Nick Mathewson
14ffcc003d
Merge branch 'maint-0.3.0'
2017-06-06 09:32:45 -04:00
Nick Mathewson
4ed0f0d62f
Make generate_ed_link_cert() a no-op on clients.
...
Fixes bug 22508; bug not in any released Tor.
2017-06-06 09:32:11 -04:00
Nick Mathewson
e3b1573be6
Merge branch 'maint-0.3.0'
2017-06-05 15:52:06 -04:00
Nick Mathewson
d5acdadaef
Merge branch 'bug22460_030_01' into maint-0.3.0
2017-06-05 15:44:36 -04:00
Nick Mathewson
26d9fffae4
Merge branch 'bug22466_diagnostic_030'
2017-06-05 09:52:09 -04:00
Nick Mathewson
be741d7e63
Merge branch 'maint-0.3.0'
2017-06-05 09:51:57 -04:00
Nick Mathewson
41ed9e978b
Regenerate RSA->ed25519 identity crosscertificate as needed
2017-06-01 10:04:52 -04:00
Nick Mathewson
f2068ef862
Use tor_assert_nonfatal() to try to detect #22466
2017-06-01 09:42:32 -04:00
Nick Mathewson
a9be768959
Bugfix: Regenerate more certificates when appropriate
...
Previously we could sometimes change our signing key, but not
regenerate the certificates (signing->link and signing->auth) that
were signed with it. Also, we would regularly replace our TLS x.509
link certificate (by rotating our TLS context) but not replace our
signing->link ed25519 certificate. In both cases, the resulting
inconsistency would make other relays reject our link handshakes.
Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
2017-05-31 18:45:35 -04:00
Nick Mathewson
7505f452c8
Run the copyright update script.
2017-03-15 16:13:17 -04:00
Nick Mathewson
558c04f5b1
Merge branch 'combined-fuzzing-v4'
2017-01-30 08:40:46 -05:00
Nick Mathewson
e2aeaeb76c
Make a bunch of signature/digest-checking functions mockable
2017-01-30 08:37:22 -05:00
David Goulet
e16148a582
relay: Honor DataDirectoryGroupReadable at key init
...
Our config code is checking correctly at DataDirectoryGroupReadable but then
when we initialize the keys, we ignored that option ending up at setting back
the DataDirectory to 0700 instead of 0750. Patch by "redfish".
Fixes #19953
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-17 14:40:01 -05:00
Nick Mathewson
e93234af70
Merge branch 'feature15056_v1_squashed'
2016-12-08 16:49:24 -05:00
Nick Mathewson
af3af49408
Add a function to check whether a given ed id key is ours
2016-12-08 16:47:58 -05:00
Nick Mathewson
c1e8dfd6cf
Fix compilation
2016-12-01 09:20:04 -05:00
s7r
215cc0d527
Improve log messages related to identity key
...
Improve the messages logged when Tor wants or needs to load the master ed25519 identity key so the user is explicitly informed when further action is required or not. Fixes ticket #20650 .
2016-11-27 13:07:43 +00:00
Nick Mathewson
32854aef28
whitespace fixes
2016-11-03 08:55:54 -04:00
Nick Mathewson
d9ca4e20bd
Merge branch 'feature_15055_v2'
2016-11-03 08:44:46 -04:00
Isis Lovecruft
19abc2eae7
Mark some functions as needing documentation in src/or/routerkeys.c.
2016-11-03 08:40:10 -04:00
Isis Lovecruft
a53059c6a0
Document two additional functions in src/or/routerkeys.c.
...
Adds docstrings for generate_ed_link_cert() and should_make_new_ed_keys().
2016-11-03 08:40:10 -04:00
Nick Mathewson
af2459f09e
Unit tests for cert-chain-processing, including failed cases
...
Check out the coverage!
2016-11-03 08:40:10 -04:00
Nick Mathewson
99af260acc
For testing: function to construct (but not save) Ed keys and certs
2016-11-03 08:40:09 -04:00
Nick Mathewson
e94f1b4e0d
Free rsa_ed_crosscert at exit.
...
Fixes bug 17779; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:21 -04:00
Nick Mathewson
961c8f4838
Module-document dnsserv.c, policies.c, routerkeys.c
2016-10-24 11:47:40 -04:00
Nick Mathewson
7026b607a0
Fix spurious compiler warning in do_getpass().
...
Some compilers apparently noticed that p2len was allowed to be equal
to msg, and so maybe we would be doing memset(prompt2, ' ', 0), and
decided that we probably meant to do memset(prompt2, 0, 0x20);
instead.
Stupid compilers, doing optimization before this kind of warning!
My fix is to just fill the entire prompt2 buffer with spaces,
because it's harmless.
Bugfix on e59f0d4cb9
, not in any released Tor.
2016-10-11 09:34:08 -04:00
George Kadianakis
e59f0d4cb9
Fix non-triggerable heap corruption at do_getpass().
2016-10-10 12:03:39 -04:00
Nick Mathewson
9fe6fea1cc
Fix a huge pile of -Wshadow warnings.
...
These appeared on some of the Jenkins platforms. Apparently some
GCCs care when you shadow globals, and some don't.
2016-07-28 10:22:10 -04:00
Nick Mathewson
4757303873
Fix all -Wshadow warnings on Linux
...
This is a partial fix for 18902.
2016-07-28 06:58:44 -04:00
Peter Palfrader
54c3066c72
Fix a typo in the getting passphrase prompt for the ed25519 identity key
2016-06-25 13:33:35 +02:00
Nick Mathewson
fdb57db581
Merge branch 'bug18133_027' into maint-0.2.8
2016-04-01 08:17:56 -04:00
Nick Mathewson
4093f343ca
fix indentation
2016-04-01 08:16:21 -04:00
Nick Mathewson
4895d8288c
Do not treat "DOCDOC" as doxygen.
2016-03-26 10:11:45 -04:00
Nick Mathewson
005a20ec85
Log a better message when OfflineMasterKey is set.
...
Fixes bug 18133; bugfix on 0.2.7.2-alpha.
2016-03-21 11:57:23 -04:00
Nick Mathewson
57699de005
Update the copyright year.
2016-02-27 18:48:19 +01:00
Nick Mathewson
fe6ca826df
Make sure that every module in src/or has a brief description.
2016-02-27 18:08:24 +01:00
Nick Mathewson
8a4bba06d2
Rename crypto_digest_all, and digests_t.
...
They are no longer "all" digests, but only the "common" digests.
Part of 17795.
This is an automated patch I made with a couple of perl one-liners:
perl -i -pe 's/crypto_digest_all/crypto_common_digests/g;' src/*/*.[ch]
perl -i -pe 's/\bdigests_t\b/common_digests_t/g;' src/*/*.[ch]
2016-02-10 15:28:19 -05:00
Nick Mathewson
9c4a0aef0c
Fix a memory leak in reading an expired ed signing key.
...
Closes 17403.
2015-10-21 11:16:28 -04:00
Nick Mathewson
df0b4f0342
Merge branch 'feature16769_squashed'
2015-09-22 09:26:30 -04:00
Nick Mathewson
bca4211de5
Add a --master-key option
...
This lets the user override the default location for the master key
when used with --keygen
Part of 16769.
2015-09-22 09:24:35 -04:00
Nick Mathewson
d8f031aec2
Add a new --newpass option to add or remove secret key passphrases.
2015-09-22 09:24:35 -04:00
Nick Mathewson
e94ef30a2f
Merge branch 'feature16944_v2'
2015-09-22 09:19:28 -04:00
Nick Mathewson
a444b11323
Convince coverity that we do not have a particular memory leak
2015-09-13 14:44:46 -04:00
Nick Mathewson
41891cbf93
Merge remote-tracking branch 'public/ed25519_hup_v2'
2015-09-10 10:37:13 -04:00
Nick Mathewson
d70b1b4da1
Never ever try to load the secret key if offline_master is set
...
(Not even if we can't find the public key.)
2015-09-04 09:55:07 -04:00
Nick Mathewson
0ba4e0895a
Add "OfflineMasterKey" option
...
When this is set, and Tor is running as a relay, it will not
generate or load its secret identity key. You can manage the secret
identity key with --keygen. Implements ticket 16944.
2015-09-04 09:55:07 -04:00
Nick Mathewson
b977a570c4
Fix a false-positive in coverity scan with an assertion
...
CID 1301373
2015-09-01 09:50:33 -04:00
Nick Mathewson
f64ef65b9d
Fix code for checking expired certificates on load
...
Fixes CID 1306915, which noticed that the check was dead.
2015-09-01 09:47:51 -04:00
Nick Mathewson
037e8763a7
Reload Ed25519 keys on sighup.
...
Closes ticket 16790.
2015-08-19 13:37:21 -04:00
Nick Mathewson
426ef9c8eb
More log messages for keygen problems
2015-08-19 13:36:51 -04:00