Commit Graph

36087 Commits

Author SHA1 Message Date
David Goulet
3604d86a01 trace: Helper macro to disambiguate identifiers
In order to disambiguate the subsystem and event_name identifiers in the
tor_trace() macro, add TR_SUBSYS() and TR_EV() which help to identify the
parameters of tor_trace() explicitly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:18:33 -04:00
David Goulet
d80c34d214 trace: Move LTTng specific declartion to .inc file
LTTng tracepoint probe declaration is not really following a C standard that
coccinelle and checkSpace.pl likes.

Move everything to a .inc file and standardize the trace_probes_circuit.h
header to include that LTTng specific file if the instrumentation was enabled
at configure time.

Part of #32910

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:18:33 -04:00
David Goulet
24a5983d84 trace: Only build probes if instrumentation is enabled
For now, trace_probes_circuit.c only contains LTTng probes so build it only if
enabled within in the build system _and_ the code.

Also, ignore trace_probes_circuit.h for coccinelle parsing.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:12:37 -04:00
David Goulet
79d6127a47 trace: Comments and improve doc/HACKING/Tracing.md
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:12:36 -04:00
David Goulet
c8f632784b trace: Add two circuit tracepoints for new circuits
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:10:30 -04:00
David Goulet
4cb6887471 trace: Add two origin circuit specific tracepoints
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:10:30 -04:00
David Goulet
d36a44ffa9 trace: Add four generic circuit tracepoints
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:10:29 -04:00
David Goulet
a706334577 trace: Add four more circuit subsystem tracepoints
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:10:08 -04:00
David Goulet
bf0e2ae0d0 trace: Add single tracepoint in circuit subsystem
This is the very first tracepoint in tor. It is in the circuit subsystem for
when a new circuit opens.

LTTng instrumentation requires lot more around a tracepoint than USDT thus
this commit only adds one tracepoint in order to outline a base to add more
tracepoints later.

The idea is that we separate subsystem into what LTTng defines as "providers"
so the circuit provider contains the tracepoint definitions for the circuit
subsystem.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:10:08 -04:00
David Goulet
c31d469f37 trace: Comments and configure fix
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:10:08 -04:00
David Goulet
0de543aae6 trace: Add LTTng-UST interface support
No probes at this point. They are per subsystem and thus in later commits.

Part of #32910
2020-07-08 09:10:08 -04:00
David Goulet
668fc70a20 trace: Add USDT probes generation support
This commit adds both configure options and probe generation for tracepoints.

Part of #32910

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:10:08 -04:00
David Goulet
70f031528d trace: Hook lib/trace as a subsystem
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:10:08 -04:00
David Goulet
6fc6cbd9b3 trace: Better structure lib/trace and configure options
In the next commits, we'll add more tracing options for instrumentation and
specific tracer.

This rename follows a more meaningful naming standard. It also adds a catch
all "HAVE_TRACING" define that indicate in the code that we have tracing
enabled.

Part of #32910

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 09:10:08 -04:00
David Goulet
46e3484261 addr: Initialize resolved address cache to NULL address
Related to #40022

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 07:50:50 -04:00
David Goulet
9b2cadb492 addr: Validate identity key when getting a suggestion
We do look at the address but with this we also look if the identity digest of
the relay suggesting us an address is a trusted source.

Related to #40022

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-08 07:46:16 -04:00
Alexander Færøy
c364e0e83b Merge branch 'maint-0.4.2' into maint-0.4.3 2020-07-08 00:36:48 +00:00
Alexander Færøy
e4bfa734a6 Merge branch 'maint-0.4.4' 2020-07-08 00:36:48 +00:00
Alexander Færøy
9603d8af0b Merge branch 'maint-0.4.3' into maint-0.4.4 2020-07-08 00:36:48 +00:00
Alexander Færøy
b81e24cda6 Merge branch 'maint-0.3.5' into maint-0.4.2 2020-07-08 00:36:47 +00:00
Nick Mathewson
3e08dd9df1 Resolve a compiler warning from a 32-bit signed/unsigned comparison
This warning only affects platforms (like win32) with 32-bit time_t.

Fixes bug 40028; bugfix on 0.3.2.8-rc.
2020-07-07 15:05:38 -04:00
David Goulet
66d5292ee6 Revert "config: Make clients tell dual-stack exits they prefer IPv6"
This reverts commit bf2a399fc0.

Don't set by default the prefer IPv6 feature on client ports because it breaks
the torsocks use case. The SOCKS resolve command is lacking a mechanism to ask
for a specific address family (v4 or v6) thus prioritizing IPv6 when an IPv4
address is asked on the resolve SOCKS interface resulting in a failure.

Tor Browser explicitly set PreferIPv6 so this should not affect the majority
of our users.

Closes #33796

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-07 12:58:41 -04:00
Nick Mathewson
9e33391ebb Merge remote-tracking branch 'tor-github/pr/1974/head' 2020-07-07 11:08:20 -04:00
David Goulet
640a777c9b Merge branch 'ticket33236_045_01' 2020-07-07 11:01:26 -04:00
David Goulet
809c864707 addr: Attempt to learn our address with ORPort
If no Address statement are found in the configuration file, attempt to learn
our address by looking at the ORPort address if any. Specifying an address is
optional so if we can't find one, it is fine, we move on to the next discovery
mechanism.

Note that specifying a hostname on the ORPort is not yet supported at this
commit.

Closes #33236

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-07 10:52:43 -04:00
Alexander Færøy
a213d27938 Merge branch 'maint-0.4.2' into maint-0.4.3 2020-07-07 14:48:36 +00:00
Alexander Færøy
d4c79cae76 Merge branch 'maint-0.4.3' into maint-0.4.4 2020-07-07 14:48:36 +00:00
Alexander Færøy
aa80f73fc4 Merge branch 'maint-0.4.4' 2020-07-07 14:48:36 +00:00
Alexander Færøy
19d579e8cb Merge branch 'maint-0.3.5' into maint-0.4.2 2020-07-07 14:48:35 +00:00
David Goulet
15be1ff8ad changes: Add a changes file for #40022
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-07 10:41:10 -04:00
David Goulet
f5ce8a2bed channel: Consider NETINFO other address as ours
Attempt to learn our address from the NETINFO cell.

At this commit, the address won't be used in the descriptor if selected. Next
commit will make it happen.

Related to #40022

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-07 10:41:10 -04:00
David Goulet
192d367b41 addr: New function relay_address_new_suggestion()
This behaves like router_new_address_suggestion() but differs in couple of
ways:

  1. It takes a tor_addr_t instead of an address string and supports both
     AF_INET and AF_INET6.
  2. It does _not_ use the last_guessed_ip local cache and instead only relies
     on the last resolved address cache in resolve_addr.c

It is not used at this commit. This function is made to process a suggested
address found in a NETINFO cell exactly like router_new_address_suggestion()
does with the address a directory suggests us.

Related to #40022

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-07 10:41:10 -04:00
David Goulet
f57ce632fe addr: Rename and make resolved_addr_set_last() function public
Rename the static function update_resolved_cache() to resolved_addr_set_last()
and make it public.

We are about to use it in order to record any suggested address from a NETINFO
cell.

Related to #40022

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-07 10:41:10 -04:00
David Goulet
78bc52c47c channel: Continue refactor NETINFO process function
In the spirit of reducing technical debt. Move code that marks a channel as a
client into its own function and document it properly.

No behavior change, only code movement.

Related to #40022

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-07 10:41:10 -04:00
David Goulet
789beca783 channel: Refactor NETINFO process function
In order to process a NETINFO cell, the OR connection needs to go through a
series of validation else we don't process the cell.

Move those into its own function in and improve documentation.

This is an attempt at reducing technical debt of the rather large and
complicated channel_tls_process_netinfo_cell() function.

Related to #40022

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-07 10:37:06 -04:00
Nick Mathewson
bc63f59f3c Add correct exclusions to Doxyfile.in.
Now that we have src/ext/ext.md (since b0a716dfb0), we
don't want to have src/ext excluded in its entirety.

Like a smart person, when I added src/ext/ext.md, I edited Doxyfile,
forgetting that it is generated from Doxyfile.in.  :/

This should fix travis builds.
2020-07-07 10:24:24 -04:00
David Goulet
d9cc2b2928 CI: Fix Appveyor printf format error
For some reasons, Appveyor started to use the stdio printf format for 64 bit
values (PRIu64, ...). Mingw doesn't like that so force it to use the Windows
specific macros by setting D__USE_MINGW_ANSI_STDIO=0.

Fixes #40026
2020-07-07 09:53:54 -04:00
George Kadianakis
86fdddccb2 Merge branch 'tor-github/pr/1973' 2020-07-07 15:34:14 +03:00
Nick Mathewson
2aa5e95f58 Fix coccinelle complaint in test-memwipe.c 2020-07-07 15:33:35 +03:00
Bartosz Duszel
9cefc47231 add changes file for ticket31699 2020-07-07 08:00:30 -04:00
Bartosz Duszel
c890a06fe4 remove autoconf check for malloc 2020-07-07 08:00:30 -04:00
Bartosz Duszel
da85062631 remove autoconf check for EVP_sha3_256 2020-07-07 08:00:30 -04:00
Bartosz Duszel
b192bc6ff3 remove autoconf check for htonll 2020-07-07 08:00:30 -04:00
Bartosz Duszel
06dafe8c1f remove autoconf check for syslimits 2020-07-07 08:00:30 -04:00
Bartosz Duszel
3ebf3cf946 remove autoconf check for getpass 2020-07-07 08:00:30 -04:00
George Kadianakis
118c35b55b Mark some log messages as used by Chutney. 2020-07-07 12:45:29 +03:00
Alexander Færøy
7b2d10700f Use ((x + 7) >> 3) instead of (x >> 3) when converting from bits to bytes.
This patch changes our bits-to-bytes conversion logic in the NSS
implementation of `tor_tls_cert_matches_key()` from using (x >> 3) to
((x + 7) >> 3) since DER bit-strings are allowed to contain a number of
bits that is not a multiple of 8.

Additionally, we add a comment on why we cannot use the
`DER_ConvertBitString()` macro from NSS, as we would potentially apply
the bits-to-bytes conversion logic twice, which would lead to an
insignificant amount of bytes being compared in
`SECITEM_ItemsAreEqual()` and thus turn the logic into being a
prefix match instead of a full match.

The `DER_ConvertBitString()` macro is defined in NSS as:

    /*
    ** Macro to convert der decoded bit string into a decoded octet
    ** string. All it needs to do is fiddle with the length code.
    */
    #define DER_ConvertBitString(item)            \
        {                                         \
            (item)->len = ((item)->len + 7) >> 3; \
        }

Thanks to Taylor Yu for spotting this problem.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
06f1e959c2 Add constness to length variables in tor_tls_cert_matches_key.
We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
`tor_tls_cert_matches_key` to ensure that we don't accidentally alter
the variables.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
b46984e97e Fix out-of-bound memory read in tor_tls_cert_matches_key() for NSS.
This patch fixes an out-of-bound memory read in
`tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS
instead of OpenSSL.

The NSS library stores some length fields in bits instead of bytes, but
the comparison function found in `SECITEM_ItemsAreEqual()` needs the
length to be encoded in bytes. This means that for a 140-byte,
DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key
in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120
bytes instead of 140 (140bytes * 8bits = 1120bits).

This patch fixes the issue by converting from bits to bytes before
calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to
bits before we leave the function.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
33e1c2e6fd Run tor_tls_cert_matches_key() Test Suite with both OpenSSL and NSS.
This patch lifts the `tor_tls_cert_matches_key()` tests out of the
OpenSSL specific TLS test suite and moves it into the generic TLS test
suite that is executed for both OpenSSL and NSS.

This patch is largely a code movement, but we had to rewrite parts of
the test to avoid using OpenSSL specific data-types (such as `X509 *`)
and replace it with the generic Tor abstraction type
(`tor_x509_cert_impl_t *`).

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00