Commit Graph

1408 Commits

Author SHA1 Message Date
Nick Mathewson
2f8cf524ba Remove the HidServDirV2 and VoteOnHidServDirectoriesV2 options
(Mark them as obsolete)

Closes 16543.
2015-07-10 09:05:26 -04:00
Andrea Shepard
0e0b65db4f Appease make check-spaces 2015-06-01 12:59:14 +00:00
Nick Mathewson
1b52e95028 Merge branch '12498_ed25519_keys_v6'
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28 11:04:33 -04:00
Nick Mathewson
0b819a2a7c Enforce more correspondence between ri and ei
In particular, they have to list the same ed25519 certificate, and
the SHA256 digest of the ei needs to match.
2015-05-28 10:42:29 -04:00
Nick Mathewson
79db24b3d5 Sign extrainfo documents with ed25519
Extrainfo documents are now ed-signed just as are router
descriptors, according to proposal 220.  This patch also includes
some more tests for successful/failing parsing, and fixes a crash
bug in ed25519 descriptor parsing.
2015-05-28 10:42:22 -04:00
Nick Mathewson
efa21bb941 Implement proposal 228: cross-certification with onion keys
Routers now use TAP and ntor onion keys to sign their identity keys,
and put these signatures in their descriptors.  That allows other
parties to be confident that the onion keys are indeed controlled by
the router that generated the descriptor.
2015-05-28 10:40:57 -04:00
Nick Mathewson
fe5d2477aa Implement ed25519-signed descriptors
Now that we have ed25519 keys, we can sign descriptors with them
and check those signatures as documented in proposal 220.
2015-05-28 10:40:56 -04:00
Nick Mathewson
05f7336624 Remove version checks for microdescriptor support
At this point, relays without microdescriptor support are no longer
allowed on the Tor network.
2015-03-24 09:25:35 -04:00
cypherpunks
5176f6f103 Remove relative paths to header files.
The paths are already in the directory search path of the compiler therefore no
need to include them in the source code.
2015-03-14 13:00:05 -04:00
Nick Mathewson
8a9d86bf05 Merge remote-tracking branch 'public/bug11454_11457' 2015-02-20 01:08:12 -05:00
Nick Mathewson
557a0c83f3 Do not try to download an EI for which we don't have a matching SD.
This quiets some log messages for #13762, and adds a better INFO message
for the underlying confusion.
2015-02-19 09:40:36 -05:00
Nick Mathewson
b7b8b9ecf9 Downgrade new extrainfo_insert warnings on startup 2015-02-18 13:41:00 -05:00
Nick Mathewson
e65fe0a747 Improve log messages for diagnosing 13762 2015-02-18 13:05:15 -05:00
Nick Mathewson
96211bcf71 Merge branch 'bug9321_rerebase'
Conflicts:
	src/or/dirvote.h
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-18 09:17:02 -05:00
George Kadianakis
33053d50a0 Final guardfraction preparations for upstream merge.
- Write a changes file.
- Change some logs to lesser severities.
2015-02-18 09:09:34 -05:00
George Kadianakis
b941f109ac Calculate relay weighted bandwidth using guardfraction bandwidths.
Now use the guardfraction function to calculate individual relay
bandwidth weights.
2015-02-18 09:09:34 -05:00
Nick Mathewson
caf28519d9 Merge branch 'bug12844'
Conflicts:
	src/or/circuituse.c
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-11 15:06:04 -05:00
Nick Mathewson
034e2788f8 whitespace fixes 2015-01-23 11:18:28 -05:00
Nick Mathewson
6c443e987d Tweak the 9969 fix a little
If we have busy nodes and excluded nodes, then don't retry with the
excluded ones enabled.  Instead, wait for the busy ones to be nonbusy.
2015-01-23 09:37:08 -05:00
Nick Mathewson
5d4bb6f61f Merge remote-tracking branch 'public/ticket9969'
Conflicts:
	src/or/directory.c
	src/or/routerlist.c
	src/or/routerlist.h
	src/test/include.am
	src/test/test.c
2015-01-23 09:36:00 -05:00
Nick Mathewson
b677ccd3ab Merge remote-tracking branch 'public/ticket13762' 2015-01-23 08:55:31 -05:00
teor
f8ffb57bc4 Merge branch 'master' of https://git.torproject.org/tor into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/connection_edge.c
Merged in favour of origin.
2015-01-10 17:20:06 +11:00
teor
c200ab46b8 Merge branch 'bug14001-clang-warning' into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/router.c
Choose newer comment.
Merge changes to comment and function invocation.
2015-01-10 16:34:10 +11:00
Nick Mathewson
69df16e376 Rewrite the logic for deciding when to drop old/superseded certificates
Fixes bug 11454, where we would keep around a superseded descriptor
if the descriptor replacing it wasn't at least a week later.  Bugfix
on 0.2.1.8-alpha.

Fixes bug 11457, where a certificate with a publication time in the
future could make us discard existing (and subsequent!) certificates
with correct publication times.  Bugfix on 0.2.0.3-alpha.
2015-01-09 10:28:59 -05:00
Nick Mathewson
90db39448d Downgrade warnings about extrainfo incompatibility when reading cache
Fixes  13762.
2015-01-07 13:11:06 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
teor
1ee41b3eef Allow consensus interval of 10 seconds when testing
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)

Fix code that assumes larger interval values.

This assists in quickly bootstrapping a testing
Tor network.

Fixes bugs 13718 & 13823.
2014-12-24 06:13:32 +11:00
Nick Mathewson
3d2366c676 Merge remote-tracking branch 'public/bug13126'
Conflicts:
	src/or/or.h
2014-11-26 09:03:30 -05:00
Nick Mathewson
81433e7432 Merge remote-tracking branch 'rl1987/bug13644' 2014-11-12 13:12:14 -05:00
rl1987
a6520ed537 Renaming ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN. 2014-11-11 20:56:40 +02:00
rl1987
7025f2dc59 Print a warning when extra info document is found incompatible with router descriptor. 2014-11-09 17:41:18 +02:00
teor
fd7e9e9030 Stop failing when key files are zero-length
Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.

Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.
2014-11-08 20:31:20 +11:00
Nick Mathewson
415a841378 Remove smartlist_choose_node_by_bandwidth()
We were only using it when smartlist_choose_node_by_bandwidth_weights
failed.  But that function could only fail in the presence of
buggy/ancient authorities or in the absence of a consensus.  Either
way, it's better to use sensible defaults and a nicer algorithm.
2014-11-03 13:30:19 -05:00
Nick Mathewson
bbd8d07167 Apply new calloc coccinelle patch 2014-11-02 11:56:02 -05:00
Nick Mathewson
dc05b8549a Use digest256map for computing microdescriptor downloads 2014-10-31 11:32:32 -04:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
rl1987
f1ebe6bda4 Fix smartlist_choose_node_by_bandwidth() so that it rejects ORs with BadExit flag. 2014-10-28 14:07:08 -04:00
Nick Mathewson
f5fc7e3306 Fix a crash bug introduced in 223d354e3.
Arma found this and commented on #11243.  Bug not in any released
version of Tor.
2014-10-26 14:09:03 -04:00
Nick Mathewson
2d4c40ee5f Fix a use-after-free error in cleaned-up rouerlist code.
Bug not in any released tor.  This is CID 1248521
2014-10-20 09:04:53 -04:00
Nick Mathewson
d950e24332 Merge remote-tracking branch 'public/bug11243_squashed' 2014-10-13 14:32:43 -04:00
Nick Mathewson
223d354e34 Bugfixes on bug11243 fix for the not-added cases and tests
1. The test that adds things to the cache needs to set the clock back so
    that the descriptors it adds are valid.

 2. We split ROUTER_NOT_NEW into ROUTER_TOO_OLD, so that we can
    distinguish "already had it" from "rejected because of old published
    date".

 3. We make extrainfo_insert() return a was_router_added_t, and we
    make its caller use it correctly.  This is probably redundant with
    the extrainfo_is_bogus flag.
2014-10-13 14:31:11 -04:00
Nick Mathewson
3efeb711f1 Unit tests for 11243: loading ri, ei, mds from lists
These tests make sure that entries are actually marked
undownloadable as appropriate.
2014-10-13 14:30:02 -04:00
Nick Mathewson
a30594605e Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum.  This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)

This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest.  (This excludes RSA signature problems: RSA signatures
aren't included in the digest.  This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures.  But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)

We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.

Unit tests to follow in another patch.

Closes ticket #11243.
2014-10-13 14:30:02 -04:00
teor
ff42222845 Improve DIRINFO flags' usage comments
Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in functions
which take them as arguments. Replace 0 with NO_DIRINFO in a function call
for clarity.

Seeks to prevent future issues like 13163.
2014-10-08 05:36:54 +11:00
Nick Mathewson
ac9b0a3110 Try to make max_dl_per_request a bit smarter 2014-09-29 10:56:38 -04:00
teor
ff8fe38a2f Stop spurious clang shallow analysis null pointer errors
Avoid 4 null pointer errors under clang shallow analysis (the default when
building under Xcode) by using tor_assert() to prove that the pointers
aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-28 20:51:23 -04:00
Nick Mathewson
6523eff9b3 Send long URLs when requesting ordinary server descriptors too. 2014-09-23 13:04:22 -04:00
Nick Mathewson
055ad9c5fb fixup! Send more descriptor requests per attempt when using tunneled connections
Limit the number of simultaneous connections to a single router for
server descriptors too.
2014-09-23 12:57:10 -04:00
Nick Mathewson
0fdfdae7e3 fixup! Refactor initiate_descriptor_downloads() to be safer
Calculate digest_len correctly.

Also, refactor setting of initial variables to look a little nicer.
2014-09-23 12:56:16 -04:00
Nick Mathewson
55b21b366c fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_*
Document n_busy_out, and set it correctly when we goto retry_without_exclude.
2014-09-23 12:47:39 -04:00
Nick Mathewson
02464694b2 fixup! Send more descriptor requests per attempt when using tunneled connections
Compilation fixes
2014-09-23 12:34:51 -04:00
Nick Mathewson
06bda50600 fixup! Download microdescriptors if you're a cache 2014-09-23 12:32:02 -04:00
Arlo Breault
5ed5ac185b Send more descriptor requests per attempt when using tunneled connections 2014-09-23 12:22:28 -04:00
Arlo Breault
21d5dbd474 Refactor initiate_descriptor_downloads() to be safer
(It's smarter to use asprintf and join than character pointers and a
long buffer.)
2014-09-23 12:21:08 -04:00
Arlo Breault
29f15a97ed Make router_pick_directory_server respect PDS_NO_EXISTING_* 2014-09-23 12:19:15 -04:00
George Kadianakis
24a7726955 Implement Tor2webRendezvousPoints functionality. 2014-09-15 16:07:48 +03:00
Nick Mathewson
48558ed1aa Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 00:11:26 -04:00
Nick Mathewson
59f9a5c786 Avoid divide by zero and NaNs in scale_array_elements_to_u64
Patch from teor; part of 13104
2014-09-10 23:59:21 -04:00
Nick Mathewson
73ee161d8a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-10 23:48:59 -04:00
Nick Mathewson
3c2c6a6116 In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer.  That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.

Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
2014-09-10 23:48:11 -04:00
Sebastian Hahn
409a56281e Remove client-side bad directory logic
Implements the second half of #13060.
2014-09-09 11:54:20 -04:00
Nick Mathewson
2a0a5fe612 Explicitly cast when dividing ints then implicitly casting to double.
Coverity thinks that when we do "double x = int1/int2;", we probably
meant "double x = ((double)int1) / int2;".  In these cases, we
didn't.

[Coverity CID 1232089 and 1232090]
2014-08-21 10:19:26 -04:00
Nick Mathewson
2bfd92d0d1 Apply coccinelle script to replace malloc(a*b)->calloc(a,b) 2014-08-13 10:39:56 -04:00
Nick Mathewson
bb68c731b8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-08 10:09:17 -04:00
Roger Dingledine
0c869af7f8 fix three typos in comments 2014-08-06 02:20:51 -04:00
Nick Mathewson
d8705ec720 Merge remote-tracking branch 'asn/bug12207_second_draft' 2014-07-16 15:33:00 +02:00
George Kadianakis
b74442db94 Change interface of router_descriptor_is_too_old(). 2014-07-09 19:20:41 +03:00
George Kadianakis
4245662b28 Functionify the descriptor age check so that we can NOP it in tests. 2014-06-24 14:19:07 -04:00
Arlo Breault
48d7fceee5 Update a comment and undef an identifier
* Trac #11452
2014-06-23 20:28:34 -04:00
Karsten Loesing
5e9bd1b5db Believe that v3 dirauths always serve extra infos.
Clients should always believe that v3 directory authorities serve
extra-info documents, regardless of whether their server descriptor
contains a "caches-extra-info" line or not.

Fixes part of #11683.
2014-05-05 15:31:52 +02:00
Nick Mathewson
1bbd3811c1 Merge remote-tracking branch 'public/bug10849_025'
Conflicts:
	src/or/config.c
2014-05-01 11:51:22 -04:00
Nick Mathewson
438a03ef7c Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-16 15:37:19 -04:00
Nick Mathewson
3fc0f9efb8 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 14:57:14 -04:00
Nick Mathewson
ef3d7f2f97 remove note about dannenberg; it has upgraded. 2014-04-16 14:56:49 -04:00
Nick Mathewson
f050cf75b0 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 13:32:20 -04:00
Nick Mathewson
2ce0750d21 Update the authority signing key blacklist
Now it only has dannenberg
2014-04-16 13:31:40 -04:00
Nick Mathewson
03e0c7e366 Answer a question in a comment; fix a wide line. 2014-04-15 20:52:31 -04:00
Nick Mathewson
bc4c966851 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-14 18:00:54 -04:00
Nick Mathewson
149931571a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/routerlist.h
2014-04-14 18:00:38 -04:00
Nick Mathewson
09ed8a5dbb Tweak changes file and comment dates. 2014-04-14 17:58:49 -04:00
Nick Mathewson
46cf63bb42 Fill in the list of blacklisted signing keys.
I used a list of certificate files from arma, and a little script,
both at 11464.
2014-04-14 17:57:39 -04:00
Nick Mathewson
50ad393924 Code to blacklist authority signing keys
(I need a list of actual signing keys to blacklist.)
2014-04-14 17:57:39 -04:00
Roger Dingledine
aacbf551c4 note a missing word 2014-04-09 01:01:52 -04:00
Nick Mathewson
c0441cca8b Merge branch 'bug8787_squashed' 2014-03-31 11:57:56 -04:00
Nick Mathewson
1a9b4bd28c Munmap the right pointers in routerlist_free() 2014-03-31 11:43:51 -04:00
Andrea Shepard
df076eccfa Always check returns from tor_munmap_file() in microdesc.c 2014-03-31 11:27:08 -04:00
Andrea Shepard
947a6daa31 Always check returns from tor_munmap_file() in routerlist.c 2014-03-31 11:27:08 -04:00
Karsten Loesing
7450403410 Take out remaining V1 directory code. 2014-03-18 10:40:10 +01:00
Nick Mathewson
9077118ee2 Remove the unused router_hex_digest_matches
When I removed some unused functions in 5bfa373eee, this became
unused as well.
2014-03-11 11:17:46 -04:00
Nick Mathewson
b8ceb464e5 Merge branch 'bug11156_squashed' 2014-03-10 14:08:38 -04:00
George Kadianakis
6606e676ee Don't do directory fetches before all PTs have been configured. 2014-03-10 14:07:56 -04:00
Nick Mathewson
f0b2dc83b6 Merge remote-tracking branch 'arma/ticket5528'
Conflicts:
	src/or/router.c
	src/test/test_dir.c
2014-03-05 12:44:40 -05:00
Nick Mathewson
0b7a66fac7 whitespace fix 2014-02-28 08:57:29 -05:00
Nick Mathewson
b3a6907493 Remove a bunch of functions that were never called. 2014-02-15 15:33:34 -05:00
Nick Mathewson
ce450bddb7 Remove TunnelDirConns and PreferTunnelledDirConns
These options were added back in 0.1.2.5-alpha, but no longer make any
sense now that all directories support tunneled connections and
BEGIN_DIR cells.  These options were on by default; now they are
always-on.

This is a fix for 10849, where TunnelDirConns 0 would break hidden
services -- and that bug arrived, I think, in 0.2.0.10-alpha.
2014-02-11 11:10:55 -05:00
Karsten Loesing
00ec6e6af0 More fixes to rip out all of the v2 directory code.
(This was a squash commit, but I forgot to squash it. Sorry! --Nick)
2014-02-03 13:34:30 -05:00
Nick Mathewson
3193cbe2ba Rip out all of the v2 directory code.
The remaining vestige is that we continue to publish the V2dir flag,
and that, for the controller, we continue to emit v2 directory
formats when requested.
2014-01-29 15:17:05 -05:00
Nick Mathewson
0546edde66 Merge branch 'bug1376' 2013-10-11 12:51:15 -04:00
Nick Mathewson
df4693fed5 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 11:24:16 -04:00
Nick Mathewson
7dbf66713f When freeing a cert_list_t, avoid memory leak.
We were freeing these on exit, but when we added the dl_status_map
field to them in fddb814f, we forgot to arrange for it to be freed.

I've moved the cert_list_free() code into its own function, and added
an appropriate dsmap_free() call.

Fixes bug 9644; bugfix on 0.2.4.13-alpha.
2013-09-19 12:22:49 -04:00