maint-0.3.4' 2018-08-08 09:26:23 -04:00
Nick Mathewson
00536254b7 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-08 09:26:23 -04:00
Nick Mathewson
8e68fe7e1c Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-08 09:26:22 -04:00
Daniel Pinto
a350f216b3 Fix crash when calling openat with sandbox enabled #25440
The seccomp rule for the openat syscall checks for the AT_FDCWD
constant. Because this constant is usually a negative value, a
cast to unsigned int is necessary to make sure it does not get
converted to uint64_t used by seccomp.

More info on:
https://github.com/seccomp/libseccomp/issues/69#issuecomment-273805980
2018-08-08 09:21:29 -04:00
Neel Chauhan
3a2b5a5bcb Fix typo in control_event_hs_descriptor_content() 2018-08-08 00:12:00 -04:00
Nick Mathewson
de129e69ba Update version to 0.3.4.6-rc-dev 2018-08-07 20:15:34 -04:00
Nick Mathewson
5e86a28683 Merge branch 'maint-0.3.4' 2018-08-07 08:05:56 -04:00
Nick Mathewson
882b2ad0aa Merge branch 'bug27003_034_v2' into maint-0.3.4 2018-08-07 08:05:51 -04:00
Nick Mathewson
f6763a8218 Add tests for the failing case of tor_localtime_r 2018-08-06 16:44:26 -04:00
Nick Mathewson
abf88af488 Merge branch 'maint-0.3.4' 2018-08-06 10:39:59 -04:00
Nick Mathewson
a54e94878a Rename SEC identifier to BW_SEC in test_bwmgt.h
Apparently Solaris 10 defines SEC somewhere in its headers, causing
a compilation problem.

Fixes bug 26994; bugfix on 0.3.4.1-alpha.
2018-08-06 10:39:14 -04:00
Nick Mathewson
a8bab72c37 Bump to 0.3.4.6-rc 2018-08-06 08:28:56 -04:00
Nick Mathewson
622a057e7e Merge remote-tracking branch 'public/string_coverage' 2018-08-03 07:03:29 -04:00
Nick Mathewson
176999fd95 When enabling periodic events, schedule but don't run them immediately.
When we fixed 25939 in f7633c1fca, we
introduced a call to rescan_periodic_events() from inside the onion
service logic. But this meant that we could rescan the event list --
thereby running event callbacks! -- from inside the hidden service code.
This could cause us to run some of our event callbacks from an
inconsistent state, if we were in the middle of changing options.

A related bug (#25761) prevented us from rescanning our periodic
events as appropriate, but when we fixed THAT one, this bug reared
its ugly head.

The fix here is that "enabling" an event should cause us to run it
from the event loop, but not immediately from the point where we
enable it.

Fixes bug 27003; bugfix on 0.3.4.1-alpha.
2018-08-02 10:14:56 -04:00
Nick Mathewson
f83b417bf8 Suppress strict-prototypes warning in crypto_nss_mgt.c 2018-08-02 08:41:33 -04:00
Nick Mathewson
727f1676d6 Fix double-link of crypto_openssl_mgt.c 2018-08-02 08:38:59 -04:00
Nick Mathewson
b590cc0449 Add a cast to make clang happier. 2018-08-02 08:36:24 -04:00
Nick Mathewson
861d690018 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-01 14:37:07 -04:00
Nick Mathewson
af97879446 Merge branch 'maint-0.3.4' 2018-08-01 14:37:07 -04:00
Nick Mathewson
eb604f5faa Fix build on GNU/Hurd. Patch from paulusASol. Closes 26873. 2018-08-01 14:37:03 -04:00
Nick Mathewson
fe3bacf50a Convert __OwningControllerFD to a 64-bit value
This lets us potentially use it for internal passing of windows
sockets.
2018-08-01 11:01:52 -04:00
Nick Mathewson
c77fe82155 Add API for creating an owning controller FD and passing it to tor_main 2018-08-01 11:01:52 -04:00
Nick Mathewson
9a89450b6d tor_api: Extend tor_api code so it can pass extra arguments to main.
We need this so that the tor_api user can specify some arguments,
while the tor_api implementation adds others.

This implementation detail should not be visible to tor_api users.
2018-08-01 11:01:52 -04:00
Nick Mathewson
ff7229b32c Document new helper functions in socketpair.c 2018-08-01 11:01:52 -04:00
Nick Mathewson
1b7b9c7e63 Reindent tor_ersatz_socketpair 2018-08-01 11:01:52 -04:00
Nick Mathewson
fc0dc5aa9e Refactor tor_ersatz_socketpair() not to need socket.
This change also makes tor_ersatz_socketpair() follow the same
interface as socketpair() rather than tor_socketpair(), so it now
needs to be wrapped in the same code as socketpair() does.
2018-08-01 11:01:52 -04:00
Nick Mathewson
9b24609af0 Remove dependency from socketpair.c on address.h
Also refactor some annoying code in tor_ersatz_socketpair.
2018-08-01 09:24:22 -04:00
Nick Mathewson
2884639ad6 Extract tor_ersatz_socketpair into a new c file
I'm doing this because I want to make it a lower-level function
again, so that we can use it without linking in the rest of the
universe.
2018-08-01 08:47:27 -04:00
Nick Mathewson
a4c0a0e81e Fix issues with crypto_ope compilation now that crypto.h is gone 2018-07-31 19:56:42 -04:00
Nick Mathewson
fdaa483098 Merge branch 'nss_dh_squashed' into nss_dh_squashed_merged 2018-07-31 19:56:23 -04:00
Nick Mathewson
17f922d371 Only link crypto_dh_openssl.c once
(We do this unconditionally, since we still need it for tortls.c)
2018-07-31 19:46:00 -04:00
Nick Mathewson
f5e22358b0 Additional tests for NSS DH
Notably, there's a test to make sure that it round-trips with
OpenSSL, if OpenSSL is enabled.
2018-07-31 19:46:00 -04:00
Nick Mathewson
17ea931ac7 Implement DH in NSS. 2018-07-31 19:46:00 -04:00
Nick Mathewson
32bbc8f6b5 Refactor the dependency between tortls and crypto_dh.
We only ever need this to get us a DH ephemeral key object,
so make a function that does just that.
2018-07-31 19:46:00 -04:00
Nick Mathewson
ac9a470c64 Extract the shared part of crypto_dh_compute_secret. 2018-07-31 19:46:00 -04:00
Nick Mathewson
60a5b78480 Extract the OpenSSL DH functionality to a new file. 2018-07-31 19:46:00 -04:00
Nick Mathewson
99beed152e Make the rust tests link. 2018-07-31 19:46:00 -04:00
Nick Mathewson
2d80673b9a Fix "make distcheck." 2018-07-31 19:46:00 -04:00
Nick Mathewson
76e10ee6b9 Use NSS for AES_CTR. 2018-07-31 19:46:00 -04:00
Nick Mathewson
60705a5719 Use NSS in crypto_rand.c
This is comparatively straightforward too, except for a couple of
twists:

   * For as long as we're building with two crypto libraries, we
     want to seed _both_ their RNGs, and use _both_ their RNGs to
     improve the output of crypto_strongest_rand()

   * The NSS prng will sometimes refuse to generate huge outputs.
     When it does, we stretch the output with SHAKE.  We only need
     this for the tests.
2018-07-31 19:46:00 -04:00
Nick Mathewson
be8d497b65 Make sure NSS is initialized before running benchmarks 2018-07-31 19:46:00 -04:00
Nick Mathewson
f64c9dccde Use NSS's digest code in Tor.
This was a fairly straightforward port, once I realized which layer
I should be calling into.
2018-07-31 19:46:00 -04:00
Nick Mathewson
772106c6bc Add a new function, tor_api_get_provider_version()
Closes ticket 26947.
2018-07-31 09:18:54 -04:00
Nick Mathewson
7e4ac0283e Merge remote-tracking branch 'teor/bug26986' 2018-07-31 08:50:38 -04:00
Nick Mathewson
a67d153cc7 Always call tor_free_all() when exiting tor_run_main()
We would usually call it through tor_cleanup(), but in some code
paths, we wouldn't. These paths would break restart-in-process,
since leaving fields uncleared would cause assertion failures on
restart.

Fixes bug 26948; bugfix on 0.3.3.1-alpha
2018-07-31 08:45:17 -04:00
Roger Dingledine
fe9f585143 fix wrong word in comment 2018-07-30 22:35:33 -04:00
teor
9118430b14 Use Windows-compatible format strings in tor-print-ed-signing-cert.c
Fixes bug 26986; bugfix on master.
2018-07-31 11:21:28 +10:00
teor
e26794ace9 Add TOR_PRIdSZ to torint.h 2018-07-31 11:21:28 +10:00
Nick Mathewson
acb54dee7b Remove a now-obsolete comment about deadcode_dummy__ 2018-07-30 09:09:10 -04:00
Nick Mathewson
70b16bc679 Merge branch 'ticket26890' 2018-07-30 09:08:39 -04:00
Nick Mathewson
21babc8d3f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-30 09:01:59 -04:00
Nick Mathewson
3a6bd21440 Merge remote-tracking branch 'teor/bug26627_033_merged_master' 2018-07-30 09:01:55 -04:00
Nick Mathewson
4f854dbdc2 Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3 2018-07-30 09:01:45 -04:00
Nick Mathewson
49d8a2109f Update include in tor-print-ed-signing-cert 2018-07-30 08:57:18 -04:00
Nick Mathewson
ff593ae878 Merge remote-tracking branch 'rl1987/feature19506_3' 2018-07-30 08:55:57 -04:00
Nick Mathewson
13393b2d91 Merge remote-tracking branch 'rl1987/ticket21349_4' 2018-07-30 08:49:49 -04:00
Nick Mathewson
7d66ec0feb Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-30 08:45:01 -04:00
Nick Mathewson
a159eaf45f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-30 08:45:01 -04:00
Nick Mathewson
ec1ced3cc1 Merge remote-tracking branch 'teor/bug26924' 2018-07-30 08:44:58 -04:00
Nick Mathewson
fea35ddf00 Merge remote-tracking branch 'teor/bug26924_032' into maint-0.3.2 2018-07-30 08:44:40 -04:00
Nick Mathewson
ac9d08f66a Merge remote-tracking branch 'juga/ticket3723_03_squashed_rebased' 2018-07-30 08:33:59 -04:00
Nick Mathewson
811ed8cf9f Merge remote-tracking branch 'rl1987/bug26892_take2' 2018-07-30 08:24:14 -04:00
Nick Mathewson
d102e9c2e4 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-30 08:17:25 -04:00
Nick Mathewson
5823e62fa2 Merge branch 'maint-0.3.4' 2018-07-30 08:17:25 -04:00
Nick Mathewson
15d7f24c57 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-30 08:17:24 -04:00
Taylor Yu
a8bdb851eb Don't disable an unsupported compiler warning
Conditionalize the pragma that temporarily disables
-Wunused-const-variable.  Some versions of gcc don't support it.  We
need to do this because of an apparent bug in some libzstd headers.
Fixes bug 26785; bugfix on 0.3.2.11.
2018-07-26 12:32:34 -05:00
rl1987
ffdfd39d4f Early bailout from log_addr_has_changed() if running as client 2018-07-26 17:49:27 +03:00
teor
db2a9180be
Remove comment about Tor2web
Part of #26367.
2018-07-25 17:40:20 +10:00
teor
d01602bebb Merge branch 'bug26924_032' into bug26924
Update rendcommon.h include path.
2018-07-25 14:50:45 +10:00
teor
859d5a7375 Improve connection auth logging
Improve the log message when connection initiators fail to authenticate
direct connections to relays.

Fixes bug 26927; bugfix on 0.3.0.1-alpha.
2018-07-25 14:39:31 +10:00
teor
fdc3ad6259 Merge branch 'bug26924_029' into bug26924_032 2018-07-25 14:33:10 +10:00
teor
6443812e34 Stop logging link auth warnings on Single Onion Services and Tor2web
Instead, log a protocol warning when single onion services or
Tor2web clients fail to authenticate direct connections to relays.

Fixes bug 26924; bugfix on 0.2.9.1-alpha.
2018-07-25 14:30:33 +10:00
teor
fc4d08e260 Merge branch 'bug26627_033' into bug26627_033_merged_master 2018-07-25 09:17:17 +10:00
teor
3821081a55 Stop putting unsupported ed25519 link auth in v3 onion service descs
Stop putting ed25519 link specifiers in v3 onion service descriptors,
when the intro point doesn't support ed25519 link authentication.

Fixes bug 26627; bugfix on 0.3.2.4-alpha.
2018-07-25 09:16:15 +10:00
teor
a99920c7d4 Stop sending unsupported ed25519 link specifiers in v3 introduce cells
Stop sending ed25519 link specifiers in v3 onion service introduce
cells, when the rendezvous point doesn't support ed25519 link
authentication.

Fixes bug 26627; bugfix on 0.3.2.4-alpha.
2018-07-25 09:16:04 +10:00
rl1987
042d22c8d1 Split select_entry_guard_for_circuit() 2018-07-21 18:38:33 +03:00
rl1987
e6c51a056c Make entry_guards_update_primary() shorter 2018-07-21 18:38:33 +03:00
rl1987
86549c0d9e Split sampled_guards_update_from_consensus() into subfunctions 2018-07-21 18:38:33 +03:00
Neel Chauhan
f80cfc4476 Add a "reject *:*" line after parsing in parse_reachable_addresses() 2018-07-20 21:38:28 -04:00
Neel Chauhan
fe18776349 Don't prepend reject *:* to Reachable(OR/Dir)Addresses in options_validate() 2018-07-20 21:36:23 -04:00
rl1987
9c34f95b89 Scrub IP in channel_tls_process_netinfo_cell() if SafeLogging is on 2018-07-20 21:13:38 +03:00
Nick Mathewson
c515dc8d0d Remove over-cleverness from our coverity BUG() definition.
Our previous definition implied that code would never keep running
if a BUG occurred (which it does), and that BUG(x) might be true
even if x was false (which it can't be).

Closes ticket 26890. Bugfix on 0.3.1.4-alpha.
2018-07-20 11:19:54 -04:00
Nick Mathewson
9ae3597540 Tweak assertion in get_time_period_length() for coverity
This is another attempt to fix 1437668.  The assertion here should
be safe, since the rules of networkstatus_get_param() keep the value
it returns in range.
2018-07-20 11:02:07 -04:00
Nick Mathewson
977821e59f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-20 10:42:29 -04:00
Nick Mathewson
dbf57ecf39 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-20 10:42:29 -04:00
Nick Mathewson
583df33e20 Merge branch 'maint-0.3.4' 2018-07-20 10:42:29 -04:00
Nick Mathewson
be3a962ca7 Merge branch 'ticket26647_032' into maint-0.3.2 2018-07-20 10:42:23 -04:00
Nick Mathewson
3c49019016 Merge branch 'maint-0.3.4' 2018-07-19 14:34:26 -04:00
Nick Mathewson
7260d07fee Fix linking when dirauth module is disabled.
Bugfix on dcee4d4c9c, bug not in any
released Tor.
2018-07-19 14:33:18 -04:00
Nick Mathewson
c1092e9aab Merge remote-tracking branch 'ahf-github/bugs/26780' 2018-07-19 12:22:39 -04:00
Nick Mathewson
7253603e6b Merge branch 'bug26712' 2018-07-19 12:20:13 -04:00
Nick Mathewson
b44fce6716 Merge branch 'maint-0.3.4' 2018-07-19 08:32:00 -04:00
Nick Mathewson
0a60a94a55 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-19 08:31:07 -04:00
Nick Mathewson
27f5bd52fe Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-19 08:31:07 -04:00
Nick Mathewson
209332e71a Merge remote-tracking branch 'teor/bug26853_032' into maint-0.3.2 2018-07-19 08:30:59 -04:00
Roger Dingledine
144fc9bef1 wrap a multi-line if body in { } before somebody gets hurt 2018-07-18 21:23:35 -04:00
Nick Mathewson
9e247ac271 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-18 16:39:10 -04:00
Nick Mathewson
39d3187b0d Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-18 16:39:10 -04:00
Nick Mathewson
78386d8cdd Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-18 16:39:10 -04:00
Nick Mathewson
501deba8cf Try putting ulimit -c 0 in test_bt.sh to see if it fixes bug 26787 2018-07-18 16:33:48 -04:00
Nick Mathewson
42c02097db Add two more dependencies in build.rs 2018-07-18 16:20:31 -04:00
Nick Mathewson
0c4c5eeb55 Use the "testing" variant of several C libraries in build.rs 2018-07-18 16:18:25 -04:00
Nick Mathewson
e2261e7727 Merge remote-tracking branch 'isis/bug26398' 2018-07-18 16:12:29 -04:00
Nick Mathewson
23811052fe Add some missing includes and struct declarations. 2018-07-18 15:12:18 -04:00
Nick Mathewson
61e080e24a Merge branch 'maint-0.3.4' 2018-07-18 15:09:28 -04:00
Nick Mathewson
a7bd20ebaf Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-18 15:08:57 -04:00
Nick Mathewson
c31700d664 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-18 15:04:14 -04:00
Nick Mathewson
559f79fd79 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-18 15:03:27 -04:00
Nick Mathewson
a321d72401 Merge branch 'bug26485_029_squashed' into maint-0.2.9 2018-07-18 15:01:03 -04:00
Nick Mathewson
fd5dce0a1b Add a test for format_recommended_version_list. 2018-07-18 15:00:53 -04:00
Nick Mathewson
8ee1fe7aa7 Warn when an authority has voted for a version with a space in it.
Another way to try to prevent a recurrence of 26485.
2018-07-18 15:00:53 -04:00
Nick Mathewson
dcee4d4c9c Warn the directory authority operator if their versions list is bogus
Prevents bug 26485; bugfix on 0.1.1.6-alpha.
2018-07-18 15:00:53 -04:00
Nick Mathewson
ef5c3c8216 Merge branch 'ulimit_when_crashing' 2018-07-18 09:38:04 -04:00
teor
449d190e2e
SKIP test_key_expiration.sh on Windows until the underlying issue is resolved
Skip an unreliable key expiration test on Windows, until the underlying
issue in bug 26076 is resolved.

Fixes bug 26853; bugfix on 0.3.2.1-alpha.
2018-07-18 12:37:12 +10:00
Nick Mathewson
ee12c11dd4 Increase line coverage in libtor-string to 100%
(On linux.)
2018-07-17 16:47:32 -04:00
Nick Mathewson
e2b744ce38 Merge branch 'bug25552_ope_squashed' 2018-07-17 16:19:32 -04:00
George Kadianakis
14b507e520 Improve a log message. 2018-07-17 15:57:46 -04:00
George Kadianakis
9e6235d290 Fix time source bug in sr_state_get_start_time_of_current_protocol_run().
The following bug was causing many issues for this branch in chutney:

In sr_state_get_start_time_of_current_protocol_run() we were using the
consensus valid-after to calculate beginning_of_current_round, but we were
using time(NULL) to calculate the current_round slot. This was causing time
sync issues when the consensus valid-after and time(NULL) were disagreeing on
what the current round is. Our fix is to use the consensus valid-after in both
places.

This also means that we are not using 'now' (aka time(NULL)) anymore in that
function, and hence we can remove that argument from the function (and its
callers). I'll do this in the next commit so that we keep things separated.

Furthermore, we fix a unittest that broke.
2018-07-17 15:57:46 -04:00
George Kadianakis
4cfade2f46 Set revision counter before uploading, not during building.
We only build a descriptor once, and we just re-encode it (and change its intro
points if needed) before uploading.

Hence we should set the revision counter before uploading, not during building.
2018-07-17 15:57:46 -04:00
George Kadianakis
0140052a35 Make the OPE scheme return CRYPTO_OPE_ERROR on error.
Instead of UINT64_MAX.
2018-07-17 15:57:46 -04:00
George Kadianakis
d8b71609cb Compute OPE cipher structure only when needed.
The OPE cipher is tied to the current blinded key which is tied to the current
time period. Hence create the OPE cipher structure when we create a new
descriptor (and build its blinded key).
2018-07-17 15:57:46 -04:00
George Kadianakis
1d2333405e Remove now useless rev counter state file code.
We are not using the state file for rev counters anymore, we just generate them
on the fly!
2018-07-17 15:57:46 -04:00
George Kadianakis
2e8d4139a7 Fix up some unittests by being more careful with the local time.
Now that the rev counter depends on the local time, we need to be more careful
in the unittests. Some unittests were breaking because they were using
consensus values from 1985, but they were not updating the local time
appropriately. That was causing the OPE module to complain that it was trying
to encrypt insanely large values.
2018-07-17 15:57:46 -04:00
George Kadianakis
5fb6f656df Use approx_time() instead of time(NULL) in some HS functions.
These were breaking our unittests.
2018-07-17 15:57:46 -04:00
George Kadianakis
05c362274b Compute the description revision counter using the OPE scheme.
To do so for a given descriptor, we use the "seconds since the SR protocol run"
started, for the SRV that is relevant to this descriptor. This is guaranteed to
be a positive value (since we need an SRV to be able to build a descriptor),
and it's also guaranteed to be a small value (since SRVs stop being listed on a
consensus after 48 hours).

We cannot use the "seconds since the time period started", because for the next
descriptor we use the next time period, so the timestamp would end up negative.
See [SERVICEUPLOAD] from rend-spec-v3.txt for more details.

To do so, we have to introduce a new `is_current` argument to a bunch of
functions, because to use "seconds since the SR protocol run" we need to know
if we are building the current or the next descriptor, since we use a different
SRV for each descriptor.
2018-07-17 15:57:46 -04:00
George Kadianakis
deec6913c5 Introduce useful SRV funcs (start time of prev protocol run) 2018-07-17 15:57:46 -04:00
George Kadianakis
34a5eb5904 Increase OPE_INPUT_MAX. 2018-07-17 15:57:46 -04:00
Nick Mathewson
3a45f6ffe9 Implementation for a simple order-preserving encryption scheme.
This is meant for use when encrypting the current time within the
period in order to get a monotonically increasing revision counter
without actually revealing our view of the time.

This scheme is far from the most state-of-the-art: don't use it for
anything else without careful analysis by somebody much smarter than
I am.

See ticket #25552 for some rationale for this logic.
2018-07-17 15:57:46 -04:00
Nick Mathewson
304ee896d1 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-17 14:56:52 -04:00
Nick Mathewson
28d1057d56 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-17 14:56:52 -04:00
Nick Mathewson
61a2762e35 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-17 14:56:52 -04:00
Nick Mathewson
12afdcc15a Merge branch 'maint-0.3.4' 2018-07-17 14:56:52 -04:00
teor
6dafddd05d SKIP test_keygen.sh on Windows until the underlying issue is resolved
Skip an unreliable key generation test on Windows, until the underlying
issue in bug 26076 is resolved.

Fixes bug 26830; bugfix on 0.2.7.3-rc.
2018-07-17 14:56:18 -04:00
Nick Mathewson
4833717d69 Merge branch 'maint-0.3.4' 2018-07-17 14:46:16 -04:00
Nick Mathewson
c7dcf252fd Merge remote-tracking branch 'ahf-github/bugs/26437' 2018-07-17 14:33:31 -04:00
Neel Chauhan
32db806dfa Teach the OOM handler about the DNS cache 2018-07-17 09:19:27 -04:00
rl1987
8645647250 Fix build to work with --disable-unittests again 2018-07-17 12:09:34 +00:00
Kevin Gallagher
4ba26f95d5 control: Add new 'uptime' message to GETINFO
Sends the Tor controller the uptime in seconds.
Highly useful for monitoring purposes.
2018-07-16 19:19:10 -07:00
Neel Chauhan
d807ca1b01 Add and use dns_cache_total_allocation() 2018-07-16 17:19:53 -04:00
David Goulet
5aaea38d88 Merge remote-tracking branch 'pastly/issue26703' 2018-07-16 14:44:45 -04:00
teor
79f249e786 dirauth: Handle V3BandwidthsFile failure modes according to the new spec
If an authority is not configured with a V3BandwidthsFile, this line
SHOULD NOT appear in its vote.

If an authority is configured with a V3BandwidthsFile, but parsing
fails, this line SHOULD appear in its vote, but without any headers.

Part of 3723, implements the spec in 26799.
2018-07-16 14:43:49 +00:00
juga0
9773311b20 Add keyval header, that was moved to other file 2018-07-16 14:43:49 +00:00
juga0
c6aee94d19 Add tests for max length bw file headers 2018-07-16 14:43:49 +00:00
juga0
8164534f46 Ensure that bw_file_headers is not bigger than max 2018-07-16 14:43:49 +00:00
juga0
317d930f08 Add test with NULL bw_file_header
and complete v1.0.0 bandwidth file
2018-07-16 14:43:49 +00:00
juga0
e87793bae5 Move bandwidth file tests to same function
also add tests for bw_file_headers.
Headers are all that is found before a correct relay line or
the terminator.
Tests include:
* a empty bandwidth file
* a bandwidth file with only timestamp
* a bandwidth file with v1.0.0 headers
* a bandwidth file with v1.0.0 headers and relay lines
* a bandwidth file with v1.1.0 headers and v1.0.0 relay lines
* a bandwidth file with v1.0.0 headers, malformed relay lines and
  relay lines
* a bandwidth file with v1.0.0 headers, malformed relay lines,
  relay lines and malformed relay lines
* a bandwidth file with v1.1.0 headers without terminator
* a bandwidth file with v1.1.0 headers with terminator
* a bandwidth file with v1.1.0 headers without terminator and
  relay lines
* a bandwidth file with v1.1.0 headers with terminator and relay
  lines
* a bandwidth file with v1.1.0 headers without terminator, bad
  relay lines and relay lines
* a bandwidth file with v1.1.0 headers with terminator, bad relay
  lines and relay lines
2018-07-16 14:43:49 +00:00
juga0
87fc409a70 Replace bwlist by bw_file and terminator condition
If bandwidth file terminator is found, set end of headers flag
and do not store the line.
If it is not, parse a relay line and check whether it is a header
line.
2018-07-16 14:43:49 +00:00
juga0
f906d9be11 Replace bwlist by bw_file
and add bw file terminator constant
2018-07-16 14:43:49 +00:00
juga0
d79c65772b Rename bwlist to bw_file and banwidth to
bandwidth-file
2018-07-16 14:43:49 +00:00
juga0
6d8bc12583 Free bw_list_headers in networstatus_t 2018-07-16 14:43:49 +00:00
juga0
106eb08d27 Add bw_file_headers to networkstatus_t 2018-07-16 14:43:49 +00:00
juga0
f0a4a5f726 Check that the header is key_value
to avoid interpreting as headers extra lines that are not key_values
2018-07-16 14:43:49 +00:00
juga0
086060e138 Do not add bw file line to the vote
when there are not bw file headers lines.
2018-07-16 14:43:49 +00:00
juga0
e5dd46beab Add the Bandwidth List file headers to votes
* add bwlist_headers argument to dirserv_read_measured_bandwidth
  in order to store all the headers found when parsing the file
* add bwlist_headers to networkstatus_t in order to store the
  the headers found by the previous function
* include the bandwidth headers as string in vote documents
* add test to check that dirserv_read_measured_bandwidth generates
  the bwlist_headers
2018-07-16 14:43:48 +00:00
Nick Mathewson
f8e9c4a894 Try putting ulimit -c 0 in test_bt.sh to see if it fixes bug 26787 2018-07-16 07:53:43 -04:00
Nick Mathewson
8505522e50 Avoid a use-after-null-check in proto_socks.c
Coverity rightly complains that early in the function we're checking
whether username is NULL, and later we're passing it unconditionally
to strlen().

Fixes CID 1437967.  Bug not in any released Tor.
2018-07-16 07:51:11 -04:00
Nick Mathewson
ef234ba303 Merge branch 'socks_trunnel4_squashed_merged' 2018-07-15 17:07:20 -04:00
Nick Mathewson
f608cc0f31 Merge remote-tracking branch 'tor-github/pr/179' 2018-07-13 18:30:17 -04:00
Nick Mathewson
27dd2b1f1f Make nss get initialized before we fuzz anything. 2018-07-13 12:35:22 -04:00
Nick Mathewson
d811ce2421 Add postfork support for nss
We need this in our unit tests, since otherwise NSS will notice
we've forked and start cussing us out.

I suspect we'll need a different hack for daemonizing, but this
should be enough for tinytest to work.
2018-07-13 12:35:22 -04:00
Nick Mathewson
c317e78dd7 Initialize and shut down NSS.
This is largely conjectural, based on online documentation for NSS
and NSPR.
2018-07-13 12:35:22 -04:00
Alexander Færøy
46501cdd18 Fix forking tests on Windows when there is a space in the path.
See: https://bugs.torproject.org/26437
2018-07-13 12:46:18 +02:00
Alexander Færøy
c9de65f966 Add checks in get_net_param_from_list() for valid output domain.
This patch adds two assertions in get_net_param_from_list() to ensure
that the `res` value is correctly within the range of the output domain.

Hopefully fixes Coverity CID #1415721, #1415722, and #1415723.

See: https://bugs.torproject.org/26780
2018-07-13 12:43:57 +02:00
Nick Mathewson
710188f84e Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-12 14:32:16 -04:00
Nick Mathewson
98ee23ca1e Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-12 14:32:16 -04:00
Nick Mathewson
e0f33c1d3e Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-12 14:32:16 -04:00
Nick Mathewson
b6c50c6259 Merge branch 'maint-0.3.4' 2018-07-12 14:32:16 -04:00
Nick Mathewson
04512d9fcd SOCKS: Always free username/password before setting them.
This fixes a memory leak found by fuzzing.
2018-07-12 14:20:56 -04:00
Nick Mathewson
2d0e1cef20 Add fuzzing wrapper for fetch_from_buf_socks() 2018-07-12 14:20:46 -04:00
Roger Dingledine
cd4795ca3e put new bridge auth Serge into place
The "Bifroest" bridge authority has been retired; the new bridge authority
is "Serge", and it is operated by George from the TorBSD project.

Closes ticket 26771.
2018-07-12 14:12:13 -04:00
Nick Mathewson
7556933537 Merge branch 'socks_trunnel4_squashed' into socks_trunnel4_squashed_merged 2018-07-12 11:47:25 -04:00
rl1987
ba3121191b Use constants for possible values of first octet 2018-07-12 11:41:44 -04:00
rl1987
f27dc41627 Remove prop229 stuff from socks5.trunnel 2018-07-12 11:41:44 -04:00
rl1987
4c845fcf9e Rework socks_request_set_socks5_error() with trunnel 2018-07-12 11:41:44 -04:00
rl1987
a6af21c1b7 Document new code 2018-07-12 11:41:44 -04:00
rl1987
58cb2ed243 Fix buf_t advancement in fetch_buf_from_socks
We pullup 512 bytes of input to make sure that at least one SOCKS
message ends up in head of linked list
2018-07-12 11:41:44 -04:00
rl1987
01cf3007b5 Make a distinction between truncated message and expecting more messages 2018-07-12 11:41:42 -04:00
rl1987
fb105404f2 Fix whitespace/formatting 2018-07-12 11:41:20 -04:00
rl1987
d2e54ff8a5 Remove legacy SOCKS5 phase 2 code 2018-07-12 11:41:05 -04:00
rl1987
94706a427a Add CMD_RESOLVE to socks5_client_request 2018-07-12 11:41:05 -04:00
rl1987
bcbd3fb71e Second phase of SOCKS5 2018-07-12 11:41:05 -04:00
rl1987
57342b19f5 Remove legacy RFC1929 code 2018-07-12 11:41:05 -04:00
rl1987
9068ac3cac Implement SOCKS5 user/pass handling 2018-07-12 11:41:04 -04:00
rl1987
75106a26b4 Fix type in socks5.trunnel 2018-07-12 11:40:49 -04:00
rl1987
853d9b869d Remove legacy SOCKS5 phase 1 code 2018-07-12 11:40:49 -04:00
rl1987
63c478c1c4 Call new SOCKS code from parse_socks, to parse multiple packets in row 2018-07-12 11:40:49 -04:00
rl1987
27333b2298 Reimplement phase 1 of SOCKS5 using trunnel
squash! Reimplement phase 1 of SOCKS5 using trunnel
2018-07-12 11:40:49 -04:00
rl1987
c6a0b04d33 Remove legacy SOCKS4 code 2018-07-12 11:40:49 -04:00
rl1987
b160929c22 Add RESOLVE (0xF0) command to socks4_client_request 2018-07-12 11:40:49 -04:00
rl1987
9155e08450 Parsing SOCKS4/4a request using trunnel impl 2018-07-12 11:40:49 -04:00
Roger Dingledine
0317eb143e Remove a redundant typedef in proto_ext_or.h 2018-07-12 11:02:22 -04:00
Nick Mathewson
4ac87a430f Remove a redundant typedef in addr_policy_st.h 2018-07-12 10:35:29 -04:00
Nick Mathewson
a7ec493d88 Merge remote-tracking branch 'imnotbad/bug26663' 2018-07-12 08:59:23 -04:00
Nick Mathewson
f45107e7de Rename crypto.c to crypto_cipher.c (since that's all it still has.) 2018-07-11 14:12:36 -04:00
Nick Mathewson
9010797e63 Remove most includes from crypto.c 2018-07-11 14:02:23 -04:00
Nick Mathewson
922208bd2d Extract and rename crypto_log_errors(). 2018-07-11 13:54:47 -04:00
Nick Mathewson
8e2df98860 Move crypto_add_spaces_to_fp() to crypto_rsa.c 2018-07-11 13:51:26 -04:00
Nick Mathewson
12a1ada158 Move the initialization and cleanup parts of crypto.c
These are now part of crypto_init.c.  The openssl-only parts now
live in crypto_openssl_mgt.c.

I recommend reviewing this patch with -b and --color-moved.
2018-07-11 13:45:49 -04:00
Nick Mathewson
79267bad65 Add a configure switch to build with NSS.
When it is set, include the NSS headers and libraries as
appropriate.  Doesn't actually use them yet, though.
2018-07-11 13:22:20 -04:00
Nick Mathewson
92db96d80f Make our crypto library symbolic in the makefiles. 2018-07-11 12:51:36 -04:00
Nick Mathewson
2b52360448 Only use OpenSSL kdf support if it is present.
We have to check for ERR_load_KDF_strings() here, since that's the
only one that's actually a function rather than a macro.

Fixes compilation with LibreSSL.  Fixes bug 26712; bug not in
any released Tor.
2018-07-11 10:19:06 -04:00
Nick Mathewson
5aee26ee46 Move all use cases of micro-revision.i to a single place
That place is git-revision.c; git-revision.c now lives in lib/log.

Also fix the compilation rules so that all object files that need
micro-revision.i depend on it.
2018-07-11 09:52:39 -04:00
Nick Mathewson
537092cdbb Merge branch 'ticket26223' 2018-07-10 20:18:28 -04:00
Nick Mathewson
c90961a923 Document compat_getdelim_. 2018-07-10 20:18:20 -04:00
Nick Mathewson
391ef5e42c Explain why we use raw_free with getdelim result. 2018-07-10 20:16:37 -04:00
Nick Mathewson
b6d0e7caa4 Rename tm_cvt to time_to_tm 2018-07-10 15:25:53 -04:00
Nick Mathewson
e7f5f48d68 Rename torlog.[ch] to log.[ch]
Fun fact: these files used to be called log.[ch] until we ran into
conflicts with systems having a log.h file.  But now that we always
include "lib/log/log.h", we should be fine.
2018-07-10 15:20:30 -04:00
Nick Mathewson
41640b6573 Rename util_malloc to malloc. 2018-07-10 15:16:57 -04:00
Nick Mathewson
6711a172c0 Merge remote-tracking branch 'neel/fbsd-cfix' 2018-07-10 14:50:49 -04:00
Nick Mathewson
a2c44a7a7e Isolate resolve.h usage in the modules that really need it.
(Almost none of Tor should actually need to touch the platform resolver.)
2018-07-10 13:36:45 -04:00
Nick Mathewson
8de48c111c Remove addr_port_lookup.
This lets us cut the dependency from address.c to resolve.c: the
address.c module now has no paths to the libc resolver in it.
2018-07-10 13:32:37 -04:00
Nick Mathewson
2f657a1416 Remove all users of addr_port_lookup outside of address.c
This function has a nasty API, since whether or not it invokes the
resolver depends on whether one of its arguments is NULL.  That's a
good way for accidents to happen.

This patch incidentally makes tor-resolve support socks hosts on
IPv6.
2018-07-10 13:23:37 -04:00
Nick Mathewson
c2ddb7b231 Move tor_addr_{,port_}lookup to resolve.c 2018-07-10 13:00:02 -04:00
Nick Mathewson
5d8336c182 Refactor ipv[46].[ch]
These are now combined into an inaddr.[ch], since their purpose is
to implement functions for struct in_addr and struct in6_addr.

The definitions for in6_addr and its allies are now in a separate
header, inaddr_st.h.

Closes ticket 26532.
2018-07-10 12:50:38 -04:00
Neel Chauhan
6d58c20d94 Fix build on FreeBSD post-refactor 2018-07-10 12:32:14 -04:00
Nick Mathewson
ef106ce788 Document the headers in src/app/config/ 2018-07-10 12:28:31 -04:00
Nick Mathewson
4f42c923d6 File-level summary documentation for src/lib/*/*.[ch] 2018-07-10 12:22:01 -04:00
Nick Mathewson
e3e6335a08 Add controller support for listing ExtORPort and HTTPTunnelPorts
Closes ticket 26647.
2018-07-10 10:50:43 -04:00
Nick Mathewson
951d59d706 Use tor_getline() in dirserv.c to remove its upper line limit.
Closes ticket 26223.
2018-07-10 10:36:49 -04:00
Nick Mathewson
6574d4bd27 Refactor dirserv_read_measured_bandwidths to have a single exit point 2018-07-10 10:36:49 -04:00
Nick Mathewson
b04d719c10 Integrate getdelim() and getline() support into Tor. 2018-07-10 10:36:49 -04:00
Nick Mathewson
1604c0fe0e Add the compatibility definition for getdelim.c from netbsd.
We shouldn't actually need this code nearly anywhere we build:
getdelim is POSIX, and mingw provides it.
2018-07-10 10:14:24 -04:00
Nick Mathewson
5ce348c4c7 Bump to 0.3.4.4-rc-dev 2018-07-09 15:17:38 -04:00
Nick Mathewson
f5e3bcb60b Bump to 0.3.3.8-dev. 2018-07-09 15:17:16 -04:00
Nick Mathewson
19f2057d49 Fix some lingering windows compilation issues from Jenkins.
These were caused by the recent refactoring.
2018-07-09 12:54:40 -04:00
Nick Mathewson
eb856a3e51 strcasecmp should not take a size_t argument 2018-07-09 11:17:23 -04:00
Matt Traudt
d20feddfcc Lower log level of "Scheduler of type KIST has been enabled" to INFO 2018-07-09 10:48:43 -04:00
Nick Mathewson
98dff5df3f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 10:17:20 -04:00
Nick Mathewson
250e0fc1c4 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-09 10:17:20 -04:00
Nick Mathewson
1b81c4b5f3 Merge branch 'maint-0.3.4' 2018-07-09 10:17:20 -04:00
Nick Mathewson
6ad2c2b92f Merge remote-tracking branch 'github/bug26269_031' into maint-0.3.2 2018-07-09 10:17:17 -04:00
Nick Mathewson
e7463be39b Merge branch 'maint-0.3.4' 2018-07-09 10:16:51 -04:00
Nick Mathewson
83de46eb25 Changes file and comment for 25928. 2018-07-09 10:16:48 -04:00
Nick Mathewson
529faef28e Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 10:15:16 -04:00
Nick Mathewson
69918629f5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-09 10:14:43 -04:00
Nick Mathewson
4a604d9938 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-09 10:14:43 -04:00
Nick Mathewson
8b53dfc362 Merge branch 'bug26269_029' into maint-0.2.9 2018-07-09 10:14:39 -04:00
Nick Mathewson
7746b071d8 Merge remote-tracking branch 'gsomlo/gls-single-da' 2018-07-09 09:59:46 -04:00
Nick Mathewson
a1a55a33c2 Merge branch 'bug26488' 2018-07-09 09:37:14 -04:00
rl1987
46998fc8fd Validate that DirAuthority address is IPv4 2018-07-09 09:37:09 -04:00
Nick Mathewson
03283c00d8 Merge remote-tracking branch 'rl1987/bug26525' 2018-07-09 09:31:12 -04:00
Nick Mathewson
532873a924 Bump to 0.3.3.8 2018-07-09 09:24:07 -04:00
Nick Mathewson
9320100d6e Bump to 0.3.3.4-rc 2018-07-09 09:23:39 -04:00
Nick Mathewson
a95cfb8a58 Clear all control.c flags on control_free_all()
Fixes bug 25512.

(Cherry-picked from 3519d0c808
2018-07-09 09:20:45 -04:00
Nick Mathewson
8e3a52e5c3 Merge branch 'maint-0.3.4' 2018-07-09 09:14:41 -04:00
Nick Mathewson
75d9db9e5b Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 09:14:37 -04:00
Nick Mathewson
f721a08220 Merge remote-tracking branch 'catalyst-github/bug26455_033' into maint-0.3.3 2018-07-09 09:13:58 -04:00
Nick Mathewson
75f7064a13 Merge branch 'maint-0.3.4' 2018-07-09 09:11:42 -04:00
Nick Mathewson
d3894dc34b Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-09 09:11:41 -04:00
Nick Mathewson
1af69c1812 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 09:11:41 -04:00
Nick Mathewson
451a84cecb Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-09 09:11:41 -04:00
Nick Mathewson
fead22fb2a Merge remote-tracking branch 'mikeperry/bug25705_v3_033' into maint-0.3.3 2018-07-09 09:08:58 -04:00
Nick Mathewson
b8554dd880 Make Tor compile with --disable-memory-sentinels again 2018-07-09 08:44:16 -04:00
rl1987
2558634f0c Tool to print expiration date of ed25519_signing_cert 2018-07-08 15:13:33 +02:00
Kaidan
abeb07a1bf Made 'auto' keyword in torrc case insensitive 2018-07-08 00:15:16 +10:00
Karsten Loesing
9faa28b60e Update geoip and geoip6 to the July 3 2018 database. 2018-07-06 20:54:03 +02:00
Nick Mathewson
10c782d7fa Move ntmain.c into libtor-app again
It's needed by main.c

Fixes bug 26662; bug not in any released Tor.
2018-07-06 13:59:40 -04:00
Nick Mathewson
50963f36d7 Actually sort the lines in src/core/include.am 2018-07-05 17:15:50 -04:00
Nick Mathewson
667a6e8fe9 Whoops. Protover.[ch] belong in src/core/or 2018-07-05 17:15:50 -04:00
Nick Mathewson
f720a5a439 Fix everything that previously referred to src/or 2018-07-05 17:15:50 -04:00
Nick Mathewson
5f51c2de8b Fix our build system to know the new locations of the src/or stuff 2018-07-05 17:15:50 -04:00
Nick Mathewson
ef486e3c02 Fix every include path changed in the previous commit (automated)
I am very glad to have written this script.
2018-07-05 17:15:50 -04:00
Nick Mathewson
63b4ea22af Move literally everything out of src/or
This commit won't build yet -- it just puts everything in a slightly
more logical place.

The reasoning here is that "src/core" will hold the stuff that every (or
nearly every) tor instance will need in order to do onion routing.
Other features (including some necessary ones) will live in
"src/feature".  The "src/app" directory will hold the stuff needed
to have Tor be an application you can actually run.

This commit DOES NOT refactor the former contents of src/or into a
logical set of acyclic libraries, or change any code at all.  That
will have to come in the future.

We will continue to move things around and split them in the future,
but I hope this lays a reasonable groundwork for doing so.
2018-07-05 17:15:50 -04:00
Nick Mathewson
81cb0afb2b Start splitting src/or
This is a very gentle commit that just lays the groundwork in the
build system: it puts the include files to build libtor-app.a into
src/core, and to build the tor executable into src/app.  The
executable is now "src/app/tor".
2018-07-05 17:15:50 -04:00
Nick Mathewson
4eac5c6ce6 And tell build.rs to stop looking in src/common 2018-07-05 17:15:24 -04:00
Nick Mathewson
c73bb9937d Fix build.rs to handle removed common. 2018-07-05 17:14:55 -04:00
Nick Mathewson
753b797ca4 Fix up .may_includes for evloop. 2018-07-05 15:50:20 -04:00
Nick Mathewson
1dd5b5f441 Add a missing include. 2018-07-05 15:44:33 -04:00
Nick Mathewson
2d69c32bb6 Clean up include paths for libtor-evloop (automated) 2018-07-05 15:22:17 -04:00
Nick Mathewson
1e417b7275 All remaining files in src/common belong to the event loop. 2018-07-05 15:22:17 -04:00
Nick Mathewson
947de40d19 Move openbsd-malloc responsibility to lib/malloc
(Note that this is not believed to work, but we may as well have it
in the right place till we remove it)
2018-07-05 15:07:08 -04:00
Nick Mathewson
4593829861 Remove util.h
Inline its contents (which were all includes) into or.h, and some of
its contents into other places that didn't include or.h at all.
2018-07-05 15:04:18 -04:00
Nick Mathewson
0adcfbc7c8 Move address_set to src/or
This is temporary, until src/or is split.

Putting this in containers would be another logical alternative,
except that addresses depend on containers, and we don't like
cycles.
2018-07-05 14:51:07 -04:00
Nick Mathewson
24c0f83185 Move socks5_status.h to src/lib/net
There might be a better place for it in the long run, but this is
the best I can think of for now.
2018-07-05 14:48:29 -04:00
Nick Mathewson
0e4b1781f4 Move handles.h to src/lib/container
There might be a better place for it in the long run, but this is
the best we can think of for now.
2018-07-05 14:45:34 -04:00
Nick Mathewson
3d610363ef Include compat_string.h in smartlist.c
We need this for strcasecmp on (some) Windows build environments.

Fix from Gisle Vanem.
2018-07-05 13:53:17 -04:00
Nick Mathewson
fecb8214d5 Try to use stricmp variants that MSDN actually recommends
Per recommendation by Gisle Vanem
2018-07-05 13:51:50 -04:00
Gabriel L. Somlo
97fad99483 Allow single DA if explicitly configured
When on a private network a single directory authority is explicitly
configured, allow that DA's instace of tor to pick itself as its own
DA, by having router_pick_dirserver_generic() set the PDS_ALLOW_SELF
flag when the list of potential sources contains only one element.
This would subsequently allow router_pick_trusteddirserver_impl() to
calculate is 'requreother' condition as 'false', enabling it to pick
itself as a valid DA candidate.

Fixes #25928

Signed-off-by: Gabriel Somlo <gsomlo@gmail.com>
2018-07-03 14:58:47 -04:00
Nick Mathewson
2878dad9db Merge branch 'maint-0.3.4' 2018-07-03 13:31:26 -04:00
Nick Mathewson
32d9d69350 Merge remote-tracking branch 'github/bug26568_034' into maint-0.3.4 2018-07-03 13:16:37 -04:00
Nick Mathewson
df98582851 Merge remote-tracking branch 'github/ticket26626' 2018-07-03 12:52:43 -04:00
Nick Mathewson
fe8f774820 Merge branch 'bug26522' 2018-07-03 11:34:36 -04:00
rl1987
d0525c38d6 Refrain from potentially insecure usage of strncat() 2018-07-03 11:34:14 -04:00
Nick Mathewson
77e678c20d Merge remote-tracking branch 'github/shrink_or_h_more' 2018-07-03 11:09:54 -04:00
Nick Mathewson
02a4442524 Fix up some windows compilation issues.
These were mostly cases where our previous macros had been casting,
and the values that we were trying to printf were not in fact
uint64_t.
2018-07-03 11:00:18 -04:00
Nick Mathewson
d5a3bb960d Retire U64_TO_DBL and DBL_TO_U64
These were necessary long ago to work around a bug in VC6.
2018-07-03 10:45:43 -04:00
Nick Mathewson
9568c0ce3d Return U64_PRINTF_ARG and U64_FORMAT
The standard is printf("%"PRIu64, x);
2018-07-03 10:40:59 -04:00
Nick Mathewson
52884f56d4 Replace U64_LITERAL with the standard UINT64_C 2018-07-03 10:33:50 -04:00
Nick Mathewson
cf0b07c2e5 Retire some unused (or nearly unused) macros. 2018-07-03 10:31:19 -04:00
Nick Mathewson
4638be5312 Use the standard SHRT_MAX name. 2018-07-03 10:28:10 -04:00
Nick Mathewson
c75215c23a Clean up various things that broke with our stdint.h changes
Casting before printf was necessary; now it's not so smart.

We don't have SIZEOF_UINT8_T any more.
2018-07-03 10:26:06 -04:00
Nick Mathewson
e2a94dc481 Require stdint.h and inttypes.h
We've been silently requiring stdint.h for a while now, and nobody
has complained.  Closes ticket 26626.
2018-07-03 10:25:31 -04:00
Nick Mathewson
a01b4d7f87 Merge remote-tracking branch 'rl1987/ticket26527' 2018-07-03 09:53:46 -04:00
Nick Mathewson
a4e8f94507 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-03 09:48:03 -04:00
Nick Mathewson
4c094436c5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-03 09:48:03 -04:00
Nick Mathewson
d38e474950 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-03 09:48:03 -04:00
Nick Mathewson
228d25ddf6 Merge branch 'maint-0.3.4' 2018-07-03 09:48:03 -04:00
rl1987
439b528f25 Rename sandbox_getaddrinfo() et. al. 2018-07-03 15:53:39 +03:00
rl1987
fedb3e46ec Remove ATTR_NONNULL macro 2018-07-03 12:33:09 +03:00
Nick Mathewson
dfdf32404c Partially revert "Use tor_addr_from_getsockname() in several places"
This reverts part of commit 6ed384b827, in order to
fix bug 26568.  Bugfix on 0.3.4.1-alpha.
2018-07-02 16:11:02 -04:00
Nick Mathewson
3baf3d01cb hs_ntor_ref.py: pass only strings to subprocess.Popen
Recent Python3 versions seem to require this on Windows.

Fixes bug 26535; bug copied from ntor_ref.py on 0.3.1.1-alpha.
2018-07-02 14:23:26 -04:00
Nick Mathewson
fc5f8b6931 ntor_ref.py: pass only strings to subprocess.Popen
Recent Python3 versions seem to require this on Windows.

Fixes bug 26535; bug introduced in f4be34f70d, which
was apparently intended itself as a Python3 workaround.
2018-07-02 14:18:41 -04:00
Nick Mathewson
bfcfeaed07 Merge branch 'mikeperry_bug26214-rebased_squashed' into maint-0.3.4 2018-07-02 13:22:07 -04:00
Nick Mathewson
c8ccd028a7 Don't redefine str(n)casecmp on windows unless they're missing
When we do redefine them, use inline functions instead of #define.

This fixes a latent code problem in our redefinition of these
functions, which was exposed by our refactoring: Previously, we
would #define strcasecmp after string.h was included, so nothing bad
would happen.  But when we refactored, we would sometimes #define it
first, which was a problem on mingw, whose headers contain
(approximately):

inline int strcasecmp (const char *a, const char *b)
   { return _stricmp(a,b); }

Our define turned this into:
  inline int _stricmp(const char *a, const char *b)
    { return _stricmp(a,b); }

And GCC would correctly infer that this function would loop forever,
rather than actually comparing anything.  This caused bug 26594.

Fixes bug 26594; bug not in any released version of Tor.
2018-07-02 11:50:17 -04:00
Nick Mathewson
cb1a3674eb File-level documentation for some of src/lib. 2018-07-01 20:22:55 -04:00
Nick Mathewson
83a4946e7b Prune the .may_include files a bit; detect unused lines in them 2018-07-01 18:14:28 -04:00
Nick Mathewson
518ebe14dc fixup! Extract or_options_t from or.h 2018-07-01 16:02:33 -04:00
Nick Mathewson
8d562c040f fixup! Remove system headers from or.h 2018-07-01 15:31:18 -04:00
Nick Mathewson
6c440da926 Remove system headers from or.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
13116378b1 Extract or_options_t from or.h
I decided to have this file included from config.h, though, since it
is used nearly everywhere.
2018-07-01 15:20:37 -04:00
Nick Mathewson
986d761510 Extract or_state_t to its own header.
Fewer modules needed this than I had expected.
2018-07-01 15:20:37 -04:00
Nick Mathewson
f75357ec35 Pull a couple more enums from or.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
6ccd98f93e Move ext_or_cmd_t to proto_ext_or 2018-07-01 15:20:37 -04:00
Nick Mathewson
49f88e77e5 Extract more constants from or.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
f54a5cbfb6 Extract addr_policy_t into a new header. 2018-07-01 15:20:37 -04:00
Nick Mathewson
6da0311d2c Extract various enums and tiny structs from or.h
These all have a logical header to go in.
2018-07-01 15:20:37 -04:00
Nick Mathewson
1743dac078 Minimize headers that include crypto_formats and x25519 stuff 2018-07-01 15:20:37 -04:00
Nick Mathewson
500826479a Remove other needless includes include from or/*.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
471104eaa5 Remove needless includes from or.h
or.h should really include only the minimum of stuff from or/*,
common/*, and lib/*.
2018-07-01 15:20:37 -04:00
Nick Mathewson
7a61a92870 Combine DH_BYTES and DH_KEY_LEN; put them in a lib/defs header. 2018-07-01 11:25:29 -04:00
Nick Mathewson
cf8c3abff1 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-01 10:22:21 -04:00
Nick Mathewson
adcd1d8b9a Merge branch 'maint-0.3.4' 2018-07-01 10:22:21 -04:00
Nick Mathewson
9aeef05f8f Merge remote-tracking branch 'dgoulet/bug26523_033_01' into maint-0.3.3 2018-07-01 10:22:18 -04:00
Nick Mathewson
43dc92441d Tabify all of the .am files. 2018-07-01 09:37:28 -04:00
Nick Mathewson
028523c801 Merge branch 'maint-0.3.4' 2018-06-30 09:15:39 -04:00
Nick Mathewson
e042727cf0 Merge remote-tracking branch 'catalyst-github/bug25895_034-squashed' into maint-0.3.4 2018-06-30 09:15:34 -04:00
Nick Mathewson
57155d38a3 Merge branch 'maint-0.3.4' 2018-06-29 23:12:03 -04:00
Nick Mathewson
8093a63f95 Restor EOL@EOF in routerlist.c 2018-06-29 23:08:45 -04:00
Nick Mathewson
ce940c8c09 Add another winsock2 include, for timeval in procmon. 2018-06-29 19:17:24 -04:00
Nick Mathewson
5921b23e15 add an include to fix macos, and probably bsd too 2018-06-29 14:03:13 -04:00
Nick Mathewson
ed84dab8b4 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-29 13:49:43 -04:00
Nick Mathewson
36c372581f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:49:43 -04:00
Nick Mathewson
75a6e7e256 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:49:43 -04:00
Nick Mathewson
cd3f957219 Merge branch 'maint-0.3.4' 2018-06-29 13:49:43 -04:00
Nick Mathewson
a3ec89a4f8 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-29 13:49:43 -04:00
Nick Mathewson
3c0a63c40f Fix a memory error in test_shared_random
Bug not in any released Tor.
2018-06-29 13:49:02 -04:00
Nick Mathewson
d583459d58 Fix some memory errors in the recent coverity fixes.
Found by asan on travis :/
2018-06-29 13:48:36 -04:00
Nick Mathewson
92b4996b23 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:07:13 -04:00
Nick Mathewson
d3ecb3a8d6 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:07:13 -04:00
Nick Mathewson
1f389dadd0 Merge branch 'maint-0.3.4' 2018-06-29 13:07:13 -04:00
Nick Mathewson
6e9d5fc4ec Merge remote-tracking branch 'ahf-github/maint-0.3.2' into maint-0.3.2 2018-06-29 13:07:07 -04:00
Nick Mathewson
7a47379f25 Merge branch 'maint-0.3.4' 2018-06-29 13:06:16 -04:00
Nick Mathewson
f82f8179e6 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:06:15 -04:00
Nick Mathewson
f6b30a97a9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:06:15 -04:00
Nick Mathewson
68dfbd5ef4 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-29 13:06:15 -04:00
Nick Mathewson
b89a66e997 Merge remote-tracking branch 'ahf-github/maint-0.3.0' into maint-0.3.1 2018-06-29 13:06:11 -04:00
Nick Mathewson
419077c26d Merge remote-tracking branch 'ahf-github/maint-0.3.1' into maint-0.3.1 2018-06-29 13:06:08 -04:00
Nick Mathewson
1a5be3c5e7 Merge branch 'maint-0.3.4' 2018-06-29 13:03:00 -04:00
Nick Mathewson
5ab23e03fa Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:02:56 -04:00
Nick Mathewson
df896ed632 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:00:56 -04:00
Nick Mathewson
fe2588a5a8 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-29 13:00:56 -04:00
Nick Mathewson
1385a5118d Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-29 13:00:56 -04:00
Nick Mathewson
9d5b815dca Add a missing include to timers, to make windows happier 2018-06-29 12:59:43 -04:00
Nick Mathewson
6ac64e16ed Eliminate compat.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
077176a34c Stop using util.h and compat.h in src/trunnel/ 2018-06-29 12:21:52 -04:00
Nick Mathewson
666e3e5ec6 Stop using util.h and compat.h in src/tools 2018-06-29 12:21:52 -04:00
Nick Mathewson
4212a135e1 Remove util.h and compat.h includes from src/common 2018-06-29 12:21:52 -04:00
Nick Mathewson
35e1c497aa Combine compat.h into util.h
This is now just a collection of frequently-used headers.
2018-06-29 12:21:52 -04:00
Nick Mathewson
714788b195 Remove non-windows system includes from compat.h and util.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
71e56c70e9 Remove windows libraries from util.h and compat.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
31897a256c Extract socks5_status_t
I'm not sure of the best place to put this header long-term, since
both or/*.c and tools/tor-resolve.c use it.
2018-06-29 12:21:52 -04:00
Nick Mathewson
080069c7b3 Move SIO_IDEAL_SEND_BACKLOG_QUERY into socket.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
b21108f839 Remove an errant (and unused) include permission in lib/tls 2018-06-29 12:21:52 -04:00
Nick Mathewson
e269044ce0 Remove compat.c and util.c 2018-06-29 12:21:52 -04:00
Nick Mathewson
4e11c2ca6c Extract getpass to a new lib/term library
(Term is short for terminal)
2018-06-29 12:21:52 -04:00
Nick Mathewson
e0957022bd Extract get_uname to lib/osinfo. 2018-06-29 12:21:52 -04:00
Nick Mathewson
207fc4cffe Move SUBTYPE_P into compat_compiler.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
77bc65bbc4 Move bool_eq and bool_neq to lib/intmath 2018-06-29 12:21:52 -04:00
Nick Mathewson
40199b180e Remove read_all and write_all
These had become wrappers around their fd and socket variants; there
were only a few users of the original functions still remaining.
2018-06-29 12:21:52 -04:00
Nick Mathewson
0362cdc169 Move fd and memory-info functions. 2018-06-29 12:21:52 -04:00
Nick Mathewson
973afcc40b Move tor_get_avail_disk_space() to lib/fs 2018-06-29 09:43:00 -04:00
Nick Mathewson
f0319fcbde Merge remote-tracking branch 'catalyst-github/fix-macos-includes' 2018-06-28 18:19:53 -04:00
Taylor Yu
f9e22c68a0 Fix macOS includes
Recent code movement from refactoring missed some includes that seem
to be necessary on macOS.
2018-06-28 17:15:53 -05:00
Nick Mathewson
365179cd16 Fix a bogus n in a comment 2018-06-28 17:21:15 -04:00
Nick Mathewson
c84ab36eff A couple of includes to make windows compile again 2018-06-28 16:37:59 -04:00
Nick Mathewson
935ba02565 Fix paths for buffers.h; automated. 2018-06-28 16:29:35 -04:00
Nick Mathewson
d8b34e0886 Move buffers into container
Split the network-only and compression-only parts of buffers into
the appropriate modules.
2018-06-28 16:28:08 -04:00
Nick Mathewson
be40ad51b6 Add sys/capability.h and sys/prctl.h includes in setuid.c 2018-06-28 15:34:51 -04:00
Nick Mathewson
b67754cd64 compat_threads.c needs string.h for memset. 2018-06-28 15:20:26 -04:00
Nick Mathewson
a742a826f6 Remove all include common/ uses in crypto_ops and tls. 2018-06-28 14:40:25 -04:00
Nick Mathewson
0f02d2c041 Fix windows compilation in compat_time
We need to use lib/fs/winlib.h here so that we can use
GetTickCount64.

I would love to declare that XP is dead, and everybody has
GetTickCount64.
2018-06-28 13:40:21 -04:00
Nick Mathewson
7d7af19f1b Use tor_ntohs in compress.c; avoid a winsocks dependency 2018-06-28 13:39:49 -04:00
Nick Mathewson
326c473b79 fixup! Extract time functionality into lib/wallclock and lib/time 2018-06-28 13:39:09 -04:00
Nick Mathewson
02bb701bba Move DLL support to lib/fs 2018-06-28 13:37:51 -04:00
Nick Mathewson
8fc15e4861 Add ntohs and htons to lib/arch/bytes.h 2018-06-28 13:26:27 -04:00
Nick Mathewson
4dda026f0d Update lib/compress to not require common/*.h 2018-06-28 13:19:58 -04:00
Nick Mathewson
3d1e99d01b Move MIN and MAX into lib/intmath/cmp.h 2018-06-28 13:19:42 -04:00
Nick Mathewson
8736892679 Remove a pair of windows flags used nowhere in our code 2018-06-28 13:02:33 -04:00
Nick Mathewson
57f4b83852 Fix up the include path of compat_time.h (automated) 2018-06-28 13:01:54 -04:00
Nick Mathewson
a097ddb4f5 Extract time functionality into lib/wallclock and lib/time 2018-06-28 13:01:54 -04:00
Nick Mathewson
bdea94a665 Move floating-point math functions into a new lib/math 2018-06-28 12:24:45 -04:00
Nick Mathewson
6178a9f758 Move compute_num_cpus to lib/thread 2018-06-28 12:08:18 -04:00
Nick Mathewson
042df08693 Move network_init to lib/net 2018-06-28 11:59:16 -04:00
Nick Mathewson
db1a420c4e Move tor_gethostname to lib/net 2018-06-28 11:57:01 -04:00
Nick Mathewson
8c6ff9fec2 Move tor_escape_str_for_pt_args into or/transports.c 2018-06-28 11:49:27 -04:00
Nick Mathewson
30166261bb Move string_is_key_value to lib/encoding 2018-06-28 11:46:32 -04:00
Nick Mathewson
48ebd9bf76 Move weakrng into lib/intmath 2018-06-28 11:39:49 -04:00
Nick Mathewson
aa3edfd205 Move lockfile code into lib/fs 2018-06-28 11:33:50 -04:00
Nick Mathewson
84b8dfe635 Move socket-errno code into lib/net 2018-06-28 11:20:31 -04:00
Nick Mathewson
315e6b59dd Extract process-management functionality into a new lib/process
Note that procmon does *not* go here, since procmon needs to
integrate with the event loop.
2018-06-28 11:18:13 -04:00
Nick Mathewson
ec4eee6356 Fix the include paths for storagedir,conffile (automated) 2018-06-28 09:42:33 -04:00
Nick Mathewson
a1f3ece16d Move conffile and storagedir to lib/fs 2018-06-28 09:38:17 -04:00
Nick Mathewson
38fd3e0df0 Fix up the modules that include memarea.h (automated) 2018-06-28 09:25:58 -04:00
Nick Mathewson
eee86e627b Extract memarea into its own library 2018-06-28 09:25:18 -04:00
Nick Mathewson
9cf335c9a5 Extract threading code into a new library.
Note that the workqueue code does *not* go here: it is logically at
a higher level, since it needs to use libevent and the networking
stack.
2018-06-28 09:14:42 -04:00
Nick Mathewson
544ab27a94 Extract the alert-socket code into lib/net.
This code was in compat_threads, since it was _used_ for efficiently
notifying the main libevent thread from another thread.  But in
spite of its usage, it's fundamentally a part of the network code.
2018-06-28 08:49:07 -04:00
Nick Mathewson
0b7452eeb2 rectify include paths (automatic) for confline.h 2018-06-27 16:59:56 -04:00
Nick Mathewson
b9b44bf000 Move confline.c to lib/encoding: it is about encoding key-value pairs
Also, move "unescape_string()" to encoding too, since it's about
encoding data as C strings.
2018-06-27 16:59:56 -04:00
Nick Mathewson
696f6f1569 Split confline into confline and conffile.
The "conffile" module knows about includes and filesystem access,
whereas confline doesn't.  This will make it possible to put these
functions into libraries without introducing a cycle.
2018-06-27 16:59:56 -04:00
Nick Mathewson
0a9d8dcf2b Move hex_str to binascii.c 2018-06-27 16:59:56 -04:00
Nick Mathewson
194a34cdc2 Extract time encoding functions into lib/encoding 2018-06-27 16:59:56 -04:00
Nick Mathewson
235ddb15a0 Move util_format into a new libtor-encoding library
libtor-encoding is about various ways to transform data to and from
character sequences.
2018-06-27 16:18:42 -04:00
Nick Mathewson
3cff3e825a Move several address-string-testing functions to address.c 2018-06-27 16:18:42 -04:00
Nick Mathewson
e165c9c304 Move various mem* functions to lib/string 2018-06-27 16:18:42 -04:00
Alex Xu (Hello71)
614a78ddaa Fix Rust cross compilation. 2018-06-27 14:42:06 -05:00
Nick Mathewson
9e592d1dec Move tor_strtok_r to libtor-string 2018-06-27 15:28:55 -04:00
Nick Mathewson
4d81f5211b Move set/get_uint*() to inline functions in arch/bytes.h
Also move our ntohll/htonll functions.
2018-06-27 15:28:44 -04:00
Nick Mathewson
000de2f2ac Merge branch 'fs_refactor' 2018-06-27 14:45:17 -04:00
Nick Mathewson
2113603718 Merge branch 'sandbox_refactor' 2018-06-27 14:45:14 -04:00
Nick Mathewson
b9b05e437d Merge branch 'net_refactor' 2018-06-27 12:52:31 -04:00
Nick Mathewson
300e3bebd1 Merge branch 'ticket26494' 2018-06-27 12:47:08 -04:00
Nick Mathewson
3d606dddb9 fixup! Move format_win32_error into lib/log/ 2018-06-27 12:35:48 -04:00
Nick Mathewson
1e2e0f7e46 Extract functions from compat.c and util.h into a new fs library 2018-06-27 12:30:11 -04:00
Nick Mathewson
3246c114a2 Move format_win32_error into lib/log/ 2018-06-27 12:30:11 -04:00
David Goulet
3f8a12a63a control: Make HSPOST properly parse HSADDRESS= param
For HSv3, the HSADDRESS= wasn't properly parsed for the HSPOST command. It now
correctly use it and furthermore sends back a "200 OK" in case the command is
successful for a v3 descriptor.

Fixes #26523

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-06-27 12:25:24 -04:00
Nick Mathewson
356f59b1bd Move read/write_all_to_socket into lib/net. 2018-06-27 12:01:11 -04:00
Nick Mathewson
67135ca8e0 Split read_all and write_all into separate functions 2018-06-27 10:47:42 -04:00
Nick Mathewson
05040a9e84 Minimize and permit sandbox includes from crypto_ops. 2018-06-27 10:12:39 -04:00
Nick Mathewson
ad24ccd472 Minimize includes from sandbox.c 2018-06-27 10:11:27 -04:00
Nick Mathewson
55b7939367 Fix up include paths for sandbox.h (automated) 2018-06-27 10:04:41 -04:00
Nick Mathewson
bee580ddba Move sandbox code into a new library. 2018-06-27 10:04:17 -04:00
Nick Mathewson
0742b38725 Revert "Use the "commands" argument of AC_CONFIG_FILES to make scripts +x"
This reverts commit 56c1fbf33f.
2018-06-27 09:53:46 -04:00
Nick Mathewson
d893be190f rectify include paths (automatic) for address.h 2018-06-27 09:13:04 -04:00
Nick Mathewson
3930416dec Link GetAdaptersAddresses, rather than loading it on-demand.
This function has been present since Windows XP.
2018-06-27 09:12:57 -04:00
Nick Mathewson
42b3caa6ad Move network code to libtor-net.
There are some additional changes to come: those points are marked
by XXXX.
2018-06-27 09:08:35 -04:00
Nick Mathewson
80730c45e0 Move tor_parse_long and friends into parse_int.h in libtor-string 2018-06-26 21:02:29 -04:00
Nick Mathewson
7159edf909 Move the escape-for-log code into src/lib/log
It doesn't need anything higher-level, and everything that needs the
logs potentially needs this.
2018-06-26 20:51:17 -04:00
Nick Mathewson
5f41bc91c6 Merge branch 'ticket26439' 2018-06-26 17:02:06 -04:00
Nick Mathewson
ebbb0348dc Finish renaming digestset_contains to digestset_probably_contains
Since bloom filters are probabilistic, it's nice to make it clear
that the "contains" operation can have false positives.
2018-06-26 13:27:50 -04:00
Nick Mathewson
bf89278c79 Refactor bloom filter logic not to be digest-specific.
Now the address-set code and the digest-set code share the same
backend.

Closes ticket 26510
2018-06-26 13:27:23 -04:00
Nick Mathewson
82a7343b06 fixup! Extract core part of smartlist code into its own library. 2018-06-26 12:21:35 -04:00
Nick Mathewson
6e2b6a6685 fixup! Extract core part of smartlist code into its own library. 2018-06-26 12:18:49 -04:00
Nick Mathewson
d7bd8cf3b6 Use raw_assert directly in smartlist_core
I had previously added a "#define tor_assert raw_assert" here, to
make code movement in the previous commit more clear.
2018-06-26 12:16:04 -04:00
Nick Mathewson
b1de1e7a77 Extract core part of smartlist code into its own library.
The smartlist_core library now contains only the parts of smartlists
that are needed for the logging library.  This resolves the
circularity between "container" and "log".

The "containers" library still uses the logging code, and has the
higher-level smartlist functions.
2018-06-26 12:13:23 -04:00
Nick Mathewson
58fc42fdce Fix comments in lib/container/*.c 2018-06-26 11:33:53 -04:00
Nick Mathewson
92d8284a97 Merge branch 'log_dependencies' 2018-06-26 11:27:33 -04:00
Nick Mathewson
cf0597c3b2 Bump version to 0.3.4.3-alpha-dev 2018-06-26 09:12:23 -04:00
rl1987
240f33e327 Generate trunnel impls and include into build 2018-06-26 12:37:33 +03:00
rl1987
adbe6a2521 Copy socks5.trunnel from trunnel examples dir 2018-06-26 12:37:33 +03:00
Nick Mathewson
b556894ef2 Include stdio.h in torerr.c. 2018-06-25 16:52:14 -04:00
Nick Mathewson
6c836b9e8c Bump to 0.3.4.3-alpha. 2018-06-25 14:07:23 -04:00
Nick Mathewson
b059c38d8a Merge branch 'maint-0.3.4' 2018-06-25 13:50:37 -04:00
Corey Farwell
e62582e9fe Run rustfmt on 'src/rust/protover/ffi.rs'. 2018-06-25 08:03:04 -04:00
Corey Farwell
6d2e4dea10 Utilize type param in method invocation. 2018-06-24 22:45:07 -04:00
Corey Farwell
59d4505749 Utilize if..else for switching on boolean values. 2018-06-24 22:44:36 -04:00
Roger Dingledine
04b350b476 better log line for debugging #26485 2018-06-24 18:14:24 -04:00
Roger Dingledine
73ae92dc52 we've never been good at using "directory" well as a noun 2018-06-24 18:08:24 -04:00
Nick Mathewson
d85fbc9a58 Add some casts to get test_dir.c compiling on windows.
Fixed bug 26479.  Bug introduced by 0a6f4627a4292e4; bug not in any
released version.
2018-06-24 14:06:39 -04:00
Nick Mathewson
3cc0a145bd Fix test_geoip failures on windows by writing file in binary mode.
Fixes bug 26480; bug appeared when we re-enabled the geoip tests on
windows.  Bug originally introduced by our fix to 25787; bug not in
any released Tor.
2018-06-24 14:06:05 -04:00
Corey Farwell
94880b2db7 Utilize if let construct instead of explicit unwrapping. 2018-06-24 10:16:11 -04:00
Corey Farwell
7e9c37f9cb Change allocate_and_copy_string to take a &str instead of &String. 2018-06-24 08:58:26 -04:00
Alexander Færøy
8ec6b36dca Fix memory leak in test_sr_setup_commits().
This patch fixes a memory leak in test_sr_setup_commits() where the
place_holder is allocated, but never freed again.

See: Coverity CID 1437440.
2018-06-23 13:11:03 +02:00
Alexander Færøy
3395de51a0 Fix memory leak in disk_state_parse_commits().
This patch fixes a memory leak in disk_state_parse_commits() where if
commit is NULL, we continue the internal loop, but without ever freeing
the args variable.

See: Coverity CID 1437441.
2018-06-23 13:10:57 +02:00
Alexander Færøy
dcbfee246f Fix memory leak in frac_nodes_with_descriptors().
This patch fixes a memory leak in frac_nodes_with_descriptors() where
we might return without free'ing the bandwidths variable.

See: Coverity CID 1437451.
2018-06-23 13:10:29 +02:00
Alexander Færøy
a2e623f631 Fix memory leak in helper_add_hsdir_to_networkstatus().
This patch fixes a memory leak in helper_add_hsdir_to_networkstatus()
where the rs object might not get properly freed.

See: Coverity CID 1437427.
2018-06-23 13:07:56 +02:00
Alexander Færøy
8e805bf0f6 Fix memory leak in new_establish_intro_cell().
This patch fixes a memory leak in new_establish_intro_cell() that could
happen if a test assertion fails and the *cell_out value isn't properly
free'd.

See: Coverity CID 1437445
2018-06-23 13:07:56 +02:00
Alexander Færøy
8550016e6f Fix memory leak in test_channelpadding_consensus().
The relay variable is always allocated, but might not be freed before we
return from this function.

See: Coverity CID 1437431
2018-06-23 12:52:04 +02:00
Alexander Færøy
c997d49ad6 Fix memory link in test_link_specifier().
This patch fixes a memory leak in test_link_specifier() where ls might
not get freed in case one of the test macros fails.

See: Coverity CID 1437434.
2018-06-23 12:39:20 +02:00
Alexander Færøy
3d80c086be Fix memory leak in decode_link_specifiers().
This patch fixes a memory leak in decode_link_specifiers() where the
hs_spec variable might leak if the default label is taken in the
switch/case expression.

See: Coverity CID 1437437.
2018-06-23 11:54:36 +02:00
Alexander Færøy
d86c45bf5c Fix memory leak in client_likes_consensus().
This patches fixes a memory leak in client_likes_consensus() where if
consensus_cache_entry_get_voter_id_digests() would fail we would return
without having free'd the voters list.

See: Coverity CID 1437447
2018-06-23 10:33:40 +02:00
Alexander Færøy
dc2384da30 Fix potential memory leak in hs_helper_build_hs_desc_impl().
This patch fixes a memory leak in hs_helper_build_hs_desc_impl() where
if a test assertion would fail we would leak the storage that `desc`
points to.

See: Coverity CID 1437448
2018-06-23 10:27:10 +02:00
Alexander Færøy
ce5d055ed7 Fix memory leak in pick_hsdir_v3().
This patch fixes a memory leak in pick_hsdir_v3() where we might return
early, but forgot to free the responsible_hsdirs variable. We solve this
by not allocating storage for responsible_hsdirs until it's actually
needed.

See: Coverity CID 1437449
2018-06-23 03:40:32 +02:00
Alexander Færøy
1724f995c7 Fix potential memory leak in test_hs_auth_cookies().
This patch fixes a potential memory leak in test_hs_auth_cookies() if a
test-case fails and we goto the done label where no memory clean up is
done.

See: Coverity CID 1437453
2018-06-23 03:17:09 +02:00
Alexander Færøy
8c8941eb29 Fix potential memory leak in hs_helper_build_intro_point().
This patch fixes a potential memory leak in
hs_helper_build_intro_point() where a `goto done` is called before the
`intro_point` variable have been assigned to the value of the `ip`
variable.

See: Coverity CID 1437460
See: Coverity CID 1437456
2018-06-23 02:29:54 +02:00
Nick Mathewson
1b93b065fc Make an inline static so we can build with coverage enabled. 2018-06-22 14:11:37 -04:00
Nick Mathewson
405fa42e8a Another windows include 2018-06-22 13:52:30 -04:00
Nick Mathewson
4b32446a4c We also need torerr in tm_cvt. 2018-06-22 13:34:35 -04:00
Nick Mathewson
145665abcb Add another include for windows, and change a log to a raw_assert 2018-06-22 13:33:48 -04:00
Nick Mathewson
76a717890e Remove an "m" that did not belong. 2018-06-22 13:32:47 -04:00
Nick Mathewson
4118ba67db Update the micro-revision.i dependencies, and add a stdlib.h 2018-06-22 13:25:58 -04:00
Nick Mathewson
cf66544941 Two more small changes for CI. 2018-06-22 13:10:52 -04:00
Nick Mathewson
7aecea79cb A pair of missing includes. 2018-06-22 12:53:57 -04:00
Nick Mathewson
b0adf2fc9b Fix up the rust build script library list. 2018-06-22 12:04:11 -04:00
Nick Mathewson
bcf3e546d1 Move util_bug into libtor-log 2018-06-22 11:54:38 -04:00
Nick Mathewson
6fc2d53227 Remove util_bug dependency on compat.h 2018-06-22 11:51:58 -04:00
Nick Mathewson
7a93ce8f63 Update .gitignore and .may_include files 2018-06-22 11:46:44 -04:00
Nick Mathewson
79f73ab330 Finally extract the log library and make it build.
This patch:
  - introduces an fdio module for low-level fd functions that don't
    need to log.
  - moves the responsibility for opening files outside of torlog.c,
    so it won't need to call tor_open_cloexec.
2018-06-22 11:40:20 -04:00
Nick Mathewson
90a09df5ba Extract strlcpy and strlcmp to libtor-string 2018-06-22 11:18:19 -04:00
Nick Mathewson
bfb39164ce Extract core part of gmtime_r, localtime_r (without logging) 2018-06-22 11:17:11 -04:00
Nick Mathewson
b2d4e786b7 Remove the util_bug.h include from smartlist.h.
This change makes a whole bunch of things in torlog.c break, since
apparently I did not find all the fd dependencies.
2018-06-22 10:50:14 -04:00
Nick Mathewson
da4ae8a6b6 Automated fixup of include paths after torlog.h movement. 2018-06-22 10:32:10 -04:00
Nick Mathewson
97b15a1d7c Extract the locking and logging code
The locking code gets its own module, since it's more fundamental
than the higher-level locking code.

Extracting the logging code was the whole point here. :)
2018-06-22 10:31:51 -04:00
Nick Mathewson
2cf033f238 Extract simple integer math into its own module 2018-06-22 09:49:13 -04:00
Nick Mathewson
3883338c81 Move smartlist_add_{v,}asprintf into smartlist.[ch]
Now that I know that "strings" nests below "container", I know this
is safe.
2018-06-22 09:49:13 -04:00
Nick Mathewson
1abadee3fd Extract key string manipulation functions into a new library. 2018-06-22 09:49:13 -04:00
Nick Mathewson
1e07b4031e Move ARRAY_LENGTH to compiler_compat.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
0932f32291 Remove compat.h as unneeded from log.c and torlog.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
9426751b72 Extract our code for answering "what time is it right now".
The other time stuff is higher-level
2018-06-22 09:49:13 -04:00
Nick Mathewson
d1cada5a8a Update permissible includes 2018-06-22 09:49:13 -04:00
Nick Mathewson
c2a558a346 Expunge container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
de508c5f50 Extract smartlist.h from container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
9cf6fc91b1 Remove map from container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
50a5954003 Remove bloom filters, order statistics, and bitarrays from container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
932b4d0a43 Remove container->crypto dependency
Containers were using crypto_digest.h, just to see the value of
DIGEST_LEN.  Moved those constants into a new defs module.
2018-06-22 09:49:13 -04:00
Nick Mathewson
479c2ab503 Move STRUCT_VAR_P to compat_compiler. 2018-06-22 09:49:13 -04:00
Nick Mathewson
657ff55408 Split container.c based on container types, and minimize includes
Minimizing includes revealed other places includes were necessary.
2018-06-22 09:49:13 -04:00
Nick Mathewson
b8be8265b6 Rectify include paths after container split (automatic) 2018-06-22 09:49:13 -04:00
Nick Mathewson
77dff00b18 Refactor container into a library. 2018-06-22 09:49:13 -04:00
Taylor Yu
d935aceb2b Use correct CARGO_HOME in test_rust.sh
Out-of-tree builds could fail to run the rust tests if built in
offline mode.  cargo expects CARGO_HOME to point to the .cargo
directory, not the directory containing .cargo.

Fixes bug 26455; bug not in any released tor.
2018-06-21 18:20:03 -05:00
Nick Mathewson
f95e3bf5fc Simplify include structure of container.[ch] 2018-06-21 15:33:25 -04:00
Nick Mathewson
e066966bf4 Extract tor_malloc and friends to a new module. 2018-06-21 15:20:01 -04:00
Nick Mathewson
56c1fbf33f Use the "commands" argument of AC_CONFIG_FILES to make scripts +x
Closes ticket 26439.
2018-06-21 14:26:47 -04:00
Nick Mathewson
8dcc015975 Fix wide lines in dirauth/dirvote.* 2018-06-21 14:23:32 -04:00
Nick Mathewson
999f7984e1 New script to check includes for modularity violations
Includes configuration files to enforce these rules on lib and
common.  Of course, "common" *is* a modularity violation right now,
so these rules aren't as strict as I would like them to be.
2018-06-21 14:05:33 -04:00
Nick Mathewson
8918bd90e9 Merge branch 'extract_easy_common_libs' 2018-06-21 13:57:13 -04:00
Nick Mathewson
3305ae5044 Rectify include paths (automated).
You have no idea how glad I am that this is automated.
2018-06-21 13:20:07 -04:00
Nick Mathewson
5b8f4769dc Move testsupport.h to its own directory 2018-06-21 13:20:07 -04:00
Nick Mathewson
e9943d5459 Move responsibility for libdonna out of src/common 2018-06-21 13:19:00 -04:00
Nick Mathewson
71571e3428 Additional non-automated change to trunnel-local.h 2018-06-21 13:19:00 -04:00
Nick Mathewson
accf239fa3 Rectify include paths (automated) 2018-06-21 13:19:00 -04:00
Nick Mathewson
25ccfff86a Split crypto and tls libraries into directories
I am calling the crypto library "crypt_ops", since I want
higher-level crypto things to be separated from lower-level ones.
This library will hold only the low-level ones, once we have it
refactored.
2018-06-21 13:14:14 -04:00
Nick Mathewson
49d7c9ce53 Move more compiler-compatibility stuff into compat_compiler.h 2018-06-21 13:14:14 -04:00
Nick Mathewson
68bbe915d9 di_ops.c does not actually log anything. 2018-06-21 13:14:14 -04:00
Nick Mathewson
fa5fda5bbf Rectify include paths (automated) 2018-06-21 13:14:14 -04:00
Nick Mathewson
cd8f919553 Move compiler-compatibility headers into their own module
This one has no generated code.
2018-06-21 13:14:14 -04:00
Nick Mathewson
d2f4a716e8 Remove unused pubsub module. 2018-06-21 13:14:14 -04:00
Nick Mathewson
209a285166 Rectify include paths (automated) 2018-06-21 13:14:14 -04:00
Nick Mathewson
4bdda6d05f Move trace into its own library in libs.
Apparently it has no testing variant.
2018-06-21 13:14:14 -04:00
Nick Mathewson
03d7812615 Make sure liberr-testing is build with testing flags. 2018-06-21 13:14:14 -04:00
Nick Mathewson
b420da4cf8 Rectify include paths (automated) 2018-06-21 13:14:14 -04:00
Nick Mathewson
2d20cbf837 Extract compression functions into a new library. 2018-06-21 13:08:25 -04:00
Roger Dingledine
471418befb tiny comment and whitespace fixes 2018-06-21 13:07:51 -04:00
Nick Mathewson
ad7776f66d Rename libtor.a to libtor-app.a 2018-06-21 11:03:39 -04:00
Nick Mathewson
727db7aeb9 Rectify include paths (automated) 2018-06-21 11:03:39 -04:00
Nick Mathewson
a403ee6bb3 Move consttime library code into its own directory. 2018-06-21 11:03:39 -04:00
Nick Mathewson
275aff6917 Rectify include paths (automated) 2018-06-21 10:47:11 -04:00
Nick Mathewson
2cfcb7b364 Extract error functionality into a new lowest-level library. 2018-06-21 10:47:11 -04:00
Nick Mathewson
b2346b1201 Refactor makefiles to keep list of internal libraries in one place.
This change makes it possible for us to change the list of libraries
more easily, without changing every single linker line.
2018-06-21 10:35:30 -04:00
Nick Mathewson
da728e36f4 Rectify include paths (automated) 2018-06-21 09:55:16 -04:00
Nick Mathewson
874ba6861a Fix distcheck by naming header properly. 2018-06-21 09:37:32 -04:00
Nick Mathewson
2ad062ee60 Merge branch 'mikeperry_bug26214-rebased_squashed' 2018-06-21 09:20:03 -04:00
Mike Perry
46b06cd699 Bug 26214: Test updates. 2018-06-21 09:18:51 -04:00
Mike Perry
dc397f9a61 Bug 26214: Check stream SENDME against max. 2018-06-21 09:18:51 -04:00
Nick Mathewson
92ae9bb95b Hang on; this branch is supposed to be 0.3.4.2-alpha-dev. 2018-06-21 09:01:00 -04:00
Nick Mathewson
c42071f750 Merge branch 'maint-0.3.4' 2018-06-21 08:59:58 -04:00
Nick Mathewson
e845bd17f8 Merge branch 'bug25787_squashed' into maint-0.3.4 2018-06-21 08:56:27 -04:00
Nick Mathewson
cacf326e78 Revise geoip tests to not require paths of actual geoip config
When I wrote the first one of these, it needed the path of the geoip
file.  But that doesn't translate well in at least two cases:

   - Mingw, where the compile-time path is /c/foo/bar and the
     run-time path is c:\foo\bar.

   - Various CI weirdnesses, where we cross-compile a test binary,
     then copy it into limbo and expect it to work.

Together, these problems precluded these tests running on windows.

So, instead let's just generate some minimal files ourselves, and
test against them.

Fixes bug 25787
2018-06-21 08:56:20 -04:00
Nick Mathewson
27e456cd72 Merge remote-tracking branch 'rl1987/ticket19979_2' 2018-06-21 08:53:48 -04:00
Nick Mathewson
72a5ae8c66 Merge branch 'maint-0.3.4' 2018-06-21 08:38:21 -04:00
Nick Mathewson
73bc863822 Merge branch 'additional_rust_test_fixes' into maint-0.3.4 2018-06-21 08:38:17 -04:00
Nick Mathewson
683776bfab Merge branch 'maint-0.3.4' 2018-06-21 08:36:48 -04:00
Nick Mathewson
c389c41292 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-21 08:36:48 -04:00
Nick Mathewson
599b53f046 add a bn.h include to crypto_dh.c 2018-06-21 08:34:27 -04:00
Roger Dingledine
7b1a3c5164 fix memory leak in protover.c
Fix a memory leak where directory authorities would leak a chunk of
memory for every router descriptor every time they considered voting.

This bug was taking down directory authorities in the live network due
to out-of-memory issues.

Fixes bug 26435; bugfix on 0.3.3.6.
2018-06-20 19:43:58 -04:00
Nick Mathewson
01d0bf1803 add build.rs to EXTRA_DIST 2018-06-20 19:32:01 -04:00
Nick Mathewson
8f3712cf6e eol@eof is still the law in 0.3.4 :( 2018-06-20 19:05:11 -04:00
Nick Mathewson
d110f9c9a6 Add a leak suppression for backtrace_alloc
This appears to be an internal rust thing: I don't know why it's
leaking.  We should investigate further.
2018-06-20 18:02:49 -04:00
Nick Mathewson
3b606ff787 Merge branch 'maint-0.3.4' into additional_rust_test_fixes 2018-06-20 17:53:51 -04:00
Nick Mathewson
f24797a587 Merge branch 'maint-0.3.4' 2018-06-20 17:49:56 -04:00
Nick Mathewson
f91ea506f0 Fix clang warnings introduced by 9f2b887c5d 2018-06-20 17:49:06 -04:00
Nick Mathewson
3a64052099 Fix memory leak in CryptoDigest type
If you're owning a C pointer, you need to implement Drop.
2018-06-20 17:28:28 -04:00
Nick Mathewson
592e8ac395 Disable doctests in src/rust/crypto module.
These all need C linking to work, and so far, rustdoc does not seem
to respect cargo setting about build scripts or RUSTOPTIONS.
2018-06-20 17:16:44 -04:00
Nick Mathewson
901ada7e5f Fix bugs in rust digest tests 2018-06-20 17:08:00 -04:00
Nick Mathewson
e99ecf9399 Merge branch 'rust_build_script_v3' into additional_rust_test_fixes 2018-06-20 17:07:47 -04:00
Nick Mathewson
398f15bdf1 Merge branch 'maint-0.3.4' 2018-06-20 16:37:39 -04:00
Isis Lovecruft
7589fd6d40 rust: Remove --all-features flag from cargo test call in test_rust.sh.
We'd like to feature gate code that calls C from Rust, as a workaround
to several linker issues when running `cargo test` (#25386), and we
can't feature gate anything out of test code if `cargo test` is called
with `--all-features`.

 * FIXES #26400: https://bugs.torproject.org/26400
2018-06-20 16:37:33 -04:00
Nick Mathewson
c86850c4c9 Don't use any asserts(), even raw, in format_number_sigsafe().
Also explain why.
2018-06-20 16:16:45 -04:00
Nick Mathewson
057d838409 Use raw_assert() in write_all().
This makes tor_log() finally non-circular.
2018-06-20 16:16:45 -04:00
Nick Mathewson
7a2dce9006 Use raw_assert() in central allocation functions.
This is, again, to avoid circularity in the log code.
2018-06-20 16:16:45 -04:00
Nick Mathewson
17ba51a30a Use raw_assert in mutex functions to avoid circularity in logs. 2018-06-20 16:16:45 -04:00
Nick Mathewson
bb15dc1ebd Allow raw_assert() to dump stack traces.
It doesn't do this as beautifully as tor_assert(), but it doesn't
depend on any higher-level code.
2018-06-20 16:16:45 -04:00
Nick Mathewson
a969ce464d Remove log dependency from backtrace.[ch] 2018-06-20 16:16:45 -04:00
Nick Mathewson
3246c9648c Use compat_compiler to restore macros in torerr.h 2018-06-20 15:08:06 -04:00
Nick Mathewson
aa490e971b Split compiler-compatibility parts of compat.h 2018-06-20 15:08:06 -04:00
Nick Mathewson
5ecd1fec15 Move horrible-emergency handling into torerr.[ch]
Previously we had code like this for bad things happening from
signal handlers, but it makes sense to use the same logic to handle
cases when something is happening at a level too low for log.c to be
involved.

My raw_assert*() stuff now uses this code.
2018-06-20 15:08:06 -04:00
Nick Mathewson
8865972a0b Use raw_assert in tor_gettimeofday
We don't want to actually be calling logs when gettimeofday() fails,
since we need gettimeofday() to log.
2018-06-20 10:42:06 -04:00
Nick Mathewson
90aeaa53cd Remove all use of the assert.h header
Nothing in Tor has actually called assert() for some while.
2018-06-20 10:39:07 -04:00
Nick Mathewson
ae01864b5d Add raw_assert() variants for cases where we cannot log.
Remove a different raw_assert() macro declared in log.c
2018-06-20 10:36:14 -04:00
Nick Mathewson
9fa73003fc Remove dmalloc support; closes #26426
Dmalloc hasn't seen a release in over a decade, and there are much
better tools to use these days.
2018-06-20 10:21:34 -04:00
Nick Mathewson
0dab29ce10 Run rectify_include_paths.py 2018-06-20 09:35:05 -04:00
Nick Mathewson
257b280776 Simplify AM_CPPFLAGS include setup
We had accumulated a bunch of cruft here.  Now let's only include
src and src/ext.  (exception: src/trunnel is autogenerated code, and
need to include src/trunnel.)

This commit will break the build hard.  The next commit will fix it.
2018-06-20 09:27:04 -04:00
Nick Mathewson
d7301a456a Merge remote-tracking branch 'neel/b25886c' 2018-06-20 08:32:34 -04:00
Nick Mathewson
e9c93a3415 Merge branch 'maint-0.3.4' 2018-06-20 08:29:52 -04:00
Nick Mathewson
0a6f4627a4 eol@eof in test-dir.c 2018-06-20 08:29:38 -04:00
Nick Mathewson
fb0019daf9 Update copyrights to 2018. 2018-06-20 08:13:28 -04:00
Nick Mathewson
11a76b903b Merge branch 'maint-0.3.4' 2018-06-20 08:05:07 -04:00
Nick Mathewson
7b9cd5cca5 Merge branch 'asn_bug24977_final_squashed' into maint-0.3.4 2018-06-20 08:02:27 -04:00
George Kadianakis
b7b7dab00d Recreate nodelist before use if it's outdated.
We currently only do the check when we are about to use the HSDir indices.
2018-06-20 08:01:02 -04:00
George Kadianakis
a686464420 Recreate voting schedule before use if it's outdated. 2018-06-20 08:01:02 -04:00
Nick Mathewson
334edc22d1 Merge branch 'maint-0.3.4' 2018-06-20 07:55:15 -04:00
Isis Lovecruft
4971d7afa6 rust: Remove redundant "testing" feature from tor_log crate.
It was synonymous with the builtin "test" feature.

 * FIXES #26399: https://bugs.torproject.org/26399
2018-06-20 07:55:12 -04:00
Nick Mathewson
5acbcf150e Merge branch 'maint-0.3.4' 2018-06-20 07:53:22 -04:00
rl1987
9054ccb36b Enable DEBUG_SMARTLIST in unit tests 2018-06-20 07:49:41 -04:00
rl1987
7bb3777dfb Refrain from accessing empty smartlist in test_bridges_clear_bridge_list
Just check that smartlist length is zero instead
2018-06-20 07:49:41 -04:00
Nick Mathewson
152e4a1e50 Merge branch 'maint-0.3.4' 2018-06-20 07:35:17 -04:00
Nick Mathewson
ac1747e47f Merge remote-tracking branch 'catalyst-github/bug26415_034' into maint-0.3.4 2018-06-20 07:35:13 -04:00
Nick Mathewson
b63d6984a6 Merge branch 'maint-0.3.4' 2018-06-19 19:10:28 -04:00
Alexander Færøy
e309aa4c8c Fix linker errors when building Tor.
This patch fixes linking errors when compiling Tor with the dirauth
module disabled.

See: https://bugs.torproject.org/26418
2018-06-19 23:10:12 +02:00
Taylor Yu
bfd36177c4 Fix compilation of Rust crypto doctests
The doctests for src/rust/crypto don't compile for multiple reasons,
including some missing exports and incorrect identifier paths.  Fixes
bug 26415; bugfix on 0.3.4.1-alpha.
2018-06-19 13:53:26 -05:00
rl1987
5af29fbb63 When possible, use RFC5869 HKDF implementation from OpenSSL
Also, stop supporting empty HKDF input key material
2018-06-19 19:26:31 +03:00
Nick Mathewson
bd9ebb3763 Use a rust build script to set linker options correctly for tests.
We need this trick because some of our Rust tests depend on our C
code, which in turn depend on other native libraries, which thereby
pulls a whole mess of our build system into "cargo test".

To solve this, we add a build script (build.rs) to set most of the
options that we want based on the contents of config.rust.  Some
options can't be set, and need to go to the linker directly: we use
a linker replacement (link_rust.sh) for these.  Both config.rust and
link_rust.sh are generated by autoconf for us.

This patch on its own should enough to make the crypto test build,
but not necessarily enough to make it pass.
2018-06-19 12:01:13 -04:00
Nick Mathewson
f3267741e4 Merge branch 'maint-0.3.4' 2018-06-18 17:09:03 -04:00
Nick Mathewson
d27745d81d Remove duplicate MODULE_DIRAUTH_SOURCES from libtor_testing.a
This was already added to LIBTOR_A_SOURCES; it doesn't need to get
added again.

Fixes bug 26402. Bugfix on 0.3.4.1-alpha.
2018-06-18 17:07:27 -04:00
Nick Mathewson
5879909826 Revert "Remove duplicate MODULE_DIRAUTH_SOURCES from libtor_testing.a"
This reverts commit 70d91bd059.
2018-06-18 17:06:18 -04:00
Nick Mathewson
70d91bd059 Remove duplicate MODULE_DIRAUTH_SOURCES from libtor_testing.a
This was already added to LIBTOR_A_SOURCES; it doesn't need to get
added again.

Fixes bug 26402. Bugfix on 0.3.4.1-alpha.
2018-06-18 17:03:52 -04:00
Nick Mathewson
29982e5190 Remove redundant typedefs from _st.h files
The typedefs are already in or.h
2018-06-18 16:05:36 -04:00
David Goulet
a8e76f3824 test: Add missing headers in test_controller.c
After the big or.h refactoring, one single unit test file was missing two
headers for node_t and microdesc_t.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-06-18 15:07:30 -04:00
Isis Lovecruft
508332feaf
rust: Add "test-c-from-rust" feature-gate.
Due to linker issues (#25386) when testing Rust code which calls C,
all tests which touch FFI code should now be feature-gated behind the
"test-c-from-rust" flag.  To run this test code, cargo must be called
with `cargo test --features="test-c-from-rust"`.

 * FIXES #26398: https://bugs.torproject.org/26398
2018-06-18 18:57:38 +00:00
Nick Mathewson
104c2e9e7e Merge branch 'split_or_h' 2018-06-18 14:18:34 -04:00
Nick Mathewson
bcc1368c77 Merge branch 'maint-0.3.4' 2018-06-18 13:10:47 -04:00
Nick Mathewson
3640c63498 Merge remote-tracking branch 'ffmancera-1/bug24658-dh_stream' 2018-06-17 20:39:13 -04:00
Nick Mathewson
16dd2f7bb0 Merge remote-tracking branch 'rl1987/bug25477' 2018-06-17 20:25:40 -04:00
Nick Mathewson
5746e210b8 Merge remote-tracking branch 'rl1987/feature8323_squashed2' 2018-06-17 20:20:15 -04:00
Nick Mathewson
d5e4b6983f Merge remote-tracking branch 'rl1987/bug26282' 2018-06-17 19:32:08 -04:00
Nick Mathewson
987174cc6f Merge remote-tracking branch 'github/bug26152_035' 2018-06-17 19:28:59 -04:00
Nick Mathewson
e6aa2d526e Changes to make the rust crypto::mod tests compile
The digest tests don't link yet, though.
2018-06-16 13:22:44 -04:00
Nick Mathewson
8184f45ad9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-16 13:10:19 -04:00
Nick Mathewson
ccf1eb3164 Fix a bug in my fix for #26258
The fix here is use a different bourne shell subsitution for
CARGO_ONLINE, so that an empty string counts as set.
2018-06-16 13:08:40 -04:00
Nick Mathewson
71ddfbaadd Merge remote-tracking branch 'isis/bug26267' into maint-0.3.4 2018-06-16 12:43:28 -04:00
Neel Chauhan
9d7f148885 Make frac_nodes_with_descriptors() take and use for_direct_connect 2018-06-16 11:27:28 -04:00
Nick Mathewson
97cc61e947 Merge branch 'maint-0.3.4' 2018-06-16 10:20:27 -04:00
Nick Mathewson
530d67410f Merge remote-tracking branch 'isis/bug26245' into maint-0.3.4 2018-06-16 10:19:26 -04:00
Nick Mathewson
8c1e2d7557 Merge branch 'maint-0.3.4' 2018-06-16 10:15:39 -04:00
Isis Lovecruft
748a0c7d0b
rust: Remove unused N_DIGEST_ALGORITHMS constant from crypto_digest.rs.
In the C code, this constant is only ever used in src/test/bench.c.

 * FIXES part of #26245: https://bugs.torproject.org/26245
2018-06-15 23:22:43 +00:00
Isis Lovecruft
d5a9b77a28
rust: Add comment and pragma on "unused" smartlist_t type.
* FIXES part of #26245: https://bugs.torproject.org/26245
2018-06-15 22:49:39 +00:00
Taylor Yu
468bf58fa2 Make Rust warnings conditionally fatal
Set rustc flags to treat warnings as fatal if configured with
--enable-warnings.
2018-06-15 17:27:19 -05:00
Isis Lovecruft
ac5b1428ea
rust: Expose rand module from crypto crate. 2018-06-15 21:44:22 +00:00
Nick Mathewson
e22822e4ae Bump master to 0.3.5.0-alpha-dev 2018-06-15 17:19:49 -04:00
Taylor Yu
9dd45456fe Set default-features = false for rand_core
Apparently rand and rand_core need to be built with the "std" feature
set consistently, or there will be a compile error in rngs/jitter.rs.
2018-06-15 15:19:16 -05:00
Nick Mathewson
7dbe504f3e Move hsdir_index_t into its own header. 2018-06-15 15:41:27 -04:00
Nick Mathewson
3191ba389d Move extend_info_t into its own header. 2018-06-15 15:37:05 -04:00
Nick Mathewson
fde868ffe3 Extract cell type and their queues into new headers
Since packed_cell and destroy_cell exist only to be queued, they go
in the same headers as the queues.
2018-06-15 15:27:46 -04:00
Nick Mathewson
958df2829a Extract cached_dir_t into a new header. 2018-06-15 15:06:00 -04:00
Nick Mathewson
f85d731e3a Extract download_status_t into its own header. 2018-06-15 14:58:43 -04:00
Nick Mathewson
03fc83ab6d Extract signed_descriptor_t into its own header. 2018-06-15 14:53:07 -04:00
Nick Mathewson
ed0731c7de Extract routerinfo_t into its own header.
I was expecting this to be much worse.
2018-06-15 14:49:46 -04:00
Nick Mathewson
9d6276bca8 Extract microdesc_t into its own header. 2018-06-15 14:38:30 -04:00
Nick Mathewson
def1f20e1f Extract routerstatus_t into its own header. 2018-06-15 14:33:03 -04:00
Nick Mathewson
00f1d1653e Extract extrainfo_t into its own header 2018-06-15 14:21:25 -04:00
Nick Mathewson
1e4e9db815 Extract authority_cert_t into its own header 2018-06-15 14:14:11 -04:00
Nick Mathewson
b8ae4111e3 Extract desc_store_t and routerlist_t into their own headers. 2018-06-15 14:07:17 -04:00
Nick Mathewson
62315dab84 Extract ns_detached_signatures_st into its own header. 2018-06-15 13:49:30 -04:00
Nick Mathewson
50369f8981 Extract networkstatus_t and ..sr_info_t into their own headers 2018-06-15 13:45:15 -04:00
Nick Mathewson
89aefb0319 Extract networkstatus_vote_info_t into its own header. 2018-06-15 13:31:47 -04:00
Nick Mathewson
80c9e1e585 Move document_signature_t into its own header. 2018-06-15 13:27:11 -04:00
Nick Mathewson
f901ca958a fixup! Extract node_t into its own header. 2018-06-15 13:23:44 -04:00
Nick Mathewson
72d2fd83d8 Split vote_{microdesc_hash,routerstatus}_t into their own headers 2018-06-15 13:23:02 -04:00
Nick Mathewson
d2942d127d Extract node_t into its own header. 2018-06-15 13:13:33 -04:00
Nick Mathewson
8b7df72359 Split socks_request_t into its own header. 2018-06-15 13:01:50 -04:00
Nick Mathewson
ad52fe7e88 Move network_liveness_t into circuitstats.h and make it private
This type is only used in one place and never exposed.
2018-06-15 12:56:54 -04:00
Nick Mathewson
e13f59416c Move measured_bw_line_t into dirserv.h 2018-06-15 12:54:55 -04:00
Nick Mathewson
c9e4ebf96a Move fp_pair_t declaration to fp_pair.h. 2018-06-15 12:52:22 -04:00
Nick Mathewson
f8794b0b36 Move vote_schedule into its own header. 2018-06-15 12:50:07 -04:00
Nick Mathewson
5cdc234330 Split rend_authorized_client_t and encoded_.._t into their own headers 2018-06-15 12:36:59 -04:00
Nick Mathewson
990184da49 Extract rend_intro_point_t into its own header. 2018-06-15 12:23:06 -04:00
Nick Mathewson
22e9c64738 Extract rend_service_descriptor_t into its own header. 2018-06-15 12:18:17 -04:00
Nick Mathewson
7d2d131afa Extract tor_version_t into its own header. 2018-06-15 12:12:15 -04:00
Nick Mathewson
d51de77311 Extract cpath_build_state into its own header.
More modules use this than I had expected!
2018-06-15 12:07:20 -04:00
Nick Mathewson
c846b0e486 Extract crypt_path_reference_t into its own header. 2018-06-15 11:57:48 -04:00
Nick Mathewson
b3f2c682b7 Extract crypt_path_t and relay_crypto_t into their own headers 2018-06-15 11:52:32 -04:00
Nick Mathewson
e0830ff7bf Extract circuit_t into its own header 2018-06-15 11:38:36 -04:00
Nick Mathewson
a0bc164af5 Extract {or,origin}_circuit_t into their own headers 2018-06-15 11:34:33 -04:00
Nick Mathewson
bba998af65 Extract connection_t into its own header.
Now the entire connection_t hierarchy is extracted from or.h
2018-06-15 11:05:56 -04:00
Nick Mathewson
bcc283bcc9 Split or_handshake_{certs,state}_t into their own headers. 2018-06-15 10:56:15 -04:00
Nick Mathewson
19c34b4658 Move or_connection_t to its own header. 2018-06-15 10:48:50 -04:00
Nick Mathewson
6c0fe9d07c Split listener_connection_t into its own header
For once, it's a type that is used almost nowhere else besides the
logical place.
2018-06-15 10:37:33 -04:00
Nick Mathewson
1416f54d1e Split dir_connection_t into its own header 2018-06-15 10:31:21 -04:00
Nick Mathewson
3b917b2408 Split control_connection_t into its own header.
This one was actually fairly simple.
2018-06-15 10:17:27 -04:00
Nick Mathewson
5d5c442e6a Split entry and edge_connection_t into their own headers. 2018-06-15 10:10:24 -04:00
Nick Mathewson
2a574d11ac Move dir_server_t into its own header. 2018-06-14 16:58:01 -04:00
Nick Mathewson
df9a3fe86f Make server_port_cfg_t and port_cfg_t into separate headers. 2018-06-14 16:48:15 -04:00
Nick Mathewson
6896ab28b2 Move entry_port_cfg_t into its own header. 2018-06-14 16:19:11 -04:00
Nick Mathewson
945d871da5 Merge branch 'maint-0.3.3' 2018-06-14 12:50:26 -04:00
Nick Mathewson
71065201dd Merge remote-tracking branch 'public/bug26258_033' into maint-0.3.3 2018-06-14 12:47:09 -04:00
Nick Mathewson
ee860b8f37 squash! Make sure that the test_rust.sh script fails when a test fails
Also make sure that we're actually running the test from within the right
cwd, like we do when we're building.  This seems necessary to avoid
an error when running offline.

Amusingly, it appears that we had this bug before: we just weren't
noticing it, because of bug 26258.
2018-06-13 12:21:25 -04:00
Nick Mathewson
ce692332b8 test_entrynodes: fix a GCC warning
Some versions of GCC complain that the bfn_mock_node_get_by_id
function might return NULL, but we're assuming that it won't.
(We're assuming it won't return NULL because we know in the tests
that we're passing it valid IDs.)

To make GCC happy, tt_assert() that each node_t is set before using
it.

Fixes a second case of bug26269; bugfix on 0.3.0.1-alpha.
2018-06-13 10:45:15 -04:00
Nick Mathewson
015fcd0e11 Fix a GCC "potential null dereference" warning.
Fixes bug 26269; bugfix on c30be5a82d in 0.2.8.2-alpha
2018-06-13 10:34:53 -04:00
Nick Mathewson
ed7b135812 Merge remote-tracking branch 'asn-github/bug26358' 2018-06-13 10:00:37 -04:00
Nick Mathewson
049ba66746 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-13 09:58:05 -04:00
Nick Mathewson
286d02995f Merge branch 'maint-0.3.3' 2018-06-13 09:58:05 -04:00
Nick Mathewson
6017447e3a Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-13 09:58:04 -04:00
Nick Mathewson
94f3007627 Merge branch 'bug26158_031' into maint-0.3.1 2018-06-13 09:58:01 -04:00
Nick Mathewson
1c80eb92fa Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-13 09:57:10 -04:00
Nick Mathewson
76e9de7c6d Merge branch 'maint-0.3.3' 2018-06-13 09:57:10 -04:00
Nick Mathewson
ff70cc84f8 Merge branch 'bug25686_diagnostic_032' into maint-0.3.2 2018-06-13 09:56:17 -04:00
Nick Mathewson
8c8ed91aae Merge remote-tracking branch 'rl1987/bug24891' 2018-06-13 09:46:50 -04:00
George Kadianakis
99974d4c1e Silence warning of relaycell/circbw tst.
Shouldn't send RELAY_COMMAND_DATA cell with 0 stream id.
2018-06-13 14:14:17 +03:00
George Kadianakis
2520ee34c6 Require live consensus to compute responsible HSDirs.
Here is how this changes the HSv3 client-side and service-side:

For service side we already required live consensus to upload descriptors (see
9e900d1db7) so we should never get there without
a live consensus.

For the client-side we now require a live consensus to attempt to connect to
HS.  While this changes the client behavior in principle, it doesn't really
change it, because we always required live consensus to set HSDir indices, so
before this patch a client with no live consensus would try to compute
responsible HSDirs without any HSDir indices and bug out. This makes the client
behavior more consistent, by requiring a live consensus (and hence a
semi-synced clock) for the client to connect to an HS entirely.

The alternative would have been to allow setting HSDir indices with a non-live
consensus, but this would cause the various problems outlined by commit
b89d2fa1db.
2018-06-13 13:42:34 +03:00
Nick Mathewson
bbbb5f39be bump to 0.3.3.7-dev 2018-06-12 12:05:09 -04:00
Nick Mathewson
ccf2d65610 bump to 0.3.4.2-alpha-dev 2018-06-12 12:04:58 -04:00
Nick Mathewson
16381b579e Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-12 09:44:17 -04:00
Nick Mathewson
53513e4bfe Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-12 09:44:17 -04:00
Nick Mathewson
eaa359650c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-12 09:44:17 -04:00
Nick Mathewson
03f3ee6d74 Merge branch 'maint-0.3.3' 2018-06-12 09:44:17 -04:00
Linus Nordberg
6cf9288518 Add IPv6 orport address for dannenberg. 2018-06-12 09:44:01 -04:00
Nick Mathewson
f2e7570c75 Bump to 0.3.3.7 2018-06-12 08:57:09 -04:00
Nick Mathewson
6230dfaf14 Merge branch 'maint-0.3.3' 2018-06-12 08:18:57 -04:00
Nick Mathewson
5d8a927aa3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-12 08:18:56 -04:00
Nick Mathewson
7fff99110b Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-12 08:18:56 -04:00
Nick Mathewson
d84581a3e6 Merge remote-tracking branch 'teor/bug26272-031' into maint-0.3.1 2018-06-12 08:18:53 -04:00
Nick Mathewson
f4e51990b9 Merge remote-tracking branch 'rl1987/bug26283' 2018-06-12 08:17:48 -04:00
Nick Mathewson
74ac463e7f Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-12 08:11:20 -04:00
Nick Mathewson
6dca180ae9 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-12 08:11:20 -04:00
Nick Mathewson
b2470f5140 Merge branch 'maint-0.3.3' 2018-06-12 08:11:20 -04:00
Nick Mathewson
19f3868523 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-12 08:11:19 -04:00
Nick Mathewson
fa195626bd bump to 0.3.4.2-alpha 2018-06-11 16:49:17 -04:00
Nick Mathewson
faf4580061 Several attempts to diagnose ticket 25686
There are a few reasons that relays might be uploading desciptors
without saying X-Desc-Gen-Reason:
  1. They are running an old version of our software, before 0.3.2.stable.
  2. They are not running our software, but they are claiming they
     are.
  3. They are uploading through a proxy that strips X-Desc-Gen-Reason.
  4. They somehow had a bug in their software.

According to the 25686 data, 1 is the most common reason.  This
ticket is an attempt to diagnose case 4, or prove that case 4
doesn't actually happen.
2018-06-11 16:24:00 -04:00
Karsten Loesing
ae540569ce Update geoip and geoip6 to the June 7 2018 database. 2018-06-11 21:58:55 +02:00
Nick Mathewson
f399887cfe Merge remote-tracking branch 'mikeperry-github/bug26259' 2018-06-08 10:17:00 -04:00
Nick Mathewson
a141127435 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-08 10:12:57 -04:00
Nick Mathewson
dd63033fcb Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-08 10:11:57 -04:00
Nick Mathewson
1ef8023e00 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-08 10:11:57 -04:00
Nick Mathewson
aef0607f38 Merge branch 'maint-0.3.3' 2018-06-08 10:11:57 -04:00
Nick Mathewson
c27bb4072c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-08 10:11:57 -04:00
rl1987
719b5c1d27 Avoid out-of-bounds smartlist access in protover_compute_vote()
and contract_protocol_list()
2018-06-08 10:11:32 -04:00
rl1987
25341245ae Implement GETINFO md/all 2018-06-08 13:25:25 +03:00
rl1987
39bbb8d9cf Avoid casting smartlist index implicitly 2018-06-04 11:56:37 +03:00
juga0
7d70f67dea Check bandwidth changes only if small uptime
to upload a new descriptor.
2018-06-03 18:24:27 +00:00
rl1987
9876575d2c Silence -Wbad-function-cast warning (when DEBUG_SMARTLIST is on) 2018-06-03 16:45:09 +03:00
teor
8366be3b51
Silence unused-const-variable warnings in zstd.h on some gcc versions
Fixes bug 26272; bugfix on 0.3.1.1-alpha.
2018-06-02 14:11:04 -07:00
Nick Mathewson
3716ddf1b4 Merge remote-tracking branch 'rl1987/doc25237' 2018-06-02 11:35:06 -07:00
Nick Mathewson
9f884a38e3 Merge branch 'maint-0.3.3' 2018-06-02 10:36:49 -07:00
Nick Mathewson
f15f90e2ca Merge branch 'bug26121-033-squashed' into maint-0.3.3 2018-06-02 10:36:44 -07:00
Mike Perry
fe5764012a Bug 26121: Improve BUILDTIMEOUT_SET accuracy.
We were miscounting the total number of circuits for the TIMEOUT_RATE and
CLOSE_RATE fields of this event.
2018-06-02 10:36:36 -07:00
Nick Mathewson
00e150a0e4 Merge branch 'bug25939_034_01_squashed' 2018-06-02 10:33:33 -07:00
David Goulet
66e76066e0 hs-v3: Build onion address before registering ephemeral service
With the work on #25500 (reducing CPU client usage), the HS service main loop
callback is enabled as soon as the HS service map changes which happens when
registering a new service.

Unfortunately, for an ephemeral service, we were building the onion address
*after* the registration leading to the "service->onion_address` to be an
empty string.

This broke the "HS_DESC CREATED" event which had no onion address in it. And
also, we were logging an empty onion address for that service.

Fixes #25939

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-06-02 10:33:20 -07:00
rl1987
b7fae0f48c Heed --disable-unittests properly 2018-06-02 12:53:04 +03:00
rl1987
f8d549db7b Point reader to a section in tor-spec.txt 2018-06-02 11:15:10 +03:00
Mike Perry
93ee227e18 Bug 26259: Don't count 0-length RELAY_COMMAND_DATA in CIRC_BW OVERHEAD
This cell should be treated as invalid for purposes of CIRC_BW.
2018-06-01 00:23:08 +00:00
Nick Mathewson
9d06c41c6e Make sure that the test_rust.sh script fails when a test fails
Exit codes from find(1) seem not to be so reliable as we had hoped.

Closes ticket 26258; bugfix on 0.3.3.4-alpha when we fixed #25560
2018-05-31 17:15:57 -07:00
rl1987
eb7a3fae08 Refrain from mentioning old bug in a warning 2018-05-30 19:44:20 +02:00
Nick Mathewson
d7bbfd0f62 Fix various typos 2018-05-30 07:57:22 -07:00
Nick Mathewson
fa1890e97f Merge remote-tracking branch 'public/bug25691_033_again_squashed' into maint-0.3.3 2018-05-27 10:03:11 -04:00
Nick Mathewson
3f3739c6e0 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-24 09:40:06 -04:00
Nick Mathewson
f48fb8a720 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-24 09:40:06 -04:00
Nick Mathewson
f42739e746 Merge branch 'maint-0.3.3' 2018-05-24 09:40:06 -04:00
Nick Mathewson
0ef432d457 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-24 09:40:06 -04:00
Nick Mathewson
c000763f1e Merge branch 'bug26116_033' into maint-0.3.3 2018-05-24 09:40:00 -04:00
Nick Mathewson
c380562aed Merge branch 'bug26116_029' into maint-0.2.9 2018-05-24 09:39:46 -04:00
Nick Mathewson
aeb4be1d5a Add a unit test for PEM-encrypted documents. 2018-05-24 09:36:33 -04:00
Nick Mathewson
36a107855b Merge branch 'bug26156_034' 2018-05-23 09:08:57 -04:00
Nick Mathewson
ff27b7ce60 Update version to 0.3.3.6-dev 2018-05-22 18:05:28 -04:00
Nick Mathewson
38f8b3c63d Merge branch 'maint-0.3.3' 2018-05-22 14:13:28 -04:00
Nick Mathewson
80d673ccea Merge branch 'trove-2018-005_032' into maint-0.3.3 2018-05-22 14:13:23 -04:00
Nick Mathewson
7483aef896 avoid a signed/unsigned comparison. 2018-05-22 14:12:44 -04:00
Nick Mathewson
cde5c9d0c3 Merge branch 'maint-0.3.3' 2018-05-22 13:35:33 -04:00
Nick Mathewson
a5d4ce2b39 Make the TROVE-2018-005 fix work with rust. 2018-05-22 13:35:20 -04:00
Nick Mathewson
b858f576c3 Merge branch 'maint-0.3.3' 2018-05-22 12:54:31 -04:00
Nick Mathewson
6e8e005b53 Merge branch 'trove-2018-005_032' into maint-0.3.3 2018-05-22 12:54:26 -04:00
Nick Mathewson
240bb17714 uint breaks compilation on windows 2018-05-22 12:54:05 -04:00
Nick Mathewson
074b182baa version bump to 0.3.3.6 2018-05-22 12:40:18 -04:00
Nick Mathewson
6442417fde fix wide lines 2018-05-22 12:32:00 -04:00
Isis Lovecruft
3283619acf vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. 2018-05-22 12:28:33 -04:00
Isis Lovecruft
701c2b69f5 rust: Mirror TROVE-2018-005 fix in Rust protover implementation.
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the
   splitting/parsing logic in to a new
   `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that
   both `from_str()` and `from_str_any_len()` can call it.)
 * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to
   maintain compatibility with consensus methods older than 29.
 * ADD a limit on the number of characters in a protocol name.
 * FIXES part of #25517: https://bugs.torproject.org/25517
2018-05-22 12:28:33 -04:00
Isis Lovecruft
056be68b1b protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing.
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of
`proto_entry_t`s to their protocol name concatenated with each version number.
For example, given a `proto_entry_t` like so:

    proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t));
    proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t));

    proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa");
    proto->ranges = smartlist_new();

    range->low = 1;
    range->high = 65536;

    smartlist_add(proto->ranges, range);

(Where `[19KB]` is roughly 19KB of `"a"` bytes.)  This would expand in
`expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the
string, e.g.:

    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1"
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2"
    […]
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535"

Thus constituting a potential resource exhaustion attack.

The Rust implementation is not subject to this attack, because it instead
expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031,
and a `HashMap<UnvalidatedProtocol, ProtoSet>` after).  Neither Rust version is
subject to this attack, because it only stores the `String` once per protocol.
(Although a related, but apparently of too minor impact to be usable, DoS bug
has been fixed in #24031. [0])

[0]: https://bugs.torproject.org/24031

 * ADDS hard limit on protocol name lengths in protover.c and checks in
   parse_single_entry() and expand_protocol_list().
 * ADDS tests to ensure the bug is caught.
 * FIXES #25517: https://bugs.torproject.org/25517
2018-05-22 12:28:33 -04:00
Isis Lovecruft
569b4e57e2 rust: Mirror TROVE-2018-005 fix in Rust protover implementation.
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the
   splitting/parsing logic in to a new
   `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that
   both `from_str()` and `from_str_any_len()` can call it.)
 * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to
   maintain compatibility with consensus methods older than 29.
 * ADD a limit on the number of characters in a protocol name.
 * FIXES part of #25517: https://bugs.torproject.org/25517
2018-05-22 12:27:25 -04:00
Nick Mathewson
a3a8d80beb Merge branch 'trove-2018-005_032' into trove-2018-005_033 2018-05-22 12:27:15 -04:00
Nick Mathewson
bc2d6876b3 Add stdbool to protover.h. Only needed for the 032 backport 2018-05-22 12:15:52 -04:00