Commit Graph

16337 Commits

Author SHA1 Message Date
Nick Mathewson
47edbd4fad Fix build on 32-bit systems. 2016-06-11 13:26:05 -04:00
Nick Mathewson
ada5668c5e Merge remote-tracking branch 'public/bug19203_027' into maint-0.2.8 2016-06-11 10:16:00 -04:00
Nick Mathewson
d6b2af7a3a Merge branch 'bug19180_easy_squashed' 2016-06-11 10:15:40 -04:00
Nick Mathewson
e80a032b61 Add clang's -Wstring-conversion, and fix the one place it hits 2016-06-11 10:11:54 -04:00
Nick Mathewson
53a3b39da1 Add -Wmissing-variable-declarations, with attendant fixes
This is a big-ish patch, but it's very straightforward.  Under this
clang warning, we're not actually allowed to have a global variable
without a previous extern declaration for it.  The cases where we
violated this rule fall into three roughly equal groups:
  * Stuff that should have been static.
  * Stuff that was global but where the extern was local to some
    other C file.
  * Stuff that was only global when built for the unit tests, that
    needed a conditional extern in the headers.

The first two were IMO genuine problems; the last is a wart of how
we build tests.
2016-06-11 10:11:54 -04:00
Nick Mathewson
80f1a2cbbd Add the -Wextra-semi warning from clang, and fix the cases where it triggers 2016-06-11 10:11:54 -04:00
Nick Mathewson
c3adbf755b Resolve some warnings from OSX clang. 2016-06-11 10:11:53 -04:00
Nick Mathewson
9bbd6502f0 Use autoconf, not gcc version, to decide which warnings we have
This gives more accurate results under Clang, which can only help us
detect more warnings in more places.

Fixes bug 19216; bugfix on 0.2.0.1-alpha
2016-06-11 10:11:53 -04:00
Nick Mathewson
4caed2424a Enable -Woverlength-strings for GCC>=4.6 on MOST of the code.
IMO it's fine for us to make exceptions to this rule in the unit
tests, but not in the code at large.
2016-06-11 10:11:52 -04:00
Nick Mathewson
8f2d2933f9 Use -Wdouble-promotion in GCC >= 4.6
This warning triggers on silently promoting a float to a double.  In
our code, it's just a sign that somebody used a float by mistake,
since we always prefer double.
2016-06-11 10:11:52 -04:00
Nick Mathewson
493499a339 Add -Wfloat-conversion for GCC >= 4.9
This caught quite a few minor issues in our unit tests and elsewhere
in our code.
2016-06-11 10:11:52 -04:00
Nick Mathewson
2ff20c93a5 Add -Wunused-const-variable=2 on GCC >=6.1
This caused a trivial warning in curve25519-donna-64bit.h, which
had two unused constants.  I commented them out.
2016-06-11 10:11:52 -04:00
Nick Mathewson
b14c1f4082 Merge remote-tracking branch 'public/bug19203_027' into HEAD 2016-06-11 10:11:44 -04:00
Nick Mathewson
4f8086fb20 Enable -Wnull-dereference (GCC >=6.1), and fix the easy cases
This warning, IIUC, means that the compiler doesn't like it when it
sees a NULL check _after_ we've already dereferenced the
variable. In such cases, it considers itself free to eliminate the
NULL check.

There are a couple of tricky cases:

One was the case related to the fact that tor_addr_to_in6() can
return NULL if it gets a non-AF_INET6 address.  The fix was to
create a variant which asserts on the address type, and never
returns NULL.
2016-06-11 10:10:29 -04:00
Nick Mathewson
c274f825da Merge remote-tracking branch 'asn/bug17688' 2016-06-11 10:07:15 -04:00
Andrea Shepard
9eeaeddbb1 Reduce make check-spaces noise 2016-06-09 11:50:25 +00:00
Nick Mathewson
f016213f7f Unit tests for our zlib code to test and reject compression bombs. 2016-06-08 18:08:30 -04:00
Nick Mathewson
429d15c529 Mark the unreachable lines in compat_{,p}threads and workqueue
These are all related to failures from functions that either can't
fail as we call them, or where we cannot provoke failure.
2016-06-08 17:30:22 -04:00
Nick Mathewson
3cc374456b Add several test scripts wrapping test_workqueue
This is a fairly easy way for us to get our test coverage up on
compat_threads.c and workqueue.c -- I already implemented these
tests, so we might as well enable them.
2016-06-08 17:29:06 -04:00
George Kadianakis
36dd9538d9 Don't rely on consensus parameter to use a single guard. 2016-06-07 17:22:47 +03:00
Nick Mathewson
1e330e1947 Repair test_crypto_openssl_version with LibreSSL 2016-06-06 10:45:23 -04:00
Nick Mathewson
c19a3d1bf8 Merge branch 'maint-0.2.8' 2016-06-06 10:18:07 -04:00
Nick Mathewson
83513a93a1 Check tor_sscanf return value in test_crypto.c
Coverity noticed that we check tor_sscanf's return value everywhere
else.
2016-06-06 10:01:50 -04:00
Nick Mathewson
6eeedc02d8 Use directory_must_use_begindir to predict we'll surely use begindir
Previously, we used !directory_fetches_from_authorities() to predict
that we would tunnel connections.  But the rules have changed
somewhat over the course of 0.2.8
2016-06-02 10:40:39 -04:00
Nick Mathewson
ed0ecd9f13 Use tor_sscanf, not sscanf, in test_crypto.c
Fixes the 0.2.9 instance of bug #19213, which prevented mingw64 from
working.  This case wasn't in any released Tor.
2016-06-02 10:16:15 -04:00
Nick Mathewson
b458a81cc5 Merge branch 'maint-0.2.8' 2016-06-02 10:13:35 -04:00
Nick Mathewson
a32ca313c4 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-06-02 10:12:56 -04:00
Nick Mathewson
5854b19816 Use tor_sscanf, not sscanf, in test_util.c.
Fixes the 0.2.7 case of bug #19213, which prevented mingw64 from
working.
2016-06-02 10:11:29 -04:00
Nick Mathewson
3cdc8bfa2c Let's not even talk about those errors, ok? 2016-05-30 17:14:46 -04:00
Nick Mathewson
97f2c1c58e Wait, we had sprintf() in our unit tests?? FOR SHAME! 2016-05-30 16:50:57 -04:00
Nick Mathewson
4f1a04ff9c Replace nearly all XXX0vv comments with smarter ones
So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we
had better revisit this comment and fix it!"

But we have a huge pile of such comments accumulated for a large
number of released versions!  Not cool.

So, here's what I tried to do:

  * 0.2.9 and 0.2.8 are retained, since those are not yet released.

  * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks
    quite important!"

  * The others, after one-by-one examination, are downgraded to
    plain old XXX.  Which doesn't mean they aren't a problem -- just
    that they cannot possibly be a release-blocking problem.
2016-05-30 16:18:16 -04:00
Nick Mathewson
ce31db4326 We no longer generate v0 directories. Remove the code to do so 2016-05-30 16:05:37 -04:00
Nick Mathewson
bdc59e33c1 Fix a warning on unnamed nodes in node_get_by_nickname().
There was a > that should have been an ==, and a missing !.  These
together prevented us from issuing a warning in the case that a
nickname matched an Unnamed node only.

Fixes bug 19203; bugfix on 0.2.3.1-alpha.
2016-05-30 12:03:03 -04:00
Nick Mathewson
1e5ad15688 Merge remote-tracking branch 'arma/task19035-fixedup' 2016-05-27 13:22:16 -04:00
Roger Dingledine
3b83da1069 remove a now-unused section of or.h 2016-05-27 12:32:41 -04:00
Nick Mathewson
ce1dbbc4fd Enable the -Waggregate-return warning
Suppress it in the one spot in the code where we actually do want to
allow an aggregate return in order to call the mallinfo() API.
2016-05-27 11:26:14 -04:00
Nick Mathewson
0df2c5677a Use ENABLE_GCC_WARNING and DISABLE_GCC_WARNING in tortls.c
Previously we'd done this ad hoc.
2016-05-27 11:25:42 -04:00
Nick Mathewson
0279e48473 Add support for temporarily suppressing a warning
There are a few places where we want to disable a warning: for
example, when it's impossible to call a legacy API without
triggering it, or when it's impossible to include an external header
without triggering it.

This pile of macros uses GCC's c99 _Pragma support, plus the usual
macro trickery, to enable and disable warnings.
2016-05-27 11:23:52 -04:00
Roger Dingledine
500c4bf807 remove an unneeded layer of indentation
no actual behavior changes
2016-05-27 11:15:21 -04:00
Roger Dingledine
11d52a449c Disable GET /tor/bytes.txt and GETINFO dir-usage
Remove support for "GET /tor/bytes.txt" DirPort request, and
"GETINFO dir-usage" controller request, which were only available
via a compile-time option in Tor anyway.

Feature was added in 0.2.2.1-alpha. Resolves ticket 19035.
2016-05-27 11:15:21 -04:00
Nick Mathewson
437cbb17c2 Merge remote-tracking branch 'asn/feature19036' 2016-05-27 10:37:11 -04:00
Nick Mathewson
476714e1a4 Merge remote-tracking branch 'arma/bug18840' 2016-05-27 10:35:55 -04:00
Nick Mathewson
f25806409d Bump to 0.2.8.3-alpha-dev 2016-05-26 21:09:01 -04:00
Nick Mathewson
0a74346fe4 Bump to 0.2.8.3-alpha 2016-05-26 12:29:45 -04:00
Nick Mathewson
8c1c71aa2c Merge branch 'maint-0.2.8' 2016-05-26 12:12:54 -04:00
Nick Mathewson
a873ba8edd Fix two long lines 2016-05-26 12:11:57 -04:00
George Kadianakis
d875101e03 Functionify code that writes votes to disk. 2016-05-26 15:35:13 +03:00
Nick Mathewson
b7fac185a6 Merge branch 'maint-0.2.8' 2016-05-25 16:59:46 -04:00
Nick Mathewson
36b2b48308 Merge branch 'bug18668_028' into maint-0.2.8 2016-05-25 16:58:43 -04:00
Nick Mathewson
28cbcd033c Merge branch 'maint-0.2.8' 2016-05-25 16:40:51 -04:00
Nick Mathewson
9cf6af76eb Fix a double-free bug in routerlist_reparse_old
I introduced this bug when I moved signing_key_cert into
signed_descriptor_t. Bug not in any released Tor.  Fixes bug 19175, and
another case of 19128.

Just like signed_descriptor_from_routerinfo(), routerlist_reparse_old()
copies the fields from one signed_descriptor_t to another, and then
clears the fields from the original that would have been double-freed by
freeing the original.  But when I fixed the s_d_f_r() bug [#19128] in
50cbf22099, I missed the fact that the code was duplicated in
r_p_o().

Duplicated code strikes again!

For a longer-term solution here, I am not only adding the missing fix to
r_p_o(): I am also extracting the duplicated code into a new function.

Many thanks to toralf for patiently sending me stack traces until
one made sense.
2016-05-25 16:11:35 -04:00
Nick Mathewson
44ea3dc331 Merge branch 'maint-0.2.8' 2016-05-25 10:21:15 -04:00
Nick Mathewson
6d375f17fc Merge branch 'bug19161_028_v2' into maint-0.2.8 2016-05-25 10:17:26 -04:00
Nick Mathewson
a3ec811c2e Merge branch 'maint-0.2.8' 2016-05-25 09:27:47 -04:00
Nick Mathewson
fdfc528f85 Merge branch 'bug19152_024_v2' into maint-0.2.8 2016-05-25 09:26:45 -04:00
Nick Mathewson
c4c4380a5e Fix a dangling pointer issue in our RSA keygen code
If OpenSSL fails to generate an RSA key, do not retain a dangling
pointer to the previous (uninitialized) key value. The impact here
should be limited to a difficult-to-trigger crash, if OpenSSL is
running an engine that makes key generation failures possible, or if
OpenSSL runs out of memory. Fixes bug 19152; bugfix on
0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and Baishakhi
Ray.

This is potentially scary stuff, so let me walk through my analysis.
I think this is a bug, and a backport candidate, but not remotely
triggerable in any useful way.

Observation 1a:

Looking over the OpenSSL code here, the only way we can really fail in
the non-engine case is if malloc() fails.  But if malloc() is failing,
then tor_malloc() calls should be tor_asserting -- the only way that an
attacker could do an exploit here would be to figure out some way to
make malloc() fail when openssl does it, but work whenever Tor does it.

(Also ordinary malloc() doesn't fail on platforms like Linux that
overcommit.)

Observation 1b:

Although engines are _allowed_ to fail in extra ways, I can't find much
evidence online  that they actually _do_ fail in practice. More evidence
would be nice, though.

Observation 2:

We don't call crypto_pk_generate*() all that often, and we don't do it
in response to external inputs. The only way to get it to happen
remotely would be by causing a hidden service to build new introduction
points.

Observation 3a:

So, let's assume that both of the above observations are wrong, and the
attacker can make us generate a crypto_pk_env_t with a dangling pointer
in its 'key' field, and not immediately crash.

This dangling pointer will point to what used to be an RSA structure,
with the fields all set to NULL.  Actually using this RSA structure,
before the memory is reused for anything else, will cause a crash.

In nearly every function where we call crypto_pk_generate*(), we quickly
use the RSA key pointer -- either to sign something, or to encode the
key, or to free the key.  The only exception is when we generate an
intro key in rend_consider_services_intro_points().  In that case, we
don't actually use the key until the intro circuit is opened -- at which
point we encode it, and use it to sign an introduction request.

So in order to exploit this bug to do anything besides crash Tor, the
attacker needs to make sure that by the time the introduction circuit
completes, either:
  * the e, d, and n BNs look valid, and at least one of the other BNs is
    still NULL.
OR
  * all 8 of the BNs must look valid.

To look like a valid BN, *they* all need to have their 'top' index plus
their 'd' pointer indicate an addressable region in memory.

So actually getting useful data of of this, rather than a crash, is
going to be pretty damn hard.  You'd have to force an introduction point
to be created (or wait for one to be created), and force that particular
crypto_pk_generate*() to fail, and then arrange for the memory that the
RSA points to to in turn point to 3...8 valid BNs, all by the time the
introduction circuit completes.

Naturally, the signature won't check as valid [*], so the intro point
will reject the ESTABLISH_INTRO cell.  So you need to _be_ the
introduction point, or you don't actually see this information.

[*] Okay, so if you could somehow make the 'rsa' pointer point to a
different valid RSA key, then you'd get a valid signature of an
ESTABLISH_INTRO cell using a key that was supposed to be used for
something else ... but nothing else looks like that, so you can't use
that signature elsewhere.

Observation 3b:

Your best bet as an attacker would be to make the dangling RSA pointer
actually contain a fake method, with a fake RSA_private_encrypt
function that actually pointed to code you wanted to execute.  You'd
still need to transit 3 or 4 pointers deep though in order to make that
work.

Conclusion:

By 1, you probably can't trigger this without Tor crashing from OOM.

By 2, you probably can't trigger this reliably.

By 3, even if I'm wrong about 1 and 2, you have to jump through a pretty
big array of hoops in order to get any kind of data leak or code
execution.

So I'm calling it a bug, but not a security hole. Still worth
patching.
2016-05-25 09:23:57 -04:00
Nick Mathewson
6abceca182 Merge branch 'memarea_overflow_027_squashed' into maint-0.2.8 2016-05-25 09:22:02 -04:00
Nick Mathewson
be2d37ad3c Fix a pointer arithmetic bug in memarea_alloc()
Fortunately, the arithmetic cannot actually overflow, so long as we
*always* check for the size of potentially hostile input before
copying it.  I think we do, though.  We do check each line against
MAX_LINE_LENGTH, and each object name or object against
MAX_UNPARSED_OBJECT_SIZE, both of which are 128k.  So to get this
overflow, we need to have our memarea allocated way way too high up
in RAM, which most allocators won't actually do.

Bugfix on 0.2.1.1-alpha, where memarea was introduced.

Found by Guido Vranken.
2016-05-25 09:20:37 -04:00
Nick Mathewson
0ef36626ea Use calloc, not malloc(a*b), in ed25519 batch signature check fn
[Not a triggerable bug unless somebody is going to go checking
millions+ of signatures in a single go.]
2016-05-25 08:59:08 -04:00
Nick Mathewson
be3875cda2 Make sure that libscrypt_scrypt actually exists before using it.
Previously, if the header was present, we'd proceed even if the
function wasn't there.

Easy fix for bug 19161.  A better fix would involve trying harder to
find libscrypt_scrypt.
2016-05-24 10:31:02 -04:00
Nick Mathewson
b53a2059c4 Expose crypto_digest_algorithm_get_length from crypto.c
Also, use it in routerparse.c
2016-05-23 10:58:27 -04:00
Nick Mathewson
2a884926c0 Merge remote-tracking branch 'dgoulet/bug19066_029_01' 2016-05-23 10:45:13 -04:00
Nick Mathewson
9c7edb0f3e Merge branch 'maint-0.2.8' 2016-05-20 10:46:50 -04:00
cypherpunks
0e20d056e9 Prevent ASAN from registering a SIGSEGV handler
AddressSanitizer's (ASAN) SIGSEGV handler overrides the backtrace
handler and prevents it from printing its backtrace. The output of ASAN
is different from what 'bt_test.py' expects and causes backtrace test
failures.

The 'allow_user_segv_handler' option allows applications to set their
own SIGSEGV handler but is not supported by older GCC versions. These
older GCC versions do support the 'handle_segv' which prevents ASAN from
setting its SIGSEGV handler.
2016-05-20 08:34:18 -04:00
Nick Mathewson
22eed6dec2 Whoops. We use -Wmussing-prototypes. 2016-05-20 08:29:26 -04:00
Nick Mathewson
acc083b520 Make another variable unsigned. 2016-05-20 08:12:09 -04:00
Nick Mathewson
50cbf22099 Fix a bug related to moving signing_key_cert
Now that the field exists in signed_descriptor_t, we need to make
sure we free it when we free a signed_descriptor_t, and we need to
make sure that we don't free it when we convert a routerinfo_t to a
signed_descriptor_t.

But not in any released Tor. I found this while working on #19128.

One problem: I don't see how this could cause 19128.
2016-05-20 07:59:09 -04:00
Nick Mathewson
f2205071f0 Remove round_int64_to_next_multiple_of: It is now unused. 2016-05-19 21:21:24 -04:00
Nick Mathewson
2775dd8649 Compute HS stats outputs without round_int64_...
Fix for bug 19130.
2016-05-19 21:21:24 -04:00
Nick Mathewson
dcc4fd4403 Merge branch 'maint-0.2.8' 2016-05-19 16:05:13 -04:00
Nick Mathewson
33841a6030 Merge remote-tracking branch 'teor/fix18809-warnings' into maint-0.2.8 2016-05-19 16:04:56 -04:00
Nick Mathewson
649785d464 Merge branch 'link_ftrapv_clang32' 2016-05-19 16:01:35 -04:00
Nick Mathewson
4a14c2cfc7 Merge branch 'maint-0.2.8' 2016-05-19 15:56:39 -04:00
Nick Mathewson
0d6f293e0e Merge remote-tracking branch 'public/bug19073' into maint-0.2.8 2016-05-19 15:56:31 -04:00
teor (Tim Wilson-Brown)
2d21f03cdc
Fix unused-but-set-variable warnings in the connection unit tests
No behaviour change - just remove the variables
2016-05-19 12:49:36 -04:00
teor (Tim Wilson-Brown)
c5d87ef6af
Describe what happens when we get a consensus, but no certificates
Comment-only change
2016-05-19 12:35:09 -04:00
Nick Mathewson
a7a44f2db0 Merge branch 'maint-0.2.8' 2016-05-19 08:29:58 -04:00
Nick Mathewson
06803c317f Fix a compilation error in test_dir.c 2016-05-19 08:27:11 -04:00
Nick Mathewson
d718c717a6 Merge branch 'maint-0.2.8' 2016-05-19 08:25:12 -04:00
Nick Mathewson
9f217c83b0 Merge branch 'bug18809_028_squashed' into maint-0.2.8 2016-05-19 08:17:02 -04:00
teor (Tim Wilson-Brown)
f698b509d8 Add unit tests for networkstatus_consensus_is_bootstrapping 2016-05-19 07:58:41 -04:00
teor (Tim Wilson-Brown)
d5c70d7102 Restore and improve download schedule unit tests 2016-05-19 07:58:41 -04:00
teor (Tim Wilson-Brown)
4254d0297c Update unit tests for multiple bootstrap connections 2016-05-19 07:58:41 -04:00
teor (Tim Wilson-Brown)
ab0a7e2961 Remove consensus_max_download_tries by refactoring
No behaviour change

This function is used twice. The code is simpler if we split
it up and inline it where it is used.
2016-05-19 07:58:40 -04:00
teor (Tim Wilson-Brown)
84ab26c320 Stop downloading consensuses when a consensus has been downloaded
Previosuly, during bootstrap, we would continue to download
consensuses if we had a consensus, but didn't have the certificates
to validate it.
2016-05-19 07:58:40 -04:00
Nick Mathewson
6d6c8287d5 Include __mulodi4 in libor_ctime when it fixes clang -m32 -ftrapv
We use a pretty specific pair of autoconf tests here to make sure
that we only add this code when:
   a) a 64-bit signed multiply fails to link,
 AND
   b) the same 64-bit signed multiply DOES link correctly when
      __mulodi4 is defined.

Closes ticket 19079.
2016-05-18 09:50:38 -04:00
Nick Mathewson
33034600c2 Add __mulodi4 source to src/ext
We need to define this function when compiling with clang -m32 -ftrapv,
since otherwise we get link errors, since apparently some versions
of libclang_rt.builtins don't define a version of it that works? Or
clang doesn't know to look for it?

This definition is taken from the LLVM source at
  https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/builtins/mulodi4.c

I've also included the license (dual BSD-ish/MIT-ish).
2016-05-18 09:44:01 -04:00
Nick Mathewson
159ea7a88f Fix a bad sizeof() in test_crypto.c. Harmless. Spotted by coverity. 2016-05-18 08:29:13 -04:00
Nick Mathewson
2729f166cb whitespace fixes 2016-05-17 20:08:03 -04:00
Nick Mathewson
ab932cd7bf Remove duplicate siging_key_cert fields.
With the fix for #17150, I added a duplicate certificate here.  Here
I remove the original location in 0.2.8.  (I wouldn't want to do
that in 027, due to the amount of authority-voting-related code
drift.)

Closes 19073.
2016-05-17 20:04:16 -04:00
Nick Mathewson
a7f6e434be Merge branch 'maint-0.2.8' 2016-05-17 19:48:49 -04:00
Nick Mathewson
3f49474349 Merge branch 'bug17150_027_extra' into maint-0.2.8 2016-05-17 19:47:22 -04:00
Nick Mathewson
00f74e0372 Improve API of routerinfo_incompatible_with_extrainfo()
This API change makes it so that routerinfo_incompatible...() no
longer takes a routerinfo_t, so that it's obvious that it should
only look at fields from the signed_descriptor_t.

This change should prevent a recurrence of #17150.
2016-05-17 13:24:01 -04:00
Nick Mathewson
49ff09aef2 Fix another, more subtle, case of bug 17150.
We need to make sure that the corresponding sd and ei match in their
certificates.
2016-05-17 13:16:36 -04:00
Nick Mathewson
8acfac7375 Copy the signing_key_cert field into signed_descriptor_t
We need this field to be in signed_descriptor_t so that
routerinfo_incompatible_with_extrainfo can work correctly (#17150).
But I don't want to move it completely in this patch, since a great
deal of the code that messes with it has been in flux since 0.2.7,
when this ticket was opened.  I should open another ticket about
removing the field from routerinfo_t and extrainfo_t later on.

This patch fixes no actual behavior.
2016-05-17 13:14:04 -04:00
Nick Mathewson
64748f2f98 Fix documentation for routerinfo_incompatible_with_extrainfo 2016-05-17 13:08:34 -04:00
Nick Mathewson
7d1eb0d570 When making sure digest256 matches in ei, look at sd, not ri.
The routerinfo we pass to routerinfo_incompatible_with_extrainfo is
the latest routerinfo for the relay.  The signed_descriptor_t, on
the other hand, is the signed_descriptor_t that corresponds to the
extrainfo.  That means we should be checking the digest256 match
with that signed_descriptor_t, not with the routerinfo.

Fixes bug 17150 (and 19017); bugfix on 0.2.7.2-alpha.
2016-05-17 12:57:03 -04:00
Nick Mathewson
44da47d3c1 Move extra_info_digest256 into signed_descriptor_t
This patch includes no semantic changes; it's just a field movement.

It's prerequisite for a fix to 19017/17150.
2016-05-17 12:53:12 -04:00
Nick Mathewson
36909674b4 Merge remote-tracking branch 'teor/bug18963-remember-v2' 2016-05-17 12:15:53 -04:00
Nick Mathewson
6382cd93cb Merge branch 'maint-0.2.8' 2016-05-17 11:10:20 -04:00
Nick Mathewson
548d14247e Merge remote-tracking branch 'arma/bug18616-v4' into maint-0.2.8 2016-05-17 10:48:12 -04:00
Roger Dingledine
06031b441e touchups and refactorings on bug 18616 branch
no behavior changes
2016-05-16 17:43:47 -04:00
Nick Mathewson
0f9b0b8bfe Initialize networking _before_ initializing libevent in the tests
This prevents WSANOTINITIALISED errors and fixes bug 18668. Bugfix
on 0.2.8.1-alpha -- 1bac468882 specifically.
2016-05-16 14:30:04 -04:00
David Goulet
50ff24e276 dirauth: don't use hardcoded length when parsing digests
When parsing detached signature, we make sure that we use the length of the
digest algorithm instead of an hardcoded DIGEST256_LEN in order to avoid
comparing bytes out of bound with a smaller digest length such as SHA1.

Fixes #19066

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-05-16 11:18:51 -04:00
Nick Mathewson
249f3a1664 Fix memory leak in test_crypto_aes_ctr_testvec 2016-05-16 09:55:09 -04:00
Nick Mathewson
9abd7b8f90 Windows lacks truncate(3).
Fix the new crypto tests, which used truncate(3).
2016-05-16 09:25:19 -04:00
Nick Mathewson
060e0d0a75 Merge branch 'crypto_unit_tests_v2_squashed' 2016-05-16 08:26:11 -04:00
Nick Mathewson
62c5a1fa45 Mark even more crypto lines (the fragile_assert ones) as unreachable 2016-05-16 08:26:00 -04:00
Nick Mathewson
b688945dfb Refactor digest allocation backend code
I'm doing this to simplify crypto_digest_smartlist_prefix, and make
it better covered by our tests.
2016-05-16 08:26:00 -04:00
Nick Mathewson
365d0fcc6d Cover all our DH code, and/or mark it unreachable. 2016-05-16 08:26:00 -04:00
Nick Mathewson
94b34d1be6 At long last, unit tests for degenerate DH public keys.
Apparently, we detect and reject them correctly. Aren't you glad?
2016-05-16 08:26:00 -04:00
Nick Mathewson
98a590577a Treat absent argument to crypto_log_errors as a bug. 2016-05-16 08:26:00 -04:00
Nick Mathewson
d88656ec06 Slight improvements to DH coverage. 2016-05-16 08:25:59 -04:00
Nick Mathewson
c395334879 Mark some unreachable lines in crypto.c 2016-05-16 08:25:59 -04:00
Nick Mathewson
7a5f15b6e0 Improve test coverage of our strongest-rng code. 2016-05-16 08:25:59 -04:00
Nick Mathewson
148f0004e1 Test coverage on ed25519 load/store functions. 2016-05-16 08:25:59 -04:00
Nick Mathewson
ec81329339 Do not leak the 'tag' when trying to read a truncated ed25519 key file
Fix for bug 18956.
2016-05-16 08:25:59 -04:00
Nick Mathewson
5b91e70a4f Mark unreachable lines in crypto_ed25519.c 2016-05-16 08:25:59 -04:00
Nick Mathewson
8a536be705 Mark unreachable lines in crypto_curve25519.c
Also, resolve a bug in test_ntor_cl.c
2016-05-16 08:25:53 -04:00
Nick Mathewson
820b1984ad Mark three lines unreachable, with extensive docs and use of BUG macros 2016-05-16 08:25:53 -04:00
Nick Mathewson
df3a5e0cad HKDF-SHA256 test vectors from RFC5869 2016-05-16 08:25:53 -04:00
Nick Mathewson
7bc9d1e002 Merge branch 'maint-0.2.8' 2016-05-12 15:33:56 -04:00
Nick Mathewson
e8cc9f3edf Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-12 15:33:47 -04:00
Nick Mathewson
4165b1a0da Merge branch 'bug18977_026_v2' into maint-0.2.7 2016-05-12 15:33:35 -04:00
Nick Mathewson
44cbd00dfa Fix a compiler warning on windows when sizeof(long)==sizeof(int) 2016-05-12 14:51:38 -04:00
Nick Mathewson
20b01cece8 Merge branch 'bug18977_024_v2' into bug18977_026_v2
Had conflicts related to other correct_tm bugs in 0.2.6.  Added wday
for another case.
2016-05-12 14:39:06 -04:00
Nick Mathewson
e57f26c135 Have correct_tm set tm_wday as well.
The tm_wday field had been left uninitialized, which was causing
some assertions to fail on Windows unit tests.

Fixes bug 18977.
2016-05-12 14:37:27 -04:00
Nick Mathewson
6bc052365a Use a much less clever scan_signed no-overflow hack 2016-05-12 14:33:26 -04:00
Nick Mathewson
a7207329a8 Run tor_sscanf test in subprocess, in hopes of coaxing more info from jenkins 2016-05-12 13:37:05 -04:00
Nick Mathewson
445e05a015 Fix inconsistent tab/space mixing in include.am files.
This is a whitespace only, cosmetic fix.

There is still some inconsistency between lists, but less
inconsistency inside individual lists.
2016-05-12 13:06:58 -04:00
Nick Mathewson
607a9056d4 Merge branch 'ftrapv_v3'
There were some conflicts here, and some breakage to fix concerning
library link order in newer targets.
2016-05-12 13:00:45 -04:00
Nick Mathewson
fb999abea6 Document why we build memwipe that way. 2016-05-12 12:56:47 -04:00
Nick Mathewson
b1dce55b82 Do not apply bugtrapping flags to test-memwipe, since testing memwipe requires bugs.
Fixes bug 18901.
2016-05-12 11:22:10 -04:00
Nick Mathewson
ef01109932 Rename SOURCES to SRC for things in include.am 2016-05-12 11:21:28 -04:00
Nick Mathewson
e40cfc4425 Move the ctime part of choose_array_element_by_weight into di_ops
This way it gets the ctime options.
2016-05-12 11:21:28 -04:00
Nick Mathewson
20432fc541 Refactor out u64_dbl_t
This type saved a tiny amount of allocation, but not enough to be
worth keeping.

(This is in preparation for moving choose_array_element_by_weight)
2016-05-12 11:21:28 -04:00
Nick Mathewson
ce854a8d22 Add -ftrapv to gcc-hardening ... mostly!
We know there are overflows in curve25519-donna-c32, so we'll have
to have that one be fwrapv.

Only apply the asan, ubsan, and trapv options to the code that does
not need to run in constant time.  Those options introduce branches
to the code they instrument.

(These introduced branches should never actually be taken, so it
might _still_ be constant time after all, but branch predictors are
complicated enough that I'm not really confident here. Let's aim for
safety.)

Closes 17983.
2016-05-12 11:21:28 -04:00
Nick Mathewson
58e0e587a6 Merge branch 'maint-0.2.8' 2016-05-12 11:09:40 -04:00
Nick Mathewson
ce6f2d1c4d Merge remote-tracking branch 'arma/bug19003-try2' into maint-0.2.8 2016-05-12 11:09:33 -04:00
Nick Mathewson
f936f186b2 Use tor_queue.h, not sys/queue.h, in timeouts.[ch].
Closes 19041.
2016-05-12 10:10:59 -04:00
Nick Mathewson
99c0e1bd5b Fix bad allocation in pubsub.c
Closes 19038.  Bug not in any released Tor.
2016-05-12 09:56:42 -04:00
Roger Dingledine
5a83122961 Authorities now sort the "package" lines in their votes
(They are already sorted in the consensus documents)

Fixes bug 18840; bugfix on 0.2.6.3-alpha.
2016-05-11 19:04:13 -04:00
Roger Dingledine
694f1fe808 write v3-status-votes file earlier in consensus voting
Make directory authorities write the v3-status-votes file out
to disk earlier in the consensus process, so we have the votes
even if we abort the consensus process later on.

Resolves ticket 19036.
2016-05-11 17:34:38 -04:00
Roger Dingledine
9e44273a4a fix 'make dist' which was broken by ticket 18365's merge 2016-05-11 16:15:37 -04:00
Nick Mathewson
e3a4511049 Merge remote-tracking branch 'public/bug18815' 2016-05-11 14:12:39 -04:00
Roger Dingledine
ad8b9dcd47 Merge branch 'maint-0.2.8' 2016-05-11 13:43:06 -04:00
Roger Dingledine
163cee1b64 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-11 13:42:40 -04:00
Roger Dingledine
d40e8695f4 unbreak the build (when warnings are enabled) 2016-05-11 13:42:00 -04:00
Nick Mathewson
60e9e48448 Merge branch 'ticket16698_v2' 2016-05-11 13:39:38 -04:00
Nick Mathewson
03ae44a9e8 Fix comment for directory_handle_command_get 2016-05-11 13:39:11 -04:00