Commit Graph

3505 Commits

Author SHA1 Message Date
Nick Mathewson
bb23ad3e47 Merge remote-tracking branch 'teor/feature17863' 2015-12-16 08:48:28 -05:00
Nick Mathewson
c4df0c9f52 ... and fix the linux backtrace_symbols{,_fd} calls 2015-12-16 08:20:53 -05:00
teor (Tim Wilson-Brown)
e54e71fb6b Limit IPv6 mask bits to 128 2015-12-16 08:51:34 +11:00
Nick Mathewson
aba39ea390 Merge branch 'feature8195_small_squashed' 2015-12-15 13:11:06 -05:00
Nick Mathewson
405a8d3fb4 Update KeepCapabilities based on comments from asn
* The option is now KeepBindCapabilities
* We now warn if the user specifically asked for KeepBindCapabilities
  and we can't deliver.
* The unit tests are willing to start.
* Fewer unused-variable warnings.
* More documentation, fewer misspellings.
2015-12-15 13:10:57 -05:00
Nick Mathewson
e8cc839e41 Add ability to keep the CAP_NET_BIND_SERVICE capability on Linux
This feature allows us to bind low ports when starting as root and
switching UIDs.

Based on code by David Goulet.

Implement feature 8195
2015-12-15 13:10:57 -05:00
Nick Mathewson
a7d44731d9 Merge remote-tracking branch 'teor/feature4483-v10-squashed' 2015-12-15 12:57:57 -05:00
teor (Tim Wilson-Brown)
35bbf2e4a4 Prop210: Add schedules for simultaneous client consensus downloads
Prop210: Add attempt-based connection schedules

Existing tor schedules increment the schedule position on failure,
then retry the connection after the scheduled time.

To make multiple simultaneous connections, we need to increment the
schedule position when making each attempt, then retry a (potentially
simultaneous) connection after the scheduled time.

(Also change find_dl_schedule_and_len to find_dl_schedule, as it no
longer takes or returns len.)

Prop210: Add multiple simultaneous consensus downloads for clients

Make connections on TestingClientBootstrapConsensus*DownloadSchedule,
incrementing the schedule each time the client attempts to connect.

Check if the number of downloads is less than
TestingClientBootstrapConsensusMaxInProgressTries before trying any
more connections.
2015-12-16 04:37:49 +11:00
Nick Mathewson
fec5aa75f4 Merge branch 'maint-0.2.7' 2015-12-15 11:55:46 -05:00
cypherpunks
07cca627ea Fix backtrace compilation on FreeBSD
On FreeBSD backtrace(3) uses size_t instead of int (as glibc does). This
causes integer precision loss errors when we used int to store its
results.

The issue is fixed by using size_t to store the results of backtrace(3).

The manual page of glibc does not mention that backtrace(3) returns
negative values. Therefore, no unsigned integer wrapping occurs when its
result is stored in an unsigned data type.
2015-12-15 11:52:00 -05:00
cypherpunks
e91ccbb4f6 Remove obsolete INLINE preprocessor definition
The INLINE keyword is not used anymore in favor of inline.

Windows only supports __inline so an inline preprocessor definition is
still needed.
2015-12-15 11:34:00 -05:00
cypherpunks
824a6a2a90 Replace usage of INLINE with inline
This patch was generated using;

  sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
2015-12-15 11:34:00 -05:00
Nick Mathewson
f3ed5ec0ca Fix a pair of dead assignments 2015-12-11 09:35:43 -05:00
Jamie Nguyen
08c7ceb5df Permit filesystem group to be root 2015-12-10 20:00:06 -05:00
Nick Mathewson
4d13cc69ce make stack-protector happy 2015-12-10 11:50:02 -05:00
Nick Mathewson
390d3fa3af add a static 2015-12-10 09:43:55 -05:00
Nick Mathewson
ce3b7ddb54 improve a comment in memwipe 2015-12-10 09:03:47 -05:00
Nick Mathewson
7186e2a943 Merge remote-tracking branch 'public/feature17694_strongest_027' 2015-12-10 09:02:10 -05:00
Nick Mathewson
631e3517e3 Mark a couple more arguments as unused. 2015-12-09 11:58:32 -05:00
Nick Mathewson
3843c6615c Small cleanups and comment fixes to rng functions. 2015-12-09 09:15:57 -05:00
Nick Mathewson
3a69fcb01f try a little harder with getrandom types to avoid warnings 2015-12-09 08:31:29 -05:00
Nick Mathewson
0df014edad mark a variable unused. 2015-12-08 17:17:17 -05:00
Nick Mathewson
b701b7962b Fix comment switcheroo. Spotted by skruffy 2015-12-08 12:53:51 -05:00
Nick Mathewson
7f074e08d8 Merge branch 'feature13696_squashed' 2015-12-08 12:35:26 -05:00
Yawning Angel
353c71516e Add support for getrandom() and getentropy() when available
Implements feature #13696.
2015-12-08 12:34:53 -05:00
Nick Mathewson
2259de0de7 Always hash crypto_strongest_rand() along with some prng
(before using it for anything besides feeding the PRNG)

Part of #17694
2015-12-08 10:54:42 -05:00
teor (Tim Wilson-Brown)
021958934f Consistently ignore multicast in internal reject private exit policies
Consistently ignore multicast addresses when automatically
generating reject private exit policies.

Closes ticket 17763. Bug fix on 10a6390deb,
not in any released version of Tor. Patch by "teor".
2015-12-07 14:46:19 +11:00
Jeremy
b3639c8291 src/common/compat.c:tor_vasprintf() - vsnprintf() was properly checked but tor_vsnprintf() available so why not use it? 2015-12-01 13:00:58 -05:00
Jeremy
fcc6541fde src/common/compat.c:tor_vasprintf() - changed vsnprintf() to tor_vsnprintf() which ensures string is null terminated. 2015-12-01 12:27:29 -05:00
Nick Mathewson
eedef41944 use sockaddr_storage for stack-allocated sockets in ersatz socketpair 2015-11-27 11:52:59 -05:00
Nick Mathewson
f108be7c25 Make SIZEOF_SOCKADDR return socklen_t to avoid bad compares. 2015-11-27 11:48:54 -05:00
Nick Mathewson
a45aacd2e2 Use uint16_t, not in_port_t (which does not exist on Windows). See #17638. 2015-11-27 11:39:03 -05:00
Nick Mathewson
e5754c42d1 Merge branch 'bug17686_v2_027' 2015-11-25 22:33:49 -05:00
Nick Mathewson
1cfa2bc859 Fix documentation for crypto_rand* 2015-11-25 22:29:59 -05:00
Nick Mathewson
ddcbe26474 Now that crypto_rand() cannot fail, it should return void. 2015-11-25 22:29:59 -05:00
Nick Mathewson
10fdee6285 Add crypto-initializer functions to those whose return values must be checked 2015-11-25 22:29:59 -05:00
Nick Mathewson
dedea28c2e Make crypto_seed_rng() and crypto_rand() less scary.
These functions must really never fail; so have crypto_rand() assert
that it's working okay, and have crypto_seed_rng() demand that
callers check its return value.  Also have crypto_seed_rng() check
RAND_status() before returning.
2015-11-25 22:29:59 -05:00
teor (Tim Wilson-Brown)
b1b8f7982e Check the return value of HMAC in crypto.c and assert on error
Fixes bug #17658; bugfix on commit in fdbb9cdf74 (11 Oct 2011)
in tor version 0.2.3.5-alpha-dev.
2015-11-26 10:46:36 +11:00
Nick Mathewson
45caeec9a0 Merge remote-tracking branch 'teor/comments-20151123' 2015-11-25 09:08:15 -05:00
Nick Mathewson
7194d3d957 Tweak gtank's sha512 patch a little 2015-11-25 09:04:17 -05:00
George Tankersley
695412302b implement teor's comments 2015-11-24 02:17:37 +00:00
George Tankersley
ff54cc8481 add SHA512 support to crypto 2015-11-24 01:34:28 +00:00
teor (Tim Wilson-Brown)
5b2adfb3d4 Fix comments to describe actual return values (crypto.c) 2015-11-23 20:31:57 +11:00
teor (Tim Wilson-Brown)
84d1373ba0 Fix typo in comment on crypto_add_spaces_to_fp 2015-11-23 18:59:11 +11:00
teor (Tim Wilson-Brown)
604d3ee48d Comment only: crypto_seed_rng no longer has a "startup" parameter 2015-11-23 10:26:07 +11:00
Nick Mathewson
cbc1b8a4f7 fix "make check-spaces" 2015-11-20 10:52:56 -05:00
teor (Tim Wilson-Brown)
53ec840bdf Make tor_ersatz_socketpair work on IPv6-only systems
(But it won't work on some systems without IPv4/IPv6 localhost
(some BSD jails) by design, to avoid creating sockets on routable
IP addresses. However, those systems likely have the AF_UNIX socketpair,
which tor prefers.)

Fixes bug #17638; bugfix on a very early tor version,
earlier than 22dba27d8d (23 Nov 2004) / svn:r2943.

Patch by "teor".
2015-11-19 19:08:22 +11:00
teor (Tim Wilson-Brown)
878b5738c2 Update comments in get_interface_addresses_ioctl
Comment-only change noting platforms that can return IPv6
addresses from SIOCGIFCONF (or SIOCGLIFCONF).
2015-11-18 23:30:25 +11:00
Nick Mathewson
7a940fac1c appease check-spaces 2015-11-13 13:46:47 -05:00
Nick Mathewson
d467227323 Merge remote-tracking branch 'public/ticket11150_client_only' 2015-11-13 09:58:16 -05:00
Nick Mathewson
accb726db6 Remove a little duplicated code in TAP key expansion
patch from pfrankw; closes 17587.
2015-11-13 09:46:32 -05:00
Nick Mathewson
d20a3d07e3 Merge branch 'karsten_bug13192_026_03_teor' 2015-11-12 11:40:58 -05:00
Nick Mathewson
1f7ba115a4 Rename cast_double_to_int64 to clamp_double_to_int64 2015-11-12 11:33:48 -05:00
Nick Mathewson
0694263b75 Make round_to_next_multiple_of always round upwards.
Yes, even if it has to return a non-multiple.  This prevents us from
ever having a bug where we try to use it for allocation, and under-allocate.
2015-11-12 11:32:14 -05:00
Nick Mathewson
05c34b3330 appease check-spaces 2015-11-10 10:40:19 -05:00
Nick Mathewson
39e8fa81f7 every version of openssl we support has SSL_get_state 2015-11-10 10:14:58 -05:00
Nick Mathewson
3aebeeffa5 Every openssl we support has ERR_remove_thread_state 2015-11-10 10:13:04 -05:00
Nick Mathewson
c32a43a4d2 Move openssl version compatibility defines into a new header. 2015-11-10 10:02:21 -05:00
Yawning Angel
3e3ec750cd Fix compilation with OpenSSL 1.1.0-dev.
OpenSSL changed the API:
 * 5998e29035
 * b0700d2c8d
2015-11-06 19:02:56 +00:00
Nick Mathewson
5e9f2384cf Fix various coverity-found issues 2015-10-21 16:01:29 -04:00
Nick Mathewson
f217b24e05 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 12:03:04 -04:00
Nick Mathewson
4fb4906975 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.7 2015-10-21 12:02:42 -04:00
Nick Mathewson
9459ae260e Fix the return value 2015-10-21 12:01:05 -04:00
Nick Mathewson
895a98dbaf Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 11:53:00 -04:00
Nick Mathewson
b809c265e7 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.7 2015-10-21 11:51:03 -04:00
Nick Mathewson
35bf07b8d6 Check for len < 4 in dn_indicates_v3_cert
Without this check, we potentially look up to 3 characters before
the start of a malloc'd segment, which could provoke a crash under
certain (weird afaik) circumstances.

Fixes 17404; bugfix on 0.2.6.3-alpha.
2015-10-21 11:44:43 -04:00
Nick Mathewson
2461ea1faa Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 08:17:34 -04:00
Nick Mathewson
542cc8a5ff Fix a memory leak; bug 17398. 2015-10-21 08:17:07 -04:00
Nick Mathewson
a5ed8b1667 Fix compilation of sandbox.[ch] under musl-libc
Patch from jamestk; fix on 0.2.5.1-alpha. Fixes 17347.
2015-10-15 10:37:41 -04:00
Nick Mathewson
fa4a81518a Merge branch 'bug17347' 2015-10-15 10:36:29 -04:00
Nick Mathewson
50148dc45d Fix compilation of sandbox.[ch] under musl-libc
Patch from jamestk; fix on 0.2.5.1-alpha. Fixes 17347.
2015-10-15 10:35:45 -04:00
Nick Mathewson
5bd3290df3 Remove workaround code for broken client-side renegotiation
Since 11150 removed client-side support for renegotiation, we no
longer need to make sure we have an openssl/TLSvX combination that
supports it (client-side)
2015-10-07 10:16:37 -04:00
Nick Mathewson
6505d529a5 Remove client-side support for detecting v1 handshake
Fixes more of 11150
2015-10-07 10:13:39 -04:00
Nick Mathewson
2ad6e1bb0e Make the mis-named V2_HANDSHAKE_SERVER/CLIENT macros always-on.
They selected the V2 handshake *and* the V3 handshake, in a strange
mixture.  Both handshakes have been mandatory for a long time.
2015-10-07 10:07:29 -04:00
Nick Mathewson
bd1a137893 Remove the client-side code for the v1 and v2 tls handshakes.
(This is safe since super-old Tor servers are no longer allowed on
the network.)

Closes the client-side part of 11150.
2015-10-07 10:04:12 -04:00
Nick Mathewson
5a5112f701 Fix "make check-spaces" 2015-10-07 09:34:02 -04:00
Nick Mathewson
cec2bc435e Merge remote-tracking branch 'twstrike/procmon_tests'
Conflicts:
	src/test/include.am
	src/test/log_test_helpers.c
	src/test/log_test_helpers.h
2015-10-07 09:32:51 -04:00
Nick Mathewson
41782bf3ac Merge remote-tracking branch 'tvdw/fix-16563' 2015-10-06 10:57:31 -04:00
Nick Mathewson
bfd9dccdb8 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-06 09:06:57 -04:00
Nick Mathewson
1eb838b303 Work around openssl declaring x509_get_not{Before,After} as functions
Now that x509_get_not{Before,After} are functions in OpenSSL 1.1
(not yet releasesd), we need to define a variant that takes a const
pointer to X509 and returns a const pointer to ASN1_time.

Part of 17237. I'm not convinced this is an openssl bug or a tor
bug. It might be just one of those things.
2015-10-06 09:04:37 -04:00
rl1987
b216340d75 Fix compilation failure when SSL_SESSION_get_master_key() is provided by OpenSSL. 2015-10-05 21:56:27 +03:00
Ola Bini
ca927b7f63
Fix spaces 2015-10-05 13:42:43 -05:00
Tom van der Woerdt
c44a94606a Use __FUNCTION__ instead of __PRETTY_FUNCTION__
Fixes ticket #16563
2015-10-04 19:55:38 +02:00
Nick Mathewson
0ead9a58b9 Avoid warnings in tortls.h includes 2015-10-02 15:57:33 +02:00
Nick Mathewson
11e3db3ee8 clean up whitespace 2015-10-02 15:13:19 +02:00
Nick Mathewson
b5aa257d46 Fix "make check-spaces" 2015-10-02 14:33:54 +02:00
Nick Mathewson
39901bd408 Make test_tortls compile without warnings 2015-10-02 14:20:28 +02:00
Nick Mathewson
086c33ea61 Merge remote-tracking branch 'twstrike/tortls_tests' 2015-10-02 14:12:27 +02:00
Nick Mathewson
0e03a0421e Fix check-spaces complaints 2015-10-02 13:22:00 +02:00
Nick Mathewson
3b09322c9b Merge remote-tracking branch 'sebastian/bug17026' 2015-10-02 13:15:36 +02:00
Nick Mathewson
ac8c5ec67a Clean up compat_libevent tests 2015-10-02 13:13:58 +02:00
Nick Mathewson
f774813129 Merge remote-tracking branch 'twstrike/compat_libevent_tests' 2015-10-02 12:56:37 +02:00
Peter Palfrader
335af6fed8 Document syslog_identity_tag for add_syslog_log 2015-09-30 18:34:15 +02:00
Peter Palfrader
1cf0d82280 Add SyslogIdentityTag
When logging to syslog, allow a tag to be added to the syslog identity
("Tor"), i.e. the string prepended to every log message.  The tag can be
configured by setting SyslogIdentityTag and defaults to none.  Setting
it to "foo" will cause logs to be tagged as "Tor-foo".  Closes: #17194.
2015-09-30 18:34:15 +02:00
teor (Tim Wilson-Brown)
7fa102b487 Add checks and unit tests for get_interface_address* failure
Ensure that either a valid address is returned in address pointers,
or that the address data is zeroed on error.

Ensure that free_interface_address6_list handles NULL lists.

Add unit tests for get_interface_address* failure cases.

Fixes bug #17173.
Patch by fk/teor, not in any released version of tor.
2015-09-29 10:17:05 +02:00
Fabian Keil
3ea834ce0a get_interface_address6_list(): Bring back a return code check
... that was removed by 31eb486c46 which first appeared in
0.2.7.3-rc.

If tor is running in a ElectroBSD (or FreeBSD) jail it can't
get any IP addresses that aren't assigned to the jail by
looking at the interfaces and (by design) the
get_interface_address6_via_udp_socket_hack() fallback doesn't
work either.

The missing return code check resulted in tor_addr_is_internal()
complaining about a "non-IP address of type 49", due to reading
uninitialised memory.

Fixes #17173.
2015-09-29 10:17:00 +02:00
Nick Mathewson
c84f3c9177 Merge remote-tracking branch 'public/bug17047' 2015-09-16 08:46:13 -04:00
teor (Tim Wilson-Brown)
a659a3fced Merge branch 'bug17027-reject-private-all-interfaces-v2' into bug16069-bug17027
src/test/test_policy.c:
Merged calls to policies_parse_exit_policy by adding additional arguments.
fixup to remaining instance of ~EXIT_POLICY_IPV6_ENABLED.
Compacting logic test now produces previous list length of 4, corrected this.

src/config/torrc.sample.in:
src/config/torrc.minimal.in-staging:
Merged torrc modification dates in favour of latest.
2015-09-16 09:09:54 +10:00
teor (Tim Wilson-Brown)
098b82c7b2 ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses
ExitPolicyRejectPrivate now rejects more local addresses by default:
 * the relay's published IPv6 address (if any), and
 * any publicly routable IPv4 or IPv6 addresses on any local interfaces.

This resolves a security issue for IPv6 Exits and multihomed Exits that
trust connections originating from localhost.

Resolves ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-16 02:56:50 +10:00
Ola Bini
5b43ecf2b3
Fix procmon_new to correctly use zeroed memory - otherwise it can blow up if the free call by mistake works on something that is allocated 2015-09-15 18:44:53 +02:00
Ola Bini
9985a62a67
Add tests for compat_libevent 2015-09-15 17:20:44 +02:00
Ola Bini
94e5db3dca
Add tests for tortls.c 2015-09-15 17:09:18 +02:00
teor (Tim Wilson-Brown)
d3358a0a05 ExitPolicy accept6/reject6 produces IPv6 wildcard addresses only
In previous versions of Tor, ExitPolicy accept6/reject6 * produced
policy entries for IPv4 and IPv6 wildcard addresses.

To reduce operator confusion, change accept6/reject6 * to only produce
an IPv6 wildcard address.

Resolves bug #16069.

Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
e033d5e90b Ignore accept6/reject6 IPv4, warn about unexpected rule outcomes
When parsing torrc ExitPolicies, we now warn if:
  * an IPv4 address is used on an accept6 or reject6 line. The line is
    ignored, but the rest of the policy items in the list are used.
    (accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.)
  * a "private" address alias is used on an accept6 or reject6 line.
    The line filters both IPv4 and IPv6 private addresses, disregarding
    the 6 in accept6/reject6.

When parsing torrc ExitPolicies, we now issue an info-level message:
  * when expanding an accept/reject * line to include both IPv4 and IPv6
    wildcard addresses.

In each instance, usage advice is provided to avoid the message.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:03 +10:00
teor (Tim Wilson-Brown)
31eb486c46 Add get_interface_address[6]_list for a list of interface IP addresses
Add get_interface_address[6]_list by refactoring
get_interface_address6. Add unit tests for new and existing functions.

Preparation for ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-15 17:04:18 +10:00
teor (Tim Wilson-Brown)
60312dc08b Update comments about ExitPolicy parsing
Fix incomplete and incorrect comments.

Comment changes only.
2015-09-14 11:12:28 +10:00
Nick Mathewson
902517a7c0 Use SSL_get_client_ciphers() on openssl 1.1+, not SSL_get_ciphers...
(which isn't correct.)

Fixes bug 17047; bugfix on 0.2.7.2-alpha, introduced by the merge in
0030765e04, apparently.
2015-09-13 11:51:51 -04:00
Sebastian Hahn
46e22762fa Keep unused smartlist storage zeroed
Helps catch bugs with our smartlist usage and shouldn't be too
expensive. If it shows up in profiles we can re-investigate.
2015-09-09 15:23:25 +02:00
Nick Mathewson
280672bdbc Handle negative inputs to crypto_random_time_range().
(These inputs are possible when Shadow starts the world at time_t 0,
and breaks our assumption that Tor didn't exist in the 1970s.)

Fixes regression introduced in 241e6b09. Fixes #16980.
2015-09-08 10:22:01 -04:00
Sebastian Hahn
5cf24ff3af Fix a bunch of check-spaces complaints 2015-08-21 10:36:53 -04:00
Sebastian Hahn
32220d38c0 Ensure worker threads actually exit when it is time
This includes a small refactoring to use a new enum (workqueue_reply_t)
for the return values instead of just ints.
2015-08-21 10:36:53 -04:00
Nick Mathewson
eafae7f677 Merge branch 'decouple_controller_events_squashed' 2015-08-18 08:56:31 -04:00
Nick Mathewson
087cf882c6 Log meaningful messages before failing on windows with threadlocal. 2015-08-18 08:56:24 -04:00
Nick Mathewson
3d9952a3b1 Improve threadlocal documentation 2015-08-18 08:56:24 -04:00
Nick Mathewson
e8fe77530a Add comments for thread-local storage functions 2015-08-18 08:56:23 -04:00
Nick Mathewson
9ec94f1d22 Use thread-local storage to block event_queue recursion. 2015-08-18 08:56:23 -04:00
Nick Mathewson
f724b2e5aa Merge remote-tracking branch 'public/bug16741_026' 2015-08-17 14:40:27 -04:00
Nick Mathewson
5fe18bcf54 Merge remote-tracking branch 'yawning/feature16533' 2015-08-17 14:16:20 -04:00
Nick Mathewson
216bde38e0 Fix some types on container fns 2015-08-13 22:14:14 -04:00
Yawning Angel
78fad380cd Use ed25519-donna's batch verification support when applicable.
The code was always in our Ed25519 wrappers, so enable it when using
the ed25519-donna backend, and deal with the mocking related
crypto_rand silliness.

Implements feature 16533.
2015-08-12 16:01:28 +00:00
Yawning Angel
af898f5475 Add crypto_rand_unmocked, which is crypto_rand without mocking.
There is odd issues with calling crypto_rand from our copy of
ed25519-donna, due to mocking that are not easily resolved.
2015-08-12 15:57:05 +00:00
Nick Mathewson
da04fed865 Merge branch 'bug16389_027_03_squashed' 2015-08-11 09:34:55 -04:00
David Goulet
c265621a52 Fix typo in comment about digest256map_t
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11 09:34:41 -04:00
Nick Mathewson
69f7f9b0d4 Fix windows compilation 2015-08-11 09:09:06 -04:00
Nick Mathewson
81e0fd8360 Merge remote-tracking branch 'public/feature16734' 2015-08-10 15:14:49 -04:00
Nick Mathewson
720a9ccb2f Check for EINTR correctly on windows
(even though these are nonblocking calls and EINTR shouldn't be possible).

Also, log what error we're seing if drain_fn fails.
2015-08-07 09:12:33 -04:00
Nick Mathewson
50049df0d4 Add a compat function to check how much disk space is free.
Closes ticket 16734.
2015-08-05 14:01:49 -04:00
David Goulet
79798a2363 Set the open file limit to the current value before changing it
If setrlimit() failed, max_out wasn't set in set_max_file_descriptors()
ending in a state where we don't use ULIMIT_BUFFER for things like tor
private key files.

Also fix the set_max_file_descriptors() documentation.

Fixes #16274

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-05 13:17:33 -04:00
cypherpunks
b3ea3c8e2f Switch order of unblocking threads and releasing the mutex.
According to POSIX, the mutex must be locked by the thread calling the signal
functions to ensure predictable scheduling behavior.

Found the issue using Helgrind which gave the warning `dubious: associated lock
is not held by any thread`.
2015-08-04 13:35:02 -04:00
Nick Mathewson
347fe449fe Move formatting functions around.
The base64 and base32 functions used to be in crypto.c;
crypto_format.h had no header; some general-purpose functions were in
crypto_curve25519.c.

This patch makes a {crypto,util}_format.[ch], and puts more functions
there.  Small modules are beautiful!
2015-07-31 11:21:34 -04:00
David Goulet
8c83e8cec0 Add get_max_sockets() and remove dead code
The control port was using set_max_file_descriptors() with a limit set to 0
to query the number of maximum socket Tor can use. With the recent changes
to that function, a check was introduced to make sure a user can not set a
value below the amount we reserved for non socket.

This commit adds get_max_sockets() that returns the value of max_sockets so
we can stop using that "setter" function to get the current value.

Finally, the dead code is removed that is the code that checked for limit
equal to 0. From now on, set_max_file_descriptors() should never be used
with a limit set to 0 for a valid use case.

Fixes #16697

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-30 15:21:12 -04:00
Nick Mathewson
beac91cf08 Wrap windows-only C files in #ifdef _WIN32
This should make some scripts and IDEs happier.
2015-07-30 11:14:15 -04:00
Yawning Angel
da6aa7bfa5 Allow a single trailing . when validating FQDNs from SOCKS.
URI syntax (and DNS syntax) allows for a single trailing `.` to
explicitly distinguish between a relative and absolute
(fully-qualified) domain name. While this is redundant in that RFC 1928
DOMAINNAME addresses are *always* fully-qualified, certain clients
blindly pass the trailing `.` along in the request.

Fixes bug 16674; bugfix on 0.2.6.2-alpha.
2015-07-27 12:58:40 +00:00
Nick Mathewson
3c2eefac2e Fix a couple more msvc issues, reported by gisle vanem 2015-07-23 12:01:57 -04:00
Nick Mathewson
382c27d8a9 Merge branch 'ticket2325_squashed' 2015-07-22 12:24:21 -04:00
cypherpunks
3b3b447f75 Fix some potential memory leaks in the thread pool code. 2015-07-21 13:57:53 -04:00
Nick Mathewson
7521c3ee91 Document the torrc format as thoroughly as possible
Closes ticket 2325
2015-07-20 12:05:44 -04:00
Nick Mathewson
b5cfcb2045 Fix most check-spaces issues 2015-07-16 11:10:14 -04:00
Nick Mathewson
8cb5070376 Use C99 variadic macros when not on GCC.
1) We already require C99.

2) This allows us to support MSVC again (thanks to Gisle Vanem for
   this part)

3) This change allows us to dump some rotten old compatibility code
   from log.c
2015-07-15 14:43:35 -04:00
Nick Mathewson
3c28d95ca7 Add more EINVAL errno setting on key read failures
Teor found these.  This is for part of #16582.
2015-07-15 10:35:29 -04:00
Nick Mathewson
b566cb9e84 Make file-reading and key-reading preserve errno
This is an important part of #16582.
2015-07-14 10:18:52 -04:00
Nick Mathewson
19f9803f8e Okay, this time it was my fault 2015-07-12 15:44:43 -04:00
Nick Mathewson
58cd21f601 Fine, mingw! fine! are you happy now?? 2015-07-12 15:30:35 -04:00
Nick Mathewson
7ed477786c This should be the last SecureZeroMemory fix 2015-07-12 15:14:52 -04:00
Nick Mathewson
9f21c85e04 Dammit, autoconf! 2015-07-12 15:02:43 -04:00
Nick Mathewson
db88d91ebe Nth time is maybe the charm for fixing windows readpassword build errors 2015-07-12 14:34:11 -04:00
Nick Mathewson
de397d57c9 note some dead code in set_max_file_descriptors 2015-07-11 16:53:32 -04:00
Nick Mathewson
d18215ed16 Try one more one more time to get tor-ci-windows working
Apparently its mingw headers are missing some stuff.
2015-07-10 09:59:29 -04:00
Nick Mathewson
ad0d181854 Attempt yet again to make the tor-ci-windows builder happy 2015-07-10 09:16:32 -04:00
Nick Mathewson
a6a0759e3a Merge remote-tracking branch 'yawning/feature16467_9663' 2015-07-09 12:53:55 -04:00
teor
57c61f39a0 Always use the sandbox in tor_open_cloexec
Use the sandbox in tor_open_cloexec, whether or not O_CLOEXEC is defined.
Patch by "teor". Fix on 0.2.3.1-alpha.
2015-07-08 02:17:31 +10:00
Yawning Angel
840e68d917 Integrate and enable ed25519-donna.
The runtime sanity checking is slightly different from the optimized
basepoint stuff in that it uses a given implementation's self tests if
available, and checks if signing/verification works with a test vector
from the IETF EdDSA draft.

The unit tests include a new testcase that will fuzz donna against ref0,
including the blinding and curve25519 key conversion routines.  If this
is something that should be done at runtime (No?), the code can be
stolen from there.

Note: Integrating batch verification is not done yet.
2015-07-06 10:11:10 +00:00
Yawning Angel
f079c27761 Integrate the accelerated Curve25519 scalar basemult.
Integration work scavanged from nickm's `ticket8897_9663_v2` branch,
with minor modifications.  Tor will still sanity check the output but
now also attempts to catch extreme breakage by spot checking the
optimized implementation vs known values from the NaCl documentation.

Implements feature 9663.
2015-07-06 09:57:23 +00:00
Yawning Angel
0f3eeca9b8 Integrate ed25519-donna (Not yet used).
Integrate ed25519-donna into the build process, and provide an
interface that matches the `ref10` code.  Apart from the blinding and
Curve25519 key conversion, this functions as a drop-in replacement for
ref10 (verified by modifying crypto_ed25519.c).

Tests pass, and the benchmarks claim it is quite a bit faster, however
actually using the code requires additional integration work.
2015-07-06 09:40:28 +00:00
Nick Mathewson
877354a9af Try a little harder to fix the tor-ci-windows builder, or figure out why it is broke 2015-06-29 16:09:37 -04:00
Nick Mathewson
753797391f More tweaks for windows compilation. (ick) 2015-06-29 13:47:44 -04:00
Nick Mathewson
d9052c629b Remove checks for visual C 6. 2015-06-29 12:55:03 -04:00
Nick Mathewson
229bb7e50f Fix some compilation issues. 2015-06-27 14:27:00 -04:00
Nick Mathewson
3149bfc254 Merge branch 'bug16288_027_03_squashed' 2015-06-25 11:30:52 -04:00
David Goulet
699acd8d54 Validate the open file limit when creating a socket
Fixes #16288

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-25 11:30:47 -04:00
Nick Mathewson
07e1e754f3 Merge branch 'readpassphrase_v2' 2015-06-25 10:53:13 -04:00
Nick Mathewson
272229ff5d Remove janky getpass implementations 2015-06-25 10:52:47 -04:00
Nick Mathewson
a64f2d167e Add a getpass implementation for windows that won't totally suck
The logic here is inspired by Python's win_getpass(), which I'm
assuming is better than nothing.
2015-06-25 10:52:47 -04:00
Yawning Angel
3f336966a2 Work around nytimes.com's broken hostnames in our SOCKS checks.
RFC 952 is approximately 30 years old, and people are failing to comply,
by serving A records with '_' as part of the hostname.  Since relaxing
the check is a QOL improvement for our userbase, relax the check to
allow such abominations as destinations, especially since there are
likely to be other similarly misconfigured domains out there.
2015-06-24 13:52:29 +00:00
Nick Mathewson
b9b658e727 Add the openssh 6.8p1 readpassphrase implementation
This way glibc users don't have to fall back to getpass.

Windows users are still out of luck
2015-06-17 10:41:22 -04:00
Nick Mathewson
d68133c745 Merge branch '13642_offline_master_v2_squashed' 2015-06-17 10:12:37 -04:00
Nick Mathewson
cbdf2c5d8f Add a tor_getpass to read passphrases. Needs better backend. 2015-06-17 10:11:18 -04:00
teor
4079d2e0a5 Fix spacing in tortls.c 2015-06-16 03:10:44 +10:00
Nick Mathewson
130a9c0ac8 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-15 10:19:46 -04:00
Nick Mathewson
59fa0c2d99 Fix another seccomp2 issue
Allow pipe() and pipe2() syscalls; we need these when eventfd2()
support is missing. Fixes bug 16363; bugfix on 0.2.6.3-alpha.  Patch
from "teor".
2015-06-15 10:13:11 -04:00
teor
e870f6285d Fix clang address of struct member always non-NULL in SSL master key
clang complains that the address of struct member in an assert in
SSL_SESSION_get_master_key is always non-NULL.
Instead, check each pointer argument is non-NULL before using it.

Fix on f90a704f12 from 27 May 2015, not in any released version of tor.
2015-06-11 01:06:15 +10:00
Nick Mathewson
e48f8e5e87 Merge remote-tracking branch 'public/bug15760_hard_026_v2' 2015-06-02 15:08:14 -04:00
Yawning Angel
8024f6a75f A few more minor OpenSSL 1.1 fixes.
* Use `TLS_method()` instead of the deprecated `SSLv23_method()`
 * Fix one missed conversion to `SSL_CIPHER_get_id()`
2015-06-02 15:04:20 -04:00
Nick Mathewson
34edf17d88 Merge remote-tracking branch 'teor/bug16115-minor-fixes' 2015-06-02 14:51:13 -04:00
Nick Mathewson
e8386cce1c Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-02 14:29:37 -04:00
Peter Palfrader
a68e5323f8 Fix sandboxing to work when running as a relay
This includes correctly allowing renaming secret_id_key and allowing the
eventfd2 and futex syscalls.  Fixes bug 16244; bugfix on 0.2.6.1-alpha.
2015-06-02 14:20:01 -04:00
teor
b3f79da0d5 Silence unused variable warnings in find_cipher_by_id
Unused variable warnings were still generated under some versions of OpenSSL.
Instead, make sure all variables are used under all versions.

Fix on 496df21c89, not in any released version of tor.
2015-06-03 04:19:05 +10:00
teor
b1094fdec5 Fix an incorrect comment on spawn_func
spawn_func calls pthread_create on unix, not fork

Fix on existing code split out of compat.c into
compat_pthreads.c in c2f0d52b7f
2015-06-03 04:18:43 +10:00
Nick Mathewson
0030765e04 Merge remote-tracking branch 'public/bug15760_hard_026_v2'
Conflicts:
	src/common/tortls.c
2015-06-02 13:45:27 -04:00
Nick Mathewson
ff835e2328 Use autoconf, not OPENSSL_VERSION_NUMBER, to detect SSL_CIPHER_find
Repairs build with libressl
2015-06-02 13:38:27 -04:00
Nick Mathewson
f90a704f12 Use accessor functions for client_random/server_random/master_key
If OpenSSL accepts my patch to introduce these functions, they'll
be a way to help Tor work with OpenSSL 1.1.
2015-06-02 13:38:27 -04:00
Andrea Shepard
0e0b65db4f Appease make check-spaces 2015-06-01 12:59:14 +00:00
Nick Mathewson
b66f4cfc9d Merge remote-tracking branch 'origin/maint-0.2.6' 2015-05-28 14:06:01 -04:00
Nick Mathewson
97330ced0c Fix sandbox use with systemd. bug 16212. 2015-05-28 14:05:46 -04:00
Nick Mathewson
7816ba8f1a Add assertions to crypto_dh_dup()
Without these, coverity is annoyed that aren't checking for NULL in bench.c

CID 1293335 -- found by coverity.
2015-05-28 12:27:22 -04:00
Nick Mathewson
a194385d56 Impose an upper limit on threads per threadpool.
Found by Coverity; Fixes CID 1268069
2015-05-28 12:24:29 -04:00
Nick Mathewson
1b52e95028 Merge branch '12498_ed25519_keys_v6'
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28 11:04:33 -04:00
Nick Mathewson
277c9a3580 Note some functions that should move or be merged 2015-05-28 10:47:47 -04:00
Nick Mathewson
55bb7bbafd Tests for AUTHENTICATE cell functionality. 2015-05-28 10:41:50 -04:00
Nick Mathewson
b75361c5ed Start testing cell encoders/processers for the v3 handshake.
An earlier version of these tests was broken; now they're a nicer,
more robust, more black-box set of tests.  The key is to have each
test check a handshake message that is wrong in _one_ way.
2015-05-28 10:41:50 -04:00
Nick Mathewson
006b7ce5ff Fix the position-check for ed25519 certs to work with annotations
When there are annotations on a router descriptor, the
ed25519-identity element won't be at position 0 or 1; it will be at
router+1 or router-1.

This patch also adds a missing smartlist function to search a list for
an item with a particular pointer.
2015-05-28 10:41:49 -04:00
Nick Mathewson
efa21bb941 Implement proposal 228: cross-certification with onion keys
Routers now use TAP and ntor onion keys to sign their identity keys,
and put these signatures in their descriptors.  That allows other
parties to be confident that the onion keys are indeed controlled by
the router that generated the descriptor.
2015-05-28 10:40:57 -04:00
Nick Mathewson
fe5d2477aa Implement ed25519-signed descriptors
Now that we have ed25519 keys, we can sign descriptors with them
and check those signatures as documented in proposal 220.
2015-05-28 10:40:56 -04:00
Nick Mathewson
818e6f939d prop220: Implement certificates and key storage/creation
For prop220, we have a new ed25519 certificate type. This patch
implements the code to create, parse, and validate those, along with
code for routers to maintain their own sets of certificates and
keys.  (Some parts of master identity key encryption are done, but
the implementation of that isn't finished)
2015-05-28 10:40:56 -04:00
Nick Mathewson
9537596398 Stop looking at session->ciphers when possible
If the OpenSSL team accepts my patch to add an
SSL_get_client_ciphers function, this patch will make Tor use it
when available, thereby working better with openssl 1.1.
2015-05-26 11:05:36 -04:00
Nick Mathewson
80082b7185 Remove rectify_client_ciphers as needless.
We previously used this function instead of SSL_set_cipher_list() to
set up a stack of client SSL_CIPHERs for these reasons:

  A) In order to force a particular order of the results.

  B) In order to be able to include dummy entries for ciphers that
     this build of openssl did not support, so we could impersonate
     Firefox harder.

But we no longer do B, since we merged proposal 198 and stopped
lying about what ciphers we know.

And A was actually pointless, since I had misread the implementation
of SSL_set_cipher_list().  It _does_ do some internal sorting, but
that is pre-sorting on the master list of ciphers, not sorting on
the user's preferred order.
2015-05-26 10:56:54 -04:00
Nick Mathewson
44259b8942 Revert "Try using SSL_get_ciphers in place of session->ciphers"
This reverts commit 67964cfa78.

It was the cause of #16153, and was not in any released Tor.  We need
a better solution for getting session->ciphers.
2015-05-26 10:49:04 -04:00
Nick Mathewson
c8024b633e Revert "Try using SSL_get_ciphers in place of session->ciphers"
This reverts commit 67964cfa78.

It was the cause of #16153, and was not in any released Tor.  We need
a better solution for getting session->ciphers.
2015-05-22 10:22:11 -04:00
Yawning Angel
452cebc4a4 Remove support for OpenSSL without ECC.
As OpenSSL >= 1.0.0 is now required, ECDHE is now mandatory.  The group
has to be validated at runtime, because of RedHat lawyers (P224 support
is entirely missing in the OpenSSL RPM, but P256 is present and is the
default).

Resolves ticket #16140.
2015-05-21 17:07:30 +00:00
Nick Mathewson
0b7bf3585a Generate error ASAP if building with too-old openssl 2015-05-21 11:54:13 -04:00
Nick Mathewson
a35d22479b move "version" declaration to avoid "set but not used" warnings 2015-05-21 11:17:18 -04:00
Nick Mathewson
0534d46bda 19:38 < Yawning> nickm: you left the "+#ifndef SSL_clear_mode" block in ;_; 2015-05-20 15:40:42 -04:00
Nick Mathewson
ed02a409cf Merge branch 'bug16034_no_more_openssl_098_squashed'
Conflicts:
	src/test/testing_common.c
2015-05-20 15:33:22 -04:00
Nick Mathewson
f0a0568e7f Stop poking SSL_CTX->comp_methods 2015-05-20 15:27:36 -04:00
Nick Mathewson
e9677c8f8d Drop support for OpenSSLs without AES_CTR 2015-05-20 15:27:36 -04:00
Nick Mathewson
b7f3d52865 Use SSL_CIPHER accessor functions 2015-05-20 15:27:36 -04:00
Nick Mathewson
f8f407d66a Now that OpenSSL 0.9.8 is dead, crypto_seed_rng() needs no args
It needed an argument before because it wasn't safe to call
RAND_poll() on openssl 0.9.8c if you had already opened more fds
than would fit in fd_set.
2015-05-20 15:27:36 -04:00
Nick Mathewson
496df21c89 Use SSL_CIPHER_find where possible. 2015-05-20 15:27:36 -04:00
Nick Mathewson
971f0f8e18 Remove code to support OpenSSL 0.9.8 2015-05-20 15:27:36 -04:00
Nick Mathewson
67964cfa78 Try using SSL_get_ciphers in place of session->ciphers
This should help openssl 1.1.  On pre-1.1, we double-check that these
two methods give us the same list, since the underlying code is awfully
hairy.
2015-05-20 15:27:36 -04:00
Nick Mathewson
2f7c9b6ecb Tweak rectify_client_ciphers to work with openssl 1.1
The key here is to never touch ssl->cipher_list directly, but only
via SSL_get_ciphers().  But it's not so simple.

See, if there is no specialized cipher_list on the SSL object,
SSL_get_ciphers returns the cipher_list on the SSL_CTX.  But we sure
don't want to modify that one!  So we need to use
SSL_set_cipher_list first to make sure that we really have a cipher
list on the SSL object.
2015-05-20 15:27:36 -04:00
Nick Mathewson
d55db221e8 tor_tls_get_buffer_sizes() will not work on openssl 1.1. Patch from yawning 2015-05-13 12:12:53 -04:00
Nick Mathewson
34451c7a45 Use SSL_state() to inspect the state of SSL objects. 2015-05-13 11:34:10 -04:00
Nick Mathewson
22da5001b5 Use SSL_clear_mode where available. 2015-05-13 11:24:47 -04:00
Nick Mathewson
92b297bb58 SSL_clear_mode exists; we can use it. 2015-05-13 11:21:38 -04:00
Nick Mathewson
fa63f991c0 Stop accessing 'ssl->s3->flags' when we are using openssl 1.1
This field was only needed to work with the now-long-gone (I hope,
except for some horrible apples) openssl 0.9.8l; if your headers say
you have openssl 1.1, you won't even need it.
2015-05-13 11:19:19 -04:00
Yawning Angel
53a347592a ERR_remove_state() is deprecated since OpenSSL 1.0.0.
OpenSSL 1.1.0 must be built with "enable-deprecated", and compiled with
`OPENSSL_USE_DEPRECATED` for this to work, so instead, use the newer
routine as appropriate.
2015-05-13 11:13:07 -04:00
Nick Mathewson
e086db7952 Merge branch 'writing_tests' 2015-05-07 15:29:56 -04:00
Nick Mathewson
79e85313aa Write the outlines of a WritingTests.txt document
Also, add some sample tests to be examples.
2015-05-07 15:29:16 -04:00
David Goulet
8acccdbeac Add an util function to cast double to int64_t
Use it in the sample_laplace_distribution function to make sure we return
the correct converted value after math operations are done on the input
values.

Thanks to Yawning for proposing a solution.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-06 18:05:16 +10:00
Karsten Loesing
dad5eb7e1f Tweak teor's and dgoulet's #13192 patches.
- Rewrite changes file.
 - Avoid float comparison with == and use <= instead.
 - Add teor's tor_llround(trunc(...)) back to silence clang warnings.
 - Replace tt_assert() with tt_i64_op() and friends.
 - Fix whitespace and a comment.
2015-05-06 18:05:16 +10:00
teor
09cac24373 Handle edge cases in the round_*_to_next_multiple_of functions
Consistently check for overflow in round_*_to_next_multiple_of.

Check all round_*_to_next_multiple_of functions with expected values.
Check all round_*_to_next_multiple_of functions with maximal values.

Related to HS stats in #13192.
2015-05-06 18:05:15 +10:00
teor
6d54bdbdcf Handle edge cases in laplace functions
Avoid division by zero.
Avoid taking the log of zero.
Silence clang type conversion warnings using round and trunc.
The existing values returned by the laplace functions do not change.

Add tests for laplace edge cases.
These changes pass the existing unit tests without modification.

Related to HS stats in #13192.
2015-05-06 18:05:15 +10:00
Yawning Angel
915c7438a7 Add "ADD_ONION"/"DEL_ONION" and "GETINFO onions/*" to the controller.
These commands allow for the creation and management of ephemeral
Onion ("Hidden") services that are either bound to the lifetime of
the originating control connection, or optionally the lifetime of
the tor instance.

Implements #6411.
2015-04-28 10:19:08 -04:00
Nick Mathewson
9a81ed1d23 Fix some RNG function issues 2015-04-23 11:13:51 -04:00
Nick Mathewson
c366e1fa32 Merge remote-tracking branch 'public/remove_old_libevent_autoconf_stuff' 2015-04-23 10:27:01 -04:00
Nick Mathewson
c3894473fe whitespace fixes 2015-04-23 09:36:43 -04:00
Nick Mathewson
241e6b0937 Fix some conversion problems 2015-04-23 09:16:42 -04:00
Nick Mathewson
647b7d37c2 Merge remote-tracking branch 'public/bug15745_027_03' 2015-04-23 09:10:35 -04:00
Nick Mathewson
3acee61422 Merge branch 'feature15652_squashed' 2015-04-23 09:09:33 -04:00
Nick Mathewson
55118d90ca Fix some implicit conversion warnings 2015-04-23 09:09:20 -04:00
Yawning Angel
196499da73 Use a custom Base64 encoder with more control over the output format. 2015-04-23 09:06:58 -04:00
Nick Mathewson
6bf31543dc Make the crypto_rand_int_range return value right-exclusive. 2015-04-21 11:30:21 -04:00
David Goulet
3f41318472 Add crypto_rand_int_range() and use it
Incidently, this fixes a bug where the maximum value was never used when
only using crypto_rand_int(). For instance this example below in
rendservice.c never gets to INTRO_POINT_LIFETIME_MAX_SECONDS.

  int intro_point_lifetime_seconds =
    INTRO_POINT_LIFETIME_MIN_SECONDS +
    crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS -
                    INTRO_POINT_LIFETIME_MIN_SECONDS);

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 11:06:12 -04:00
teor
af2b6bdaba Fix spaces in crypto.h and test-memwipe.c 2015-04-15 19:42:41 +10:00
Yawning Angel
ba2485f7df Remove USE_OPENSSL_BASE64 and the associated code.
The alternative has been available since 2007, there's no way to
actually enable the ifdef, and it breaks on well formed but not OpenSSL
style inputs.
2015-04-10 09:12:47 +00:00
Yawning Angel
38c8e0bfc5 Fix the windows test failure caused by the #15435 changes. 2015-04-02 03:25:51 +00:00
Nick Mathewson
d366c3354f Merge branch 'remove_digests' 2015-04-01 13:53:03 -04:00
Nick Mathewson
cd8f13b5cb Merge branch 'bug13736' 2015-04-01 13:46:50 -04:00
Nick Mathewson
baf24bf4d1 Unindent a block in crypto_set_tls_dh_prime 2015-04-01 13:40:37 -04:00
Nick Mathewson
aa7b792250 Merge remote-tracking branch 'yawning/feature15435' 2015-04-01 13:34:14 -04:00
Nick Mathewson
0ddd8f06a9 Merge remote-tracking branch 'yawning/feature15471' 2015-04-01 12:47:16 -04:00
Nick Mathewson
c66dd17980 Drop support for --digests
This is a fair amount of maintainance burden, and doesn't help much
more than the git microversion.

Closes ticket 14742.
2015-04-01 09:54:20 -04:00
Nick Mathewson
30e933b136 Merge branch 'ticket14710_squashed' 2015-03-31 14:37:09 -04:00
rl1987
a4f89e21a6 Whitebox test for get_interface_address6_via_udp_socket_hack().
Also, fix some whitespace mishaps.
2015-03-31 14:37:02 -04:00
rl1987
92fc728d83 Bugfix: we don't want loopback/multicastaddress from _hack(). 2015-03-31 14:37:02 -04:00
rl1987
a13f944314 Black box test for get_interface_address6_via_udp_socket_hack(). 2015-03-31 14:36:35 -04:00
rl1987
6888523d73 Moving the hacky part of get_interface_address6() into separate function. 2015-03-31 14:36:28 -04:00
Yawning Angel
fa81508eb2 Use prctl() to have the kernel SIGTERM background processes on exit.
This uses a Linux-ism to attempt to always clean up background processes
if possible.  Note that it is not a catch-all, in that executables with
suid/sgid or elevated capabilities will have the prctl() attribute
stripped as part of the execve().

Resolves ticket 15471.
2015-03-26 14:56:14 +00:00
Yawning Angel
fda61e030e Implement "TOR_PT_EXIT_ON_STDIN_CLOSE".
Background processes spawned by Tor now will have a valid stdin.
Pluggable transports can detect this behavior with the aformentioned
enviornment variable, and exit if stdin ever gets closed.
2015-03-26 12:55:12 +00:00
Nick Mathewson
9e80fc8171 Merge remote-tracking branch 'sebastian/coverage_builds' 2015-03-24 15:16:49 -04:00
Nick Mathewson
25c3ff4500 Merge remote-tracking branch 'public/bug15269' 2015-03-24 14:59:09 -04:00
Sebastian Hahn
1228dd293b Disable assertions during coverage builds
This removes roughly 5000 branches in my testing. We never want to
trigger assertions even during tests, so this is sane. Implements #15400.
2015-03-21 02:34:44 +01:00
Sebastian Hahn
348f2744cf Initialize two variables
This is a trivial change to get around two compiler warnings when
assertions are removed during coverage builds.
2015-03-21 02:00:17 +01:00
Nick Mathewson
54d6e5e71e Merge remote-tracking branch 'public/feature15053' 2015-03-18 14:27:00 -04:00
Nick Mathewson
e75e0c7278 Make log.o depend on micro-revision.i
Otherwise micro-revision.i might not get built on time.
2015-03-15 17:09:58 -04:00
Nick Mathewson
7bed9dc73a Avoid double-parens in log_fn() messages on clang.
On clang (and elsewhere?) __PRETTY_FUNCTION__ includes parenthesized
argument lists.  This is clever, but it makes our old "%s(): " format
look funny.

This is a fix on 0957ffeb, aka svn:r288.  Fixes bug 15269.
2015-03-14 14:12:03 -04:00
Nick Mathewson
feca329031 Log version when LD_BUG is logged.
Closes ticket 15026.
2015-03-14 13:50:23 -04:00
cypherpunks
ce9bd4e04c Do not distribute common_sha1.i and or_sha1.i.
These files get generated automatically so there is need to include them in the
distribution.
2015-03-14 13:00:06 -04:00
cypherpunks
5176f6f103 Remove relative paths to header files.
The paths are already in the directory search path of the compiler therefore no
need to include them in the source code.
2015-03-14 13:00:05 -04:00
cypherpunks
7a86d53dee Clean up generated files.
Remove src/or/or_sha1.i and src/common/common_sha1.i on `make clean` and remove
the temporary micro-revision file when its no longer needed.

Additional changes;
- show a message when generating the micro-revision file.
- add the temporary micro revision file to the list of files to be removed on
  `make clean` just in case.
- fix indentation of the make rule to improve readability.
2015-03-14 13:00:04 -04:00
Nick Mathewson
511ca9b91c Remove DynamicDHGroups as obsoleted by PluggableTransports or P256.
Closes ticket 13736.
2015-03-14 12:40:55 -04:00
Nick Mathewson
3a68f2f54e const-ify the new failure vars, and one old one 2015-03-13 09:41:49 -04:00
Nick Mathewson
517e0f965b Remove workarounds for Libevent < 1.3.
This actually lets us dump a lot of old cruft that nobody had (I
hope!) tested in ages.

Closes 15248.
2015-03-12 16:59:05 -04:00
Sebastian Hahn
68e9f364a0 don't init threads as side effect of assertion
Fixes part of bug 15211.
2015-03-12 17:52:37 +01:00
Nick Mathewson
eecd410984 Merge remote-tracking branch 'public/bug15205_025' into maint-0.2.5 2015-03-12 12:27:25 -04:00
Nick Mathewson
2bfdfc849b Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-12 10:06:10 -04:00
Nick Mathewson
192ed94410 Use PTHREAD_CREATE_DETACHED macro instead of 1: fix Solaris crash
When calling pthread_attr_setdetachstate, we were using 1 as the
argument. But the pthreads documentation says that you have to say
PTHREAD_CREATE_DETACH, which on Solaris is apparently 0x40.  Calling
pthread_attr_setdetachstate with 1 crashes on Solaris with FLTBOUNDS.

(Because we're so late in the release cycle, I made the code define
PTHREAD_CREATE_DETACHED if it doesn't exist, so we aren't likely to
break any other platforms.)

This bug was introduced when we made threading mandatory in
0.2.6.1-alpha; previously, we had force-disabled threading on
Solaris.  See #9495 discussion.
2015-03-12 10:03:02 -04:00
Nick Mathewson
985687bc4f Fix check-spaces 2015-03-10 10:10:35 -04:00
Nick Mathewson
e732ec295d Merge commit 'origin/maint-0.2.6^' 2015-03-10 08:36:53 -04:00
Nick Mathewson
1af67d7f72 Merge remote-tracking branch 'public/bug15205_025' into maint-0.2.6 2015-03-09 19:47:12 -04:00
Nick Mathewson
24c031b1a2 Don't use checked strl{cat,cpy} on OSX.
There is a bug in the overlap-checking in strlcat that can crash Tor
servers.  Fixes bug 15205; this is an OSX bug, not a Tor bug.
2015-03-09 15:09:49 -04:00
Nick Mathewson
4ced3b59aa Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 15:19:43 +01:00
Nick Mathewson
de2c5ad815 Revert "Missing dependencies; fixes 15127."
This reverts commit 930ab95e1f.
2015-03-04 15:18:33 +01:00
Nick Mathewson
55e1fe874d Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 12:20:01 +01:00
Nick Mathewson
c5c4ea2db0 Merge remote-tracking branch 'public/bug15088_025' into maint-0.2.6 2015-03-04 12:19:28 +01:00
Nick Mathewson
d5b2cbea10 Add wait4 to the seccomp2 sandbox allowable syscall list
fixes bug 15088. patch from sanic.
2015-03-04 12:18:10 +01:00
Nick Mathewson
6a8550fa3c Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 12:15:10 +01:00
Nick Mathewson
5ad47aafab Merge remote-tracking branch 'public/bug15127_025' into maint-0.2.6 2015-03-04 12:14:17 +01:00
Nick Mathewson
930ab95e1f Missing dependencies; fixes 15127. 2015-03-04 12:09:33 +01:00
Andrea Shepard
d97f43dc8b Fix formatting 2015-03-02 10:24:58 +00:00
Nick Mathewson
0dde4d6fa2 Merge remote-tracking branch 'yawning/bug14922' 2015-02-25 08:56:34 -05:00
Nick Mathewson
a9720b90f8 Fix whitespace from tor_x509_cert rename 2015-02-24 12:03:11 -05:00
Nick Mathewson
f253aef14f Mechanical rename: tor_cert_t -> tor_x509_cert_t 2015-02-24 12:03:10 -05:00
Nick Mathewson
d74a78c58a Merge branch 'bug14950_logs_squashed' 2015-02-23 13:04:03 -05:00
Nick Mathewson
21ac0cd2af Let AF_UNIX connections through the sandbox
Fixes bug 15003; bugfix on 0.2.6.3-alpha.
2015-02-23 12:35:20 -05:00
Nick Mathewson
7a1a0a4cd7 Merge remote-tracking branch 'public/bug14988_025' 2015-02-23 11:33:07 -05:00
Nick Mathewson
aeb38bbdce add another unused-var marker in backtrace.c for 14988 2015-02-23 11:32:04 -05:00
Nick Mathewson
8a9d86bf05 Merge remote-tracking branch 'public/bug11454_11457' 2015-02-20 01:08:12 -05:00
Nick Mathewson
251f6cfcd8 Quiet "caching debian-tor for debian-tor" notice 2015-02-19 12:30:34 -05:00
Yawning Angel
cbd26157c5 Remove tor_strclear(), and replace previous calls with memwipe(). 2015-02-17 18:53:33 +00:00
Nick Mathewson
0b46b08225 Check thread count for negative; realloc->reallocarray
CID 1268069
2015-02-17 08:46:11 -05:00
Nick Mathewson
5d2a23397a Fix a few coverity "Use after NULL check" warnings
Also remove the unit test mocks that allowed get_options() to be
NULL; that's an invariant violation for get_options().
2015-02-16 15:40:15 -05:00
Nick Mathewson
7117959199 Fix deadcode warning in get_interface_addresses_raw().
CID  1268070
2015-02-16 15:28:36 -05:00
Nick Mathewson
2af7bc5b46 Fix a trivial double-close in address.c. CID 1268071 2015-02-16 15:24:13 -05:00
Sebastian Hahn
424edd5710 Don't leak a cond var when starting threads in a pool 2015-02-15 11:21:54 +01:00
Nick Mathewson
5644d92dd7 Merge remote-tracking branch 'sebastian/bug14875' 2015-02-12 14:50:13 -05:00
Sebastian Hahn
c8ce973dc7 Avoid undefined behaviour in ifreq_to_smartlist
This could trigger where _SIZEOF_ADDR_IFREQ() might not return a
multiple of sizeof(void *). Fixes bug 14875; not in any released version
of Tor.
2015-02-12 14:56:47 +01:00
Sebastian Hahn
87a95b0236 Actually get all interface addresses
If we guessed a buffer size too small, we never increased the buffer and
tried again

Also simplify the interface of ifreq_to_smartlist a little
2015-02-12 14:54:39 +01:00
Nick Mathewson
99e915dbfe Merge remote-tracking branch 'public/bug14759' 2015-02-11 15:15:24 -05:00