Commit Graph

22789 Commits

Author SHA1 Message Date
Nick Mathewson
63e08f56b8 Merge remote-tracking branch 'tor-github/pr/365' 2018-09-21 16:13:59 -04:00
Nick Mathewson
7ed7fe230b Add an include to get --disable-module-dirauth happy again 2018-09-21 15:03:42 -04:00
Nick Mathewson
b7bd162af7 Merge remote-tracking branch 'dgoulet/ticket27774_035_03' 2018-09-21 13:02:12 -04:00
Nick Mathewson
194acfb51d Split directory.c code into several modules
Parts of this C file naturally belong in dircache, dirclient, and
dircommon: so, move them there.
2018-09-21 12:57:22 -04:00
Nick Mathewson
0e4c42a912 Merge remote-tracking branch 'ahf-github/asn/bugs4700_2' 2018-09-21 09:40:16 -04:00
Nick Mathewson
9399c579e5 Merge branch 'split_mainloop_onion' 2018-09-21 09:37:23 -04:00
Nick Mathewson
9b0a17a74f Merge branch 'maint-0.3.4' 2018-09-21 09:36:31 -04:00
Nick Mathewson
e818a71905 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-21 09:35:54 -04:00
Nick Mathewson
2cadd93cea Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-21 09:35:51 -04:00
Nick Mathewson
5b04392c15 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-21 09:35:23 -04:00
Nick Mathewson
96d1f2e6d0 Merge remote-tracking branch 'dgoulet/ticket27797_035_01' 2018-09-21 09:33:03 -04:00
Nick Mathewson
c7ce6b9821 Split main.c into main.c and mainloop.c
The main.c code is responsible for initialization and shutdown;
the mainloop.c code is responsible for running the main loop of Tor.

Splitting the "generic event loop" part of mainloop.c from the
event-loop-specific part is not done as part of this patch.
2018-09-21 09:14:06 -04:00
Nick Mathewson
98ef3e82e4 Move the non-crypto parts of onion.c out of src/core/crypto
The parts for handling cell formats should be in src/core/or.

The parts for handling onionskin queues should be in src/core/or.

Only the crypto wrapper belongs in src/core/crypto.
2018-09-21 09:14:05 -04:00
Nick Mathewson
55122bfe04 Bump to 0.3.5.2-alpha-dev 2018-09-21 09:11:33 -04:00
David Goulet
49e4bda50b fixup! hs-v3: Silence some logging for client authorization 2018-09-21 08:52:47 -04:00
David Goulet
79265a6fb6 hs-v3: Don't BUG() if the RP node_t is invalid client side
When sending the INTRODUCE1 cell, we acquire the needed data for the cell but
if the RP node_t has invalid data, we'll fail the send and completely kill the
SOCKS connection.

Instead, close the rendezvous circuit and return a transient error meaning
that Tor can recover by selecting a new rendezvous point. We'll also do the
same when we are unable to encode the INTRODUCE1 cell for which at that point,
we'll simply take another shot at a new rendezvous point.

Fixes #27774

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-21 08:44:12 -04:00
Nick Mathewson
63219eda8a Put dirlist_free_all back in routerlist_free_all for unit tests 2018-09-21 08:10:39 -04:00
rl1987
d40b0e73c2 Check Python version in test_rebind.py 2018-09-21 10:57:41 +03:00
rl1987
81199eaf0e Remove misleading first line in test_rebind.py
test_rebind.py actually does not require Python 3.

Bugfix on 5a11670fcaad0a58de48425ba80510effbe35628; bug not in any
Tor release.
2018-09-21 10:57:41 +03:00
cypherpunks
42558df7c8 rust/protover: return C-allocated string in protover_all_supported()
The result of CString::into_raw() is not safe to free
with free() except under finicky and fragile circumstances
that we definitely don't meet right now.

This was missed in be583a34a3.
2018-09-21 05:16:22 +00:00
cypherpunks
db89b4b152 rust/protover: fix null deref in protover_all_supported()
Fortunately with the current callers it couldn't happen in practice.

Fix on d1820c1516.
2018-09-21 04:57:26 +00:00
Nick Mathewson
1a85ac8c2d Bump to 0.3.5.2-alpha 2018-09-20 16:36:07 -04:00
Nick Mathewson
e7ac8fabcc Merge remote-tracking branch 'dgoulet/ticket27410_035_01' 2018-09-20 16:22:16 -04:00
Nick Mathewson
2ed0d240e8 Merge remote-tracking branch 'dgoulet/ticket27410_032_01' 2018-09-20 16:22:02 -04:00
Alexander Færøy
8ecaf41003 Support 'none' in torrc for HiddenServiceExportCircuitID.
See: https://bugs.torproject.org/4700
2018-09-20 20:59:42 +02:00
Nick Mathewson
813019cc57 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:41:44 -04:00
Nick Mathewson
1da9741bca Remove another needless typedef 2018-09-20 14:34:44 -04:00
Nick Mathewson
a406255cf3 Merge branch 'bug23512-v4-029-fixes' 2018-09-20 14:19:47 -04:00
Nick Mathewson
72e30f26ec Fix a pair of errors in bug23512 2018-09-20 14:18:09 -04:00
Nick Mathewson
4e2028152d Fix an NSS socket leak-on-error found by dgoulet 2018-09-20 13:53:04 -04:00
Nick Mathewson
d6c564e09a Use the correct macro to detect an invalid socket in tortls_nss.c
Fixes bug 27782; bugfix on 0.3.5.1-alpha
2018-09-20 12:55:31 -04:00
Nick Mathewson
62b709bc26 Release ownership of the dummy socket that tortls_nss.c will close
Related to #27795 -- since NSS will close the socket, we must not
count it as owned by Tor.
2018-09-20 12:53:39 -04:00
Nick Mathewson
f25323fe3f Fix socket accounting with ORConn sockets.
When we close a socket via tor_tls_free(), we previously had no way
for our socket accounting logic to learn about it.  This meant that
the socket accounting code would think we had run out of sockets,
and freak out.

Fixes bug 27795; bugfix on 0.3.5.1-alpha.
2018-09-20 12:52:29 -04:00
Nick Mathewson
1c1e84281d Add a tor_release_socket_ownership() function. 2018-09-20 12:46:47 -04:00
Nick Mathewson
bd6007d898 Merge branch 'split_routerlist_dirserv_v2' 2018-09-20 11:07:50 -04:00
Nick Mathewson
b54a5e704f Split most of dirserv.c into several new modules
In dirauth:
  * bwauth.c reads and uses bandwidth files
  * guardfraction.c reads and uses the guardfraction file
  * reachability.c tests relay reachability
  * recommend_pkg.c handles the recommended-packages lines.
  * recv_descs.c handles fingerprint files and processing incoming
    routerinfos that relays upload to us
  * voteflag.c computes flag thresholds and sets those thresholds on
    routerstatuses when computing votes

In control:
  * fmt_serverstatus.c generates the ancient "v1 server status"
    format that controllers expect.

In nodelist:
  * routerstatus_fmt.c formats routerstatus entries for a consensus,
    a vote, or for the controller.
2018-09-20 11:07:42 -04:00
David Goulet
fa6d5dd268 hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 11:01:23 -04:00
Nick Mathewson
1f377e910f Merge branch 'maint-0.3.4' 2018-09-20 10:43:08 -04:00
Nick Mathewson
163230e240 Merge remote-tracking branch 'github/bug27139_034' into maint-0.3.4 2018-09-20 10:43:05 -04:00
David Goulet
e3713f17fb node: Make node_supports_v3_rendezvous_point() also check for the key
It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-20 08:50:27 -04:00
Nick Mathewson
08e3b88f07 Split routerlist.c into 4 separate modules
There are now separate modules for:
    * the list of router descriptors
    * the list of authorities and fallbacks
    * managing authority certificates
    * selecting random nodes
2018-09-19 17:08:57 -04:00
David Goulet
cb81a69f90 test: hs-v3 desc has arrived unit test
That unit test makes sure we don't have pending SOCK request if the descriptor
turns out to be unusable.

Part of #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
David Goulet
f4f809fe3d hs-v3: Close all SOCKS request on descriptor failure
Client side, when a descriptor is finally fetched and stored in the cache, we
then go over all pending SOCKS request for that descriptor. If it turns out
that the intro points are unusable, we close the first SOCKS request but not
the others for the same .onion.

This commit makes it that we'll close all SOCKS requests so we don't let
hanging the other ones.

It also fixes another bug which is having a SOCKS connection in RENDDESC_WAIT
state but with a descriptor in the cache. At some point, tor will expire the
intro failure cache which will make that descriptor usable again. When
retrying all SOCKS connection (retry_all_socks_conn_waiting_for_desc()), we
won't end up in the code path where we have already the descriptor for a
pending request causing a BUG().

Bottom line is that we should never have pending requests (waiting for a
descriptor) with that descriptor in the cache (even if unusable).

Fixees #27410.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-19 11:11:57 -04:00
Nick Mathewson
119159677b Comment fix. 2018-09-18 16:44:24 -04:00
Nick Mathewson
88a93ccc7b Merge branch 'ticket27686_035' 2018-09-18 16:40:30 -04:00
Nick Mathewson
7ace8d5a61 Assert that some trunnel _new() functions return non-NULL
The trunnel functions are written under the assumption that their
allocators can fail, so GCC LTO thinks they might return NULL.  In
point of fact, they're using tor_malloc() and friends, which can't
fail, but GCC won't necessarily figure that out.

Fixes part of #27772.
2018-09-18 14:43:57 -04:00
Nick Mathewson
620108ea77 Assert that we aren't returning a pointer to a local variable.
GCC got confused here with LTO enabled.

Fixes part of #27772.
2018-09-18 14:34:49 -04:00
Nick Mathewson
ea5792f333 Make crypto_strongest_rand() non-mockable
Instead, have it call a mockable function.  We don't want
crypto_strongest_rand() to be mockable, since doing so creates a
type error when we call it from ed25519-donna, which we do not build
in a test mode.

Fixes bug 27728; bugfix on 0.3.5.1-alpha
2018-09-18 12:40:18 -04:00
teor
7bf9c93ab3 Merge remote-tracking branch 'nickm/bug27741_033' into bug27741_035
Resolve conflicts due to rustfmt, and run rustfmt on the merged code.
2018-09-18 23:32:57 +10:00
Nick Mathewson
50367d06f2 Merge remote-tracking branch 'tor-github/pr/352' 2018-09-18 08:44:58 -04:00
Nick Mathewson
52191064ac Merge branch 'maint-0.3.4' 2018-09-18 08:33:13 -04:00
Nick Mathewson
2ddbaf9cdc Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-18 08:31:14 -04:00
Nick Mathewson
75b95e1c8e Merge remote-tracking branch 'onionk/rust-allsupported1' into maint-0.3.3 2018-09-18 08:31:08 -04:00
Nick Mathewson
4199c8b2d0 Merge remote-tracking branch 'github/bug27073_029' 2018-09-18 08:16:42 -04:00
Nick Mathewson
9252814646 Merge remote-tracking branch 'tor-github/pr/344' 2018-09-18 08:15:02 -04:00
Nick Mathewson
50001d1c5b Merge remote-tracking branch 'asn-github/bug27764' 2018-09-18 08:10:25 -04:00
Nick Mathewson
7ca0f66b82 Bump to 0.3.5.1-alpha-dev 2018-09-18 07:52:27 -04:00
George Kadianakis
43324b0e4d Fix minor memleak in edge-case of crypto_rsa.c function. 2018-09-18 14:01:15 +03:00
Mike Perry
8a83c4b613 Merge branch 'bug23512-v4-033' into bug23512-v4-master 2018-09-18 00:17:14 +00:00
Mike Perry
ad10cafd9f Bug 23512: Test fix: cmux is now allocated by new_fake_channel() 2018-09-17 23:31:48 +00:00
Mike Perry
72cef61028 Merge branch 'bug23512-v4-032' into bug23512-v4-033 2018-09-17 23:31:34 +00:00
Mike Perry
dd15998d28 Remove duplicate TLS define from kist code.
Duplicate comes from introducing this define into 0.2.9, which did not yet
have KIST.
2018-09-17 23:21:58 +00:00
Mike Perry
dfd3823047 Bug 23512: Mock assert_circuit_ok in tests.
This mocking was not available in 0.2.9.
2018-09-17 23:12:53 +00:00
Mike Perry
36e81e1f59 Merge branch 'bug23512-v4-029' into bug23512-v4-032 2018-09-17 23:12:45 +00:00
Mike Perry
6af352172d Bug 23512: Test recording bytes in circ queues. 2018-09-17 22:24:25 +00:00
Mike Perry
bbaa398d26 Bug 23512: Report queued cells on or circs as written.
This avoids asymmetry in our public relay stats, which can be exploited for
guard discovery and other attacks.
2018-09-17 22:19:42 +00:00
Mike Perry
7dc435e6bc Promote rep_hist bw functions to uint64_t.
The rest of rephist uses uint64_t internally. Let's make these take it too,
so we don't have to worry about overflowing size_t on 32 bit systems.
2018-09-17 22:19:05 +00:00
Nick Mathewson
80ad15921c Remove extraneous argument from Rust protover_compute_vote()
This argument was added to match an older idea for the C api, but we
decided not to do it that way in C.

Fixes bug 27741; bugfix on 0.3.3.6 / TROVE-2018-005 fix.
2018-09-17 11:57:56 -04:00
Nick Mathewson
4fd761a418 Make CacheDirectoryGroupReadable an autobool.
Since the default cache directory is the same as the default data
directory, we don't want the default CacheDirectoryGroupReadable
value (0) to override an explicitly set "DataDirectoryGroupReadable
1".

To fix this, I'm making CacheDirectoryGroupReadable into an
autobool, and having the default (auto) value mean "Use the value of
DataDirectoryGroupReadable if the directories are the same, and 0
otherwise."

Fixes bug 26913; bugfix on 0.3.3.1-alpha when the CacheDirectory
option was introduced.
2018-09-17 11:44:59 -04:00
Nick Mathewson
f606b3cfd1 Lower the maximum size of a private key file to 16 MB
This shouldn't be a user-visible change: nobody has a 16 MB RSA
key that they're trying to use with Tor.

I'm doing this to fix CID 1439330 / ticket 27730, where coverity
complains (on 64-bit) that we are making a comparison that is never
true.
2018-09-17 11:08:56 -04:00
Nick Mathewson
307275a5e4 Bump to 0.3.5.1-alpha 2018-09-17 09:12:42 -04:00
Nick Mathewson
b729bc202c Add tortls.h includes to expose critical macro. Fix #27734. 2018-09-16 22:08:02 -04:00
Nick Mathewson
a8ac21fbb5 Don't try to link C from rust doctests for nss detection
This is really annoying, since we can't use cfg(test) for doctests.
2018-09-16 14:34:31 -04:00
Nick Mathewson
078debb0de Merge branch 'bug25573-034-typefix' 2018-09-16 13:46:12 -04:00
Nick Mathewson
7fd61cf536 Fix duplicate declaration of pathbias_count_valid_cells. 2018-09-16 13:45:43 -04:00
Nick Mathewson
991bec67ee When Tor is compiled with NSS, don't claim support for LinkAuth=1
Closes ticket 27288
2018-09-16 13:28:29 -04:00
traumschule
863e2fcb48 Update description of onion_extend_cpath() (#27333) 2018-09-16 04:01:17 +02:00
cypherpunks
1ed5e009cb rust/protover: reject extra commas
The C implementation had gotten this wrong too, in a slightly different way.

Introduced in 5af03c1ef3.

Fixes #27197; bugfix on 0.3.3.3-alpha.
2018-09-15 23:19:31 +00:00
Alexander Færøy
3477a73af9 Add proxy headers as early as possible.
This patch moves the logic that adds the proxy headers to an earlier
point in the exit connection lifetime, which ensures that the
application data cannot be written to the outbuf before the proxy header
is added.

See: https://bugs.torproject.org/4700
2018-09-15 22:17:57 +02:00
Alexander Færøy
9b511dc5d6 Change HiddenServiceExportCircuitID to take a string parameter: the protocol.
This patch changes HiddenServiceExportCircuitID so instead of being a
boolean it takes a string, which is the protocol. Currently only the
'haproxy' protocol is defined.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
Alexander Færøy
8f085841ef Encode the 32-bit Global Identifier as 2 x 16-bit in the IPv6 address.
Without this patch we would encode the IPv6 address' last part as
::ffffffff instead of ::ffff:ffff when the GID is UINT32_MAX.

See: https://bugs.torproject.org/4700
2018-09-15 16:52:36 +03:00
George Kadianakis
b2092f1ced Add unittest for HiddenServiceExportCircuitID.
Had to move a function to test helpers.
2018-09-15 16:52:32 +03:00
George Kadianakis
6069185bcc Save original virtual port in edge conn HS ident. 2018-09-15 16:32:24 +03:00
George Kadianakis
5d34a8cbbb Improve export_hs_client_circuit_id() function.
- Change default values.
- Beautify.
- Documentation.
2018-09-15 16:32:23 +03:00
George Kadianakis
27d7491f5a Introduce per-service HiddenServiceExportCircuitID torrc option.
Moves code to a function, better viewed with --color-moved.
2018-09-15 16:31:22 +03:00
Nick Mathewson
035166e7bf Add a missing function for windows 2018-09-14 15:02:11 -04:00
Nick Mathewson
af39649aad Explicitly ignore BIO_set_close() return val to fix #27711 2018-09-14 13:09:10 -04:00
Nick Mathewson
4bdba5fa4b Merge branch 'maint-0.3.4' 2018-09-14 12:56:31 -04:00
Nick Mathewson
6f47734ea8 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-14 12:56:30 -04:00
Nick Mathewson
a546e07600 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-14 12:56:30 -04:00
David Goulet
0971b3ce4d hs-v3: Don't BUG() on directory permission check failure
In hs_config.c, we do validate the permission of the hidden service directory
but we do not try to create it. So, in the event that the directory doesn't
exists, we end up in the loading key code path which checks for the
permission and possibly creates the directory. On failure, don't BUG() since
there is a perfectly valid use case for that function to fail.

Fixes #27335

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-14 12:56:26 -04:00
Nick Mathewson
6e940829cc Merge remote-tracking branch 'dgoulet/ticket27040_035_01' 2018-09-14 12:54:13 -04:00
Nick Mathewson
79f8641ee5 Merge branch 'nss_countbytes_squashed' 2018-09-14 12:45:30 -04:00
Nick Mathewson
ac93c911ce Allow malloc includes in tls library 2018-09-14 12:44:56 -04:00
Nick Mathewson
126819c947 Add support for lower-level byte counting with NSS
This is harder than with OpenSSL, since OpenSSL counts the bytes on
its own and NSS doesn't.  To fix this, we need to define a new
PRFileDesc layer that has its own byte-counting support.

Closes ticket 27289.
2018-09-14 12:44:56 -04:00
David Goulet
33c99cf565 hs-v2: Demote log warning to info when we don't have a consensus
Fixes #27040

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-14 12:04:01 -04:00
Nick Mathewson
bb465be085 Revise our assertion and bug macros to work with -Wparentheses
On GCC and Clang, there's a feature to warn you about bad
conditionals like "if (a = b)", which should be "if (a == b)".
However, they don't warn you if there are extra parentheses around
"a = b".

Unfortunately, the tor_assert() macro and all of its kin have been
passing their inputs through stuff like PREDICT_UNLIKELY(expr) or
PREDICT_UNLIKELY(!(expr)), both of which expand to stuff with more
parentheses around "expr", thus suppressing these warnings.

To fix this, this patch introduces new macros that do not wrap
expr.  They're only used when GCC or Clang is enabled (both define
__GNUC__), since they require GCC's "({statement expression})"
syntax extension.  They're only used when we're building the
unit-test variant of the object files, since they suppress the
branch-prediction hints.

I've confirmed that tor_assert(), tor_assert_nonfatal(),
tor_assert_nonfatal_once(), BUG(), and IF_BUG_ONCE() all now give
compiler warnings when their argument is an assignment expression.

Fixes bug 27709.

Bugfix on 0.0.6, where we first introduced the "tor_assert()" macro.
2018-09-14 11:39:37 -04:00
cypherpunks
5c47f725b0 rust/protover: delete ProtoSet::retain
As the comment noted, it was horribly inefficient.
2018-09-14 15:10:22 +00:00
cypherpunks
c613d55134 rust/protover: use .and_not_in() instead of .retain() in all_supported()
.retain() would allocating a Vec of billions of integers and check them
one at a time to separate the supported versions from the unsupported.
This leads to a memory DoS.

Closes ticket 27206. Bugfix on e6625113c9.
2018-09-14 15:08:55 +00:00
cypherpunks
578f7326ed rust/protover: add ProtoSet::and_not_in()
This is a way more efficient version of retain().
2018-09-14 15:08:54 +00:00
Nick Mathewson
8f689e0eb2 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-14 10:48:01 -04:00
Nick Mathewson
7e406ec40f Merge branch 'maint-0.3.4' 2018-09-14 10:48:01 -04:00
Nick Mathewson
281854bab7 If options_act() fails, restore the previous value of global_options
Before 0.3.3.1-alpha, we would exit() in this case immediately.  But
now that we leave tor_main() more conventionally, we need to make
sure we restore things so as not to cause a double free.

Fixes bug 27708; bugfix on 0.3.3.1-alpha.
2018-09-14 10:34:45 -04:00
Nick Mathewson
0e4fcd3996 Merge branch 'nss_27664' 2018-09-14 10:24:46 -04:00
Nick Mathewson
e43ae24e7d Merge branch 'nss_27451' 2018-09-14 10:22:38 -04:00
Nick Mathewson
eaeb4c1082 Fix compilation of 27686 on master. 2018-09-14 10:22:11 -04:00
Nick Mathewson
994de7db53 Merge branch 'ticket27686_034' into x 2018-09-14 10:16:44 -04:00
Nick Mathewson
ab92f93421 Teach the OOM module to handle half-open stream info. #27686 2018-09-14 10:16:27 -04:00
Nick Mathewson
1ca03633fe Tweak message; only log it on a relay. 2018-09-14 09:32:39 -04:00
Nick Mathewson
12320e7f3e Merge remote-tracking branch 'neel/b21530' 2018-09-14 09:27:03 -04:00
Nick Mathewson
82b1282772 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-14 09:25:34 -04:00
Nick Mathewson
84e3ada71b Merge remote-tracking branch 'onionk/rust-protokeyword1-035' 2018-09-14 09:25:31 -04:00
Nick Mathewson
bb012d7941 Merge remote-tracking branch 'tor-github/pr/329' 2018-09-14 09:22:23 -04:00
Nick Mathewson
b67f3b751a Merge branch 'ticket27247' 2018-09-14 09:14:12 -04:00
Nick Mathewson
6e5e1be737 Make circuitmux ewma timing test more tolerant on 32bit osx
Since we use a 32-bit approximation for millisecond conversion here,
we can't expect so much precision.

Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
2018-09-14 08:40:12 -04:00
Nick Mathewson
f02e8b5944 Avoid integer overflow on fast 32-bit millisecond conversion.
Multiply-then-divide is more accurate, but it runs into trouble when
our input is above INT32_MAX/numerator.  So when our value is too
large, do divide-then-multiply instead.

Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
2018-09-14 08:39:45 -04:00
Nick Mathewson
4eabc6db47 Use a slightly more accurate formula for OSX 32-bit msec conversion
We use an optimized but less accurate formula for converting coarse
time differences to milliseconds on 32-bit OSX platforms, so that we
can avoid 64-bit division.

The old numbers were off by 0.4%.  The new numbers are off by .006%.

This should make the unit tests a bit cleaner, and our tolerances a
bit closer.
2018-09-14 08:35:06 -04:00
Nick Mathewson
88c9730817 Re-order includes to expose intptr_t to tor_api_internal.h 2018-09-14 07:11:37 -04:00
cypherpunks
bf9dc697fa Merge branch 'rust-protokeyword1-034' into rust-protokeyword1-035 2018-09-14 02:33:59 +00:00
cypherpunks
574d59c640 Merge branch 'rust-protokeyword1' into rust-protokeyword1-034 2018-09-14 02:26:31 +00:00
cypherpunks
e24195c7c1 protover: reject invalid protocol names
The spec only allows the characters [A-Za-z0-9-].

Fix on b2b2e1c7f2.
Fixes #27316; bugfix on 0.2.9.4-alpha.
2018-09-14 02:18:04 +00:00
Neel Chauhan
2c093c96b2 Add log message for Tor being non-exit by default 2018-09-13 21:50:06 -04:00
Nick Mathewson
7a0ff5beb2 In conditionvar_timeout test, wait for threads to timeout
Previously we just waited 200msec, which was not enough on slow/busy
systems.

Fixes bug 27073; bugfix on 0.2.6.3-alpha when the test was introduced.
2018-09-13 20:47:41 -04:00
Nick Mathewson
d8280216c0 Include torint.h in socketpair.c for intptr_t definition. 2018-09-13 17:54:26 -04:00
Nick Mathewson
92357a07bd Fix a 32-bit off_t/size_t warning in crypto_rsa.c
Bug not in any released Tor.
2018-09-13 17:49:39 -04:00
Nick Mathewson
83b8a76f0c Fix a shadowed-global warning in geoip.c
Bugfix on 5ab2110eb6b4ae9082430081cb2800018cf0dcd6; bug not in any
released Tor.
2018-09-13 17:48:33 -04:00
Nick Mathewson
b943721b2a Merge branch 'bug27224_take2_squashed' 2018-09-13 16:43:06 -04:00
rl1987
1e77376e1a Avoid calling node_get_all_orports() from node_is_a_configured_bridge()
All node_get_all_orports() does is allocate and return a smartlist
with at most two tor_addr_port_t members that match ORPort's of
node configuration. This is harmful for memory efficiency, as it
allocates the same stuff every time it is called. However,
node_is_a_configured_bridge() does not need to call it, as it
already has all the information to check if there is configured
bridge for a given node.

The new code is arranged in a way that hopefully makes each succeeding
linear search through bridge_list less likely.
2018-09-13 16:38:33 -04:00
Nick Mathewson
874eca6a8c Add a test case with a matching ip but mismatched identity. 2018-09-13 16:38:33 -04:00
rl1987
9741921094 Unit tests for ticket 27224.
Since this is a refactoring ticket, these tests should pass before
and after the changes are made.
2018-09-13 16:25:14 -04:00
Nick Mathewson
85aba48a66 Merge branch 'bug26470_032' 2018-09-13 13:53:42 -04:00
Mike Perry
efa2075670 Ticket #27678: Emit CIRC_BW events immediately for dropped cells.
We determine that a cell was dropped by inspecting CIRC_BW fields. If we did
not update the delivered or overhead fields after processing the cell, the
cell was dropped/not processed.

Also emit CIRC_BW events for cases where we decide to close the circuit in
this function, so vanguards can print messages about dropped cells in those
cases, too.
2018-09-13 17:45:45 +00:00
Mike Perry
80ffedd3ca Control port call to emit a CIRC_BW event for a single circuit.
This commit only moves code. No functionality has been changed.
2018-09-13 17:44:56 +00:00
Nick Mathewson
2d05500a1e Merge remote-tracking branch 'UntoSten/inform-about-conf-includes' 2018-09-13 13:35:59 -04:00
Nick Mathewson
787da5185c Merge remote-tracking branch 'onionk/strcmpstart1' 2018-09-13 13:30:53 -04:00
Nick Mathewson
e8b81d7dc5 Merge branches 'bug27684' and 'bug27685' 2018-09-13 13:09:57 -04:00
Nick Mathewson
15596f6c0c Fix a memory leak in tortls/openssl/try_to_extract_certs_from_tls
Since this is an "intrusive" test, it only shows up for openssl <1.1

This is a bugfix on 0.3.5.x; bug not in any released Tor.
2018-09-13 12:47:42 -04:00
Nick Mathewson
d28018ea1e Fix a memory leak in tortls/openssl/context_new test.
Bugfix on 0.3.5.x; bugfix not on any released Tor.
2018-09-13 12:43:37 -04:00
cypherpunks
7c26f88fd7 rust/protover: validate unknown protocol names use only allowed characters 2018-09-13 16:33:58 +00:00
Nick Mathewson
9697c2da46 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-13 11:46:04 -04:00
Nick Mathewson
3ddfd5ff25 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-13 11:46:04 -04:00
Nick Mathewson
8253428253 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-13 11:46:04 -04:00
Nick Mathewson
d44eb16b23 Merge branch 'maint-0.3.4' 2018-09-13 11:46:04 -04:00
Nick Mathewson
75d6609eb1 Run crypto_prefork() before start_daemon().
Without this, RunAsDaemon breaks NSS.

Fixes bug 27664; bug not in any released Tor.
2018-09-13 08:58:28 -04:00
David Goulet
4b646e30d8 conn: Fix memleaks in retry_all_listeners
Fixes #27670

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-12 17:51:56 -04:00
Nick Mathewson
fed2c26e60 Report UNIX connection addresses that we opened correctly.
This is an aside on ticket27670.
2018-09-12 17:42:24 -04:00
Nick Mathewson
f308e81fa7 Merge branch 'maint-0.3.4' 2018-09-12 17:25:40 -04:00
Nick Mathewson
f8d5fb42a3 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-12 17:24:41 -04:00
Nick Mathewson
b4f20ec8a6 Merge remote-tracking branch 'tor-github/pr/280' 2018-09-12 16:13:23 -04:00
Nick Mathewson
9f5f67bda2 Use tor_tls_release_socket() to avoid double-closed sockets on NSS
Closes ticket 27451; bug not in any released Tor.
2018-09-12 11:32:15 -04:00
Nick Mathewson
ae5692994f Add a tor_tls_release_socket() function.
This function tells the underlying TLS object that it shouldn't
close the fd on exit.  Mostly, we hope not to have to use it, since
the NSS implementation is kludgey, but it should allow us to fix
2018-09-12 11:12:05 -04:00
Nick Mathewson
bfc847255a Merge remote-tracking branch 'dgoulet/ticket27545_035_01' 2018-09-12 10:18:11 -04:00
cypherpunks
cb9fa3b04c nodelist: fix docs for networkstatus_read_cached_consensus_impl
Fix on c12d2cb2dc.
2018-09-12 14:13:03 +00:00
cypherpunks
ab91302fd0 nodelist: use strcmpstart() instead of strncmp()
in rend_parse_v2_service_descriptor.
Fix on c58675ca72
2018-09-12 14:03:06 +00:00
Nick Mathewson
19dbc385d5 Merge remote-tracking branch 'tor-github/pr/298' 2018-09-12 09:38:52 -04:00
Nick Mathewson
62743912bc Merge branch 'pr278_squashed' 2018-09-12 09:06:35 -04:00
rl1987
7b27d98eae Actually, just disable test_rebind.sh on Appveyor 2018-09-12 09:06:16 -04:00
rl1987
d30e47fd4e Disable test_rebind.sh on Windows 2018-09-12 09:06:16 -04:00
rl1987
5a11670fca Update/fix CI build
Update integration test to Python 3
2018-09-12 09:06:16 -04:00
rl1987
4811869d7a Pick random ports in test_rebind.py 2018-09-12 09:06:16 -04:00
rl1987
d8157097b4 Always include socket rebinding code 2018-09-12 09:06:16 -04:00
rl1987
3f34fc921c Tweak test_rebind.py for future-proofness 2018-09-12 09:06:16 -04:00
rl1987
762c27b907 Integration test for socket rebinding
squash! Integration test for socket rebinding
2018-09-12 09:06:16 -04:00
rl1987
fbd50f5994 Avoid mentioning ticket number in comments 2018-09-12 09:06:16 -04:00
rl1987
9f5431c79f Comments/explanation for #17873 2018-09-12 09:06:16 -04:00
rl1987
74a474a2e7 Minor code cleanups 2018-09-12 09:06:16 -04:00
rl1987
27c868eff1 Log a notice *after* creating connection 2018-09-12 09:06:16 -04:00
rl1987
d548453abd Log a notice when changing to/from wildcard IP address 2018-09-12 09:06:14 -04:00
rl1987
9f7ed1d04e Always close old listeners in retry_all_listeners 2018-09-12 09:05:39 -04:00
rl1987
f04e0bd5d6 Refrain from compiling socket rebinding code on system that don't need it 2018-09-12 09:05:39 -04:00
rl1987
c99bb8b6ea Try rebinding new listener after closing old one if first bind failed with EADDRINUSE 2018-09-12 09:05:36 -04:00
Nick Mathewson
73a37d1e54 Check waitpid return value and exit status in tinytest.c
It's possible for a unit test to report success via its pipe, but to
fail as it tries to clean up and exit.  Notably, this happens on a
leak sanitizer failure.

Fixes bug 27658; bugfix on 0.2.2.4-alpha when tinytest was
introduced.
2018-09-12 08:57:18 -04:00
Mahrud Sayrafi
be142194cd Encode Circuit ID as src IP in Proxy Protocol for Opportunistic Onions 2018-09-12 15:20:26 +03:00
Nick Mathewson
8294c40c96 Merge remote-tracking branch 'tor-github/pr/318' 2018-09-12 08:12:19 -04:00
cypherpunks
03c4d0ab9c rust/protover: fix check for overlapping ranges
Closes ticket 27649. Bugfix on e6625113c9.
2018-09-12 02:47:59 +00:00
cypherpunks
b88a2f28ae rust/protover: remove version zero from tests
This isn't legal according to dir-spec.txt.

We can write separate tests for it if the spec
is changed to make it legal.
2018-09-12 02:47:59 +00:00
cypherpunks
e9ef7d5ab4 test/protover: remove version zero from tests
This isn't legal according to dir-spec.txt.

We can write separate tests for it if the spec
is changed to make it legal.
2018-09-12 02:47:29 +00:00
Nick Mathewson
5a2374b074 Merge remote-tracking branch 'tor-github/pr/315' 2018-09-11 15:55:30 -04:00
Nick Mathewson
affbe376f9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-11 15:53:06 -04:00
Mike Perry
ae1aea4cc4 Bug 25505: Check circuitmux queues before padding. 2018-09-11 15:53:03 -04:00
Nick Mathewson
2d0a6d7691 Merge remote-tracking branch 'mikeperry/bug25505' 2018-09-11 14:32:39 -04:00
Nick Mathewson
7852499812 Merge remote-tracking branch 'tor-github/pr/312' 2018-09-11 14:05:16 -04:00
Nick Mathewson
75ad1a1f2f Merge remote-tracking branch 'onionk/doublevote1' 2018-09-11 13:16:49 -04:00
Nick Mathewson
328bcbf305 Merge remote-tracking branch 'tor-github/pr/313' 2018-09-11 12:23:21 -04:00
Nick Mathewson
a7d0cbd462 Merge remote-tracking branch 'tor-github/pr/314' 2018-09-11 12:19:13 -04:00
Nick Mathewson
8a873a5695 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-11 12:04:56 -04:00
Nick Mathewson
8afc100cb5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-11 12:04:56 -04:00
Nick Mathewson
f741505642 Merge branch 'maint-0.3.4' 2018-09-11 12:04:56 -04:00
Nick Mathewson
3119cb5062 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-11 12:04:55 -04:00
Nick Mathewson
04bb70199b Followup: Make authority_cert_parse_from_string() take length too 2018-09-11 11:43:26 -04:00
Nick Mathewson
7e3005af30 Replace "read consensus from disk" with "map consensus from disk".
Implements 27244, and should save a bunch of RAM on clients.
2018-09-11 11:43:26 -04:00
Nick Mathewson
abaca3fc8c Revise networkstatus parsing code to use lengths
This way the networkstatus can be parsed without being
NUL-terminated, so we can implement 27244 and mmap our consensus objects.
2018-09-11 11:43:26 -04:00
Suphanat Chunhapanya
57c82b74b4 hs-v3: Shuffle the list of authorized clients
This commit makes it that the authorized clients in the descriptor are in
random order instead of ordered by how they were read on disk.

Fixes #27545

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-11 11:23:49 -04:00
Nick Mathewson
e014b72b73 Stop memcpy'ing uncompressed consensuses when making diffs 2018-09-11 11:16:50 -04:00
Nick Mathewson
5595b21227 Consdiff: use lengths on inputs so they don't need NUL at the end
This is part of #27244, so that we can safely mmap consensus
documents.
2018-09-11 11:16:50 -04:00
Nick Mathewson
e5601f14ed Initialize 't' in ge25519_scalarmult_base_niels()
OSS-Fuzz's version of memorysanitizer can't tell that this value is
not going to be used unsafely.
2018-09-11 10:35:18 -04:00
Karsten Loesing
19429fac23 Update geoip and geoip6 to the September 6 2018 database. 2018-09-11 09:26:59 +02:00
Taylor Yu
617160895c Defer reporting directory bootstrap progress
Existing cached directory information can cause misleadingly high
bootstrap percentages.  To improve user experience, defer reporting of
directory information progress until at least one connection has
succeeded to a relay or bridge.

Closes ticket 27169.
2018-09-10 15:20:50 -05:00
David Goulet
672620901b hs-v3: Silence some logging for client authorization
If a tor client gets a descriptor that it can't decrypt, chances are that the
onion requires client authorization.

If a tor client is configured with client authorization for an onion but
decryption fails, it means that the configured keys aren't working anymore.

In both cases, we'll log notice the former and log warn the latter and the
rest of the decryption errors are now at info level.

Two logs statement have been removed because it was redundant and printing the
fetched descriptor in the logs when 80% of it is encrypted wat not helping.

Fixes #27550

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 15:04:22 -04:00
rl1987
1ec54b3556 Bugfix: sizeof(socklen) doesn't make sense when calling connect()
Bugfix on 2f657a1416f2f81dd1be900269c4ae9bdb29f52d; bug not in
any Tor release.
2018-09-10 21:50:30 +03:00
Taylor Yu
687bf3ea64 Track bootstrap phase independently of progress
Track bootstrap phase (enumerated by bootstrap_status_t) independently
from the bootstrap progress (which can represent intermediate
progress).  This allows control_event_bootstrap_problem() to avoid
doing a linear search through the bootstrap progress space to find the
current bootstrap phase.
2018-09-10 13:18:32 -05:00
Taylor Yu
5733d3f71f Refactor control_event_bootstrap_core() more
Eliminate a few conditional expressions in
control_event_bootstrap_core() by overwriting the status parameter.
2018-09-10 13:18:32 -05:00
Taylor Yu
15c24d669f Refactor control_event_bootstrap() somewhat
Move the mostly-invariant part of control_event_boostrap() into a
helper control_event_bootstrap_core().  The helper doesn't modify any
state beyond doing logging and control port notifications.
2018-09-10 13:18:32 -05:00
Taylor Yu
e2988e044d Deindent much of control_event_bootstrap 2018-09-10 13:18:32 -05:00
Taylor Yu
eee62e13d9 Make control_event_bootstrap() return void
Simplify control_event_bootstrap() by making it return void again.  It
is currently a fairly complicated function, and it's made more
complicated by returning an int to signal whether it logged at NOTICE
or INFO.

The callers conditionally log messages at level NOTICE based on this
return value.  Change the callers to unconditionally log their verbose
human-readable messages at level INFO to keep NOTICE logs less
cluttered.

This partially reverts the changes of #14950.
2018-09-10 13:18:32 -05:00
David Goulet
7ff67d0e90 test: Fix coverity CID 1439129
One HSv3 unit test used "tor_memeq()" without checking the return value. This
commit changes that to use "tt_mem_op()" to actually make the test validate
something :).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:28:35 -04:00
David Goulet
064d3e7497 test: Fix coverity CID 1439130
Trivial fix of removing an uneeded NULL check in an HS v3 unit test.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:22:31 -04:00
David Goulet
58d74ad943 test: Fix coverity CID 1439131
Simple uninitialized object that we could free in an HS v3 unit test.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:20:58 -04:00
George Kadianakis
34a2cbb249 Address coverity warnings (CID 1439133/1439132).
>>>>    CID 1439133:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.

>>>>    CID 1439132:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.
2018-09-10 16:54:19 +03:00
Nick Mathewson
96601a6805 Bump to 0.3.4.8-dev 2018-09-10 09:42:40 -04:00
Nick Mathewson
05f5f65006 Bump to 0.3.3.10-dev. 2018-09-10 09:42:12 -04:00
Nick Mathewson
ec4a7641f1 Bump to 0.3.2.12-dev 2018-09-10 09:41:34 -04:00
Nick Mathewson
b203dedaf5 Bump to 0.2.9.17-dev 2018-09-10 09:41:22 -04:00
rl1987
1e296bc6de Call event_set_mem_functions during initialization 2018-09-09 18:58:03 +03:00
Nick Mathewson
a52d5d5309 Refactor initialization in curve25519_basepoint_spot_check
This is an attempt to work around what I think may be a bug in
OSS-Fuzz, which thinks that uninitialized data might be passed to
the curve25519 functions.
2018-09-09 10:21:13 -04:00
Roger Dingledine
776c1a5d1a make ipv6-only config complaint clearer
(a relay operator hit this on #tor-relays and couldn't make sense
of it. i couldn't either until i went to go read the code.)
2018-09-08 17:08:22 -04:00
Nick Mathewson
33a0c619a8 Do not store cached_dir_t for consensus in RAM if not a dircache.
There are three reasons we use a cached_dir_t to hold a consensus:
  1. to serve that consensus to a client
  2. to apply a consensus diff to an existing consensus
  3. to send the consensus to a controller.

But case 1 is dircache-only.  Case 2 and case 3 both fall back to
networkstatus_read_cached_consensus().  So there's no reason for us
to store this as a client.  Avoiding this saves about 23% of our RAM
usage, according to our experiments last month.

This is, semantically, a partial revert of e5c608e535.

Fixes bug 27247; bugfix on 0.3.0.1-alpha.
2018-09-07 19:48:56 -04:00
Nick Mathewson
95060eacae Use networkstatus_read_cached_consensus() for GETINFO
We already had fallback code for "dir/status-vote/current/consensus"
to read from disk if we didn't have a cached_dir_t available.  But
there's a function in networkstatus_t that does it for us, so let's
do that.
2018-09-07 19:48:56 -04:00
Nick Mathewson
43e400f340 Bump to 0.3.3.10 2018-09-07 15:11:18 -04:00
Nick Mathewson
cdaf9aec8e Bump to 0.3.2.12 2018-09-07 15:11:07 -04:00
Nick Mathewson
da29074fc4 Bump to 0.2.9.17 2018-09-07 15:10:49 -04:00
Nick Mathewson
9ca1af9a87 Merge remote-tracking branch 'dgoulet/ticket20700_035_03' 2018-09-07 15:03:32 -04:00
George Kadianakis
3695ef6343 HSv3: Don't assert when reading bad client-side privkeys. 2018-09-07 14:05:07 -04:00
George Kadianakis
6583d1e709 HSv3: Add subcredential in client auth KDF on the client-side. 2018-09-07 14:05:07 -04:00
George Kadianakis
1e9428dc61 HSv3: Add subcredential in client auth KDF on the service-side.
Also update some client auth test vectors that broke...
2018-09-07 14:05:07 -04:00
David Goulet
c76d00abfa hs-v3: Make hs_desc_build_fake_authorized_client() return an object
Return a newly allocated fake client authorization object instead of taking
the object as a parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5e1d36c7db bug: Use PATH_SEPARATOR instead of slash
In function get_fname_suffix, previously it uses /, but in fact it
should use PATH_SEPARATOR.
2018-09-07 14:03:55 -04:00
David Goulet
8e57986e7d hs-v3: Improve v3 client authorization logging
Part of #20700.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5b2871d2f2 hs-v3: Log client auth load activities client side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
7ace28c952 hs-v3: Log client auth load activities service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
83c8419e73 hs-v3: Rename client_pk to client_auth_pk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:08 -04:00
Suphanat Chunhapanya
9f975e9995 hs-v3: Rename client_sk to client_auth_sk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:07 -04:00
Suphanat Chunhapanya
b61403c787 test: HS v3 client auth is config equal function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
8f64931d67 hs-v3: Republish descriptors if client auth changes
When reloading tor, check if our the configured client authorization have
changed from what we previously had. If so, republish the updated descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
3b08b23997 hs-v3: Make all descriptor content free functions public
Series of functions that we now need in hs_service.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
53dd1699ba hs-v3: Re-enable the decoding in the encoding function
Previously, the validation by decoding a created descriptor was disabled
because the interface had to be entirely changed and not implemented at the
time.

This commit re-enabled it because it is now implemented.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
69fb25b0f6 test: HS v3 descriptor decoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
7acb720027 hs-v3: Decrypt the descriptor with client private key
Parse the client authorization section from the descriptor, use the client
private key to decrypt the auth clients, and then use the descriptor cookie to
decrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:39 -04:00
Suphanat Chunhapanya
63576b0166 hs-v3: Refactor the descriptor decryption/decoding
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
462d4097ce hs-v3: Refactor secret data building logic
Because this secret data building logic is not only used by the descriptor
encoding process but also by the descriptor decoding, refactor the function to
take both steps into account.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
9c36219236 test: HS v3 client authorization loading secret key
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
8e81fcd51a hs-v3: Load client authorization secret key from file
The new ClientOnionAuthDir option is introduced which is where tor looks to
find the HS v3 client authorization files containing the client private key
material.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fd6bec923c test: HS v3 descriptor encoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fa50aee366 hs-v3: Encrypt the descriptor using a cookie
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
10f4c46e50 test: Build an HSv3 descriptor with authorized client
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
0dab4ac2dd test: HS v3 building a descriptor with client auth
This commit tests that the descriptor building result, when the client
authorization is enabled, includes everything that is needed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
08bbcffc0e hs-v3: Generate all descriptor related keys
We need to generate all the related keys when building the descriptor, so that
we can encrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
15af47ede0 test: HS v3 loading client auth keys service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
b894b40e64 hs-v3: Load all client auth keys to the service
This commit loads all client public keys from every file in
`authorized_clients/` directory.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:07 -04:00
Nick Mathewson
13d0855a89 Merge remote-tracking branch 'teor/bug27521' 2018-09-07 10:29:45 -04:00
Nick Mathewson
fa38bbb700 Bump to 0.3.4.8 2018-09-07 09:49:29 -04:00
Nick Mathewson
732ea9120c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 09:15:56 -04:00
Nick Mathewson
8849b2ca3c Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 09:15:56 -04:00
Nick Mathewson
ee6d8bcf71 Merge branch 'maint-0.3.4' 2018-09-07 09:15:56 -04:00
Nick Mathewson
0366ae224c Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-07 09:15:52 -04:00
Nick Mathewson
2ec88a2a6d Tell openssl to build its TLS contexts with security level 1
Fixes bug 27344, where we'd break compatibility with old tors by
rejecting RSA1024 and DH1024.
2018-09-07 09:15:06 -04:00
Nick Mathewson
579770b706 Merge branch 'maint-0.3.4' 2018-09-07 08:46:46 -04:00
Nick Mathewson
056003d602 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 08:46:45 -04:00
Nick Mathewson
a78504dbe6 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 08:46:45 -04:00
Nick Mathewson
eacaff6ccc Merge remote-tracking branch 'teor/bug27461-032' into maint-0.3.2 2018-09-07 08:46:41 -04:00
Nick Mathewson
9fcb3ef787 Merge remote-tracking branch 'teor/bug27461-029' into maint-0.2.9 2018-09-07 08:46:35 -04:00
Nick Mathewson
7e91eb83d8 Merge branch 'maint-0.3.4' 2018-09-07 08:45:10 -04:00
Nick Mathewson
df18cf0e8f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 08:44:40 -04:00
Nick Mathewson
a4930de5e9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 08:44:40 -04:00
Nick Mathewson
a5ed62f96c Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-07 08:44:39 -04:00
Nick Mathewson
912ae2b8dc Merge remote-tracking branch 'teor/bug27463-029' into maint-0.2.9 2018-09-07 08:44:36 -04:00
Nick Mathewson
08d5fd39d8 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 08:42:19 -04:00
Nick Mathewson
b6de39e5f4 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 08:42:19 -04:00
Nick Mathewson
a08e6e711f Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-07 08:42:19 -04:00
teor
d2105ff5d5
Merge branch 'bug27461-029' into bug27461-032
Fix a minor merge conflict due to an #endif comment.
2018-09-07 13:00:34 +10:00
teor
8ef4bb7f3e
Windows: Stop calling SetProcessDEPPolicy() on 64-bit Windows
It is not supported, and always fails. Some compilers warn about the
function pointer cast on 64-bit Windows.

Fixes bug 27461; bugfix on 0.2.2.23-alpha.
2018-09-07 12:58:11 +10:00
teor
9d5c6317b5
hs: Silence a spurious warning in rend_client_send_introduction()
gcc 8 warns that extend_info_t.nickname might be truncated by strncpy().

But it doesn't know that nickname can either contain a hex id, or a
nicknames. hex ids are only used for general and HSDir circuits.

Fixes bug 27463; bugfix on 0.1.1.2-alpha.
2018-09-07 12:40:11 +10:00
teor
3b6d1676ec
Comment: Fix typos in get_interface_addresses_win32()
Closes 27521.
2018-09-07 11:32:57 +10:00
teor
1570f17f97
Windows: Silence a spurious warning in the GetAdaptersAddresses cast
GetProcAddress() returns FARPROC, which is (long long int(*)()) on
64-bit Windows:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms683212(v=vs.85).aspx

But GetAdaptersAddresses() is (long unsigned int(*)()), on both 32-bit
and 64-bit Windows:
https://docs.microsoft.com/en-us/windows/desktop/api/iphlpapi/nf-iphlpapi-getadaptersaddresses

So gcc 8 issues a spurious "incompatible function pointer" warning
about the cast to GetAdaptersAddresses_fn_t.

Silence this warning by casting to a void function pointer, before
the cast to GetAdaptersAddresses_fn_t.

This issue is already fixed by 26481 in 0.3.5 and later, by removing
the lookup and cast.

Fixes bug 27465; bugfix on 0.2.3.11-alpha.
2018-09-07 11:03:10 +10:00
Nick Mathewson
22e2403145 Revert "Avoid double-close on TCP sockets under NSS."
This reverts commit b5fddbd241.

The commit here was supposed to be a solution for #27451 (fd
management with NSS), but instead it caused an assertion failure.

Fixes bug 27500; but not in any released Tor.
2018-09-06 11:06:30 -04:00
Nick Mathewson
8815960c46 Merge remote-tracking branch 'tor-github/pr/294' 2018-09-06 09:47:32 -04:00
Nick Mathewson
e95b13f8ce Merge remote-tracking branch 'ageis/control-getinfo-uptime' 2018-09-06 09:30:55 -04:00
Nick Mathewson
bcfab63ca5 Merge remote-tracking branch 'teor/ticket27467' 2018-09-06 09:24:47 -04:00
teor
d0965561a5
Remove GetAdaptersAddresses_fn_t
The code that used it was removed as part of the 26481 refactor.

Closes ticket 27467.
2018-09-06 12:54:03 +10:00
Nick Mathewson
b8a2bdbdc8 Backport to older NSS, which does not have SEC_DerSignDataWithAlgorithmID 2018-09-05 16:49:15 -04:00
Nick Mathewson
5656144290 Fix checkspaces 2018-09-05 16:48:53 -04:00
Nick Mathewson
710aa122e4 Suppress strict-prototypes warnings in one more batch of NSS headers 2018-09-05 16:36:18 -04:00
Nick Mathewson
8cd091a8d3 Add a last-ditch memwipe() implementation for nss+old glibc
On new glibc versions, there's an explicit_bzero().  With openssl,
there's openssl_memwipe().

When no other approach works, use memwipe() and a memory barrier.
2018-09-05 16:34:01 -04:00
Nick Mathewson
824160fd82 Fix a type, and hopefully the win64 builds. 2018-09-05 09:36:15 -04:00
Nick Mathewson
dc7c979453 Add note about use of tor_memcmp() 2018-09-05 09:11:53 -04:00
Nick Mathewson
79a7fbb79b Fix a reverse-inull warning from coverity in new code. 2018-09-05 08:34:14 -04:00
Nick Mathewson
3b61bdb5ae Try to fix new coverity warnings in unit tests. 2018-09-05 08:30:35 -04:00
Nick Mathewson
03efb67b42 Debug one last reference-counting issue that only appeared on openssl master 2018-09-04 20:46:46 -04:00
Nick Mathewson
eeba944ee0 Fix an easy refcounting bug in a unit test 2018-09-04 20:25:25 -04:00
Nick Mathewson
0db5c54957 Merge branch 'nss_squashed' into nss_merge 2018-09-04 20:21:07 -04:00
Nick Mathewson
d644c93ae9 Resolve openssl-only memory leaks 2018-09-04 19:45:28 -04:00
Nick Mathewson
c50537fd94 Fix a pair of remaining leaks in tortls_nss.c
Fun fact: PR_Close leaks memory if its socket is not valid.
2018-09-04 19:45:21 -04:00
Nick Mathewson
274efb1263 Use FREE_AND_NULL for impl types 2018-09-04 14:52:35 -04:00
Nick Mathewson
ad94d43fc5 Port test_tortls_verify to not depend on openssl internals 2018-09-04 14:52:35 -04:00
Nick Mathewson
59c1b34b72 Remove tor_tls_check_lifetime as unused.
Everything that might have used it, uses tor_tls_cert_is_valid() instead.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3cdf0497f9 Add unit test for bridge-style TLS initialization. 2018-09-04 14:52:35 -04:00
Nick Mathewson
7acb8c8d18 Document winsock includes better 2018-09-04 14:52:35 -04:00
Nick Mathewson
70c27b7e39 Fix documentation of initialized fields in crypto_init.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
edbb5ef5b2 Make some additional RSA functions const 2018-09-04 14:52:35 -04:00
Nick Mathewson
600e046ed3 Rename crypto_pk_check_key(), use it more reasonably, add tests
This function was a wrapper around RSA_check_key() in openssl, which
checks for invalid RSA private keys (like those where p or q are
composite, or where d is not the inverse of e, or where n != p*q).
We don't need a function like this in NSS, since unlike OpenSSL, NSS
won't let you import a bogus private key.

I've renamed the function and changed its return type to make it
more reasonable, and added a unit test for trying to read a key
where n != p*q.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3b5d6ef15b Unify functions for reading/writing PEM keys, to avoid duplication. 2018-09-04 14:52:35 -04:00
Nick Mathewson
b892133fb9 Do not leave a certificate allocated after testing dirvote_add() 2018-09-04 14:52:35 -04:00
Nick Mathewson
f46a7eafb8 Do not leak a reference to "slot" when decoding private key. 2018-09-04 14:52:35 -04:00
Nick Mathewson
36f3bdac03 Update prefork and postfork NSS code for unit tests. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52ac539b99 Test a few more tortls.c functions 2018-09-04 14:52:35 -04:00
Nick Mathewson
7163389b55 Several unit tests to improve test coverage of x509*.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
02086a216f Remove tor_x509_get_cert_impl as unneeded. 2018-09-04 14:52:35 -04:00
Nick Mathewson
b5fddbd241 Avoid double-close on TCP sockets under NSS. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52d5f4da12 Avoid spurious error logs when using NSS
The tls_log_errors() function now behaves differently for NSS than
it did for OpenSSL, so we need to tweak it a bit.
2018-09-04 14:52:35 -04:00
Nick Mathewson
dd04fc35c6 Remove tor_tls_shutdown()
This function was supposed to implement a half-duplex mode for our
TLS connections.  However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me.  It's probably best to remove it.  We can add a tested one
later if we need one in the future.
2018-09-04 14:52:35 -04:00
Nick Mathewson
5205c7fd90 Initial NSS support for TLS.
This is enough to get a chutney network to bootstrap, though a bunch
of work remains.
2018-09-04 14:52:35 -04:00
Nick Mathewson
fd994f55c4 Merge remote-tracking branch 'rl1987/doc26908' 2018-09-04 11:08:49 -04:00
Nick Mathewson
1e71e2c104 c99 style in loop 2018-09-04 11:04:55 -04:00
Nick Mathewson
3507fead10 Merge branch 'tor_api_owning_control' 2018-09-04 11:04:21 -04:00
Nick Mathewson
94b04d6c64 Merge branch 'bug24104_029_squashed' 2018-09-04 10:44:36 -04:00
cypherpunks
f8c0f694b7 app/config: reject non-UTF-8 ContactInfo
Closes ticket #27428.
2018-09-03 14:31:03 +00:00
cypherpunks
d32b08af6f string: add string_is_utf8() helper
Ticket #27373.
2018-09-03 13:54:43 +00:00
rl1987
ce4f73f8a3 Update sample torrc files to warn about not using BridgeRelay and MyFamily together 2018-09-02 21:11:52 +03:00
juga0
81f4223329 Test for descriptor does not change when hibernating 2018-09-01 18:47:20 -04:00
juga0
d4e51a2eeb Add missing router_tests to test.h 2018-09-01 18:47:20 -04:00
juga0
e033d98f79 Check descriptor bandwidth changed if not hibernating
There should be a separate check to update descriptor when start
or end hibernating.
2018-09-01 18:47:20 -04:00
juga0
1066fdd8d1 Add test for check_descriptor_bandwidth_changed 2018-09-01 18:47:20 -04:00
juga0
e13ddee166 Allow mocking rep_hist_bandwidth_assess 2018-09-01 18:47:20 -04:00
juga0
842b18ab26 Add test log helpers for msgs not containing str 2018-09-01 18:47:20 -04:00
juga0
6210d568ec Make bandwidth change factor a constant
used to determine large changes in bandwidth.
2018-09-01 18:47:20 -04:00
rl1987
01eb164574 Reject addresses with needless trailing colon 2018-08-31 19:34:14 +03:00
David Fifield
feae813e1b Add tests for tor_addr_parse, separate from tor_addr_port_parse. 2018-08-31 18:57:42 +03:00
rl1987
23ed863da4 Improve bracket handling in tor_addr_parse()
* Actually check for second bracket
* Only attempt parsing IPv4 address when no brackets found
2018-08-31 18:55:36 +03:00
Neel Chauhan
1c62adb65b Change mention of is_extrainfo router_parse_list_from_string() to want_extrainfo 2018-08-29 21:05:24 -04:00
Nick Mathewson
94605f08fb Merge branch 'ticket27246_035_01_squashed' 2018-08-29 15:05:05 -04:00
Nick Mathewson
6c0c08bbb5 Expand the comments on ASN.1-encoded TAP keys 2018-08-29 15:04:54 -04:00
David Goulet
2f6bc74914 router: Keep RSA onion public key in ASN.1 format
The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding
which is 140 for a 1024 RSA key.

We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor
(microdesc_t). Scaling this to 6000 relays, and considering client usually
only have microdescriptors, we save 1.608 MB of RAM which is considerable for
mobile client.

This commit makes it that we keep the RSA onion public key (used for TAP
handshake) in ASN.1 format instead of an OpenSSL RSA object.

Changes is done in both routerinfo_t and microdesc_t.

Closes #27246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-29 15:01:38 -04:00
Mike Perry
7685c39f9d Add half_edge_t to noinst_HEADERS. 2018-08-29 18:46:01 +00:00
Mike Perry
93ff8b411a Merge branch 'ticket25573-034' into ticket25573-master 2018-08-29 17:10:06 +00:00
Mike Perry
ce894e20b5 Ticket #25573: Count TRUNCATED cells.
TRUNCATED cells were ignored while in path bias. Now they are obeyed, and
cause us to tear down the circuit. The actual impact is minimal, since we
would just wait around for a probe that would never arrive before.

This commit changes client behavior.
2018-08-29 04:12:15 +00:00
Mike Perry
144647031a Ticket #25573: Check half-opened stream ids when choosing a new one
Avoid data corrupton by avoiding mixing up old stream ids with new ones.

This commit changes client behavior.
2018-08-29 04:12:15 +00:00
Mike Perry
c56f63eadb Ticket #25573: Track half-closed stream ids
We allow their CONNECTEDs, RESOLVEDs, ENDs, SENDMEs, and DATA cells to not
count as dropped until the windows are empty, or we get an END.

This commit does not change behavior. It only changes CIRC_BW event field
values.
2018-08-29 04:12:09 +00:00
Nick Mathewson
3d7a705d3a Merge remote-tracking branch 'onionk/prototest1' 2018-08-28 21:32:46 -04:00
Mike Perry
dac7d92918 Mark smartlist_bsearch as taking a const list.
It does not modify the actual list.
2018-08-29 00:03:41 +00:00
Roger Dingledine
6da8c6e9a5 make a comment more right
(from #20874 fix)
2018-08-28 16:13:58 -04:00
Nick Mathewson
b26db5dddb Merge remote-tracking branch 'onionk/connection-comments1' 2018-08-28 16:07:46 -04:00
Nick Mathewson
48632455a5 Merge branch 'bug26367_035_01' 2018-08-28 16:02:04 -04:00
David Goulet
8f13c3d3ed hs: Remove rend_client_non_anonymous_mode_enabled
The removal of Tor2Web made this function useless.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
f661d856fd hs: Remove rend_client_allow_non_anonymous_connection
By removing Tor2Web, there is no way a client can be non anonymous so we
remove that function and the callsites.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
67cd67611c circ: Remove useless param from cannibalization function
Because we just removed Tor2web support, the need_specific_rp is not needed
anymore when cannibalizing a circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
4976eca826 hs: Render obsolete Tor2web
Remove support for Tor2web in the code and build system. At this commit, tor
doesn't have Tor2web support anymore.

Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html

Close #26367

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
Nick Mathewson
219f6ea516 Fix log.c comments about assert vs tor_assert vs raw_assert. 2018-08-28 15:58:16 -04:00
Nick Mathewson
2bc4c55d7d Merge remote-tracking branch 'tor-github/pr/245' 2018-08-28 15:44:06 -04:00
Nick Mathewson
3b960df4f9 Merge branch 'bug26896_034' 2018-08-28 12:35:50 -04:00
rl1987
3890ad2578 Stricter HiddenServicePort parsing 2018-08-28 18:32:31 +03:00