Commit Graph

25317 Commits

Author SHA1 Message Date
Nick Mathewson
8294c40c96 Merge remote-tracking branch 'tor-github/pr/318' 2018-09-12 08:12:19 -04:00
cypherpunks
03c4d0ab9c rust/protover: fix check for overlapping ranges
Closes ticket 27649. Bugfix on e6625113c9.
2018-09-12 02:47:59 +00:00
cypherpunks
b88a2f28ae rust/protover: remove version zero from tests
This isn't legal according to dir-spec.txt.

We can write separate tests for it if the spec
is changed to make it legal.
2018-09-12 02:47:59 +00:00
cypherpunks
e9ef7d5ab4 test/protover: remove version zero from tests
This isn't legal according to dir-spec.txt.

We can write separate tests for it if the spec
is changed to make it legal.
2018-09-12 02:47:29 +00:00
Nick Mathewson
5a2374b074 Merge remote-tracking branch 'tor-github/pr/315' 2018-09-11 15:55:30 -04:00
Nick Mathewson
affbe376f9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-11 15:53:06 -04:00
Mike Perry
ae1aea4cc4 Bug 25505: Check circuitmux queues before padding. 2018-09-11 15:53:03 -04:00
Nick Mathewson
2d0a6d7691 Merge remote-tracking branch 'mikeperry/bug25505' 2018-09-11 14:32:39 -04:00
Nick Mathewson
7852499812 Merge remote-tracking branch 'tor-github/pr/312' 2018-09-11 14:05:16 -04:00
Nick Mathewson
75ad1a1f2f Merge remote-tracking branch 'onionk/doublevote1' 2018-09-11 13:16:49 -04:00
Nick Mathewson
328bcbf305 Merge remote-tracking branch 'tor-github/pr/313' 2018-09-11 12:23:21 -04:00
Nick Mathewson
a7d0cbd462 Merge remote-tracking branch 'tor-github/pr/314' 2018-09-11 12:19:13 -04:00
Nick Mathewson
8a873a5695 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-11 12:04:56 -04:00
Nick Mathewson
8afc100cb5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-11 12:04:56 -04:00
Nick Mathewson
f741505642 Merge branch 'maint-0.3.4' 2018-09-11 12:04:56 -04:00
Nick Mathewson
3119cb5062 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-11 12:04:55 -04:00
Nick Mathewson
04bb70199b Followup: Make authority_cert_parse_from_string() take length too 2018-09-11 11:43:26 -04:00
Nick Mathewson
7e3005af30 Replace "read consensus from disk" with "map consensus from disk".
Implements 27244, and should save a bunch of RAM on clients.
2018-09-11 11:43:26 -04:00
Nick Mathewson
abaca3fc8c Revise networkstatus parsing code to use lengths
This way the networkstatus can be parsed without being
NUL-terminated, so we can implement 27244 and mmap our consensus objects.
2018-09-11 11:43:26 -04:00
Suphanat Chunhapanya
57c82b74b4 hs-v3: Shuffle the list of authorized clients
This commit makes it that the authorized clients in the descriptor are in
random order instead of ordered by how they were read on disk.

Fixes #27545

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-11 11:23:49 -04:00
Nick Mathewson
e014b72b73 Stop memcpy'ing uncompressed consensuses when making diffs 2018-09-11 11:16:50 -04:00
Nick Mathewson
5595b21227 Consdiff: use lengths on inputs so they don't need NUL at the end
This is part of #27244, so that we can safely mmap consensus
documents.
2018-09-11 11:16:50 -04:00
Nick Mathewson
e5601f14ed Initialize 't' in ge25519_scalarmult_base_niels()
OSS-Fuzz's version of memorysanitizer can't tell that this value is
not going to be used unsafely.
2018-09-11 10:35:18 -04:00
Karsten Loesing
19429fac23 Update geoip and geoip6 to the September 6 2018 database. 2018-09-11 09:26:59 +02:00
Taylor Yu
617160895c Defer reporting directory bootstrap progress
Existing cached directory information can cause misleadingly high
bootstrap percentages.  To improve user experience, defer reporting of
directory information progress until at least one connection has
succeeded to a relay or bridge.

Closes ticket 27169.
2018-09-10 15:20:50 -05:00
David Goulet
672620901b hs-v3: Silence some logging for client authorization
If a tor client gets a descriptor that it can't decrypt, chances are that the
onion requires client authorization.

If a tor client is configured with client authorization for an onion but
decryption fails, it means that the configured keys aren't working anymore.

In both cases, we'll log notice the former and log warn the latter and the
rest of the decryption errors are now at info level.

Two logs statement have been removed because it was redundant and printing the
fetched descriptor in the logs when 80% of it is encrypted wat not helping.

Fixes #27550

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 15:04:22 -04:00
rl1987
1ec54b3556 Bugfix: sizeof(socklen) doesn't make sense when calling connect()
Bugfix on 2f657a1416f2f81dd1be900269c4ae9bdb29f52d; bug not in
any Tor release.
2018-09-10 21:50:30 +03:00
Taylor Yu
687bf3ea64 Track bootstrap phase independently of progress
Track bootstrap phase (enumerated by bootstrap_status_t) independently
from the bootstrap progress (which can represent intermediate
progress).  This allows control_event_bootstrap_problem() to avoid
doing a linear search through the bootstrap progress space to find the
current bootstrap phase.
2018-09-10 13:18:32 -05:00
Taylor Yu
5733d3f71f Refactor control_event_bootstrap_core() more
Eliminate a few conditional expressions in
control_event_bootstrap_core() by overwriting the status parameter.
2018-09-10 13:18:32 -05:00
Taylor Yu
15c24d669f Refactor control_event_bootstrap() somewhat
Move the mostly-invariant part of control_event_boostrap() into a
helper control_event_bootstrap_core().  The helper doesn't modify any
state beyond doing logging and control port notifications.
2018-09-10 13:18:32 -05:00
Taylor Yu
e2988e044d Deindent much of control_event_bootstrap 2018-09-10 13:18:32 -05:00
Taylor Yu
eee62e13d9 Make control_event_bootstrap() return void
Simplify control_event_bootstrap() by making it return void again.  It
is currently a fairly complicated function, and it's made more
complicated by returning an int to signal whether it logged at NOTICE
or INFO.

The callers conditionally log messages at level NOTICE based on this
return value.  Change the callers to unconditionally log their verbose
human-readable messages at level INFO to keep NOTICE logs less
cluttered.

This partially reverts the changes of #14950.
2018-09-10 13:18:32 -05:00
David Goulet
7ff67d0e90 test: Fix coverity CID 1439129
One HSv3 unit test used "tor_memeq()" without checking the return value. This
commit changes that to use "tt_mem_op()" to actually make the test validate
something :).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:28:35 -04:00
David Goulet
064d3e7497 test: Fix coverity CID 1439130
Trivial fix of removing an uneeded NULL check in an HS v3 unit test.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:22:31 -04:00
David Goulet
58d74ad943 test: Fix coverity CID 1439131
Simple uninitialized object that we could free in an HS v3 unit test.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-10 10:20:58 -04:00
George Kadianakis
34a2cbb249 Address coverity warnings (CID 1439133/1439132).
>>>>    CID 1439133:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.

>>>>    CID 1439132:  Null pointer dereferences  (REVERSE_INULL)
>>>>    Null-checking "fields" suggests that it may be null, but it
>>>> has already been dereferenced on all paths leading to the check.
2018-09-10 16:54:19 +03:00
Nick Mathewson
96601a6805 Bump to 0.3.4.8-dev 2018-09-10 09:42:40 -04:00
Nick Mathewson
05f5f65006 Bump to 0.3.3.10-dev. 2018-09-10 09:42:12 -04:00
Nick Mathewson
ec4a7641f1 Bump to 0.3.2.12-dev 2018-09-10 09:41:34 -04:00
Nick Mathewson
b203dedaf5 Bump to 0.2.9.17-dev 2018-09-10 09:41:22 -04:00
rl1987
1e296bc6de Call event_set_mem_functions during initialization 2018-09-09 18:58:03 +03:00
Nick Mathewson
a52d5d5309 Refactor initialization in curve25519_basepoint_spot_check
This is an attempt to work around what I think may be a bug in
OSS-Fuzz, which thinks that uninitialized data might be passed to
the curve25519 functions.
2018-09-09 10:21:13 -04:00
Roger Dingledine
776c1a5d1a make ipv6-only config complaint clearer
(a relay operator hit this on #tor-relays and couldn't make sense
of it. i couldn't either until i went to go read the code.)
2018-09-08 17:08:22 -04:00
Nick Mathewson
33a0c619a8 Do not store cached_dir_t for consensus in RAM if not a dircache.
There are three reasons we use a cached_dir_t to hold a consensus:
  1. to serve that consensus to a client
  2. to apply a consensus diff to an existing consensus
  3. to send the consensus to a controller.

But case 1 is dircache-only.  Case 2 and case 3 both fall back to
networkstatus_read_cached_consensus().  So there's no reason for us
to store this as a client.  Avoiding this saves about 23% of our RAM
usage, according to our experiments last month.

This is, semantically, a partial revert of e5c608e535.

Fixes bug 27247; bugfix on 0.3.0.1-alpha.
2018-09-07 19:48:56 -04:00
Nick Mathewson
95060eacae Use networkstatus_read_cached_consensus() for GETINFO
We already had fallback code for "dir/status-vote/current/consensus"
to read from disk if we didn't have a cached_dir_t available.  But
there's a function in networkstatus_t that does it for us, so let's
do that.
2018-09-07 19:48:56 -04:00
Nick Mathewson
43e400f340 Bump to 0.3.3.10 2018-09-07 15:11:18 -04:00
Nick Mathewson
cdaf9aec8e Bump to 0.3.2.12 2018-09-07 15:11:07 -04:00
Nick Mathewson
da29074fc4 Bump to 0.2.9.17 2018-09-07 15:10:49 -04:00
Nick Mathewson
9ca1af9a87 Merge remote-tracking branch 'dgoulet/ticket20700_035_03' 2018-09-07 15:03:32 -04:00
George Kadianakis
3695ef6343 HSv3: Don't assert when reading bad client-side privkeys. 2018-09-07 14:05:07 -04:00
George Kadianakis
6583d1e709 HSv3: Add subcredential in client auth KDF on the client-side. 2018-09-07 14:05:07 -04:00
George Kadianakis
1e9428dc61 HSv3: Add subcredential in client auth KDF on the service-side.
Also update some client auth test vectors that broke...
2018-09-07 14:05:07 -04:00
David Goulet
c76d00abfa hs-v3: Make hs_desc_build_fake_authorized_client() return an object
Return a newly allocated fake client authorization object instead of taking
the object as a parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5e1d36c7db bug: Use PATH_SEPARATOR instead of slash
In function get_fname_suffix, previously it uses /, but in fact it
should use PATH_SEPARATOR.
2018-09-07 14:03:55 -04:00
David Goulet
8e57986e7d hs-v3: Improve v3 client authorization logging
Part of #20700.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5b2871d2f2 hs-v3: Log client auth load activities client side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
7ace28c952 hs-v3: Log client auth load activities service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
83c8419e73 hs-v3: Rename client_pk to client_auth_pk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:08 -04:00
Suphanat Chunhapanya
9f975e9995 hs-v3: Rename client_sk to client_auth_sk
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:03:07 -04:00
Suphanat Chunhapanya
b61403c787 test: HS v3 client auth is config equal function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
8f64931d67 hs-v3: Republish descriptors if client auth changes
When reloading tor, check if our the configured client authorization have
changed from what we previously had. If so, republish the updated descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
3b08b23997 hs-v3: Make all descriptor content free functions public
Series of functions that we now need in hs_service.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
53dd1699ba hs-v3: Re-enable the decoding in the encoding function
Previously, the validation by decoding a created descriptor was disabled
because the interface had to be entirely changed and not implemented at the
time.

This commit re-enabled it because it is now implemented.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
69fb25b0f6 test: HS v3 descriptor decoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
7acb720027 hs-v3: Decrypt the descriptor with client private key
Parse the client authorization section from the descriptor, use the client
private key to decrypt the auth clients, and then use the descriptor cookie to
decrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 14:02:39 -04:00
Suphanat Chunhapanya
63576b0166 hs-v3: Refactor the descriptor decryption/decoding
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
462d4097ce hs-v3: Refactor secret data building logic
Because this secret data building logic is not only used by the descriptor
encoding process but also by the descriptor decoding, refactor the function to
take both steps into account.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
9c36219236 test: HS v3 client authorization loading secret key
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
8e81fcd51a hs-v3: Load client authorization secret key from file
The new ClientOnionAuthDir option is introduced which is where tor looks to
find the HS v3 client authorization files containing the client private key
material.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fd6bec923c test: HS v3 descriptor encoding with client authorization
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fa50aee366 hs-v3: Encrypt the descriptor using a cookie
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
10f4c46e50 test: Build an HSv3 descriptor with authorized client
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
0dab4ac2dd test: HS v3 building a descriptor with client auth
This commit tests that the descriptor building result, when the client
authorization is enabled, includes everything that is needed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
08bbcffc0e hs-v3: Generate all descriptor related keys
We need to generate all the related keys when building the descriptor, so that
we can encrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
15af47ede0 test: HS v3 loading client auth keys service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
b894b40e64 hs-v3: Load all client auth keys to the service
This commit loads all client public keys from every file in
`authorized_clients/` directory.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-09-07 13:59:07 -04:00
Nick Mathewson
13d0855a89 Merge remote-tracking branch 'teor/bug27521' 2018-09-07 10:29:45 -04:00
Nick Mathewson
fa38bbb700 Bump to 0.3.4.8 2018-09-07 09:49:29 -04:00
Nick Mathewson
732ea9120c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 09:15:56 -04:00
Nick Mathewson
8849b2ca3c Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 09:15:56 -04:00
Nick Mathewson
ee6d8bcf71 Merge branch 'maint-0.3.4' 2018-09-07 09:15:56 -04:00
Nick Mathewson
0366ae224c Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-07 09:15:52 -04:00
Nick Mathewson
2ec88a2a6d Tell openssl to build its TLS contexts with security level 1
Fixes bug 27344, where we'd break compatibility with old tors by
rejecting RSA1024 and DH1024.
2018-09-07 09:15:06 -04:00
Nick Mathewson
579770b706 Merge branch 'maint-0.3.4' 2018-09-07 08:46:46 -04:00
Nick Mathewson
056003d602 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 08:46:45 -04:00
Nick Mathewson
a78504dbe6 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 08:46:45 -04:00
Nick Mathewson
eacaff6ccc Merge remote-tracking branch 'teor/bug27461-032' into maint-0.3.2 2018-09-07 08:46:41 -04:00
Nick Mathewson
9fcb3ef787 Merge remote-tracking branch 'teor/bug27461-029' into maint-0.2.9 2018-09-07 08:46:35 -04:00
Nick Mathewson
7e91eb83d8 Merge branch 'maint-0.3.4' 2018-09-07 08:45:10 -04:00
Nick Mathewson
df18cf0e8f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 08:44:40 -04:00
Nick Mathewson
a4930de5e9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 08:44:40 -04:00
Nick Mathewson
a5ed62f96c Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-07 08:44:39 -04:00
Nick Mathewson
912ae2b8dc Merge remote-tracking branch 'teor/bug27463-029' into maint-0.2.9 2018-09-07 08:44:36 -04:00
Nick Mathewson
08d5fd39d8 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 08:42:19 -04:00
Nick Mathewson
b6de39e5f4 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 08:42:19 -04:00
Nick Mathewson
a08e6e711f Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-07 08:42:19 -04:00
teor
d2105ff5d5
Merge branch 'bug27461-029' into bug27461-032
Fix a minor merge conflict due to an #endif comment.
2018-09-07 13:00:34 +10:00
teor
8ef4bb7f3e
Windows: Stop calling SetProcessDEPPolicy() on 64-bit Windows
It is not supported, and always fails. Some compilers warn about the
function pointer cast on 64-bit Windows.

Fixes bug 27461; bugfix on 0.2.2.23-alpha.
2018-09-07 12:58:11 +10:00
teor
9d5c6317b5
hs: Silence a spurious warning in rend_client_send_introduction()
gcc 8 warns that extend_info_t.nickname might be truncated by strncpy().

But it doesn't know that nickname can either contain a hex id, or a
nicknames. hex ids are only used for general and HSDir circuits.

Fixes bug 27463; bugfix on 0.1.1.2-alpha.
2018-09-07 12:40:11 +10:00
teor
3b6d1676ec
Comment: Fix typos in get_interface_addresses_win32()
Closes 27521.
2018-09-07 11:32:57 +10:00
teor
1570f17f97
Windows: Silence a spurious warning in the GetAdaptersAddresses cast
GetProcAddress() returns FARPROC, which is (long long int(*)()) on
64-bit Windows:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms683212(v=vs.85).aspx

But GetAdaptersAddresses() is (long unsigned int(*)()), on both 32-bit
and 64-bit Windows:
https://docs.microsoft.com/en-us/windows/desktop/api/iphlpapi/nf-iphlpapi-getadaptersaddresses

So gcc 8 issues a spurious "incompatible function pointer" warning
about the cast to GetAdaptersAddresses_fn_t.

Silence this warning by casting to a void function pointer, before
the cast to GetAdaptersAddresses_fn_t.

This issue is already fixed by 26481 in 0.3.5 and later, by removing
the lookup and cast.

Fixes bug 27465; bugfix on 0.2.3.11-alpha.
2018-09-07 11:03:10 +10:00
Nick Mathewson
22e2403145 Revert "Avoid double-close on TCP sockets under NSS."
This reverts commit b5fddbd241.

The commit here was supposed to be a solution for #27451 (fd
management with NSS), but instead it caused an assertion failure.

Fixes bug 27500; but not in any released Tor.
2018-09-06 11:06:30 -04:00
Nick Mathewson
8815960c46 Merge remote-tracking branch 'tor-github/pr/294' 2018-09-06 09:47:32 -04:00
Nick Mathewson
e95b13f8ce Merge remote-tracking branch 'ageis/control-getinfo-uptime' 2018-09-06 09:30:55 -04:00
Nick Mathewson
bcfab63ca5 Merge remote-tracking branch 'teor/ticket27467' 2018-09-06 09:24:47 -04:00
teor
d0965561a5
Remove GetAdaptersAddresses_fn_t
The code that used it was removed as part of the 26481 refactor.

Closes ticket 27467.
2018-09-06 12:54:03 +10:00
Nick Mathewson
b8a2bdbdc8 Backport to older NSS, which does not have SEC_DerSignDataWithAlgorithmID 2018-09-05 16:49:15 -04:00
Nick Mathewson
5656144290 Fix checkspaces 2018-09-05 16:48:53 -04:00
Nick Mathewson
710aa122e4 Suppress strict-prototypes warnings in one more batch of NSS headers 2018-09-05 16:36:18 -04:00
Nick Mathewson
8cd091a8d3 Add a last-ditch memwipe() implementation for nss+old glibc
On new glibc versions, there's an explicit_bzero().  With openssl,
there's openssl_memwipe().

When no other approach works, use memwipe() and a memory barrier.
2018-09-05 16:34:01 -04:00
Nick Mathewson
824160fd82 Fix a type, and hopefully the win64 builds. 2018-09-05 09:36:15 -04:00
Nick Mathewson
dc7c979453 Add note about use of tor_memcmp() 2018-09-05 09:11:53 -04:00
Nick Mathewson
79a7fbb79b Fix a reverse-inull warning from coverity in new code. 2018-09-05 08:34:14 -04:00
Nick Mathewson
3b61bdb5ae Try to fix new coverity warnings in unit tests. 2018-09-05 08:30:35 -04:00
Nick Mathewson
03efb67b42 Debug one last reference-counting issue that only appeared on openssl master 2018-09-04 20:46:46 -04:00
Nick Mathewson
eeba944ee0 Fix an easy refcounting bug in a unit test 2018-09-04 20:25:25 -04:00
Nick Mathewson
0db5c54957 Merge branch 'nss_squashed' into nss_merge 2018-09-04 20:21:07 -04:00
Nick Mathewson
d644c93ae9 Resolve openssl-only memory leaks 2018-09-04 19:45:28 -04:00
Nick Mathewson
c50537fd94 Fix a pair of remaining leaks in tortls_nss.c
Fun fact: PR_Close leaks memory if its socket is not valid.
2018-09-04 19:45:21 -04:00
Nick Mathewson
274efb1263 Use FREE_AND_NULL for impl types 2018-09-04 14:52:35 -04:00
Nick Mathewson
ad94d43fc5 Port test_tortls_verify to not depend on openssl internals 2018-09-04 14:52:35 -04:00
Nick Mathewson
59c1b34b72 Remove tor_tls_check_lifetime as unused.
Everything that might have used it, uses tor_tls_cert_is_valid() instead.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3cdf0497f9 Add unit test for bridge-style TLS initialization. 2018-09-04 14:52:35 -04:00
Nick Mathewson
7acb8c8d18 Document winsock includes better 2018-09-04 14:52:35 -04:00
Nick Mathewson
70c27b7e39 Fix documentation of initialized fields in crypto_init.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
edbb5ef5b2 Make some additional RSA functions const 2018-09-04 14:52:35 -04:00
Nick Mathewson
600e046ed3 Rename crypto_pk_check_key(), use it more reasonably, add tests
This function was a wrapper around RSA_check_key() in openssl, which
checks for invalid RSA private keys (like those where p or q are
composite, or where d is not the inverse of e, or where n != p*q).
We don't need a function like this in NSS, since unlike OpenSSL, NSS
won't let you import a bogus private key.

I've renamed the function and changed its return type to make it
more reasonable, and added a unit test for trying to read a key
where n != p*q.
2018-09-04 14:52:35 -04:00
Nick Mathewson
3b5d6ef15b Unify functions for reading/writing PEM keys, to avoid duplication. 2018-09-04 14:52:35 -04:00
Nick Mathewson
b892133fb9 Do not leave a certificate allocated after testing dirvote_add() 2018-09-04 14:52:35 -04:00
Nick Mathewson
f46a7eafb8 Do not leak a reference to "slot" when decoding private key. 2018-09-04 14:52:35 -04:00
Nick Mathewson
36f3bdac03 Update prefork and postfork NSS code for unit tests. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52ac539b99 Test a few more tortls.c functions 2018-09-04 14:52:35 -04:00
Nick Mathewson
7163389b55 Several unit tests to improve test coverage of x509*.c 2018-09-04 14:52:35 -04:00
Nick Mathewson
02086a216f Remove tor_x509_get_cert_impl as unneeded. 2018-09-04 14:52:35 -04:00
Nick Mathewson
b5fddbd241 Avoid double-close on TCP sockets under NSS. 2018-09-04 14:52:35 -04:00
Nick Mathewson
52d5f4da12 Avoid spurious error logs when using NSS
The tls_log_errors() function now behaves differently for NSS than
it did for OpenSSL, so we need to tweak it a bit.
2018-09-04 14:52:35 -04:00
Nick Mathewson
dd04fc35c6 Remove tor_tls_shutdown()
This function was supposed to implement a half-duplex mode for our
TLS connections.  However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me.  It's probably best to remove it.  We can add a tested one
later if we need one in the future.
2018-09-04 14:52:35 -04:00
Nick Mathewson
5205c7fd90 Initial NSS support for TLS.
This is enough to get a chutney network to bootstrap, though a bunch
of work remains.
2018-09-04 14:52:35 -04:00
Nick Mathewson
fd994f55c4 Merge remote-tracking branch 'rl1987/doc26908' 2018-09-04 11:08:49 -04:00
Nick Mathewson
1e71e2c104 c99 style in loop 2018-09-04 11:04:55 -04:00
Nick Mathewson
3507fead10 Merge branch 'tor_api_owning_control' 2018-09-04 11:04:21 -04:00
Nick Mathewson
94b04d6c64 Merge branch 'bug24104_029_squashed' 2018-09-04 10:44:36 -04:00
cypherpunks
f8c0f694b7 app/config: reject non-UTF-8 ContactInfo
Closes ticket #27428.
2018-09-03 14:31:03 +00:00
cypherpunks
d32b08af6f string: add string_is_utf8() helper
Ticket #27373.
2018-09-03 13:54:43 +00:00
rl1987
ce4f73f8a3 Update sample torrc files to warn about not using BridgeRelay and MyFamily together 2018-09-02 21:11:52 +03:00
juga0
81f4223329 Test for descriptor does not change when hibernating 2018-09-01 18:47:20 -04:00
juga0
d4e51a2eeb Add missing router_tests to test.h 2018-09-01 18:47:20 -04:00
juga0
e033d98f79 Check descriptor bandwidth changed if not hibernating
There should be a separate check to update descriptor when start
or end hibernating.
2018-09-01 18:47:20 -04:00
juga0
1066fdd8d1 Add test for check_descriptor_bandwidth_changed 2018-09-01 18:47:20 -04:00
juga0
e13ddee166 Allow mocking rep_hist_bandwidth_assess 2018-09-01 18:47:20 -04:00
juga0
842b18ab26 Add test log helpers for msgs not containing str 2018-09-01 18:47:20 -04:00
juga0
6210d568ec Make bandwidth change factor a constant
used to determine large changes in bandwidth.
2018-09-01 18:47:20 -04:00
rl1987
01eb164574 Reject addresses with needless trailing colon 2018-08-31 19:34:14 +03:00
David Fifield
feae813e1b Add tests for tor_addr_parse, separate from tor_addr_port_parse. 2018-08-31 18:57:42 +03:00
rl1987
23ed863da4 Improve bracket handling in tor_addr_parse()
* Actually check for second bracket
* Only attempt parsing IPv4 address when no brackets found
2018-08-31 18:55:36 +03:00
Neel Chauhan
1c62adb65b Change mention of is_extrainfo router_parse_list_from_string() to want_extrainfo 2018-08-29 21:05:24 -04:00
Nick Mathewson
94605f08fb Merge branch 'ticket27246_035_01_squashed' 2018-08-29 15:05:05 -04:00
Nick Mathewson
6c0c08bbb5 Expand the comments on ASN.1-encoded TAP keys 2018-08-29 15:04:54 -04:00
David Goulet
2f6bc74914 router: Keep RSA onion public key in ASN.1 format
The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding
which is 140 for a 1024 RSA key.

We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor
(microdesc_t). Scaling this to 6000 relays, and considering client usually
only have microdescriptors, we save 1.608 MB of RAM which is considerable for
mobile client.

This commit makes it that we keep the RSA onion public key (used for TAP
handshake) in ASN.1 format instead of an OpenSSL RSA object.

Changes is done in both routerinfo_t and microdesc_t.

Closes #27246

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-29 15:01:38 -04:00
Mike Perry
7685c39f9d Add half_edge_t to noinst_HEADERS. 2018-08-29 18:46:01 +00:00
Mike Perry
93ff8b411a Merge branch 'ticket25573-034' into ticket25573-master 2018-08-29 17:10:06 +00:00
Mike Perry
ce894e20b5 Ticket #25573: Count TRUNCATED cells.
TRUNCATED cells were ignored while in path bias. Now they are obeyed, and
cause us to tear down the circuit. The actual impact is minimal, since we
would just wait around for a probe that would never arrive before.

This commit changes client behavior.
2018-08-29 04:12:15 +00:00
Mike Perry
144647031a Ticket #25573: Check half-opened stream ids when choosing a new one
Avoid data corrupton by avoiding mixing up old stream ids with new ones.

This commit changes client behavior.
2018-08-29 04:12:15 +00:00
Mike Perry
c56f63eadb Ticket #25573: Track half-closed stream ids
We allow their CONNECTEDs, RESOLVEDs, ENDs, SENDMEs, and DATA cells to not
count as dropped until the windows are empty, or we get an END.

This commit does not change behavior. It only changes CIRC_BW event field
values.
2018-08-29 04:12:09 +00:00
Nick Mathewson
3d7a705d3a Merge remote-tracking branch 'onionk/prototest1' 2018-08-28 21:32:46 -04:00
Mike Perry
dac7d92918 Mark smartlist_bsearch as taking a const list.
It does not modify the actual list.
2018-08-29 00:03:41 +00:00
Roger Dingledine
6da8c6e9a5 make a comment more right
(from #20874 fix)
2018-08-28 16:13:58 -04:00
Nick Mathewson
b26db5dddb Merge remote-tracking branch 'onionk/connection-comments1' 2018-08-28 16:07:46 -04:00
Nick Mathewson
48632455a5 Merge branch 'bug26367_035_01' 2018-08-28 16:02:04 -04:00
David Goulet
8f13c3d3ed hs: Remove rend_client_non_anonymous_mode_enabled
The removal of Tor2Web made this function useless.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
f661d856fd hs: Remove rend_client_allow_non_anonymous_connection
By removing Tor2Web, there is no way a client can be non anonymous so we
remove that function and the callsites.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
67cd67611c circ: Remove useless param from cannibalization function
Because we just removed Tor2web support, the need_specific_rp is not needed
anymore when cannibalizing a circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
David Goulet
4976eca826 hs: Render obsolete Tor2web
Remove support for Tor2web in the code and build system. At this commit, tor
doesn't have Tor2web support anymore.

Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html

Close #26367

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-28 16:01:57 -04:00
Nick Mathewson
219f6ea516 Fix log.c comments about assert vs tor_assert vs raw_assert. 2018-08-28 15:58:16 -04:00
Nick Mathewson
2bc4c55d7d Merge remote-tracking branch 'tor-github/pr/245' 2018-08-28 15:44:06 -04:00
Nick Mathewson
3b960df4f9 Merge branch 'bug26896_034' 2018-08-28 12:35:50 -04:00
rl1987
3890ad2578 Stricter HiddenServicePort parsing 2018-08-28 18:32:31 +03:00
David Goulet
d9bfc9e2e3 fixup! hs: Learn service version by trying to load the keys 2018-08-28 08:36:28 -04:00
Nick Mathewson
64c3c6a790 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-27 09:39:08 -04:00
Nick Mathewson
0483f7f64c Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-27 09:39:08 -04:00
Nick Mathewson
103dd68ba8 Merge branch 'maint-0.3.4' 2018-08-27 09:39:08 -04:00
teor
70a07fa90b
When running make test-network-all, use the mixed+hs-v2 network
No behaviour change.

A previous fix to chutney removed v3 onion services from the
mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
confusing.

Fixes bug 27345; bugfix on 0.3.2.1-alpha.
2018-08-27 23:07:20 +10:00
cypherpunks
0cd72a2833 core/mainloop: more comments documenting connection.c 2018-08-27 01:32:34 +00:00
cypherpunks
309961138b core/mainloop: fix documentation of connection_handle_write_impl()
Inaccurate since ​d9746bd468f551d1ada57d962b20eddd15256ce9.
2018-08-27 01:07:01 +00:00
Nick Mathewson
4c1c818ffa Update to 0.3.4.7-rc-dev 2018-08-24 16:49:56 -04:00
Nick Mathewson
bb65b53966 Fix a compilation warning on i386 with clang 2018-08-24 16:13:30 -04:00
Nick Mathewson
7217bdacb5 Merge remote-tracking branch 'tor-github/pr/289' 2018-08-24 12:57:18 -04:00
Nick Mathewson
622231ce2e Merge remote-tracking branch 'teor/bug27237' 2018-08-24 12:44:46 -04:00
Nick Mathewson
b1d0fa04fb Merge branch 'maint-0.3.4' 2018-08-24 12:35:26 -04:00
Nick Mathewson
658171318f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-24 12:35:23 -04:00
Nick Mathewson
33e4e30d0a Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-24 12:32:10 -04:00
Nick Mathewson
98e1a1d106 Merge branch 'ticket27286_032_v2' into maint-0.3.2 2018-08-24 12:32:06 -04:00
Nick Mathewson
14be9cba4e Update the protocol versions recommendations to remove LinkAuth=1
LinkAuth method 1 is the one where we pull the TLS master secrets
out of the OpenSSL data structures and authenticate them with
RSA. Right now we list method 1 as required for clients and relays.
That's a problem, since we can't reasonably support it with NSS. So
let's remove it as a requirement and a recommendation.

As for method 3: I'd like to recommend it it, but that would make
0.2.9 start warning.  Let's not do that till at least some time
after 0.3.5 (the next LTS) is stable.

Closes ticket 27286
2018-08-24 12:31:01 -04:00
Nick Mathewson
08a1619e7f Merge branch 'maint-0.3.4' 2018-08-24 12:05:39 -04:00
teor
dd27e17ccc Bootstrap: add some extra logging
Diagnostics for 27236.
2018-08-24 12:05:36 -04:00
teor
3ebbc1c84d Bootstrap: allow internal-only onion service networks to bootstrap
This fix requires chutney's 27230 fix to bridge client bootstrap.

Part of 27236.
2018-08-24 12:05:29 -04:00
Nick Mathewson
4748fd23da Bump to 0.3.4.7-rc 2018-08-24 09:13:20 -04:00
Nick Mathewson
f36b3faa75 Merge branch 'maint-0.3.4' 2018-08-24 08:32:33 -04:00
teor
7a5896d5d4
Bootstrap: try harder to get descriptors in non-exit test networks
Use the mid weight for the third hop when there are no exits.

Fixes bug 27237; bugfix on 0.2.6.2-alpha.
2018-08-24 12:49:05 +10:00
teor
588c77677a
Bootstrap: stop requiring descriptors to count exits as usable
Instead, count exits as usable if they have the exit flag, and
present if they also have a non-reject exit policy.

Requiring a threshold of usable descriptors avoids directories trickling
exit descriptors to clients to discover their ExitNodes settings.

Part of 27236.
2018-08-24 12:08:11 +10:00
Nick Mathewson
d50f90bfc4 Merge branch 'maint-0.3.4' 2018-08-23 19:37:32 -04:00
Nick Mathewson
e01ea64f0a Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-23 19:36:45 -04:00
Nick Mathewson
36bb11a650 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-23 19:36:45 -04:00
Nick Mathewson
6e0872e867 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-23 19:36:45 -04:00
teor
cc4ea34a26
Silence a compilation warning on MSVC 2017 and clang-cl
test.c no longer uses lround(), so we don't need to declare it,
and we can use math.h for fabs().

Fixes bug 27185; bugfix on 0.2.2.2-alpha.
2018-08-24 09:15:04 +10:00
Nick Mathewson
2ae92ab973 Merge branch 'maint-0.3.4' 2018-08-23 14:26:04 -04:00
teor
fadcab920b
Bootstrap: check the exit policy and flag on descriptors
Previously, Tor would only check the exit flag. In small networks, Tor
could bootstrap once it received a consensus with exits, without fetching
the new descriptors for those exits.

After bootstrap, Tor delays descriptor fetches, leading to failures in
fast networks like chutney.

Fixes 27236; bugfix on 0.2.6.3-alpha.
2018-08-24 01:13:53 +10:00
teor
692efdad09
Update the message logged on relays when DirCache is disabled
Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the Guard
flag.

Fixes bug 24312; bugfix on 0.3.3.5-rc.
2018-08-23 19:13:25 +10:00
Dominique Ingoglia
8747afc5e0
Change the wording of the DirCache warning 2018-08-23 19:13:15 +10:00
Nick Mathewson
c567b8fcb4 NSS support for x509 certs
7 unit tests are failing at this point, but they're all TLS-related.
2018-08-22 16:11:45 -04:00
Nick Mathewson
7c5339677f Log error strings in crypto_nss_log_errors().
I'll need this for debugging.
2018-08-22 12:36:25 -04:00
David Goulet
e8557ba00d hs: Change default version from 2 to 3
Closes #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:42:23 -04:00
David Goulet
61ad81c36e hs: Learn service version by trying to load the keys
In order to switch the default HS version from 2 to 3, we need tor to be smart
and be able to decide on the version by trying to load the service keys during
configuration validation.

Part of #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:38:28 -04:00
David Goulet
cb466ee7d6 key: Make ed_key_init_from_file() take an or_options_t
Part of #27215, we need to call the ed_key_init_from_file function during
option_validate() which is before the global_options variable is set.

This commit make ed_key_init_from_file() stop using get_options() and instead
now has a or_options_t parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:32:57 -04:00
George Kadianakis
5febea0d54 Fix revision counter bugs caused by bad SRV start time computation.
Bug description: For each descriptor, its revision counter is the OPE
ciphertext of the number of seconds since the start time of its SRV value.
This bug caused us to confuse the SRV start time in the middle of the lifetime
of a descriptor in some edge-cases, which caused descriptor rejects.

Bug cause: The bug occurs when we fetch a 23:00 consensus after
midnight (e.g. at 00:08 when not all dirauths have fetched the latest 00:00
consensus). In that case, the voting schedule (which was used for SRV start
time calculation) would return a valid-after past-midnight, whereas our
consensus would be pre-midnight, and that would confuse the SRV start time
computation which is used by HS revision counters (because we would reset the
start time of SRV, without rotating descriptors).

Bug fix: We now use our local consensus time to calculate the SRV start time,
instead of the voting schedule. The voting schedule does not work as originally
envisioned in this case, because it was created for voting by dirauths and not
for scheduling stuff on clients.
2018-08-22 18:09:47 +03:00
Nick Mathewson
8148c0717d Change log_test_helpers macros to use printf, not pasting
This ensures that our test failure messages actually tell us what
strings Tor was expecting.  I will need this to debug some test
failures.
2018-08-22 10:55:55 -04:00
Nick Mathewson
c1ad40627b Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-22 09:37:31 -04:00
Nick Mathewson
8691046ac6 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-22 09:37:31 -04:00
Nick Mathewson
573b6e4f2f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-22 09:37:31 -04:00
Nick Mathewson
9068e2fa28 Mark cert_matches_key as not-intrusive; fix stretch compilation. 2018-08-22 09:37:26 -04:00
Nick Mathewson
e619fd02ef Merge remote-tracking branch 'tor-github/pr/287' 2018-08-21 20:08:55 -04:00
Nick Mathewson
bf5704051c Merge remote-tracking branch 'teor/travis-osx-master' 2018-08-21 20:04:13 -04:00
Nick Mathewson
aac1e17f22 Merge remote-tracking branch 'teor/travis-osx-034' into maint-0.3.4 2018-08-21 20:04:03 -04:00
Nick Mathewson
f0633bc491 Merge remote-tracking branch 'teor/travis-osx-033' into maint-0.3.3 2018-08-21 20:03:56 -04:00
Nick Mathewson
a29e9a901d Merge remote-tracking branch 'teor/travis-osx-032' into maint-0.3.2 2018-08-21 20:03:41 -04:00
Neel Chauhan
3bf4493cb9 Remove duplicate include in src/test/test_address.c 2018-08-21 20:01:48 -04:00
Nick Mathewson
de66bd397c Merge branch 'maint-0.3.4' 2018-08-21 19:20:37 -04:00
Nick Mathewson
f68aab83ba Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-21 19:20:31 -04:00
Nick Mathewson
245025a3df Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-21 19:16:40 -04:00
Nick Mathewson
d52f406001 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-21 19:16:40 -04:00
Nick Mathewson
5245a296c5 Make some x509 functions generic; remove some fields NSS doesn't need 2018-08-21 12:25:33 -04:00
Nick Mathewson
b9ca8f2356 Extract internal-only parts of x509.h 2018-08-21 12:25:33 -04:00
Nick Mathewson
108d9879eb Extract the non-generic part of tor_tls_context_decref(). 2018-08-21 12:25:33 -04:00
Nick Mathewson
96f8e19802 Implement PBKDF2 with NSS.
This was a gap that we left in the last commit.
2018-08-21 12:25:33 -04:00
Nick Mathewson
6a88d8f6b4 When enabling NSS, disable OpenSSL.
We used to link both libraries at once, but now that I'm working on
TLS, there's nothing left to keep OpenSSL around for when NSS is
enabled.

Note that this patch causes a couple of places that still assumed
OpenSSL to be disabled when NSS is enabled
   - tor-gencert
   - pbkdf2
2018-08-21 12:25:33 -04:00
Nick Mathewson
1992c76130 Split tls modules and their tests into openssl and generic.
Also, add a stubbed-out nss version of the modules.  The tests won't
pass with NSS yet since the NSS modules don't do anything.

This is a good patch to read with --color-moved.
2018-08-21 12:25:33 -04:00
Nick Mathewson
91c1e88b7a Refactor some of the certificate-manipulation logic 2018-08-21 12:25:33 -04:00
Nick Mathewson
598bc78bfa Extract tortls structures into a new header; clean up a little 2018-08-21 12:25:33 -04:00
Nick Mathewson
9a4f05b05c Split X509 code out of tortls.c 2018-08-21 12:25:33 -04:00
Nick Mathewson
3ccb94d7b6 The RSA_free in this test is no longer needed or wanted 2018-08-21 12:24:08 -04:00
Nick Mathewson
aa45511250 Implement RSA for NSS. 2018-08-21 12:24:08 -04:00
Nick Mathewson
cb5cfe3177 Also reinitialize the pregenerated keys postfork. 2018-08-21 12:24:08 -04:00
Nick Mathewson
b94e7de7db Refactor crypto_rsa to use pem module.
This cleans up a lot of junk from crypto_rsa_openssl, and will
save us duplicated code in crypto_rsa_nss (when it exists).

(Actually, it already exists, but I am going to use git rebase so
that this commit precedes the creation of crypto_rsa_nss.)
2018-08-21 12:24:08 -04:00
Nick Mathewson
9566ed6fd9 Add rudimentary support for PEM-encoding, since NSS doesn't do that. 2018-08-21 12:24:08 -04:00
Nick Mathewson
0812f1cbc2 Use a constant for "65537" 2018-08-21 12:24:08 -04:00
Nick Mathewson
824009cde5 Rename openssl-bridging functions in crypto_rsa
These functions exist only to expose RSA keys to other places in Tor
that use OpenSSL; let's be specific about their purpose.
2018-08-21 12:24:08 -04:00
Nick Mathewson
38212d2e40 Remove a redundant function. 2018-08-21 12:24:08 -04:00
Nick Mathewson
0f971d7c91 Rename functions that encode/decode private keys
It is not nice to expose a private key's contents without having the
function name advertise the fact.  Fortunately, we weren't misusing
these yet.
2018-08-21 12:24:08 -04:00
Nick Mathewson
752ffa2197 Extract openssl RSA functionality into its own file. 2018-08-21 12:24:08 -04:00
Nick Mathewson
9bb0ac4bf1 Merge branch 'coverage_6aug_squashed' 2018-08-21 12:14:51 -04:00
Nick Mathewson
fe00a481fc Add a unit test for tor_log_mallinfo() 2018-08-21 12:14:41 -04:00
Nick Mathewson
f124037cde Add unit tests for parsing "extended" format of config lines. 2018-08-21 12:14:41 -04:00
Nick Mathewson
21a9d03445 fixup! Check for duplicate-close in connection_dir_finished_flusing() 2018-08-21 11:15:07 -04:00
Nick Mathewson
ff0be08059 Fix a bug warning when sending an error on an HTTPTunnelPort conn
Fixes bug 26470; bugfix on 0.3.2.1-alpha.
2018-08-21 10:12:04 -04:00
Nick Mathewson
18183de060 Check for duplicate-close in connection_dir_finished_flusing()
Fix for 26896.
2018-08-21 09:50:48 -04:00
Neel Chauhan
eb2b130ad9 If ExitRelay is not specified, emulate the behavior of "ExitRelay 0" 2018-08-20 20:25:23 -04:00
Nick Mathewson
85a8792344 Rewrite test_tortls_cert_matches_key()
Unlike the old test, this test no will no longer mess around with
the forbidden internals of any openssl data structures.

Additionally, it verifies several other behaviors of
tor_tls_cert_matches_key() that we had wanted to verify, such as
the possibility of the certificate's key not matching.

Fixes bug 27226; bugfix on 0.2.5.1-alpha.
2018-08-20 17:43:41 -04:00
Nick Mathewson
c1f476a3d5 Use our x509 wrapper code in tor_tls_cert_matches_key()
This allows us to mock our own tor_tls_get_peer_certificate()
function in order to test ..cert_matches_key(), which will in turn
allow us to simplify test_tortls_cert_matches_key() considerably.

Prep work for the fix for 27226.
2018-08-20 17:42:38 -04:00
Neel Chauhan
aab6aea197 Fix typo in comment for getinfo_helper_current_time() 2018-08-20 11:49:35 -04:00
rl1987
5ab2110eb6 Rework predicted_ports_prediction_time_remaining() to fix CID 1438153 2018-08-19 21:03:01 +03:00
cypherpunks
6c0e7a9e1a test/protover: add double-voting test 2018-08-19 02:21:46 +00:00
cypherpunks
fecd583c0e rust: abort on panic in all profiles
Until https://github.com/rust-lang/rust/issues/52652 is fixed,
unwinding on panic is potentially unsound in a mixed C/Rust codebase.

The codebase is supposed to be panic-free already, but just to be safe.

This started mattering at commit d1820c1516.

Fixes #27199; bugfix on tor-0.3.3.1-alpha.
2018-08-18 19:23:28 +00:00
rl1987
ed0ee340d4 Refactoring: Move code that creates listener for port into new function 2018-08-18 11:26:38 +03:00
cypherpunks
18416b2cf0 test/protover: add test for whitespace parsing bug 2018-08-17 17:25:24 +00:00
cypherpunks
4f3e6d5027 test/protover: add test for hyphen parsing bug 2018-08-17 17:21:46 +00:00
Nick Mathewson
700f5bcc43 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-17 09:38:26 -04:00
Nick Mathewson
e0b8c53f56 Merge branch 'maint-0.3.4' 2018-08-17 09:38:26 -04:00
Nick Mathewson
87aacbfbba Merge remote-tracking branch 'onionk/rust-protospace' into maint-0.3.3 2018-08-17 09:38:08 -04:00
cypherpunks
7b7dd9ae1c rust/protover: don't accept whitespace in ProtoSet::from_str()
It's impossible for spaces to get here, since spaces are used as
separators between individual protocol entries higher up.

And it shouldn't ignore whitespace that isn't a literal space
character, because that would differ from the C implementation.

These were added in 9925d2e687.

Fixes #27177. Bugfix on 0.3.3.5-rc.
2018-08-17 13:34:03 +00:00
Nick Mathewson
ac721bd3b4 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-17 09:29:46 -04:00
Nick Mathewson
bedc0b0b8f Merge branch 'maint-0.3.4' 2018-08-17 09:29:46 -04:00
cypherpunks
cc93f175ed rust/protover: fix hyphen parsing bug in ProtoSet::from_str()
It was parsing "1-2-3" as if it were 1-2, ignoring the 2nd hyphen
and everything after.

Introduced in d1820c1516.

Fixes #27164; bugfix on 0.3.3.1-alpha.
2018-08-17 13:27:24 +00:00
Nick Mathewson
042aed3f1d Merge remote-tracking branch 'onionk/rust-docs1' 2018-08-17 09:07:06 -04:00
Unto Sten
ba3c785092 Inform users about configuration file and directory includes
This patch makes it clearer to users what settings Tor daemon
is actually using. I think it is pretty important.
2018-08-17 14:08:59 +03:00
Neel Chauhan
64d9ea1413
In addrs_in_same_network_family(), choose IP subnet size based on IP type 2018-08-17 13:37:51 +10:00
cypherpunks
fc7fed6155 rust/protover: fix docs for UnvalidatedProtoEntry::from_str
This got shuffled around in b786b146ed
and hasn't been accurate since 124caf28e6.
2018-08-17 02:38:23 +00:00
cypherpunks
e65a4fa42c rust/protover: fix parsing docs
The function takes an already validated utf-8 string, and
it never checks if the version numbers are an empty string.
That parse error happens later.

Fix on 701c2b69f5
2018-08-17 02:38:23 +00:00
cypherpunks
7bb658a633 rust/protover: fix ProtoEntry::from_str docs
Texxt was copied from a function that returned a single
tuple in 88b2f170e4.
2018-08-17 02:38:23 +00:00
Nick Mathewson
c8aecd14fe Merge branch 'pr275_squashed' 2018-08-16 08:43:05 -04:00
cypherpunks
6b609ce435 rust: run rustfmt 2018-08-16 08:42:57 -04:00
cypherpunks
ceac10fc3d rust: max_width=100, other rustfmt settings. #27071
These are the 12 stable and documented configuration options,
set to their default values.

use_small_heuristics is only stabilized in rustfmt 0.9, so maintain
support for 0.8.x for now by commenting it out.

comment_width is unstable and did nothing, since wrap_comments defaults
to false.

Default values gotten from `rustfmt --print-config default rustfmt.toml`.

e7932fa9c2/Configurations.md
2018-08-16 08:42:57 -04:00
cypherpunks
fef2ba2267 rust/docs: fix critical typo for missing_docs lint
Fix typo from fe66d06a45.
The exclamation point is what lets an attribute apply to
an entire crate, without the ! it's practically a placebo.

Fix on commits af182d4ab5 and
b6059297d7, and note there are
still missing docs in both crypto and protover, for now.

https://doc.rust-lang.org/reference/attributes.html
2018-08-16 08:42:57 -04:00
Nick Mathewson
936e2aa0de Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-16 08:37:11 -04:00
Nick Mathewson
b49355915b Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-16 08:37:11 -04:00
Nick Mathewson
7e50d43f07 Merge branch 'maint-0.3.4' 2018-08-16 08:37:11 -04:00
George Kadianakis
c798957b59 Keep descriptor rotation time after HUP occurs. 2018-08-16 08:36:48 -04:00
Nick Mathewson
d029a5162d Merge branch 'ticket27096' 2018-08-16 08:32:06 -04:00
rl1987
fb137b30fc Exclude setenv/unsetenv code on Windows 2018-08-16 08:31:45 -04:00
rl1987
f454c28303 Fix test to pass without HOME env being set 2018-08-16 08:31:45 -04:00
Nick Mathewson
6c1d2549df Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-15 02:16:23 -04:00
Nick Mathewson
1868982de6 Merge remote-tracking branch 'public/bug26779_033' into maint-0.3.3 2018-08-15 02:16:19 -04:00
Nick Mathewson
b329cdf768 Merge remote-tracking branch 'public/bug26779_035' 2018-08-15 02:14:17 -04:00
Nick Mathewson
e56f0c9d33 Adjust windows stubs for new start/finish_daemon() return types 2018-08-14 16:44:59 -04:00
Neel Chauhan
f282375fb7 Add regression test for Bug #20874 2018-08-11 18:09:01 -04:00
Nick Mathewson
c775689e96 Merge remote-tracking branch 'tor-github/pr/244' 2018-08-11 10:05:15 -04:00
Nick Mathewson
61d5bcc1a2 Merge remote-tracking branch 'tor-github/pr/268' 2018-08-11 10:04:04 -04:00
Nick Mathewson
b7ed61167f Merge remote-tracking branch 'tor-github/pr/239' 2018-08-10 12:35:06 -04:00
teor
546c134801
Rust: Use --all-features in test_rust.sh for 0.3.3 and 0.3.4
Re-applies 0.3.3 changes after 24629.
2018-08-10 16:37:19 +10:00
teor
19038ff4bb
Revert "Rust: Use --all-features in test_rust.sh for 0.3.3 and 0.3.4"
This reverts commit e1291aa84a.
2018-08-10 13:30:16 +10:00
teor
ace98493bd
Merge branch 'travis-osx-034' into travis-osx-master
Replace master .travis.yml with 034 .travis.yml.
All the changes in master have been backported to the
034 .travis.yml already.

Replace master src/test/test_rust.sh with 034
src/test/test_rust.sh, which was backported from
master. One 033/034-specific commit needs to be
reverted.
2018-08-10 13:28:19 +10:00
teor
6e0be81211
Merge branch 'travis-osx-033' into travis-osx-034
Replace 034 .travis.yml with 033 .travis.yml.
Subsequent commits will restore 034 functionality.

Replace 034 src/test/test_rust.sh with 033
src/test/test_rust.sh, which was backported from
master.
2018-08-10 13:15:16 +10:00
teor
e1291aa84a
Rust: Use --all-features in test_rust.sh for 0.3.3 and 0.3.4
Re-applies 0.3.3 changes after 24629.
2018-08-10 13:11:27 +10:00
teor
229a75a49a
Rust: use a consistent working directory in builds and tests
cd to ${abs_top_builddir}/src/rust before running cargo in
src/test/test_rust.sh.

Fixes bug 26497; bugfix on 0.3.3.2-alpha.
2018-08-10 11:54:26 +10:00
teor
0f3fd10ee0
Stop setting $CARGO_HOME in src/rust/tor_rust/include.am
cargo will use the user's $CARGO_HOME, or $HOME/.cargo by default.

Fixes bug 26497; bugfix on 0.3.1.5-alpha.
2018-08-10 11:47:36 +10:00
teor
2b9dd0f9c0
Merge branch 'travis-osx-032' into travis-osx-033
Replace 033 .travis.yml with 032 .travis.yml.
Subsequent commits will restore 033 functionality.

src/rust/tor_util/include.am is deleted in 033.
Subsequent commits will apply 032 changes to
src/rust/tor_rust/include.am.

Replace 033 src/test/test_rust.sh with 032
src/test/test_rust.sh, which was backported from
master.
2018-08-10 11:43:17 +10:00
teor
c9ad16ca2a
Fix $abs_top_srcdir in test_rust.sh
Consistently use ../../.. as a fallback for $abs_top_srcdir in
test_rust.sh.

Fixes bug 27093; bugfix on 0.3.4.3-alpha.
2018-08-10 11:22:36 +10:00
teor
ce19477ffc
Stop setting $CARGO_HOME
cargo will use the user's $CARGO_HOME, or $HOME/.cargo by default.

Fixes bug 26497; bugfix on 0.3.1.5-alpha.
2018-08-10 11:14:32 +10:00
teor
2a35b085ee
Rust: backport src/test/test_rust.sh from master
Preparation for 26497.
2018-08-10 11:09:18 +10:00
Nick Mathewson
5980cb8a19 Merge branch 'maint-0.3.4' 2018-08-09 08:47:26 -04:00
Nick Mathewson
b4362b99cf Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-09 08:47:25 -04:00
Nick Mathewson
fde551a387 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-09 08:47:25 -04:00
Nick Mathewson
8982719f6a Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-09 08:47:24 -04:00
Karsten Loesing
fe19b40fe9 Update geoip and geoip6 to the August 7 2018 database. 2018-08-09 09:44:38 +02:00
Neel Chauhan
a207511bb0 In cell_queues_check_size(), add DNS cache size to total memory allocation 2018-08-08 20:52:57 -04:00
Nick Mathewson
df444e482b Provide examples of tor_api_get_provider_version() output
At the same time, sternly warn any person thinking about relying on
any particular format too strictly.  If you do this, and your
program breaks, it is your bug, not mine.
2018-08-08 18:10:28 -04:00
Nick Mathewson
159141a8c6 Merge branch 'ticket26947' 2018-08-08 18:07:32 -04:00
Nick Mathewson
0f0dac0bfc Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-08 18:06:15 -04:00
Nick Mathewson
da4f4cb269 Merge branch 'maint-0.3.4' 2018-08-08 18:06:15 -04:00
Nick Mathewson
c4d0d9bd24 Merge branch 'bug26948_033' into maint-0.3.3 2018-08-08 18:06:11 -04:00
Nick Mathewson
a57c27a1c7 Call crypto_postfork on start_daemon() instead. 2018-08-08 17:32:26 -04:00
Nick Mathewson
622a2c6bee Make finish_daemon() return a boolean to say whether it did anything. 2018-08-08 16:59:53 -04:00
Nick Mathewson
4f300d547d When RunAsDaemon is set, crypto_postfork() as needed 2018-08-08 16:50:23 -04:00
Nick Mathewson
26f1167e71 Merge branch 'bug26779_033' into bug26779_035 2018-08-08 15:50:29 -04:00
Nick Mathewson
b66386865e Detect broken stdatomic.h, and pretend that it isn't there at all
I hope that the debian clang maintainers will look at debian bug
903709 soon. But until they do, this should keep our users and our
CI happy on sid with clang.

Closes ticket 26779.
2018-08-08 15:49:39 -04:00
rl1987
7a1007861f Print stacktrace when crypto_pk_get_digest() fails in router_build_fresh_descriptor() 2018-08-08 18:56:27 +03:00
rl1987
9c242e950b Consider all routerinfo errors other than "not a server" transient 2018-08-08 18:47:43 +03:00
Nick Mathewson
aaa5ca366e Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-08 09:26:23 -04:00
Nick Mathewson
7787150521 Merge branch 'maint-0.3.4' 2018-08-08 09:26:23 -04:00
Nick Mathewson
00536254b7 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-08 09:26:23 -04:00
Nick Mathewson
8e68fe7e1c Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-08 09:26:22 -04:00
Daniel Pinto
a350f216b3 Fix crash when calling openat with sandbox enabled #25440
The seccomp rule for the openat syscall checks for the AT_FDCWD
constant. Because this constant is usually a negative value, a
cast to unsigned int is necessary to make sure it does not get
converted to uint64_t used by seccomp.

More info on:
https://github.com/seccomp/libseccomp/issues/69#issuecomment-273805980
2018-08-08 09:21:29 -04:00
Neel Chauhan
3a2b5a5bcb Fix typo in control_event_hs_descriptor_content() 2018-08-08 00:12:00 -04:00
Nick Mathewson
de129e69ba Update version to 0.3.4.6-rc-dev 2018-08-07 20:15:34 -04:00
Nick Mathewson
5e86a28683 Merge branch 'maint-0.3.4' 2018-08-07 08:05:56 -04:00
Nick Mathewson
882b2ad0aa Merge branch 'bug27003_034_v2' into maint-0.3.4 2018-08-07 08:05:51 -04:00
Nick Mathewson
f6763a8218 Add tests for the failing case of tor_localtime_r 2018-08-06 16:44:26 -04:00
Nick Mathewson
abf88af488 Merge branch 'maint-0.3.4' 2018-08-06 10:39:59 -04:00
Nick Mathewson
a54e94878a Rename SEC identifier to BW_SEC in test_bwmgt.h
Apparently Solaris 10 defines SEC somewhere in its headers, causing
a compilation problem.

Fixes bug 26994; bugfix on 0.3.4.1-alpha.
2018-08-06 10:39:14 -04:00
Nick Mathewson
a8bab72c37 Bump to 0.3.4.6-rc 2018-08-06 08:28:56 -04:00
Nick Mathewson
622a057e7e Merge remote-tracking branch 'public/string_coverage' 2018-08-03 07:03:29 -04:00
Nick Mathewson
176999fd95 When enabling periodic events, schedule but don't run them immediately.
When we fixed 25939 in f7633c1fca, we
introduced a call to rescan_periodic_events() from inside the onion
service logic. But this meant that we could rescan the event list --
thereby running event callbacks! -- from inside the hidden service code.
This could cause us to run some of our event callbacks from an
inconsistent state, if we were in the middle of changing options.

A related bug (#25761) prevented us from rescanning our periodic
events as appropriate, but when we fixed THAT one, this bug reared
its ugly head.

The fix here is that "enabling" an event should cause us to run it
from the event loop, but not immediately from the point where we
enable it.

Fixes bug 27003; bugfix on 0.3.4.1-alpha.
2018-08-02 10:14:56 -04:00
Nick Mathewson
f83b417bf8 Suppress strict-prototypes warning in crypto_nss_mgt.c 2018-08-02 08:41:33 -04:00
Nick Mathewson
727f1676d6 Fix double-link of crypto_openssl_mgt.c 2018-08-02 08:38:59 -04:00
Nick Mathewson
b590cc0449 Add a cast to make clang happier. 2018-08-02 08:36:24 -04:00
Nick Mathewson
861d690018 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-01 14:37:07 -04:00
Nick Mathewson
af97879446 Merge branch 'maint-0.3.4' 2018-08-01 14:37:07 -04:00
Nick Mathewson
eb604f5faa Fix build on GNU/Hurd. Patch from paulusASol. Closes 26873. 2018-08-01 14:37:03 -04:00
Nick Mathewson
fe3bacf50a Convert __OwningControllerFD to a 64-bit value
This lets us potentially use it for internal passing of windows
sockets.
2018-08-01 11:01:52 -04:00
Nick Mathewson
c77fe82155 Add API for creating an owning controller FD and passing it to tor_main 2018-08-01 11:01:52 -04:00
Nick Mathewson
9a89450b6d tor_api: Extend tor_api code so it can pass extra arguments to main.
We need this so that the tor_api user can specify some arguments,
while the tor_api implementation adds others.

This implementation detail should not be visible to tor_api users.
2018-08-01 11:01:52 -04:00
Nick Mathewson
ff7229b32c Document new helper functions in socketpair.c 2018-08-01 11:01:52 -04:00
Nick Mathewson
1b7b9c7e63 Reindent tor_ersatz_socketpair 2018-08-01 11:01:52 -04:00
Nick Mathewson
fc0dc5aa9e Refactor tor_ersatz_socketpair() not to need socket.
This change also makes tor_ersatz_socketpair() follow the same
interface as socketpair() rather than tor_socketpair(), so it now
needs to be wrapped in the same code as socketpair() does.
2018-08-01 11:01:52 -04:00
Nick Mathewson
9b24609af0 Remove dependency from socketpair.c on address.h
Also refactor some annoying code in tor_ersatz_socketpair.
2018-08-01 09:24:22 -04:00
Nick Mathewson
2884639ad6 Extract tor_ersatz_socketpair into a new c file
I'm doing this because I want to make it a lower-level function
again, so that we can use it without linking in the rest of the
universe.
2018-08-01 08:47:27 -04:00
Nick Mathewson
a4c0a0e81e Fix issues with crypto_ope compilation now that crypto.h is gone 2018-07-31 19:56:42 -04:00
Nick Mathewson
fdaa483098 Merge branch 'nss_dh_squashed' into nss_dh_squashed_merged 2018-07-31 19:56:23 -04:00
Nick Mathewson
17f922d371 Only link crypto_dh_openssl.c once
(We do this unconditionally, since we still need it for tortls.c)
2018-07-31 19:46:00 -04:00
Nick Mathewson
f5e22358b0 Additional tests for NSS DH
Notably, there's a test to make sure that it round-trips with
OpenSSL, if OpenSSL is enabled.
2018-07-31 19:46:00 -04:00
Nick Mathewson
17ea931ac7 Implement DH in NSS. 2018-07-31 19:46:00 -04:00
Nick Mathewson
32bbc8f6b5 Refactor the dependency between tortls and crypto_dh.
We only ever need this to get us a DH ephemeral key object,
so make a function that does just that.
2018-07-31 19:46:00 -04:00
Nick Mathewson
ac9a470c64 Extract the shared part of crypto_dh_compute_secret. 2018-07-31 19:46:00 -04:00
Nick Mathewson
60a5b78480 Extract the OpenSSL DH functionality to a new file. 2018-07-31 19:46:00 -04:00
Nick Mathewson
99beed152e Make the rust tests link. 2018-07-31 19:46:00 -04:00
Nick Mathewson
2d80673b9a Fix "make distcheck." 2018-07-31 19:46:00 -04:00
Nick Mathewson
76e10ee6b9 Use NSS for AES_CTR. 2018-07-31 19:46:00 -04:00
Nick Mathewson
60705a5719 Use NSS in crypto_rand.c
This is comparatively straightforward too, except for a couple of
twists:

   * For as long as we're building with two crypto libraries, we
     want to seed _both_ their RNGs, and use _both_ their RNGs to
     improve the output of crypto_strongest_rand()

   * The NSS prng will sometimes refuse to generate huge outputs.
     When it does, we stretch the output with SHAKE.  We only need
     this for the tests.
2018-07-31 19:46:00 -04:00
Nick Mathewson
be8d497b65 Make sure NSS is initialized before running benchmarks 2018-07-31 19:46:00 -04:00
Nick Mathewson
f64c9dccde Use NSS's digest code in Tor.
This was a fairly straightforward port, once I realized which layer
I should be calling into.
2018-07-31 19:46:00 -04:00
Nick Mathewson
772106c6bc Add a new function, tor_api_get_provider_version()
Closes ticket 26947.
2018-07-31 09:18:54 -04:00
Nick Mathewson
7e4ac0283e Merge remote-tracking branch 'teor/bug26986' 2018-07-31 08:50:38 -04:00
Nick Mathewson
a67d153cc7 Always call tor_free_all() when exiting tor_run_main()
We would usually call it through tor_cleanup(), but in some code
paths, we wouldn't. These paths would break restart-in-process,
since leaving fields uncleared would cause assertion failures on
restart.

Fixes bug 26948; bugfix on 0.3.3.1-alpha
2018-07-31 08:45:17 -04:00
Roger Dingledine
fe9f585143 fix wrong word in comment 2018-07-30 22:35:33 -04:00
teor
9118430b14 Use Windows-compatible format strings in tor-print-ed-signing-cert.c
Fixes bug 26986; bugfix on master.
2018-07-31 11:21:28 +10:00
teor
e26794ace9 Add TOR_PRIdSZ to torint.h 2018-07-31 11:21:28 +10:00
Nick Mathewson
acb54dee7b Remove a now-obsolete comment about deadcode_dummy__ 2018-07-30 09:09:10 -04:00
Nick Mathewson
70b16bc679 Merge branch 'ticket26890' 2018-07-30 09:08:39 -04:00
Nick Mathewson
21babc8d3f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-30 09:01:59 -04:00
Nick Mathewson
3a6bd21440 Merge remote-tracking branch 'teor/bug26627_033_merged_master' 2018-07-30 09:01:55 -04:00
Nick Mathewson
4f854dbdc2 Merge remote-tracking branch 'teor/bug26627_033' into maint-0.3.3 2018-07-30 09:01:45 -04:00
Nick Mathewson
49d8a2109f Update include in tor-print-ed-signing-cert 2018-07-30 08:57:18 -04:00
Nick Mathewson
ff593ae878 Merge remote-tracking branch 'rl1987/feature19506_3' 2018-07-30 08:55:57 -04:00
Nick Mathewson
13393b2d91 Merge remote-tracking branch 'rl1987/ticket21349_4' 2018-07-30 08:49:49 -04:00
Nick Mathewson
7d66ec0feb Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-30 08:45:01 -04:00
Nick Mathewson
a159eaf45f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-30 08:45:01 -04:00
Nick Mathewson
ec1ced3cc1 Merge remote-tracking branch 'teor/bug26924' 2018-07-30 08:44:58 -04:00
Nick Mathewson
fea35ddf00 Merge remote-tracking branch 'teor/bug26924_032' into maint-0.3.2 2018-07-30 08:44:40 -04:00
Nick Mathewson
ac9d08f66a Merge remote-tracking branch 'juga/ticket3723_03_squashed_rebased' 2018-07-30 08:33:59 -04:00
Nick Mathewson
811ed8cf9f Merge remote-tracking branch 'rl1987/bug26892_take2' 2018-07-30 08:24:14 -04:00
Nick Mathewson
d102e9c2e4 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-30 08:17:25 -04:00
Nick Mathewson
5823e62fa2 Merge branch 'maint-0.3.4' 2018-07-30 08:17:25 -04:00
Nick Mathewson
15d7f24c57 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-30 08:17:24 -04:00
Taylor Yu
a8bdb851eb Don't disable an unsupported compiler warning
Conditionalize the pragma that temporarily disables
-Wunused-const-variable.  Some versions of gcc don't support it.  We
need to do this because of an apparent bug in some libzstd headers.
Fixes bug 26785; bugfix on 0.3.2.11.
2018-07-26 12:32:34 -05:00
rl1987
ffdfd39d4f Early bailout from log_addr_has_changed() if running as client 2018-07-26 17:49:27 +03:00
teor
db2a9180be
Remove comment about Tor2web
Part of #26367.
2018-07-25 17:40:20 +10:00
teor
d01602bebb Merge branch 'bug26924_032' into bug26924
Update rendcommon.h include path.
2018-07-25 14:50:45 +10:00
teor
859d5a7375 Improve connection auth logging
Improve the log message when connection initiators fail to authenticate
direct connections to relays.

Fixes bug 26927; bugfix on 0.3.0.1-alpha.
2018-07-25 14:39:31 +10:00
teor
fdc3ad6259 Merge branch 'bug26924_029' into bug26924_032 2018-07-25 14:33:10 +10:00
teor
6443812e34 Stop logging link auth warnings on Single Onion Services and Tor2web
Instead, log a protocol warning when single onion services or
Tor2web clients fail to authenticate direct connections to relays.

Fixes bug 26924; bugfix on 0.2.9.1-alpha.
2018-07-25 14:30:33 +10:00
teor
fc4d08e260 Merge branch 'bug26627_033' into bug26627_033_merged_master 2018-07-25 09:17:17 +10:00
teor
3821081a55 Stop putting unsupported ed25519 link auth in v3 onion service descs
Stop putting ed25519 link specifiers in v3 onion service descriptors,
when the intro point doesn't support ed25519 link authentication.

Fixes bug 26627; bugfix on 0.3.2.4-alpha.
2018-07-25 09:16:15 +10:00
teor
a99920c7d4 Stop sending unsupported ed25519 link specifiers in v3 introduce cells
Stop sending ed25519 link specifiers in v3 onion service introduce
cells, when the rendezvous point doesn't support ed25519 link
authentication.

Fixes bug 26627; bugfix on 0.3.2.4-alpha.
2018-07-25 09:16:04 +10:00
rl1987
042d22c8d1 Split select_entry_guard_for_circuit() 2018-07-21 18:38:33 +03:00
rl1987
e6c51a056c Make entry_guards_update_primary() shorter 2018-07-21 18:38:33 +03:00
rl1987
86549c0d9e Split sampled_guards_update_from_consensus() into subfunctions 2018-07-21 18:38:33 +03:00
Neel Chauhan
f80cfc4476 Add a "reject *:*" line after parsing in parse_reachable_addresses() 2018-07-20 21:38:28 -04:00
Neel Chauhan
fe18776349 Don't prepend reject *:* to Reachable(OR/Dir)Addresses in options_validate() 2018-07-20 21:36:23 -04:00
rl1987
9c34f95b89 Scrub IP in channel_tls_process_netinfo_cell() if SafeLogging is on 2018-07-20 21:13:38 +03:00
Nick Mathewson
c515dc8d0d Remove over-cleverness from our coverity BUG() definition.
Our previous definition implied that code would never keep running
if a BUG occurred (which it does), and that BUG(x) might be true
even if x was false (which it can't be).

Closes ticket 26890. Bugfix on 0.3.1.4-alpha.
2018-07-20 11:19:54 -04:00
Nick Mathewson
9ae3597540 Tweak assertion in get_time_period_length() for coverity
This is another attempt to fix 1437668.  The assertion here should
be safe, since the rules of networkstatus_get_param() keep the value
it returns in range.
2018-07-20 11:02:07 -04:00
Nick Mathewson
977821e59f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-20 10:42:29 -04:00
Nick Mathewson
dbf57ecf39 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-20 10:42:29 -04:00
Nick Mathewson
583df33e20 Merge branch 'maint-0.3.4' 2018-07-20 10:42:29 -04:00
Nick Mathewson
be3a962ca7 Merge branch 'ticket26647_032' into maint-0.3.2 2018-07-20 10:42:23 -04:00
Nick Mathewson
3c49019016 Merge branch 'maint-0.3.4' 2018-07-19 14:34:26 -04:00
Nick Mathewson
7260d07fee Fix linking when dirauth module is disabled.
Bugfix on dcee4d4c9c, bug not in any
released Tor.
2018-07-19 14:33:18 -04:00
Nick Mathewson
c1092e9aab Merge remote-tracking branch 'ahf-github/bugs/26780' 2018-07-19 12:22:39 -04:00
Nick Mathewson
7253603e6b Merge branch 'bug26712' 2018-07-19 12:20:13 -04:00
Nick Mathewson
b44fce6716 Merge branch 'maint-0.3.4' 2018-07-19 08:32:00 -04:00
Nick Mathewson
0a60a94a55 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-19 08:31:07 -04:00
Nick Mathewson
27f5bd52fe Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-19 08:31:07 -04:00
Nick Mathewson
209332e71a Merge remote-tracking branch 'teor/bug26853_032' into maint-0.3.2 2018-07-19 08:30:59 -04:00
Roger Dingledine
144fc9bef1 wrap a multi-line if body in { } before somebody gets hurt 2018-07-18 21:23:35 -04:00
Nick Mathewson
9e247ac271 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-18 16:39:10 -04:00
Nick Mathewson
39d3187b0d Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-18 16:39:10 -04:00
Nick Mathewson
78386d8cdd Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-18 16:39:10 -04:00
Nick Mathewson
501deba8cf Try putting ulimit -c 0 in test_bt.sh to see if it fixes bug 26787 2018-07-18 16:33:48 -04:00
Nick Mathewson
42c02097db Add two more dependencies in build.rs 2018-07-18 16:20:31 -04:00
Nick Mathewson
0c4c5eeb55 Use the "testing" variant of several C libraries in build.rs 2018-07-18 16:18:25 -04:00
Nick Mathewson
e2261e7727 Merge remote-tracking branch 'isis/bug26398' 2018-07-18 16:12:29 -04:00
Nick Mathewson
23811052fe Add some missing includes and struct declarations. 2018-07-18 15:12:18 -04:00
Nick Mathewson
61e080e24a Merge branch 'maint-0.3.4' 2018-07-18 15:09:28 -04:00
Nick Mathewson
a7bd20ebaf Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-18 15:08:57 -04:00
Nick Mathewson
c31700d664 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-18 15:04:14 -04:00
Nick Mathewson
559f79fd79 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-18 15:03:27 -04:00
Nick Mathewson
a321d72401 Merge branch 'bug26485_029_squashed' into maint-0.2.9 2018-07-18 15:01:03 -04:00
Nick Mathewson
fd5dce0a1b Add a test for format_recommended_version_list. 2018-07-18 15:00:53 -04:00
Nick Mathewson
8ee1fe7aa7 Warn when an authority has voted for a version with a space in it.
Another way to try to prevent a recurrence of 26485.
2018-07-18 15:00:53 -04:00
Nick Mathewson
dcee4d4c9c Warn the directory authority operator if their versions list is bogus
Prevents bug 26485; bugfix on 0.1.1.6-alpha.
2018-07-18 15:00:53 -04:00
Nick Mathewson
ef5c3c8216 Merge branch 'ulimit_when_crashing' 2018-07-18 09:38:04 -04:00
teor
449d190e2e
SKIP test_key_expiration.sh on Windows until the underlying issue is resolved
Skip an unreliable key expiration test on Windows, until the underlying
issue in bug 26076 is resolved.

Fixes bug 26853; bugfix on 0.3.2.1-alpha.
2018-07-18 12:37:12 +10:00
Nick Mathewson
ee12c11dd4 Increase line coverage in libtor-string to 100%
(On linux.)
2018-07-17 16:47:32 -04:00
Nick Mathewson
e2b744ce38 Merge branch 'bug25552_ope_squashed' 2018-07-17 16:19:32 -04:00
George Kadianakis
14b507e520 Improve a log message. 2018-07-17 15:57:46 -04:00
George Kadianakis
9e6235d290 Fix time source bug in sr_state_get_start_time_of_current_protocol_run().
The following bug was causing many issues for this branch in chutney:

In sr_state_get_start_time_of_current_protocol_run() we were using the
consensus valid-after to calculate beginning_of_current_round, but we were
using time(NULL) to calculate the current_round slot. This was causing time
sync issues when the consensus valid-after and time(NULL) were disagreeing on
what the current round is. Our fix is to use the consensus valid-after in both
places.

This also means that we are not using 'now' (aka time(NULL)) anymore in that
function, and hence we can remove that argument from the function (and its
callers). I'll do this in the next commit so that we keep things separated.

Furthermore, we fix a unittest that broke.
2018-07-17 15:57:46 -04:00
George Kadianakis
4cfade2f46 Set revision counter before uploading, not during building.
We only build a descriptor once, and we just re-encode it (and change its intro
points if needed) before uploading.

Hence we should set the revision counter before uploading, not during building.
2018-07-17 15:57:46 -04:00
George Kadianakis
0140052a35 Make the OPE scheme return CRYPTO_OPE_ERROR on error.
Instead of UINT64_MAX.
2018-07-17 15:57:46 -04:00
George Kadianakis
d8b71609cb Compute OPE cipher structure only when needed.
The OPE cipher is tied to the current blinded key which is tied to the current
time period. Hence create the OPE cipher structure when we create a new
descriptor (and build its blinded key).
2018-07-17 15:57:46 -04:00
George Kadianakis
1d2333405e Remove now useless rev counter state file code.
We are not using the state file for rev counters anymore, we just generate them
on the fly!
2018-07-17 15:57:46 -04:00
George Kadianakis
2e8d4139a7 Fix up some unittests by being more careful with the local time.
Now that the rev counter depends on the local time, we need to be more careful
in the unittests. Some unittests were breaking because they were using
consensus values from 1985, but they were not updating the local time
appropriately. That was causing the OPE module to complain that it was trying
to encrypt insanely large values.
2018-07-17 15:57:46 -04:00
George Kadianakis
5fb6f656df Use approx_time() instead of time(NULL) in some HS functions.
These were breaking our unittests.
2018-07-17 15:57:46 -04:00
George Kadianakis
05c362274b Compute the description revision counter using the OPE scheme.
To do so for a given descriptor, we use the "seconds since the SR protocol run"
started, for the SRV that is relevant to this descriptor. This is guaranteed to
be a positive value (since we need an SRV to be able to build a descriptor),
and it's also guaranteed to be a small value (since SRVs stop being listed on a
consensus after 48 hours).

We cannot use the "seconds since the time period started", because for the next
descriptor we use the next time period, so the timestamp would end up negative.
See [SERVICEUPLOAD] from rend-spec-v3.txt for more details.

To do so, we have to introduce a new `is_current` argument to a bunch of
functions, because to use "seconds since the SR protocol run" we need to know
if we are building the current or the next descriptor, since we use a different
SRV for each descriptor.
2018-07-17 15:57:46 -04:00
George Kadianakis
deec6913c5 Introduce useful SRV funcs (start time of prev protocol run) 2018-07-17 15:57:46 -04:00
George Kadianakis
34a5eb5904 Increase OPE_INPUT_MAX. 2018-07-17 15:57:46 -04:00
Nick Mathewson
3a45f6ffe9 Implementation for a simple order-preserving encryption scheme.
This is meant for use when encrypting the current time within the
period in order to get a monotonically increasing revision counter
without actually revealing our view of the time.

This scheme is far from the most state-of-the-art: don't use it for
anything else without careful analysis by somebody much smarter than
I am.

See ticket #25552 for some rationale for this logic.
2018-07-17 15:57:46 -04:00
Nick Mathewson
304ee896d1 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-17 14:56:52 -04:00
Nick Mathewson
28d1057d56 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-17 14:56:52 -04:00
Nick Mathewson
61a2762e35 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-17 14:56:52 -04:00
Nick Mathewson
12afdcc15a Merge branch 'maint-0.3.4' 2018-07-17 14:56:52 -04:00
teor
6dafddd05d SKIP test_keygen.sh on Windows until the underlying issue is resolved
Skip an unreliable key generation test on Windows, until the underlying
issue in bug 26076 is resolved.

Fixes bug 26830; bugfix on 0.2.7.3-rc.
2018-07-17 14:56:18 -04:00
Nick Mathewson
4833717d69 Merge branch 'maint-0.3.4' 2018-07-17 14:46:16 -04:00
Nick Mathewson
c7dcf252fd Merge remote-tracking branch 'ahf-github/bugs/26437' 2018-07-17 14:33:31 -04:00
Neel Chauhan
32db806dfa Teach the OOM handler about the DNS cache 2018-07-17 09:19:27 -04:00
rl1987
8645647250 Fix build to work with --disable-unittests again 2018-07-17 12:09:34 +00:00
Kevin Gallagher
4ba26f95d5 control: Add new 'uptime' message to GETINFO
Sends the Tor controller the uptime in seconds.
Highly useful for monitoring purposes.
2018-07-16 19:19:10 -07:00
Neel Chauhan
d807ca1b01 Add and use dns_cache_total_allocation() 2018-07-16 17:19:53 -04:00
David Goulet
5aaea38d88 Merge remote-tracking branch 'pastly/issue26703' 2018-07-16 14:44:45 -04:00
teor
79f249e786 dirauth: Handle V3BandwidthsFile failure modes according to the new spec
If an authority is not configured with a V3BandwidthsFile, this line
SHOULD NOT appear in its vote.

If an authority is configured with a V3BandwidthsFile, but parsing
fails, this line SHOULD appear in its vote, but without any headers.

Part of 3723, implements the spec in 26799.
2018-07-16 14:43:49 +00:00
juga0
9773311b20 Add keyval header, that was moved to other file 2018-07-16 14:43:49 +00:00
juga0
c6aee94d19 Add tests for max length bw file headers 2018-07-16 14:43:49 +00:00
juga0
8164534f46 Ensure that bw_file_headers is not bigger than max 2018-07-16 14:43:49 +00:00
juga0
317d930f08 Add test with NULL bw_file_header
and complete v1.0.0 bandwidth file
2018-07-16 14:43:49 +00:00
juga0
e87793bae5 Move bandwidth file tests to same function
also add tests for bw_file_headers.
Headers are all that is found before a correct relay line or
the terminator.
Tests include:
* a empty bandwidth file
* a bandwidth file with only timestamp
* a bandwidth file with v1.0.0 headers
* a bandwidth file with v1.0.0 headers and relay lines
* a bandwidth file with v1.1.0 headers and v1.0.0 relay lines
* a bandwidth file with v1.0.0 headers, malformed relay lines and
  relay lines
* a bandwidth file with v1.0.0 headers, malformed relay lines,
  relay lines and malformed relay lines
* a bandwidth file with v1.1.0 headers without terminator
* a bandwidth file with v1.1.0 headers with terminator
* a bandwidth file with v1.1.0 headers without terminator and
  relay lines
* a bandwidth file with v1.1.0 headers with terminator and relay
  lines
* a bandwidth file with v1.1.0 headers without terminator, bad
  relay lines and relay lines
* a bandwidth file with v1.1.0 headers with terminator, bad relay
  lines and relay lines
2018-07-16 14:43:49 +00:00
juga0
87fc409a70 Replace bwlist by bw_file and terminator condition
If bandwidth file terminator is found, set end of headers flag
and do not store the line.
If it is not, parse a relay line and check whether it is a header
line.
2018-07-16 14:43:49 +00:00
juga0
f906d9be11 Replace bwlist by bw_file
and add bw file terminator constant
2018-07-16 14:43:49 +00:00
juga0
d79c65772b Rename bwlist to bw_file and banwidth to
bandwidth-file
2018-07-16 14:43:49 +00:00
juga0
6d8bc12583 Free bw_list_headers in networstatus_t 2018-07-16 14:43:49 +00:00
juga0
106eb08d27 Add bw_file_headers to networkstatus_t 2018-07-16 14:43:49 +00:00
juga0
f0a4a5f726 Check that the header is key_value
to avoid interpreting as headers extra lines that are not key_values
2018-07-16 14:43:49 +00:00
juga0
086060e138 Do not add bw file line to the vote
when there are not bw file headers lines.
2018-07-16 14:43:49 +00:00
juga0
e5dd46beab Add the Bandwidth List file headers to votes
* add bwlist_headers argument to dirserv_read_measured_bandwidth
  in order to store all the headers found when parsing the file
* add bwlist_headers to networkstatus_t in order to store the
  the headers found by the previous function
* include the bandwidth headers as string in vote documents
* add test to check that dirserv_read_measured_bandwidth generates
  the bwlist_headers
2018-07-16 14:43:48 +00:00
Nick Mathewson
f8e9c4a894 Try putting ulimit -c 0 in test_bt.sh to see if it fixes bug 26787 2018-07-16 07:53:43 -04:00
Nick Mathewson
8505522e50 Avoid a use-after-null-check in proto_socks.c
Coverity rightly complains that early in the function we're checking
whether username is NULL, and later we're passing it unconditionally
to strlen().

Fixes CID 1437967.  Bug not in any released Tor.
2018-07-16 07:51:11 -04:00
Nick Mathewson
ef234ba303 Merge branch 'socks_trunnel4_squashed_merged' 2018-07-15 17:07:20 -04:00
Nick Mathewson
f608cc0f31 Merge remote-tracking branch 'tor-github/pr/179' 2018-07-13 18:30:17 -04:00
Nick Mathewson
27dd2b1f1f Make nss get initialized before we fuzz anything. 2018-07-13 12:35:22 -04:00
Nick Mathewson
d811ce2421 Add postfork support for nss
We need this in our unit tests, since otherwise NSS will notice
we've forked and start cussing us out.

I suspect we'll need a different hack for daemonizing, but this
should be enough for tinytest to work.
2018-07-13 12:35:22 -04:00
Nick Mathewson
c317e78dd7 Initialize and shut down NSS.
This is largely conjectural, based on online documentation for NSS
and NSPR.
2018-07-13 12:35:22 -04:00
Alexander Færøy
46501cdd18 Fix forking tests on Windows when there is a space in the path.
See: https://bugs.torproject.org/26437
2018-07-13 12:46:18 +02:00
Alexander Færøy
c9de65f966 Add checks in get_net_param_from_list() for valid output domain.
This patch adds two assertions in get_net_param_from_list() to ensure
that the `res` value is correctly within the range of the output domain.

Hopefully fixes Coverity CID #1415721, #1415722, and #1415723.

See: https://bugs.torproject.org/26780
2018-07-13 12:43:57 +02:00
Nick Mathewson
710188f84e Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-12 14:32:16 -04:00
Nick Mathewson
98ee23ca1e Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-12 14:32:16 -04:00
Nick Mathewson
e0f33c1d3e Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-12 14:32:16 -04:00
Nick Mathewson
b6c50c6259 Merge branch 'maint-0.3.4' 2018-07-12 14:32:16 -04:00
Nick Mathewson
04512d9fcd SOCKS: Always free username/password before setting them.
This fixes a memory leak found by fuzzing.
2018-07-12 14:20:56 -04:00
Nick Mathewson
2d0e1cef20 Add fuzzing wrapper for fetch_from_buf_socks() 2018-07-12 14:20:46 -04:00
Roger Dingledine
cd4795ca3e put new bridge auth Serge into place
The "Bifroest" bridge authority has been retired; the new bridge authority
is "Serge", and it is operated by George from the TorBSD project.

Closes ticket 26771.
2018-07-12 14:12:13 -04:00
Nick Mathewson
7556933537 Merge branch 'socks_trunnel4_squashed' into socks_trunnel4_squashed_merged 2018-07-12 11:47:25 -04:00
rl1987
ba3121191b Use constants for possible values of first octet 2018-07-12 11:41:44 -04:00
rl1987
f27dc41627 Remove prop229 stuff from socks5.trunnel 2018-07-12 11:41:44 -04:00
rl1987
4c845fcf9e Rework socks_request_set_socks5_error() with trunnel 2018-07-12 11:41:44 -04:00
rl1987
a6af21c1b7 Document new code 2018-07-12 11:41:44 -04:00
rl1987
58cb2ed243 Fix buf_t advancement in fetch_buf_from_socks
We pullup 512 bytes of input to make sure that at least one SOCKS
message ends up in head of linked list
2018-07-12 11:41:44 -04:00
rl1987
01cf3007b5 Make a distinction between truncated message and expecting more messages 2018-07-12 11:41:42 -04:00
rl1987
fb105404f2 Fix whitespace/formatting 2018-07-12 11:41:20 -04:00
rl1987
d2e54ff8a5 Remove legacy SOCKS5 phase 2 code 2018-07-12 11:41:05 -04:00
rl1987
94706a427a Add CMD_RESOLVE to socks5_client_request 2018-07-12 11:41:05 -04:00
rl1987
bcbd3fb71e Second phase of SOCKS5 2018-07-12 11:41:05 -04:00
rl1987
57342b19f5 Remove legacy RFC1929 code 2018-07-12 11:41:05 -04:00
rl1987
9068ac3cac Implement SOCKS5 user/pass handling 2018-07-12 11:41:04 -04:00
rl1987
75106a26b4 Fix type in socks5.trunnel 2018-07-12 11:40:49 -04:00
rl1987
853d9b869d Remove legacy SOCKS5 phase 1 code 2018-07-12 11:40:49 -04:00
rl1987
63c478c1c4 Call new SOCKS code from parse_socks, to parse multiple packets in row 2018-07-12 11:40:49 -04:00
rl1987
27333b2298 Reimplement phase 1 of SOCKS5 using trunnel
squash! Reimplement phase 1 of SOCKS5 using trunnel
2018-07-12 11:40:49 -04:00
rl1987
c6a0b04d33 Remove legacy SOCKS4 code 2018-07-12 11:40:49 -04:00
rl1987
b160929c22 Add RESOLVE (0xF0) command to socks4_client_request 2018-07-12 11:40:49 -04:00
rl1987
9155e08450 Parsing SOCKS4/4a request using trunnel impl 2018-07-12 11:40:49 -04:00
Roger Dingledine
0317eb143e Remove a redundant typedef in proto_ext_or.h 2018-07-12 11:02:22 -04:00
Nick Mathewson
4ac87a430f Remove a redundant typedef in addr_policy_st.h 2018-07-12 10:35:29 -04:00
Nick Mathewson
a7ec493d88 Merge remote-tracking branch 'imnotbad/bug26663' 2018-07-12 08:59:23 -04:00
Nick Mathewson
f45107e7de Rename crypto.c to crypto_cipher.c (since that's all it still has.) 2018-07-11 14:12:36 -04:00
Nick Mathewson
9010797e63 Remove most includes from crypto.c 2018-07-11 14:02:23 -04:00
Nick Mathewson
922208bd2d Extract and rename crypto_log_errors(). 2018-07-11 13:54:47 -04:00
Nick Mathewson
8e2df98860 Move crypto_add_spaces_to_fp() to crypto_rsa.c 2018-07-11 13:51:26 -04:00
Nick Mathewson
12a1ada158 Move the initialization and cleanup parts of crypto.c
These are now part of crypto_init.c.  The openssl-only parts now
live in crypto_openssl_mgt.c.

I recommend reviewing this patch with -b and --color-moved.
2018-07-11 13:45:49 -04:00
Nick Mathewson
79267bad65 Add a configure switch to build with NSS.
When it is set, include the NSS headers and libraries as
appropriate.  Doesn't actually use them yet, though.
2018-07-11 13:22:20 -04:00
Nick Mathewson
92db96d80f Make our crypto library symbolic in the makefiles. 2018-07-11 12:51:36 -04:00
Nick Mathewson
2b52360448 Only use OpenSSL kdf support if it is present.
We have to check for ERR_load_KDF_strings() here, since that's the
only one that's actually a function rather than a macro.

Fixes compilation with LibreSSL.  Fixes bug 26712; bug not in
any released Tor.
2018-07-11 10:19:06 -04:00
Nick Mathewson
5aee26ee46 Move all use cases of micro-revision.i to a single place
That place is git-revision.c; git-revision.c now lives in lib/log.

Also fix the compilation rules so that all object files that need
micro-revision.i depend on it.
2018-07-11 09:52:39 -04:00
Nick Mathewson
537092cdbb Merge branch 'ticket26223' 2018-07-10 20:18:28 -04:00
Nick Mathewson
c90961a923 Document compat_getdelim_. 2018-07-10 20:18:20 -04:00
Nick Mathewson
391ef5e42c Explain why we use raw_free with getdelim result. 2018-07-10 20:16:37 -04:00
Nick Mathewson
b6d0e7caa4 Rename tm_cvt to time_to_tm 2018-07-10 15:25:53 -04:00
Nick Mathewson
e7f5f48d68 Rename torlog.[ch] to log.[ch]
Fun fact: these files used to be called log.[ch] until we ran into
conflicts with systems having a log.h file.  But now that we always
include "lib/log/log.h", we should be fine.
2018-07-10 15:20:30 -04:00
Nick Mathewson
41640b6573 Rename util_malloc to malloc. 2018-07-10 15:16:57 -04:00
Nick Mathewson
6711a172c0 Merge remote-tracking branch 'neel/fbsd-cfix' 2018-07-10 14:50:49 -04:00
Nick Mathewson
a2c44a7a7e Isolate resolve.h usage in the modules that really need it.
(Almost none of Tor should actually need to touch the platform resolver.)
2018-07-10 13:36:45 -04:00
Nick Mathewson
8de48c111c Remove addr_port_lookup.
This lets us cut the dependency from address.c to resolve.c: the
address.c module now has no paths to the libc resolver in it.
2018-07-10 13:32:37 -04:00
Nick Mathewson
2f657a1416 Remove all users of addr_port_lookup outside of address.c
This function has a nasty API, since whether or not it invokes the
resolver depends on whether one of its arguments is NULL.  That's a
good way for accidents to happen.

This patch incidentally makes tor-resolve support socks hosts on
IPv6.
2018-07-10 13:23:37 -04:00
Nick Mathewson
c2ddb7b231 Move tor_addr_{,port_}lookup to resolve.c 2018-07-10 13:00:02 -04:00
Nick Mathewson
5d8336c182 Refactor ipv[46].[ch]
These are now combined into an inaddr.[ch], since their purpose is
to implement functions for struct in_addr and struct in6_addr.

The definitions for in6_addr and its allies are now in a separate
header, inaddr_st.h.

Closes ticket 26532.
2018-07-10 12:50:38 -04:00
Neel Chauhan
6d58c20d94 Fix build on FreeBSD post-refactor 2018-07-10 12:32:14 -04:00
Nick Mathewson
ef106ce788 Document the headers in src/app/config/ 2018-07-10 12:28:31 -04:00
Nick Mathewson
4f42c923d6 File-level summary documentation for src/lib/*/*.[ch] 2018-07-10 12:22:01 -04:00
Nick Mathewson
e3e6335a08 Add controller support for listing ExtORPort and HTTPTunnelPorts
Closes ticket 26647.
2018-07-10 10:50:43 -04:00
Nick Mathewson
951d59d706 Use tor_getline() in dirserv.c to remove its upper line limit.
Closes ticket 26223.
2018-07-10 10:36:49 -04:00
Nick Mathewson
6574d4bd27 Refactor dirserv_read_measured_bandwidths to have a single exit point 2018-07-10 10:36:49 -04:00
Nick Mathewson
b04d719c10 Integrate getdelim() and getline() support into Tor. 2018-07-10 10:36:49 -04:00
Nick Mathewson
1604c0fe0e Add the compatibility definition for getdelim.c from netbsd.
We shouldn't actually need this code nearly anywhere we build:
getdelim is POSIX, and mingw provides it.
2018-07-10 10:14:24 -04:00
Nick Mathewson
5ce348c4c7 Bump to 0.3.4.4-rc-dev 2018-07-09 15:17:38 -04:00
Nick Mathewson
f5e3bcb60b Bump to 0.3.3.8-dev. 2018-07-09 15:17:16 -04:00
Nick Mathewson
19f2057d49 Fix some lingering windows compilation issues from Jenkins.
These were caused by the recent refactoring.
2018-07-09 12:54:40 -04:00
Nick Mathewson
eb856a3e51 strcasecmp should not take a size_t argument 2018-07-09 11:17:23 -04:00
Matt Traudt
d20feddfcc Lower log level of "Scheduler of type KIST has been enabled" to INFO 2018-07-09 10:48:43 -04:00
Nick Mathewson
98dff5df3f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 10:17:20 -04:00
Nick Mathewson
250e0fc1c4 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-09 10:17:20 -04:00
Nick Mathewson
1b81c4b5f3 Merge branch 'maint-0.3.4' 2018-07-09 10:17:20 -04:00
Nick Mathewson
6ad2c2b92f Merge remote-tracking branch 'github/bug26269_031' into maint-0.3.2 2018-07-09 10:17:17 -04:00
Nick Mathewson
e7463be39b Merge branch 'maint-0.3.4' 2018-07-09 10:16:51 -04:00
Nick Mathewson
83de46eb25 Changes file and comment for 25928. 2018-07-09 10:16:48 -04:00
Nick Mathewson
529faef28e Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 10:15:16 -04:00
Nick Mathewson
69918629f5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-09 10:14:43 -04:00
Nick Mathewson
4a604d9938 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-09 10:14:43 -04:00
Nick Mathewson
8b53dfc362 Merge branch 'bug26269_029' into maint-0.2.9 2018-07-09 10:14:39 -04:00
Nick Mathewson
7746b071d8 Merge remote-tracking branch 'gsomlo/gls-single-da' 2018-07-09 09:59:46 -04:00
Nick Mathewson
a1a55a33c2 Merge branch 'bug26488' 2018-07-09 09:37:14 -04:00
rl1987
46998fc8fd Validate that DirAuthority address is IPv4 2018-07-09 09:37:09 -04:00
Nick Mathewson
03283c00d8 Merge remote-tracking branch 'rl1987/bug26525' 2018-07-09 09:31:12 -04:00
Nick Mathewson
532873a924 Bump to 0.3.3.8 2018-07-09 09:24:07 -04:00
Nick Mathewson
9320100d6e Bump to 0.3.3.4-rc 2018-07-09 09:23:39 -04:00
Nick Mathewson
a95cfb8a58 Clear all control.c flags on control_free_all()
Fixes bug 25512.

(Cherry-picked from 3519d0c808
2018-07-09 09:20:45 -04:00
Nick Mathewson
8e3a52e5c3 Merge branch 'maint-0.3.4' 2018-07-09 09:14:41 -04:00
Nick Mathewson
75d9db9e5b Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 09:14:37 -04:00
Nick Mathewson
f721a08220 Merge remote-tracking branch 'catalyst-github/bug26455_033' into maint-0.3.3 2018-07-09 09:13:58 -04:00
Nick Mathewson
75f7064a13 Merge branch 'maint-0.3.4' 2018-07-09 09:11:42 -04:00
Nick Mathewson
d3894dc34b Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-09 09:11:41 -04:00
Nick Mathewson
1af69c1812 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 09:11:41 -04:00
Nick Mathewson
451a84cecb Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-09 09:11:41 -04:00
Nick Mathewson
fead22fb2a Merge remote-tracking branch 'mikeperry/bug25705_v3_033' into maint-0.3.3 2018-07-09 09:08:58 -04:00
Nick Mathewson
b8554dd880 Make Tor compile with --disable-memory-sentinels again 2018-07-09 08:44:16 -04:00
rl1987
2558634f0c Tool to print expiration date of ed25519_signing_cert 2018-07-08 15:13:33 +02:00
Kaidan
abeb07a1bf Made 'auto' keyword in torrc case insensitive 2018-07-08 00:15:16 +10:00
Karsten Loesing
9faa28b60e Update geoip and geoip6 to the July 3 2018 database. 2018-07-06 20:54:03 +02:00
Nick Mathewson
10c782d7fa Move ntmain.c into libtor-app again
It's needed by main.c

Fixes bug 26662; bug not in any released Tor.
2018-07-06 13:59:40 -04:00
Nick Mathewson
50963f36d7 Actually sort the lines in src/core/include.am 2018-07-05 17:15:50 -04:00
Nick Mathewson
667a6e8fe9 Whoops. Protover.[ch] belong in src/core/or 2018-07-05 17:15:50 -04:00
Nick Mathewson
f720a5a439 Fix everything that previously referred to src/or 2018-07-05 17:15:50 -04:00
Nick Mathewson
5f51c2de8b Fix our build system to know the new locations of the src/or stuff 2018-07-05 17:15:50 -04:00
Nick Mathewson
ef486e3c02 Fix every include path changed in the previous commit (automated)
I am very glad to have written this script.
2018-07-05 17:15:50 -04:00
Nick Mathewson
63b4ea22af Move literally everything out of src/or
This commit won't build yet -- it just puts everything in a slightly
more logical place.

The reasoning here is that "src/core" will hold the stuff that every (or
nearly every) tor instance will need in order to do onion routing.
Other features (including some necessary ones) will live in
"src/feature".  The "src/app" directory will hold the stuff needed
to have Tor be an application you can actually run.

This commit DOES NOT refactor the former contents of src/or into a
logical set of acyclic libraries, or change any code at all.  That
will have to come in the future.

We will continue to move things around and split them in the future,
but I hope this lays a reasonable groundwork for doing so.
2018-07-05 17:15:50 -04:00
Nick Mathewson
81cb0afb2b Start splitting src/or
This is a very gentle commit that just lays the groundwork in the
build system: it puts the include files to build libtor-app.a into
src/core, and to build the tor executable into src/app.  The
executable is now "src/app/tor".
2018-07-05 17:15:50 -04:00
Nick Mathewson
4eac5c6ce6 And tell build.rs to stop looking in src/common 2018-07-05 17:15:24 -04:00
Nick Mathewson
c73bb9937d Fix build.rs to handle removed common. 2018-07-05 17:14:55 -04:00
Nick Mathewson
753b797ca4 Fix up .may_includes for evloop. 2018-07-05 15:50:20 -04:00
Nick Mathewson
1dd5b5f441 Add a missing include. 2018-07-05 15:44:33 -04:00
Nick Mathewson
2d69c32bb6 Clean up include paths for libtor-evloop (automated) 2018-07-05 15:22:17 -04:00
Nick Mathewson
1e417b7275 All remaining files in src/common belong to the event loop. 2018-07-05 15:22:17 -04:00
Nick Mathewson
947de40d19 Move openbsd-malloc responsibility to lib/malloc
(Note that this is not believed to work, but we may as well have it
in the right place till we remove it)
2018-07-05 15:07:08 -04:00
Nick Mathewson
4593829861 Remove util.h
Inline its contents (which were all includes) into or.h, and some of
its contents into other places that didn't include or.h at all.
2018-07-05 15:04:18 -04:00
Nick Mathewson
0adcfbc7c8 Move address_set to src/or
This is temporary, until src/or is split.

Putting this in containers would be another logical alternative,
except that addresses depend on containers, and we don't like
cycles.
2018-07-05 14:51:07 -04:00
Nick Mathewson
24c0f83185 Move socks5_status.h to src/lib/net
There might be a better place for it in the long run, but this is
the best I can think of for now.
2018-07-05 14:48:29 -04:00
Nick Mathewson
0e4b1781f4 Move handles.h to src/lib/container
There might be a better place for it in the long run, but this is
the best we can think of for now.
2018-07-05 14:45:34 -04:00
Nick Mathewson
3d610363ef Include compat_string.h in smartlist.c
We need this for strcasecmp on (some) Windows build environments.

Fix from Gisle Vanem.
2018-07-05 13:53:17 -04:00
Nick Mathewson
fecb8214d5 Try to use stricmp variants that MSDN actually recommends
Per recommendation by Gisle Vanem
2018-07-05 13:51:50 -04:00
Gabriel L. Somlo
97fad99483 Allow single DA if explicitly configured
When on a private network a single directory authority is explicitly
configured, allow that DA's instace of tor to pick itself as its own
DA, by having router_pick_dirserver_generic() set the PDS_ALLOW_SELF
flag when the list of potential sources contains only one element.
This would subsequently allow router_pick_trusteddirserver_impl() to
calculate is 'requreother' condition as 'false', enabling it to pick
itself as a valid DA candidate.

Fixes #25928

Signed-off-by: Gabriel Somlo <gsomlo@gmail.com>
2018-07-03 14:58:47 -04:00
Nick Mathewson
2878dad9db Merge branch 'maint-0.3.4' 2018-07-03 13:31:26 -04:00
Nick Mathewson
32d9d69350 Merge remote-tracking branch 'github/bug26568_034' into maint-0.3.4 2018-07-03 13:16:37 -04:00
Nick Mathewson
df98582851 Merge remote-tracking branch 'github/ticket26626' 2018-07-03 12:52:43 -04:00
Nick Mathewson
fe8f774820 Merge branch 'bug26522' 2018-07-03 11:34:36 -04:00
rl1987
d0525c38d6 Refrain from potentially insecure usage of strncat() 2018-07-03 11:34:14 -04:00
Nick Mathewson
77e678c20d Merge remote-tracking branch 'github/shrink_or_h_more' 2018-07-03 11:09:54 -04:00
Nick Mathewson
02a4442524 Fix up some windows compilation issues.
These were mostly cases where our previous macros had been casting,
and the values that we were trying to printf were not in fact
uint64_t.
2018-07-03 11:00:18 -04:00
Nick Mathewson
d5a3bb960d Retire U64_TO_DBL and DBL_TO_U64
These were necessary long ago to work around a bug in VC6.
2018-07-03 10:45:43 -04:00
Nick Mathewson
9568c0ce3d Return U64_PRINTF_ARG and U64_FORMAT
The standard is printf("%"PRIu64, x);
2018-07-03 10:40:59 -04:00
Nick Mathewson
52884f56d4 Replace U64_LITERAL with the standard UINT64_C 2018-07-03 10:33:50 -04:00
Nick Mathewson
cf0b07c2e5 Retire some unused (or nearly unused) macros. 2018-07-03 10:31:19 -04:00
Nick Mathewson
4638be5312 Use the standard SHRT_MAX name. 2018-07-03 10:28:10 -04:00
Nick Mathewson
c75215c23a Clean up various things that broke with our stdint.h changes
Casting before printf was necessary; now it's not so smart.

We don't have SIZEOF_UINT8_T any more.
2018-07-03 10:26:06 -04:00
Nick Mathewson
e2a94dc481 Require stdint.h and inttypes.h
We've been silently requiring stdint.h for a while now, and nobody
has complained.  Closes ticket 26626.
2018-07-03 10:25:31 -04:00
Nick Mathewson
a01b4d7f87 Merge remote-tracking branch 'rl1987/ticket26527' 2018-07-03 09:53:46 -04:00
Nick Mathewson
a4e8f94507 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-03 09:48:03 -04:00
Nick Mathewson
4c094436c5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-03 09:48:03 -04:00
Nick Mathewson
d38e474950 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-03 09:48:03 -04:00
Nick Mathewson
228d25ddf6 Merge branch 'maint-0.3.4' 2018-07-03 09:48:03 -04:00
rl1987
439b528f25 Rename sandbox_getaddrinfo() et. al. 2018-07-03 15:53:39 +03:00
rl1987
fedb3e46ec Remove ATTR_NONNULL macro 2018-07-03 12:33:09 +03:00
Nick Mathewson
dfdf32404c Partially revert "Use tor_addr_from_getsockname() in several places"
This reverts part of commit 6ed384b827, in order to
fix bug 26568.  Bugfix on 0.3.4.1-alpha.
2018-07-02 16:11:02 -04:00
Nick Mathewson
3baf3d01cb hs_ntor_ref.py: pass only strings to subprocess.Popen
Recent Python3 versions seem to require this on Windows.

Fixes bug 26535; bug copied from ntor_ref.py on 0.3.1.1-alpha.
2018-07-02 14:23:26 -04:00
Nick Mathewson
fc5f8b6931 ntor_ref.py: pass only strings to subprocess.Popen
Recent Python3 versions seem to require this on Windows.

Fixes bug 26535; bug introduced in f4be34f70d, which
was apparently intended itself as a Python3 workaround.
2018-07-02 14:18:41 -04:00
Nick Mathewson
bfcfeaed07 Merge branch 'mikeperry_bug26214-rebased_squashed' into maint-0.3.4 2018-07-02 13:22:07 -04:00
Nick Mathewson
c8ccd028a7 Don't redefine str(n)casecmp on windows unless they're missing
When we do redefine them, use inline functions instead of #define.

This fixes a latent code problem in our redefinition of these
functions, which was exposed by our refactoring: Previously, we
would #define strcasecmp after string.h was included, so nothing bad
would happen.  But when we refactored, we would sometimes #define it
first, which was a problem on mingw, whose headers contain
(approximately):

inline int strcasecmp (const char *a, const char *b)
   { return _stricmp(a,b); }

Our define turned this into:
  inline int _stricmp(const char *a, const char *b)
    { return _stricmp(a,b); }

And GCC would correctly infer that this function would loop forever,
rather than actually comparing anything.  This caused bug 26594.

Fixes bug 26594; bug not in any released version of Tor.
2018-07-02 11:50:17 -04:00
Nick Mathewson
cb1a3674eb File-level documentation for some of src/lib. 2018-07-01 20:22:55 -04:00
Nick Mathewson
83a4946e7b Prune the .may_include files a bit; detect unused lines in them 2018-07-01 18:14:28 -04:00
Nick Mathewson
518ebe14dc fixup! Extract or_options_t from or.h 2018-07-01 16:02:33 -04:00
Nick Mathewson
8d562c040f fixup! Remove system headers from or.h 2018-07-01 15:31:18 -04:00
Nick Mathewson
6c440da926 Remove system headers from or.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
13116378b1 Extract or_options_t from or.h
I decided to have this file included from config.h, though, since it
is used nearly everywhere.
2018-07-01 15:20:37 -04:00
Nick Mathewson
986d761510 Extract or_state_t to its own header.
Fewer modules needed this than I had expected.
2018-07-01 15:20:37 -04:00
Nick Mathewson
f75357ec35 Pull a couple more enums from or.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
6ccd98f93e Move ext_or_cmd_t to proto_ext_or 2018-07-01 15:20:37 -04:00
Nick Mathewson
49f88e77e5 Extract more constants from or.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
f54a5cbfb6 Extract addr_policy_t into a new header. 2018-07-01 15:20:37 -04:00
Nick Mathewson
6da0311d2c Extract various enums and tiny structs from or.h
These all have a logical header to go in.
2018-07-01 15:20:37 -04:00
Nick Mathewson
1743dac078 Minimize headers that include crypto_formats and x25519 stuff 2018-07-01 15:20:37 -04:00
Nick Mathewson
500826479a Remove other needless includes include from or/*.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
471104eaa5 Remove needless includes from or.h
or.h should really include only the minimum of stuff from or/*,
common/*, and lib/*.
2018-07-01 15:20:37 -04:00
Nick Mathewson
7a61a92870 Combine DH_BYTES and DH_KEY_LEN; put them in a lib/defs header. 2018-07-01 11:25:29 -04:00
Nick Mathewson
cf8c3abff1 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-01 10:22:21 -04:00
Nick Mathewson
adcd1d8b9a Merge branch 'maint-0.3.4' 2018-07-01 10:22:21 -04:00
Nick Mathewson
9aeef05f8f Merge remote-tracking branch 'dgoulet/bug26523_033_01' into maint-0.3.3 2018-07-01 10:22:18 -04:00
Nick Mathewson
43dc92441d Tabify all of the .am files. 2018-07-01 09:37:28 -04:00
Nick Mathewson
028523c801 Merge branch 'maint-0.3.4' 2018-06-30 09:15:39 -04:00
Nick Mathewson
e042727cf0 Merge remote-tracking branch 'catalyst-github/bug25895_034-squashed' into maint-0.3.4 2018-06-30 09:15:34 -04:00
Nick Mathewson
57155d38a3 Merge branch 'maint-0.3.4' 2018-06-29 23:12:03 -04:00
Nick Mathewson
8093a63f95 Restor EOL@EOF in routerlist.c 2018-06-29 23:08:45 -04:00
Nick Mathewson
ce940c8c09 Add another winsock2 include, for timeval in procmon. 2018-06-29 19:17:24 -04:00
Nick Mathewson
5921b23e15 add an include to fix macos, and probably bsd too 2018-06-29 14:03:13 -04:00
Nick Mathewson
ed84dab8b4 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-29 13:49:43 -04:00
Nick Mathewson
36c372581f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:49:43 -04:00
Nick Mathewson
75a6e7e256 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:49:43 -04:00
Nick Mathewson
cd3f957219 Merge branch 'maint-0.3.4' 2018-06-29 13:49:43 -04:00
Nick Mathewson
a3ec89a4f8 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-29 13:49:43 -04:00
Nick Mathewson
3c0a63c40f Fix a memory error in test_shared_random
Bug not in any released Tor.
2018-06-29 13:49:02 -04:00
Nick Mathewson
d583459d58 Fix some memory errors in the recent coverity fixes.
Found by asan on travis :/
2018-06-29 13:48:36 -04:00
Nick Mathewson
92b4996b23 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:07:13 -04:00
Nick Mathewson
d3ecb3a8d6 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:07:13 -04:00
Nick Mathewson
1f389dadd0 Merge branch 'maint-0.3.4' 2018-06-29 13:07:13 -04:00
Nick Mathewson
6e9d5fc4ec Merge remote-tracking branch 'ahf-github/maint-0.3.2' into maint-0.3.2 2018-06-29 13:07:07 -04:00
Nick Mathewson
7a47379f25 Merge branch 'maint-0.3.4' 2018-06-29 13:06:16 -04:00
Nick Mathewson
f82f8179e6 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:06:15 -04:00
Nick Mathewson
f6b30a97a9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:06:15 -04:00
Nick Mathewson
68dfbd5ef4 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-29 13:06:15 -04:00
Nick Mathewson
b89a66e997 Merge remote-tracking branch 'ahf-github/maint-0.3.0' into maint-0.3.1 2018-06-29 13:06:11 -04:00
Nick Mathewson
419077c26d Merge remote-tracking branch 'ahf-github/maint-0.3.1' into maint-0.3.1 2018-06-29 13:06:08 -04:00
Nick Mathewson
1a5be3c5e7 Merge branch 'maint-0.3.4' 2018-06-29 13:03:00 -04:00
Nick Mathewson
5ab23e03fa Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:02:56 -04:00
Nick Mathewson
df896ed632 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:00:56 -04:00
Nick Mathewson
fe2588a5a8 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-29 13:00:56 -04:00
Nick Mathewson
1385a5118d Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-29 13:00:56 -04:00
Nick Mathewson
9d5b815dca Add a missing include to timers, to make windows happier 2018-06-29 12:59:43 -04:00
Nick Mathewson
6ac64e16ed Eliminate compat.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
077176a34c Stop using util.h and compat.h in src/trunnel/ 2018-06-29 12:21:52 -04:00
Nick Mathewson
666e3e5ec6 Stop using util.h and compat.h in src/tools 2018-06-29 12:21:52 -04:00
Nick Mathewson
4212a135e1 Remove util.h and compat.h includes from src/common 2018-06-29 12:21:52 -04:00
Nick Mathewson
35e1c497aa Combine compat.h into util.h
This is now just a collection of frequently-used headers.
2018-06-29 12:21:52 -04:00
Nick Mathewson
714788b195 Remove non-windows system includes from compat.h and util.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
71e56c70e9 Remove windows libraries from util.h and compat.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
31897a256c Extract socks5_status_t
I'm not sure of the best place to put this header long-term, since
both or/*.c and tools/tor-resolve.c use it.
2018-06-29 12:21:52 -04:00
Nick Mathewson
080069c7b3 Move SIO_IDEAL_SEND_BACKLOG_QUERY into socket.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
b21108f839 Remove an errant (and unused) include permission in lib/tls 2018-06-29 12:21:52 -04:00
Nick Mathewson
e269044ce0 Remove compat.c and util.c 2018-06-29 12:21:52 -04:00
Nick Mathewson
4e11c2ca6c Extract getpass to a new lib/term library
(Term is short for terminal)
2018-06-29 12:21:52 -04:00
Nick Mathewson
e0957022bd Extract get_uname to lib/osinfo. 2018-06-29 12:21:52 -04:00
Nick Mathewson
207fc4cffe Move SUBTYPE_P into compat_compiler.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
77bc65bbc4 Move bool_eq and bool_neq to lib/intmath 2018-06-29 12:21:52 -04:00
Nick Mathewson
40199b180e Remove read_all and write_all
These had become wrappers around their fd and socket variants; there
were only a few users of the original functions still remaining.
2018-06-29 12:21:52 -04:00
Nick Mathewson
0362cdc169 Move fd and memory-info functions. 2018-06-29 12:21:52 -04:00
Nick Mathewson
973afcc40b Move tor_get_avail_disk_space() to lib/fs 2018-06-29 09:43:00 -04:00
Nick Mathewson
f0319fcbde Merge remote-tracking branch 'catalyst-github/fix-macos-includes' 2018-06-28 18:19:53 -04:00
Taylor Yu
f9e22c68a0 Fix macOS includes
Recent code movement from refactoring missed some includes that seem
to be necessary on macOS.
2018-06-28 17:15:53 -05:00
Nick Mathewson
365179cd16 Fix a bogus n in a comment 2018-06-28 17:21:15 -04:00
Nick Mathewson
c84ab36eff A couple of includes to make windows compile again 2018-06-28 16:37:59 -04:00
Nick Mathewson
935ba02565 Fix paths for buffers.h; automated. 2018-06-28 16:29:35 -04:00
Nick Mathewson
d8b34e0886 Move buffers into container
Split the network-only and compression-only parts of buffers into
the appropriate modules.
2018-06-28 16:28:08 -04:00
Nick Mathewson
be40ad51b6 Add sys/capability.h and sys/prctl.h includes in setuid.c 2018-06-28 15:34:51 -04:00
Nick Mathewson
b67754cd64 compat_threads.c needs string.h for memset. 2018-06-28 15:20:26 -04:00
Nick Mathewson
a742a826f6 Remove all include common/ uses in crypto_ops and tls. 2018-06-28 14:40:25 -04:00
Nick Mathewson
0f02d2c041 Fix windows compilation in compat_time
We need to use lib/fs/winlib.h here so that we can use
GetTickCount64.

I would love to declare that XP is dead, and everybody has
GetTickCount64.
2018-06-28 13:40:21 -04:00
Nick Mathewson
7d7af19f1b Use tor_ntohs in compress.c; avoid a winsocks dependency 2018-06-28 13:39:49 -04:00
Nick Mathewson
326c473b79 fixup! Extract time functionality into lib/wallclock and lib/time 2018-06-28 13:39:09 -04:00
Nick Mathewson
02bb701bba Move DLL support to lib/fs 2018-06-28 13:37:51 -04:00
Nick Mathewson
8fc15e4861 Add ntohs and htons to lib/arch/bytes.h 2018-06-28 13:26:27 -04:00
Nick Mathewson
4dda026f0d Update lib/compress to not require common/*.h 2018-06-28 13:19:58 -04:00
Nick Mathewson
3d1e99d01b Move MIN and MAX into lib/intmath/cmp.h 2018-06-28 13:19:42 -04:00
Nick Mathewson
8736892679 Remove a pair of windows flags used nowhere in our code 2018-06-28 13:02:33 -04:00
Nick Mathewson
57f4b83852 Fix up the include path of compat_time.h (automated) 2018-06-28 13:01:54 -04:00
Nick Mathewson
a097ddb4f5 Extract time functionality into lib/wallclock and lib/time 2018-06-28 13:01:54 -04:00
Nick Mathewson
bdea94a665 Move floating-point math functions into a new lib/math 2018-06-28 12:24:45 -04:00
Nick Mathewson
6178a9f758 Move compute_num_cpus to lib/thread 2018-06-28 12:08:18 -04:00
Nick Mathewson
042df08693 Move network_init to lib/net 2018-06-28 11:59:16 -04:00
Nick Mathewson
db1a420c4e Move tor_gethostname to lib/net 2018-06-28 11:57:01 -04:00
Nick Mathewson
8c6ff9fec2 Move tor_escape_str_for_pt_args into or/transports.c 2018-06-28 11:49:27 -04:00
Nick Mathewson
30166261bb Move string_is_key_value to lib/encoding 2018-06-28 11:46:32 -04:00
Nick Mathewson
48ebd9bf76 Move weakrng into lib/intmath 2018-06-28 11:39:49 -04:00
Nick Mathewson
aa3edfd205 Move lockfile code into lib/fs 2018-06-28 11:33:50 -04:00
Nick Mathewson
84b8dfe635 Move socket-errno code into lib/net 2018-06-28 11:20:31 -04:00
Nick Mathewson
315e6b59dd Extract process-management functionality into a new lib/process
Note that procmon does *not* go here, since procmon needs to
integrate with the event loop.
2018-06-28 11:18:13 -04:00
Nick Mathewson
ec4eee6356 Fix the include paths for storagedir,conffile (automated) 2018-06-28 09:42:33 -04:00
Nick Mathewson
a1f3ece16d Move conffile and storagedir to lib/fs 2018-06-28 09:38:17 -04:00
Nick Mathewson
38fd3e0df0 Fix up the modules that include memarea.h (automated) 2018-06-28 09:25:58 -04:00
Nick Mathewson
eee86e627b Extract memarea into its own library 2018-06-28 09:25:18 -04:00
Nick Mathewson
9cf335c9a5 Extract threading code into a new library.
Note that the workqueue code does *not* go here: it is logically at
a higher level, since it needs to use libevent and the networking
stack.
2018-06-28 09:14:42 -04:00
Nick Mathewson
544ab27a94 Extract the alert-socket code into lib/net.
This code was in compat_threads, since it was _used_ for efficiently
notifying the main libevent thread from another thread.  But in
spite of its usage, it's fundamentally a part of the network code.
2018-06-28 08:49:07 -04:00
Nick Mathewson
0b7452eeb2 rectify include paths (automatic) for confline.h 2018-06-27 16:59:56 -04:00
Nick Mathewson
b9b44bf000 Move confline.c to lib/encoding: it is about encoding key-value pairs
Also, move "unescape_string()" to encoding too, since it's about
encoding data as C strings.
2018-06-27 16:59:56 -04:00
Nick Mathewson
696f6f1569 Split confline into confline and conffile.
The "conffile" module knows about includes and filesystem access,
whereas confline doesn't.  This will make it possible to put these
functions into libraries without introducing a cycle.
2018-06-27 16:59:56 -04:00
Nick Mathewson
0a9d8dcf2b Move hex_str to binascii.c 2018-06-27 16:59:56 -04:00
Nick Mathewson
194a34cdc2 Extract time encoding functions into lib/encoding 2018-06-27 16:59:56 -04:00
Nick Mathewson
235ddb15a0 Move util_format into a new libtor-encoding library
libtor-encoding is about various ways to transform data to and from
character sequences.
2018-06-27 16:18:42 -04:00
Nick Mathewson
3cff3e825a Move several address-string-testing functions to address.c 2018-06-27 16:18:42 -04:00
Nick Mathewson
e165c9c304 Move various mem* functions to lib/string 2018-06-27 16:18:42 -04:00
Alex Xu (Hello71)
614a78ddaa Fix Rust cross compilation. 2018-06-27 14:42:06 -05:00
Nick Mathewson
9e592d1dec Move tor_strtok_r to libtor-string 2018-06-27 15:28:55 -04:00
Nick Mathewson
4d81f5211b Move set/get_uint*() to inline functions in arch/bytes.h
Also move our ntohll/htonll functions.
2018-06-27 15:28:44 -04:00
Nick Mathewson
000de2f2ac Merge branch 'fs_refactor' 2018-06-27 14:45:17 -04:00
Nick Mathewson
2113603718 Merge branch 'sandbox_refactor' 2018-06-27 14:45:14 -04:00
Nick Mathewson
b9b05e437d Merge branch 'net_refactor' 2018-06-27 12:52:31 -04:00
Nick Mathewson
300e3bebd1 Merge branch 'ticket26494' 2018-06-27 12:47:08 -04:00
Nick Mathewson
3d606dddb9 fixup! Move format_win32_error into lib/log/ 2018-06-27 12:35:48 -04:00
Nick Mathewson
1e2e0f7e46 Extract functions from compat.c and util.h into a new fs library 2018-06-27 12:30:11 -04:00
Nick Mathewson
3246c114a2 Move format_win32_error into lib/log/ 2018-06-27 12:30:11 -04:00
David Goulet
3f8a12a63a control: Make HSPOST properly parse HSADDRESS= param
For HSv3, the HSADDRESS= wasn't properly parsed for the HSPOST command. It now
correctly use it and furthermore sends back a "200 OK" in case the command is
successful for a v3 descriptor.

Fixes #26523

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-06-27 12:25:24 -04:00
Nick Mathewson
356f59b1bd Move read/write_all_to_socket into lib/net. 2018-06-27 12:01:11 -04:00
Nick Mathewson
67135ca8e0 Split read_all and write_all into separate functions 2018-06-27 10:47:42 -04:00
Nick Mathewson
05040a9e84 Minimize and permit sandbox includes from crypto_ops. 2018-06-27 10:12:39 -04:00
Nick Mathewson
ad24ccd472 Minimize includes from sandbox.c 2018-06-27 10:11:27 -04:00
Nick Mathewson
55b7939367 Fix up include paths for sandbox.h (automated) 2018-06-27 10:04:41 -04:00
Nick Mathewson
bee580ddba Move sandbox code into a new library. 2018-06-27 10:04:17 -04:00
Nick Mathewson
0742b38725 Revert "Use the "commands" argument of AC_CONFIG_FILES to make scripts +x"
This reverts commit 56c1fbf33f.
2018-06-27 09:53:46 -04:00
Nick Mathewson
d893be190f rectify include paths (automatic) for address.h 2018-06-27 09:13:04 -04:00
Nick Mathewson
3930416dec Link GetAdaptersAddresses, rather than loading it on-demand.
This function has been present since Windows XP.
2018-06-27 09:12:57 -04:00
Nick Mathewson
42b3caa6ad Move network code to libtor-net.
There are some additional changes to come: those points are marked
by XXXX.
2018-06-27 09:08:35 -04:00
Nick Mathewson
80730c45e0 Move tor_parse_long and friends into parse_int.h in libtor-string 2018-06-26 21:02:29 -04:00
Nick Mathewson
7159edf909 Move the escape-for-log code into src/lib/log
It doesn't need anything higher-level, and everything that needs the
logs potentially needs this.
2018-06-26 20:51:17 -04:00
Nick Mathewson
5f41bc91c6 Merge branch 'ticket26439' 2018-06-26 17:02:06 -04:00
Nick Mathewson
ebbb0348dc Finish renaming digestset_contains to digestset_probably_contains
Since bloom filters are probabilistic, it's nice to make it clear
that the "contains" operation can have false positives.
2018-06-26 13:27:50 -04:00
Nick Mathewson
bf89278c79 Refactor bloom filter logic not to be digest-specific.
Now the address-set code and the digest-set code share the same
backend.

Closes ticket 26510
2018-06-26 13:27:23 -04:00
Nick Mathewson
82a7343b06 fixup! Extract core part of smartlist code into its own library. 2018-06-26 12:21:35 -04:00
Nick Mathewson
6e2b6a6685 fixup! Extract core part of smartlist code into its own library. 2018-06-26 12:18:49 -04:00
Nick Mathewson
d7bd8cf3b6 Use raw_assert directly in smartlist_core
I had previously added a "#define tor_assert raw_assert" here, to
make code movement in the previous commit more clear.
2018-06-26 12:16:04 -04:00
Nick Mathewson
b1de1e7a77 Extract core part of smartlist code into its own library.
The smartlist_core library now contains only the parts of smartlists
that are needed for the logging library.  This resolves the
circularity between "container" and "log".

The "containers" library still uses the logging code, and has the
higher-level smartlist functions.
2018-06-26 12:13:23 -04:00
Nick Mathewson
58fc42fdce Fix comments in lib/container/*.c 2018-06-26 11:33:53 -04:00
Nick Mathewson
92d8284a97 Merge branch 'log_dependencies' 2018-06-26 11:27:33 -04:00
Nick Mathewson
cf0597c3b2 Bump version to 0.3.4.3-alpha-dev 2018-06-26 09:12:23 -04:00
rl1987
240f33e327 Generate trunnel impls and include into build 2018-06-26 12:37:33 +03:00
rl1987
adbe6a2521 Copy socks5.trunnel from trunnel examples dir 2018-06-26 12:37:33 +03:00
Nick Mathewson
b556894ef2 Include stdio.h in torerr.c. 2018-06-25 16:52:14 -04:00
Nick Mathewson
6c836b9e8c Bump to 0.3.4.3-alpha. 2018-06-25 14:07:23 -04:00
Nick Mathewson
b059c38d8a Merge branch 'maint-0.3.4' 2018-06-25 13:50:37 -04:00
Corey Farwell
e62582e9fe Run rustfmt on 'src/rust/protover/ffi.rs'. 2018-06-25 08:03:04 -04:00
Corey Farwell
6d2e4dea10 Utilize type param in method invocation. 2018-06-24 22:45:07 -04:00
Corey Farwell
59d4505749 Utilize if..else for switching on boolean values. 2018-06-24 22:44:36 -04:00
Roger Dingledine
04b350b476 better log line for debugging #26485 2018-06-24 18:14:24 -04:00
Roger Dingledine
73ae92dc52 we've never been good at using "directory" well as a noun 2018-06-24 18:08:24 -04:00
Nick Mathewson
d85fbc9a58 Add some casts to get test_dir.c compiling on windows.
Fixed bug 26479.  Bug introduced by 0a6f4627a4292e4; bug not in any
released version.
2018-06-24 14:06:39 -04:00
Nick Mathewson
3cc0a145bd Fix test_geoip failures on windows by writing file in binary mode.
Fixes bug 26480; bug appeared when we re-enabled the geoip tests on
windows.  Bug originally introduced by our fix to 25787; bug not in
any released Tor.
2018-06-24 14:06:05 -04:00
Corey Farwell
94880b2db7 Utilize if let construct instead of explicit unwrapping. 2018-06-24 10:16:11 -04:00
Corey Farwell
7e9c37f9cb Change allocate_and_copy_string to take a &str instead of &String. 2018-06-24 08:58:26 -04:00
Alexander Færøy
8ec6b36dca Fix memory leak in test_sr_setup_commits().
This patch fixes a memory leak in test_sr_setup_commits() where the
place_holder is allocated, but never freed again.

See: Coverity CID 1437440.
2018-06-23 13:11:03 +02:00
Alexander Færøy
3395de51a0 Fix memory leak in disk_state_parse_commits().
This patch fixes a memory leak in disk_state_parse_commits() where if
commit is NULL, we continue the internal loop, but without ever freeing
the args variable.

See: Coverity CID 1437441.
2018-06-23 13:10:57 +02:00
Alexander Færøy
dcbfee246f Fix memory leak in frac_nodes_with_descriptors().
This patch fixes a memory leak in frac_nodes_with_descriptors() where
we might return without free'ing the bandwidths variable.

See: Coverity CID 1437451.
2018-06-23 13:10:29 +02:00
Alexander Færøy
a2e623f631 Fix memory leak in helper_add_hsdir_to_networkstatus().
This patch fixes a memory leak in helper_add_hsdir_to_networkstatus()
where the rs object might not get properly freed.

See: Coverity CID 1437427.
2018-06-23 13:07:56 +02:00
Alexander Færøy
8e805bf0f6 Fix memory leak in new_establish_intro_cell().
This patch fixes a memory leak in new_establish_intro_cell() that could
happen if a test assertion fails and the *cell_out value isn't properly
free'd.

See: Coverity CID 1437445
2018-06-23 13:07:56 +02:00
Alexander Færøy
8550016e6f Fix memory leak in test_channelpadding_consensus().
The relay variable is always allocated, but might not be freed before we
return from this function.

See: Coverity CID 1437431
2018-06-23 12:52:04 +02:00
Alexander Færøy
c997d49ad6 Fix memory link in test_link_specifier().
This patch fixes a memory leak in test_link_specifier() where ls might
not get freed in case one of the test macros fails.

See: Coverity CID 1437434.
2018-06-23 12:39:20 +02:00
Alexander Færøy
3d80c086be Fix memory leak in decode_link_specifiers().
This patch fixes a memory leak in decode_link_specifiers() where the
hs_spec variable might leak if the default label is taken in the
switch/case expression.

See: Coverity CID 1437437.
2018-06-23 11:54:36 +02:00
Alexander Færøy
d86c45bf5c Fix memory leak in client_likes_consensus().
This patches fixes a memory leak in client_likes_consensus() where if
consensus_cache_entry_get_voter_id_digests() would fail we would return
without having free'd the voters list.

See: Coverity CID 1437447
2018-06-23 10:33:40 +02:00
Alexander Færøy
dc2384da30 Fix potential memory leak in hs_helper_build_hs_desc_impl().
This patch fixes a memory leak in hs_helper_build_hs_desc_impl() where
if a test assertion would fail we would leak the storage that `desc`
points to.

See: Coverity CID 1437448
2018-06-23 10:27:10 +02:00
Alexander Færøy
ce5d055ed7 Fix memory leak in pick_hsdir_v3().
This patch fixes a memory leak in pick_hsdir_v3() where we might return
early, but forgot to free the responsible_hsdirs variable. We solve this
by not allocating storage for responsible_hsdirs until it's actually
needed.

See: Coverity CID 1437449
2018-06-23 03:40:32 +02:00
Alexander Færøy
1724f995c7 Fix potential memory leak in test_hs_auth_cookies().
This patch fixes a potential memory leak in test_hs_auth_cookies() if a
test-case fails and we goto the done label where no memory clean up is
done.

See: Coverity CID 1437453
2018-06-23 03:17:09 +02:00
Alexander Færøy
8c8941eb29 Fix potential memory leak in hs_helper_build_intro_point().
This patch fixes a potential memory leak in
hs_helper_build_intro_point() where a `goto done` is called before the
`intro_point` variable have been assigned to the value of the `ip`
variable.

See: Coverity CID 1437460
See: Coverity CID 1437456
2018-06-23 02:29:54 +02:00
Nick Mathewson
1b93b065fc Make an inline static so we can build with coverage enabled. 2018-06-22 14:11:37 -04:00
Nick Mathewson
405fa42e8a Another windows include 2018-06-22 13:52:30 -04:00
Nick Mathewson
4b32446a4c We also need torerr in tm_cvt. 2018-06-22 13:34:35 -04:00
Nick Mathewson
145665abcb Add another include for windows, and change a log to a raw_assert 2018-06-22 13:33:48 -04:00
Nick Mathewson
76a717890e Remove an "m" that did not belong. 2018-06-22 13:32:47 -04:00
Nick Mathewson
4118ba67db Update the micro-revision.i dependencies, and add a stdlib.h 2018-06-22 13:25:58 -04:00
Nick Mathewson
cf66544941 Two more small changes for CI. 2018-06-22 13:10:52 -04:00
Nick Mathewson
7aecea79cb A pair of missing includes. 2018-06-22 12:53:57 -04:00
Nick Mathewson
b0adf2fc9b Fix up the rust build script library list. 2018-06-22 12:04:11 -04:00
Nick Mathewson
bcf3e546d1 Move util_bug into libtor-log 2018-06-22 11:54:38 -04:00
Nick Mathewson
6fc2d53227 Remove util_bug dependency on compat.h 2018-06-22 11:51:58 -04:00
Nick Mathewson
7a93ce8f63 Update .gitignore and .may_include files 2018-06-22 11:46:44 -04:00
Nick Mathewson
79f73ab330 Finally extract the log library and make it build.
This patch:
  - introduces an fdio module for low-level fd functions that don't
    need to log.
  - moves the responsibility for opening files outside of torlog.c,
    so it won't need to call tor_open_cloexec.
2018-06-22 11:40:20 -04:00
Nick Mathewson
90a09df5ba Extract strlcpy and strlcmp to libtor-string 2018-06-22 11:18:19 -04:00
Nick Mathewson
bfb39164ce Extract core part of gmtime_r, localtime_r (without logging) 2018-06-22 11:17:11 -04:00
Nick Mathewson
b2d4e786b7 Remove the util_bug.h include from smartlist.h.
This change makes a whole bunch of things in torlog.c break, since
apparently I did not find all the fd dependencies.
2018-06-22 10:50:14 -04:00
Nick Mathewson
da4ae8a6b6 Automated fixup of include paths after torlog.h movement. 2018-06-22 10:32:10 -04:00
Nick Mathewson
97b15a1d7c Extract the locking and logging code
The locking code gets its own module, since it's more fundamental
than the higher-level locking code.

Extracting the logging code was the whole point here. :)
2018-06-22 10:31:51 -04:00
Nick Mathewson
2cf033f238 Extract simple integer math into its own module 2018-06-22 09:49:13 -04:00
Nick Mathewson
3883338c81 Move smartlist_add_{v,}asprintf into smartlist.[ch]
Now that I know that "strings" nests below "container", I know this
is safe.
2018-06-22 09:49:13 -04:00
Nick Mathewson
1abadee3fd Extract key string manipulation functions into a new library. 2018-06-22 09:49:13 -04:00
Nick Mathewson
1e07b4031e Move ARRAY_LENGTH to compiler_compat.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
0932f32291 Remove compat.h as unneeded from log.c and torlog.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
9426751b72 Extract our code for answering "what time is it right now".
The other time stuff is higher-level
2018-06-22 09:49:13 -04:00
Nick Mathewson
d1cada5a8a Update permissible includes 2018-06-22 09:49:13 -04:00
Nick Mathewson
c2a558a346 Expunge container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
de508c5f50 Extract smartlist.h from container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
9cf6fc91b1 Remove map from container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
50a5954003 Remove bloom filters, order statistics, and bitarrays from container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
932b4d0a43 Remove container->crypto dependency
Containers were using crypto_digest.h, just to see the value of
DIGEST_LEN.  Moved those constants into a new defs module.
2018-06-22 09:49:13 -04:00
Nick Mathewson
479c2ab503 Move STRUCT_VAR_P to compat_compiler. 2018-06-22 09:49:13 -04:00
Nick Mathewson
657ff55408 Split container.c based on container types, and minimize includes
Minimizing includes revealed other places includes were necessary.
2018-06-22 09:49:13 -04:00
Nick Mathewson
b8be8265b6 Rectify include paths after container split (automatic) 2018-06-22 09:49:13 -04:00
Nick Mathewson
77dff00b18 Refactor container into a library. 2018-06-22 09:49:13 -04:00
Taylor Yu
d935aceb2b Use correct CARGO_HOME in test_rust.sh
Out-of-tree builds could fail to run the rust tests if built in
offline mode.  cargo expects CARGO_HOME to point to the .cargo
directory, not the directory containing .cargo.

Fixes bug 26455; bug not in any released tor.
2018-06-21 18:20:03 -05:00
Nick Mathewson
f95e3bf5fc Simplify include structure of container.[ch] 2018-06-21 15:33:25 -04:00
Nick Mathewson
e066966bf4 Extract tor_malloc and friends to a new module. 2018-06-21 15:20:01 -04:00
Nick Mathewson
56c1fbf33f Use the "commands" argument of AC_CONFIG_FILES to make scripts +x
Closes ticket 26439.
2018-06-21 14:26:47 -04:00
Nick Mathewson
8dcc015975 Fix wide lines in dirauth/dirvote.* 2018-06-21 14:23:32 -04:00
Nick Mathewson
999f7984e1 New script to check includes for modularity violations
Includes configuration files to enforce these rules on lib and
common.  Of course, "common" *is* a modularity violation right now,
so these rules aren't as strict as I would like them to be.
2018-06-21 14:05:33 -04:00
Nick Mathewson
8918bd90e9 Merge branch 'extract_easy_common_libs' 2018-06-21 13:57:13 -04:00
Nick Mathewson
3305ae5044 Rectify include paths (automated).
You have no idea how glad I am that this is automated.
2018-06-21 13:20:07 -04:00
Nick Mathewson
5b8f4769dc Move testsupport.h to its own directory 2018-06-21 13:20:07 -04:00
Nick Mathewson
e9943d5459 Move responsibility for libdonna out of src/common 2018-06-21 13:19:00 -04:00
Nick Mathewson
71571e3428 Additional non-automated change to trunnel-local.h 2018-06-21 13:19:00 -04:00
Nick Mathewson
accf239fa3 Rectify include paths (automated) 2018-06-21 13:19:00 -04:00
Nick Mathewson
25ccfff86a Split crypto and tls libraries into directories
I am calling the crypto library "crypt_ops", since I want
higher-level crypto things to be separated from lower-level ones.
This library will hold only the low-level ones, once we have it
refactored.
2018-06-21 13:14:14 -04:00
Nick Mathewson
49d7c9ce53 Move more compiler-compatibility stuff into compat_compiler.h 2018-06-21 13:14:14 -04:00
Nick Mathewson
68bbe915d9 di_ops.c does not actually log anything. 2018-06-21 13:14:14 -04:00
Nick Mathewson
fa5fda5bbf Rectify include paths (automated) 2018-06-21 13:14:14 -04:00
Nick Mathewson
cd8f919553 Move compiler-compatibility headers into their own module
This one has no generated code.
2018-06-21 13:14:14 -04:00
Nick Mathewson
d2f4a716e8 Remove unused pubsub module. 2018-06-21 13:14:14 -04:00
Nick Mathewson
209a285166 Rectify include paths (automated) 2018-06-21 13:14:14 -04:00
Nick Mathewson
4bdda6d05f Move trace into its own library in libs.
Apparently it has no testing variant.
2018-06-21 13:14:14 -04:00
Nick Mathewson
03d7812615 Make sure liberr-testing is build with testing flags. 2018-06-21 13:14:14 -04:00
Nick Mathewson
b420da4cf8 Rectify include paths (automated) 2018-06-21 13:14:14 -04:00
Nick Mathewson
2d20cbf837 Extract compression functions into a new library. 2018-06-21 13:08:25 -04:00
Roger Dingledine
471418befb tiny comment and whitespace fixes 2018-06-21 13:07:51 -04:00
Nick Mathewson
ad7776f66d Rename libtor.a to libtor-app.a 2018-06-21 11:03:39 -04:00
Nick Mathewson
727db7aeb9 Rectify include paths (automated) 2018-06-21 11:03:39 -04:00
Nick Mathewson
a403ee6bb3 Move consttime library code into its own directory. 2018-06-21 11:03:39 -04:00
Nick Mathewson
275aff6917 Rectify include paths (automated) 2018-06-21 10:47:11 -04:00
Nick Mathewson
2cfcb7b364 Extract error functionality into a new lowest-level library. 2018-06-21 10:47:11 -04:00
Nick Mathewson
b2346b1201 Refactor makefiles to keep list of internal libraries in one place.
This change makes it possible for us to change the list of libraries
more easily, without changing every single linker line.
2018-06-21 10:35:30 -04:00
Nick Mathewson
da728e36f4 Rectify include paths (automated) 2018-06-21 09:55:16 -04:00
Nick Mathewson
874ba6861a Fix distcheck by naming header properly. 2018-06-21 09:37:32 -04:00
Nick Mathewson
2ad062ee60 Merge branch 'mikeperry_bug26214-rebased_squashed' 2018-06-21 09:20:03 -04:00
Mike Perry
46b06cd699 Bug 26214: Test updates. 2018-06-21 09:18:51 -04:00
Mike Perry
dc397f9a61 Bug 26214: Check stream SENDME against max. 2018-06-21 09:18:51 -04:00
Nick Mathewson
92ae9bb95b Hang on; this branch is supposed to be 0.3.4.2-alpha-dev. 2018-06-21 09:01:00 -04:00
Nick Mathewson
c42071f750 Merge branch 'maint-0.3.4' 2018-06-21 08:59:58 -04:00
Nick Mathewson
e845bd17f8 Merge branch 'bug25787_squashed' into maint-0.3.4 2018-06-21 08:56:27 -04:00
Nick Mathewson
cacf326e78 Revise geoip tests to not require paths of actual geoip config
When I wrote the first one of these, it needed the path of the geoip
file.  But that doesn't translate well in at least two cases:

   - Mingw, where the compile-time path is /c/foo/bar and the
     run-time path is c:\foo\bar.

   - Various CI weirdnesses, where we cross-compile a test binary,
     then copy it into limbo and expect it to work.

Together, these problems precluded these tests running on windows.

So, instead let's just generate some minimal files ourselves, and
test against them.

Fixes bug 25787
2018-06-21 08:56:20 -04:00
Nick Mathewson
27e456cd72 Merge remote-tracking branch 'rl1987/ticket19979_2' 2018-06-21 08:53:48 -04:00
Nick Mathewson
72a5ae8c66 Merge branch 'maint-0.3.4' 2018-06-21 08:38:21 -04:00
Nick Mathewson
73bc863822 Merge branch 'additional_rust_test_fixes' into maint-0.3.4 2018-06-21 08:38:17 -04:00
Nick Mathewson
683776bfab Merge branch 'maint-0.3.4' 2018-06-21 08:36:48 -04:00
Nick Mathewson
c389c41292 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-21 08:36:48 -04:00
Nick Mathewson
599b53f046 add a bn.h include to crypto_dh.c 2018-06-21 08:34:27 -04:00
Roger Dingledine
7b1a3c5164 fix memory leak in protover.c
Fix a memory leak where directory authorities would leak a chunk of
memory for every router descriptor every time they considered voting.

This bug was taking down directory authorities in the live network due
to out-of-memory issues.

Fixes bug 26435; bugfix on 0.3.3.6.
2018-06-20 19:43:58 -04:00
Nick Mathewson
01d0bf1803 add build.rs to EXTRA_DIST 2018-06-20 19:32:01 -04:00
Nick Mathewson
8f3712cf6e eol@eof is still the law in 0.3.4 :( 2018-06-20 19:05:11 -04:00
Nick Mathewson
d110f9c9a6 Add a leak suppression for backtrace_alloc
This appears to be an internal rust thing: I don't know why it's
leaking.  We should investigate further.
2018-06-20 18:02:49 -04:00
Nick Mathewson
3b606ff787 Merge branch 'maint-0.3.4' into additional_rust_test_fixes 2018-06-20 17:53:51 -04:00
Nick Mathewson
f24797a587 Merge branch 'maint-0.3.4' 2018-06-20 17:49:56 -04:00
Nick Mathewson
f91ea506f0 Fix clang warnings introduced by 9f2b887c5d 2018-06-20 17:49:06 -04:00
Nick Mathewson
3a64052099 Fix memory leak in CryptoDigest type
If you're owning a C pointer, you need to implement Drop.
2018-06-20 17:28:28 -04:00
Nick Mathewson
592e8ac395 Disable doctests in src/rust/crypto module.
These all need C linking to work, and so far, rustdoc does not seem
to respect cargo setting about build scripts or RUSTOPTIONS.
2018-06-20 17:16:44 -04:00
Nick Mathewson
901ada7e5f Fix bugs in rust digest tests 2018-06-20 17:08:00 -04:00
Nick Mathewson
e99ecf9399 Merge branch 'rust_build_script_v3' into additional_rust_test_fixes 2018-06-20 17:07:47 -04:00
Nick Mathewson
398f15bdf1 Merge branch 'maint-0.3.4' 2018-06-20 16:37:39 -04:00
Isis Lovecruft
7589fd6d40 rust: Remove --all-features flag from cargo test call in test_rust.sh.
We'd like to feature gate code that calls C from Rust, as a workaround
to several linker issues when running `cargo test` (#25386), and we
can't feature gate anything out of test code if `cargo test` is called
with `--all-features`.

 * FIXES #26400: https://bugs.torproject.org/26400
2018-06-20 16:37:33 -04:00
Nick Mathewson
c86850c4c9 Don't use any asserts(), even raw, in format_number_sigsafe().
Also explain why.
2018-06-20 16:16:45 -04:00
Nick Mathewson
057d838409 Use raw_assert() in write_all().
This makes tor_log() finally non-circular.
2018-06-20 16:16:45 -04:00
Nick Mathewson
7a2dce9006 Use raw_assert() in central allocation functions.
This is, again, to avoid circularity in the log code.
2018-06-20 16:16:45 -04:00
Nick Mathewson
17ba51a30a Use raw_assert in mutex functions to avoid circularity in logs. 2018-06-20 16:16:45 -04:00
Nick Mathewson
bb15dc1ebd Allow raw_assert() to dump stack traces.
It doesn't do this as beautifully as tor_assert(), but it doesn't
depend on any higher-level code.
2018-06-20 16:16:45 -04:00
Nick Mathewson
a969ce464d Remove log dependency from backtrace.[ch] 2018-06-20 16:16:45 -04:00
Nick Mathewson
3246c9648c Use compat_compiler to restore macros in torerr.h 2018-06-20 15:08:06 -04:00
Nick Mathewson
aa490e971b Split compiler-compatibility parts of compat.h 2018-06-20 15:08:06 -04:00
Nick Mathewson
5ecd1fec15 Move horrible-emergency handling into torerr.[ch]
Previously we had code like this for bad things happening from
signal handlers, but it makes sense to use the same logic to handle
cases when something is happening at a level too low for log.c to be
involved.

My raw_assert*() stuff now uses this code.
2018-06-20 15:08:06 -04:00
Nick Mathewson
8865972a0b Use raw_assert in tor_gettimeofday
We don't want to actually be calling logs when gettimeofday() fails,
since we need gettimeofday() to log.
2018-06-20 10:42:06 -04:00
Nick Mathewson
90aeaa53cd Remove all use of the assert.h header
Nothing in Tor has actually called assert() for some while.
2018-06-20 10:39:07 -04:00
Nick Mathewson
ae01864b5d Add raw_assert() variants for cases where we cannot log.
Remove a different raw_assert() macro declared in log.c
2018-06-20 10:36:14 -04:00
Nick Mathewson
9fa73003fc Remove dmalloc support; closes #26426
Dmalloc hasn't seen a release in over a decade, and there are much
better tools to use these days.
2018-06-20 10:21:34 -04:00
Nick Mathewson
0dab29ce10 Run rectify_include_paths.py 2018-06-20 09:35:05 -04:00
Nick Mathewson
257b280776 Simplify AM_CPPFLAGS include setup
We had accumulated a bunch of cruft here.  Now let's only include
src and src/ext.  (exception: src/trunnel is autogenerated code, and
need to include src/trunnel.)

This commit will break the build hard.  The next commit will fix it.
2018-06-20 09:27:04 -04:00
Nick Mathewson
d7301a456a Merge remote-tracking branch 'neel/b25886c' 2018-06-20 08:32:34 -04:00
Nick Mathewson
e9c93a3415 Merge branch 'maint-0.3.4' 2018-06-20 08:29:52 -04:00
Nick Mathewson
0a6f4627a4 eol@eof in test-dir.c 2018-06-20 08:29:38 -04:00
Nick Mathewson
fb0019daf9 Update copyrights to 2018. 2018-06-20 08:13:28 -04:00
Nick Mathewson
11a76b903b Merge branch 'maint-0.3.4' 2018-06-20 08:05:07 -04:00
Nick Mathewson
7b9cd5cca5 Merge branch 'asn_bug24977_final_squashed' into maint-0.3.4 2018-06-20 08:02:27 -04:00
George Kadianakis
b7b7dab00d Recreate nodelist before use if it's outdated.
We currently only do the check when we are about to use the HSDir indices.
2018-06-20 08:01:02 -04:00
George Kadianakis
a686464420 Recreate voting schedule before use if it's outdated. 2018-06-20 08:01:02 -04:00
Nick Mathewson
334edc22d1 Merge branch 'maint-0.3.4' 2018-06-20 07:55:15 -04:00
Isis Lovecruft
4971d7afa6 rust: Remove redundant "testing" feature from tor_log crate.
It was synonymous with the builtin "test" feature.

 * FIXES #26399: https://bugs.torproject.org/26399
2018-06-20 07:55:12 -04:00
Nick Mathewson
5acbcf150e Merge branch 'maint-0.3.4' 2018-06-20 07:53:22 -04:00
rl1987
9054ccb36b Enable DEBUG_SMARTLIST in unit tests 2018-06-20 07:49:41 -04:00
rl1987
7bb3777dfb Refrain from accessing empty smartlist in test_bridges_clear_bridge_list
Just check that smartlist length is zero instead
2018-06-20 07:49:41 -04:00
Nick Mathewson
152e4a1e50 Merge branch 'maint-0.3.4' 2018-06-20 07:35:17 -04:00
Nick Mathewson
ac1747e47f Merge remote-tracking branch 'catalyst-github/bug26415_034' into maint-0.3.4 2018-06-20 07:35:13 -04:00
Nick Mathewson
b63d6984a6 Merge branch 'maint-0.3.4' 2018-06-19 19:10:28 -04:00
Alexander Færøy
e309aa4c8c Fix linker errors when building Tor.
This patch fixes linking errors when compiling Tor with the dirauth
module disabled.

See: https://bugs.torproject.org/26418
2018-06-19 23:10:12 +02:00
Taylor Yu
bfd36177c4 Fix compilation of Rust crypto doctests
The doctests for src/rust/crypto don't compile for multiple reasons,
including some missing exports and incorrect identifier paths.  Fixes
bug 26415; bugfix on 0.3.4.1-alpha.
2018-06-19 13:53:26 -05:00
rl1987
5af29fbb63 When possible, use RFC5869 HKDF implementation from OpenSSL
Also, stop supporting empty HKDF input key material
2018-06-19 19:26:31 +03:00
Nick Mathewson
bd9ebb3763 Use a rust build script to set linker options correctly for tests.
We need this trick because some of our Rust tests depend on our C
code, which in turn depend on other native libraries, which thereby
pulls a whole mess of our build system into "cargo test".

To solve this, we add a build script (build.rs) to set most of the
options that we want based on the contents of config.rust.  Some
options can't be set, and need to go to the linker directly: we use
a linker replacement (link_rust.sh) for these.  Both config.rust and
link_rust.sh are generated by autoconf for us.

This patch on its own should enough to make the crypto test build,
but not necessarily enough to make it pass.
2018-06-19 12:01:13 -04:00
Nick Mathewson
f3267741e4 Merge branch 'maint-0.3.4' 2018-06-18 17:09:03 -04:00
Nick Mathewson
d27745d81d Remove duplicate MODULE_DIRAUTH_SOURCES from libtor_testing.a
This was already added to LIBTOR_A_SOURCES; it doesn't need to get
added again.

Fixes bug 26402. Bugfix on 0.3.4.1-alpha.
2018-06-18 17:07:27 -04:00
Nick Mathewson
5879909826 Revert "Remove duplicate MODULE_DIRAUTH_SOURCES from libtor_testing.a"
This reverts commit 70d91bd059.
2018-06-18 17:06:18 -04:00
Nick Mathewson
70d91bd059 Remove duplicate MODULE_DIRAUTH_SOURCES from libtor_testing.a
This was already added to LIBTOR_A_SOURCES; it doesn't need to get
added again.

Fixes bug 26402. Bugfix on 0.3.4.1-alpha.
2018-06-18 17:03:52 -04:00
Nick Mathewson
29982e5190 Remove redundant typedefs from _st.h files
The typedefs are already in or.h
2018-06-18 16:05:36 -04:00
David Goulet
a8e76f3824 test: Add missing headers in test_controller.c
After the big or.h refactoring, one single unit test file was missing two
headers for node_t and microdesc_t.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-06-18 15:07:30 -04:00
Isis Lovecruft
508332feaf
rust: Add "test-c-from-rust" feature-gate.
Due to linker issues (#25386) when testing Rust code which calls C,
all tests which touch FFI code should now be feature-gated behind the
"test-c-from-rust" flag.  To run this test code, cargo must be called
with `cargo test --features="test-c-from-rust"`.

 * FIXES #26398: https://bugs.torproject.org/26398
2018-06-18 18:57:38 +00:00
Nick Mathewson
104c2e9e7e Merge branch 'split_or_h' 2018-06-18 14:18:34 -04:00
Nick Mathewson
bcc1368c77 Merge branch 'maint-0.3.4' 2018-06-18 13:10:47 -04:00
Nick Mathewson
3640c63498 Merge remote-tracking branch 'ffmancera-1/bug24658-dh_stream' 2018-06-17 20:39:13 -04:00
Nick Mathewson
16dd2f7bb0 Merge remote-tracking branch 'rl1987/bug25477' 2018-06-17 20:25:40 -04:00
Nick Mathewson
5746e210b8 Merge remote-tracking branch 'rl1987/feature8323_squashed2' 2018-06-17 20:20:15 -04:00
Nick Mathewson
d5e4b6983f Merge remote-tracking branch 'rl1987/bug26282' 2018-06-17 19:32:08 -04:00
Nick Mathewson
987174cc6f Merge remote-tracking branch 'github/bug26152_035' 2018-06-17 19:28:59 -04:00
Nick Mathewson
e6aa2d526e Changes to make the rust crypto::mod tests compile
The digest tests don't link yet, though.
2018-06-16 13:22:44 -04:00
Nick Mathewson
8184f45ad9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-16 13:10:19 -04:00
Nick Mathewson
ccf1eb3164 Fix a bug in my fix for #26258
The fix here is use a different bourne shell subsitution for
CARGO_ONLINE, so that an empty string counts as set.
2018-06-16 13:08:40 -04:00
Nick Mathewson
71ddfbaadd Merge remote-tracking branch 'isis/bug26267' into maint-0.3.4 2018-06-16 12:43:28 -04:00
Neel Chauhan
9d7f148885 Make frac_nodes_with_descriptors() take and use for_direct_connect 2018-06-16 11:27:28 -04:00
Nick Mathewson
97cc61e947 Merge branch 'maint-0.3.4' 2018-06-16 10:20:27 -04:00
Nick Mathewson
530d67410f Merge remote-tracking branch 'isis/bug26245' into maint-0.3.4 2018-06-16 10:19:26 -04:00
Nick Mathewson
8c1e2d7557 Merge branch 'maint-0.3.4' 2018-06-16 10:15:39 -04:00
Isis Lovecruft
748a0c7d0b
rust: Remove unused N_DIGEST_ALGORITHMS constant from crypto_digest.rs.
In the C code, this constant is only ever used in src/test/bench.c.

 * FIXES part of #26245: https://bugs.torproject.org/26245
2018-06-15 23:22:43 +00:00
Isis Lovecruft
d5a9b77a28
rust: Add comment and pragma on "unused" smartlist_t type.
* FIXES part of #26245: https://bugs.torproject.org/26245
2018-06-15 22:49:39 +00:00
Taylor Yu
468bf58fa2 Make Rust warnings conditionally fatal
Set rustc flags to treat warnings as fatal if configured with
--enable-warnings.
2018-06-15 17:27:19 -05:00
Isis Lovecruft
ac5b1428ea
rust: Expose rand module from crypto crate. 2018-06-15 21:44:22 +00:00
Nick Mathewson
e22822e4ae Bump master to 0.3.5.0-alpha-dev 2018-06-15 17:19:49 -04:00
Taylor Yu
9dd45456fe Set default-features = false for rand_core
Apparently rand and rand_core need to be built with the "std" feature
set consistently, or there will be a compile error in rngs/jitter.rs.
2018-06-15 15:19:16 -05:00
Nick Mathewson
7dbe504f3e Move hsdir_index_t into its own header. 2018-06-15 15:41:27 -04:00
Nick Mathewson
3191ba389d Move extend_info_t into its own header. 2018-06-15 15:37:05 -04:00
Nick Mathewson
fde868ffe3 Extract cell type and their queues into new headers
Since packed_cell and destroy_cell exist only to be queued, they go
in the same headers as the queues.
2018-06-15 15:27:46 -04:00
Nick Mathewson
958df2829a Extract cached_dir_t into a new header. 2018-06-15 15:06:00 -04:00
Nick Mathewson
f85d731e3a Extract download_status_t into its own header. 2018-06-15 14:58:43 -04:00
Nick Mathewson
03fc83ab6d Extract signed_descriptor_t into its own header. 2018-06-15 14:53:07 -04:00
Nick Mathewson
ed0731c7de Extract routerinfo_t into its own header.
I was expecting this to be much worse.
2018-06-15 14:49:46 -04:00
Nick Mathewson
9d6276bca8 Extract microdesc_t into its own header. 2018-06-15 14:38:30 -04:00
Nick Mathewson
def1f20e1f Extract routerstatus_t into its own header. 2018-06-15 14:33:03 -04:00
Nick Mathewson
00f1d1653e Extract extrainfo_t into its own header 2018-06-15 14:21:25 -04:00
Nick Mathewson
1e4e9db815 Extract authority_cert_t into its own header 2018-06-15 14:14:11 -04:00
Nick Mathewson
b8ae4111e3 Extract desc_store_t and routerlist_t into their own headers. 2018-06-15 14:07:17 -04:00
Nick Mathewson
62315dab84 Extract ns_detached_signatures_st into its own header. 2018-06-15 13:49:30 -04:00
Nick Mathewson
50369f8981 Extract networkstatus_t and ..sr_info_t into their own headers 2018-06-15 13:45:15 -04:00
Nick Mathewson
89aefb0319 Extract networkstatus_vote_info_t into its own header. 2018-06-15 13:31:47 -04:00
Nick Mathewson
80c9e1e585 Move document_signature_t into its own header. 2018-06-15 13:27:11 -04:00
Nick Mathewson
f901ca958a fixup! Extract node_t into its own header. 2018-06-15 13:23:44 -04:00
Nick Mathewson
72d2fd83d8 Split vote_{microdesc_hash,routerstatus}_t into their own headers 2018-06-15 13:23:02 -04:00
Nick Mathewson
d2942d127d Extract node_t into its own header. 2018-06-15 13:13:33 -04:00
Nick Mathewson
8b7df72359 Split socks_request_t into its own header. 2018-06-15 13:01:50 -04:00
Nick Mathewson
ad52fe7e88 Move network_liveness_t into circuitstats.h and make it private
This type is only used in one place and never exposed.
2018-06-15 12:56:54 -04:00
Nick Mathewson
e13f59416c Move measured_bw_line_t into dirserv.h 2018-06-15 12:54:55 -04:00
Nick Mathewson
c9e4ebf96a Move fp_pair_t declaration to fp_pair.h. 2018-06-15 12:52:22 -04:00
Nick Mathewson
f8794b0b36 Move vote_schedule into its own header. 2018-06-15 12:50:07 -04:00
Nick Mathewson
5cdc234330 Split rend_authorized_client_t and encoded_.._t into their own headers 2018-06-15 12:36:59 -04:00
Nick Mathewson
990184da49 Extract rend_intro_point_t into its own header. 2018-06-15 12:23:06 -04:00
Nick Mathewson
22e9c64738 Extract rend_service_descriptor_t into its own header. 2018-06-15 12:18:17 -04:00
Nick Mathewson
7d2d131afa Extract tor_version_t into its own header. 2018-06-15 12:12:15 -04:00
Nick Mathewson
d51de77311 Extract cpath_build_state into its own header.
More modules use this than I had expected!
2018-06-15 12:07:20 -04:00
Nick Mathewson
c846b0e486 Extract crypt_path_reference_t into its own header. 2018-06-15 11:57:48 -04:00
Nick Mathewson
b3f2c682b7 Extract crypt_path_t and relay_crypto_t into their own headers 2018-06-15 11:52:32 -04:00
Nick Mathewson
e0830ff7bf Extract circuit_t into its own header 2018-06-15 11:38:36 -04:00
Nick Mathewson
a0bc164af5 Extract {or,origin}_circuit_t into their own headers 2018-06-15 11:34:33 -04:00
Nick Mathewson
bba998af65 Extract connection_t into its own header.
Now the entire connection_t hierarchy is extracted from or.h
2018-06-15 11:05:56 -04:00
Nick Mathewson
bcc283bcc9 Split or_handshake_{certs,state}_t into their own headers. 2018-06-15 10:56:15 -04:00
Nick Mathewson
19c34b4658 Move or_connection_t to its own header. 2018-06-15 10:48:50 -04:00
Nick Mathewson
6c0fe9d07c Split listener_connection_t into its own header
For once, it's a type that is used almost nowhere else besides the
logical place.
2018-06-15 10:37:33 -04:00
Nick Mathewson
1416f54d1e Split dir_connection_t into its own header 2018-06-15 10:31:21 -04:00
Nick Mathewson
3b917b2408 Split control_connection_t into its own header.
This one was actually fairly simple.
2018-06-15 10:17:27 -04:00
Nick Mathewson
5d5c442e6a Split entry and edge_connection_t into their own headers. 2018-06-15 10:10:24 -04:00
Nick Mathewson
2a574d11ac Move dir_server_t into its own header. 2018-06-14 16:58:01 -04:00
Nick Mathewson
df9a3fe86f Make server_port_cfg_t and port_cfg_t into separate headers. 2018-06-14 16:48:15 -04:00
Nick Mathewson
6896ab28b2 Move entry_port_cfg_t into its own header. 2018-06-14 16:19:11 -04:00
Nick Mathewson
945d871da5 Merge branch 'maint-0.3.3' 2018-06-14 12:50:26 -04:00
Nick Mathewson
71065201dd Merge remote-tracking branch 'public/bug26258_033' into maint-0.3.3 2018-06-14 12:47:09 -04:00
Nick Mathewson
ee860b8f37 squash! Make sure that the test_rust.sh script fails when a test fails
Also make sure that we're actually running the test from within the right
cwd, like we do when we're building.  This seems necessary to avoid
an error when running offline.

Amusingly, it appears that we had this bug before: we just weren't
noticing it, because of bug 26258.
2018-06-13 12:21:25 -04:00
Nick Mathewson
ce692332b8 test_entrynodes: fix a GCC warning
Some versions of GCC complain that the bfn_mock_node_get_by_id
function might return NULL, but we're assuming that it won't.
(We're assuming it won't return NULL because we know in the tests
that we're passing it valid IDs.)

To make GCC happy, tt_assert() that each node_t is set before using
it.

Fixes a second case of bug26269; bugfix on 0.3.0.1-alpha.
2018-06-13 10:45:15 -04:00
Nick Mathewson
015fcd0e11 Fix a GCC "potential null dereference" warning.
Fixes bug 26269; bugfix on c30be5a82d in 0.2.8.2-alpha
2018-06-13 10:34:53 -04:00
Nick Mathewson
ed7b135812 Merge remote-tracking branch 'asn-github/bug26358' 2018-06-13 10:00:37 -04:00
Nick Mathewson
049ba66746 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-13 09:58:05 -04:00
Nick Mathewson
286d02995f Merge branch 'maint-0.3.3' 2018-06-13 09:58:05 -04:00
Nick Mathewson
6017447e3a Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-13 09:58:04 -04:00
Nick Mathewson
94f3007627 Merge branch 'bug26158_031' into maint-0.3.1 2018-06-13 09:58:01 -04:00
Nick Mathewson
1c80eb92fa Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-13 09:57:10 -04:00
Nick Mathewson
76e9de7c6d Merge branch 'maint-0.3.3' 2018-06-13 09:57:10 -04:00
Nick Mathewson
ff70cc84f8 Merge branch 'bug25686_diagnostic_032' into maint-0.3.2 2018-06-13 09:56:17 -04:00
Nick Mathewson
8c8ed91aae Merge remote-tracking branch 'rl1987/bug24891' 2018-06-13 09:46:50 -04:00
George Kadianakis
99974d4c1e Silence warning of relaycell/circbw tst.
Shouldn't send RELAY_COMMAND_DATA cell with 0 stream id.
2018-06-13 14:14:17 +03:00
George Kadianakis
2520ee34c6 Require live consensus to compute responsible HSDirs.
Here is how this changes the HSv3 client-side and service-side:

For service side we already required live consensus to upload descriptors (see
9e900d1db7) so we should never get there without
a live consensus.

For the client-side we now require a live consensus to attempt to connect to
HS.  While this changes the client behavior in principle, it doesn't really
change it, because we always required live consensus to set HSDir indices, so
before this patch a client with no live consensus would try to compute
responsible HSDirs without any HSDir indices and bug out. This makes the client
behavior more consistent, by requiring a live consensus (and hence a
semi-synced clock) for the client to connect to an HS entirely.

The alternative would have been to allow setting HSDir indices with a non-live
consensus, but this would cause the various problems outlined by commit
b89d2fa1db.
2018-06-13 13:42:34 +03:00
Nick Mathewson
bbbb5f39be bump to 0.3.3.7-dev 2018-06-12 12:05:09 -04:00
Nick Mathewson
ccf2d65610 bump to 0.3.4.2-alpha-dev 2018-06-12 12:04:58 -04:00
Nick Mathewson
16381b579e Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-12 09:44:17 -04:00
Nick Mathewson
53513e4bfe Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-12 09:44:17 -04:00
Nick Mathewson
eaa359650c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-12 09:44:17 -04:00
Nick Mathewson
03f3ee6d74 Merge branch 'maint-0.3.3' 2018-06-12 09:44:17 -04:00
Linus Nordberg
6cf9288518 Add IPv6 orport address for dannenberg. 2018-06-12 09:44:01 -04:00
Nick Mathewson
f2e7570c75 Bump to 0.3.3.7 2018-06-12 08:57:09 -04:00
Nick Mathewson
6230dfaf14 Merge branch 'maint-0.3.3' 2018-06-12 08:18:57 -04:00
Nick Mathewson
5d8a927aa3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-12 08:18:56 -04:00
Nick Mathewson
7fff99110b Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-12 08:18:56 -04:00
Nick Mathewson
d84581a3e6 Merge remote-tracking branch 'teor/bug26272-031' into maint-0.3.1 2018-06-12 08:18:53 -04:00
Nick Mathewson
f4e51990b9 Merge remote-tracking branch 'rl1987/bug26283' 2018-06-12 08:17:48 -04:00
Nick Mathewson
74ac463e7f Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-12 08:11:20 -04:00
Nick Mathewson
6dca180ae9 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-12 08:11:20 -04:00
Nick Mathewson
b2470f5140 Merge branch 'maint-0.3.3' 2018-06-12 08:11:20 -04:00
Nick Mathewson
19f3868523 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-12 08:11:19 -04:00
Nick Mathewson
fa195626bd bump to 0.3.4.2-alpha 2018-06-11 16:49:17 -04:00
Nick Mathewson
faf4580061 Several attempts to diagnose ticket 25686
There are a few reasons that relays might be uploading desciptors
without saying X-Desc-Gen-Reason:
  1. They are running an old version of our software, before 0.3.2.stable.
  2. They are not running our software, but they are claiming they
     are.
  3. They are uploading through a proxy that strips X-Desc-Gen-Reason.
  4. They somehow had a bug in their software.

According to the 25686 data, 1 is the most common reason.  This
ticket is an attempt to diagnose case 4, or prove that case 4
doesn't actually happen.
2018-06-11 16:24:00 -04:00
Karsten Loesing
ae540569ce Update geoip and geoip6 to the June 7 2018 database. 2018-06-11 21:58:55 +02:00
Nick Mathewson
f399887cfe Merge remote-tracking branch 'mikeperry-github/bug26259' 2018-06-08 10:17:00 -04:00
Nick Mathewson
a141127435 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-08 10:12:57 -04:00
Nick Mathewson
dd63033fcb Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-08 10:11:57 -04:00
Nick Mathewson
1ef8023e00 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-08 10:11:57 -04:00
Nick Mathewson
aef0607f38 Merge branch 'maint-0.3.3' 2018-06-08 10:11:57 -04:00
Nick Mathewson
c27bb4072c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-08 10:11:57 -04:00
rl1987
719b5c1d27 Avoid out-of-bounds smartlist access in protover_compute_vote()
and contract_protocol_list()
2018-06-08 10:11:32 -04:00
rl1987
25341245ae Implement GETINFO md/all 2018-06-08 13:25:25 +03:00
rl1987
39bbb8d9cf Avoid casting smartlist index implicitly 2018-06-04 11:56:37 +03:00
juga0
7d70f67dea Check bandwidth changes only if small uptime
to upload a new descriptor.
2018-06-03 18:24:27 +00:00
rl1987
9876575d2c Silence -Wbad-function-cast warning (when DEBUG_SMARTLIST is on) 2018-06-03 16:45:09 +03:00
teor
8366be3b51
Silence unused-const-variable warnings in zstd.h on some gcc versions
Fixes bug 26272; bugfix on 0.3.1.1-alpha.
2018-06-02 14:11:04 -07:00
Nick Mathewson
3716ddf1b4 Merge remote-tracking branch 'rl1987/doc25237' 2018-06-02 11:35:06 -07:00
Nick Mathewson
9f884a38e3 Merge branch 'maint-0.3.3' 2018-06-02 10:36:49 -07:00
Nick Mathewson
f15f90e2ca Merge branch 'bug26121-033-squashed' into maint-0.3.3 2018-06-02 10:36:44 -07:00
Mike Perry
fe5764012a Bug 26121: Improve BUILDTIMEOUT_SET accuracy.
We were miscounting the total number of circuits for the TIMEOUT_RATE and
CLOSE_RATE fields of this event.
2018-06-02 10:36:36 -07:00
Nick Mathewson
00e150a0e4 Merge branch 'bug25939_034_01_squashed' 2018-06-02 10:33:33 -07:00
David Goulet
66e76066e0 hs-v3: Build onion address before registering ephemeral service
With the work on #25500 (reducing CPU client usage), the HS service main loop
callback is enabled as soon as the HS service map changes which happens when
registering a new service.

Unfortunately, for an ephemeral service, we were building the onion address
*after* the registration leading to the "service->onion_address` to be an
empty string.

This broke the "HS_DESC CREATED" event which had no onion address in it. And
also, we were logging an empty onion address for that service.

Fixes #25939

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-06-02 10:33:20 -07:00
rl1987
b7fae0f48c Heed --disable-unittests properly 2018-06-02 12:53:04 +03:00
rl1987
f8d549db7b Point reader to a section in tor-spec.txt 2018-06-02 11:15:10 +03:00
Mike Perry
93ee227e18 Bug 26259: Don't count 0-length RELAY_COMMAND_DATA in CIRC_BW OVERHEAD
This cell should be treated as invalid for purposes of CIRC_BW.
2018-06-01 00:23:08 +00:00
Nick Mathewson
9d06c41c6e Make sure that the test_rust.sh script fails when a test fails
Exit codes from find(1) seem not to be so reliable as we had hoped.

Closes ticket 26258; bugfix on 0.3.3.4-alpha when we fixed #25560
2018-05-31 17:15:57 -07:00
rl1987
eb7a3fae08 Refrain from mentioning old bug in a warning 2018-05-30 19:44:20 +02:00
Nick Mathewson
d7bbfd0f62 Fix various typos 2018-05-30 07:57:22 -07:00
Nick Mathewson
fa1890e97f Merge remote-tracking branch 'public/bug25691_033_again_squashed' into maint-0.3.3 2018-05-27 10:03:11 -04:00
Nick Mathewson
3f3739c6e0 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-24 09:40:06 -04:00
Nick Mathewson
f48fb8a720 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-24 09:40:06 -04:00
Nick Mathewson
f42739e746 Merge branch 'maint-0.3.3' 2018-05-24 09:40:06 -04:00
Nick Mathewson
0ef432d457 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-24 09:40:06 -04:00
Nick Mathewson
c000763f1e Merge branch 'bug26116_033' into maint-0.3.3 2018-05-24 09:40:00 -04:00
Nick Mathewson
c380562aed Merge branch 'bug26116_029' into maint-0.2.9 2018-05-24 09:39:46 -04:00
Nick Mathewson
aeb4be1d5a Add a unit test for PEM-encrypted documents. 2018-05-24 09:36:33 -04:00
Nick Mathewson
36a107855b Merge branch 'bug26156_034' 2018-05-23 09:08:57 -04:00
Nick Mathewson
ff27b7ce60 Update version to 0.3.3.6-dev 2018-05-22 18:05:28 -04:00
Nick Mathewson
38f8b3c63d Merge branch 'maint-0.3.3' 2018-05-22 14:13:28 -04:00
Nick Mathewson
80d673ccea Merge branch 'trove-2018-005_032' into maint-0.3.3 2018-05-22 14:13:23 -04:00
Nick Mathewson
7483aef896 avoid a signed/unsigned comparison. 2018-05-22 14:12:44 -04:00
Nick Mathewson
cde5c9d0c3 Merge branch 'maint-0.3.3' 2018-05-22 13:35:33 -04:00
Nick Mathewson
a5d4ce2b39 Make the TROVE-2018-005 fix work with rust. 2018-05-22 13:35:20 -04:00
Nick Mathewson
b858f576c3 Merge branch 'maint-0.3.3' 2018-05-22 12:54:31 -04:00
Nick Mathewson
6e8e005b53 Merge branch 'trove-2018-005_032' into maint-0.3.3 2018-05-22 12:54:26 -04:00
Nick Mathewson
240bb17714 uint breaks compilation on windows 2018-05-22 12:54:05 -04:00
Nick Mathewson
074b182baa version bump to 0.3.3.6 2018-05-22 12:40:18 -04:00
Nick Mathewson
6442417fde fix wide lines 2018-05-22 12:32:00 -04:00
Isis Lovecruft
3283619acf vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. 2018-05-22 12:28:33 -04:00
Isis Lovecruft
701c2b69f5 rust: Mirror TROVE-2018-005 fix in Rust protover implementation.
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the
   splitting/parsing logic in to a new
   `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that
   both `from_str()` and `from_str_any_len()` can call it.)
 * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to
   maintain compatibility with consensus methods older than 29.
 * ADD a limit on the number of characters in a protocol name.
 * FIXES part of #25517: https://bugs.torproject.org/25517
2018-05-22 12:28:33 -04:00
Isis Lovecruft
056be68b1b protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing.
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of
`proto_entry_t`s to their protocol name concatenated with each version number.
For example, given a `proto_entry_t` like so:

    proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t));
    proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t));

    proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa");
    proto->ranges = smartlist_new();

    range->low = 1;
    range->high = 65536;

    smartlist_add(proto->ranges, range);

(Where `[19KB]` is roughly 19KB of `"a"` bytes.)  This would expand in
`expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the
string, e.g.:

    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1"
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2"
    […]
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535"

Thus constituting a potential resource exhaustion attack.

The Rust implementation is not subject to this attack, because it instead
expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031,
and a `HashMap<UnvalidatedProtocol, ProtoSet>` after).  Neither Rust version is
subject to this attack, because it only stores the `String` once per protocol.
(Although a related, but apparently of too minor impact to be usable, DoS bug
has been fixed in #24031. [0])

[0]: https://bugs.torproject.org/24031

 * ADDS hard limit on protocol name lengths in protover.c and checks in
   parse_single_entry() and expand_protocol_list().
 * ADDS tests to ensure the bug is caught.
 * FIXES #25517: https://bugs.torproject.org/25517
2018-05-22 12:28:33 -04:00
Isis Lovecruft
569b4e57e2 rust: Mirror TROVE-2018-005 fix in Rust protover implementation.
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the
   splitting/parsing logic in to a new
   `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that
   both `from_str()` and `from_str_any_len()` can call it.)
 * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to
   maintain compatibility with consensus methods older than 29.
 * ADD a limit on the number of characters in a protocol name.
 * FIXES part of #25517: https://bugs.torproject.org/25517
2018-05-22 12:27:25 -04:00
Nick Mathewson
a3a8d80beb Merge branch 'trove-2018-005_032' into trove-2018-005_033 2018-05-22 12:27:15 -04:00
Nick Mathewson
bc2d6876b3 Add stdbool to protover.h. Only needed for the 032 backport 2018-05-22 12:15:52 -04:00
Isis Lovecruft
b681438daf vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. 2018-05-22 12:13:41 -04:00
Isis Lovecruft
eb96692842 protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing.
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of
`proto_entry_t`s to their protocol name concatenated with each version number.
For example, given a `proto_entry_t` like so:

    proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t));
    proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t));

    proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa");
    proto->ranges = smartlist_new();

    range->low = 1;
    range->high = 65536;

    smartlist_add(proto->ranges, range);

(Where `[19KB]` is roughly 19KB of `"a"` bytes.)  This would expand in
`expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the
string, e.g.:

    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1"
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2"
    […]
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535"

Thus constituting a potential resource exhaustion attack.

The Rust implementation is not subject to this attack, because it instead
expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031,
and a `HashMap<UnvalidatedProtocol, ProtoSet>` after).  Neither Rust version is
subject to this attack, because it only stores the `String` once per protocol.
(Although a related, but apparently of too minor impact to be usable, DoS bug
has been fixed in #24031. [0])

[0]: https://bugs.torproject.org/24031

 * ADDS hard limit on protocol name lengths in protover.c and checks in
   parse_single_entry() and expand_protocol_list().
 * ADDS tests to ensure the bug is caught.
 * FIXES #25517: https://bugs.torproject.org/25517
2018-05-22 12:12:01 -04:00
Nick Mathewson
48d752407b Add a missing include to get the declaration of OPENSSL_1_1_API
Apparently, even though I had tested on OpenSSL 1.1.1 with
no-deprecated, OpenSSL 1.1.0 is different enough that I should have
tested with that as well.

Fixes bug 26156; bugfix on 0.3.4.1-alpha where we first declared
support for this configuration.
2018-05-22 10:05:27 -04:00
Nick Mathewson
6c35ad08cf Add a missing "return -1" when checking for Ed25519 ID loops
Fixes bug 26158; bugfix on 0.3.0.1-alpha.
2018-05-22 08:54:17 -04:00
Nick Mathewson
3d12663243 Fix a crash bug when testing reachability
Fixes bug 25415; bugfix on 0.3.3.2-alpha.
2018-05-22 08:35:37 -04:00
Nick Mathewson
8483241b4e Improve openssl_version tests with better messages
These tests would report errors, but wouldn't report the offending
strings.
2018-05-21 15:16:07 -04:00
Fernando Fernandez Mancera
d38e7ddf5b Refactor crypto.[ch] into smaller HKDF module.
Add two new files (crypto_hkdf.c, crypto_hkdf.h) as new module of crypto.[ch].
This new module includes all functions and dependencies related to HKDF
operations.  Those have been removed from crypto.[ch].

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-05-18 11:04:31 +02:00
Nick Mathewson
3b42b14979 bump to 0.3.4.1-alpha-dev 2018-05-17 09:44:31 -04:00
Nick Mathewson
5dbf70f903 Bump version to 0.3.4.1-alpha; contemplate a release 2018-05-16 14:40:28 -04:00
Nick Mathewson
2b0aab7a6e Add comments explaining when a connected cell has an UNSPEC addr
Should prevent other bugs like 26117.
2018-05-16 14:12:50 -04:00
Nick Mathewson
3c4353179f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-16 12:11:45 -04:00
Nick Mathewson
8340f641c3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-16 12:11:45 -04:00
Nick Mathewson
d3a972561a Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-16 12:11:45 -04:00
Nick Mathewson
d1e4ffc710 Merge branch 'bug26072_029' into maint-0.2.9 2018-05-16 12:11:40 -04:00
Nick Mathewson
ddc3eb20b7 Merge branch 'bug26116_029' into bug26116_033 2018-05-16 11:43:53 -04:00
Nick Mathewson
881f7157f6 Return -1 from our PEM password callback
Apparently, contrary to its documentation, this is how OpenSSL now
wants us to report an error.

Fixes bug 26116; bugfix on 0.2.5.16.
2018-05-16 11:39:42 -04:00
Mike Perry
d0b1157fc1 Bug 26117: Move CIRC_BW field accounting.
Previously, we used the AF_UNSPEC check to represent valid connected cell
data as a result of the lack of return. This was incorrect.
2018-05-15 18:58:24 +00:00
Nick Mathewson
fcfa22d80a Merge branch 'maint-0.3.3' 2018-05-16 12:11:46 -04:00
Nick Mathewson
4a5c1584fe update tor-rust-dependencies submodule 2018-05-16 09:16:47 -04:00
Nick Mathewson
1442e818b6 Merge remote-tracking branch 'isis-github/bug26106' 2018-05-16 09:16:04 -04:00
Nick Mathewson
e5974e5158 Merge remote-tracking branch 'isis-github/bug26108' 2018-05-16 09:14:13 -04:00
Nick Mathewson
2d2cfbcd81 Merge remote-tracking branch 'isis-github/bug26109' 2018-05-16 09:13:27 -04:00
Isis Lovecruft
4d349c6a61
rust: Update rand_core dependency to 0.2.0-pre.0. 2018-05-15 19:33:20 +00:00
Isis Lovecruft
760cf8e28f
rust: Update rand dev-dependency to 0.5.0-pre.2. 2018-05-15 19:31:29 +00:00
Isis Lovecruft
4c21d41407
rust: Export digests subcrate from our crypto crate. 2018-05-15 18:05:52 +00:00
Isis Lovecruft
d9c877a6e5
rust: Export crypto_rand::* functions from our external crate. 2018-05-15 18:03:18 +00:00
Isis Lovecruft
9988882c63
rust: Move rand crate into crypto parent crate. 2018-05-15 17:48:57 +00:00
Isis Lovecruft
2ac849da36
rust: Make Rng::new() methods public. 2018-05-15 17:45:09 +00:00
Nick Mathewson
98aff146d3 Merge branch 'maint-0.3.3' 2018-05-15 09:32:45 -04:00
Nick Mathewson
6acbd4c112 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-15 09:32:44 -04:00
Nick Mathewson
4aa3d511b2 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-15 09:32:44 -04:00
Nick Mathewson
502d2c0062 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-15 09:32:44 -04:00
Karsten Loesing
033e4723f3 Update geoip and geoip6 to the May 1 2018 database. 2018-05-15 15:20:09 +02:00
Nick Mathewson
5eb2d58880 Add a missing return after marking a stream for bad connected cell
Fixes bug 26072; bugfix on 0.2.4.7-alpha.
2018-05-14 15:54:48 -04:00
Nick Mathewson
a394a2dd86 Merge branch 'bug25903_v5_squashed' 2018-05-14 14:25:07 -04:00
Mike Perry
fd504587d5 Bug 25903: Tests 2018-05-14 14:24:58 -04:00
Nick Mathewson
a9ef335c1b Use router_get_my_routerinfo_with_err to implement the old version
Having one function implemented in terms of the other should keep
them from diverging.

follow-up on #25852
2018-05-14 14:12:36 -04:00
Nick Mathewson
d27fd7ff6b Merge remote-tracking branch 'rl1987/bug25852_take2' 2018-05-14 14:05:50 -04:00
Nick Mathewson
aab626405c Merge remote-tracking branch 'catalyst-github/bug25756' 2018-05-11 18:15:43 -04:00
Nick Mathewson
f6c96fd0ca Merge remote-tracking branch 'public/bug25994' 2018-05-11 17:57:59 -04:00
Roger Dingledine
962c2f8776 get rid of whitespace before #ifdef's
i don't know if whitespace is ok to have before preprocessing
directives on all platforms, but anyway we almost never have it,
so now things are more uniform.
2018-05-11 16:27:55 -04:00
David Goulet
51f65c185e control: Mask the event(s) before using ANY_EVENT_IS_INTERESTING()
Before this commit, the control events were never triggered. It was introduced
with commit 0c19ce7bde.

Fixes #26082

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-11 08:58:11 -04:00
Nick Mathewson
9800f4769f Merge remote-tracking branch 'asn-github/bug26078' 2018-05-11 08:20:49 -04:00
George Kadianakis
efe8f17a4d Properly ignore retval of event_del().
Fixes #26078: CID 1435546.
2018-05-11 15:17:52 +03:00
Nick Mathewson
3799f3116b Merge remote-tracking branch 'saper-github/x509_cert_free_crash' 2018-05-11 08:09:26 -04:00
Marcin Cieślak
308eec7532 testing: X509 certificate structure needs to be initialized
We alloc/free X.509 structures in three ways:

1) X509 structure allocated with X509_new() and X509_free()

2) Fake X509 structure allocated with fake_x509_malloc() and fake_x509_free()
   May contain valid pointers inside.

3) Empty X509 structure shell allocated with tor_malloc_zero() and
   freed with tor_free()
2018-05-11 01:44:09 +00:00
Nick Mathewson
75e5b778e1 Merge remote-tracking branch 'public/bug25981' 2018-05-10 19:31:11 -04:00
rl1987
036df13a03 Tweak error handling for #25852 2018-05-10 16:45:57 +03:00
rl1987
8ad97b7dcf Avoid confusion with errno from libc 2018-05-10 16:33:08 +03:00
Nick Mathewson
b343ba9060 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-10 09:22:32 -04:00
Nick Mathewson
7ee67c47fa Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-10 09:22:32 -04:00
Nick Mathewson
382beb93cb Merge branch 'maint-0.3.3' 2018-05-10 09:22:32 -04:00
Nick Mathewson
2d61a83513 Merge remote-tracking branch 'dgoulet/bug26069_031_01' into maint-0.3.1 2018-05-10 09:22:14 -04:00
Nick Mathewson
f64fa6b19e Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-10 09:19:28 -04:00
Nick Mathewson
15b8c860d3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-10 09:19:28 -04:00
Nick Mathewson
2eff709edb Merge branch 'maint-0.3.3' 2018-05-10 09:19:28 -04:00
Nick Mathewson
ba70439210 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-10 09:19:28 -04:00
Nick Mathewson
edb6acf9ce Merge remote-tracking branch 'juga/ticket26007_029_02' into maint-0.2.9 2018-05-10 09:19:09 -04:00
David Goulet
6e99286d45 hs-v3: Add an extra white-space when parsing descriptor
The specification describes the signature token to be right after a newline
(\n) then the token "signature" and then a white-space followed by the encoded
signature.

This commit makes sure that when we parse the signature from the descriptor,
we are always looking for that extra white-space at the end of the token.

It will allow us also to support future fields that might start with
"signature".

Fixes #26069

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-10 09:16:50 -04:00
Nick Mathewson
1eede00a4b Merge branch 'ticket26063_squashed' 2018-05-10 09:13:28 -04:00
rl1987
36f7d0a940 Make _with_err return routerinfo, like old function does 2018-05-10 16:13:16 +03:00
Nick Mathewson
beca6a585c Merge branch 'ticket26064' 2018-05-10 09:05:15 -04:00
Nick Mathewson
8b4cf7771e Enable/disable per-second callback as needed.
There are three cases where this can happen: changes in our
controller events, changes in our DisableNetwork setting, and
changes in our hibernation state.

Closes ticket 26063.
2018-05-10 09:02:44 -04:00
Nick Mathewson
e722bba263 Add a new function to enable/disable the per-second timer as needed
We're about to use this to turn off the per-second timer when the
network is disabled and there aren't any per-second controller
events enabled.
2018-05-10 09:01:56 -04:00
Nick Mathewson
4218511ecd Remove a workaround for ancient libevent versions.
Libevent has accepted a const timeval argument to event_add() for a
very long time now.
2018-05-10 09:01:50 -04:00
Nick Mathewson
80f582ae18 Add functions to enable/disable periodic_event_t objects. 2018-05-10 09:01:27 -04:00
Nick Mathewson
a4a7939ae1 Merge remote-tracking branch 'dgoulet/ticket26062_034_01' 2018-05-10 08:04:03 -04:00
Nick Mathewson
59812789f7 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-10 08:03:04 -04:00
Nick Mathewson
e5acbbd16d Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-10 08:02:10 -04:00
Nick Mathewson
aa08c19703 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-10 08:00:35 -04:00
Mike Perry
1268baee9e Bug 25903: Report new CIRC_BW fields to control port. 2018-05-09 21:23:11 +00:00
Mike Perry
e07e95edd3 Bug 25903: Perform accounting for new CIRC_BW fields.
Two new values in each direction. DELIVERED counts valid end-to-end circuit
data that is accepted by our end and OVERHEAD counts the slack unused data in
each of the relay command cells for those accepted cells.

Control port changes are in the next commit.
2018-05-09 21:23:06 +00:00
Nick Mathewson
d972a8a944 Merge branch 'ticket26016' 2018-05-09 14:04:30 -04:00
Nick Mathewson
f684b48b5b Merge branch 'ticket26009' 2018-05-09 14:01:08 -04:00
Nick Mathewson
0abf09b2ce spelling fix 2018-05-09 14:01:00 -04:00
Nick Mathewson
15ce5a3e5a Fix some clang warnings 2018-05-09 14:01:00 -04:00
Nick Mathewson
c9f07f36bf Mark the 1-per-sec update_current_time() call as redundant.
We still do this time update here, since we do it from all
callbacks, but it is no longer a reason to keep the once-per-second
callback enabled.

Closes ticket 26009.
2018-05-09 14:01:00 -04:00
Nick Mathewson
285e7c98fd Distinguish true clock jumps from idleness
Since we're going to be disabling the second-elapsed callback, we're
going to sometimes have long periods when no events file, and so the
current second is not updated.  Handle that by having a better means
to detect "clock jumps" as opposed to "being idle for a while".
Tolerate far more of the latter.

Part of #26009.
2018-05-09 14:01:00 -04:00
Nick Mathewson
a1a7ebfb8d Give responsibility for waking up from DORMANT to a mainloop event
Closes ticket 26064.
2018-05-09 13:57:00 -04:00
David Goulet
bca8a104b2 Having a ControlPort open doesn't mean we are a client
The any_client_port_set() returns true if the ControlPort is set which is
wrong because we can have that port open but still not behave as a tor client
(like many relays for instance).

Fixes #26062

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-09 12:50:53 -04:00
David Goulet
67a41b6306 Having a ControlPort open doesn't mean we are a client
The options_any_client_port_set() returns true if the ControlPort is set which
is wrong because we can have that port open but still not behave as a tor
client (like many relays for instance).

Fixes #26062

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-09 12:49:34 -04:00
David Goulet
01ffe8e2f4 config: Move any_client_port_set() to config.c
This functions is now used outside of networkstatus.c and makes more sense to
be in config.c.

It is also renamed to options_any_client_port_set() for the config.c
namespace.

No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-09 12:36:39 -04:00
Nick Mathewson
fa7847e450 Use net_is_completely_disabled() in connection.c
This fixes the XXXX case that we had before, and also enforces the
rule that we won't open connections when we're in hard hibernation.
2018-05-09 12:26:50 -04:00
Nick Mathewson
7595eae52a Add a new net_is_completely_disabled() function 2018-05-09 12:21:08 -04:00
Nick Mathewson
c0feb698a0 Comment-only fix: annotate we_are_hibernating() usage
Everywhere we use we_are_hibernating(), remind the reader what it
means.

(Also, add an XXXX to note a DisableNetwork usage to change later.)
2018-05-09 12:18:39 -04:00
Nick Mathewson
50328533e3 Add we_are_fully_hibernating() to distinguish hibernation states
We want to tell "shut down" from "shutting down".
2018-05-09 12:11:14 -04:00
Nick Mathewson
0c19ce7bde Give control.c responsibility for its own once-a-second events
Now it has a function that can tell the rest of Tor whether any
once-a-second controller item should fire, and a function to fire
all the once-a-second events.
2018-05-09 12:06:52 -04:00
Nick Mathewson
79b38081e9 Add a macro to simplify control_update_global_event_mask(). 2018-05-09 12:02:19 -04:00
juga0
dbdde76f56 Test read bandwidth measurements with empty file 2018-05-09 15:58:25 +00:00
Nick Mathewson
abde29824c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-09 11:53:18 -04:00
Nick Mathewson
61d5ce83a1 Merge branch 'maint-0.3.3' 2018-05-09 11:53:18 -04:00
Nick Mathewson
394f102ea6 Merge remote-tracking branch 'asn-github/bug25761_032' into maint-0.3.2 2018-05-09 11:53:15 -04:00
teor
867fe40f91 Stop logging stack contents when reading a zero-length bandwidth file
When directory authorities read a zero-byte bandwidth file, they log
a warning with the contents of an uninitialised buffer. Log a warning
about the empty file instead.

Fixes bug 26007; bugfix on 0.2.2.1-alpha.
2018-05-09 15:19:28 +00:00
Nick Mathewson
9df20f6076 Merge branch 'maint-0.3.3' 2018-05-09 08:25:52 -04:00
Nick Mathewson
a639a67844 Merge branch 'libressl_201805_033' into maint-0.3.3 2018-05-09 08:25:32 -04:00
Nick Mathewson
e6d6347690 Merge remote-tracking branch 'public/bug26005_034' 2018-05-09 08:23:27 -04:00
George Kadianakis
7e8c5e3662 Detect when v3 services get disabled after HUP.
Remove v3 optimization which made Tor not detect disabling services.

This optimization is not so needed because we only call that function after HUP
anyway.

Fixes bug #25761.
2018-05-09 11:25:00 +03:00
George Kadianakis
5dc00c0661 Detect when v2 services get disabled after HUP.
During service configuration, rend_service_prune_list_impl_() sets
rend_service_staging_list to NULL, which blocked pruning after a HUP.

This patch initializes rend_service_staging_list when needed, so that HUP can
detect disabled onion services.

Fixes bug #25761.
2018-05-09 11:25:00 +03:00
Nick Mathewson
01d729cbfe Fix compilation of test_addr.c
This needs to include crypto_rand.h (which it didn't before it was
merged).
2018-05-08 20:20:54 -04:00
Nick Mathewson
a0f051137d Merge branch 'ticket25993_squashed' 2018-05-08 20:09:42 -04:00
Nick Mathewson
24ba5fd748 More unit tests for addressmap_get_virtual_address().
Previously the coverage on this function was mostly accidental,
coming as it did from test_entryconn.c.  These new tests use mocking
to ensure that we actually hit the different failure and retry cases
of addressmap_get_virtual_address(), and make our test coverage a
bit more deterministic.

Closes ticket 25993.
2018-05-08 20:09:33 -04:00
Taylor Yu
de343b4e42 Improve tolerance for dirauths with skewed clocks
Previously, an authority with a clock more than 60 seconds ahead could
cause a client with a correct clock to warn that the client's clock
was behind.  Now the clocks of a majority of directory authorities
have to be ahead of the client before this warning will occur.

Relax the early-consensus check so that a client's clock must be 60
seconds behind the earliest time that a given sufficiently-signed
consensus could possibly be available.

Add a new unit test that calls warn_early_consensus() directly.

Fixes bug 25756; bugfix on 0.2.2.25-alpha.
2018-05-08 17:59:03 -05:00
Taylor Yu
d6948bc776 Deindent warn_early_consensus()
Remove one level of indentation by returning early from the function.
2018-05-08 17:59:03 -05:00
Taylor Yu
0b80a0e500 Factor out warn_early_consensus()
Factor out the early consensus warning code from
networkstatus_set_current_consensus() into a new function
warn_early_consensus().
2018-05-08 17:59:03 -05:00
Taylor Yu
4921670a8c Test early-consensus clock skew warnings 2018-05-08 17:59:03 -05:00
Taylor Yu
be8306c1fb Add expect_no_log_msg_containing() 2018-05-08 17:59:03 -05:00
Taylor Yu
c223377ce6 Make clock_skew_warning() mockable 2018-05-08 17:59:03 -05:00
Taylor Yu
5bd2060054 tests: Add "now" param to construct_consensus()
construct_consensus() in test_routerlist.c created votes using a
timestamp from time().  Tests that called construct_consensus() might
have nondeterministic results if they rely on time() not changing too
much on two successive calls.

Neither existing of the two existing tests that calls
construct_consensus is likely to have a failure due to this problem.
2018-05-08 17:59:03 -05:00
Nick Mathewson
6bfa87d3aa Update rust submodule. 2018-05-08 18:51:31 -04:00
Isis Lovecruft
af182d4ab5
rust: Add crypto crate and implement Rust wrappers for SHA2 code.
* FIXES #24659: https://bugs.torproject.org/24659
2018-05-08 21:03:37 +00:00
Nick Mathewson
3df37d7b6b Merge branch 'bug26004_029_squashed' 2018-05-08 14:26:05 -04:00
Nick Mathewson
a17dc0875a Avoid unsigned integer underflow on empty input. 2018-05-08 14:24:29 -04:00
juga0
dbc80ad19b Allow bandwidth-file lines to have node_id in the last position
Closes ticket 26004.
2018-05-08 14:24:29 -04:00
Nick Mathewson
5edc72a45b Merge remote-tracking branch 'mikeperry/bug25870_rebase' 2018-05-08 14:12:29 -04:00
Nick Mathewson
2a4439adf3 Merge branch 'ticket26008' 2018-05-08 14:09:38 -04:00
Roger Dingledine
c3ae14549d minor cleanups on commit 17daab76
better punctuation and clearer wording
2018-05-08 12:21:24 -04:00
Fernando Fernandez Mancera
827b85e907 Make dh_param_* stuff static again.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-05-08 16:25:40 +02:00
Fernando Fernandez Mancera
ffbf8673b5 Include crypto_dh.h in order to solve dependency issues.
Included crypto_dh.h in some files in order to solve DH module dependency
issues.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-05-08 15:57:31 +02:00
Fernando Fernandez Mancera
f91469c165 Refactor crypto.[ch] into smaller DH module.
Add two new files (crypto_dh.c, crypto_dh.h) as new module of crypto.[ch]. This
new module includes all functions and dependencies related to DH operations.
Those have been removed from crypto.[ch].

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-05-08 15:51:39 +02:00
Fernando Fernandez Mancera
5b7a12d58a Add crypto_log_errors() to crypto_util.[ch]
crypto_log_errors() has been moved to crypto_util.[ch]. It was duplicated in
some files so they have been removed too.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-05-08 15:40:11 +02:00
Nick Mathewson
5ad72bc1f5 Merge remote-tracking branch 'catalyst-github/bug26036' 2018-05-07 14:38:26 -04:00
Nick Mathewson
8b1380cbd0 Don't crash when closing a connection before initializing libevent
Fixes bug 25981; bugfix on 96c5ac338a.  Bug not in any released
version of Tor.
2018-05-07 14:30:30 -04:00
Taylor Yu
9326abe16a Restore sys/random.h inclusion for getentropy()
Code movement for the refactoring for ticket 24658 didn't copy the
inclusion of sys/random.h, which is needed to get a prototype for
getentropy() on macOS 10.12 Sierra.  It also didn't copy the inclusion
of sys/syscall.h, which might prevent the getrandom() syscall from
being properly detected.  Move these inclusions.  Bug not in any
released Tor.
2018-05-07 12:56:12 -05:00
Nick Mathewson
17236a5842 Merge branch 'maint-0.3.3' 2018-05-07 13:33:19 -04:00
Nick Mathewson
46002aa691 Merge remote-tracking branch 'mikeperry/bug25733_029' into maint-0.3.3 2018-05-07 13:33:12 -04:00
Nick Mathewson
2c5841a8b8 Merge remote-tracking branch 'saper/default_nickname' 2018-05-07 13:31:03 -04:00
Nick Mathewson
a1a32b4834 Merge branch 'ticket26014' 2018-05-07 12:07:53 -04:00
Nick Mathewson
fd1d0a7d2e Merge remote-tracking branch 'mikeperry/bug25705_v3_033' 2018-05-07 11:09:25 -04:00
Nick Mathewson
6e3e96d2ff Fix the selection of events to cancel in test_workqueue.c
Our previous algorithm had a nonzero probability of picking no
events to cancel, which is of course incorrect.  The new code uses
Vitter's good old reservoir sampling "algorithm R" from 1985.

Fixes bug 26008; bugfix on 0.2.6.3-alpha.
2018-05-06 21:03:26 -04:00
Nick Mathewson
d14c245a0f Add unit test for ..get_start_of_next_voting_interval().
This functionality was covered only accidentally by our voting-test
code, and as such wasn't actually tested at all.  The tests that
called it made its coverage nondeterministic, depending on what time
of day you ran the tests.

Closes ticket 26014.
2018-05-06 20:42:18 -04:00
rl1987
b00d17aa9e Improve GETCONF exit-policy/* error handling
This will yield different error codes for transient and permament
errors. Furthermore, Tor will give human readable error
messages to controller.
2018-05-05 16:12:00 +02:00
Isis Lovecruft
f36656cada
build: Fix missing include for src/rust/external/crypto_rand.rs file.
* FIXES #26025: https://bugs.torproject.org/26025
2018-05-04 22:23:17 +00:00
Isis Lovecruft
f1864ff4a1
rust: Update Cargo.lock file with changes from #26024. 2018-05-04 20:41:25 +00:00
Isis Lovecruft
36dd2a467f
rust: Update submodule commit for src/ext/rust directory.
* FIXES part of #26024: https://bugs.torproject.org/26024
2018-05-04 20:37:16 +00:00
Isis Lovecruft
b5bd19ea05
Update rand dependency from 0.5.0-pre.0 to 0.5.0-pre.1. 2018-05-04 19:16:42 +00:00
Nick Mathewson
6f8b961a65 I should have tested before I pushed. 2018-05-03 20:16:53 -04:00
Nick Mathewson
08e525c198 Merge remote-tracking branch 'github/ticket25995' 2018-05-03 16:52:09 -04:00
Nick Mathewson
80b9a589bb Merge remote-tracking branch 'dgoulet/ticket25914_034_01' 2018-05-03 16:48:03 -04:00
Nick Mathewson
2f269bfaf1 Add src/rust/rand to include.am 2018-05-03 16:16:09 -04:00
Nick Mathewson
2d07aef3cc Move some includes around to try to fix windows builds 2018-05-03 16:14:38 -04:00
Nick Mathewson
bd153e4640 Update rust dependencies to latest version. 2018-05-03 13:55:55 -04:00
Nick Mathewson
c3b7258370 Merge remote-tracking branch 'isis/bug24660_r1' 2018-05-03 13:50:18 -04:00
Nick Mathewson
48d8fe533e Merge remote-tracking branch 'dgoulet/ticket25990_034_01' 2018-05-03 13:40:10 -04:00
Nick Mathewson
89cafc4afa Use OPENSSL_1_1_API in place of raw OPENSSL_VERSION_NUMBER checks
This is needed for libressl-2.6.4 compatibility, which we broke when
we merged a15b2c57e1 to fix bug 19981.  Fixes bug 26005; bug
not in any released Tor.
2018-05-03 13:33:14 -04:00
Nick Mathewson
b0e5757710 Refactor to remove n_libevent_errors
We cleared this value in second_elapsed_callback.  But what were we
using it for?  For detecting if Libevent returned EINVAL too often!
We already have a way to detect too-frequent events, and that's with
a ratelim_t.  Refactor the code to use that instead.  Closes ticket
26016.
2018-05-03 12:44:00 -04:00
Nick Mathewson
83137275a7 Add update_current_time() calls to periodic and event-driven callbacks
This is part of 26009, where we're going to keep track of the
current time and its jumps without having to do so in
second_elapsed_callback.
2018-05-03 12:02:10 -04:00
Nick Mathewson
1d16b7124f Basic unit tests for update_current_time().
This function is about to get more complicated, so we should track
how it's working.
2018-05-03 12:02:10 -04:00
Nick Mathewson
b0598f2a12 Move the "update the current second" code from second_elapsed_callback
This now happens in a new function, with the intent of having it
invoked from our callbacks.  This is one step on the way to 26009.
2018-05-03 12:02:10 -04:00
Nick Mathewson
5e0316142f Merge remote-tracking branch 'github/ticket25952' 2018-05-03 11:59:53 -04:00
Nick Mathewson
ed636de4cc Merge remote-tracking branch 'github/ticket25951' 2018-05-03 11:59:31 -04:00
Nick Mathewson
be9f0e5f20 Merge remote-tracking branch 'github/ticket25949' 2018-05-03 11:57:09 -04:00
David Goulet
319505d38c hs-v3: Remove extra white-space and clarify comment
From Neel's latest patch on optimizing the hs_circ_service_get_intro_circ()
digest calculation, remove an extra white-space and clarify a comment of the
legacy key digest to inform when to use it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-03 09:34:50 -04:00
David Goulet
2e8eb1d5e3 Merge remote-tracking branch 'asn/bug23107' 2018-05-03 09:33:42 -04:00
Isis Lovecruft
94dcd38a14
rust: Expose crypto_rand() as an impl of rand_core::RngCore. 2018-05-02 22:12:38 +00:00
Nick Mathewson
eb00eff09d Merge branch 'ticket25997' 2018-05-02 16:03:57 -04:00
David Goulet
1f739e9b06 dirauth: Move authdir_mode_v3() to module
This function must return false if the module is not compiled in. In order to
do that, we move the authdir_mode_v3() function out of router.c and into the
dirauth module new header file named mode.h.

It is always returning false if we don't have the module.

Closes #25990

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-02 13:42:24 -04:00
Nick Mathewson
e386d61c9b Make hs_get_responsible_hsdirs() deterministic.
This test was using the current time to pick the time period number,
and a randomly generated hs key.  Therefore, it sometimes picked an
index that would wrap around the example dht, and sometimes would
not.

The fix here is just to fix the time period and the public key.

Fixes bug 25997; bugfix on 0.3.2.1-alpha.
2018-05-02 10:17:46 -04:00
David Goulet
1ef1ed76d8 dirvote: Fix typo in comment
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-02 09:06:40 -04:00
Nick Mathewson
246765342e Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-02 08:46:28 -04:00
Nick Mathewson
993e314c6f Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-02 08:46:28 -04:00
Nick Mathewson
c66b512671 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-02 08:46:28 -04:00
Nick Mathewson
8625f36de1 Merge branch 'maint-0.3.3' 2018-05-02 08:46:28 -04:00
Nick Mathewson
f26d6ead21 Merge branch 'ticket25996' 2018-05-02 08:45:35 -04:00
teor
d465bd27ed
Stop logging stack contents when reading a zero-length bandwidth file
When directory authorities read a zero-byte bandwidth file, they log
a warning with the contents of an uninitialised buffer. Log a warning
about the empty file instead.

Fixes bug 26007; bugfix on 0.2.2.1-alpha.
2018-05-02 22:36:23 +10:00
Nick Mathewson
bf3e899dce Merge branch 'libressl_201805_029' into maint-0.3.3 2018-05-02 08:26:49 -04:00
Nick Mathewson
75f3fbaa3c LibreSSL compatibility fixes.
LibreSSL, despite not having the OpenSSL 1.1 API, does define
OPENSSL_VERSION in crypto.h.  Additionally, it apparently annotates
some functions as returning NULL, so that our unit tests need to be
more careful about checking for NULL so they don't get compilation
warnings.

Closes ticket 26006.
2018-05-02 08:22:05 -04:00
Georg Koppen
da8996d611 Bug 26000: Fix missing ";" 2018-05-02 07:46:05 -04:00
Neel Chauhan
af70d3c459 Optimize legacy intro point digest calculation. 2018-05-02 14:08:28 +03:00
Nick Mathewson
a2b53c1d0b coverage: Repeat the test for avoiding failed intro points
This test, in test_client_pick_intro(), will have different coverage
depending on whether it selects a good intro point the first time or
whether it has to try a few times.  Since it produces the shorter
coverage with P=1/4, repeat this test 64 times so that it only
provides reduced coverage with P=1/2^128.  The performance cost is
negligible.

Closes ticket 25996.  This test was introduced in 0.3.2.1-alpha.
2018-05-01 19:58:39 -04:00
Nick Mathewson
19b53e2645 Use a deterministic PRNG in test_circuit_timeout()
I'd prefer not to do this for randomized tests, but as things stand
with this test, it produces nondeterministic test coverage.

Closes ticket 25995; bugfix on 0.2.2.2-alpha when this test was
introduced.
2018-05-01 19:34:21 -04:00
Nick Mathewson
24299d385d Hold monotonic time constant during channel/outbound_cell test
This change should make it impossible for the monotonic time to roll
over from one EWMA tick to the next during this test, and make it so
that this test never invokes scale_active_circuits() (which it
doesn't test).

(Earlier changes during the 0.3.4 series should make this call even
rarer than it was before, since we fixed #25927 and removed
cached_gettimeofday.  Because this test didn't update
cached_gettimeofday, the chance of rolling over a 10-second interval
was much higher.)

Closes ticket 25994; bugfix on 0.3.3.1-alpha when this test was
introduced.
2018-05-01 18:44:11 -04:00
Nick Mathewson
60fad8d41f Stop using approx_time() in circuitmux_ewma.
It doesn't match with the tick-count code any longer.

Bug not in any released Tor.
2018-05-01 18:28:01 -04:00
Mike Perry
937260af6a Bug 25705: Don't count circuit path failures as build failures.
Also emit a rate limited log message when they happen, since they are likely
correlated with other issues.
2018-05-01 19:47:07 +00:00
Nick Mathewson
5162cf5021 Mark bug cases of addressmap_get_virtual_address as non-covered 2018-05-01 15:28:40 -04:00
Nick Mathewson
5c5392fea7 Merge remote-tracking branch 'github/eliminate_gettimeofday_cached' 2018-05-01 13:27:02 -04:00
Nick Mathewson
b396e4e429 Move unreachable port warnings to a periodic event.
Arguably, the conditions under which these events happen should be a
bit different, but the rules are complex enough here that I've tried
to have this commit be pure refactoring.

Closes ticket 25952.

Finally, before this code goes away, take a moment to look at the
amazing way that we used to try to have an event happen
every N seconds:

      get_uptime() / N != (get_uptime()+seconds_elapsed) / N

Truly, it is a thing of wonder.  I'm glad we didn't start using this
pattern everywhere else.
2018-05-01 13:14:18 -04:00
David Goulet
2b6c13267f dirvote: Make tokens a const in dirvote_parse_sr_commits()
Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:45:34 -04:00
David Goulet
5db331e8fc Make find_opt_by_keyword() take a const smartlist
Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:45:34 -04:00
David Goulet
70c92c3366 sr: Rename shared_random_common.{c|h} to shared_random_client.{c|h}
No code behavior change.

Pars of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:45:34 -04:00
David Goulet
2d79d0155e vote: Move dirvote_recalculate_timing() to voting_schedule.c
By doing so, it is renamed to voting_schedule_recalculate_timing(). This
required a lot of changes to include voting_schedule.h everywhere that this
function was used.

This effectively now makes voting_schedule.{c|h} not include dirauth/dirvote.h
for that symbol and thus no dependency on the dirauth module anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:45:34 -04:00
David Goulet
e504b1b358 vote: Namespace functions in voting_schedule.c
Rename them from dirvote_* to voting_schedule_*.

No code behavior change.

Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:43:23 -04:00
David Goulet
711ff6cdf7 Rename dirvote_common.{c|h} to voting_schedule.{c|h}
No code behavior change.

Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:43:23 -04:00
David Goulet
6452fe78c2 dirvote: Make dirvote_get_preferred_voting_intervals() static
This function doesn't need to be public from the dirvote common file (which
will get renamed in future commit) so move it to dirauth/dirvote.c and make it
static.

Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:43:23 -04:00
David Goulet
098b7fe25b ns: Move dirvote_get_voter_sig_by_alg() to networkstatus.c
It makes more sense to be in networkstatus.c so move it there and rename it
with the "networkstatus_" prefix.

Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:43:23 -04:00
Nick Mathewson
4a559e9960 Refactor to use safe_timer_diff. 2018-05-01 10:56:56 -04:00
Nick Mathewson
a73603653a Reschedule voting callback when any cfg option affecting it changes. 2018-05-01 10:54:54 -04:00
Nick Mathewson
234e317ef1 Ensure that voting is rescheduled whenever the schedule changes. 2018-05-01 10:54:54 -04:00
Nick Mathewson
6868398b69 Move responsibility for voting into a separate periodic callback.
Closes ticket25937.
2018-05-01 10:54:54 -04:00
Nick Mathewson
9870497f9d Update dirvote_act() to return the time of its next action.
This is remarkably simple, given the macros in the last commit.
2018-05-01 10:52:16 -04:00
Nick Mathewson
4f184415cc Start refactoring dirvote_act() towards self-scheduling
This change should have no behavioral effect: it just uses macros to
describe the current control flow.
2018-05-01 10:51:08 -04:00
Nick Mathewson
bbf0b92b1c Fix an assertion failure introduced by #25948
Apparently, we can decide our state is dirty before we create the
event to tell the mainloop that we should save it.  That's not a
problem, except for the assertion failure.
2018-05-01 10:47:44 -04:00
Nick Mathewson
9ece027d60 Merge remote-tracking branch 'ffmancera-1/bug20522' 2018-05-01 10:43:40 -04:00
Nick Mathewson
77b7eb2795 Remove responsibility for flushing log cbs from mainloop
This is now handled as-needed as the control module is flushing its
own callbacks.  Closes ticket 25951.
2018-05-01 10:38:46 -04:00
Nick Mathewson
d018bf199c Merge remote-tracking branch 'dgoulet/ticket25610_034_01-squashed' 2018-05-01 10:29:05 -04:00
Nick Mathewson
0d8604c763 Give queued_events_flush_all() responsibility for flushing log cbs
This requires that when a log cb happens, the event for flushing
queued events is scheduled, so we also add the necessary machinery
to have that happen.

Note that this doesn't actually help with logs from outside the main
thread, but those were already suppressed: see #25987 for a ticket
tracking that issue.
2018-05-01 10:26:04 -04:00
Nick Mathewson
b0224bf728 Add a mechanism for the logging system to report queued callbacks
Sometimes the logging system will queue a log message for later.
When it does this, the callback will either get flushed at the next
safe time, or from the second-elapsed callback.

But we're trying to eliminate the second-elapsed callback, so let's
make a way for the log system to tell its users about this.
2018-05-01 10:18:49 -04:00
David Goulet
d8509b450a vote: Return error when adding vote/signature if no dirauth module
Commit 0f3b765b3c added
tor_assert_nonfatal_unreached() to dirvote_add_vote() and
dirvote_add_signatures() when the dirauth module is disabled.

However, they need to return a value. Furthermore, the dirvote_add_vote()
needs to set the msg_out and status_out so it can be sent back. Else,
uninitialized values would be used.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:15:28 -04:00
David Goulet
15e8ce3937 Move back dirvote_authority_cert_dup to dirvote.c
Originally, it was made public outside of the dirauth module but it is no
longer needed. In doing so, we put it back in dirvote.c and reverted its name
to the original one:

dirvote_authority_cert_dup() --> authority_cert_dup()

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
43bba89656 build: Always compile module support for tests
The --disable-module-* configure option removes code from the final binary but
we still build the unit tests with the disable module(s) so we can actually
test that code path all the time and not forget about it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
a2ff4975f3 dirvote: Move the vote creation code into dirvote.c
This code is only for dirauth so this commit moves it into the module in
dirvote.c.

No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
0f3b765b3c dirvote: Handling adding vote and signature if module is disabled
Both functions are used for directory request but they can only be used if the
running tor instance is a directory authority.

For this reason, make those symbols visible but hard assert() if they are
called when the module is disabled. This would mean we failed to safeguard the
entry point into the module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
fdc01cb40e dirvote: Move the handling of GET /tor/status-vote to dirauth module
In order to further isolate the dirauth code into its module, this moves the
handling of the directory request GET /tor/status-vote/* into the module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:08 -04:00
David Goulet
6ee6533fd8 dirvote: Free vote commits in the dirauth module
In order to make sr_commit_free() only used by the dirauth module, this
commits moves the commits free from a vote object into the dirvote.c file
which is now only for the module.

The function does nothing if the module is disabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:06:13 -04:00
Nick Mathewson
4cf6b67f5e Merge remote-tracking branch 'neel/b23094' 2018-05-01 08:56:23 -04:00
Nick Mathewson
07b486c17a Merge branch 'bug24734_squashed' 2018-05-01 08:51:32 -04:00
Neel Chauhan
5458ff20a5 Remove the return value from the fascist_firewall_choose_address_* family of functions 2018-05-01 08:51:16 -04:00
Neel Chauhan
ddb2b965de Initialize ap in the fascist_firewall_choose_address_* family of functions to 0 2018-05-01 08:51:15 -04:00
George Kadianakis
e17f436fff Fix memleak found by unittests. 2018-05-01 00:59:27 +00:00
George Kadianakis
627d2fdbf0 Write unittests to check basic vanguard path selection.
Adds two unittests:
- First checks the path selection of basic Tor circs.
- Second checks the path selection of vanguard circs.

There is a TODO on the second unittest that we might want to test sooner than
later, but it's not trivial to do it right now.

To do these unittests we needed the following mods:
- Make some functions STATIC.
- Add some more fields to the big fake network nodes of test_entrynodes.c
- Switch fake node nicknames to base32 (because base64 does not produce valid nicknames).
2018-05-01 00:59:27 +00:00
Mike Perry
289c04b065 Bug 25870: Allow 4th hop of vanguard circuits to be the guard.
This prevents a malicious RP/IP from learning the guard node in the case that
we are using only one (because we aren't using two guards, or because one of
those two guards is temporarily down).

This ensures the "strong" version of Property #6 from
https://lists.torproject.org/pipermail/tor-dev/2018-April/013098.html
(Information about the guard(s) does not leak to the website/RP at all).
2018-05-01 00:59:21 +00:00
Mike Perry
e34bf50604 Bug 25870: Prevent the creation of A - B - A vanguard sub-paths.
These paths are illegal in Tor and relays will reject them.

We do this by using specific nodes in the exclude list (but ignore /16 and
family).
2018-05-01 00:59:10 +00:00
Nick Mathewson
3a2470762d Add a cast to make clang happy. 2018-04-30 17:14:40 -04:00
Nick Mathewson
72124dc1ef Merge branch 'ticket25948_squashed' 2018-04-30 16:46:59 -04:00
Nick Mathewson
987a7f6676 Move responsibility for or_state_save() to a scheduled callback
Closes ticket 25948.
2018-04-30 16:46:52 -04:00
Nick Mathewson
d1a0534649 Make unit tests pass with new dirserver role. 2018-04-30 10:36:00 -04:00
Nick Mathewson
3800d5916f Merge remote-tracking branch 'dgoulet/ticket25900_034_01' 2018-04-30 10:27:22 -04:00
Nick Mathewson
b205061eb1 Describe schedules as TimeInterval, not TimeIntervalCommaList. 2018-04-30 09:47:35 -04:00
Nick Mathewson
6cb467b462 Merge remote-tracking branch 'github/ticket23354' 2018-04-30 09:45:28 -04:00
Nick Mathewson
a9736f1f38 Merge remote-tracking branch 'github/ticket19429_034' 2018-04-30 09:41:33 -04:00
Marcin Cieślak
0c7740b7de Document default value for Nickname 2018-04-29 13:54:56 +00:00
Neel Chauhan
bfe5a739b7 Make hsdir_index in node_t a hsdir_index_t rather than a pointer. 2018-04-28 20:35:30 -04:00
Mike Perry
d634c1ba6b Bug 25870: Allow the last hop in a vanguard circuit to be our guard.
The last hop in vanguard circuits can be an RP/IP/HSDir.

Since vanguard circuits are at least 3 hops (sometimes 4) before this node,
this change will not cause A - B - A paths.
2018-04-28 01:26:50 +03:00
Nick Mathewson
cb0af6157c Move stdbool include to torint.h
It's friday, and this seems like a good idea, and they're egging me
on in IRC.
2018-04-27 15:08:27 -04:00
Nick Mathewson
d6a773f57d Only define X509_get_not{BeforeAfter} if they are not defined
(The originally submitted version of a15b2c57e1 broke
with OpenSSL 1.1.0.)
2018-04-27 12:55:52 -04:00
Nick Mathewson
346c2eb4e6 Merge branch 'bug25843_v2_squashed' 2018-04-27 12:45:07 -04:00
George Kadianakis
d00ed406e0 Introduce torrc option NumPrimaryGuards 2018-04-27 12:44:54 -04:00
David Goulet
2963e65c30 dirvote: Move SR commit parsing into dirauth module
When parsing a vote in routerparse.c, only dirauth extract the commits from
the vote so move all this code into dirvote.c so we can make it specific to
the dirauth module.

If the dirauth module is disabled, the commit parsing does nothing.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
d7e4706f22 ns: Move ns_detached_signatures_free() to networkstatus.c
From dirvote.c to networkstatus.c where it makes more sense both in terms of
namespace and subsystem responsability.

This removes one less dependency on the dirauth module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
35ff2a3b86 dirvote: Rename authority_cert_dup()
Renamed to follow the file namespace.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
43bee06dd0 dirvote: Rename voter_get_sig_by_algorithm()
In order to follow the public namespace of dirvote.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
26817d9d22 dirvote: Extract shared functions to common file
No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
79a1112a49 sr: Static inline functions if no dirauth module
Add static inline dirauth public functions used outside of the dirauth module
so they can be seen by the tor code but simply do nothing.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
bdcf3a3839 sr: Extract shared SR functions
Move most of the shared random functions that are needed outside of the
dirauth module.

At this commit, because dirvote.c hasn't been refactor, it doesn't compile
because some SR functions need a dirvote function.

Furthermore, 5 functions haven't been touched yet because they are dirauth
only but are in used in other C files than the dirauth module ones.

No code behavior change. Only moving code around.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
2115a54b4a mod: Move dirauth specific files to its own module
This is a pretty big commit but it only moves these files to src/or/dirauth:

  dircollate.c dirvote.c shared_random.c shared_random_state.c
  dircollate.h dirvote.h shared_random.h shared_random_state.h

Then many files are modified to change the include line for those header files
that have moved into a new directory.

Without using --disable-module-dirauth, everything builds fine. When using the
flag to disable the module, tor doesn't build due to linking errors. This will
be addressed in the next commit(s).

No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
35d86b088d dirvote: Reorganize the dirvote.h file
Remove useless include.

Clearly identify functions that are used by other part of Tor, functions that
are only used by the dirauth subsystem and functions that are exposed for unit
tests.

This will help us in the dirauth modularization effort.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
5e1e906a5c dirvote: Move voting_schedule_t to dirvote.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
d177067860 dirvote: Trim down the public API
Many functions become static to the C file or exposed to the tests within the
PRIVATE define of dirvote.h.

This commit moves a function to the top. No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
f0838e7257 config: Make circuit_build_times_disabled() use authdir_mode()
Don't access the AuthoritativeDir options directly. We do this so we can move
authdir_mode() to the dirauth module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
b27dc1cfb5 mod: Build system changes for dirauth module
Make our build system support a disable dirauth module option. It can only be
disabled explicitly with:

  $ ./configure --disable-module-dirauth

If *not* specified that is enabled, an automake conditional variable is set to
true and a defined value for the C code:

  AM_CONDITIONAL: BUILD_MODULE_DIRAUTH
  AC_DEFINE: HAVE_MODULE_DIRAUTH=1

This introduces the dirauth/ module directory in src/or/ for which .c files
are only compiled if the BUILD_MODULE_DIRAUTH is set.

All the header files are compiled in regardless of the support so we can use
the alternative entry point functions of the dirauth subsystem.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
8b58e1e323 test: Unit test for the HS service event rescan
Because we rescan the main loop event list if the global map of services has
changed, this makes sure it does work.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:16:57 -04:00
David Goulet
f7633c1fca hs: Rescan the main loop event list if the service map changes
Because ADD_ONION/DEL_ONION can modify the global service map (both for v2 and
v3), we need to rescan the event list so we either enable or disable the HS
service main loop event.

Fixees #25939

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:16:57 -04:00
David Goulet
3ab017b10c main: Don't rescan main loop events if not initialized
This is done because it makes our life easier with unit tests. Also, a rescan
on an uninitialized event list will result in a stacktrace.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:16:57 -04:00
Nick Mathewson
57f557747d Move responsibility for deferred SIGNEWNYM into a mainloop event
Closes ticket 25949.
2018-04-27 10:45:12 -04:00
Nick Mathewson
9f8b60d74c Move or_state_mark_dirty into statefile.c
Previously it was an inline function in or.h
2018-04-27 10:09:16 -04:00
Nick Mathewson
3a47dfed34 Merge branch 'ticket25376_034_031_squashed' 2018-04-27 09:28:43 -04:00
David Goulet
d6903e9e87 hibernation: Rescan the event list on state change
When we change the hibernation state, rescan the main loop event list because
the new state might affect the events.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 09:28:00 -04:00
David Goulet
05d314f888 main: Add mainloop callback event flags
Implement the ability to set flags per events which influences the set up of
the event.

This commit only adds one flag which is "need network" meaning that the event
is not enabled if tor has disabled the network or if hibernation mode.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 09:28:00 -04:00
Nick Mathewson
cc74dc0066 Merge branch 'ticket25933' 2018-04-26 18:40:27 -04:00
Mike Perry
35e7902116 Bug 25733: Avoid assert failure if all circuits time out.
Prior to #23100, we were not counting HS circuit build times in our
calculation of the timeout. This could lead to a condition where our timeout
was set too low, based on non HS circuit build times, and then we would
abandon all HS circuits, storing no valid timeouts in the histogram.

This commit avoids the assert.
2018-04-26 21:28:28 +00:00
Nick Mathewson
302908657f Fix a test assertion failure due to uninitialized mainloop events
Bug not in any released Tor.
2018-04-26 14:39:26 -04:00
David Goulet
9fd319168b test: Add missing geoip_dummy file to EXTRA_DIST
Needed to run tests from the tarball else the geoip unit test would fail by
not finding that file.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-26 14:15:24 -04:00
Nick Mathewson
857e210b7d Merge branch 'ticket25931' 2018-04-26 13:52:16 -04:00
Nick Mathewson
ff796ad087 Remove connection_ap_attach_pending() from per-second callback.
In 25374, we created the necessary post-loop event for scheduling
connection_ap_attach_pending as needed.  Before that, we were
already running this event once per mainloop.  There's no reason to
also run it once per second.

Closes ticket 25933.  No changes file, since the relevant change is
already in 25374.  Or possibly in 17590, depending on how you look
at it.
2018-04-26 13:37:13 -04:00
Nick Mathewson
96c5ac338a Move close-and-cleanup functions to a postloop event.
Implements ticket 25932.
2018-04-26 13:15:38 -04:00
Nick Mathewson
8a81a70878 Move consdiffmgr_rescan() into a mainloop event.
The change here was very simple, since there is a flag set whenever
we want to schedule this event.

Closes ticket 25391.
m
2018-04-26 12:20:01 -04:00
Nick Mathewson
9abf541f7f Add a function to compute millisecond time difference quickly.
Our main function, though accurate on all platforms, can be very
slow on 32-bit hosts.  This one is faster on all 32-bit hosts, and
accurate everywhere except apple, where it will typically be off by
1%.  But since 32-bit apple is a relic anyway, I think we should be
fine.
2018-04-26 12:01:48 -04:00
Nick Mathewson
7cbc44eeb1 Remove the "cached gettimeofday" logic.
Previously were using this value to have a cheap highish-resolution
timer.  But we were only using it in one place, and current dogma is
to use monotime_coarse_t for this kind of thing.
2018-04-26 12:01:48 -04:00
Nick Mathewson
5e395ba2c2 Rewrite time-handling in circuitmux_ewma to use monotime_coarse
This part of the code was the only part that used "cached
getttimeofday" feature, which wasn't monotonic, which we updated at
slight expense, and which I'd rather not maintain.
2018-04-26 11:50:58 -04:00
David Goulet
7b09282dc7 Merge remote-tracking branch 'dgoulet/ticket25515_034_01-squashed' 2018-04-26 11:38:15 -04:00
juga0
f4ad30448a Recover newline at the EOF, removed by mistake
in 071236e3e2.
2018-04-26 11:33:22 -04:00
juga0
3d4bbf94c6 tests: Add forgotten empty file required for geoip 2018-04-26 11:33:22 -04:00
juga0
d0ad74e0f6 Add clarification about type of file expected 2018-04-26 11:33:22 -04:00
juga0
96469b82f8 Remove FIXME about comparing num countries,
* remove the fixme since clearing the countries should be other issue
* remove unused variables related to it since that cause travis to fail
2018-04-26 11:33:22 -04:00
Isis Lovecruft
6a28a82998 tests: Fix a couple typos and remove unnecessary inline comments. 2018-04-26 11:33:22 -04:00
Isis Lovecruft
3f967bfbd1 tests: Skip two more geoip_load_file tests on Windows.
* FIXES part of #25515: https://bugs.torproject.org/25515
2018-04-26 11:33:22 -04:00
Nick Mathewson
33cba1195b Remove a blank line that was bothering me. 2018-04-26 09:10:58 -04:00
David Goulet
868e348570 callbacks: Add a DirServer role
The clean_consdiffmgr() callback is only for relays acting as a directory
server, not all relays.

This commit adds a role for only directory server and sets the
clean_consdiffmgr() callback to use it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-25 14:21:19 -04:00
David Goulet
b6f7e23bbd clean_consdiffmgr() callback is only for directories
Only relevant for directory servers.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-25 14:12:38 -04:00
David Goulet
1a181a476e Remove dead code in networkstatus.c
We can't end up in the removed else {} condition since we first validate the
flavor we get and then we validate the flavor we parse from the given
consensus which means we can only handle the two flavors of the if/elseif
conditions.

Fixes #25914

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-25 09:35:32 -04:00
Nick Mathewson
2748dd0f1c Ignore CircuitPriorityHalflife values under -EPSILON.
Previously, we were ignoring values _over_ EPSILON.  This bug was
also causing a warning at startup because the default value is set
to -1.0.

Fixes bug 25577; bugfix on 6b1dba214d.  Bug not in any released tor.
2018-04-25 09:15:47 -04:00
Nick Mathewson
58f54a3588 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-25 08:01:54 -04:00
Nick Mathewson
a052eea480 Merge branch 'maint-0.3.3' 2018-04-25 08:01:54 -04:00
Nick Mathewson
7c3f87eb4b Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-25 08:01:53 -04:00
Nick Mathewson
bb35405d2a Fix a copy-paste error in the fix for #23693.
Found by coverity; CID 25912; bug not in any released Tor.
2018-04-25 08:00:55 -04:00
Nick Mathewson
ea3c3a10a2 Merge branch 'maint-0.3.3' 2018-04-24 10:37:36 -04:00
Nick Mathewson
7e7b052b2a Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-24 10:37:36 -04:00
Nick Mathewson
9187cdb1cd Merge remote-tracking branch 'dgoulet/bug25901_032_01' into maint-0.3.2 2018-04-24 10:36:17 -04:00
Nick Mathewson
9be7608fda Merge branch 'maint-0.3.3' 2018-04-24 08:51:58 -04:00
Nick Mathewson
6182f60f75 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-24 08:51:55 -04:00
Nick Mathewson
d2951b381b Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-24 08:49:24 -04:00
Nick Mathewson
e888634076 Merge remote-tracking branch 'public/bug23693_031_redux' into maint-0.3.1 2018-04-24 08:49:20 -04:00
David Goulet
b259008c56 hs: Fix memleak in v3 on SIGHUP
Fixes #25901

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 11:09:57 -04:00
Nick Mathewson
192c7c8bf9 Merge remote-tracking branch 'dgoulet/ticket25762_034_05' 2018-04-23 11:02:05 -04:00
David Goulet
665e23c59a test: Add periodic events unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:57:28 -04:00
David Goulet
87cb9ce900 main: Update periodic events comment based on latest code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:57:28 -04:00
Nick Mathewson
f70fa67da6 main: Use rescan_periodic_events in initialize_periodic_events_cb 2018-04-23 10:57:28 -04:00
David Goulet
4e85f17eec periodic: Add an enable and disable function
Two helper functions to enable an event and disable an event which wraps the
launch and destroy of an event but takes care of the enabled flag.

They are also idempotent that is can be called multiple time on the same event
without effect if the event was already enabled or disabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:57:28 -04:00
David Goulet
1d864987cb config: Set up periodic events when options changes
In case we transitionned to a new role in Tor, we need to launch and/or
destroy some periodic events.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:57:28 -04:00
David Goulet
a4fcdc5dec main: Launch periodic events by roles
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:57:28 -04:00
David Goulet
ed89bb3253 main: Specialize the periodic events on a per-role basis
In tor, we have a series of possible "roles" that the tor daemon can be
enabled for. They are:

  Client, Bridge, Relay, Authority (directory or bridge) and Onion service.

They can be combined sometimes. For instance, a Directory Authority is also a
Relay. This adds a "roles" field to a periodic event item object which is used
to know for which roles the event is for.

The next step is to enable the event only if the roles apply. No behavior
change at this commit.

Pars of #25762

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:21:59 -04:00
David Goulet
269cd5dba7 main: Sort alphabetically periodic event callbacks
No behavior change, just to make it easier to find callbacks and for the sake
of our human brain to parse the list properly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:21:59 -04:00
Nick Mathewson
3527f4b8a4 Merge remote-tracking branch 'github/lazy_bucket_refill' 2018-04-23 09:47:05 -04:00
Nick Mathewson
e8683bcbb1 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-23 09:24:33 -04:00
Nick Mathewson
1438c6c713 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-23 09:23:31 -04:00
Nick Mathewson
5c3639923f Merge branch 'maint-0.2.9' into maint-0.3.1 2018-04-23 09:23:31 -04:00
Nick Mathewson
c5ffcbb43f Merge branch 'maint-0.3.3' 2018-04-23 09:23:31 -04:00
Nick Mathewson
beb321d8cd Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-23 09:23:31 -04:00
Nick Mathewson
c4be6dfeab Permit the nanosleep system call in the seccomp2 callbox
Fixes bug 24969; bugfix on 0.2.5.1-alpha when the sandbox was introduced.
2018-04-23 09:15:40 -04:00
Nick Mathewson
cd3fc2aa48 Merge remote-tracking branch 'neel/b25511-r4' 2018-04-23 09:13:24 -04:00
Nick Mathewson
915791bc48 Merge branch 'ticket25024_squashed' 2018-04-22 20:53:04 -04:00
Deepesh Pathak
72bfcb37f1 add changes file and update check-typos in makefile 2018-04-22 20:48:48 -04:00
Nick Mathewson
1ba9b7e013 Merge remote-tracking branch 'mikeperry/bug25400_squashed' 2018-04-22 20:39:35 -04:00
Nick Mathewson
0e8ae82a87 Merge branch 'remove_old_consensus_methods_2018_squashed' 2018-04-22 20:01:09 -04:00
Nick Mathewson
2609a8be81 Require MIN_METHOD_FOR_RECOMMENDED_PROTOCOLS
(Remove support for running without this method.)
2018-04-22 20:00:47 -04:00
Nick Mathewson
5f90d28c01 Remove MIN_METHOD_FOR_{SHARED_RANDOM,EXCLUDING_INVALID_NODES}
Also remove client detection for pre-EXCLUDING_INVALID_NODES
consensuses, and a test for that detection.
2018-04-22 20:00:47 -04:00
Nick Mathewson
73c9c16faa Remove MIN_METHOD_FOR_ED25519_ID_VOTING
This also lets us remove the old rsa-based routerstatus collator.
2018-04-22 20:00:47 -04:00
Nick Mathewson
4d6f21bb6b Remove MIN_METHOD_FOR_{PACKAGE_LINES,GUARDFRACTION,ED25519_ID_IN_MD}
Also remove a rest for pre-19 microdesc versions.
2018-04-22 20:00:47 -04:00
Nick Mathewson
caf766991d Remove MIN_METHOD_FOR_ID_HASH_IN_MD and a test for running without it. 2018-04-22 20:00:47 -04:00
Nick Mathewson
93380db833 Remove MIN_METHOD_{FOR_P6_LINES,FOR_NTOR_KEY,TO_CLIP_UNMEASURED_BW}
Also remove a unit test for pre-MIN_METHOD_FOR_NTOR_KEY consensuses.
2018-04-22 20:00:47 -04:00
Nick Mathewson
08373467b1 Remove MIN_METHOD_FOR and MIN_METHOD_FOR_A_LINES
Also, in networkstatus.c, remove client code for recognizing pre-
MIN_METHOD_FOR_A_LINES consensuses, and corresponding unit tests in
test_dir.c.
2018-04-22 20:00:47 -04:00
Nick Mathewson
69347f48e0 Disable consensus methods before 25.
Consensus method 25 is the oldest one supported by any stable
version of 0.2.9, which is our current most-recent LTS.  Thus, by
proposal 290, they should be removed.

This commit does not actually remove the code to implement these
methods: it only makes it so authorities will no longer support
them.  I'll remove the backend code for them in later commits.
2018-04-22 20:00:47 -04:00
Nick Mathewson
6773102c92 Merge branch 'bug25691_033_again_squashed' 2018-04-22 19:44:27 -04:00
Nick Mathewson
0941c8bfe6 control EXTENDCIRCUIT: check node_has_preferred_descriptor().
Suggested by teor during code review for 25691.
2018-04-22 19:43:27 -04:00
Nick Mathewson
f1c1328f85 Repair the legacy_hs/pick_tor2web_rendezvous_node unit test
It tried to pick nodes for which only routerinfo_t items are set,
but without setting UseMicroDescriptors to 0.  This won't work any
more, now that we're strict about using the right descriptor types
due to 25691/25692/25213.
2018-04-22 19:43:07 -04:00
Nick Mathewson
47163780c3 Rename node_has_descriptor() to node_has_any_descriptor()
Changing the name of this function should help keep us from misusing
it when node_has_preferred_descriptor() would be more appropriate.
2018-04-22 19:43:07 -04:00
Nick Mathewson
7915efd1b8 Use router_crn_flags in more places, to pass direct-connect flag
In order to fix 25691 and 25692, we need to pass the "direct_conn"
flag to more places -- particularly when choosing single-hop
tunnels.  The right way to do this involves having a couple more
functions accept router_crn_flags_t, rather than a big list of
boolean arguments.

This commit also makes sure that choose_good_exit_server_general()
honors the direct_conn flag, to fix 25691 and 25692.
2018-04-22 19:42:28 -04:00
Nick Mathewson
388d217c40 Use node_has_preferred_descriptor() in another case
In router_add_running_nodes_to_smartlist(), we had an inline
implementation of the logic from node_has_descriptor(), which should
be changed to node_has_preferred_descriptor().
2018-04-22 19:42:28 -04:00
Nick Mathewson
948dd2c79e Check for "the right descriptor", not just "any descriptor".
This patch adds a new node_has_preferred_descriptor() function, and
replaces most users of node_has_descriptor() with it.  That's an
important change, since as of d1874b4339 (our fix for #25213),
we are willing to say that a node has _some_ descriptor, but not the
_right_ descriptor for a particular use case.

Part of a fix for 25691 and 25692.
2018-04-22 19:42:26 -04:00
Nick Mathewson
c3e40a8361 Allow cpuworkers to exist without onion keys
Now that we allow cpuworkers for dirport-only hosts (to fix 23693),
we need to allow dup_onion_keys() to succeed for them.

The change to construct_ntor_key_map() is for correctness,
but is not strictly necessary.
2018-04-22 17:17:07 -04:00
Nick Mathewson
5102208447 Improve documentation for CONFIG_TYPE_CSV_INTERVAL. 2018-04-22 15:55:09 -04:00
Nick Mathewson
8b6fc47cc3 Fix an absurdly wide line. 2018-04-22 15:55:09 -04:00
Nick Mathewson
ff6f49f033 Rename find_dl_schedule to find_dl_min_delay.
(We no longer need two separate functions here.)
2018-04-22 15:55:09 -04:00
Nick Mathewson
82d1d8b071 Remove extra values from InitialDelay defaults
These options are now ignored.
2018-04-22 15:55:09 -04:00
Nick Mathewson
2f792c041a Add aliases for the old DownloadSchedule options
These will produce a warning, but still work fine.
2018-04-22 15:55:09 -04:00
Nick Mathewson
2d7b5c6fe5 Change the type of "download schedule" from smartlist to int.
This is done as follows:
  * Only one function (find_dl_schedule()) actually returned a
    smartlist. Now it returns an int.

  * The CSV_INTERVAL type has been altered to ignore everything
    after the first comma, and to store the value before the first
    comma in an int.
2018-04-22 15:55:09 -04:00
Nick Mathewson
9aaed729c1 Rename *DownloadSchedule to *DownloadInitialDelay; make them ints
This commit won't compile. It was made with the following perl
scripts:

s/smartlist_t \*(.*)DownloadSchedule;/int $1DownloadInitialDelay;/;
s/\b(\w*)DownloadSchedule\b/$1DownloadInitialDelay/;
2018-04-22 15:55:09 -04:00
Isis Lovecruft
b5013e841c
rust: Remove mirrored PRNG implementation.
Once we need a PRNG, we'll likely want to change the dev-dependency on the rand
crate to be a real dependency, and use rand::SmallRng as our PRNG.
2018-04-20 23:54:48 +00:00
Isis Lovecruft
49639b2826
rust: Expose our (P)RNGs in Rust and provide safe wrappers.
* FIXES #24660: https://bugs.torproject.org/24660
2018-04-20 23:54:47 +00:00
Isis Lovecruft
f17ace1460
crypto: Move declaration of crypto_init_siphash_key() into crypto.h.
On second thought, this is a global initialisation function and
doesn't conceptually have much to do with getting/using randomnesses.
2018-04-18 19:16:35 +00:00
Nick Mathewson
9d27e3f014 Make test_tortls.c build with openssl no_deprecated.
Also for 19981.
2018-04-18 12:32:39 -04:00
Nick Mathewson
a15b2c57e1 Add support for openssl built with "no-deprecated".
Patch from Andrew John Hughes; partial fix for 19981.
2018-04-18 12:31:24 -04:00
Nick Mathewson
bd3f8260a3 Rename some functions to start with a uniform prefix 2018-04-18 11:45:44 -04:00
Nick Mathewson
3bf9974b6c Fix a pointer size error in test_bridges.c
sizeof(ret) is the size of the pointer, not the size of what it
points to.  Fortunately, we already have a function to compare
tor_addr_port_t values for equality.

Bugfix on c2c5b13e5d8a77e; bug not in any released Tor. Found by
clang's scan-build.
2018-04-17 19:45:59 -04:00
Nick Mathewson
1abe0a5769 Add an initialization case to node_get_prim_dirport
Fixes a bug found by scan-build; bugfix on c2fa743806. Bug not in
any released Tor.
2018-04-17 19:43:14 -04:00
Nick Mathewson
31a450a5b6 Add a redundant memset to node_get_pref_ipv6_orport()
For whatever reason, clang's scan-build isn't sure that this
function actually initializes its output.
2018-04-17 19:41:10 -04:00
Nick Mathewson
d67d3dd145 Fix a copy-and-paste error from 6be994fa71
Found by clang's scan-build too.  Bug not in any released Tor.
2018-04-17 19:39:50 -04:00
Nick Mathewson
087ace7009 Fix a compilation warning on clang 2018-04-17 18:41:39 -04:00
Nick Mathewson
47df912f1c Remove the periodic refill event entirely.
Now that we update our buckets on demand before reading or writing,
we no longer need to update them all every TokenBucketRefillInterval
msec.

When a connection runs out of bandwidth, we do need a way to
reenable it, however.  We do this by scheduling a timer to reenable
all blocked connections for TokenBucketRefillInterval msec after a
connection becomes blocked.

(If we were using PerConnBWRate more, it might make sense to have a
per-connection timer, rather than a single timeout. But since
PerConnBWRate is currently (mostly) unused, I'm going to go for the
simpler approach here, since usually whenever one connection has
become blocked on bandwidth, most connections are blocked on
bandwidth.)

Implements ticket 25373.
2018-04-17 18:20:03 -04:00
Nick Mathewson
780d1b44cf Move responsibility for recording read/written bytes
Previously this was done as part of the refill callback, but there's
no real reason to do it like that.  Since we're trying to remove the
refill callback completely, we can do this work as part of
record_num_bytes_transferred_impl(), which already does quite a lot
of this.
2018-04-17 18:06:46 -04:00
Nick Mathewson
31fbbf2377 Fixup timing wheel warnings related to recent WHEEL_BIT change. 2018-04-17 12:45:53 -04:00
Nick Mathewson
a2acb9b9e9 Refill each token bucket at the last instant before reading/writing.
(This patch does not yet eliminate the global refill callback;
fortunately, bucket refilling is idempotent.)
2018-04-17 12:20:06 -04:00
Nick Mathewson
9af4cd6f31 Refactor responsibility for checking global write bucket emptiness
We used to do this 10x per second in connection_buckets_refill();
instead, we now do it when the bucket becomes empty. This change is
part of the work of making connection_buckets_refill() obsolete.

Closes ticket 25828; bugfix on 0.2.3.5-alpha.
2018-04-17 12:12:07 -04:00
Nick Mathewson
b36c450b57 Amend token_bucket_rw_dec to indicate which buckets became empty. 2018-04-17 12:02:49 -04:00
Nick Mathewson
1356d51af6 Rename connection_bucket_refill to connection_bucket_refill_all
Also document its actual behavior
2018-04-17 11:47:31 -04:00
Nick Mathewson
993f5d284d Rename connection_bucket_round_robin -> get_share
There was nothing round_robinish about this function.
2018-04-17 11:42:14 -04:00
Nick Mathewson
488e2b00bf Refactor the "block the connection on bandwidth" logic
Right now, this patch just introduces and exposes some new
functions. Later, these functions will get a little more complexity.
2018-04-17 11:39:16 -04:00
Nick Mathewson
2bf6f1cd39 token bucket: Add parens to rate_per_sec_to_rate_per_step()
Typecasts bind more tightly than division, so we need to do the
division first.
2018-04-17 11:09:55 -04:00
Nick Mathewson
c5bbf72fb8 Merge branch 'maint-0.3.3' 2018-04-17 10:45:58 -04:00
David Goulet
93ff1870ba heartbeat: Log the number of circuits killed because too many cells
We recently merged a circuit cell queue size safeguard. This commit adds the
number of killed circuits that have reached the limit to the DoS heartbeat. It
now looks like this:

  [notice] DoS mitigation since startup: 0 circuits killed with too many
  cells. 0 circuits rejected, 0 marked addresses. 0 connections closed. 0
  single hop clients refused.

Second thing that this patch does. It makes tor always print the DoS
mitigation heartbeat line (for a relay) even though no DoS mitigation have
been enabled. The reason is because we now kill circuits that have too many
cells regardless on if it is enabled or not but also it will give the operator
a chance to learn what is enabled with the heartbeat instead of suddenly
appearing when it is enabled by let say the consensus.

Fixes #25824

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-17 10:44:43 -04:00
Nick Mathewson
c32108ee0f Merge remote-tracking branch 'public/bug24688' 2018-04-17 09:14:44 -04:00
Neel Chauhan
3a6e37f57f Add GETINFO current-time/{local,utc} regression test 2018-04-16 20:37:50 -04:00
Neel Chauhan
ce84de39ef Make tor_gettimeofday() mockable 2018-04-16 20:37:50 -04:00
Neel Chauhan
e72742d693 Add GETINFO current-time/{local,utc} command to ControlPort 2018-04-16 20:37:50 -04:00
Neel Chauhan
9e3e1b8bfb Add format_local_iso_time_nospace() 2018-04-16 20:37:50 -04:00
Mike Perry
f921fd771a Use u32 add helper for CIRC_BW accounting.
There are quite a few other places this could be used, but keeping it simple
for now.
2018-04-16 21:46:31 +00:00
Mike Perry
0e06a9c3e7 Helper function to add u32 without overflow. 2018-04-16 21:46:31 +00:00
Mike Perry
dfa6808f57 Bug 25400: Make CIRC_BW event properly total everything on a circ. 2018-04-16 21:46:12 +00:00
David Goulet
ae4e5b9824 token: Fix uint32_t to uint64_t conversion
Unfortunately, the units passed to
monotime_coarse_stamp_units_to_approx_msec() was always 0 due to a type
conversion.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-16 15:05:41 -04:00
juga0
8be1ac8abe
Add test to check that loading a 2nd file replaces the 1st
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2018-04-16 19:02:57 +00:00
juga0
071236e3e2
Add a test for geoip_load_file() using geoip6
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2018-04-16 19:01:30 +00:00
Nick Mathewson
c7d3de216c Merge branch 'maint-0.3.3' 2018-04-16 13:48:39 -04:00
Nick Mathewson
c5899d5cf3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-16 13:48:23 -04:00
Nick Mathewson
5e0fbd7006 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-04-16 13:48:23 -04:00
Nick Mathewson
9ef4c05df8 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-16 13:48:23 -04:00
Nick Mathewson
0e13ff4815 Fix an LCOV exclusion pattern in address.c 2018-04-16 13:48:21 -04:00
Nick Mathewson
3463b4e065 Merge branch 'maint-0.3.3' 2018-04-16 10:06:21 -04:00
Nick Mathewson
22845df2a7 Merge remote-tracking branch 'dgoulet/bug25226_033_02' into maint-0.3.3 2018-04-16 10:04:36 -04:00
David Goulet
d064122e70 relay: Implement a circuit cell queue maximum size
This commit introduces the consensus parameter "circ_max_cell_queue_size"
which controls the maximum number of cells a circuit queue should have.

The default value is currently 50000 cells which is above what should be
expected but keeps us a margin of error for padding cells.

Related to this is #9072. Back in 0.2.4.14-alpha, we've removed that limit due
to a Guard discovery attack. Ticket #25226 details why we are putting back the
limit due to the memory pressure issue on relays.

Fixes #25226

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-16 09:59:12 -04:00
Nick Mathewson
197d1992db Remove old tor-fw-helper README from EXTRA_DIST
We removed this file, but didn't take it out of EXTRA_DIST -- thus
breaking "make dist".
2018-04-16 09:52:15 -04:00
Nick Mathewson
3ee4c9b1fa bump to 0.3.3.5-rc-dev 2018-04-15 15:41:03 -04:00
Nick Mathewson
b65024f57d bump to 0.3.3.5-rc 2018-04-14 12:21:36 -04:00
Nick Mathewson
4b58b97c68 32-bit compilation warnings 2018-04-13 17:01:03 -04:00
David Goulet
c2f83746f4 token_bucket: Fix indentation
Both header and code file had some indentation issues after mass renaming.

No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-13 16:58:49 -04:00
Nick Mathewson
34c2574aa9 Merge branch 'token_bucket_once_again_squashed' 2018-04-13 16:31:58 -04:00
Nick Mathewson
1b31195b4f Fix "make check-spaces" 2018-04-13 16:31:47 -04:00
Nick Mathewson
003e6595bf Refactor "timestamp" not to be its own type coupled to token buffers
Really, the uint32_t is only an optimization; any kind of unit
should work fine.  Some users might want to use time_t or
monotime_coarse_t or something like that.
2018-04-13 16:31:47 -04:00
Nick Mathewson
2307bef7a2 Move token_bucket_raw_* functions to the start of the module.
(These functions were previously helper functions for
token_bucket_rw_t).
2018-04-13 16:31:47 -04:00
Nick Mathewson
9c405ba595 Never pick a rate of 0.
(The tests caught this one.)
2018-04-13 16:31:47 -04:00
Nick Mathewson
0b40ed5e70 Start re-refactoring the token bucket interface.
Begin by creating a lowest-level triple of the types needed to
implement a token bucket: a configuration, a timestamp, and the raw
bucket itself.

Note that for low-level buckets, the units of the timestamp and the
bucket itself are unspecified: each user can use a different type.

(This patch breaks check-spaces; a later patch will fix it)
2018-04-13 16:31:47 -04:00
Nick Mathewson
c9de30c590 Merge branch 'maint-0.3.3' 2018-04-13 13:05:53 -04:00
Nick Mathewson
61d87dfa15 Merge branch 'postloop_callbacks_2' 2018-04-13 12:12:46 -04:00
Nick Mathewson
4c03af4880 Remove tell_event_loop_to_run_external_code() per review
(This function is no longer used.)
2018-04-13 12:11:22 -04:00
Nick Mathewson
03b96882de Rename token_bucket_t to token_bucket_rw_t.
This is a simple search-and-replace to rename the token bucket type
to indicate that it contains both a read and a write bucket, bundled
with their configuration.  It's preliminary to refactoring the
bucket type.
2018-04-13 10:54:26 -04:00
Nick Mathewson
b152d62cee Merge branch 'token_bucket_refactor_squashed' 2018-04-13 10:47:24 -04:00
Nick Mathewson
62f4d5a265 Add a unit test for post-loop events
This test works by having two post-loop events activate one another
in a tight loop.  If the "post-loop" mechanism didn't work, this
would be enough to starve all other events.
2018-04-13 10:44:15 -04:00
Nick Mathewson
320bd2b3a5 Move connection_ap_attach_pending(0) into a postloop event
This is a second motivating case for our postloop event logic.
2018-04-13 10:44:15 -04:00
Nick Mathewson
5719dfb48f Move the "activate linked connections" logic to a postloop event.
A linked connection_t is one that gets its I/O, not from the
network, but from another connection_t.  When such a connection has
something to write, we want the corresponding connection to run its
read callback ... but not immediately, to avoid infinite recursion
and/or event loop starvation.

Previously we handled this case by activating the read events
outside the event loop.  Now we use the "postloop event" logic.
This lets us simplify do_main_loop_once() a little.
2018-04-13 10:44:15 -04:00
Nick Mathewson
c5a3e2ca44 Generic mechaism for "post-loop" callbacks
We've been labeling some events as happening "outside the event
loop", to avoid Libevent starvation.  This patch provides a cleaner
mechanism to avoid that starvation.

For background, the problem here is that Libevent only scans for new
events once it has run all its active callbacks.  So if the
callbacks keep activating new callbacks, they could potentially
starve Libevent indefinitely and keep it from ever checking for
timed, socket, or signal events.

To solve this, we add the ability to label some events as
"post-loop".  The rule for a "post-loop" event is that any events
_it_ activates can only be run after libevent has re-scanned for new
events at least once.
2018-04-13 10:44:15 -04:00
Nick Mathewson
ad57b1279a Disable load_geoip_file() tests on windows
See bug #25787 for discussion; we should have a better fix here.
2018-04-13 10:42:19 -04:00
Nick Mathewson
787bafc0f9 Increase tolerances for imprecise time. 2018-04-13 10:41:15 -04:00
Nick Mathewson
3f514fe3b1 Accept small hops backward in the monotonic timer. 2018-04-13 10:41:15 -04:00
Nick Mathewson
12f58f2f87 Remove a bunch of int casts; make clang happier. 2018-04-13 10:41:14 -04:00
Nick Mathewson
6be994fa71 Ensure that global buckets are updated on configuration change 2018-04-13 10:41:14 -04:00
Nick Mathewson
a38fd9bc5b Replace the global buckets with token_bucket_t 2018-04-13 10:41:14 -04:00
Nick Mathewson
9fced56ef1 Refactor or_connection token buckets to use token_bucket_t 2018-04-13 10:41:14 -04:00
Nick Mathewson
8a85239746 Add a helper function to decrement read and write at the same time 2018-04-13 10:41:14 -04:00
Nick Mathewson
c376200f6a Add a new token-bucket backend abstraction, with tests
This differs from our previous token bucket abstraction in a few
ways:

  1) It is an abstraction, and not a collection of fields.
  2) It is meant to be used with monotonic timestamps, which should
     produce better results than calling gettimeofday over and over.
2018-04-13 10:41:14 -04:00
Nick Mathewson
d8ef9a2d1e Expose a function that computes stamp units from msec.
(It turns out we can't just expose STAMP_TICKS_PER_SECOND, since
Apple doesn't have that.)
2018-04-13 10:41:08 -04:00
Nick Mathewson
2d6914e391 Refine extend_info_for_node's "enough info" check once again.
In d1874b4339, we adjusted this check so that we insist on
using routerinfos for bridges.  That's almost correct... but if we
have a bridge that is also a regular relay, then we should use
insist on its routerinfo when connecting to it as a bridge
(directly), and be willing to use its microdescriptor when
connecting to it elsewhere in our circuits.

This bug is a likely cause of some (all?) of the (exit_ei == NULL)
failures we've been seeing.

Fixes bug 25691; bugfix on 0.3.3.4-alpha
2018-04-12 16:56:29 -04:00
Nick Mathewson
d3b9b5a3dd Remove windows log_from_handle as unused.
This function was only used by PortForwardingHelper, which was
removed in 9df110cd72.  Its presence caused warnings on windows.
2018-04-12 12:38:46 -04:00
Nick Mathewson
f0887e30dd Merge branch 'maint-0.3.3' 2018-04-12 12:31:41 -04:00
Nick Mathewson
46795a7be6 Attempt to fix 32-bit clang builds, which broke with 31508a0abc
When size_t is 32 bits, the unit tests can't fit anything more than
4GB-1 into a size_t.

Additionally, tt_int_op() uses "long" -- we need tt_u64_op() to
safely test uint64_t values for equality.

Bug caused by tests for #24782 fix; not in any released Tor.
2018-04-12 12:30:36 -04:00
Nick Mathewson
467c882baa Merge branch 'maint-0.3.3' 2018-04-12 12:25:51 -04:00
Nick Mathewson
4aaa4215e7 Attempt to fix 32-bit builds, which broke with 31508a0abc
When size_t is 32 bits, doing "size_t ram; if (ram > 8GB) { ... }"
produces a compile-time warning.

Bug caused by #24782 fix; not in any released Tor.
2018-04-12 12:25:09 -04:00
Nick Mathewson
037fb0c804 Merge branch 'maint-0.3.3' 2018-04-12 11:14:42 -04:00
Alexander Færøy
31508a0abc Use less memory for MaxMemInQueues for machines with more than 8 GB of RAM.
This patch changes the algorithm of compute_real_max_mem_in_queues() to
use 0.4 * RAM iff the system has more than or equal to 8 GB of RAM, but
will continue to use the old value of 0.75 * RAM if the system have less
than * GB of RAM available.

This patch also adds tests for compute_real_max_mem_in_queues().

See: https://bugs.torproject.org/24782
2018-04-12 11:14:16 -04:00
Alexander Færøy
5633a63379 Use STATIC for compute_real_max_mem_in_queues
This patch makes compute_real_max_mem_in_queues use the STATIC macro,
which allows us to test the function.

See: https://bugs.torproject.org/24782
2018-04-12 10:51:48 -04:00
Alexander Færøy
bd42367a1e Make get_total_system_memory mockable.
This patch makes get_total_system_memory mockable, which allows us to
alter the return value of the function in tests.

See: https://bugs.torproject.org/24782
2018-04-12 10:51:45 -04:00
Nick Mathewson
a51630cc9a Merge branch 'maint-0.3.3' 2018-04-11 15:38:00 -04:00
Nick Mathewson
0803d79f55 Merge branch 'bug25581_033_v2_asn_squashed' into maint-0.3.3 2018-04-11 15:37:56 -04:00
Nick Mathewson
8b8630a501 Rename HSLayer{2,3}Nodes to start without an underscore.
The old single-underscore names remain as a deprecated synonym.

Fixes bug 25581; bugfix on 0.3.3.1-alpha.
2018-04-11 15:37:49 -04:00
Nick Mathewson
0c8f901ee7 Merge branch 'maint-0.3.3' 2018-04-11 10:48:46 -04:00
Mike Perry
f9ba0c6546 Bug 24989: Count client hsdir gets towards MaxClientCircuitsPending.
We removed this by breaking them out from general in #13837.
2018-04-11 10:47:06 -04:00
Nick Mathewson
6bdfaa8b24 Merge remote-tracking branch 'isis-github/bug25425_squashed2' 2018-04-10 15:32:26 -04:00
Nick Mathewson
6e467a7a34 Merge remote-tracking branch 'isis-github/bug25409' 2018-04-10 15:27:09 -04:00
Isis Lovecruft
65d6b66e99
config: Obsolete PortForwarding and PortForwardingHelper options.
* FIXES part of #25409: https://bugs.torproject.org/25409
2018-04-10 19:08:59 +00:00
Nick Mathewson
386f8016b7 Fix another crash-on-no-threadpool bug.
This one happens if for some reason you start with DirPort enabled
but server mode turned off entirely.

Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
2018-04-10 14:44:38 -04:00
Nick Mathewson
d3ac47b415 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-10 14:26:32 -04:00
Nick Mathewson
0b1a054d68 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-10 14:26:32 -04:00
Nick Mathewson
ef16a11b90 Merge branch 'maint-0.3.3' 2018-04-10 14:26:32 -04:00
Nick Mathewson
db6902c235 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-04-10 14:26:29 -04:00
Nick Mathewson
10a1969ca3 Merge remote-tracking branch 'ahf-github/bugs/24854_029_2' into maint-0.2.9 2018-04-10 14:25:57 -04:00
Nick Mathewson
16f08de0fd Remove TestingEnableTbEmptyEvent
This option was used for shadow testing previously, but is no longer
used for anything.  It interferes with refactoring our token buckets.
2018-04-10 12:16:21 -04:00
Isis Lovecruft
3ee7a8d3a5
tests: Make tt_finished() macro for tests without tt_*_op() calls. 2018-04-09 19:32:47 +00:00
Isis Lovecruft
c2c5b13e5d
test: Add testing module and some unittests for bridges.c.
This roughly doubles our test coverage of the bridges.c module.

 * ADD new testing module, .../src/test/test_bridges.c.
 * CHANGE a few function declarations from `static` to `STATIC`.
 * CHANGE one function in transports.c, transport_get_by_name(), to be
   mockable.
 * CLOSES #25425: https://bugs.torproject.org/25425
2018-04-09 19:32:46 +00:00
Nick Mathewson
e0809ec5f5 Prefer 32-bit implementation for timing wheels on 32-bit systems.
This might make our timing-wheel code a tiny bit faster there.

Closes ticket 24688.
2018-04-09 15:21:10 -04:00
David Goulet
395fa0258d compat: Fix unchecked return value from event_del()
Explicitly tell the compiler we don't care about it.

Coverity CID 1434156

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-09 14:12:45 -04:00
Nick Mathewson
e58555135a Add a comment explaining why we do a certain redundant check
Closes ticket 25291.
2018-04-09 12:58:17 -04:00
Alexander Færøy
1295044dc8 Lift the list of default directory servers into their own file.
This patch lifts the list of default directory authorities from config.c
into their own auth_dirs.inc file, which is then included in config.c
using the C preprocessor.

Patch by beastr0.

See: https://bugs.torproject.org/24854
2018-04-09 16:00:26 +02:00
Isis Lovecruft
809f6fae84
refactor: Remove unnecessary #include "crypto.h" throughout codebase.
* FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06 22:49:18 +00:00
Isis Lovecruft
e32fc0806d
refactor: Alphabetise some includes in /src/or/*. 2018-04-06 22:49:17 +00:00
Isis Lovecruft
88190026b3
crypto: Alphabetise some #includes in /src/common/crypto*.
* FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06 22:49:15 +00:00
Isis Lovecruft
64e6551b8b
crypto: Remove unnecessary includes from src/common/crypto.[ch]
* FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06 22:49:13 +00:00
Isis Lovecruft
fe3aca1491
crypto: Refactor (P)RNG functionality into new crypto_rand module.
* ADD new /src/common/crypto_rand.[ch] module.
 * ADD new /src/common/crypto_util.[ch] module (contains the memwipe()
   function, since all crypto_* modules need this).
 * FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06 21:45:28 +00:00
Nick Mathewson
2fac948158 Include tor_log rust files in source distribution.
Fixes another case of #25732; bug not in any released Tor.
2018-04-06 16:19:14 -04:00
Nick Mathewson
fb2fe41f6f Merge branch 'maint-0.3.3' 2018-04-06 16:18:47 -04:00
Nick Mathewson
306563ac68 Ship all files needed to build Tor with rust
Fixes bug 25732; bugfix on 0.3.3.2-alpha when strings.rs was
introduced.
2018-04-06 16:18:11 -04:00
Nick Mathewson
98b694bfd5 Merge branch 'isolate_libevent_2_squashed' 2018-04-06 08:50:35 -04:00
Roger Dingledine
0b0e4886cf fix confusing comment
presumably introduced by copy-and-paste mistake
2018-04-05 15:59:37 -04:00
Nick Mathewson
245fdf8ca0 Remove needless event2/thread.h include from test_compat_libevent.c 2018-04-05 12:36:28 -04:00
Nick Mathewson
4225300648 Remove redundant event2/event.h usage from test_scheduler.c
This module doesn't actually need to mock the libevent mainloop at
all: it can just use the regular mainloop that the test environment
sets up.

Part of ticket 23750.
2018-04-05 12:36:28 -04:00
Nick Mathewson
6a5f62f68f Move responsibility for threadpool reply-handler events to workqueue
This change makes cpuworker and test_workqueue no longer need to
include event2/event.h.  Now workqueue.c needs to include it, but
that is at least somewhat logical here.
2018-04-05 12:36:28 -04:00
Nick Mathewson
b3586629c9 Wrap the function we use to run the event loop.
Doing this lets us remove the event2/event.h header from a few more
modules, particularly in the tests.

Part of work on 23750.
2018-04-05 12:36:27 -04:00
Nick Mathewson
39cb04335f Add wrappers for event_base_loopexit and event_base_loopbreak. 2018-04-05 12:36:05 -04:00
Nick Mathewson
f0d2733b46 Revise procmon.c to use periodic_timer_t
This removes its need to use event2/event.h, and thereby fixes
another instance of 23750.
2018-04-05 12:35:11 -04:00
Nick Mathewson
871ff0006d Add an API for a scheduled/manually activated event in the mainloop
Using this API lets us remove event2/event.h usage from half a dozen
modules, to better isolate libevent.  Implements part of ticket
23750.
2018-04-05 12:35:11 -04:00
Nick Mathewson
c6d7e0becf Merge remote-tracking branch 'public/split_relay_crypto' 2018-04-05 12:12:18 -04:00
Fernando Fernandez Mancera
9504fabb02 Enable DISABLE_DISABLING_ED25519.
We are going to stop recommending 0.2.5 so there is no reason to keep the
undef statement anymore.

Fixes #20522.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-04-05 16:19:40 +02:00
Neel Chauhan
f5f9c25546 Switch to use should_record_bridge_info()
Both in geoip_note_client_seen() and options_need_geoip_info(), switch from
accessing the options directly to using the should_record_bridge_info() helper
function.

Fixes #25290

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-05 08:37:39 -04:00
Nick Mathewson
ad8347418f Merge branch 'maint-0.3.3' 2018-04-05 08:22:35 -04:00
Nick Mathewson
78bf564168 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-05 08:22:34 -04:00
Nick Mathewson
9b10eb2d7a Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-05 08:22:34 -04:00
Nick Mathewson
834eef2452 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-04-05 08:22:34 -04:00
Nick Mathewson
b68e636b33 Merge branch 'maint-0.2.5' into maint-0.2.9 2018-04-05 08:22:33 -04:00
Karsten Loesing
1fa396b0a4 Update geoip and geoip6 to the April 3 2018 database. 2018-04-05 10:42:25 +02:00
David Goulet
3d5bf12ac2 relay: Remove max middle cells dead code
Next commit is addressing the circuit queue cell limit so cleanup before doing
anything else.

Part of #25226

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-04 11:03:50 -04:00
Nick Mathewson
52846f728d Merge branch 'maint-0.3.3' 2018-04-04 08:57:24 -04:00
Nick Mathewson
ec8ee54129 Merge branch 'bug21394_029_redux' into maint-0.3.3 2018-04-04 08:55:37 -04:00
Dhalgren
06484eb5e1 Bug 21394 touchup: Increase DNS attempts to 3
Also don't give up on a resolver as quickly if multiple are configured.
2018-04-04 08:54:25 -04:00
Neel Chauhan
9df110cd72
Remove PortForwarding options
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2018-04-04 00:19:33 +00:00
Nick Mathewson
218b1746ba Merge remote-tracking branch 'fristonio/ticket-25645' 2018-04-03 19:19:02 -04:00
Deepesh Pathak
2680a8b5b1
ticket(25645): remove unused variable n_possible from channel_get_for_extend() 2018-04-03 09:17:23 +05:30
Isis Lovecruft
c65088cb19
rust: Fix ProtoSet and ProtoEntry to use the same DoS limits as C.
Previously, the limit for MAX_PROTOCOLS_TO_EXPAND was actually being applied
in Rust to the maximum number of version (total, for all subprotocols).
Whereas in C, it was being applied to the number of subprotocols that were
allowed.  This changes the Rust to match C's behaviour.
2018-04-02 19:59:16 +00:00
Isis Lovecruft
4b4e36a413
rust: Port all C protover_all_supported tests to Rust.
The behaviours still do not match, unsurprisingly, but now we know where a
primary difference is: the Rust is validating version ranges more than the C,
so in the C it's possible to call protover_all_supported on a ridiculous
version range like "Sleen=0-4294967294" because the C uses
MAX_PROTOCOLS_TO_EXPAND to count the number of *subprotocols* whereas the Rust
uses it to count the total number of *versions* of all subprotocols.
2018-04-02 19:59:15 +00:00
Isis Lovecruft
6739a69c59
tests: Run all existing protover tests in both languages.
There's now no difference in these tests w.r.t. the C or Rust: both
fail miserably (well, Rust fails with nice descriptive errors, and C
gives you a traceback, because, well, C).
2018-04-02 19:59:14 +00:00
Isis Lovecruft
f769edd148
tests: Make inline comments in test_protover.c more accurate.
The DoS potential is slightly higher in C now due to some differences to the
Rust code, see the C_RUST_DIFFERS tags in src/rust/protover/tests/protover.rs.

Also, the comment about "failing at the splitting stage" in Rust wasn't true,
since when we split, we ignore empty chunks (e.g. "1--1" parses into
"(1,None),(None,1)" and "None" can't be parsed into an integer).

Finally, the comment about "Rust seems to experience an internal error" is only
true in debug mode, where u32s are bounds-checked at runtime.  In release mode,
code expressing the equivalent of this test will error with
`Err(ProtoverError::Unparseable)` because 4294967295 is too large.
2018-04-02 19:59:13 +00:00
Isis Lovecruft
ad369313f8
protover: Change protover_all_supported() to return only unsupported.
Previously, if "Link=1-5" was supported, and you asked protover_all_supported()
(or protover::all_supported() in Rust) if it supported "Link=3-999", the C
version would return "Link=3-999" and the Rust would return "Link=6-999".  These
both behave the same now, i.e. both return "Link=6-999".
2018-04-02 19:59:12 +00:00
Isis Lovecruft
cd28b4c7f5
rust: Refactor protover::compute_for_old_tor().
During code review and discussion with Chelsea Komlo, she pointed out
that protover::compute_for_old_tor() was a public function whose
return type was `&'static CStr`.  We both agree that C-like parts of
APIs should:

1. not be exposed publicly (to other Rust crates),
2. only be called in the appropriate FFI code,
3. not expose types which are meant for FFI code (e.g. `*mut char`,
   `CString`, `*const c_int`, etc.) to the pure-Rust code of other
   crates.
4. FFI code (e.g. things in `ffi.rs` modules) should _never_ be called
   from pure-Rust, not even from other modules in its own crate
   (i.e. do not call `protover::ffi::*` from anywhere in
   `protover::protoset::*`, etc).

With that in mind, this commit makes the following changes:

 * CHANGE `protover::compute_for_old_tor()` to be
   visible only at the `pub(crate)` level.
 * RENAME `protover::compute_for_old_tor()` to
   `protover::compute_for_old_tor_cstr()` to reflect the last change.
 * ADD a new `protover::compute_for_old_tor()` function wrapper which
   is public and intended for other Rust code to use, which returns a
   `&str`.
2018-04-02 19:59:12 +00:00
Isis Lovecruft
fd127bfbfa
rust: Refactor Rust implementation of protover_is_supported_here().
It was changed to take borrows instead of taking ownership.

 * REFACTOR `protover::ffi::protover_is_supported_here()` to use changed method
   signature on `protover::is_supported_here()`.
2018-04-02 19:36:26 +00:00
Isis Lovecruft
32638ed4a6
rust: Refactor Rust impl of protover_compute_vote().
This includes a subtle difference in behaviour to the previous Rust
implementation, where, for each vote that we're computing over, if a single one
fails to parse, we skip it.  This now matches the current behaviour in the C
implementation.

 * REFACTOR `protover::ffi::protover_compute_vote()` to use
   new types and methods.
2018-04-02 19:36:25 +00:00
Isis Lovecruft
269053a380
rust: Refactor Rust impl of protover_list_supports_protocol_or_later().
This includes a subtle difference in behaviour, as in 4258f1e18, where we return
(matching the C impl's return behaviour) earlier than before if parsing failed,
saving us computation in parsing the versions into a
protover::protoset::ProtoSet.

 * REFACTOR `protover::ffi::protover_list_supports_protocol_or_later()` to use
   new types and methods.
2018-04-02 19:36:25 +00:00
Isis Lovecruft
63eeda89ea
rust: Refactor Rust impl of protover_list_supports_protocol().
This includes a subtle difference in behaviour, as in 4258f1e18, where we return
(matching the C impl's return behaviour) earlier than before if parsing failed,
saving us computation in parsing the versions into a
protover::protoset::ProtoSet.

 * REFACTOR `protover::ffi::protover_list_supports_protocol()` to use new types
   and methods.
2018-04-02 19:34:26 +00:00
Isis Lovecruft
c7bcca0233
rust: Refactor Rust impl of protover_all_supported().
This includes differences in behaviour to before, which should now more closely
match the C version:

 - If parsing a protover `char*` from C, and the string is not parseable, this
   function will return 1 early, which matches the C behaviour when protocols
   are unparseable.  Previously, we would parse it and its version numbers
   simultaneously, i.e. there was no fail early option, causing us to spend more
   time unnecessarily parsing versions.

 * REFACTOR `protover::ffi::protover_all_supported()` to use new types and
   methods.
2018-04-02 19:34:26 +00:00
Isis Lovecruft
493e565226
rust: Refactor protover tests with new methods; note altered behaviours.
Previously, the rust implementation of protover considered an empty string to be
a valid ProtoEntry, while the C version did not (it must have a "=" character).
Other differences include that unknown protocols must now be parsed as
`protover::UnknownProtocol`s, and hence their entries as
`protover::UnvalidatedProtoEntry`s, whereas before (nearly) all protoentries
could be parsed regardless of how erroneous they might be considered by the C
version.

My apologies for this somewhat messy and difficult to read commit, if any part
is frustrating to the reviewer, please feel free to ask me to split this into
smaller changes (possibly hard to do, since so much changed), or ask me to
comment on a specific line/change and clarify how/when the behaviours differ.

The tests here should more closely match the behaviours exhibited by the C
implementation, but I do not yet personally guarantee they match precisely.

 * REFACTOR unittests in protover::protover.
 * ADD new integration tests for previously untested behaviour.
 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 19:34:25 +00:00
Isis Lovecruft
35b86a12e6
rust: Refactor protover::is_supported_here().
This changes `protover::is_supported_here()` to be aware of new datatypes
(e.g. don't call `.0` on things which are no longer tuple structs) and also
changes the method signature to take borrows, making it faster, threadable, and
easier to read (i.e. the caller can know from reading the function signature
that the function won't mutate values passed into it).

 * CHANGE the `protover::is_supported_here()` function to take borrows.
 * REFACTOR the `protover::is_supported_here()` function to be aware of new
   datatypes.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:34:25 +00:00
Isis Lovecruft
2eb1b7f2fd
rust: Add new ProtoverVote type and refactor functions to methods.
This adds a new type for votes upon `protover::ProtoEntry`s (technically, on
`protover::UnvalidatedProtoEntry`s, because the C code does not validate based
upon currently known protocols when voting, in order to maintain
future-compatibility), and converts several functions which would have operated
on this datatype into methods for ease-of-use and readability.

This also fixes a behavioural differentce to the C version of
protover_compute_vote().  The C version of protover_compute_vote() calls
expand_protocol_list() which checks if there would be too many subprotocols *or*
expanded individual version numbers, i.e. more than MAX_PROTOCOLS_TO_EXPAND, and
does this *per vote* (but only in compute_vote(), everywhere else in the C seems
to only care about the number of subprotocols, not the number of individual
versions).  We need to match its behaviour in Rust and ensure we're not allowing
more than it would to get the votes to match.

 * ADD new `protover::ProtoverVote` datatype.
 * REMOVE the `protover::compute_vote()` function and refactor it into an
   equivalent-in-behaviour albeit more memory-efficient voting algorithm based
   on the new underlying `protover::protoset::ProtoSet` datatype, as
   `ProtoverVote::compute()`.
 * REMOVE the `protover::write_vote_to_string()` function, since this
   functionality is now generated by the impl_to_string_for_proto_entry!() macro
   for both `ProtoEntry` and `UnvalidatedProtoEntry` (the latter of which is the
   correct type to return from a voting protocol instance, since the entity
   voting may not know of all protocols being voted upon or known about by other
   voting parties).
 * FIXES part of #24031: https://bugs.torproject.org/24031

rust: Fix a difference in compute_vote() behaviour to C version.
2018-04-02 19:34:24 +00:00
Isis Lovecruft
fa15ea104d
rust: Add macro for impl ToString for {Unvalidated}ProtoEntry.
This implements conversions from either a ProtoEntry or an UnvalidatedProtoEntry
into a String, for use in replacing such functions as
`protover::write_vote_to_string()`.

 * ADD macro for implementing ToString trait for ProtoEntry and
   UnvalidatedProtoEntry.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:34:24 +00:00
Isis Lovecruft
3c47d31e1f
rust: Add new protover::UnvalidatedProtoEntry type.
This adds a new protover::UnvalidatedProtoEntry type, which is the
UnknownProtocol variant of a ProtoEntry, and refactors several functions which
should operate on this type into methods.

This also fixes what was previously another difference to the C implementation:
if you asked the C version of protovet_compute_vote() to compute a single vote
containing "Fribble=", it would return NULL.  However, the Rust version would
return "Fribble=" since it didn't check if the versions were empty before
constructing the string of differences.  ("Fribble=" is technically a valid
protover string.)  This is now fixed, and the Rust version in that case will,
analogous to (although safer than) C returning a NULL, return None.

 * REMOVE internal `contains_only_supported_protocols()` function.
 * REMOVE `all_supported()` function and refactor it into
   `UnvalidatedProtoEntry::all_supported()`.
 * REMOVE `parse_protocols_from_string_with_no_validation()` and
   refactor it into the more rusty implementation of
   `impl FromStr for UnvalidatedProtoEntry`.
 * REMOVE `protover_string_supports_protocol()` and refactor it into
   `UnvalidatedProtoEntry::supports_protocol()`.
 * REMOVE `protover_string_supports_protocol_or_later()` and refactor
   it into `UnvalidatedProtoEntry::supports_protocol_or_later()`.
 * FIXES part of #24031: https://bugs.torproject.org/24031

rust: Fix another C/Rust different in compute_vote().

This fixes the unittest from the prior commit by checking if the versions are
empty before adding a protocol to a vote.
2018-04-02 19:34:23 +00:00
Isis Lovecruft
54c964332b
rust: Add new protover::ProtoEntry type which uses new datatypes.
This replaces the `protover::SupportedProtocols` (why would you have a type just
for things which are supported?) with a new, more generic type,
`protover::ProtoEntry`, which utilises the new, more memory-efficient datatype
in protover::protoset.

 * REMOVE `get_supported_protocols()` and `SupportedProtocols::tor_supported()`
   (since they were never used separately) and collapse their functionality into
   a single `ProtoEntry::supported()` method.
 * REMOVE `SupportedProtocols::from_proto_entries()` and reimplement its
   functionality as the more rusty `impl FromStr for ProtoEntry`.
 * REMOVE `get_proto_and_vers()` function and refactor it into the more rusty
   `impl FromStr for ProtoEntry`.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:32:36 +00:00
Isis Lovecruft
60daaa68b1
rust: Add new protover::UnknownProtocol type.
* ADD new type, protover::UnknownProtocol, so that we have greater type safety
   and our protover functionality which works with unsanitised protocol names is
   more clearly demarcated.
 * REFACTOR protover::Proto, renaming it protover::Protocol to mirror the new
   protover::UnknownProtocol type name.
 * ADD a utility conversion of `impl From<Protocol> for UnknownProtocol` so that
   we can easily with known protocols and unknown protocols simultaneously
   (e.g. doing comparisons, checking their version numbers), while not allowing
   UnknownProtocols to be accidentally used in functions which should only take
   Protocols.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:27:51 +00:00
Isis Lovecruft
e6625113c9
rust: Implement more memory-efficient protover datatype.
* ADD new protover::protoset module.
 * ADD new protover::protoset::ProtoSet class for holding protover versions.
 * REMOVE protover::Versions type implementation and its method
   `from_version_string()`, and instead implement this behaviour in a more
   rust-like manner as `impl FromStr for ProtoSet`.
 * MOVE the `find_range()` utility function from protover::protover to
   protover::protoset since it's only used internally in the
   implementation of ProtoSet.
 * REMOVE the `contract_protocol_list()` function from protover::protover and
   instead refactor it (reusing nearly the entire thing, with minor superficial,
   i.e. non-behavioural, changes) into a more rusty
   `impl ToString for ProtoSet`.
 * REMOVE the `expand_version_range()` function from protover::protover and
   instead refactor it into a more rusty implementation of
   `impl Into<Vec<Version>> for ProtoSet` using the new error types in
   protover::errors.
 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 19:26:26 +00:00
Isis Lovecruft
88204f91df
rust: Implement error types for Rust protover implementation.
This will allow us to do actual error handling intra-crate in a more
rusty manner, e.g. propogating errors in match statements, conversion
between error types, logging messages, etc.

 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 19:24:32 +00:00
Isis Lovecruft
f2daf82794
rust: Fix ProtoSet and ProtoEntry to use the same DoS limits as C.
Previously, the limit for MAX_PROTOCOLS_TO_EXPAND was actually being applied
in Rust to the maximum number of version (total, for all subprotocols).
Whereas in C, it was being applied to the number of subprotocols that were
allowed.  This changes the Rust to match C's behaviour.
2018-04-02 19:20:40 +00:00
Isis Lovecruft
6eea0dc5f1
rust: Port all C protover_all_supported tests to Rust.
The behaviours still do not match, unsurprisingly, but now we know where a
primary difference is: the Rust is validating version ranges more than the C,
so in the C it's possible to call protover_all_supported on a ridiculous
version range like "Sleen=0-4294967294" because the C uses
MAX_PROTOCOLS_TO_EXPAND to count the number of *subprotocols* whereas the Rust
uses it to count the total number of *versions* of all subprotocols.
2018-04-02 19:20:39 +00:00
Isis Lovecruft
527a239863
tests: Run all existing protover tests in both languages.
There's now no difference in these tests w.r.t. the C or Rust: both
fail miserably (well, Rust fails with nice descriptive errors, and C
gives you a traceback, because, well, C).
2018-04-02 19:20:38 +00:00
Isis Lovecruft
22c65a0e4b
tests: Make inline comments in test_protover.c more accurate.
The DoS potential is slightly higher in C now due to some differences to the
Rust code, see the C_RUST_DIFFERS tags in src/rust/protover/tests/protover.rs.

Also, the comment about "failing at the splitting stage" in Rust wasn't true,
since when we split, we ignore empty chunks (e.g. "1--1" parses into
"(1,None),(None,1)" and "None" can't be parsed into an integer).

Finally, the comment about "Rust seems to experience an internal error" is only
true in debug mode, where u32s are bounds-checked at runtime.  In release mode,
code expressing the equivalent of this test will error with
`Err(ProtoverError::Unparseable)` because 4294967295 is too large.
2018-04-02 19:20:37 +00:00
Isis Lovecruft
6e353664dd
protover: Change protover_all_supported() to return only unsupported.
Previously, if "Link=1-5" was supported, and you asked protover_all_supported()
(or protover::all_supported() in Rust) if it supported "Link=3-999", the C
version would return "Link=3-999" and the Rust would return "Link=6-999".  These
both behave the same now, i.e. both return "Link=6-999".
2018-04-02 19:20:36 +00:00
Isis Lovecruft
fc2a42cc49
rust: Refactor protover::compute_for_old_tor().
During code review and discussion with Chelsea Komlo, she pointed out
that protover::compute_for_old_tor() was a public function whose
return type was `&'static CStr`.  We both agree that C-like parts of
APIs should:

1. not be exposed publicly (to other Rust crates),
2. only be called in the appropriate FFI code,
3. not expose types which are meant for FFI code (e.g. `*mut char`,
   `CString`, `*const c_int`, etc.) to the pure-Rust code of other
   crates.
4. FFI code (e.g. things in `ffi.rs` modules) should _never_ be called
   from pure-Rust, not even from other modules in its own crate
   (i.e. do not call `protover::ffi::*` from anywhere in
   `protover::protoset::*`, etc).

With that in mind, this commit makes the following changes:

 * CHANGE `protover::compute_for_old_tor()` to be
   visible only at the `pub(crate)` level.
 * RENAME `protover::compute_for_old_tor()` to
   `protover::compute_for_old_tor_cstr()` to reflect the last change.
 * ADD a new `protover::compute_for_old_tor()` function wrapper which
   is public and intended for other Rust code to use, which returns a
   `&str`.
2018-04-02 19:20:36 +00:00
Isis Lovecruft
9766d53cf9
rust: Refactor Rust implementation of protover_is_supported_here().
It was changed to take borrows instead of taking ownership.

 * REFACTOR `protover::ffi::protover_is_supported_here()` to use changed method
   signature on `protover::is_supported_here()`.
2018-04-02 19:20:35 +00:00
Isis Lovecruft
6f252e0986
rust: Refactor Rust impl of protover_compute_vote().
This includes a subtle difference in behaviour to the previous Rust
implementation, where, for each vote that we're computing over, if a single one
fails to parse, we skip it.  This now matches the current behaviour in the C
implementation.

 * REFACTOR `protover::ffi::protover_compute_vote()` to use
   new types and methods.
2018-04-02 19:20:34 +00:00
Isis Lovecruft
0a5494b81d
rust: Refactor Rust impl of protover_list_supports_protocol_or_later().
This includes a subtle difference in behaviour, as in 4258f1e18, where we return
(matching the C impl's return behaviour) earlier than before if parsing failed,
saving us computation in parsing the versions into a
protover::protoset::ProtoSet.

 * REFACTOR `protover::ffi::protover_list_supports_protocol_or_later()` to use
   new types and methods.
2018-04-02 19:20:33 +00:00
Isis Lovecruft
52c3ea5045
rust: Refactor Rust impl of protover_list_supports_protocol().
This includes a subtle difference in behaviour, as in 4258f1e18, where we return
(matching the C impl's return behaviour) earlier than before if parsing failed,
saving us computation in parsing the versions into a
protover::protoset::ProtoSet.

 * REFACTOR `protover::ffi::protover_list_supports_protocol()` to use new types
   and methods.
2018-04-02 19:20:32 +00:00
Isis Lovecruft
2f3a7376c0
rust: Refactor Rust impl of protover_all_supported().
This includes differences in behaviour to before, which should now more closely
match the C version:

 - If parsing a protover `char*` from C, and the string is not parseable, this
   function will return 1 early, which matches the C behaviour when protocols
   are unparseable.  Previously, we would parse it and its version numbers
   simultaneously, i.e. there was no fail early option, causing us to spend more
   time unnecessarily parsing versions.

 * REFACTOR `protover::ffi::protover_all_supported()` to use new types and
   methods.
2018-04-02 19:20:31 +00:00
Isis Lovecruft
15e59a1fed
rust: Refactor protover tests with new methods; note altered behaviours.
Previously, the rust implementation of protover considered an empty string to be
a valid ProtoEntry, while the C version did not (it must have a "=" character).
Other differences include that unknown protocols must now be parsed as
`protover::UnknownProtocol`s, and hence their entries as
`protover::UnvalidatedProtoEntry`s, whereas before (nearly) all protoentries
could be parsed regardless of how erroneous they might be considered by the C
version.

My apologies for this somewhat messy and difficult to read commit, if any part
is frustrating to the reviewer, please feel free to ask me to split this into
smaller changes (possibly hard to do, since so much changed), or ask me to
comment on a specific line/change and clarify how/when the behaviours differ.

The tests here should more closely match the behaviours exhibited by the C
implementation, but I do not yet personally guarantee they match precisely.

 * REFACTOR unittests in protover::protover.
 * ADD new integration tests for previously untested behaviour.
 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 19:20:31 +00:00
Isis Lovecruft
aa241e99de
rust: Refactor protover::is_supported_here().
This changes `protover::is_supported_here()` to be aware of new datatypes
(e.g. don't call `.0` on things which are no longer tuple structs) and also
changes the method signature to take borrows, making it faster, threadable, and
easier to read (i.e. the caller can know from reading the function signature
that the function won't mutate values passed into it).

 * CHANGE the `protover::is_supported_here()` function to take borrows.
 * REFACTOR the `protover::is_supported_here()` function to be aware of new
   datatypes.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:20:30 +00:00
Isis Lovecruft
9abbd23df7
rust: Add new ProtoverVote type and refactor functions to methods.
This adds a new type for votes upon `protover::ProtoEntry`s (technically, on
`protover::UnvalidatedProtoEntry`s, because the C code does not validate based
upon currently known protocols when voting, in order to maintain
future-compatibility), and converts several functions which would have operated
on this datatype into methods for ease-of-use and readability.

This also fixes a behavioural differentce to the C version of
protover_compute_vote().  The C version of protover_compute_vote() calls
expand_protocol_list() which checks if there would be too many subprotocols *or*
expanded individual version numbers, i.e. more than MAX_PROTOCOLS_TO_EXPAND, and
does this *per vote* (but only in compute_vote(), everywhere else in the C seems
to only care about the number of subprotocols, not the number of individual
versions).  We need to match its behaviour in Rust and ensure we're not allowing
more than it would to get the votes to match.

 * ADD new `protover::ProtoverVote` datatype.
 * REMOVE the `protover::compute_vote()` function and refactor it into an
   equivalent-in-behaviour albeit more memory-efficient voting algorithm based
   on the new underlying `protover::protoset::ProtoSet` datatype, as
   `ProtoverVote::compute()`.
 * REMOVE the `protover::write_vote_to_string()` function, since this
   functionality is now generated by the impl_to_string_for_proto_entry!() macro
   for both `ProtoEntry` and `UnvalidatedProtoEntry` (the latter of which is the
   correct type to return from a voting protocol instance, since the entity
   voting may not know of all protocols being voted upon or known about by other
   voting parties).
 * FIXES part of #24031: https://bugs.torproject.org/24031

rust: Fix a difference in compute_vote() behaviour to C version.
2018-04-02 19:20:29 +00:00
Isis Lovecruft
26bafb3c33
rust: Add macro for impl ToString for {Unvalidated}ProtoEntry.
This implements conversions from either a ProtoEntry or an UnvalidatedProtoEntry
into a String, for use in replacing such functions as
`protover::write_vote_to_string()`.

 * ADD macro for implementing ToString trait for ProtoEntry and
   UnvalidatedProtoEntry.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:20:28 +00:00
Isis Lovecruft
b786b146ed
rust: Add new protover::UnvalidatedProtoEntry type.
This adds a new protover::UnvalidatedProtoEntry type, which is the
UnknownProtocol variant of a ProtoEntry, and refactors several functions which
should operate on this type into methods.

This also fixes what was previously another difference to the C implementation:
if you asked the C version of protovet_compute_vote() to compute a single vote
containing "Fribble=", it would return NULL.  However, the Rust version would
return "Fribble=" since it didn't check if the versions were empty before
constructing the string of differences.  ("Fribble=" is technically a valid
protover string.)  This is now fixed, and the Rust version in that case will,
analogous to (although safer than) C returning a NULL, return None.

 * REMOVE internal `contains_only_supported_protocols()` function.
 * REMOVE `all_supported()` function and refactor it into
   `UnvalidatedProtoEntry::all_supported()`.
 * REMOVE `parse_protocols_from_string_with_no_validation()` and
   refactor it into the more rusty implementation of
   `impl FromStr for UnvalidatedProtoEntry`.
 * REMOVE `protover_string_supports_protocol()` and refactor it into
   `UnvalidatedProtoEntry::supports_protocol()`.
 * REMOVE `protover_string_supports_protocol_or_later()` and refactor
   it into `UnvalidatedProtoEntry::supports_protocol_or_later()`.
 * FIXES part of #24031: https://bugs.torproject.org/24031

rust: Fix another C/Rust different in compute_vote().

This fixes the unittest from the prior commit by checking if the versions are
empty before adding a protocol to a vote.
2018-04-02 19:20:27 +00:00
Isis Lovecruft
88b2f170e4
rust: Add new protover::ProtoEntry type which uses new datatypes.
This replaces the `protover::SupportedProtocols` (why would you have a type just
for things which are supported?) with a new, more generic type,
`protover::ProtoEntry`, which utilises the new, more memory-efficient datatype
in protover::protoset.

 * REMOVE `get_supported_protocols()` and `SupportedProtocols::tor_supported()`
   (since they were never used separately) and collapse their functionality into
   a single `ProtoEntry::supported()` method.
 * REMOVE `SupportedProtocols::from_proto_entries()` and reimplement its
   functionality as the more rusty `impl FromStr for ProtoEntry`.
 * REMOVE `get_proto_and_vers()` function and refactor it into the more rusty
   `impl FromStr for ProtoEntry`.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:20:26 +00:00
Isis Lovecruft
811178434e
rust: Add new protover::UnknownProtocol type.
* ADD new type, protover::UnknownProtocol, so that we have greater type safety
   and our protover functionality which works with unsanitised protocol names is
   more clearly demarcated.
 * REFACTOR protover::Proto, renaming it protover::Protocol to mirror the new
   protover::UnknownProtocol type name.
 * ADD a utility conversion of `impl From<Protocol> for UnknownProtocol` so that
   we can easily with known protocols and unknown protocols simultaneously
   (e.g. doing comparisons, checking their version numbers), while not allowing
   UnknownProtocols to be accidentally used in functions which should only take
   Protocols.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:20:12 +00:00
Isis Lovecruft
9925d2e687
rust: Implement more memory-efficient protover datatype.
* ADD new protover::protoset module.
 * ADD new protover::protoset::ProtoSet class for holding protover versions.
 * REMOVE protover::Versions type implementation and its method
   `from_version_string()`, and instead implement this behaviour in a more
   rust-like manner as `impl FromStr for ProtoSet`.
 * MOVE the `find_range()` utility function from protover::protover to
   protover::protoset since it's only used internally in the
   implementation of ProtoSet.
 * REMOVE the `contract_protocol_list()` function from protover::protover and
   instead refactor it (reusing nearly the entire thing, with minor superficial,
   i.e. non-behavioural, changes) into a more rusty
   `impl ToString for ProtoSet`.
 * REMOVE the `expand_version_range()` function from protover::protover and
   instead refactor it into a more rusty implementation of
   `impl Into<Vec<Version>> for ProtoSet` using the new error types in
   protover::errors.
 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 19:04:19 +00:00
Isis Lovecruft
b6059297d7
rust: Implement error types for Rust protover implementation.
This will allow us to do actual error handling intra-crate in a more
rusty manner, e.g. propogating errors in match statements, conversion
between error types, logging messages, etc.

 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 18:27:39 +00:00
Nick Mathewson
f9e32a2084 Remove an unnecessary event2 include.
The rest, are, unfortunately, necessary for now.
2018-04-02 11:11:34 -04:00
Nick Mathewson
f4bcf3f34c Remove event2/event.h include from compat_libevent.h
Only one module was depending on this include (test_helpers.c), and
it was doing so incorrectly.
2018-04-02 11:11:31 -04:00
Nick Mathewson
3df9545492 Merge branch 'maint-0.3.3' 2018-04-02 08:51:47 -04:00
Roger Dingledine
6190593256 use channel_is_client for create cell counts
When a relay is collecting internal statistics about how many
create cell requests it has seen of each type, accurately count the
requests from relays that temporarily fall out of the consensus.

(To be extra conservative, we were already ignoring requests from clients
in our counts, and we continue ignoring them here.)

Fixes bug 24910; bugfix on 0.2.4.17-rc.
2018-04-02 01:00:31 -04:00
Roger Dingledine
961d2ad597 dir auths no longer vote Guard if they're not voting V2Dir
Directory authorities no longer vote in favor of the Guard flag
for relays that don't advertise directory support.

Starting in Tor 0.3.0.1-alpha, Tor clients have been avoiding using
such relays in the Guard position, leading to increasingly broken load
balancing for the 5%-or-so of Guards that don't advertise directory
support.

Fixes bug 22310; bugfix on 0.3.0.6.
2018-04-02 00:20:01 -04:00
Roger Dingledine
0983c203e5 misc tiny fixes 2018-04-01 23:47:44 -04:00
Taylor Yu
596eed3715 Fix CID 1433643
Add a missing lock acquisition around access to queued_control_events
in control_free_all().  Use the reassign-and-unlock strategy as in
queued_events_flush_all().  Fixes bug 25675.  Coverity found this bug,
but only after we recently added an access to
flush_queued_event_pending.
2018-03-29 17:21:33 -05:00
Nick Mathewson
2c1afc2def Merge branch 'maint-0.3.3' 2018-03-29 14:59:01 -04:00
Nick Mathewson
4f473fadbd Merge branch 'bug25617_029' into maint-0.3.3 2018-03-29 14:58:58 -04:00
Nick Mathewson
2e9e91ebbf bump version to 0.3.3.4-alpha-dev 2018-03-29 11:24:02 -04:00
Nick Mathewson
e35eb9baaa Mark controller-initiated DNS lookups as permitted to do DNS.
Fixes bug 25617; bugfix on 0.2.9.3-alpha.
2018-03-29 09:27:28 -04:00
Nick Mathewson
3fa66f9799 Bump version to 0.3.3.4-alpha 2018-03-29 08:01:37 -04:00
Nick Mathewson
2f872f9762 Merge remote-tracking branch 'hello71/bug25398' 2018-03-28 14:47:05 -04:00
Nick Mathewson
4c0e434f33 Merge remote-tracking branch 'public/bug25512' 2018-03-28 14:45:47 -04:00
Nick Mathewson
cb083b5d3e Merge remote-tracking branch 'asn-github/t-25432' 2018-03-28 14:43:33 -04:00
Nick Mathewson
794a25f8c1 Merge branch 'maint-0.3.3' 2018-03-28 14:23:06 -04:00
Nick Mathewson
e0bbef48bf Merge remote-tracking branch 'dgoulet/bug24767_033_03' into maint-0.3.3 2018-03-28 14:21:04 -04:00
Nick Mathewson
6317aa2cc0 Merge branch 'maint-0.3.3' 2018-03-28 07:50:47 -04:00
Nick Mathewson
d4bf1f6c8e Add a paranoia check in string_is_valid_nonrfc_hostname()
The earlier checks in this function should ensure that components is
always nonempty.  But in case somebody messes with them in the
future, let's add an extra check to make sure we aren't crashing.
2018-03-28 07:48:18 -04:00
Nick Mathewson
b504c854d3 Rename string_is_valid_hostname -> string_is_valid_nonrfc_hostname
Per discussion on 25055.
2018-03-28 07:42:27 -04:00
rl1987
09351c34e9 Don't strlen before checking for NULL 2018-03-28 07:39:03 -04:00
rl1987
a28e350cff Tweak loop condition 2018-03-28 07:39:03 -04:00
rl1987
6b6d003f43 Don't explode on NULL or empty string 2018-03-28 07:39:03 -04:00
rl1987
d891010fdd Allow alphanumeric TLDs in test for now 2018-03-28 07:39:03 -04:00
rl1987
ee1fca727c Simplify hostname validation code 2018-03-28 07:39:03 -04:00
rl1987
dbb7c8e6fd Validate hostnames with punycode TLDs correctly 2018-03-28 07:39:03 -04:00
rl1987
4413e52f9e Improve handling of trailing dot 2018-03-28 07:39:03 -04:00
rl1987
db850fec3a Test TLD validation 2018-03-28 07:39:03 -04:00
rl1987
6335db9fce Refrain from including <ctype.h> 2018-03-28 07:39:03 -04:00
rl1987
12afd8bfed Also test bracket-less IPv6 string validation 2018-03-28 07:39:03 -04:00
rl1987
5986589b48 Call strlen() once 2018-03-28 07:39:03 -04:00
rl1987
b0ba4aa7e9 Fix bracketed IPv6 string validation 2018-03-28 07:39:03 -04:00
rl1987
1af016e96e Do not consider IP strings valid DNS names. Fixes #25055 2018-03-28 07:39:03 -04:00
rl1987
0e453929d2 Allow IPv6 address strings to be used as hostnames in SOCKS5 requests 2018-03-28 07:39:03 -04:00
Nick Mathewson
fa6eaab83e Merge branch 'maint-0.3.3' 2018-03-27 18:25:52 -04:00
Nick Mathewson
5acfc30876 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-03-27 18:23:53 -04:00
Taylor Yu
471f28a2a8 Fix CID 1430932
Coverity found a null pointer reference in nodelist_add_microdesc().
This is almost certainly impossible assuming that the routerstatus_t
returned by router_get_consensus_status_by_descriptor_digest() always
corresponds to an entry in the nodelist.  Fixes bug 25629.
2018-03-27 16:11:29 -05:00
Taylor Yu
0c13a84c0d Fix CID 1430932
Coverity found a null pointer reference in nodelist_add_microdesc().
This is almost certainly impossible assuming that the routerstatus_t
returned by router_get_consensus_status_by_descriptor_digest() always
corresponds to an entry in the nodelist.  Fixes bug 25629.
2018-03-27 16:08:39 -05:00
Taylor Yu
4bb7d9fd12 Fix CID 1430932
Coverity found a null pointer reference in nodelist_add_microdesc().
This is almost certainly impossible assuming that the routerstatus_t
returned by router_get_consensus_status_by_descriptor_digest() always
corresponds to an entry in the nodelist.  Fixes bug 25629.
2018-03-27 15:29:00 -05:00
George Kadianakis
ab16f1e2a1 test: Add unittest for the OR connection failure cache
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-03-27 12:43:39 -04:00
David Goulet
f29d158330 relay: Avoid connecting to down relays
If we failed to connect at the TCP level to a relay, note it down and refuse
to connect again for another 60 seconds.

Fixes #24767

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-03-27 12:42:31 -04:00
Nick Mathewson
979c7e5c83 Merge branch 'maint-0.3.3' 2018-03-27 07:05:15 -04:00
Nick Mathewson
46c2b0ca22 Merge branch 'bug25213_033' into maint-0.3.3 2018-03-27 07:04:33 -04:00
Nick Mathewson
0eed0899cd Merge branch 'bug24658-rm-curve25519-header' into bug24658-merge 2018-03-26 20:12:59 -04:00
Nick Mathewson
d96dc2060a Merge branch 'maint-0.3.3' 2018-03-26 19:47:48 -04:00
Nick Mathewson
841ed9dbb9 Merge remote-tracking branch 'dgoulet/bug24904_033_01' into maint-0.3.3 2018-03-26 19:47:44 -04:00
Nick Mathewson
5278d72f97 Merge branch 'maint-0.3.3' 2018-03-26 10:32:53 -04:00
Nick Mathewson
ca2d9cbb93 Merge branch 'bug24903_029' into maint-0.3.3 2018-03-26 10:32:49 -04:00
Nick Mathewson
068d092749 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-03-26 10:29:29 -04:00
Nick Mathewson
b5a6c03998 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-03-26 10:29:29 -04:00
Nick Mathewson
c68bfc556c Merge branch 'maint-0.3.3' 2018-03-26 10:29:29 -04:00
Nick Mathewson
33606405e3 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-03-26 10:29:29 -04:00
Nick Mathewson
969a38a375 Fix a unit test which was broken by the previous commit
This test was expecting Tor to find and use routerinfos, but hadn't
cleared the UseMicrodescriptors flag.  Part of the fix for 25213.
2018-03-26 09:57:39 -04:00
Nick Mathewson
d1874b4339 Make extend_info_from_node() more picky about node contents
This update is needed to make it consistent with the behavior of
node_awaiting_ipv6(), which doesn't believe in the addresses from
routerinfos unless it actually plans to use those routerinfos.

Fixes bug 25213; bugfix on b66b62fb75 in 0.3.3.1-alpha,
which tightened up the definition of node_awaiting_ipv6().
2018-03-26 09:56:12 -04:00
Nick Mathewson
33a80921a2 When extending a circuit's path length, clear onehop_tunnel.
There was a nonfatal assertion in pathbias_should_count that would
trigger if onehop_tunnel was set, but the desired_path_length was
greater than 1.  This patch fixes that.  Fixes bug 24903; bugfix on
0.2.5.2-alpha.
2018-03-26 09:17:50 -04:00
Nick Mathewson
a9fa483004 Document a requirement for cells to be encrypted. 2018-03-24 13:49:44 -04:00
Nick Mathewson
7db4d0c55f Basic unit tests for relay_crypto.c
These tests handle incoming and outgoing cells on a three-hop
circuit, and make sure that the crypto works end-to-end.  They don't
yet test spec conformance, leaky-pipe, or various error cases.
2018-03-24 13:49:08 -04:00
Nick Mathewson
d749f6b5f6 Merge branch 'maint-0.3.3' 2018-03-23 17:49:29 -04:00
Nick Mathewson
eacfd29112 Fix windows compilation warnings in hs_service.c
These were breaking jenkins builds.  Bugfix on 5804ccc9070dc54;
bug not in any released Tor.
2018-03-23 17:47:56 -04:00
Nick Mathewson
bb9012c818 test: more data on geoip load failure. 2018-03-23 11:48:15 -04:00
Nick Mathewson
3519d0c808 Clear all control.c flags on control_free_all()
Fixes bug 25512.
2018-03-23 11:31:56 -04:00
Nick Mathewson
e263317e07 Merge remote-tracking branch 'fristonio/ticket-24740' 2018-03-23 11:22:58 -04:00
Nick Mathewson
11114c7e83 Merge branch 'maint-0.3.3' 2018-03-23 11:19:19 -04:00
Isis Lovecruft
657d5cbbbc tests: Automatically detect Rust crates to test and also pass --verbose.
* FIXES #25560: https://bugs.torproject.org/25560.
2018-03-23 11:13:04 -04:00
David Goulet
236c92a0a7 chan: Use channel_is_client() in channel_do_open_actions()
Make sure we actually only report client channel to the geoip cache instead of
looking if it is a known relay. Looking if it is a known relay can be
unreliable because they come and go from the consensus.

Fixes #24904

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-03-23 10:11:37 -04:00
Isis Lovecruft
fae5254783
hs: Fix two typos in an inline comment.
* FIXES #25602: https://bugs.torproject.org/25602
2018-03-22 22:33:34 +00:00
Nick Mathewson
24abcf9771 Merge branch 'bug25399_squashed' 2018-03-22 08:49:43 -04:00
Alex Xu (Hello71)
946ed24ca5 Do not page-align mmap length. #25399 2018-03-22 08:47:37 -04:00
Nick Mathewson
d9ba7db38b Merge remote-tracking branch 'public/geoip_testing' 2018-03-22 08:43:28 -04:00
Nick Mathewson
f8e53a545a Update tor_log to libc 0.2.39 as well. 2018-03-21 17:14:15 -04:00
Nick Mathewson
4e82441e4c Merge branch 'maint-0.3.3' 2018-03-21 17:10:10 -04:00
Nick Mathewson
2b31387410 Update src/ext/rust to latest master for libc update. 2018-03-21 17:09:59 -04:00
Nick Mathewson
03e787e220 Merge branch 'maint-0.3.3' 2018-03-21 17:05:42 -04:00
Isis Lovecruft
00a473733d maint: Update Rust libc dependency from 0.2.22 to 0.2.39.
Requires the update/libc-0.2.39 branch from
https://github.com/isislovecruft/tor-rust-dependencies to be merged
first.
2018-03-21 17:04:28 -04:00
Nick Mathewson
2c36a02bb1 Merge branch 'maint-0.3.3' 2018-03-20 12:55:46 -04:00
Nick Mathewson
b069979142 Merge branch 'bug25306_032_01_squashed_v2' into maint-0.3.3 2018-03-20 12:54:51 -04:00
David Goulet
5804ccc907 hs-v3: BUG() on missing descriptors during rotation
Because of #25306 for which we are unable to reproduce nor understand how it
is possible, this commit removes the asserts() and BUG() on the missing
descriptors instead when rotating them.

This allows us to log more data on error but also to let tor recover
gracefully instead of dying.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-03-20 12:54:05 -04:00
Nick Mathewson
9f93bcd16d Remove sb_poll check: all poll() calls are ok. 2018-03-20 08:30:21 -04:00
Nick Mathewson
070eda5a21 Add the poll() syscall as permitted by the sandbox
Apparently, sometimes getpwnam will call this.

Fixes bug 25513.
2018-03-20 08:23:44 -04:00
Nick Mathewson
56ae6d8766 Merge branch 'maint-0.3.3' 2018-03-20 07:50:46 -04:00
Alexander Færøy
fd36bd8971 Log information on specific compression backends in the OOM handler.
This patch adds some additional logging to circuits_handle_oom() to give
us more information about which specific compression backend that is
using a certain amount of memory.

See: https://bugs.torproject.org/25372
2018-03-20 07:47:19 -04:00
Nick Mathewson
228b655935 Move rust-specific declarations outside of #else block
These declarations need to exist unconditionally, but they were
trapped inside an "#else /* !(defined(HAVE_SYSLOG_H)) */" block.

Fixes a travis regression caused by 23881; bug not in any released tor.
2018-03-19 19:18:23 -04:00
Nick Mathewson
d8893bc93c Merge remote-tracking branch 'isis/bug23881_r1' 2018-03-19 17:20:37 -04:00
Nick Mathewson
910422e8fa Merge branch 'maint-0.3.2' into maint-0.3.3 2018-03-19 16:59:49 -04:00
Nick Mathewson
3716611fea Merge branch 'maint-0.3.3' 2018-03-19 16:59:49 -04:00
Isis Lovecruft
66d3120634 tests: Fix HS test against max IP lifetime.
* FIXES part of #25450: https://bugs.torproject.org/25450
2018-03-19 16:59:07 -04:00
Isis Lovecruft
1f8bd93ecb
rust: Fix typo in name of logged function. 2018-03-19 19:23:35 +00:00
Isis Lovecruft
547c62840e
rust: Remove #[no_mangle]s on two constants.
These won't/shouldn't ever be called from C, so there's no reason to
preserve naming.
2018-03-19 19:23:34 +00:00
Neel Chauhan
bc5f79b95c Use tor_asprintf for in have_enough_mem_for_dircache()
(Fixes bug 20887)
2018-03-19 12:38:28 -04:00
Nick Mathewson
b0f0c0f550 Merge remote-tracking branch 'fristonio/ticket-6236' 2018-03-19 06:42:10 -04:00
Nick Mathewson
a324cd9020 Merge branch 'ticket25268_034_01' 2018-03-19 06:01:02 -04:00
Nick Mathewson
92c60b572c Merge branch 'maint-0.3.3' 2018-03-19 05:39:56 -04:00
Gisle Vanem
53914f7dae tests: Fix crash on win32 due to uninitialised mutex in bench.c.
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2018-03-19 05:38:19 -04:00
Nick Mathewson
bcea98a4b4 Merge branch 'maint-0.3.3' 2018-03-19 05:36:06 -04:00
Nick Mathewson
296e429ebc Merge branch 'maint-0.3.2' into maint-0.3.3 2018-03-19 05:36:06 -04:00
Nick Mathewson
a0cc7e9492 Merge remote-tracking branch 'isis/bug25450_032' into maint-0.3.2 2018-03-19 05:35:39 -04:00
Nick Mathewson
5ecad6c95d Extract the cryptographic parts of crypt_path_t and or_circuit_t.
Additionally, this change extracts the functions that created and
freed these elements.

These structures had common "forward&reverse stream&digest"
elements, but they were initialized and freed through cpath objects,
and different parts of the code depended on them.  Now all that code
is extacted, and kept in relay_crypto.c
2018-03-17 10:59:15 -04:00
Nick Mathewson
80955be6ec Move relay-crypto functions from relay.[ch] to relay_crypto.[ch]
This should help us improve modularity, and should also make it
easier for people to experiment with other relay crypto strategies
down the road.

This commit is pure function movement.
2018-03-17 10:23:44 -04:00
Nick Mathewson
320dcf65b7 Extract the crypto parts of circuit_package_relay_cell. 2018-03-17 10:16:41 -04:00
Nick Mathewson
2989326054 Rename 'relay_crypt' to 'relay_decrypt_cell'
This function is used upon receiving a cell, and only handles the
decrypting part.  The encryption part is currently handled inside
circuit_package_relay_cell.
2018-03-17 10:05:25 -04:00
Nick Mathewson
becae4c943 Add a test for geoip_load_file(). 2018-03-15 15:21:34 +01:00
Nick Mathewson
1debe57563 On geoip_free_all, reset geoip[6]_digest. 2018-03-15 15:21:23 +01:00
Nick Mathewson
ffb00404b1 Split geoip tests into a separate module. 2018-03-15 15:12:54 +01:00
Nick Mathewson
4e5e973421 Merge remote-tracking branch 'public/restart_reset_bootstrap' 2018-03-14 12:12:37 +01:00
Nick Mathewson
c6d364e8ae Merge branch 'maint-0.3.3' 2018-03-13 10:59:56 -04:00
Nick Mathewson
d60dc27555 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-03-13 10:59:30 -04:00
Nick Mathewson
950606dcc9 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-03-13 10:58:03 -04:00
Nick Mathewson
38b7885c90 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-03-13 10:58:03 -04:00
Nick Mathewson
0e7f15fdb6 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-03-13 10:58:02 -04:00
Nick Mathewson
67a313f0ec Merge branch 'maint-0.2.5' into maint-0.2.9 2018-03-13 10:58:02 -04:00
Karsten Loesing
3418a3a7f0 Update geoip and geoip6 to the March 8 2018 database. 2018-03-13 10:57:49 -04:00
Mike Perry
578aaa7f12 Bug 25505: Check circuitmux queues before padding. 2018-03-13 13:50:35 +00:00
Nick Mathewson
40154c1f9e Merge branch 'maint-0.3.3' 2018-03-13 10:00:58 +01:00
Nick Mathewson
e9dbd6dd8f Update the documentation in tor_api.h 2018-03-13 10:00:41 +01:00
Isis Lovecruft
0545f64d24
test: Increase time limit for IP creation in an HS test.
This should avoid most intermittent test failures on developer and CI machines,
but there could (and probably should) be a more elegant solution.

Also, this test was testing that the IP was created and its expiration time was
set to a time greater than or equal to `now+INTRO_POINT_LIFETIME_MIN_SECONDS+5`:

    /* Time to expire MUST also be in that range. We add 5 seconds because
     * there could be a gap between setting now and the time taken in
     * service_intro_point_new. On ARM, it can be surprisingly slow... */
    tt_u64_op(ip->time_to_expire, OP_GE,
              now + INTRO_POINT_LIFETIME_MIN_SECONDS + 5);

However, this appears to be a typo, since, according to the comment above it,
adding five seconds was done because the IP creation can be slow on some
systems.  But the five seconds is added to the *minimum* time we're comparing
against, and so it actually functions to make this test *more* likely to fail on
slower systems.  (It should either subtract five seconds, or instead add it to
time_to_expire.)

 * FIXES #25450: https://bugs.torproject.org/25450
2018-03-08 20:50:50 +00:00
Caio Valente
8775c93a99 Refactor: suppress duplicated functions from router.c and encapsulate NODE_DESC_BUF_LEN constant.
Also encapsulates format_node_description().

Closes ticket 25432.
2018-03-06 20:42:32 +01:00
Deepesh Pathak
930b985581
Fix redundant authority certificate fetch
- Fixes #24740
- Fetch certificates only in those cases when consensus are waiting for certs.
2018-03-04 21:13:58 +05:30
Nick Mathewson
699bb803ba Fix a crash bug when testing reachability
Fixes bug 25415; bugfix on 0.3.3.2-alpha.
2018-03-04 10:31:17 -05:00
Nick Mathewson
df9d2de441 Merge remote-tracking branch 'fristonio/ticket4187' 2018-03-03 12:02:30 -05:00
Nick Mathewson
338dbdab93 Merge branch 'maint-0.3.3' 2018-03-03 11:59:27 -05:00
Alexander Færøy
59a7b00384 Update tor.1.txt with the currently available log domains.
See: https://bugs.torproject.org/25378
2018-03-03 11:58:14 -05:00
Nick Mathewson
62482ea279 Merge branch 'maint-0.3.3' 2018-03-03 11:53:05 -05:00
Nick Mathewson
cc7de9ce1d Merge branch 'ticket23814' into maint-0.3.3 2018-03-03 11:53:01 -05:00
Nick Mathewson
aec505a310 bump to 0.3.3.3-alpha-dev 2018-03-03 11:33:56 -05:00
Nick Mathewson
0026d1a673 bump version to 0.3.2.10-dev 2018-03-03 11:33:27 -05:00
Nick Mathewson
0aa794d309 version bump to 0.3.1.10-dev 2018-03-03 11:32:51 -05:00
Nick Mathewson
9eb6f9d3c8 Bump version to 0.2.9.15-dev 2018-03-03 11:32:16 -05:00
Alex Xu (Hello71)
45d3b5fa4c Remove uncompilable tor_mmap_file fallback. #25398 2018-03-02 09:51:53 -05:00
Nick Mathewson
15f6201a5b increment to 0.3.3.3-alpha 2018-03-01 16:44:07 -05:00
Nick Mathewson
1ec386561e version bump to 0.3.2.10 2018-03-01 16:43:35 -05:00
Nick Mathewson
c527a8a9c9 Update to 0.3.1.10 2018-03-01 16:43:01 -05:00
Nick Mathewson
35753c0774 version bump to 0.2.9.15 2018-03-01 16:42:17 -05:00
Nick Mathewson
d22963938f Merge branch 'maint-0.3.3' 2018-03-01 16:10:47 -05:00
Nick Mathewson
f7eff2f8c5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-03-01 16:10:43 -05:00
Nick Mathewson
d01abb9346 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-03-01 16:07:59 -05:00
Nick Mathewson
d4a758e083 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-03-01 16:07:59 -05:00
Nick Mathewson
c1bb8836ff Protover tests: disable some obsoleted tests
These were meant to demonstrate old behavior, or old rust behavior.

One of them _should_ work in Rust, but won't because of
implementation details.  We'll fix that up later.
2018-03-01 16:05:17 -05:00
Nick Mathewson
c5295cc1be Spec conformance on protover: always reject ranges where lo>hi 2018-03-01 16:05:17 -05:00
Nick Mathewson
1fe0bae508 Forbid UINT32_MAX as a protocol version
The C code and the rust code had different separate integer overflow
bugs here.  That suggests that we're better off just forbidding this
pathological case.

Also, add tests for expected behavior on receiving a bad protocol
list in a consensus.

Fixes another part of 25249.
2018-03-01 16:05:17 -05:00
Nick Mathewson
8b405c609e Forbid "-0" as a protocol version.
Fixes part of 24249; bugfix on 0.2.9.4-alpha.
2018-03-01 16:05:17 -05:00
Nick Mathewson
0953c43c95 Add more of Teor's protover tests.
These are as Teor wrote them; I've disabled the ones that don't pass
yet, with XXXX comments.
2018-03-01 16:05:17 -05:00
Nick Mathewson
d3a1bdbf56 Add some protover vote round-trip tests from Teor.
I've refactored these to be a separate function, to avoid tricky
merge conflicts.

Some of these are disabled with "XXXX" comments; they should get
fixed moving forward.
2018-03-01 16:05:17 -05:00
Nick Mathewson
a83650852d Add another NULL-pointer fix for protover.c.
This one can only be exploited if you can generate a correctly
signed consensus, so it's not as bad as 25074.

Fixes bug 25251; also tracked as TROVE-2018-004.
2018-03-01 16:05:17 -05:00
Nick Mathewson
65f2eec694 Correctly handle NULL returns from parse_protocol_list when voting.
In some cases we had checked for it, but in others we had not.  One
of these cases could have been used to remotely cause
denial-of-service against directory authorities while they attempted
to vote.

Fixes TROVE-2018-001.
2018-03-01 16:05:17 -05:00
Isis Lovecruft
167da4bc81
rust: Remove extra whitespace from a static log/error message. 2018-02-27 20:43:54 +00:00
Deepesh Pathak
130e2ffad7
Remove duplicate code between parse_{c,s}method in transport.c
- Merged common code in function parse_{c,s}method to a single function
- Removed duplicate code in transport.c
- Fixes #6236
2018-02-24 20:27:08 +05:30
Nick Mathewson
fc22bcadb5 Revert 4438ef32's changes to test_address.c
Apparently some versions of the mac sdk care about the ordering of
net/if.h wrt other headers.

Fixes bug 25319; bug not in any released tor.
2018-02-21 09:36:37 -05:00
Isis Lovecruft
7759ac8df2
crypto: Remove crypto_rsa.h from crypto_digest.c.
* ADD include for "crypto_openssl_mgt.h" so that we have OpenSSL
   defined SHA* types and functions.
 * FIXES part of #24658: https://bugs.torproject.org/24658#comment:30
2018-02-20 20:29:54 +00:00
Isis Lovecruft
3e9140e79a
crypto: Remove unnecessary curve25519 header from crypto_digest.h.
* ADD includes for "torint.h" and "container.h" to crypto_digest.h.
 * ADD includes for "crypto_digest.h" to a couple places in which
   crypto_digest_t was then missing.
 * FIXES part of #24658: https://bugs.torproject.org/24658#comment:30
2018-02-20 20:29:54 +00:00
Nick Mathewson
4438ef3288 Remove a bunch of other redundant #includes
Folks have found two in the past week or so; we may as well fix the
others.

Found with:

\#!/usr/bin/python3
import re

def findMulti(fname):
    includes = set()
    with open(fname) as f:
        for line in f:
            m = re.match(r'^\s*#\s*include\s+["<](\S+)[>"]', line)
            if m:
                inc = m.group(1)
                if inc in includes:
                    print("{}: {}".format(fname, inc))
                includes.add(m.group(1))

import sys
for fname in sys.argv[1:]:
    findMulti(fname)
2018-02-20 10:14:15 -05:00
Nick Mathewson
a4ab273a0d Merge remote-tracking branch 'fristonio/ticket-25261' 2018-02-20 10:03:52 -05:00
Nick Mathewson
5199b9b337 Use autoconf to check for optional zstd functionality.
Fixes a bug in our zstd-static code.  Bug not in any released
version of Tor.
2018-02-18 16:19:43 -05:00
Fernando Fernandez Mancera
0fad49e1c4 Move crypto_pk_obsolete_* functions into RSA module.
We moved the crypto_pk_obselete_* functions into crypto_rsa.[ch] because they fit
better with the RSA module.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-16 18:23:21 +01:00
Fernando Fernandez Mancera
541b6b2433 Remove useless included files in crypto_rsa.[ch].
Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-16 17:49:58 +01:00
Nick Mathewson
bd71e0a0c8 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-16 09:54:13 -05:00
Nick Mathewson
2bcd264a28 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-16 09:48:11 -05:00
Nick Mathewson
cb92d47dec Merge remote-tracking branch 'dgoulet/ticket24902_029_05' into maint-0.2.9 2018-02-16 09:41:06 -05:00
Nick Mathewson
bbc73c5d1c Whoops. 256 was not big enough. 2018-02-16 09:40:29 -05:00
Nick Mathewson
a34fc1dad2 Allow checkpointing of non-sha1 digests.
This is necessary because apparently v3 rendezvous cpath hops use
sha3, which I had forgotten.

Bugfix on master; bug not in any released Tor.
2018-02-16 09:25:50 -05:00
Roger Dingledine
d21e5cfc24 stop calling channel_mark_client in response to a create_fast
since all it does is produce false positives

this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.

[Cherry-picked]
2018-02-16 08:46:57 -05:00
Roger Dingledine
2b99350ca4 stop calling channel_mark_client in response to a create_fast
since all it does is produce false positives

this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.
2018-02-16 08:46:31 -05:00
Roger Dingledine
8d5dcdbda2 backport to make channel_is_client() accurate
This commit takes a piece of commit af8cadf3a9 and a piece of commit
46fe353f25, with the goal of making channel_is_client() be based on what
sort of connection handshake the other side used, rather than seeing
whether the other side ever sent a create_fast cell to us.
2018-02-16 08:39:10 -05:00
Neel Chauhan
c2fa743806 Remove the return value of node_get_prim_orport() and node_get_prim_dirport() 2018-02-16 08:20:33 -05:00
Nick Mathewson
200fc8c640 Compilation workaround for windows, which lacks O_SYNC
Bug not in any released Tor.
2018-02-16 08:16:12 -05:00
Nick Mathewson
5a9ada342f tor_zstd_format_version shouldn't be built when !HAVE_ZSTD
Fixes bug 25276; bugfix not in any released Tor.
2018-02-16 08:06:01 -05:00
Fernando Fernandez Mancera
f9f0dd5b9a Move the pk-digest functions into crypto_rsa.[ch].
We moved the crypto_pk_* digest functions into crypto_rsa.[ch] because they fit
better with the RSA module.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-16 12:04:22 +01:00
Nick Mathewson
b56fd17d00 Merge branch 'maint-0.3.3' 2018-02-15 21:05:12 -05:00
Nick Mathewson
d662d4470a Merge remote-tracking branch 'dgoulet/ticket24343_033_01' into maint-0.3.3 2018-02-15 21:05:08 -05:00
Nick Mathewson
d9804691df Merge remote-tracking branch 'ffmancera-1/bug18918' 2018-02-15 21:00:10 -05:00
Nick Mathewson
92a42f795c Merge branch 'bug23909' 2018-02-15 20:56:23 -05:00
Nick Mathewson
8da6bfa5de Merge branch 'bug24914' 2018-02-15 20:53:50 -05:00
Nick Mathewson
4d994e7a9c Fix a stack-protector warning: don't use a variable-length buffer
Instead, define a maximum size, and enforce it with an assertion.
2018-02-15 20:52:01 -05:00
Nick Mathewson
ed1d630f0e Merge branch 'onion_ntor_malloc_less' 2018-02-15 20:40:03 -05:00
Nick Mathewson
28c3f538e5 Documentation fixes suggested by catalyst. 2018-02-15 20:38:08 -05:00
Nick Mathewson
bda1dfb9e0 Merge remote-tracking branch 'isis/bug25185' 2018-02-15 20:35:30 -05:00
Nick Mathewson
acb7a536c2 Merge branch 'maint-0.3.3' 2018-02-15 20:33:00 -05:00
Nick Mathewson
799c82be70 Merge remote-tracking branch 'isis/bug25171' into maint-0.3.3 2018-02-15 20:32:57 -05:00
Nick Mathewson
a1dd8afc16 Merge branch '25162_zstd_static' 2018-02-15 20:28:07 -05:00
Nick Mathewson
066a15af63 This stats_n_seconds_working variable needs to be static now.
(When a variable isn't going to be declared extern in the header, we
require that it be static.)
2018-02-15 20:26:09 -05:00
Nick Mathewson
3ca04aada2 Merge remote-tracking branch 'valentecaio/t-25081' 2018-02-15 20:23:23 -05:00
Nick Mathewson
3d7bf98d13 Merge remote-tracking branch 'valentecaio/t-24714' 2018-02-15 20:19:53 -05:00
Isis Lovecruft
5f7d78ce2a
tests: Remove duplicate included header file in src/test/test.c.
* FIXES #25271: https://bugs.torproject.org/25271
2018-02-16 01:19:12 +00:00
Nick Mathewson
3c8a481599 Merge branch 'bug18105' 2018-02-15 20:17:31 -05:00
Nick Mathewson
3e2b48f8b4 Merge branch 'bug24484_squashed' 2018-02-15 20:13:53 -05:00
Nick Mathewson
4dc228e35b Remove workaround code for systems where free(NULL) is busted.
Add an autoconf test to make sure we won't regret it.

Closes ticket 24484.
2018-02-15 20:13:44 -05:00
Nick Mathewson
cfff582e4d Bump version in master to 0.3.4.0-alpha-dev 2018-02-15 20:11:25 -05:00
Nick Mathewson
5af03c1ef3 rust protover: match the C implementation on empty-str cases
Empty versions lists are permitted; empty keywords are not.
2018-02-15 19:08:52 -05:00
Nick Mathewson
b58a2febe3 Forbid u32::MAX as a protover range element in rust
Part of the 25249 fix to make rust match the C.
2018-02-15 19:07:38 -05:00
Nick Mathewson
f69510ba4b Rust protover compat: forbid more than MAX_VERSIONS_TO_EXPAND in a range
Also correct MAX_VERSIONS_TO_EXPAND to match the C.

NOTE that this patch leads to incorrect behavior: the C code allows
huge ranges; it just doesn't allow votes on them (currently).  For
full compatibility, we'll need to make the rust code store ranges as
ranges natively, possibly using something like the range_map crate.

Still, this patch is smaller than a "proper" fix.

Fixes TROVE-2018-003.
2018-02-15 19:07:25 -05:00
David Goulet
779eded6bb man: Update the CircuitPriorityHalflife entry
The behavior has changed slightly in the previous commits.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-15 14:54:48 -05:00
David Goulet
e19cd38f08 cmux: Always use the cmux policy
Remove the checks on cmux->policy since it should always be set.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-15 14:54:24 -05:00
David Goulet
c235c32bbc cmux: Remove round-robin circuit policy
Since 0.2.4, tor uses EWMA circuit policy to prioritize. The previous
algorithm, round-robin, hasn't been used since then but was still used as a
fallback.

Now that EWMA is mandatory, remove that code entirely and enforce a cmux
policy to be set.

This is part of a circuitmux cleanup to improve performance and reduce
complexity in the code. We'll be able to address future optimization with this
work.

Closes #25268

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-15 14:36:39 -05:00
David Goulet
9d68647ba3 cmux: Remove PARANOIA assert functions
The reason to do so is because these functions haven't been used in years so
since 0.2.4, every callsite is NOP.

In future commits, we'll remove the round robin circuit policy which is mostly
validated within those function.

This simplifies the code greatly and remove dead code for which we never had a
configure option in the first place nor an easy way to use them in production.

Part of #25268

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-15 14:02:09 -05:00
David Goulet
9af5b625e8 cmux: Rename cell_ewma_set_scale_factor()
It is rename to something more meaningful that explains what it does exactly
which is sets the EWMA options (currently only one exists). The new name is
cmux_ewma_set_options().

Also, remove a public function from circuitmux_ewma.h that is only used in the
C file. Make it static inline as well.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-15 13:51:34 -05:00
David Goulet
6b1dba214d cmux: Make EWMA policy mandatory
To achieve this, a default value for the CircuitPriorityHalflife option was
needed. We still look in the options and then the consensus but in case no
value can be found, the default CircuitPriorityHalflifeMsec=30000 is used. It
it the value we've been using since 0.2.4.4-alpha.

This means that EWMA, our only policy, can not be disabled anymore fallbacking
to the round robin algorithm. Unneeded code to control that is removed in this
commit.

Part of #25268

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-15 13:45:21 -05:00
Deepesh Pathak
3553383312
ticket 25261: Removed multiple includes of transports.h in connection.c 2018-02-15 22:28:34 +05:30
Nick Mathewson
f6a230ec95 Merge remote-tracking branch 'mikeperry/bug24769' 2018-02-14 10:03:14 -05:00
Nick Mathewson
9e566f3a72 Merge branch 'tests_rust' 2018-02-13 18:12:01 -05:00
Nick Mathewson
86f461e362 Merge remote-tracking branch 'dgoulet/ticket24902_029_05' 2018-02-13 15:00:43 -05:00
David Goulet
b60ffc5ce0 Merge remote-tracking branch 'dgoulet/bug25223_029_01' into ticket24902_029_05 2018-02-13 13:11:10 -05:00
David Goulet
305e39d0f8 dos: Add extra safety asserts in cc_stats_refill_bucket()
Never allow the function to set a bucket value above the allowed circuit
burst.

Closes #25202

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 10:41:21 -05:00
David Goulet
4fe4f8179f dos: Don't set consensus param if we aren't a public relay
We had this safeguard around dos_init() but not when the consensus changes
which can modify consensus parameters and possibly enable the DoS mitigation
even if tor wasn't a public relay.

Fixes #25223

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 10:35:41 -05:00
Nick Mathewson
b062730a11 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-13 08:50:59 -05:00
Nick Mathewson
17a923941a Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-13 08:50:58 -05:00
David Goulet
e658dad625 dirserv: Improve returned message when relay is rejected
Explicitly inform the operator of the rejected relay to set a valid email
address in the ContactInfo field and contact bad-relays@ mailing list.

Fixes #25170

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 08:47:42 -05:00
Nick Mathewson
ef164346d4 Merge remote-tracking branch 'dgoulet/ticket24902_029_05' 2018-02-13 08:47:06 -05:00
Nick Mathewson
1555946e20 Have tor_addr hashes return a randomized hash for AF_UNSPEC.
We don't expect this to come up very much, but we may as well make
sure that the value isn't predictable (as we do for the other
addresses) in case the issue ever comes up.

Spotted by teor.
2018-02-12 11:14:36 -05:00
Nick Mathewson
99fbbc6c47 Fix a typo in an address_set.c comment. 2018-02-12 11:14:34 -05:00
Nick Mathewson
91109bc813 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-12 08:33:47 -05:00
Nick Mathewson
e91bae66d8 Merge branch 'bug23318-redux_029' into maint-0.2.9 2018-02-12 08:33:03 -05:00
Fernando Fernandez Mancera
3dd2c1d022 Tweaks into router_should_be_dirserver() log msg.
Fixed log message that has been changed in commit 5ea993fa5a.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-12 12:30:52 +01:00
Nick Mathewson
b2c4d4e7fa Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-11 18:11:04 -05:00
Nick Mathewson
84c13336c4 Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9 2018-02-11 18:10:59 -05:00
Nick Mathewson
8939eaf479 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-11 18:09:35 -05:00
Nick Mathewson
848ba26c18 Merge branch 'ticket24315_029' into maint-0.2.9 2018-02-11 18:07:37 -05:00
Nick Mathewson
684d57fe8a Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-11 17:00:52 -05:00
Nick Mathewson
eccef6ba60 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-11 16:51:56 -05:00
Nick Mathewson
5dc785ceef Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9 2018-02-11 16:51:53 -05:00
Nick Mathewson
a75ae628c7 Merge remote-tracking branch 'isis/bug25127_redux' 2018-02-11 16:17:41 -05:00
Nick Mathewson
7aa94f7441 fix compilation. 2018-02-11 16:16:58 -05:00
Nick Mathewson
627974b02e Merge branch 'bug25120' 2018-02-11 16:10:58 -05:00
Alexander Færøy
14c47a0b5c Lower log-level in different error conditions in entropy selection.
This patch lowers the log-level from warning to info in the cases where
we are going to attempt another method as entropy source to hopefully
make the user feel less concerned.

See: https://bugs.torproject.org/25120
2018-02-11 16:10:50 -05:00
Nick Mathewson
4de20d1754 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-10 16:09:01 -05:00
Nick Mathewson
1df701c082 Merge branch 'maint-0.3.2' 2018-02-10 16:09:01 -05:00
Nick Mathewson
86583ad78e Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-10 16:09:00 -05:00
Nick Mathewson
320dac4602 Merge branch 'bug24978_029_enable' into maint-0.2.9 2018-02-10 16:08:58 -05:00
Nick Mathewson
791ceb2028 Bump version to 0.3.3.2-alpha-dev 2018-02-10 10:41:23 -05:00
Isis Lovecruft
a4797a7e62
rust: Remove now unused byte_slice_is_c_like() utility. 2018-02-10 02:31:07 +00:00
Isis Lovecruft
081e99c16f
rust: Remove empty_static_cstr() in favour of new cstr!() macro. 2018-02-10 02:19:18 +00:00
Isis Lovecruft
6c77593a57
rust: Use tor_util::strings utils for protover_compute_for_old_tor. 2018-02-10 02:18:55 +00:00
Isis Lovecruft
3c4e006e7e
rust: Use tor_util::strings utils for protover_get_supported_protocols. 2018-02-10 02:15:06 +00:00
Isis Lovecruft
8fff331bb0
rust: Add macro for passing static borrowed strings from Rust to C.
* ADD a new macro, tor_util::string::cstr!() which takes Rust strings,
   concatenates them together, appends a NUL byte, and converts it into a
   std::ffi::CStr for handing to C.
2018-02-10 02:15:06 +00:00
Isis Lovecruft
45c59eff6c
rust: Replace two unwrap()s in FFI code with unwrap_or()s. 2018-02-10 01:21:31 +00:00
Nick Mathewson
9e0d468498 Bump to 0.3.3.2-alpha 2018-02-09 17:25:58 -05:00
Roger Dingledine
99666dc6c4 whitespace and typo cleanups 2018-02-09 17:05:20 -05:00
Nick Mathewson
abdf2a6f7f Merge remote-tracking branch 'dgoulet/ticket24902_029_05' 2018-02-09 12:08:12 -05:00
David Goulet
1a4fc9cddf test: DoS test to make sure we exclude known relays
Part of #25193

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-09 11:31:01 -05:00
David Goulet
666582a679 dos: Exclude known relays from client connection count
This is to avoid positively identifying Exit relays if tor client connection
comes from them that is reentering the network.

One thing to note is that this is done only in the DoS subsystem but we'll
still add it to the geoip cache as a "client" seen. This is done that way so
to avoid as much as possible changing the current behavior of the geoip client
cache since this is being backported.

Closes #25193

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-09 11:13:04 -05:00
Nick Mathewson
549a450f52 Add a "make test-rust" target to run the rust tests only. 2018-02-08 17:51:57 -05:00
Nick Mathewson
d9826b0a30 Merge remote-tracking branch 'frewsxcv/frewsxcv-protover' 2018-02-08 17:45:17 -05:00
Nick Mathewson
af049657eb Stop claiming that compute_for_old_tor() returns pairs 2018-02-08 17:36:08 -05:00
Nick Mathewson
d8307cb0e9 Remove new unsafe {} use.
Rationale: this helps for performance only, but we don't actually
have any reason to think that the checks here are
performance-critical.  Let's not normalize the use of unsafe {}.
2018-02-08 17:29:50 -05:00
Nick Mathewson
8d142e2322 Merge remote-tracking branch 'isis/bug25127' 2018-02-08 17:16:14 -05:00
David Goulet
112638921b Merge branch 'ticket25183_029_01' into ticket24902_029_05 2018-02-08 16:56:21 -05:00
David Goulet
a445327b80 test: Add unit tests for addressset.c
This also adds one that tests the integration with the nodelist.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-08 16:56:05 -05:00
Nick Mathewson
6892d32921 Add an address_set to the nodelist.
This set is rebuilt whenever a consensus arrives.  In between
consensuses, it is add-only.
2018-02-08 14:40:05 -05:00
Nick Mathewson
0640da4269 Function to add an ipv4 address to an address_set
This is a convenience function, so callers don't need to wrap
the IPv4 address.
2018-02-08 14:38:14 -05:00
Nick Mathewson
46bd2aed91 Add an address-set backend using a bloom filter.
We're going to need this to make our anti-DoS code (see 24902) more
robust.
2018-02-08 14:38:11 -05:00
Nick Mathewson
84bc75b2e7 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-08 10:29:06 -05:00
Nick Mathewson
cce76fbbe2 Merge branch 'maint-0.3.2' 2018-02-08 10:29:06 -05:00
Nick Mathewson
04a8e81fa9 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-08 10:29:05 -05:00
Nick Mathewson
0ddc2dc531 Merge branch 'maint-0.2.5' into maint-0.2.9 2018-02-08 10:29:05 -05:00
David Goulet
211fe44e07 dirserv: Improve returned message when relay is rejected
Explicitly inform the operator of the rejected relay to set a valid email
address in the ContactInfo field and contact bad-relays@ mailing list.

Fixes #25170

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-08 09:42:26 -05:00
Karsten Loesing
f1278b7e57 Update geoip and geoip6 to the February 7 2018 database. 2018-02-08 10:32:41 +01:00
Isis Lovecruft
b85436c596
protover: Fix memleak in Rust impl of protover_compute_for_old_tor.
* FIXES #25127: https://bugs.torproject.org/25127
 * ADDS a new module to the Rust tor_util crate for small utilities
   for working with static strings between languages.
 * CHANGES the return type of protover_compute_for_old_tor to point to
   immutable data.
 * CHANGES the code from the previous commit to use the new static
   string utilities.
2018-02-07 22:51:58 +00:00
David Goulet
652d3a5b66 Remove anything related to the old SocksSockets option
At this commit, the SocksSocketsGroupWritable option is renamed to
UnixSocksGroupWritable. A deprecated warning is triggered if the old option is
used and tor will use it properly.

Fixes #24343

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-07 14:05:33 -05:00
Roger Dingledine
bf91da75ab remove blank line between function-comment and function
also be more consistent about punctuation in doxygen comments
2018-02-07 12:51:05 -05:00
Nick Mathewson
12b58ba551 Merge remote-tracking branch 'dgoulet/ticket25163_033_01' 2018-02-07 12:46:27 -05:00
Roger Dingledine
a7440d9c9d more fixes for typos, grammar, whitespace, etc
some of these ought to have been noticed by the "misspell" tool,
so if anybody is debugging it, here are some bug reports :)
2018-02-07 12:22:29 -05:00
Nick Mathewson
78382d557a Merge remote-tracking branch 'dgoulet/bug25113_029_01' 2018-02-07 11:33:14 -05:00
David Goulet
fe3dfe7e38 test: Bump to 10 msec gap in the monotonic test
On slow system, 1 msec between one read and the other was too tight. For
instance, it failed on armel with a 4msec gap:

  https://buildd.debian.org/status/package.php?p=tor&suite=experimental

Increase to 10 msec for now to address slow system. It is important that we
keep this OP_LE test in so we make sure the msec/usec/nsec read aren't
desynchronized by huge gaps. We'll adjust again if we ever encounter a system
that goes slower than 10 msec between calls.

Fixes #25113

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-07 10:50:52 -05:00
Nick Mathewson
86498e5aa5 Fix wide lines from typo-fix patch. 2018-02-07 10:46:05 -05:00
Deepesh Pathak
ca6682f3f8 Fix spelling mistakes corresponding to ticket #23650 2018-02-07 10:41:57 -05:00
George Kadianakis
13f5adc86c Improve doc of primary_guards_up_to_date. 2018-02-07 11:46:30 +02:00
David Goulet
93ebcc2b8f rephist: Stop tracking relay connection status
Remove a series of connection counters that were only used when dumping the
rephist statistics with SIGUSR1 signal.

This reduces the or_history_t structure size.

Closes #25163

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-06 12:56:36 -05:00
David Goulet
199bc37290 rephist: Stop tracking EXTEND attempts
This removes the code that tracks the extend attemps a client makes. We don't
use it and it was only used to provide statistics on a SIGUSR1 from the
rephist dump stats function.

Part of #25163

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-06 12:43:55 -05:00
Nick Mathewson
6961609a1c Merge remote-tracking branch 'dgoulet/bug25116_029_01' 2018-02-06 12:13:41 -05:00
Nick Mathewson
a03488954c Add configure option to control ZSTD_STATIC_LINKING_ONLY 2018-02-06 11:58:05 -05:00
Nick Mathewson
87db5a6b75 Merge remote-tracking branch 'arma/bug22212' 2018-02-06 11:36:13 -05:00
Nick Mathewson
a77a366b87 Warn on zstd header/library version mismatch
If we're going to potentially degrade performance in this case, we
may as well tell people so.
2018-02-06 11:05:07 -05:00
Nick Mathewson
f98cb5d355 Use "static-only" zstd functions to estimate memory usage.
These should provide better and more accurate results when we can
use them; we fall back to the old approach when we can't.
2018-02-06 11:05:07 -05:00
Nick Mathewson
7cb954209d Make zstd unit tests try running with static-only fns disabled
Since we're making it so that unstable zstd apis can be disabled,
we need to test them.  I do this by adding a variant setup/cleanup
function for the tests, and teaching it about a fake compression
method called "x-zstd:nostatic".
2018-02-06 11:05:07 -05:00
Nick Mathewson
358b609e9d Enable (safe) use of zstd static-only APIs
We'll only use these when the compile-time version and the run-time
version of the zstd library match.  Part of ticket 25162.
2018-02-06 11:05:07 -05:00
Nick Mathewson
22a5d3dd2a remove a redundant semicolon 2018-02-06 08:13:11 -05:00
Isis Lovecruft
7ea9e080c5
protover: Fix memleak in Rust implementation.
* FIXES #25127: https://bugs.torproject.org/25127.
2018-02-06 02:56:16 +00:00
Nick Mathewson
b5a8fd1566 Merge remote-tracking branch 'dgoulet/ticket24902_029_05' 2018-02-05 14:00:50 -05:00
David Goulet
7ce8d5513b Make circuit_log_ancient_one_hop_circuits() ignore established service rendezvous
Services can keep rendezvous circuits for a while so don't log them if tor is
a single onion service.

Fixes #25116

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-05 13:46:43 -05:00
David Goulet
f08fa97460 geoip: Make geoip_client_cache_total_allocation() return the counter
The HT_FOREACH() is insanely heavy on the CPU and this is part of the fast
path so make it return the nice memory size counter we added in
4d812e29b9.

Fixes #25148

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-05 13:38:55 -05:00
Nick Mathewson
e3d4154486 Avoid a malloc/free pair for each (server-side) ntor handshake
Closes ticket 25150
2018-02-05 11:53:33 -05:00
Nick Mathewson
f0d7905bc9 Merge remote-tracking branch 'dgoulet/ticket24902_029_05' 2018-02-05 11:38:58 -05:00
Fernando Fernandez Mancera
60b8e088c3 Add crypto_digest.[ch] to include.am
Included crypto_digest.[ch] into include.am in order to solve a compiling
issue. Also EOF line in crypto_digest.c added.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-03 17:13:04 +01:00
Fernando Fernandez Mancera
61c7ec29f1 Include crypto_digest.h in order to solve dependency issues.
Included crypto_digest.h in some files in order to solve xof+digest module
dependency issues. Removed crypto.h where it isn't needed anymore.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-03 17:04:36 +01:00
Fernando Fernandez Mancera
202d27af71 Add xof functions into crypto_digest.[ch]
Added xof functions and operations into xof+digest module.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-03 17:04:29 +01:00
Fernando Fernandez Mancera
f8b1493681 Refactor crypto.[ch] into smaller xof+digest module.
Add two new files (crypto_digest.c, crypto_digest.h) as new module of
crypto.[ch].  This new module includes all functions and dependencies related
to digest and xof operations. Those have been removed from crypto.[ch].

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-03 15:27:55 +01:00
Deepesh Pathak
1c8f55310f
Rename a verified unverified-consensus to cached-consensus on the disk
- Fixes ticket #4187
- Change the name of a unverified-*consensus to cached-*consensus
on disk when it has been verified.
2018-02-03 06:45:52 +05:30
Nick Mathewson
953c769a86 fuzz: Move init_protocol_warning_severity_level() into global_init()
This is needed so llvm_fuzz will see it too.
2018-02-02 17:42:23 -05:00
David Goulet
78d6cb5870 dos: We can put less token than the current amount
Becasue the circuit creation burst and rate can change at runtime it is
possible that between two refill of a bucket, we end up setting the bucket
value to less than there currently is.

Fixes #25128

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-02 17:04:12 -05:00
Nick Mathewson
3bed8fdb91 Use tt_u64_op() for uint64_t inputs. 2018-02-02 15:23:55 -05:00
Nick Mathewson
eafa252b26 Merge remote-tracking branch 'dgoulet/ticket24902_029_05' 2018-02-02 15:00:35 -05:00
David Goulet
475218c108 Merge branch 'ticket25122_029_02' into ticket24902_029_05 2018-02-02 14:55:01 -05:00
David Goulet
e758d659a0 geoip: Add clientmap_entry_new() function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-02 14:48:41 -05:00
David Goulet
4d812e29b9 geoip: Increment and decrement functions for the geoip client cache
These functions protect againts over and underflow. They BUG() in case we
overflow the counter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-02 14:48:41 -05:00
David Goulet
51839f4765 geoip: Hook the client history cache into the OOM handler
If the cache is using 20% of our maximum allowed memory, clean 10% of it. Same
behavior as the HS descriptor cache.

Closes #25122

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-02 14:48:41 -05:00
Nick Mathewson
9e48338a12 Merge branch 'maint-0.3.2' 2018-02-02 12:03:54 -05:00
David Goulet
005e228f80 sched: When releasing a channel, do not BUG() if absent from the pending list
The current code flow makes it that we can release a channel in a PENDING
state but not in the pending list. This happens while the channel is being
processed in the scheduler loop.

Fixes #25125

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-02 12:03:27 -05:00
David Goulet
d40a4e46b6 test: KIST Scheduler unit tests to test the pending list state
This tests many cases of the KIST scheduler with the pending list state by
calling entry point in the scheduler while channels are scheduled or not.

Also, it adds a test for the bug #24700.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-01 17:05:04 -05:00
Nick Mathewson
77634795b0 Merge remote-tracking branch 'dgoulet/bug24700_032_01' into maint-0.3.2 2018-02-01 16:57:57 -05:00
David Goulet
e1a40535ea Merge branch 'bug24700_032_01' into bug24700_033_01 2018-02-01 16:39:04 -05:00
Nick Mathewson
cb5654f300 sched: Use the sched_heap_idx field to double-check our fix for 24700.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-01 16:00:59 -05:00
Alexander Færøy
a2990081d5
Slightly different wording for error cases around entropy source selection.
This patch makes the wording around error cases for selecting an entropy
source in Tor slightly more verbose. We also let the user know when
something goes wrong that we are trying out a fallback method instead.

See: https://bugs.torproject.org/25120
2018-02-01 21:32:32 +01:00
Nick Mathewson
5516d22a26 Merge remote-tracking branch 'teor/bug25070' 2018-02-01 15:28:25 -05:00
Nick Mathewson
31542cc306 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-01 15:28:17 -05:00
Nick Mathewson
9773cd0f94 Merge branch 'maint-0.3.2' 2018-02-01 15:28:17 -05:00
Nick Mathewson
9cbc40e376 Merge remote-tracking branch 'teor/bug25070_031' into maint-0.3.1 2018-02-01 15:28:11 -05:00
Nick Mathewson
51377a917e Merge branch 'bug24658-rsa_squashed' 2018-02-01 12:10:07 -05:00
Fernando Fernandez Mancera
bdaf7ebc26 Add crypto_rsa.[ch] to include.am
Included crypto_rsa.[ch] into include.am in order to resolve a compiling issue.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-01 12:09:36 -05:00
Fernando Fernandez Mancera
3812319bb1 Tweaks into functions and variables in crypto_rsa.[ch]
crypto_get_rsa_padding_overhead() and crypto_get_rsa_padding() are
not static inline anymore in order to split the crypto_rsa module
from crypto.[ch].

Also included necessary modules in order to solve dependency issues.

Also made two functions in crypto.c use crypto_pk_asn1_encdoe()
instead of reaching into the crypto_pk_t struct.
2018-02-01 12:08:54 -05:00
Fernando Fernandez Mancera
44a9ed7df2 Remove commented functions in crypto module.
OpenSSL never uses these callbacks anymore so the code is disabled.

Fixes #25097.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-01 16:42:30 +01:00
Nick Mathewson
c2757c3774 Remove nodelist_recompute_all_hsdir_indices() as unused.
Closes 25108.
2018-02-01 08:44:47 -05:00
Nick Mathewson
ea8e9f17f5 Revert "Change the sandbox behavior on all failed opens() to EACCES"
This reverts commit 9a06282546.

It appears that I misunderstood how the seccomp2 filter rules
interact.  It appears that `SCMP_ACT_ERRNO()` always takes
precedence over `SCMP_ACT_ALLOW()` -- I had thought instead that
earlier rules would override later ones.  But this change caused bug
25115 (not in any released Tor).
2018-02-01 08:39:38 -05:00
Nick Mathewson
88b146cda5 Merge remote-tracking branch 'dgoulet/bug24469_033_01' 2018-02-01 08:22:44 -05:00
Nick Mathewson
ca85d66217 Merge branch 'maint-0.3.2' 2018-02-01 08:15:09 -05:00
Nick Mathewson
61cb2993dd Merge remote-tracking branch 'dgoulet/bug24975_032_01' into maint-0.3.2 2018-02-01 08:10:34 -05:00
Caio Valente
7884ce76e1 refactor: rename connection_t struct fields.
connection_t.timestamp_lastwritten renamed to
connection_t.timestamp_last_write_allowed

connection_t.timestamp_lastread renamed to
connection_t.timestamp_last_read_allowed

Closes ticket 24714.
2018-02-01 03:12:38 +01:00
Nick Mathewson
d1c2597096 Merge remote-tracking branch 'dgoulet/ticket24902_029_05' 2018-01-31 16:17:04 -05:00
Fernando Fernandez Mancera
33d9889a2b channel_tls_get_remote_addr_method now returns real_addr.
The accurate address of a connection is real_addr, not the addr member.
channel_tls_get_remote_addr_method() now returns real_addr instead.

Fixes #24952; bugfix on 707c1e2 in 0.2.4.11-alpha.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-01-31 16:12:13 -05:00
David Goulet
fb93c6fc51 circ: Don't cannibalize a circuit if the guard state is unusable
Tor preemptiely builds circuits and they can be cannibalized later in their
lifetime. A Guard node can become unusable (from our guard state) but we can
still have circuits using that node opened. It is important to not pick those
circuits for any usage through the cannibalization process.

Fixes #24469

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-31 16:10:48 -05:00
Nick Mathewson
8b0b850efa Merge remote-tracking branch 'public/bug16106_02_nm' 2018-01-31 15:51:58 -05:00
Nick Mathewson
946ebd8419 Obsolete the now-unused MaxTries options. 2018-01-31 15:11:47 -05:00
Nick Mathewson
c0024edd26 Remove two vestigial MaxDownloadTries checks from directory.c
These are no longer meaningful, since there's no longer an upper
limit to how many times (in the exponential-backoff world) one can
retry a download.  download_status_is_ready() didn't check these any
more, and neither do we.
2018-01-31 15:08:46 -05:00
Nick Mathewson
b8ff7407a7 remove the max_failures argument from download_status_is_ready. 2018-01-31 15:03:47 -05:00
Nick Mathewson
a846fd267e Merge branch 'bug23954_squashed' 2018-01-31 14:37:48 -05:00
Nick Mathewson
da778f2921 Use thread-safe types to store the LOG_PROTOCOL_WARN severity
Fixes a race condition; resolves 23954.
2018-01-31 14:37:09 -05:00
Nick Mathewson
98dd3757bf Merge branch 'bug25008' 2018-01-31 14:32:24 -05:00
David Goulet
fbc455cbd2 ns: Add a before and after consensus has changed notification
In 0.3.2.1-alpha, we've added notify_networkstatus_changed() in order to have
a way to notify other subsystems that the consensus just changed. The old and
new consensus are passed to it.

Before this patch, this was done _before_ the new consensus was set globally
(thus NOT accessible by getting the latest consensus). The scheduler
notification was assuming that it was set and select_scheduler() is looking at
the latest consensus to get the parameters it might needs. This was very wrong
because at that point it is still the old consensus set globally.

This commit changes the notify_networkstatus_changed() to be the "before"
function and adds an "after" notification from which the scheduler subsystem
is notified.

Fixes #24975
2018-01-31 14:15:02 -05:00
Nick Mathewson
31f2a8771c Look at the correct protocol for supports_v3_rendezvous_point
Fixes bug 25105; bugfix on 0.3.2.1-alpha.

(This is a backport of bbf2d9cf6b for 0.3.2.)
2018-01-31 14:09:47 -05:00
Nick Mathewson
3d937043c2 Fix a failing unit test.
When we stopped looking at the "protocols" variable directly, we
broke the hs_service/build_update_descriptors test, since it didn't
actually update any of the flags.

The fix here is to call summarize_protover_flags() from that test,
and to expose summarize_protover_flags() as "STATIC" from
routerparse.c.
2018-01-31 14:06:37 -05:00
Nick Mathewson
bbf2d9cf6b Look at the correct protocol for supports_v3_rendezvous_point
Fixes bug 25105; bugfix on 0.3.2.1-alpha.
2018-01-31 14:01:49 -05:00
David Goulet
c85f78e74c Revert "ns: Call notify_networkstatus_changed() after the new consensus is set globally"
This reverts commit 3a247ca92a.
2018-01-31 13:59:05 -05:00
Nick Mathewson
144bf015f8 Document remaining cases for protocol support
For each support flag, document which subprotocol version it requires.
2018-01-31 13:50:04 -05:00
Nick Mathewson
0dc1595d03 Merge branch 'maint-0.3.2' 2018-01-31 13:47:01 -05:00
Nick Mathewson
1c39d969b9 Merge remote-tracking branch 'dgoulet/bug24975_032_01' into maint-0.3.2 2018-01-31 13:46:58 -05:00
David Goulet
adaf3e9b89 sched: Avoid adding the same channel twice to the KIST pending list
This is the quick fix that is keeping the channel in PENDING state so if we
ever try to reschedule the same channel, it won't happened.

Fixes #24700

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-31 13:46:31 -05:00
Nick Mathewson
2294e330bd Merge branch 'maint-0.3.2' 2018-01-31 12:51:45 -05:00
David Goulet
df312b3cf6 hs-v3: Remove a BUG() when storing a descriptor in the client cache
It is possible in normal circumstances that  a client fetches a descriptor
that has a lower revision counter than the one in its cache. This can happen
due to HSDir desync.

Fixes #24976

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-31 12:51:42 -05:00
Mike Perry
ac1a78b977 Bug 24769: Reduce and parameterize the max number of cbt circs.
Setting the default for this at 10 and the learning timeout to 3 minutes means
we will complete our cbt learning in 30 minutes, which is under the reduced
padding connection timeout window.
2018-01-31 17:21:53 +00:00
Mike Perry
148c2410af Bug 24769: Reduce and parameterize the cbt learning idle timeout.
This is only half of the changes needed. We should also parameterize the
number of concurrent cbt learning circuits in needs_circuits_for_build().
2018-01-31 17:21:53 +00:00
David Goulet
3a247ca92a ns: Call notify_networkstatus_changed() after the new consensus is set globally
In 0.3.2.1-alpha, we've added this function in order to have a way to notify
other subsystems that the consensus just changed. The old consensus and the
new one are passed to it.

Before this patch, this was done _before_ the new consensus was set globally
(thus NOT accessible by getting the latest consensus). The scheduler
notification was assuming that it was set and select_scheduler() is looking at
the latest consensus to get the parameters it might needs. This was very wrong
because at that point it is still the old consensus set globally.

With this commit, notify_networkstatus_changed() has been moved _after_ the
new consensus is set globally. The main obvious reasons is to fix the bug
described above and in #24975. The other reason is that this notify function
doesn't return anything which could be allowing the possibility of refusing to
set the new consensus on error. In other words, the new consensus is set right
after the notification whatever happens.

It does no harm or change in behavior to set the new consensus first and then
notify the subsystems. The two functions currently used are for the control
port using the old and new consensus and sending the diff. The second is the
scheduler that needs the new consensus to be set globally before being called.

Of course, the function has been documented accordinly to clearly state it is
done _after_ the new consensus is set.

Fixes #24975

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-31 11:21:18 -05:00
Nick Mathewson
1e81aaa62f Merge branch 'maint-0.3.2' 2018-01-31 10:06:49 -05:00
Nick Mathewson
9bfb6fe395 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-31 10:06:49 -05:00
Nick Mathewson
5fc0437e74 But in most Earth cultures, there are 60s in a minute. 2018-01-31 10:06:43 -05:00
Nick Mathewson
8b162443b9 Merge branch 'maint-0.3.2' 2018-01-31 10:01:13 -05:00
Nick Mathewson
cb90defba6 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-31 10:01:13 -05:00
Nick Mathewson
86e6cb6409 add a rate-limit. 2018-01-31 10:01:10 -05:00
Nick Mathewson
69e242f845 Merge branch 'maint-0.3.2' 2018-01-31 09:50:24 -05:00
Nick Mathewson
e81896adda Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-31 09:50:24 -05:00
Nick Mathewson
914ec372a9 Merge branch 'bug24927' 2018-01-31 09:47:36 -05:00
Nick Mathewson
80c8689be1 Merge remote-tracking branch 'public/ticket24849_032' 2018-01-31 09:38:24 -05:00
Nick Mathewson
94878cf1ea Merge remote-tracking branch 'dgoulet/ticket24902_029_05' 2018-01-31 09:35:07 -05:00
teor
1f4a73133c test: Add unit tests for overflows and underflows in cc_stats_refill_bucket
Closes #25094.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-31 09:27:59 -05:00
teor
a09d5f5735 dos: Make sure cc_stats_refill_bucket can't overflow while calculating
Debug log the elapsed time in cc_stats_refill_bucket

Part of #25094.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-31 09:27:59 -05:00
Nick Mathewson
c0447033f5 Merge branch 'maint-0.3.2' 2018-01-31 09:19:55 -05:00
teor
b45ae1b002 test: Remove a redundant round from test_dos_bucket_refill
This round is left over from the tenths of a second code.

Part of #25094.
2018-01-31 09:19:39 -05:00
Roger Dingledine
3d9dcb49eb count flushing as channel activity
Stop adding unneeded channel padding right after we finish flushing
to a connection that has been trying to flush for many seconds.
Instead, treat all partial or complete flushes as activity on the
channel, which will defer the time until we need to add padding.

This fix should resolve confusing and scary log messages like
"Channel padding timeout scheduled 221453ms in the past."

Fixes bug 22212; bugfix on 0.3.1.1-alpha.

I think technically we could resolve bug 22212 by adding a call to
channel_timestamp_active() only in the finished_flushing case. But I added
a call in the flushed_some case too since that seems to more accurately
reflect the notion of "active".
2018-01-31 05:26:06 -05:00
Caio Valente
a4c8531260 refactor: using get_uptime() (and reset_uptime()) consistently.
Using get_uptime() and reset_uptime() instead of
accessing stats_n_seconds_working directly.

stats_n_seconds_working is not extern anymore.

Ticket #25081
2018-01-31 02:36:38 +01:00
Nick Mathewson
d2ae1bfcb3 remove a redundant semicolon 2018-01-30 18:11:16 -05:00
David Goulet
cd81403cc0 Merge branch 'ticket24902_029_05' into ticket24902_033_02 2018-01-30 09:33:12 -05:00
David Goulet
e58a4fc6cf dos: Make circuit rate limit per second, not tenths anymore
Because this touches too many commits at once, it is made into one single
commit.

Remove the use of "tenths" for the circuit rate to simplify things. We can
only refill the buckets at best once every second because of the use of
approx_time() and our token system is set to be 1 token = 1 circuit so make
the rate a flat integer of circuit per second.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:16 -05:00
George Kadianakis
c3c2b55dec test: Add unit tests for the DoS subsystem
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:16 -05:00
David Goulet
82de4ea900 dos: Clear connection tracked flag if geoip entry is removed
Imagine this scenario. We had 10 connections over the 24h lifetime of a geoip
cache entry. The lifetime of the entry has been reached so it is about to get
freed but 2 connections remain for it. After the free, a third connection
comes in thus making us create a new geoip entry for that address matching the
2 previous ones that are still alive. If they end up being closed, we'll have
a concurrent count desynch from what the reality is.

To mitigate this probably very rare scenario in practice, when we free a geoip
entry and it has a concurrent count above 0, we'll go over all connections
matching the address and clear out the tracked flag. So once they are closed,
we don't try to decrement the count.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:16 -05:00
David Goulet
14a8b87852 dos: Add a heartbeat log
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:16 -05:00
David Goulet
36a0ae151f dos: Add the DoSRefuseSingleHopClientRendezvous option
This option refuses any ESTABLISH_RENDEZVOUS cell arriving from a client
connection. Its default value is "auto" for which we can turn it on or off
with a consensus parameter. Default value is 0.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:16 -05:00
David Goulet
acf7ea77d8 dos: Add the connection DoS mitigation subsystem
Defend against an address that has reached the concurrent connection count
threshold.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:15 -05:00
David Goulet
1bfc91a029 dos: Apply defense for circuit creation DoS
If the client address was detected as malicious, apply a defense which is at
this commit to return a DESTROY cell.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:15 -05:00
David Goulet
97abb3543b dos: Detect circuit creation denial of service
Add a function that notifies the DoS subsystem that a new CREATE cell has
arrived. The statistics are updated accordingly and the IP address can also be
marked as malicious if it is above threshold.

At this commit, no defense is applied, just detection with a circuit creation
token bucket system.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:15 -05:00
David Goulet
c05272783d dos: Track new and closed OR client connections
Implement a basic connection tracking that counts the number of concurrent
connections when they open and close.

This commit also adds the circuit creation mitigation data structure that will
be needed at later commit to keep track of the circuit rate.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:15 -05:00
David Goulet
51fda85c23 geoip: Remember client stats if DoS mitigation is enabled
Make the geoip cache track client address if the DoS subsystem is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:15 -05:00
David Goulet
64149353dd dos: Initial code of Denial of Service mitigation
This commit introduces the src/or/dos.{c|h} files that contains the code for
the Denial of Service mitigation subsystem. It currently contains basic
functions to initialize and free the subsystem. They are used at this commit.

The torrc options and consensus parameters are defined at this commit and
getters are implemented.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:15 -05:00
teor
8bb79ca4a7
Add unit tests for supported protocols
Prevents future regressions like #25070.
2018-01-30 02:20:30 +11:00
teor
b67f010678
Add Link protocol version 5 to the supported protocols list in protover.rs
And fix the unsupported protover example so it uses a Link protover much
higher than 5.

Part of  #25070, bugfix on 0.3.3.1-alpha, which introduced the protover crate.
2018-01-30 02:18:57 +11:00
teor
a8e5e3a492
Add Link protocol version 5 to the supported protocols list in protover.c
Part of #25070, bugfix on 0.3.1.1-alpha.
2018-01-30 01:56:50 +11:00
teor
7a701f2603
Add Link protocol version 5 to the supported protocols list in protover.c
Part of #25070, bugfix on 0.3.1.1-alpha.
2018-01-30 01:51:03 +11:00
Corey Farwell
124caf28e6 Wrap types in protover.rs.
https://trac.torproject.org/projects/tor/ticket/24030

Introduce new wrapper types:

- `SupportedProtocols`
- `Versions`

Introduce a type alias:

- `Version` (`u32`)
2018-01-29 07:30:51 -05:00
Nick Mathewson
75d4bd3497 Improve log when unable to add sigs to pending consensus
Closes ticket 24849.
2018-01-26 14:19:59 -05:00
Nick Mathewson
ee5c624beb When a tor_cert_T check fails, log the reason why.
Diagnostic attempt for 24972.
2018-01-26 13:55:25 -05:00
Nick Mathewson
0755bcc36a Remove a needless (always-true) check.
Also add an assertion and rename a variable.

Closes ticekt 24927.
2018-01-26 13:35:00 -05:00
Nick Mathewson
9c2bc441f8 If out-of-disk when saving a consensus cache entry, don't BUG.
Just warn instead.

Fixes bug 24859.
2018-01-26 13:14:14 -05:00
Nick Mathewson
aedcb1644d Improve the keypin-loading log message to be a bit less scary. 2018-01-26 12:39:38 -05:00
Nick Mathewson
9a06282546 Change the sandbox behavior on all failed opens() to EACCES
Previously, most disallowed open(O_RDONLY) attempts would EACCES,
but others would fail with a crash.
2018-01-26 12:18:43 -05:00
Nick Mathewson
6ed384b827 Use tor_addr_from_getsockname() in several places
I'm leaving the getsockname code in transproxy alone, since it is
comparatively isolated, rather platform-specific, and hard to test.

Implements 18105.
2018-01-26 12:08:15 -05:00
Nick Mathewson
2a7bfec364 Add a new tor_addr_from_getsockname()
We use this pattern all over, and this should simplify matters a
bit.  Part of 18105.
2018-01-26 12:07:37 -05:00
Fernando Fernandez Mancera
54783b4c22 Refactor crypto.[ch] into smaller RSA module.
Add two new files (crypto_rsa.c, crypto_rsa.h) as new module of crypto.[ch].
This new module includes all functions and dependencies related to RSA
operations. Those have been removed from crypto.[ch].

All new changes related to RSA operations must be done in these files.

Follows #24658

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-01-26 13:09:52 +01:00
Nick Mathewson
5b55e15707 Remove all the old max_delay logic.
We had tests for it, but it was always INT_MAX.
2018-01-25 16:05:20 -05:00
Nick Mathewson
bf74194f57 fixup! Remove the old ("deterministic") download schedule.
Un-indent a block.

I'm doing this as a separate fixup commit to make review simpler.
2018-01-25 15:52:33 -05:00
Nick Mathewson
e0049ef022 Remove the old ("deterministic") download schedule.
We haven't meant to use it since we introduced the random
exponential schedule.

Closes ticket 23814.
2018-01-25 15:51:13 -05:00
David Goulet
93b826faaa geoip: Add a lookup function for client map entry
The upcoming DoS mitigation subsytem needs to keep information on a per-IP
basis which is also what the geoip clientmap does.

For another subsystem to access that clientmap, this commit adds a lookup
function that returns the entry. For this, the clientmap_entry_t had to be
moved to the header file.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-25 15:44:48 -05:00
Nick Mathewson
91c63aae84 In relay_digest_matches(), use stack instead of heap.
We'd been using crypto_digest_dup() and crypto_digest_assign() here,
but they aren't necessary.  Instead we can just use the stack to
store the previous state of the SHA_CTX and avoid a malloc/free pair.

Closes ticket 24914.
2018-01-25 13:59:55 -05:00
Nick Mathewson
b1fc383bdb Bump version to 0.3.3.1-alpha-dev 2018-01-25 13:50:55 -05:00
Nick Mathewson
25a1183fbe bump version to 0.3.3.1-alpha 2018-01-25 11:48:42 -05:00
Fernando Fernandez Mancera
5ea993fa5a Clarify directory and ORPort checking functions.
In order to make the OR and dir checking functions in router.c less confusing
we renamed some functions and splitted consider_testing_reachability() into
router_should_check_reachability() and router_do_reachability_checks(). Also we
improved the documentation.

Fixes #18918.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-01-24 20:19:24 +01:00
Nick Mathewson
7e504515b3 Always look at the subprotocol versions summary flags
Previously, we wouldn't do this when running with a routerinfo_t in
some cases, leading to many needless calls to the protover module.

This change also cleans up the code in nodelist.c a bit.

Fixes bug 25008; bugfix on 0.2.9.4-alpha.
2018-01-24 13:53:56 -05:00
Nick Mathewson
92496a739a Also cache the protover summary in the routerinfo_t, if we're using that 2018-01-24 13:53:56 -05:00
Nick Mathewson
7792be2d44 Extract code to summarize protocol versions into new function
This will let us put this summary into routerinfo_t too.

No behavior change.
2018-01-24 13:53:55 -05:00
Nick Mathewson
d9fbd34f42 Extract protover summary flags into a new structure
This will let us use them on routerinfo_t as well as on
routerstatus_t, and save some time on relays.

No behavioral changes here.
2018-01-24 13:53:55 -05:00
Nick Mathewson
fd8ee1d7c3 Merge branch 'maint-0.3.2' 2018-01-24 12:09:07 -05:00
Nick Mathewson
2484d1eb35 Fix a memory leak in build_unopened_fourhop
This is a unit-test-only leak, but let's fix it anyway so it doesn't
hide real bugs.

Bug not in any released version of Tor.
2018-01-24 12:08:39 -05:00
Nick Mathewson
6ba2881aec Fix a memory leak in scheduler/loop_kist
Fixes bug 25005.
2018-01-24 12:07:45 -05:00
Taylor Yu
37f26aa470 Add missing static keywords
crypto_openssl_header_version_str and crypto_openssl_version_str in
crypto_openssl_mgt.c should be static.
2018-01-23 16:01:26 -06:00
Nick Mathewson
23473f5e74 openssl_mutexes code belongs in openssl_mgt.c 2018-01-23 14:43:06 -05:00
Nick Mathewson
fa694f5af3 add a missing "compat_openssl.h" 2018-01-23 14:41:46 -05:00
Nick Mathewson
a172f02dfb perhaps this was the missing include? 2018-01-23 14:19:25 -05:00
Nick Mathewson
a34629fa28 Add a missing include for openssl 1.0.2 2018-01-23 14:16:53 -05:00
Nick Mathewson
6f4ee6e5e7 Merge remote-tracking branch 'mikeperry/bug24946' 2018-01-23 14:08:47 -05:00
Nick Mathewson
58f4aee90b Merge remote-tracking branch 'asn/bug24896' 2018-01-23 14:06:27 -05:00
Nick Mathewson
13a2acba3c Merge remote-tracking branch 'ffmancera/bug24658-openssl' 2018-01-23 14:02:45 -05:00
Nick Mathewson
0dbe3ddc33 Make Tor support TLS1.3 ciphers with OpenSSL 1.1.1
Without this patch, not only will TLS1.3 not work with Tor, but
OpenSSL 1.1.1 with TLS1.3 enabled won't build any connections at
all: It requires that either TLS1.3 be disabled, or some TLS1.3
ciphersuites be listed.

Closes ticket 24978.
2018-01-23 09:23:21 -05:00
George Kadianakis
17daab76b8 Add onion service activity information to our heartbeat logs. 2018-01-23 12:31:06 +02:00
Chelsea Holland Komlo
d0184963f9 fixups from code review 2018-01-22 18:33:22 -05:00
Fernando Fernandez Mancera
f2fca51976 Move the openssl namespace back into .c files.
As we're trying not to have all the other modules in Tor, we moved the openssl
namespace includes back into crypto.c and crypto_openssl_mgt.c files.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-01-22 16:48:33 +01:00
Mike Perry
db5b670d85 Bug 24946: Fix a warning message caused by a missed purpose check.
Also fix three other checks (found by inspection of all
CIRCUIT_PURPOSE_C_GENERAL occurrences).
2018-01-20 03:18:31 +00:00
Roger Dingledine
48a51c5f8b oxford comma for-the-win 2018-01-19 18:42:53 -05:00
Nick Mathewson
ef148638a1 Add a "falls through" comment to make gcc happy. 2018-01-19 17:29:36 -05:00
Nick Mathewson
1bcbb1bb0b Merge remote-tracking branch 'mikeperry/bug23101-mergeready-squashed' 2018-01-19 17:28:10 -05:00
Mike Perry
489628a7e4 Bug 23101: Pre-build HS-specific circuits (instead of general).
Prebuilt circs are 4 hops, since only server side HSDIR and intro circs
are 3 hops, and it is OK if those sometimes take longer to build.
2018-01-19 22:21:49 +00:00
Mike Perry
86ee771c28 Add new circuit purposes for hsdir activity.
This lets us control their path len and usage.
2018-01-19 22:21:48 +00:00
Mike Perry
20a3f61105 Implement layer 2 and layer 3 guard pinning via torrc.
Block circuit canibalization when HSRendezvousMiddleNodes is active.
Also make it apply to all HS circuits, not just rends.
2018-01-19 22:21:48 +00:00
Nick Mathewson
edd427a8ba Merge branch 'disable_signal_handlers' 2018-01-19 16:35:24 -05:00
Nick Mathewson
df4d5ebb7d Merge branch 'maint-0.3.2' 2018-01-19 16:30:53 -05:00
Nick Mathewson
b39c50cde8 Merge branch 'maint-0.2.9' into maint-0.3.0
Conflicts:
        src/or/rendservice.c
2018-01-19 16:29:43 -05:00
David Goulet
f870f9c8bc Merge branch 'bug24895_031_02' into bug24895_032_02 2018-01-19 16:26:26 -05:00
David Goulet
f98f7ca898 Merge branch 'bug24895_029_02' into bug24895_031_02 2018-01-19 16:21:55 -05:00
Roger Dingledine
490ae26b24 hs: Use hs_service_max_rdv_failures consensus param, defaulting to 2 2018-01-19 16:13:54 -05:00
Fernando Fernandez Mancera
5cd74b4884 Add crypto_openssl_mgt.[ch] for compiling dependencies.
Included crypto_openssl_mgt.[ch] into the appropiate files in order to resolve
compiling and dependencies issues.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-19 18:56:13 +01:00
Fernando Fernandez Mancera
b3aa7be26c Tweaks into functions and variables in crypto_openssl_mgt.[ch]
Renamed free_openssl() to crypto_openssl_free_all(). Also we made variables and
functions static again.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-19 18:07:49 +01:00
Nick Mathewson
65a27d95e7 Improve documentation for signal code 2018-01-19 10:02:20 -05:00
Nick Mathewson
2c9e0a286c Merge branch 'restart_debug_squashed' 2018-01-19 09:52:14 -05:00
Nick Mathewson
97d9ba2380 Add a mostly disabled feature to debug restarting in-process
For 23847, we want Tor to be able to shut down and then restart in
the same process.  Here's a patch to make the Tor binary do that.
To test it, you need to build with --enable-restart-debugging, and
then you need to set the environment variable TOR_DEBUG_RESTART.
With this option, Tor will then run for 5 seconds, then restart
itself in-process without exiting.  This only happens once.

You can change the 5-second interval using
TOR_DEBUG_RESTART_AFTER_SECONDS.

Implements ticket 24583.
2018-01-19 09:52:05 -05:00
Nick Mathewson
e7907f15f9 Don't call Libevent's event_base_free() on NULL.
It doesn't crash, but it produces a warning.

Fixes bug 24933; bugfix on 322abc030e. Bug
not in any released Tor.
2018-01-19 09:45:10 -05:00
Roger Dingledine
cc5a9e9667 turn MAX_REND_FAILURES into a function
no actual changes in behavior
2018-01-19 02:38:07 -05:00
Roger Dingledine
a15eb9ff43 MAX_REND_FAILURES is 1, but we would try three times
Fix an "off by 2" error in counting rendezvous failures on the onion
service side.

While we thought we would stop the rendezvous attempt after one failed
circuit, we were actually making three circuit attempts before giving up.

Fixes bug 24895; bugfix on 0.0.6.
2018-01-19 02:28:55 -05:00
Fernando Fernandez Mancera
7684949d37 Rename crypto_openssl.[ch] to crypto_openssl_mgt.[ch]
Rename crypto_openssl.[ch] to crypto_openssl_mgt.[ch] because it is possible we
need crypto_openssl.[ch] in the future.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-18 21:13:17 +01:00
Nick Mathewson
44388757c4 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-18 08:13:48 -05:00
Nick Mathewson
c8a27d89b2 Merge branch 'maint-0.3.2' 2018-01-18 08:13:48 -05:00
Nick Mathewson
f406b9df05 Merge branch 'bug24826_031' into maint-0.3.1 2018-01-18 08:13:45 -05:00
Nick Mathewson
77026f8a87 Merge branch 'bug22798_029_squashed' 2018-01-17 13:26:41 -05:00
Nick Mathewson
959af20247 Merge branch 'maint-0.3.2' 2018-01-17 11:13:18 -05:00
Nick Mathewson
4e653ac2ca Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-17 11:12:15 -05:00
Nick Mathewson
86aa7f0a3f Merge branch 'maint-0.3.2' 2018-01-17 10:50:58 -05:00
Nick Mathewson
57eab23ea5 update comment; ignore argument on non-win 2018-01-17 10:40:00 -05:00
Nick Mathewson
1efb84215e Improve Windows performance with SIO_IDEAL_SEND_BACKLOG_QUERY.
Patch written by "Vort" on trac. Addresses ticket 22798.
2018-01-17 10:40:00 -05:00
Nick Mathewson
60dfdd9b15 Merge branch 'bug21074_029' 2018-01-17 09:07:50 -05:00
Nick Mathewson
0bfd5a6597 Add a cast to avoid a signed/unsigned comparison 2018-01-17 09:06:32 -05:00
Nick Mathewson
454d854363 Merge branch 'bug21074_029' 2018-01-16 14:13:39 -05:00
Nick Mathewson
01adeb2471 Merge branch 'stack_em_up' 2018-01-16 13:31:29 -05:00
Nick Mathewson
d8c1c70d7a Repair a crash bug in src/test/bench
This was caused because of the new KeyDirectory and CacheDirectory
options not being set. Bugfix on 0.3.3.0-alpha; not in any released
Tor.
2018-01-16 13:29:11 -05:00
Nick Mathewson
4bb831e087 Improve fragile-hardening performance of consensus_split_lines.
For whatever reason, in my testing, using memchr() here improves
performance over strchr() by a great deal.

Fixes bug 24826; bugfix on 0.3.1.1-alpha.
2018-01-16 12:42:40 -05:00
Nick Mathewson
6b2e856122 Fix a (spurious) scan-build warning in test_introduce1_validation()
Since helper_create_introduce1_cell() checks "cell" for nullness,
scan-build is concerned that test_introduce1_validation()
dereferences it without checking it.  So, add a check.

Not backporting, since this is spurious, _and_ tests-only.
2018-01-16 08:36:34 -05:00
Roger Dingledine
af8cadf3a9 Remove false positives from channel_is_client()
Fix a set of false positives where relays would consider connections
to other relays as being client-only connections (and thus e.g.
deserving different link padding schemes) if those relays fell out
of the consensus briefly.

Now we look only at the initial handshake and whether the connection
authenticated as a relay.

Fixes bug 24898; bugfix on 0.3.1.1-alpha.
2018-01-15 22:33:40 -05:00
Roger Dingledine
7ce335c921 v3 onion services now obey MAX_REND_FAILURES
New-style (v3) onion services now obey the "max rendezvous circuit
attempts" logic.

Previously they would make as many rendezvous circuit attempts as they
could fit in the MAX_REND_TIMEOUT second window before giving up.

Fixes bug 24894; bugfix on 0.3.2.1-alpha.
2018-01-15 16:41:47 -05:00
Nick Mathewson
edc87b263f Merge remote-tracking branch 'ffmancera/bug24861' 2018-01-12 13:29:53 -05:00
Fernando Fernandez Mancera
06368e5310 Fix minGW compatibility issue with zu format specifier.
Define TOR_PRIuSZ as minGW compiler doesn't support zu format specifier for
size_t type.

Fixes #24861 on ac9eebd.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-12 17:44:30 +01:00
Nick Mathewson
4c651b8c04 Note contactinfo and myfamily as required in more places
Includes a sentence from cypherpunks; for ticket 24526.
2018-01-11 20:00:18 -05:00
Nick Mathewson
a3d1c38ea6 Merge branch 'bug24582' 2018-01-11 19:57:57 -05:00
Nick Mathewson
42751e2123 On shutdown, mark openssl as uninitialized.
This causes openssl to get completely reinitialized on startup,
which is probably a good idea.
2018-01-11 13:00:15 -05:00
Nick Mathewson
18ea91ee6b Make the warnings about restarting tor in-process more scary. 2018-01-11 12:46:50 -05:00
Nick Mathewson
05ac3d0458 Merge branch 'restart_nocrash' 2018-01-11 12:45:25 -05:00
Nick Mathewson
751595551a Merge branch 'simplify_transition_allowed' 2018-01-11 12:39:37 -05:00
Nick Mathewson
c349bfec36 Merge branch 'bug24526_squashed' 2018-01-11 12:33:52 -05:00
Nick Mathewson
ac0f819ce5 Note contactinfo and myfamily as required in more places
Includes a sentence from cypherpunks; for ticket 24526.
2018-01-11 12:33:30 -05:00
Nick Mathewson
e8bd806412 Add a blank line per dgoulet review. 2018-01-11 12:29:29 -05:00
Nick Mathewson
d0adf5ae95 Merge branch 'bug24584' 2018-01-11 12:28:29 -05:00
Nick Mathewson
81aec1449b Compute flavor name before dereference, to avoid a STACK warning.
(See 24423)
2018-01-11 11:31:03 -05:00
Nick Mathewson
7a60600411 Merge remote-tracking branch 'ffmancera/github/bug24573' 2018-01-11 08:31:25 -05:00
Nick Mathewson
c8c258a433 Merge branch 'bug24733_squashed_2' 2018-01-10 12:57:23 -05:00
Nick Mathewson
519fa1a3e6 Document the alignment limitation of tor_free() 2018-01-10 12:57:13 -05:00
Nick Mathewson
f71bbd20a4 Extract the raw_free() of ifc_buf into a new function.
Explain the problem more correctly.
2018-01-10 12:57:13 -05:00
teor
54899b404c Stop invoking undefined behaviour by using tor_free() on an unaligned pointer
... in get_interface_addresses_ioctl().

This pointer alignment issue exists on x86_64 macOS, but is unlikely to exist
elsewhere. (i386 macOS only requires 4-byte alignment, and other OSs have
8-byte ints.)

Fixes bug 24733; not in any released version of tor.
2018-01-10 12:57:13 -05:00
Nick Mathewson
ca1d1c382c Merge remote-tracking branch 'ffmancera/github/bug24501' 2018-01-10 12:46:39 -05:00
Nick Mathewson
d8c0c62c7b Remove needless parentheses 2018-01-10 09:39:13 -05:00
Nick Mathewson
4715d81809 Merge remote-tracking branch 'teor/Bug-23966' 2018-01-10 09:38:38 -05:00
Nick Mathewson
34c6034aa7 Increment version to 0.3.2.9-dev 2018-01-09 10:12:25 -05:00
Nick Mathewson
1f7f930f9e Increment version to 0.3.2.9 2018-01-08 11:39:24 -05:00
Nick Mathewson
9ba69be96c Merge branch 'maint-0.3.2'
There was a merge conflict on fallback_dirs.inc, which we resolve in
favor of the newly generated version for #24801.
2018-01-08 11:10:53 -05:00
Nick Mathewson
b85fa0bd5f Merge branch 'maint-0.2.9' into maint-0.3.0 2018-01-08 11:10:36 -05:00
Nick Mathewson
e3ab27001f Merge branch 'maint-0.3.0' into maint-0.3.1 2018-01-08 11:10:36 -05:00
Nick Mathewson
1c5c5f0e50 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-08 11:10:36 -05:00
Nick Mathewson
a42e52dded Add 7 other fallback dirs from teor's tests
These are from "fallback_dirs_2018_01_06_2323_UTC_44aa1adf35_AU.inc"
2018-01-08 11:03:44 -05:00
Nick Mathewson
491c09c19a Update the fallback_dirs.inc file: part 1
This takes the updated fallback_dirs_2018_01_06_CA.inc from
pastly's scan.
2018-01-08 10:57:06 -05:00
Nick Mathewson
d637468128 Merge remote-tracking branch 'arma/bug24555' 2018-01-08 10:45:40 -05:00
Nick Mathewson
748ad2124d Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-08 09:35:55 -05:00
Nick Mathewson
942fa0c4a2 Merge branch 'maint-0.3.2' 2018-01-08 09:35:55 -05:00
Nick Mathewson
a1ce1ab201 Merge branch 'maint-0.3.0' into maint-0.3.1 2018-01-08 09:34:57 -05:00
Nick Mathewson
8042c356f4 Merge branch 'maint-0.2.9' into maint-0.3.0 2018-01-08 09:34:56 -05:00
Nick Mathewson
26e28829da Merge branch 'maint-0.2.5' into maint-0.2.9 2018-01-08 09:34:56 -05:00
Fernando Fernandez Mancera
7353c9496e Add free_openssl() to crypto_openssl module.
Add free_openssl() function to free the memory allocated for OpenSSL version
management variables. It is required since OpenSSL management has been isolated
from the crypto module.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-08 15:31:41 +01:00
Fernando Fernandez Mancera
4022277272 Refactor crypto.[ch] into smaller OpenSSL module.
Add two new files (crypto_openssl.c, crypto_openssl.h) as new module of
crypto.[ch]. This new module includes all functions and dependencies related
to OpenSSL management. Those have been removed from crypto.[ch].

All new changes related to OpenSSL management must be done in these files.

Follows #24658

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-08 14:02:17 +01:00
Karsten Loesing
8efbeb0982 Update geoip and geoip6 to the January 5 2018 database. 2018-01-08 11:36:38 +01:00
Roger Dingledine
40cd992abb avoid calling format_iso_time() with TIME_MAX
If we tried to move a descriptor from routerlist->old_routers
back into the current routerlist, we were preparing a buffer with
format_iso_time() on ri->cert_expiration_time, and doing it preemptively
since router_add_to_routerlist() might free ri so we wouldn't be able
to get at it later in the function.

But if the descriptor we're moving doesn't have any ed signature, then
its cert will be marked to expire at TIME_MAX, and handing TIME_MAX
to format_iso_time() generates this log warning:

correct_tm(): Bug: gmtime(9223372036854775807) failed with error Value too large for defined data type: Rounding down to 2037

The fix is to preemptively remember the expiry time, but only prepare
the buffer if we know we're going to need it.

Bugfix on commit a1b0a0b9, which came about as part of a fix for bug
20020, and which is not yet in any released version of Tor (hence no
changes file).
2018-01-07 02:15:18 -05:00
Roger Dingledine
44aa1adf35 make a comment a bit more useful 2018-01-06 15:03:35 -05:00
Roger Dingledine
94ec5af5fe whitespace and typo fixes 2018-01-06 15:02:12 -05:00
Roger Dingledine
4f83d6d6ad Merge branch 'maint-0.3.2' 2018-01-05 18:44:08 -05:00
Roger Dingledine
5f2c7a8567 remove redundant "implement this" from log message 2018-01-05 18:23:07 -05:00
Nick Mathewson
143da73165 Merge remote-tracking branch 'teor/fallback-code-2018-01' 2018-01-05 16:47:28 -05:00
Nick Mathewson
0b6fe3c123 Merge branch 'maint-0.3.2' 2018-01-05 16:41:35 -05:00
Nick Mathewson
48d94e290d Merge branch 'maint-0.3.0' into maint-0.3.1 2018-01-05 16:41:34 -05:00
Nick Mathewson
16fd975a82 Merge branch 'maint-0.2.9' into maint-0.3.0 2018-01-05 16:41:34 -05:00
Nick Mathewson
3618bd6166 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-05 16:41:34 -05:00
Nick Mathewson
c52d4d9e34 Merge branch 'teor_ticket24681_028' into maint-0.2.9 2018-01-05 16:41:31 -05:00
Nick Mathewson
94d5523c7f fix a wide line 2018-01-05 11:28:23 -05:00
Nick Mathewson
2d92f4c19a Don't keep options in a local in run_main_loop_once.
The options value can change between the get_options() and its
second use, based on setconf callbacks in the event loop.
2018-01-05 09:24:34 -05:00
teor
ca1f808d93
Add a timestamp to the header of the current fallback list
This timestamp is based on the time that list was first committed.

Part of 24725.
2018-01-05 13:27:51 +11:00
teor
70490df76a
Remove an incorrect C comment in the current fallback list
Follow-up to #24725
2018-01-05 13:27:43 +11:00
teor
c8c0e9167d
Add delimiters at the end of every fallback entry in the current list
Using this script:
sed -i.bak $'s|^,$|/* ===== */\\\n,|' src/or/fallback_dirs.inc
(Due to embedded newlines, this script only works in bash.)

And manually add a delimiter to the end of the header, and the start of
the fallback list.

This allows us to check that the code compiles, and the unit tests pass.
And it allows downstream users stem and atlas to adapt to the new format.

The upcoming fallback rebuild will automatically generate this new format.

Follow-up to 24725.
2018-01-05 13:27:36 +11:00
teor
20b96cee64
Update the version header in the current fallback file to 2.0.0
The upcoming fallback rebuild will automatically generate this new format.

Follow-up to 24725, due to breaking changes in 24679, 24600, and 22759.
2018-01-05 13:27:25 +11:00
teor
c1be0cfdb4
Add all-zero extrainfo cache flags to the current fallback file
Using this script:
sed -i.bak $'s|^,$|/* extrainfo=0 */\\\n,|' src/or/fallback_dirs.inc
(Due to embedded newlines, this script only works in bash.)

This allows us to check that the code compiles, and the unit tests pass.
And it allows downstream users stem and atlas to adapt to the new format.

The upcoming fallback rebuild will automatically generate this new format,
with actual relay extrainfo cache flags.

Follow-up to 22759.
2018-01-05 13:27:18 +11:00
teor
067617608c
Add blank nicknames to the current fallback file
Using this script:
sed -i.bak $'s|^,$|/* nickname= */\\\n,|' src/or/fallback_dirs.inc
(Due to embedded newlines, this script only works in bash.)

This allows us to check that the code compiles, and the unit tests pass.
And it allows downstream users stem and atlas to adapt to the new format.

The upcoming fallback rebuild will automatically generate this new format,
with actual relay nicknames.

Follow-up to 24600.
2018-01-05 13:27:10 +11:00
teor
384a450a47
Remove weights from the current fallback file
Using this script:
sed -i.bak 's/" weight=10",/,/' src/or/fallback_dirs.inc

This allows us to check that the code compiles, and the unit tests pass.
And it allows downstream users stem and atlas to adapt to the new format.

The upcoming fallback rebuild will automatically generate this new format.

Follow-up to 24679.
2018-01-05 13:27:03 +11:00
teor
0e6fdbea8d
Add a version 1.0.0 header to the current fallback file
The upcoming fallback rebuild will automatically generate this new format,
with version 2.0.0.

Follow-up to 24725.
2018-01-05 13:26:48 +11:00
Nick Mathewson
68ca6d2e19 Don't treat a setrlimit failure as fatal.
Fixes bug 21074; bugfix on 4689243242 in 0.0.9rc5 when we
started doing setrlimit() in the first place.
2018-01-04 13:21:29 -05:00
Nick Mathewson
1dab8bae21 smartlist.rs: The libc::c_char type is not the same as i8.
The code had been using c_char and i8 interchangeably, but it turns
out that c_char is only i8 on platforms where "char" is signed. On
other platforms, c_char is u8.

Fixes bug 24794; bug not on any released Tor.
2018-01-04 12:21:55 -05:00
Nick Mathewson
e0ccec219b Merge remote-tracking branch 'frewsxcv/frewsxcv-protover-heap' 2018-01-04 11:05:53 -05:00
Nick Mathewson
943134e886 Merge remote-tracking branch 'pastly2/ticket24531_033_01' 2018-01-03 11:56:35 -05:00
Nick Mathewson
b56ce79e63 In networkstatus_consensus_has_ipv6 test, use approx_time()
This may (or may not) fix up some reliability issues we've been
seeing with this test on windows.
2018-01-03 10:57:44 -05:00
Nick Mathewson
6b3c07648c Merge branch 'maint-0.3.2' 2018-01-03 10:09:20 -05:00
Nick Mathewson
1bc95633fb Fix some shadowed-global warnings.
These are all about local variables shadowing global
functions. That isn't normally a problem, but at least one
compiler we care about seems to treat this as a case of -Wshadow
violation, so let's fix it.

Fixes bug 24634; bugfix on 0.3.2.1-alpha.
2018-01-03 09:13:00 -05:00
Nick Mathewson
b62b40a572 Merge branch 'maint-0.3.2' 2018-01-03 09:00:00 -05:00
Nick Mathewson
451c852a0f Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-03 09:00:00 -05:00
Nick Mathewson
c1d98c75e3 Merge branch 'maint-0.3.0' into maint-0.3.1 2018-01-03 08:59:59 -05:00
Nick Mathewson
bbc9ff160e Merge branch 'maint-0.2.9' into maint-0.3.0 2018-01-03 08:59:59 -05:00
Nick Mathewson
c9b3f6352f Merge branch 'bug24633_029' into maint-0.2.9 2018-01-03 08:59:52 -05:00
Nick Mathewson
bd9739bae6 Merge branch 'maint-0.3.2' 2018-01-02 14:42:31 -05:00
Nick Mathewson
2aa1767b25 Merge remote-tracking branch 'teor/bug24703_032' into maint-0.3.2 2018-01-02 14:42:27 -05:00
Nick Mathewson
fb5877b972 Merge branch 'maint-0.3.0' into maint-0.3.1 2018-01-02 10:10:28 -05:00
Nick Mathewson
8a7767603a Merge branch 'maint-0.2.9' into maint-0.3.0 2018-01-02 10:10:28 -05:00
Nick Mathewson
bc5ef83f8f Merge branch 'maint-0.3.2' 2018-01-02 10:10:28 -05:00
Nick Mathewson
707076002d Merge branch 'maint-0.3.1' into maint-0.3.2 2018-01-02 10:10:28 -05:00
Nick Mathewson
6e5e4f92ab Merge remote-tracking branch 'teor/bug24736_028' into maint-0.2.9 2018-01-02 10:09:44 -05:00
Nick Mathewson
d53f779853 Merge remote-tracking branch 'teor/ticket24001' 2018-01-02 10:07:13 -05:00
Fernando Fernandez Mancera
525c1c493e Set IPv6 preferences for bridges even if there is no ri.
Tor now sets IPv6 preferences on rewrite_node_address_for_bridge() even if
there is only ri or rs. It always warns about them.

Also Tor now sets the IPv6 address in rs as well as it sets the one in ri.

Fixes #24572 on 9e9edf7 in 0.2.4.5-alpha.
Fixes #24573 on c213f27 in 0.2.8.2-alpha.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2018-01-02 15:28:15 +01:00
teor
d99ccf090f
Stop trying to remove NULL filenames on shutdown
Fixes bug 24762; bugfix on master.
(Not in any released version of Tor.)
2017-12-30 17:19:42 +11:00
ArunaMaurya221B
01efbe3bd3 node_has_curve25519_onion_key() is refactored and duplicate code removed 2017-12-29 20:11:06 +05:30
Corey Farwell
2529319f68 [fixup] this might be an improvement? 2017-12-28 18:17:45 -08:00
Corey Farwell
8ba5805bae Remove unneeded heap allocations in protover.rs. 2017-12-27 22:05:06 -08:00
teor
09b9a35c07
Clear the address when we can't choose a reachable address
When the fascist_firewall_choose_address_ functions don't find a
reachable address, set the returned address to the null address and port.

This is a precautionary measure, because some callers do not check the
return value.

Fixes bug 24736; bugfix on 0.2.8.2-alpha.
2017-12-25 01:55:28 +11:00
teor
53f350182e
Expand comments in node_get_ed25519_id() and put them near the relevant code
And add a changes file.

Follow-up to 24001.
2017-12-24 19:50:47 +11:00
ArunaMaurya221B
5865e56ec0
Conditional check added 2017-12-24 19:43:57 +11:00
teor
30e1371675
Make the default DirAuthorityFallbackRate 0.1
This makes clients on the public tor network prefer to bootstrap off fallback
directory mirrors.

This is a follow-up to 24679, which removed weights from the default fallbacks.

Implements ticket 24681.
2017-12-23 00:01:31 +11:00
Chelsea Holland Komlo
510a91af53 remove unnecessary lifetime 2017-12-22 00:26:52 -05:00
teor
a8e8ce8602
Bump the dates and Tor versions on the sample torrcs 2017-12-22 11:22:48 +11:00
teor
d10c2d6668
Clarify the OutboundBindAddressOR documentation in the sample torrc
Part of 22145
2017-12-22 11:22:10 +11:00
teor
5fb26ba2d8
Document IPv6Exit in the sample torrcs
Sample config-only change.

Implements 24703.
2017-12-22 11:10:30 +11:00
Chelsea Holland Komlo
4cdf0c8899 add testing implementation for tor logging 2017-12-21 19:01:30 -05:00
Chelsea Holland Komlo
d4be1b1e76 allow running protover test with a testing feature flag 2017-12-21 15:29:33 -05:00
Chelsea Holland Komlo
71a5376141 move macro body to inline rust function 2017-12-21 15:29:33 -05:00
Chelsea Holland Komlo
0e032fe9ea fixups from code review 2017-12-21 15:29:33 -05:00
Chelsea Holland Komlo
cd8bcacfe1 cargo fmt fixes 2017-12-21 15:29:33 -05:00
Chelsea Holland Komlo
3dfe8e6522 add minimal rust module for logging to tor's logger
Allows an optional no-op for testing purposes
2017-12-21 15:29:33 -05:00
Nick Mathewson
719db28f54 Add minimal implementations of functions Rust needs for logging 2017-12-21 15:28:29 -05:00
Nick Mathewson
94c59851df Increment version to 0.3.2.8-rc-dev 2017-12-21 14:22:54 -05:00
Nick Mathewson
713a717022 scan-build: Replace some test-assertions with fatal assertions
Using tt_assert in these helpers was implying to scan-build that our
'new' functions might be returning NULL, which in turn would make it
warn about null-pointer use.
2017-12-21 13:26:57 -05:00
Nick Mathewson
1a77799665 Increment version to 0.3.2.8-rc 2017-12-21 12:42:00 -05:00
Nick Mathewson
2b8a06a2ef Merge branch 'maint-0.3.2' 2017-12-21 11:16:00 -05:00
Nick Mathewson
6cd567d797 Merge remote-tracking branch 'dgoulet/bug24671_032_01' into maint-0.3.2 2017-12-21 11:13:33 -05:00
Nick Mathewson
2f0d57db56 Fix a compilation error in the channel tests.
This would only show up on systems like windows where monotime_t and
monotime_coarse_t are different types.
2017-12-21 11:10:30 -05:00
Nick Mathewson
1eeb505e6f In 0.3.3, we use timestamps, not absolute milliseconds. 2017-12-21 10:57:45 -05:00
Nick Mathewson
b8a3602b2a Merge branch 'maint-0.3.2' 2017-12-21 10:54:05 -05:00
Nick Mathewson
84adb9fcca Merge branch 'maint-0.3.1' into maint-0.3.2 2017-12-21 10:50:33 -05:00
Nick Mathewson
08469a338a Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-21 10:50:06 -05:00
Nick Mathewson
03b4dd92a4 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-21 10:49:40 -05:00
Nick Mathewson
79a50afa0e Use monotime_coarse_absolute_msec() in destroy queue
This way it will match the insert queue in 029 and later.
2017-12-21 10:48:37 -05:00
Nick Mathewson
3b08184338 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-21 10:43:12 -05:00
Nick Mathewson
7d845976e3 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-21 10:43:06 -05:00
Nick Mathewson
9202087760 Merge branch 'bug24666_squashed_025' into maint-0.2.5 2017-12-21 10:40:10 -05:00
Nick Mathewson
cd1f708a7f Move free to end of test function so coverity won't complain. 2017-12-21 10:39:29 -05:00
Nick Mathewson
520cf21793 Move destroy cells into a separate queue type of their own, to save RAM
We've been seeing problems with destroy cells queues taking up a
huge amount of RAM.  We can mitigate this, since while a full packed
destroy cell takes 514 bytes, we only need 5 bytes to remember a
circuit ID and a reason.

Fixes bug 24666. Bugfix on 0.2.5.1-alpha, when destroy cell queues
were introduced.
2017-12-21 10:29:01 -05:00
Nick Mathewson
bcc96c77de Merge branch 'maint-0.3.2' 2017-12-21 10:27:39 -05:00
Nick Mathewson
c38157be9d clarify a comment 2017-12-21 10:27:37 -05:00
Nick Mathewson
d0c5fe257b Merge branch 'maint-0.3.2' 2017-12-21 10:20:35 -05:00
David Goulet
885ba513ff sched: Consider extra_space even if negative in KIST
With extra_space negative, it means that the "notsent" queue is quite large so
we must consider that value with the current computed tcp_space. If we end up
to have negative space, we should not add more data to the kernel since the
notsent queue is just too filled up.

Fixes #24665

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-21 09:32:04 -05:00
Nick Mathewson
5db94adac2 Fix a pair of memory leaks in tor_cleanup()
Spotted by coverity scan as 1426749 and 1426750

Bug not in any released Tor.
2017-12-21 08:50:41 -05:00
Nick Mathewson
bac0bcbba1 type error fix for monotime_coarse_add_msec on windows 2017-12-20 17:45:59 -05:00
David Goulet
fdfa4a5a14 sched: Use lower layer cell limit with KISTLite
Instead of using INT_MAX as a write limit for KISTLite, use the lower layer
limit which is using the specialized num_cells_writeable() of the channel that
will down the line check the connection's outbuf and limit it to 32KB
(OR_CONN_HIGHWATER).

That way we don't take the chance of bloating the connection's outbuf and we
keep the cells in the circuit queue which our OOM handler can take care of,
not the outbuf.

Finally, this commit adds a log_debug() in the update socket information
function of KIST so we can get the socket information in debug.

Fixes #24671

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-20 14:17:18 -05:00
Fernando Fernandez Mancera
ac9eebd636 Add some values to OOM log msg #24501
Exposing cell_queues_get_total_allocation(), buf_get_total_allocation(),
tor_compress_get_total_allocation(), tor_compress_get_total_allocation() when
hit MaxMemInQueues threshold.

Fixes #24501

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-20 18:31:30 +01:00
Nick Mathewson
5e92646715 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-20 12:15:24 -05:00
Nick Mathewson
08ed0d7930 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-20 12:15:24 -05:00
Nick Mathewson
7e45720cf4 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-12-20 12:15:24 -05:00
Nick Mathewson
0e790bb40d Merge branch 'maint-0.3.2' 2017-12-20 12:15:24 -05:00
Nick Mathewson
c604a76a53 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-20 12:15:23 -05:00
Nick Mathewson
877dd1d6c8 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-20 12:15:23 -05:00
Karsten Loesing
428f8a375b Update geoip and geoip6 to the December 6 2017 database. 2017-12-20 17:36:29 +01:00
Nick Mathewson
a499be33b8 Merge branch 'maint-0.3.2' 2017-12-20 11:19:23 -05:00
Nick Mathewson
565ec6100f Merge branch 'stack_again_032' into maint-0.3.2 2017-12-20 11:19:18 -05:00
Nick Mathewson
7ca0a9c4ae Merge remote-tracking branch 'ahf-oniongit/bugs/24605' 2017-12-20 11:16:17 -05:00
Nick Mathewson
c99ec36def expand documentation on tor_remove_file 2017-12-20 10:43:27 -05:00
Nick Mathewson
4b7b305bf0 Remove pre-unlink check tor_remove_file; check errno instead.
This removes a time-of-check/time-of-use issue, though in this case
it would probably be harmless.
2017-12-20 10:42:02 -05:00
Nick Mathewson
18543c2c9b Merge remote-tracking branch 'ffmancera/github/bug23271' 2017-12-20 10:40:32 -05:00
Nick Mathewson
3bc5806339 Merge branch 'maint-0.3.2' 2017-12-20 10:39:38 -05:00
Nick Mathewson
0a1b1430c8 Update the unit tests to reflect the change of 24425 2017-12-20 10:39:19 -05:00
Nick Mathewson
83ced3e7fe Merge branch 'maint-0.3.2' 2017-12-20 09:59:51 -05:00
Nick Mathewson
fc33caadae Merge remote-tracking branch 'dgoulet/ticket24425_032_01' into maint-0.3.2 2017-12-20 09:59:06 -05:00
Nick Mathewson
accd0ea65b Fix the clz32 and clz64 settings on MSVC.
Fixes bug 24633; bugfix on 0.2.9.1-alpha.
2017-12-20 09:37:18 -05:00
Nick Mathewson
28fbfa8712 whitespace fix 2017-12-20 09:17:13 -05:00
Nick Mathewson
69a320ce5d Merge branch 'xfer_time_coarse' 2017-12-20 09:15:30 -05:00
Nick Mathewson
60bf8f6cf6 Improve add_msec test to cover ms->sec rollover
Per mikeperry's suggestion, I'm making sure that the millisecond
part of the time will always roll over in this test.
2017-12-20 09:12:38 -05:00
Nick Mathewson
d43dc120e8 finish documentation on live_consensus_is_missing 2017-12-18 15:01:05 -05:00
Alexander Færøy
d4f4108601
Add MainloopStats option.
This patch adds support for MainloopStats that allow developers to get
main event loop statistics via Tor's heartbeat status messages. The new
status log message will show how many succesful, erroneous, and idle
event loop iterations we have had.

See: https://bugs.torproject.org/24605
2017-12-16 02:41:21 +01:00
Alexander Færøy
e44662a7f9
Fix additional whitespace in config module comment. 2017-12-16 02:22:37 +01:00
Nick Mathewson
93e7b837c8 Use same macros to simplify options_transition_affects_* 2017-12-15 15:33:29 -05:00
Nick Mathewson
376f97aaa1 Simplify the very repetitious options_transition_allowed() 2017-12-15 15:32:46 -05:00
Nick Mathewson
20f802ea3c Add an option to disable signal handler installation.
Closes ticket 24588.
2017-12-15 12:48:29 -05:00
Nick Mathewson
fdd5734875 Remove the unused is_parent==0 option from handle_signals. 2017-12-15 12:45:30 -05:00
Nick Mathewson
a61c36d53a indentation fix 2017-12-15 12:37:15 -05:00
Fernando Fernandez Mancera
61c721f145 Add remove file function and remove ephemeral files.
Adding tor_remove_file(filename) and refactoring tor_cleanup().

Removing CookieAuthFile and ExtORPortCookieAuthFile when tor_cleanup() is
called.

Fixes #23271.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-15 17:01:22 +01:00
Nick Mathewson
5c4da2cacd bump to 0.3.2.7-rc-dev 2017-12-14 14:12:31 -05:00
Nick Mathewson
93b3c4b844 update to 0.3.2.7-rc 2017-12-13 12:06:37 -05:00
Nick Mathewson
f7e393eb4c Another attempt at fixing the STACK warning in tortls.c
Patch suggestion from catalyst.

Related to 24423
2017-12-13 10:09:10 -05:00
Nick Mathewson
219c969d7b Use monotime_coarse for transfer times and padding times
Using absolute_msec requires a 64-bit division operation every time
we calculate it, which gets expensive on 32-bit architectures.
Instead, just use the lazy "monotime_coarse_get()" operation, and
don't convert to milliseconds until we absolutely must.

In this case, it seemed fine to use a full monotime_coarse_t rather
than a truncated "stamp" as we did to solve this problem for the
timerstamps in buf_t and packed_cell_t: There are vastly more cells
and buffer chunks than there are channels, and using 16 bytes per
channel in the worst case is not a big deal.

There are still more millisecond operations here than strictly
necessary; let's see any divisions show up in profiles.
2017-12-13 09:46:58 -05:00
Nick Mathewson
dd6dec2665 Add a function to add msec to a monotime.
We'll use this for the channel padding logic.
2017-12-13 08:54:29 -05:00
Nick Mathewson
4c877ae874 Add monotime functions for clearing monotonic times
We need this to replace some of our "msec" users with monotime
users.
2017-12-13 08:29:23 -05:00
Nick Mathewson
426110dfa2 Merge branch 'maint-0.3.2' 2017-12-12 19:46:53 -05:00
Nick Mathewson
15b41fa6ae Make sandbox.c compile when libseccomp-dev is installed on arm64
Fixes ticket 24424.  Patch from weasel.
2017-12-12 19:46:03 -05:00
Nick Mathewson
9abef516f6 Merge branch 'maint-0.3.2' 2017-12-12 19:27:14 -05:00
Nick Mathewson
bf89b08930 Merge branch 'bug24367_032_squashed' into maint-0.3.2 2017-12-12 19:17:38 -05:00
teor
19a4abf2a9 Make sure bridges are definitely running before delaying directory fetches
Retry directory downloads when we get our first bridge descriptor
during bootstrap or while reconnecting to the network. Keep retrying
every time we get a bridge descriptor, until we have a reachable bridge.

Stop delaying bridge descriptor fetches when we have cached bridge
descriptors. Instead, only delay bridge descriptor fetches when we
have at least one reachable bridge.

Fixes bug 24367; bugfix on 0.2.0.3-alpha.
2017-12-12 19:17:25 -05:00
teor
6b5c70670b Simplify some conditionals in circuit_get_open_circ_or_launch()
When entry_list_is_constrained() is true, guards_retry_optimistic()
always returns true.

When entry_list_is_constrained() is false,
options->UseBridges is always false,
therefore !options->UseBridges is always true,
therefore (!options->UseBridges || ...) is always true.

Cleanup after #24367.
2017-12-12 19:17:25 -05:00
Nick Mathewson
13455c0f1a Merge branch 'maint-0.3.2' 2017-12-12 09:32:29 -05:00
Nick Mathewson
e622f208a3 Merge remote-tracking branch 'teor/bug23827-v2' 2017-12-12 09:27:03 -05:00
George Kadianakis
b6fd78ea30 hs-v3: Don't lookup an intro point while cleaning it up
Commit e80893e51b made tor call
hs_service_intro_circ_has_closed() when we mark for close a circuit.

When we cleanup intro points, we iterate over the descriptor's map of intro
points and we can possibly mark for close a circuit. This was problematic
because we would MAP_DEL_CURRENT() the intro point then free it and finally
mark for close the circuit which would lookup the intro point that we just
free in the map we are iterating over.

This can't be done and leads to a use-after-free because the intro point will
be returned successfully due to the fact that we are still in the loop
iterating. In other words, MAP_DEL_CURRENT() followed by a digest256map_get()
of the same object should never be done in the same loop.

Fixes #24595

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-12 09:21:25 -05:00
Nick Mathewson
9c604e2bbb Fix compilation: logfile_is_external() must accept const* 2017-12-12 09:21:12 -05:00
Nick Mathewson
6c5a73f87a Merge remote-tracking branch 'ahf-oniongit/bugs/24362' 2017-12-12 09:18:52 -05:00
Alexander Færøy
cbc465a3d1 Simplify explicit conditional checks into an inlined function.
This patch lifts the check for whether a given log file (`logfile_t`) is
an "external logfile" (handled by an external logging system such as
syslog, android's logging subsystem, or as an external C callback
function) into a function on its own.

See: https://bugs.torproject.org/24362
2017-12-12 01:17:57 +00:00
Nick Mathewson
eecfed0cd2 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-11 16:56:31 -05:00
Nick Mathewson
f7151387d9 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-11 16:56:31 -05:00
Nick Mathewson
cdee62da9e Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-11 16:56:31 -05:00
Nick Mathewson
da38904efb Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-11 16:56:31 -05:00
Nick Mathewson
1deda2106b Merge branch 'bug24167_025' into maint-0.2.5 2017-12-11 16:56:28 -05:00
Nick Mathewson
eaaa1108a3 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-11 16:54:14 -05:00
Nick Mathewson
04524443d0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-11 16:54:14 -05:00
Nick Mathewson
2ea573ece8 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-11 16:54:14 -05:00
Nick Mathewson
bc1ea4f470 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-11 16:54:11 -05:00
Nick Mathewson
f5d4bdf305 Merge remote-tracking branch 'public/ticket23856_025_01' into maint-0.2.5 2017-12-11 16:53:02 -05:00
Nick Mathewson
736e7299ce Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-11 16:51:58 -05:00
Nick Mathewson
7fcb222ab7 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-11 16:51:58 -05:00
Nick Mathewson
7e486dd6f7 Merge remote-tracking branch 'public/bug23985_029' into maint-0.2.9 2017-12-11 16:51:54 -05:00
Nick Mathewson
f7b41bcdf0 Merge branch 'bug24086_031' into maint-0.3.1 2017-12-11 16:49:01 -05:00
Nick Mathewson
828333e38c Merge remote-tracking branch 'public/bug24099_031' into maint-0.3.1 2017-12-11 16:48:44 -05:00
Nick Mathewson
d2031f2c60 Merge remote-tracking branch 'public/bug23817_031' into maint-0.3.1 2017-12-11 16:45:54 -05:00
Nick Mathewson
d5400d50e7 Merge branch 'maint-0.3.2' 2017-12-11 16:43:51 -05:00
Nick Mathewson
ae608408e9 Merge remote-tracking branch 'asn/bug23862_031' into maint-0.3.1 2017-12-11 16:43:41 -05:00
Nick Mathewson
c55a054236 Merge remote-tracking branch 'asn/bug23862_030' into maint-0.3.0 2017-12-11 16:41:28 -05:00
Nick Mathewson
418d8bbe92 Merge branch 'stack_fixes_032_v2' into maint-0.3.2 2017-12-11 16:25:04 -05:00
Nick Mathewson
f539d89fd9 Move subtraction in rephist to try to avoid STACK warning
(I do not know why this one is happening)
2017-12-11 16:23:11 -05:00
Nick Mathewson
3da15bcbe8 Stop checking for sandbox:new_element() failures: it can't fail.
(It can't fail because the tor_malloc*() family of functions can
never return NULL)

Found with STACK
2017-12-11 16:06:25 -05:00
Nick Mathewson
472473ec5d transport_new() cannot fail; do not check for it to fail.
(It can't fail because the tor_malloc*() family of functions can
never return NULL)

Found with STACK.
2017-12-11 16:06:00 -05:00
Nick Mathewson
252db6ad26 Merge branch 'maint-0.3.2' 2017-12-11 16:02:10 -05:00
David Goulet
057139d383 sched: Avoid integer overflow when computing tcp_space
In KIST, we could have a small congestion window value than the unacked
packets leading to a integer overflow which leaves the tcp_space value to be
humongous.

This has no security implications but it results in KIST scheduler allowing to
send cells on a potentially saturated connection.

Found by #24423. Fixes #24590.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-11 15:45:19 -05:00
Nick Mathewson
3809036c63 Reset all main.c state at exit
This change is part of 24587.
2017-12-11 14:05:34 -05:00
Nick Mathewson
6033538ac3 In control.c, reset the bootstrapping status on shutdown
Part of #24587
2017-12-11 14:05:09 -05:00
Nick Mathewson
f205dabf7a Stop using event_base_once().
This function leaks memory when the event_base is freed before the
event itself fires.  That's not harmful, but it's annoying when
trying to debug other memory leaks.

Fixes bug 24584; bugfix on 0.2.8.1-alpha.
2017-12-11 12:23:02 -05:00
Nick Mathewson
3b465ebf2e Changes file and tor_api.h tweaks for 24581. 2017-12-11 11:55:41 -05:00
Nick Mathewson
06ffafcb9d Set DH parameters to NULL on shutdown
If we don't do this, we will use freed memory on restart.

Part of 24581.
2017-12-11 11:52:19 -05:00
Nick Mathewson
474ca13d6a Mark libevent unitialized on shutdown.
This is necessary so that we will reinitialize it on startup.
2017-12-11 11:52:19 -05:00
Nick Mathewson
322abc030e On exit, free the event_base and set its pointer to NULL.
When we didn't do this before, we'd have some still-reachable memory
warnings, and we'd find ourselves crashing when we tried to
reinitialize libevent.

Part of 24581 (don't crash when restarting Tor in-process)
2017-12-11 11:52:19 -05:00
Nick Mathewson
e18840f619 Fix the log-severities memory-leak in tor-resolve.c
Also, rename the variable to have a more manageable name, and make
its scope more clear.

Fixes bug 24582; bugfix on 0.2.1.1-alpha.
2017-12-11 11:49:57 -05:00
Nick Mathewson
ea929e8456 Merge remote-tracking branch 'public/feature24427' 2017-12-11 09:59:46 -05:00
Nick Mathewson
c2822bbc63 Fix compilation of 23459 patch.
The free() changes of 23447 had broken the pending 23459 patch.
2017-12-11 09:55:38 -05:00
Nick Mathewson
7803b19c43 Merge remote-tracking branch 'ffmancera/github/bug23459' 2017-12-11 09:53:39 -05:00
Nick Mathewson
030d3d52f5 Merge remote-tracking branch 'teor/comment24575' 2017-12-11 09:46:23 -05:00
Nick Mathewson
98682f689b Merge branch 'maint-0.3.2' 2017-12-11 09:45:17 -05:00
Matt Traudt
265b8e8645 Function declaration whitespace 2017-12-11 09:43:09 -05:00
Matt Traudt
67793b615b One more missed chance to use get_scheduler_state_string 2017-12-11 09:43:09 -05:00
Matt Traudt
667f931177 Make get_scheduler_state_string available to scheduler*.c 2017-12-11 09:43:09 -05:00
Matt Traudt
8797c8fbd3 Remove now-duplicate log_debug lines 2017-12-11 09:43:09 -05:00
Matt Traudt
07898fb2a6 Helper to log chan scheduler_states as strings not ints 2017-12-11 09:43:09 -05:00
Matt Traudt
273325e216 Add all the missed scheduler_state assignments 2017-12-11 09:43:08 -05:00
Matt Traudt
5e7fdb8b3f Fix cosmetic issues around scheduler_set_channel_state
Whitespace issues

Line length

Unused variable
2017-12-11 09:43:04 -05:00
Nick Mathewson
d68abbe358 Merge remote-tracking branch 'dgoulet/bug23603_032_02' into maint-0.3.2 2017-12-11 09:42:12 -05:00
ArunaMaurya221B
ad5cfa3039 Bug:24531 Function to change channel scheduler state for easy debugging added. 2017-12-11 08:46:43 -05:00
ArunaMaurya221B
d77cacb7ab Bug:24531 Add function to change scheduler state and always use it 2017-12-11 08:46:39 -05:00
Alexander Færøy
b0b8f7c30c Add support for Android's logging subsystem.
This patch adds support for Android's logging subsystem in Tor. When
debugging Android applications it is useful to be able to collect
information about the application running on the platform via the
various system services that is available on the platform.

This patch allows you to add "Log notice android" to your torrc and have
Tor send everything above and including the notice severity to Android's
ring buffer which can be inspected using the 'adb logcat' program.

See: https://bugs.torproject.org/24362
2017-12-11 13:22:39 +00:00
Nick Mathewson
58e8094816 Fix compilation with --disable-memory-sentinels
We'd broken this with the recent _free() rewrite.
2017-12-11 08:01:54 -05:00
Alexander Færøy
78a582ed88 Restructure log initilization function to allow multiple backends without arguments.
This patch ensures that we more easily can extend our log backends that
does not take any additional argument other than a single keyword. This
patch is mostly reindentation of some code which is why it is split out
into its own patch.

See: https://bugs.torproject.org/24362
2017-12-11 13:00:48 +00:00
teor
35055cfa7f
Update the comment in options_transition_affects_guards()
It referred to the an old function name.

Fixes #24575, bugfix on 0.3.0.
2017-12-11 03:18:48 +11:00
Nick Mathewson
6f3a862966
Run the download_status_increment test in a forked process.
It messes with global state somehow in a way that makes several of
the entryconn tests fail now.
2017-12-11 00:57:04 +11:00
teor
bbc781885d
fixup! Add networkstatus_consensus_has_ipv6() and unit tests
This is what happens when you don't run:
make check-spaces
make check-changes
2017-12-11 00:53:03 +11:00
teor
b66b62fb75
Stop waiting for microdescs if the consensus supports IPv6 ORPorts
Also make IPv6-only clients wait for microdescs for relays, even if we were
previously using descriptors (or were using them as a bridge) and have
a cached descriptor for them.

But if node_is_a_configured_bridge(), stop waiting for its IPv6 address in
a microdescriptor, because we'll never use it.

Implements #23827.
2017-12-11 00:34:31 +11:00
teor
28d4355a6e
Add networkstatus_consensus_has_ipv6() and unit tests
networkstatus_consensus_has_ipv6() tells us whether the consensus method of
our current consensus supports IPv6 ORPorts in the consensus.

Part of #23827.
2017-12-11 00:34:19 +11:00
Nick Mathewson
241b676638 Fix up test_circuitstats to use the new circuit_free macro 2017-12-08 17:52:45 -05:00
Nick Mathewson
0340c02975 Merge remote-tracking branch 'mikeperry/bug23114_squashed2' 2017-12-08 17:50:34 -05:00
Nick Mathewson
b189c613bb move a macro; fix a build? 2017-12-08 15:11:18 -05:00
Nick Mathewson
5ee0cccd49 Merge branch 'macro_free_v2_squashed' 2017-12-08 14:58:43 -05:00
Nick Mathewson
fa0d24286b Convert remaining function (mostly static) to new free style 2017-12-08 14:47:19 -05:00
Nick Mathewson
17dcce3fe1 Fix wide lines introduced by previous patch. 2017-12-08 14:47:19 -05:00
Nick Mathewson
285632a61b Replace all FREE_AND_NULL* uses to take a type and a free function.
This commit was made mechanically by this perl script:

\#!/usr/bin/perl -w -i -p

next if /^#define FREE_AND_NULL/;
s/\bFREE_AND_NULL\((\w+),/FREE_AND_NULL\(${1}_t, ${1}_free_,/;
s/\bFREE_AND_NULL_UNMATCHED\(/FREE_AND_NULL\(/;
2017-12-08 14:47:19 -05:00
Nick Mathewson
95531ddfbf Let's have only one FREE_AND_NULL variant.
This commit removes the old FREE_AND_NULL, and renames the old
FREE_AND_NULL_UNMATCHED so that it is now called FREE_AND_NULL.

This will break all the FREE_AND_NULL_* users; the next commit will
fix them.
2017-12-08 14:47:19 -05:00
Nick Mathewson
1d348989b0 Make tor_free only evaluate its input once (at least on gcc and clang) 2017-12-08 14:47:19 -05:00
Nick Mathewson
db024adc90 Switch to a safer FREE_AND_NULL implementation
This one only evaluates the input once, so it cannot mess up even if
there are side effects.
2017-12-08 14:47:19 -05:00
Nick Mathewson
176ad729d9 Change the free macro convention in the rest of src/or/*.h 2017-12-08 14:47:19 -05:00
Nick Mathewson
0792cc107e Convert connection_free to a nulling macro. 2017-12-08 14:47:19 -05:00
Nick Mathewson
a48ba072a9 Rename connection_free_ to connection_free_minimal. 2017-12-08 14:47:19 -05:00
Nick Mathewson
b0cc9856ee Update free functions into macros: src/or/ part 1
This covers addressmap.h (no change needed) through confparse.h
2017-12-08 14:47:19 -05:00
Nick Mathewson
c92ac9f5cb Convert the rest of src/common's headers to use FREE_AND_NULL 2017-12-08 14:47:19 -05:00
Nick Mathewson
44010c6fc1 Merge branch 'dgoulet_ticket23709_033_01_squashed' 2017-12-08 14:44:09 -05:00
David Goulet
e96c577ed2 test: Make older GCC happy and thus our oniongit pipeline
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-08 14:43:27 -05:00
David Goulet
6120efd771 chan: Do not re-queue after a fail cell write
Couple things happen in this commit. First, we do not re-queue a cell back in
the circuit queue if the write packed cell failed. Currently, it is close to
impossible to have it failed but just in case, the channel is mark as closed
and we move on.

The second thing is that the channel_write_packed_cell() always took ownership
of the cell whatever the outcome. This means, on success or failure, it needs
to free it.

It turns out that that we were using the wrong free function in one case and
not freeing it in an other possible code path. So, this commit makes sure we
only free it in one place that is at the very end of
channel_write_packed_cell() which is the top layer of the channel abstraction.
This makes also channel_tls_write_packed_cell_method() return a negative value
on error.

Two unit tests had to be fixed (quite trivial) due to a double free of the
packed cell in the test since now we do free it in all cases correctly.

Part of #23709

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-08 14:43:27 -05:00
Fernando Fernandez Mancera
8559827280 Split client-side get_rend_circ into two functions.
Split hs_circuitmap_get_rend_circ_client_side(). One returns only established
circuits (hs_circuitmap_get_established_rend_circ_client_side()) and the other
returns all kinds of circuits.

Fixes #23459

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-08 18:14:08 +01:00
Nick Mathewson
021fdd39e4 Use mach_approximate_time() for coarse time where available.
This lets us have a coarse-time implementation with reasonable
performance characteristics on OSX and iOS.

Implements 24427.
2017-12-08 09:24:02 -05:00
teor
bb7c5b431d
Move a comment to relay_send_end_cell_from_edge()
It looks like it was left behind in a refactor.

Fixes 24559.
2017-12-08 12:49:33 +11:00
Nick Mathewson
afceb431ed add a missing windows underscore 2017-12-07 15:14:49 -05:00
Nick Mathewson
45b9b2245f Merge branch 'maint-0.3.2' 2017-12-07 08:42:56 -05:00
Nick Mathewson
4b41ffa64d Merge branch 'arthuredelstein_18859+1_031' into maint-0.3.2 2017-12-07 08:42:49 -05:00
Nick Mathewson
c2c0f83c23 Revert accidentally-committed code from 046acf208b 2017-12-07 08:28:57 -05:00
Mike Perry
050bb67974 Add tests for circuitstats.c
These tests primarily test the relaxed and measured behavior of
circuitstats.c, to make sure we did not break it with #23100 or #23114.
2017-12-07 00:04:39 +00:00
Mike Perry
125df07d60 Report close and timeout rates since uptime, not based on data.
Bug #23114 was harder to see because we were just reporting our math,
rather than reporting behavior.
2017-12-07 00:04:39 +00:00
Mike Perry
ed89588c4f Bug #23114: Time out circuits immediately.
This changes the purpose of circuits that are past the timeout to measurement
*as they are built*, ensuring accurate application of the timeout logic.
2017-12-07 00:04:38 +00:00
Mike Perry
b5d4cd1b41 Bug #23100: Count all 3 hop circuits for CBT.
This change causes us to count anything once it reaches 3 hops (but not
after).
2017-12-07 00:04:33 +00:00
Arthur Edelstein
2bd91dbd34 Don't consider a port "handled" by an isolated circuit.
Previously, circuit_stream_is_being_handled incorrectly reported
that (1) an exit port was "handled" by a circuit regardless of
whether the circuit was already isolated in some way, and
(2) that a stream could be "handled" by a circuit even if their
isolation settings were incompatible.

As a result of (1), in Tor Browser, circuit_get_unhandled_ports was
reporting that all ports were handled even though all non-internal
circuits had already been isolated by a SOCKS username+password.

Therefore, circuit_predict_and_launch_new was declining to launch
new exit circuits. Then, when the user visited a new site in Tor
Browser, a stream with new SOCKS credentials would be initiated,
and the stream would have to wait while a new circuit with those
credentials could be built. That wait was making the
time-to-first-byte longer than it needed to be.

Now, clean, not-yet-isolated circuit(s) will be automatically
launched ahead of time and be ready for use whenever a new stream
with new SOCKS credentials (or other isolation criteria) is
initiated.

Fixes bug 18859. Thanks to Nick Mathewson for improvements.
2017-12-06 14:18:41 -08:00
Nick Mathewson
046acf208b Fix a compiler warning 2017-12-06 15:46:54 -05:00
Nick Mathewson
5f518c69aa Merge remote-tracking branch 'public/monotime_coarse_stamps' 2017-12-06 15:43:50 -05:00
Nick Mathewson
c470a6d278 Merge remote-tracking branch 'teor/bug24488' 2017-12-06 14:44:03 -05:00
Nick Mathewson
d4ca18573c Merge remote-tracking branch 'dgoulet/bug24502_032_01' into maint-0.3.2 2017-12-06 14:37:53 -05:00
Nick Mathewson
91f72bbb6c Merge remote-tracking branch 'teor/bug24489' 2017-12-06 14:37:15 -05:00
Nick Mathewson
aa6212a858 Merge remote-tracking branch 'dgoulet/bug24502_032_01' 2017-12-06 14:31:33 -05:00
David Goulet
1a55a5ff06 test: Add a KIST test for a non opened channel
This makes sure that a non opened channel is never put back in the channel
pending list and that its state is consistent with what we expect that is
IDLE.

Test the fixes in #24502.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-06 11:33:01 -05:00
Alexander Færøy
9fa38bd996
Check the return value of hs_parse_address().
This patch adds a check for the return value of `hs_parse_address()` in
`hs_control_hspost_command()`. Since it should not be possible for
`hs_parse_address()` to fail in this context we wrap the error check
with the `BUG()` macro.

See: https://bugs.torproject.org/24543
2017-12-06 14:56:52 +01:00
Nick Mathewson
01700d779c Initialize pk so that older gcc versions don't freak out. 2017-12-05 20:00:49 -05:00
Nick Mathewson
a7a0cebb59 Merge branch 'more_directories_squashed' 2017-12-05 19:49:45 -05:00
Nick Mathewson
a57bcffcc7 Implement the various get_foodir_*() functions. 2017-12-05 19:49:29 -05:00
Nick Mathewson
a9806af261 Create a CacheDirectory and KeyDirectory options.
They work the same as DataDirectory, but default slightly different.

Tor is not actually updated to use them yet.
2017-12-05 19:49:28 -05:00
Nick Mathewson
39a780e85a Clean up a needlessly complex get_datadir_fname use 2017-12-05 19:49:28 -05:00
Nick Mathewson
3907faf2fd New accessors for keydir/cachedir access
This patch is a result of auditing all of our uses of
get_datadir_fname() and its kin, and dividing them into cache vs
keys vs other data.

The new get_keydir_fname() and get_cachedir_fname() functions don't
actually do anything new yet.
2017-12-05 19:49:28 -05:00
Nick Mathewson
7b34ab3e38 Extract common code for creating the keys directory.
This had somehow gotten duplicated between router.c and routerkeys.c
2017-12-05 19:49:28 -05:00
Nick Mathewson
2e872f6b32 Use get_datadir_fname() accessor in networkstatus.c 2017-12-05 19:49:28 -05:00
Nick Mathewson
36779df4c4 Extract the code that creates the datadir into a separate function. 2017-12-05 19:49:28 -05:00
Nick Mathewson
e8a6a6635b Merge branch 'dgoulet_ticket20699_033_01' 2017-12-05 19:43:23 -05:00
David Goulet
c094802697 control: Improve ADD_ONION helper function comments
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
8c02fc15ae control: Don't use void pointer for ADD_ONION secret key
Make this a bit more safe with at least type checking of the pointers
depending on the version.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
9c6560fe29 test: Add HS_DESC v3 unit tests
This introduces the test_hs_control.c file which at this commit contains basic
unit test for the HS_DESC event.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
ace42acff0 control: HSPOST command support for v3
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
475d8d1a3d control: Don't check if Server is an HSDir for HSPOST
This is removed for two reasons. First, HSDir accepts descriptor even though
they don't think they are in fact an HSDir. This is to avoid consensus desync
between client/service and directories.

Second, our malicious HSDir scanner uses the HSPOST command to post on all
relays in order to test them before they could become HSDir. We had to remove
that check from the tor code that the scanner uses.

Thus, this check should not be enforced by the control port for the above use
cases. It is also a bit more complex with v3 support for which not all HSDir
support it so basically irrelevant check.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
683fccba8f hs-v3: Add an handler for the HSPOST command
It is not used yet at this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
e71c6199dd hs-v3: Add a public function to upload a descriptor to an HSDir
This is groundwork for the HSPOST control port command that needs a way in the
HS subsystem to upload a service descriptor to a specific HSDir.

To do so, we add a public function that takes a series of parameters including
a fully encoded descriptor and initiate a directory request to a specific
routerstatut_t object.

It is for now not used but should be, in future commit, by the HSPOST command.
This commit has no behavior change, only refactoring.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
2c8e97db58 hs-v3: Implement HS_DESC_CONTENT event
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
cc26d4fa21 control: Support HS v3 for CIRC and CIRC_MINOR event
"REND_QUERY=" can now output a v3 address.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
13bb4f60f0 hs-v3: Support HS_DESC UPLOAD failed
When failing to upload a descriptor, signal the control port with a FAILED
event.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
427b247c8d hs-v3: Implement HS_DESC UPLOADED event
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
c7050eaa16 hs-v3: Implement HS_DESC UPLOAD event
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
b71a9b60cc hs-v3: Implement HS_DESC CREATED event
This makes the REPLICA= field optional for the control port event. A v2
service will always pass it and v3 is ignored.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
3b436d495f hs-v3: Implement HS_DESC RECEIVED event
Adds a v3 specific function to handle a received event.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
8365de1da3 hs-v3: Implement HS_DESC FAILED event
A new v3 specific function has been added named
control_event_hsv3_descriptor_failed().

The HS v3 subsystem now uses it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
743d0b9d91 hs-v3: Implement HS_DESC REQUESTED event
This changes the control_event_hs_descriptor_requested() call to add the hsdir
index optional value. v2 passes NULL all the time.

This commit creates hs_control.{c|h} that contains wrappers for the HS
subsystem to interact with the control port subsystem.

The descriptor REQUESTED event is implemented following proposal 284 extension
for v3.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
e7d606900e control: Rename two HS v2 specific functions
Make control_event_hs_descriptor_received() and
control_event_hs_descriptor_failed() v2 specific because they take a
rend_data_t object and v3 will need to pass a different object.

No behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
beacbbe210 control: Refactor control_event_hs_descriptor_receive_end
First, rename and make that function static because it is internal to
control.c and called by two HS_DESC events.

Second, make it take more basic parameters and thus not a rend_data_t object
so we can still use the function for v3 HS that doesn't use that object.

Third, move the descriptor ID lookup to the two specific events (yes little
code duplication there) because they get a rend_data_t object which won't be
the case for v3.

Finally, through this refactoring, change the pointer check to BUG() and
change some parameter names to reflect what they really are.

No behavior change at this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
242ddc85c8 control: Refactor HS_DESC events functions to not be v2 specific
This is a naming refactor mostly _except_ for a the events' function that take
a rend_data_t which will require much more refactoring.

No behavior change at this commit, cleanup and renaming stuff to not be only
v2 specific.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
4633a93ca8 hs-v3: Downgrade warning log when an intro circuit has closed
When an intro circuit has closed, do not warn anymore when we can't find the
service. It is possible to hit that condition if the service is removed before
the circuits were fully closed. This happens in the case of deleting an
ephemeral service.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
f0e3331f3c hs-v3: Add ephemeral service support
The functions are now used by the ADD_ONION/DEL_ONION control port command as
well. This commits makes them fully functionnal with hidden service v3.

Part of #20699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
Nick Mathewson
1969d57363 Change our build process to run Cargo from inside the build tree
Instead of using the cwd to specify the location of Cargo.toml, we
use the --manifest-path option to specify its location explicitly.

This works around the bug that isis diagnosed on our jenkins builds.
2017-12-05 14:23:55 -05:00
Nick Mathewson
a798ba6e9b Merge branch 'maint-0.3.2' 2017-12-05 12:10:06 -05:00
Nick Mathewson
779e4b9dcf Tweaks to strings in 24500 2017-12-05 12:09:57 -05:00
Fernando Fernandez Mancera
313360e6e6 Make errno error log more useful for getrandom()
Making errno error log more useful for getrandom() call. Adding if statement to
make difference between ENOSYS and other errors.

Fixes #24500

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-05 12:05:09 -05:00
David Goulet
68601a85ca test: Add HSv3 unit test for expiring intro point
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 10:55:41 -05:00
David Goulet
e80893e51b hs-v3: Cleanup HS circuits when marking as closed
First, hs_service_intro_circ_has_closed() is now called in circuit_mark_for
close() because the HS subsystem needs to learn when an intro point is
actually not established anymore as soon as possible. There is a time window
between a close and a free.

Second, when we mark for close, we also remove it from the circuitmap because
between the close and the free, a service can launch an new circuit to that
same intro point and thus register it which only succeeds if the intro point
authentication key is not already in the map.

However, we still do a remove from the circuitmap in circuit_free() in order
to also cleanup the circuit if it wasn't marked for close prior to the free.

Fixes #23603

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 10:55:41 -05:00
David Goulet
ba63c4099a hs-v3: Don't cleanup intro point in has_closed()
The hs_service_intro_circ_has_closed() was removing intro point objects if too
many retries.

We shouldn't cleanup those objects in that function at all but rather let
cleanup_intro_points() do its job and clean it properly.

This was causing an issue in #23603.

Furthermore, this moves the logic of remembering failing intro points in the
cleanup_intro_points() function which should really be the only function to
know when to cleanup and thus when an introduction point should be remembered
as a failed one.

Fixes #23603

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 10:55:41 -05:00
David Goulet
97702c69b0 sched: Set channel scheduler state to IDLE when not opened
In the KIST main loop, if the channel happens to be not opened, set its state
to IDLE so we can release it properly later on. Prior to this fix, the channel
was in PENDING state, removed from the channel pending list and then kept in
that state because it is not opened.

This bug was introduced in commit dcabf801e5 for
which we made the scheduler loop not consider unopened channel.

This has no consequences on tor except for an annoying but harmless BUG()
warning.

Fixes #24502

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-04 14:48:15 -05:00
Nick Mathewson
0694a6dc01 Don't pass --quiet to cargo for now
Fixes bug 24518.
2017-12-04 14:19:22 -05:00
Nick Mathewson
70b19894ae Merge branch 'maint-0.3.2' 2017-12-04 13:23:52 -05:00
David Goulet
ff6c8cf861 sched: Downgrade warning log to info in KIST
Some platforms don't have good monotonic time support so don't warn when the
diff between the last run of the scheduler time and now is negative. The
scheduler recovers properly from this so no need to be noisy.

Fixes #23696

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-04 12:22:02 -05:00
Nick Mathewson
f50d64b62e Merge branch 'bug23826-23828_squashed' 2017-12-04 11:43:11 -05:00
teor
9acfd70f26
Sprinkle some consts in networkstatus_getinfo_by_purpose()
And note where we change the running flag, but probably shouldn't.

Implements ticket 24489.
2017-12-02 21:21:41 +11:00
teor
f1a5000b98
Make set_routerstatus_from_routerinfo() set IPv6 unspecified addresses
When creating a routerstatus (vote) from a routerinfo (descriptor),
set the IPv6 address to the unspecified IPv6 address, and explicitly
initialise the port to zero.

Also clarify the documentation for the function.

Fixes bug 24488; bugfix on 0.2.4.1-alpha.
2017-12-02 21:00:22 +11:00
Nick Mathewson
953a8f8510 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-01 12:13:40 -05:00
Nick Mathewson
5c03bb7c0c Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-01 12:13:40 -05:00
Nick Mathewson
3bca705c54 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-01 12:13:40 -05:00
Nick Mathewson
b86c9acac3 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-12-01 12:13:40 -05:00
Nick Mathewson
cf3da63b90 Merge branch 'maint-0.3.2' 2017-12-01 12:13:40 -05:00
Nick Mathewson
f97f301b5b Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-01 12:13:39 -05:00
Nick Mathewson
461e34bb3d Fix a clang compilation warning in rendservice.c
Fixes bug 24480; bugfix on 0.2.5.16.
2017-12-01 12:13:15 -05:00
Nick Mathewson
998a247123 bump to 0.3.2.6-alpha-dev 2017-12-01 09:34:31 -05:00
Nick Mathewson
a12dbbd882 bump to 0.3.1.9-dev 2017-12-01 09:34:20 -05:00
Nick Mathewson
1983068ba9 bump to 0.3.0.13-dev 2017-12-01 09:34:09 -05:00
Nick Mathewson
73869c99a0 bump to 0.2.9.14-dev 2017-12-01 09:34:00 -05:00
Nick Mathewson
8f858de819 bump to 0.2.8.17-dev 2017-12-01 09:33:51 -05:00
Nick Mathewson
162a087e5f bump to 0.2.5.16-dev 2017-12-01 09:33:41 -05:00
George Kadianakis
1c9f063486 Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-12-01 14:13:22 +02:00
George Kadianakis
210f0c24f0 Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-12-01 14:09:29 +02:00
George Kadianakis
6bd64e8212 Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-12-01 14:06:32 +02:00
George Kadianakis
8276a0ab85 Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-12-01 14:06:28 +02:00
Nick Mathewson
424ab08b5a bump to 0.3.2.6-alpha 2017-11-30 12:26:30 -05:00
Nick Mathewson
4ebd436541 version bump to 0.3.1.9 2017-11-30 12:25:48 -05:00
Nick Mathewson
f2ecdeb724 version bump to 0.3.0.13 2017-11-30 12:25:01 -05:00
Nick Mathewson
16c9cfd658 version bump to 0.2.9.14 2017-11-30 12:24:07 -05:00
Nick Mathewson
6ee4472544 version bump to 0.2.8.17 2017-11-30 12:22:32 -05:00
Nick Mathewson
6bda6777c1 bump to 0.2.5.16 2017-11-30 12:19:48 -05:00
Nick Mathewson
cef844d017 Merge branch 'maint-0.3.2' 2017-11-30 12:07:59 -05:00
Nick Mathewson
fd73a168ca Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-30 12:07:59 -05:00
Nick Mathewson
ee48eb1eb5 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-30 12:07:59 -05:00
Nick Mathewson
5fc0587c04 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-30 12:07:59 -05:00
Nick Mathewson
7e2b012b46 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-30 12:07:59 -05:00
Nick Mathewson
ba4a9cf0c0 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-30 12:07:59 -05:00
Nick Mathewson
d459c08b7d Merge branch 'trove-2017-012_030' into maint-0.3.0 2017-11-30 12:07:43 -05:00
Nick Mathewson
52d7af631c Merge branch 'trove-2017-010_029' into maint-0.2.9 2017-11-30 12:07:26 -05:00
Nick Mathewson
f49876d66e Merge branch 'trove-2017-012_025' into maint-0.2.5 2017-11-30 12:06:21 -05:00
Nick Mathewson
08ce39fb0f Merge branch 'trove-2017-011_025' into maint-0.2.5 2017-11-30 12:06:17 -05:00
Nick Mathewson
a6a0c7a4ec Merge branch 'trove-2017-009_025' into maint-0.2.5 2017-11-30 12:05:59 -05:00
Nick Mathewson
766d0a2d98 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-30 11:48:12 -05:00
Nick Mathewson
500f04a74e Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-30 11:48:12 -05:00
Nick Mathewson
072e194a15 Merge branch 'bug21394_029' into maint-0.2.9 2017-11-30 11:48:06 -05:00
Nick Mathewson
a1b0a0b9cd Avoid use-after-free error in 20020 fix
CID 1424328; found by coverity; bugfix on 93dbce4ddd98ca9a4ff2f;
bug not in any released Tor.
2017-11-30 11:44:15 -05:00
Nick Mathewson
1c7121be54 Merge branch 'bug24119_squashed' 2017-11-30 08:00:34 -05:00
Alex Xu (Hello71)
f1e8e54964 Simplify channel_rsa_id_group_set_badness, #24119 2017-11-30 08:00:24 -05:00
Nick Mathewson
27f017639f Merge branch 'ticket20020' 2017-11-29 20:24:34 -05:00
Nick Mathewson
20fa6a3883 Merge branch 'maint-0.3.2' 2017-11-29 12:06:14 -05:00
Nick Mathewson
f0007f2b8d Merge branch 'bug24050_029_squashed' into maint-0.3.2 2017-11-29 12:05:49 -05:00
Nick Mathewson
eb1976202e Fix unit tests for 24050. 2017-11-29 12:05:36 -05:00
Nick Mathewson
6a9c3d6e3a Merge branch 'maint-0.3.2' 2017-11-29 12:02:44 -05:00
Nick Mathewson
9b44bb49b4 Merge branch 'bug24050_029_squashed' into maint-0.3.2 2017-11-29 12:02:07 -05:00
Nick Mathewson
a94c486102 Make the cache_ipv4_answers default become 0 again, for real.
Fortunately, use_cached_ipv4_answers was already 0, so we wouldn't
actually use this info, but it's best not to have it.

Fixes bug 24050; bugfix on 0.2.6.3-alpha
2017-11-29 12:01:45 -05:00
David Goulet
7bb269548d hs-v3: Bump hsdir_spread_store from 3 to 4
Per the analysis in
https://trac.torproject.org/projects/tor/ticket/23170#comment:17, this will
greatly improve service reachability.

Closes #24425

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-29 09:19:02 -05:00
David Goulet
6ab07419c8 Use local descriptor object to exclude self in path selection
TROVE-2017-12. Severity: Medium

When choosing a random node for a circuit, directly use our router
descriptor to exclude ourself instead of the one in the global
descriptor list. That list could be empty because tor could be
downloading them which could lead to not excluding ourself.

Closes #21534
2017-11-28 19:14:10 -05:00
David Goulet
91cee3c9e7 Guard: Don't pick ourselves as a possible Guard
TROVE-2017-12. Severity: Medium

Thankfully, tor will close any circuits that we try to extend to
ourselves so this is not problematic but annoying.

Part of #21534.
2017-11-28 19:12:56 -05:00
David Goulet
3030741b5d hs-v2: Remove any expiring intro from the retry list
TROVE-2017-13. Severity: High.

In the unlikely case that a hidden service could be missing intro circuit(s),
that it didn't have enough directory information to open new circuits and that
an intro point was about to expire, a use-after-free is possible because of
the intro point object being both in the retry list and expiring list at the
same time.

The intro object would get freed after the circuit failed to open and then
access a second time when cleaned up from the expiring list.

Fixes #24313
2017-11-28 18:41:29 -05:00
Nick Mathewson
1880a6a88e Avoid asking for passphrase on junky PEM input
Fixes bug 24246 and TROVE-2017-011.

This bug is so old, it's in Matej's code.  Seems to have been
introduced with e01522bbed.
2017-11-27 15:25:03 -05:00
Nick Mathewson
2c0487ecfb Handle NULL input to protover_compute_for_old_tor()
Fixes bug 24245; bugfix on 0.2.9.4-alpha. TROVE-2017-010.
2017-11-27 15:16:30 -05:00
Nick Mathewson
2834cc9c18 Fix length of replaycache-checked data.
This is a regression; we should have been checking only the
public-key encrypted portion.  Fixes bug 24244, TROVE-2017-009, and
CVE-2017-8819.
2017-11-27 15:12:19 -05:00
Nick Mathewson
b230860608 Merge branch 'maint-0.3.2' 2017-11-27 10:04:16 -05:00
Nick Mathewson
ef54610442 Merge branch 'ticket23856_025_01' into maint-0.3.2 2017-11-27 10:02:03 -05:00
David Goulet
8be50ca3ea relay: Change bandwidth stats interval to 24 hours
Going from 4 hours to 24 hours in order to try reduce the efficiency of guard
discovery attacks.

Closes #23856

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-27 10:00:40 -05:00
Nick Mathewson
9c37e8c8d1 Fix unit tests that depended on monotonic msec. 2017-11-27 09:43:15 -05:00
Nick Mathewson
c3c0a05f51 Add a new notion of "stamps" to be a fast 32-bit monotonic timestamp
The goal here is to replace our use of msec-based timestamps with
something less precise, but easier to calculate.  We're doing this
because calculating lots of msec-based timestamps requires lots of
64/32 division operations, which can be inefficient on 32-bit
platforms.

We make sure that these stamps can be calculated using only the
coarse monotonic timer and 32-bit bitwise operations.
2017-11-27 09:43:15 -05:00
Nick Mathewson
b1c4ab0bec Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-27 09:09:34 -05:00
Nick Mathewson
703ab95e9f Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-27 09:09:34 -05:00
Nick Mathewson
30b3229252 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-27 09:09:34 -05:00
Nick Mathewson
722c64fc23 Merge branch 'maint-0.3.2' 2017-11-27 09:09:34 -05:00
Nick Mathewson
4bb287aa39 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-27 09:09:34 -05:00
Sebastian Hahn
25c90230be Add bastet's ipv6 address
Implements ticket 24394
2017-11-27 09:09:16 -05:00
Alex Xu (Hello71)
2cda005ac4 Add fast paths to channel_rsa_id_group_set_badness, #24119 2017-11-24 12:42:51 -05:00
David Goulet
428ee55e51 doc: Update channel.c top comments from latest
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
04762be612 test: Cleanup unused code in test_channel.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
d443a5258f test: Add unit test for channel_listener_t
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
8c5ed4f150 test: Add unit test for channel_get_for_extend()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
36f1fb3be3 test: Add unit test for channel_check_for_duplicates()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
47aaaf4403 test: Add channel state unit test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
3ed0b28a01 test: Fix memleak of channel cmux
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
08d0c39b91 test: Fix channel dumpstats test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
bd7823b29b test: Fix channel lifecycle and lifecycle_2
They were broken due to previous commit. Fixes are trivial.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
fa8c98985b test: Add outbound channel cell test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
636eec32bf test: Improve the inbound channel cell test
First, that test was broken from the previous commit because the
channel_queue_cell() has been removed. This now tests the
channel_process_cell() directly.

Second, it wasn't testing much except if the channel subsystem actually went
through the cell handler. This commit adds more checks on the state of a
channel going from open, receiving a cell and closing.

Third, this and the id_map unit test are working, not the others so they've
been marked as not working and future commit will improve and fix those.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
1dc4f96d9c channel: Remove nickname attribute from channel_t
This was never set thus never could have been used. Get rid of it to simplify
the code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
163477b11e channel: Remove dead code
This removed code that was either never reached or irrelevant after the
incoming/outgoing queue removal such as the "timestamp_drained".

Lots of things are also removed from channel.h that do not exists anymore or
not used.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
0e7b23535c channel: Add and cleanup comments
No code nor behavior change, only documentation.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:47:37 -05:00
David Goulet
56833bf449 channel: Requeue cell to circuit if channnel failed
If the channel layer failed to write a cell from the circuit queue, requeue it
so it can be retried on the same channel later.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:47:21 -05:00
David Goulet
6d1ea7766b channel: Remove unused write cell functions
The channel_write_cell() and channel_write_var_cell() can't be possibly called
nor are used by tor. We only write on the connection outbuf packed cell coming
from the scheduler that takes them from the circuit queue.

This makes channel_write_packed_cell() the only usable function. It is
simplify and now returns a code value. The reason for this is that in the next
commit(s), we'll re-queue the cell onto the circuit queue if the write fails.

Finally, channel unit tests are being removed with this commit because they do
not match the new semantic. They will be re-written in future commits.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:46:15 -05:00
David Goulet
e1c29a769c channel: Remove everything related to queue size
The channel subsystem was doing a whole lot to track and try to predict the
channel queue size but they are gone due to previous commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:44:46 -05:00
David Goulet
46a0709261 channel: Remove incoming/outgoing queue
For the rationale, see ticket #23709.

This is a pretty massive commit. Those queues were everywhere in channel.c and
it turns out that it was used by lots of dead code.

The channel subsystem *never* handles variable size cell (var_cell_t) or
unpacked cells (cell_t). The variable ones are only handled in channeltls and
outbound cells are always packed from the circuit queue so this commit removes
code related to variable and unpacked cells.

However, inbound cells are unpacked (cell_t), that is untouched and is handled
via channel_process_cell() function.

In order to make the commit compile, test have been modified but not passing
at this commit. Also, many tests have been removed but better improved ones
get added in future commits.

This commit also adds a XXX: which indicates that the handling process of
outbound cells isn't fully working. This as well is fixed in a future commit.

Finally, at this commit, more dead code remains, it will be cleanup in future
commits.

Fixes #23709

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:37:59 -05:00
David Goulet
d165f0fd30 relay: Improve comment in append_cell_to_circuit_queue()
This function is part of the tor fast path so this commit adds more
documentation to it as it is critical.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 09:41:10 -05:00
David Goulet
bf242ebe6c relay: Remove dead code
append_cell_to_circuit_queue() had code disabled from commit
2a95f31716

This code is 4+ years old related to bug #9072 so if we ever want to revisit
it, lets inspect/revert this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 09:41:10 -05:00
Nick Mathewson
a7e777ab8e bump to 0.3.2.5-alpha-dev 2017-11-22 08:34:02 -05:00
Nick Mathewson
bf882b0373 re-run ./scripts/maint/annotate_ifdef_directives 2017-11-21 14:07:43 -05:00
Nick Mathewson
5da0a73838 Merge branch 'ticket23953_033_squashed' 2017-11-21 14:06:57 -05:00
Nick Mathewson
25f882a9cf Use stdatomic.h for atomic_counter_t where available.
Closes ticket 23953.
2017-11-21 14:06:48 -05:00
Nick Mathewson
8b3580255d Merge remote-tracking branch 'teor/bug24372' 2017-11-21 13:57:48 -05:00
Nick Mathewson
1cc344b277 Merge remote-tracking branch 'teor/bug23760_nc' 2017-11-21 13:56:57 -05:00
Nick Mathewson
5da6120e88 bump version to 0.3.2.5-alpha 2017-11-21 12:54:11 -05:00
Nick Mathewson
517032b8ce Merge branch 'maint-0.3.2' 2017-11-21 12:41:39 -05:00
Nick Mathewson
ba94dc28e8 Merge branches 'bug24099_031' and 'bug24086_031' into maint-0.3.2 2017-11-21 12:37:46 -05:00
Nick Mathewson
ea13a47791 add an explanatory comment about the error codes 2017-11-21 12:36:32 -05:00
teor
03b18f6288
Fix a confusing comment about tie-breaking in compute_routerstatus_consensus()
Closes bug 24372.
2017-11-22 02:27:28 +11:00
Neel Chauhan
83b8034a98
Introduce node_get_curve25519_onion_key() in extend_info_from_node() 2017-11-22 02:20:54 +11:00
teor
d7833c9d27
Avoid crashing if we call num_usable_bridges() when bridges are not enabled
This applies the changes in 23524 to num_usable_bridges(), because it has
replaced any_bridge_descriptors_known().

The original changes file still applies.
2017-11-22 02:01:51 +11:00
teor
690f646bf8
Stop checking cached bridge descriptors for usable bridges
Stop checking for bridge descriptors when we actually want to know if
any bridges are usable. This avoids potential bootstrapping issues.
Fixes bug 24367; bugfix on 0.2.0.3-alpha.

Stop stalling when bridges are changed at runtime. Stop stalling when
old bridge descriptors are cached, but they are not in use.
Fixes bug 24367; bugfix on 23347 in 0.3.2.1-alpha.
2017-11-22 02:00:34 +11:00
Nick Mathewson
b1ab360eca Merge branch 'maint-0.3.2' 2017-11-20 14:35:26 -05:00
Nick Mathewson
da82e0b579 Merge branch 'bug23817_031' into maint-0.3.2 2017-11-20 14:29:50 -05:00
George Kadianakis
69f93f806c Check number of usable guards when applying md restrictions.
We used to check whether we have enough filtered guards (guard set when
torrc is applied) but that's not good enough, since that might be bad in
some cases where many guards are not reachable (might cause overblocking
and hence reacahbility issues).

We now check if we have enough reachable filtered guards before applying
md restrictions which should prevent overblocking.
2017-11-20 14:28:56 -05:00
Nick Mathewson
729f9a286c Merge branch 'maint-0.3.2' 2017-11-20 13:22:10 -05:00
Nick Mathewson
846df5b3cd Merge remote-tracking branches 'public/ticket24315_029' and 'public/bug24198_029' into maint-0.3.2 2017-11-20 13:20:25 -05:00
Nick Mathewson
68c21860e3 Add another assertion to check for 24086 root causes
In cdm_diff_ht_set_status(), we shouldn't have been allowing the
status CDM_DIFF_PRESENT to be set if there wasn't actually a handle.
2017-11-20 11:06:31 -05:00
Nick Mathewson
3bb29dd707 Correctly handle partial success in consensus diff calculation.
Previously, if store_multiple() reported a partial success, we would
store all the handles it gave us as if they had succeeded.  But it's
possible for the diff to be only partially successful -- for
example, if LZMA failed but the other compressors succeeded.

Fixes bug 24086; bugfix on 0.3.1.1-alpha.
2017-11-20 11:04:37 -05:00
David Goulet
5d180309ea hs: Rename rend_service_add_ephemeral_status_t
Move it to hs_common.h and rename it "hs_service_add_ephemeral_status_t". It
will be shared between v2 and v3 services.

Part of #20699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
David Goulet
49f21b6ba3 control: Support HSv3 interface for ADD_ONION
At this commit, the key handling and generation is supported for a v3 service
(ED25519-V3). However, the service creation is not yet implemented. This only
adds the interface and code to deal with the new ED25519-V3 key type.

Tests have been updated for RSA key type but nothing yet for ED25519-v3.

Part of #20699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
David Goulet
660de600a0 control: Implement GETINFO hs/service/desc/id/<ADDR> for HSv3
Part of #20699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
David Goulet
0a3b295448 hs-v3: Add a lookup service current descriptor function
This will be used by the control port command "GETINFO
hs/service/desc/id/<ADDR>" which returns the encoded current descriptor for
the given onion address.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
David Goulet
e1d8e611c8 control: Implement GETINFO hs/client/desc/id/<ADDR> for HSv3
Part of #20699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
David Goulet
05766eae30 hs-v3: Add an encoded descriptor client cache lookup function
This commit adds hs_cache_lookup_encoded_as_client() function that returns the
encoded descriptor for a given service public key. This will be needed by the
"GETINFO hs/client/desc/id/<ADDR>" control port command.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
Nick Mathewson
c8ee12b2e8 Recover better from empty/invalid storagedir files
If we can't read a file because of an FS issue, we say "we can't
read that" and move on.  But if we can't read it because it's empty,
because it has no labels, or because its labels are misformatted, we
should remove it.

Fixes bug 24099; bugfix on 0.3.1.1-alpha.
2017-11-20 10:14:41 -05:00
Nick Mathewson
cabcb752d7 In storagedir, take more care with errno on empty or mislabeled file
Required for 24099 fix -- we won't be able to act based on errno
unless we can trust it.
2017-11-20 10:10:13 -05:00
Nick Mathewson
04812e59df Merge branch 'maint-0.3.2' 2017-11-20 08:39:39 -05:00
Nick Mathewson
e0f7a2dbd4 Merge branch 'bug23681_029_01_squashed' into maint-0.3.2 2017-11-20 08:39:34 -05:00
David Goulet
981bb60575 circuit: Don't timeout opened C_INTRODUCING circuit
A circuit with purpose C_INTRODUCING means that its state is opened but the
INTRODUCE1 cell hasn't been sent yet. We shouldn't consider that circuit when
looking for timing out "building circuit". We have to wait on the rendezvous
circuit to be opened before sending that cell so the intro circuit needs to be
kept alive for at least that period of time.

This patch makes that the purpose C_INTRODUCING is ignored in the
circuit_expire_building() which means that we let the circuit idle timeout
take care of it if we end up never using it.

Fixes #23681

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 08:33:44 -05:00
Nick Mathewson
7358559524 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-18 11:02:42 -05:00
Nick Mathewson
2d849716df Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-18 11:02:08 -05:00
Nick Mathewson
53c3174ee4 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-18 11:01:43 -05:00
Nick Mathewson
d388f9d879 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-18 11:01:33 -05:00
Nick Mathewson
43e0472fcf Move an assertion to make scan-build happy again. 2017-11-18 10:51:23 -05:00
Nick Mathewson
7813b0e0ed Merge branch 'maint-0.3.2' 2017-11-18 10:27:29 -05:00
Nick Mathewson
d45bf0c65c Add an extra check in test_entrynodes
This check makes it so we can reach "done" without setting "conn",
and so the "if (conn)" check will not be redundant, and so coverity
won't complain.  Fixes CID 1422205.  Not actually a bug.
2017-11-18 10:26:45 -05:00
Nick Mathewson
b9bce4288e Merge branch 'maint-0.3.2' 2017-11-18 10:23:52 -05:00
Nick Mathewson
a5b8b55c1c Fix memory leak in unit test for bridge distribution config.
Also, check for the actual message, and fix some string confusion,
while we're at it.

Fixes bug 24345; bugfix on 0.3.2.3-alpha.
2017-11-18 10:22:14 -05:00
Nick Mathewson
2f086888b1 Make all the crypto free() functions macros that clear their targets 2017-11-17 12:01:30 -05:00
Nick Mathewson
94db8f32e4 Make all the free() functions from container.h clear their targets 2017-11-17 12:01:19 -05:00
Nick Mathewson
c1bdb80aba Add a macro to call a free_ function and clear a variable 2017-11-17 11:45:47 -05:00
Nick Mathewson
fcdec00685 Merge branch 'maint-0.3.2' 2017-11-17 09:59:26 -05:00
Nick Mathewson
3a5ca47d8f Fix a clang unitialized-var warning 2017-11-17 09:57:52 -05:00
George Kadianakis
7e52947d57 Intoduce unittest for skipping outdated dirservers. 2017-11-17 09:57:46 -05:00
Nick Mathewson
9fbc835f10 Fix a wide comment 2017-11-17 09:57:15 -05:00
Nick Mathewson
2cee26b164 Merge branch 'bug23817_031' into maint-0.3.2 2017-11-17 09:56:53 -05:00
Nick Mathewson
96b69942a5 Make should_set_md_dirserver_restriction() look at num filtered guards
This seems closer to what the code intended.
2017-11-17 09:52:41 -05:00
George Kadianakis
c400ffc2e8 Skip dirserver restrictions in small networks. 2017-11-17 09:52:41 -05:00
George Kadianakis
f61e3090fb Introduce new guard restriction and use it to skip outdated dirs. 2017-11-17 09:52:40 -05:00
George Kadianakis
7fc64f02a3 Introduce cache for outdated microdesc dirservers.
We gonna use this cache to avoid dirservers without outdated md info.
2017-11-17 09:52:40 -05:00
Nick Mathewson
94dce246ee Merge branch 'maint-0.3.2' 2017-11-17 09:26:11 -05:00
Matt Traudt
b98614f1af Only log about lost KIST support once 2017-11-17 09:25:47 -05:00
Nick Mathewson
cfacd44240 Merge branch 'maint-0.3.2' 2017-11-17 09:23:07 -05:00
Nick Mathewson
85778dc92d Merge remote-tracking branch 'dgoulet/bug23861_032_01' into maint-0.3.2 2017-11-17 09:23:04 -05:00
Neel Chauhan
eb793c31cf Add error message for exit_node in hs_circ_send_introduce1() 2017-11-17 08:42:07 -05:00
Neel Chauhan
b8addf9746 Use memset() on intro1_data in hs_circ_send_introduce1() 2017-11-17 08:42:07 -05:00
Neel Chauhan
27d34f36e0 Add smartlist_add() to get_lspecs_from_node) 2017-11-17 08:42:07 -05:00
Nick Mathewson
368dc1003e Merge branch 'maint-0.3.2' 2017-11-17 08:35:56 -05:00
Nick Mathewson
3a364309ac Merge branch 'bug24167_025' into maint-0.3.2 2017-11-17 08:35:52 -05:00
Nick Mathewson
4ef70ff389 Merge branch 'maint-0.3.2' 2017-11-17 08:35:04 -05:00
Nick Mathewson
0571015819 Merge branch 'ticket24097_032' into maint-0.3.2 2017-11-17 08:35:01 -05:00
Nick Mathewson
4b56df9874 Merge branch 'maint-0.3.2' 2017-11-17 08:34:23 -05:00
Nick Mathewson
2d3904aba6 Check the libc version to decide whether to allow openat. 2017-11-16 14:06:38 -05:00
Nick Mathewson
d2d6a1b082 Make our seccomp2 sandbox handle Glibc 2.26
There are three changes here:
  * We need to allow epoll_pwait.
  * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
  * We need to use openat() instead of open().

Note that this fix is not complete, since the openat() change is
turned off.  The next commit will make the openat() change happen
when we're running glibc 2.26 or later.

Fix for 24315.
2017-11-16 13:56:22 -05:00
Nick Mathewson
7461cd3067 Permit kill(pid, 0) in the seccomp2 sandbox.
We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
2017-11-16 12:44:47 -05:00
Nick Mathewson
95238eb917 Fix a traceback when closing a blocked connection "immediately".
When we close a connection via connection_close_immediately, we kill
its events immediately. But if it had been blocked on bandwidth
read/write, we could try to re-add its (nonexistent) events later
from connection_bucket_refill -- if we got to that callback before
we swept the marked connections.

Fixes bug 24167.  Fortunately, this hasn't been a crash bug since we
introduced connection_check_event in 0.2.9.10, and backported it.

This is a bugfix on commit 89d422914a, I believe, which
appeared in Tor 0.1.0.1-rc.
2017-11-16 12:05:56 -05:00
David Goulet
380a95116a relay: Avoid extra LOG_NOTICE for every new descriptor batch
Commit 56c5e282a7 suppressed that same log
statement in directory_info_has_arrived() for microdescriptors so do the same
for the descriptors. As the commit says, we already have the bootstrap
progress for this.

Fixes #23861

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-16 10:57:05 -05:00
Nick Mathewson
2a98fcb848 Downgrade evdns warnings about weird replies.
evdns is allowed to give us unrecognized object types; it is allowed
to give us non-IPv4 answer types, and it is (even) allowed to give
us empty answers without an error.

Closes ticket 24097.
2017-11-16 09:30:19 -05:00
Nick Mathewson
93dbce4ddd Log a better message if a router we're re-adding is expired.
Addresses ticket 20020.
2017-11-16 08:35:06 -05:00
Nick Mathewson
ef55a7a69a Tweak the message when we re-enable CBT.
Implements ticket 20963.
2017-11-15 14:42:59 -05:00
Nick Mathewson
ceeacc734d Merge branch 'maint-0.3.2' 2017-11-15 14:25:25 -05:00
Nick Mathewson
ae8683621a Merge remote-tracking branch 'asn/bug23662_032' into maint-0.3.2 2017-11-15 14:25:20 -05:00
Nick Mathewson
6aeabd454e Reindent the body of get_data_directory()
I don't know why it wasn't indented properly, but we may as well fix
it now.
2017-11-14 15:56:25 -05:00
Nick Mathewson
192be00691 Make the DataDirectory option immutable.
By convention, the torrc options that the user sets are
unchangeable.  If we need to change them, we should be using a copy
that's stored in another field

To avoid trouble, I'm keeping DataDirectory as the name for the
field that the rest of Tor uses, and using DataDirectory_option for
the confparse-controlled field.

This commit also modernizes some older string handling code in the
DataDirectory normalization function.
2017-11-14 15:54:36 -05:00
Nick Mathewson
bf8a7201ce Remove remove_file_if_very_old() -- nothing calls it. 2017-11-14 15:33:58 -05:00
Nick Mathewson
702a13c9d3 Merge branch 'maint-0.3.2' 2017-11-14 14:45:11 -05:00
Nick Mathewson
6dc784bdb3 Merge remote-tracking branch 'dgoulet/bug24230_032_01' into maint-0.3.2 2017-11-14 14:45:07 -05:00
George Kadianakis
c4a56ed5c2 Silence a warning about failed descriptor uploads.
Due to #23662 this can happen under natural causes and does not disturb
the functionality of the service. This is a simple 0.3.2 fix for now,
and we plan to fix this properly in 0.3.3.
2017-11-14 17:16:33 +02:00
Nick Mathewson
9f2efd02a1 Minimal implementation of bridge-distribution-request
Just advertise the line when we're a bridge, using "any" if we're
published or "none" if we aren't.

This is done in lieu of a full backport of #18329.
2017-11-13 20:44:51 -05:00
Nick Mathewson
1d5e693b63 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-13 20:36:04 -05:00
Nick Mathewson
50fbede459 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 20:36:04 -05:00
Nick Mathewson
1b9bb2c847 Merge branch 'bug22895_027' into maint-0.2.9 2017-11-13 20:35:59 -05:00
Nick Mathewson
fea5c8a015 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 12:57:58 -05:00
Nick Mathewson
543fd89fb7 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-13 12:57:58 -05:00
Nick Mathewson
800797e7f3 Merge branch 'bug23291_028' into maint-0.2.8 2017-11-13 12:57:55 -05:00
Nick Mathewson
0c6d05cdd4 Merge branch 'maint-0.3.2' 2017-11-13 12:27:44 -05:00
Nick Mathewson
d0b75b5ade Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-13 12:27:36 -05:00
David Goulet
7df28ce299 hs-v3: Fix consensus param "hsdir-interval" name
The dir-spec.txt specifies it to be "hsdir_interval" (underscore).

Fixes #24262

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-13 11:48:56 -05:00
Nick Mathewson
0b4e59b7c6 Merge remote-tracking branch 'sebastian/bug24137' 2017-11-13 11:32:35 -05:00
Nick Mathewson
3300a6e93a Merge remote-tracking branch 'arma/ticket23637' into maint-0.3.2 2017-11-13 11:20:20 -05:00
Nick Mathewson
16bdb9e365 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:18:02 -05:00
Nick Mathewson
91188540af Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-13 11:18:02 -05:00
Nick Mathewson
ab415ae950 Merge remote-tracking branch 'teor/bug23470-029' into maint-0.2.9 2017-11-13 11:17:58 -05:00
Nick Mathewson
9092e9019a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:15:50 -05:00
Nick Mathewson
666653758d Merge branch 'bug8185_025' into maint-0.2.9 2017-11-13 11:15:47 -05:00
Nick Mathewson
0fc2b7f82e Merge branch 'bug8185_031' into maint-0.3.1 2017-11-13 11:15:40 -05:00
Nick Mathewson
ece63105d9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:13:22 -05:00
Nick Mathewson
c928fb988a Merge branch 'ticket21953_029' into maint-0.2.9 2017-11-13 11:13:18 -05:00
Nick Mathewson
fdefda95bc Add corresponding rust-c coupling comments to C 2017-11-13 10:03:46 -05:00
Nick Mathewson
edf3d6b7ee Merge remote-tracking branch 'chelseakomlo/24032-cargo-rust-sync' 2017-11-13 09:59:10 -05:00
Nick Mathewson
a5ef2b619d Make node_get_curve25519_onion_key() return a const ptr 2017-11-12 17:07:16 -05:00
Nick Mathewson
f92736517b Merge branch 'bug23577_squashed' 2017-11-12 17:05:39 -05:00
Neel Chauhan
fb718e9912 Make setup_introduce1_data() take a node_t instead of an extend_info_t
Clients add rendezvous point IPv6 addresses to introduce cell link specifiers,
when the node has a valid IPv6 address.

Also check the node's IPv4 address is valid before adding any link specifiers.

Implements #23577.
2017-11-12 17:05:25 -05:00
Neel Chauhan
0ee50a414c Introduce node_get_curve25519_onion_key() 2017-11-12 17:05:25 -05:00
Chelsea Holland Komlo
1c50331b9a annotate where C and Rust need to stay in sync 2017-11-11 23:19:34 -05:00
Nick Mathewson
11eaf208c0 Merge branch 'bug24247_032' 2017-11-11 14:46:33 -05:00
Nick Mathewson
a7ca71cf6b Fix mock_crypto_pk_public_checksig__nocheck() to handle short RSA keys
This function -- a mock replacement used only for fuzzing -- would
have a buffer overflow if it got an RSA key whose modulus was under
20 bytes long.

Fortunately, Tor itself does not appear to have a bug here.

Fixes bug 24247; bugfix on 0.3.0.3-alpha when fuzzing was
introduced.  Found by OSS-Fuzz; this is OSS-Fuzz issue 4177.
2017-11-11 14:44:45 -05:00
Nick Mathewson
ef92511577 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-11 12:23:34 -05:00
Nick Mathewson
512dfa15ed Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-11 12:23:34 -05:00
Nick Mathewson
f8707e4f6c Merge branch 'maint-0.3.2' 2017-11-11 12:23:34 -05:00
Nick Mathewson
9666c620d5 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-11 12:23:33 -05:00
Nick Mathewson
c9b76a12f5 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-11 12:23:33 -05:00
Nick Mathewson
5348c8996f Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-11 12:23:33 -05:00
David Goulet
42ce6f78c8 control: Fix wrong Action on failure to upload an HS descriptor
On failure to upload, the HS_DESC event would report "UPLOAD_FAILED" as the
Action but it should have reported "FAILED" according to the spec.

Fixes #24230

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-10 15:31:31 -05:00
Karsten Loesing
6f8c32b7de Update geoip and geoip6 to the November 6 2017 database. 2017-11-10 10:14:09 +01:00
Nick Mathewson
039a776367 slight improvement to rust idiomicity 2017-11-09 09:48:52 -05:00
Nick Mathewson
c80bb04542 Rust implementation of protocol_list_supports_protocol_or_later() 2017-11-09 09:42:09 -05:00
Nick Mathewson
6ea3db6fa7 Fix unit test behavior: we need to be in STATE_LIVE. 2017-11-09 09:30:43 -05:00
Nick Mathewson
552218437c Merge branch 'ticket12062_squashed' 2017-11-09 09:20:55 -05:00
Nick Mathewson
0c6eabf088 Audit all of the "is the network turned off" checks.
DisableNetwork is a subset of net_is_disabled(), which is (now) a
subset of should_delay_dir_fetches().

Some of these changes are redundant with others higher or lower in
the call stack.  The ones that I think are behavior-relevant are
listed in the changes file.  I've also added comments in a few
places where the behavior is subtle.

Fixes bug 12062; bugfix on various versions.
2017-11-09 09:19:42 -05:00
Nick Mathewson
0626031564 Merge branch 'ticket20895' 2017-11-09 09:17:53 -05:00
Nick Mathewson
59c1016aba Merge branch 'maint-0.3.2' 2017-11-09 08:17:46 -05:00
Nick Mathewson
aa1d90b40c Merge branch 'bug23985_029' into maint-0.3.2 2017-11-09 08:15:46 -05:00
Nick Mathewson
ce3d5da0d2 Merge branch 'maint-0.3.2' 2017-11-09 08:02:36 -05:00
Nick Mathewson
40c64f45f0 Re-remove AllowDotExit deprecation.
This was accidentally reintroduced in 5a46074e55.  It should be
harmless, though: the option is obsolete, so calling it deprecated
is redundant.
2017-11-09 07:58:27 -05:00
Nick Mathewson
c8859582a2 bump to 0.3.2.4-alpha-dev 2017-11-08 16:44:53 -05:00
Nick Mathewson
7556636ac2 Merge branch 'maint-0.3.2' 2017-11-08 14:59:18 -05:00
David Goulet
fa70aabb62 dirauth: Recalculate voting schedule at first vote
Commit e67f4441eb introduced a safeguard against
using an uninitialized voting schedule object. However, the dirvote_act() code
was looking roughly at the same thing to know if it had to compute the timings
before voting with this condition:

  if (!voting_schedule.voting_starts) {
    ...
    dirvote_recalculate_timing(options, now);
  }

The sr_init() function is called very early and goes through the safeguard
thus the voting schedule is always initilized before the first vote.

That first vote is a crucial one because we need to have our voting schedule
aligned to the "now" time we are about to use for voting. Then, the schedule
is updated when we publish our consensus or/and when we set a new consensus.
From that point on, we only want to update the voting schedule through that
code flow.

This "created_on_demand" is indicating that the timings have been recalculated
on demand by another subsystem so if it is flagged, we know that we need to
ignore its values before voting.

Fixes #24186

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-08 14:46:49 -05:00
Nick Mathewson
90fb57ec18 Merge branch 'maint-0.3.2' 2017-11-08 13:26:50 -05:00
Nick Mathewson
0dc55fb247 Don't delay descriptor fetches when missing info needed for circuits
When we have fewer than 15 descriptors to fetch, we will delay the
fetch for a little while.  That's fine, if we can go ahead and build
circuits... but if not, it's a poor choice indeed.

Fixes bug 23985; bugfix on 0.1.1.11-alpha.

In 0.3.0.3-alpha, when we made primary guard descriptors necessary
for circuit building, this situation got worse.
2017-11-08 13:22:16 -05:00
Nick Mathewson
31a907881e downgrade severity for get_voting_schedule() 2017-11-08 11:50:57 -05:00
Nick Mathewson
d1a1d95c41 Merge branch 'maint-0.3.2' 2017-11-08 11:02:51 -05:00
Nick Mathewson
02f05f2de2 Merge remote-tracking branch 'dgoulet/bug23751_032_01' into maint-0.3.2 2017-11-08 10:56:33 -05:00
Nick Mathewson
c74a817e83 Merge branch 'bug23318-redux_029' into maint-0.3.2 2017-11-08 10:47:22 -05:00
teor
6e4ebd41bb Stop calculating total twice in frac_nodes_with_descriptors()
Cleanup after 23318.
2017-11-08 10:45:18 -05:00
teor
4f944cc4cc Check arguments and initialise variables in compute_weighted_bandwidths()
Cleanup after 23318.
2017-11-08 10:45:18 -05:00
teor
fcaa4ab824 Actually log the total bandwidth in compute_weighted_bandwidths()
Fixes bug 24170; bugfix on 0.2.4.3-alpha.
2017-11-08 10:45:18 -05:00
teor
14b0bba06e Use node counts in networks with all zero-bandwidths
When calculating the fraction of nodes that have descriptors, and all
all nodes in the network have zero bandwidths, count the number of nodes
instead.

Fixes bug 23318; bugfix on 0.2.4.10-alpha.
2017-11-08 10:45:18 -05:00
Nick Mathewson
3c03e237ab Remove an erroneous 0.5 in compute_weighted_bandwidths()
Back in 0.2.4.3-alpha (e106812a77), when we switched from using
double to using uint64 for selecting by bandwidth, I got the math
wrong: I should have used llround(x), or (uint64_t)(x+0.5), but
instead I wrote llround(x+0.5).  That means we would always round
up, rather than rounding to the closest integer

Fixes bug 23318; bugfix on 0.2.4.3-alpha.
2017-11-08 10:45:18 -05:00
David Goulet
dcabf801e5 sched: Ignore closed channel after flushing cells
The flush cells process can close a channel if the connection write fails but
still return that it flushed at least one cell. This is due because the error
is not propagated up the call stack so there is no way of knowing if the flush
actually was successful or not.

Because this would require an important refactoring touching multiple
subsystems, this patch is a bandaid to avoid the KIST scheduler to handle
closed channel in its loop.

Bandaid on #23751.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-08 09:44:39 -05:00
Nick Mathewson
c2c1fa6b95 Merge branch 'maint-0.3.2' 2017-11-08 08:13:14 -05:00
Nick Mathewson
e5a83062ed Merge branch 'bug23816_029_squashed' into maint-0.3.2 2017-11-08 08:11:22 -05:00
Nick Mathewson
cb29687e93 Replace our random-exponential-delay algorithm.
This patch has implementations of the "decorrelated" and "full"
algorithms from https://www.awsarchitectureblog.com/2015/03/backoff.html
2017-11-08 07:56:16 -05:00
Nick Mathewson
b780e84f25 Merge branch 'maint-0.3.2' 2017-11-07 20:36:04 -05:00
Nick Mathewson
3dc61a5d71 Revert "Remove an erroneous 0.5 in compute_weighted_bandwidths()"
This reverts commit 01e984870a.
2017-11-07 20:35:19 -05:00
Nick Mathewson
ea5ea5f554 Merge branch 'maint-0.3.2' 2017-11-07 14:01:10 -05:00
Nick Mathewson
c58471325a Merge remote-tracking branch 'dgoulet/bug24161_032_01' into maint-0.3.2 2017-11-07 14:00:18 -05:00
Nick Mathewson
c7d1d1ad2e Bump to 0.3.2.4-alpha 2017-11-07 13:22:27 -05:00
David Goulet
e67f4441eb Add a safe guard to avoid using a zeroed voting schedule
dirvote_get_next_valid_after_time() is the only public function that uses the
voting schedule outside of the dirvote subsystem so if it is zeroed,
recalculate its timing if we can that is if a consensus exists.

Part of #24161

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-07 11:14:45 -05:00
David Goulet
8171d9f50f Recalculate voting schedule first when getting a new consensus
Because the HS and SR subsystems can use the voting schedule early (with the
changes in #23623 making the SR subsystem using the static voting schedule
object), we need to recalculate the schedule very early when setting the new
consensus.

Fixes #24161

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-07 11:08:12 -05:00
Nick Mathewson
c6c4a421fd Merge branch 'maint-0.3.2' 2017-11-07 09:58:53 -05:00
Nick Mathewson
9d848ca58a Merge remote-tracking branch 'asn/ticket23623_032_01' into maint-0.3.2 2017-11-07 09:58:42 -05:00
Nick Mathewson
0227aab1b7 Merge branch 'maint-0.3.2' 2017-11-06 13:01:56 -05:00
Nick Mathewson
7d767706ef Merge branch 'bug24150_032_squashed' into maint-0.3.2 2017-11-06 12:59:23 -05:00
Nick Mathewson
5240afa713 Fix a memory leak on decryption non-failure of v3 hsdesc
If it decrypts something that turns out to start with a NUL byte,
then decrypt_desc_layer() will return 0 to indicate the length of
its result.  But 0 also indicates an error, which causes the result
not to be freed by decrypt_desc_layer()'s callers.

Since we're trying to stabilize 0.3.2.x, I've opted for the simpler
possible fix here and made it so that an empty decrypted string will
also count as an error.

Fixes bug 24150 and OSS-Fuzz issue 3994.

The original bug was present but unreachable in 0.3.1.1-alpha. I'm
calling this a bugfix on 0.3.2.1-alpha since that's the first version
where you could actually try to decrypt these descriptors.
2017-11-06 12:59:11 -05:00
Nick Mathewson
02a4c641da Merge branch 'maint-0.3.2' 2017-11-06 10:16:19 -05:00
Nick Mathewson
bebdd91058 Fix a 32-bit formatting warning 2017-11-06 10:16:10 -05:00
Nick Mathewson
7097c4a37a Merge remote-tracking branch 'dgoulet/bug24053_033_01' 2017-11-06 10:04:22 -05:00
Nick Mathewson
3beb3dac2d Merge branch 'maint-0.3.2' 2017-11-06 09:49:06 -05:00
Nick Mathewson
c80293706f Merge remote-tracking branch 'public/bug23318_029' into maint-0.3.2 2017-11-06 09:48:51 -05:00
Nick Mathewson
f755f9b9e6 Merge branch 'maint-0.3.2' 2017-11-05 14:41:53 -05:00
Nick Mathewson
9f3d9c68ab Merge branch 'bug21394_029' into maint-0.3.2 2017-11-05 14:39:37 -05:00
Sebastian Hahn
9827574308 Fix DNS resolution on busy exit relays
Thanks to Dhalgren who analyzed this issue two years ago and found a
solution!
2017-11-05 14:36:32 -05:00
Nick Mathewson
9f650b24e9 Merge branch 'maint-0.3.2' 2017-11-05 14:09:21 -05:00
Alex Xu (Hello71)
a72e13a669 Fix rust welcome message typo. 2017-11-05 13:58:51 -05:00
Sebastian Hahn
d3fee8b823 ClientDNSRejectInternalAddresses in non-default networks
Once again allow the flag to be set, unless the default network is used.
Thanks to nickm for a suggestion for the workaround to a test failure.
2017-11-04 18:31:02 +01:00
Sebastian Hahn
e491c05f96 Undo deprecation of ClientDNSRejectInternalAddresses 2017-11-04 18:31:00 +01:00
Sebastian Hahn
5a46074e55 Revert "Make ClientDNSRejectInternalAddresses testing-only."
This reverts commit 27fa4a98d2.
2017-11-04 18:30:59 +01:00
Sebastian Hahn
e24df58245 fixup! Allow bootstrapping networks to have Exit flags 2017-11-04 04:18:32 +01:00
Sebastian Hahn
4d6b679318 Allow bootstrapping networks to have Exit flags
Relevant for non-test networks
2017-11-03 23:07:30 +01:00
Nick Mathewson
cceb43c5e3 Merge branch 'maint-0.3.2' 2017-11-02 10:34:08 -04:00
David Goulet
0386280487 nodelist: Downgrade warning to protocol warning
The node_get_ed25519_id() warning can actually be triggered by a relay flagged
with NoEdConsensus so instead of triggering a warning on all relays of the
network, downgrade it to protocol warning.

Fixes #24025

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-02 10:33:57 -04:00
Nick Mathewson
65d22dc2f2 Merge branch 'maint-0.3.2' 2017-11-02 10:32:18 -04:00
Nick Mathewson
cb42c62c9e Merge branch 'dgoulet_ticket23753_032_02_squashed' into maint-0.3.2 2017-11-02 10:30:42 -04:00
David Goulet
6dc591a024 sched: Rate limit scheduler_bug_occurred()
Just in case we end up hitting a SCHED_BUG() multiple times, rate limit the
log warning.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-02 10:30:33 -04:00
Matt Traudt
52050bb2c6 sched: Add another SCHED_BUG() callsite 2017-11-02 10:30:33 -04:00
David Goulet
3931a6f264 sched: Use SCHED_BUG() macro in scheduler
When a BUG() occurs, this macro will print extra information about the state
of the scheduler and the given channel if any. This will help us greatly to
fix future bugs in the scheduler especially when they occur rarely.

Fixes #23753

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-02 10:30:33 -04:00
Nick Mathewson
f865993653 Merge branch 'maint-0.3.2' 2017-11-02 10:26:30 -04:00
teor
27ea6fcd31 Test that IPv6-only clients can use microdescriptors
When running "make test-network-all", test that IPv6-only clients can use
microdescriptors. IPv6-only microdescriptor client support was fixed in
tor 0.3.0.1-alpha.

Requires chutney master 61c28b9 or later.

Closes ticket 24109.
2017-11-02 10:25:49 -04:00
Nick Mathewson
a46dcc0709 Merge branch 'maint-0.3.2' 2017-11-02 10:22:35 -04:00
Nick Mathewson
6a9a118f90 Tweak a comment for a minor but important distinction 2017-11-02 10:22:32 -04:00
Nick Mathewson
3aab8307a5 Merge branch 'ticket23820_032_01_squashed' into maint-0.3.2 2017-11-02 10:19:29 -04:00
teor
176bfe1bed Don't run IPv6-only v3 single onion service tests using chutney
Part of #23820.
2017-11-02 10:19:05 -04:00
teor
cc072b6fbf Stop users configuring IPv6-only v3 single onion services
They are not yet implemented: they will upload descriptors, but won't be
able to rendezvous, because IPv6 addresses in link specifiers are ignored.

Part of #23820.
2017-11-02 10:19:05 -04:00
teor
a4f34c1106 Improve v3 onion service logging for intro and rend points
Diagnostics for #23820.
2017-11-02 10:19:05 -04:00
teor
77ed99b1a7 Remove buggy IPv6 and ed25519 handling from get_lspecs_from_extend_info()
The previous version of this function had the following issues:
* it didn't check if the extend_info contained an IPv6 address,
* it didn't check if the ed25519 identity key was valid.
But we can't add IPv6 support in a bugfix release.

Instead, BUG() if the address is an IPv6 address, so we always put IPv4
addresses in link specifiers. And ignore missing ed25519 identifiers,
rather than generating an all-zero link specifier.

This supports v3 hidden services on IPv4, dual-stack, and IPv6, and
v3 single onion services on IPv4 only.

Part of 23820, bugfix on 0.3.2.1-alpha.
2017-11-02 10:19:05 -04:00
Nick Mathewson
a321f8f4af Merge branch 'buf_for_stringbuffer_squashed' 2017-11-02 10:01:30 -04:00
Nick Mathewson
8993159f3d Refactor geoip_get_dirreq_history to use buf_t 2017-11-02 10:00:32 -04:00
Nick Mathewson
3b30015143 Refactor connection_write_to_buf_impl_(); add one that takes a buf_t 2017-11-02 10:00:32 -04:00
Nick Mathewson
095e15f8ac Add a zero-copy buffer move implementation. 2017-11-02 10:00:32 -04:00
Nick Mathewson
5240d02a11 Refactor write_http_response_header_impl() to use buf_t 2017-11-02 10:00:32 -04:00
Nick Mathewson
d5ba4851bd Add buf_t API helpers for using buffers to construct outputs. 2017-11-02 10:00:32 -04:00
Roger Dingledine
7700b99fe6 easy typos while reviewing commits 2017-11-01 16:44:09 -04:00
Sebastian Hahn
acdd349dee rename {,TOR_}RUST_DEPENDENCIES 2017-11-01 13:45:15 -04:00
Nick Mathewson
cd606d5ad3 Merge remote-tracking branch 'public/owning_control_fd' 2017-11-01 13:28:31 -04:00
Nick Mathewson
ef25f957e7 Merge branch 'tor_api_squashed' 2017-11-01 13:22:16 -04:00
Nick Mathewson
221f5238ae tor_runner.c: Add a circumlocution and a caveat. 2017-11-01 13:22:09 -04:00
Nick Mathewson
8c49194505 Add more usage notes on tor_api.h 2017-11-01 13:22:09 -04:00
Nick Mathewson
8b313bd4ad Explain purpose, usage, and status of tor_runner.c 2017-11-01 13:22:09 -04:00
Nick Mathewson
e8682c8594 Add a small library to emulate tor_run_main() with exec() 2017-11-01 13:22:09 -04:00
Nick Mathewson
fa02ea102e Add a public tor_api.h with an implementation in tor_api.c
The main effect of this change is to commit to an extensible
long-term API.

Closes ticket 23684.
2017-11-01 13:22:09 -04:00
David Goulet
198ede5314 test: Fix SR initialization in routerlist test
Fixes #24053

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-01 11:39:52 -04:00
Roger Dingledine
9635843342 trivial comment fixes
done while i was trying to debug nearby code
2017-10-31 23:09:00 -04:00
David Goulet
bd631a649b test: Fix voting schedule for hs_service.c
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:49:31 -04:00
David Goulet
814f4c6967 test: Fix voting schedule for hs_common.c
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:49:19 -04:00
David Goulet
19d32fd0d6 test: Fix voting schedule for shared random
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:48:50 -04:00
Nick Mathewson
43cbcd3896 Merge branch 'maint-0.3.2' 2017-10-31 14:31:55 -04:00
Nick Mathewson
0627512368 Merge branch 'bug24082_032' into maint-0.3.2 2017-10-31 14:31:21 -04:00
Nick Mathewson
f9aed40156 Merge branch 'maint-0.3.2' 2017-10-31 14:18:52 -04:00
Nick Mathewson
c3ea1ccf04 double newline 2017-10-31 14:18:48 -04:00
David Goulet
33da5d7672 test: Initialize the voting schedule in test_dir.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:07:41 -04:00
Nick Mathewson
2b6f246652 Merge branch 'maint-0.3.2' 2017-10-31 14:04:34 -04:00
Nick Mathewson
8dffc46748 Merge branch 'hsdescv3_fuzz_more' into maint-0.3.2 2017-10-31 14:04:31 -04:00
Nick Mathewson
b76a161e01 Merge branch 'fix-torrcd-sandbox-22605v2' 2017-10-31 13:58:33 -04:00
Nick Mathewson
00e781142b Don't give "exitrelay may become 0 when no policy" warning on ReducedExitPolicy 2017-10-31 13:25:41 -04:00
Nick Mathewson
6e2f8de62d Fix: when BridgeRelay is set, you do not get any exit policy. 2017-10-31 13:25:41 -04:00
Neel Chauhan
b70e11ef6b Add code for letting user select Reduced Exit Policy 2017-10-31 13:25:41 -04:00
Nick Mathewson
4700ba6c3d Merge branch 'maint-0.3.2' 2017-10-31 12:19:42 -04:00
Nick Mathewson
3d93ec3ef4 Merge branch 'bug23762_032_02_squashed' into maint-0.3.2 2017-10-31 12:14:21 -04:00
David Goulet
5dbcd48f0e hs-v3: Attempt descriptor refetch when dirinfo changes
When the directory information changes, callback to the HS client subsystem so
it can check if any pending SOCKS connections are waiting for a descriptor. If
yes, attempt a refetch for those.

Fixes #23762

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 12:14:11 -04:00
Nick Mathewson
c9ad172dd4 Merge branch 'bug23571_033_squashed' 2017-10-31 11:59:18 -04:00
teor
e9f57e193d Consistently use braced blocks in hibernate_go_dormant() 2017-10-31 11:58:34 -04:00
teor
e57604183c When hibernating, close connections normally and allow them to flush
Bugfix on 7267 in 0.2.4.7-alpha
2017-10-31 11:58:34 -04:00
Nick Mathewson
5a21b27083 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-31 11:43:14 -04:00
Nick Mathewson
f2e23d38ab Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-31 11:43:14 -04:00
Nick Mathewson
7c59c751b0 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-31 11:43:14 -04:00
Nick Mathewson
cf98ca715c Merge branch 'maint-0.3.2' 2017-10-31 11:43:14 -04:00
Nick Mathewson
04d4786cc4 Merge remote-tracking branch 'public/bug23693_029' into maint-0.2.9 2017-10-31 11:43:07 -04:00
David Goulet
ce99ebf25d Make tor recalculate voting schedule even if not a dirauth
Because the HS subsystem needs the voting schedule to compute time period, we
need all tor type to do that.

Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 09:55:24 -04:00
Nick Mathewson
5dce134fbb Initialize the mock options in the fuzzing code
Fixes bug 24082; bugfix on 0.3.0.3-alpha.  Found by Brian Carpenter.
2017-10-30 17:05:26 -04:00
Nick Mathewson
332d6bf901 Merge branch 'maint-0.3.2' 2017-10-30 11:07:44 -04:00
Nick Mathewson
5bee5fbac7 Merge remote-tracking branch 'public/bug23774_032' into maint-0.3.2 2017-10-30 11:07:26 -04:00
Nick Mathewson
7515eefb70 remove errant ; 2017-10-27 17:58:50 -04:00
Nick Mathewson
26e0909e51 In the hsdescv3 fuzzer, replace the decryption function.
The new decryption function performs no decryption, skips the salt,
and doesn't check the mac.  This allows us to fuzz the
hs_descriptor.c code using unencrypted descriptor test, and exercise
more of the code.

Related to 21509.
2017-10-27 14:28:02 -04:00
Nick Mathewson
5e52beceb0 Only prototype rust_welcome_string() when it exists. 2017-10-27 13:03:24 -04:00
Nick Mathewson
69502942b0 [rust] Avoid a clone in contract_protocol_list() 2017-10-27 13:02:14 -04:00
Nick Mathewson
12f58b42a8 Allow test_rust.sh to run from outside the makefile
(This is just a matter of making sure that we handle the case where
abs_top_builddir is not set)
2017-10-27 12:54:52 -04:00
Nick Mathewson
6e08807b54 Add a build-rust alias to just rebuild the rust code. 2017-10-27 12:52:07 -04:00
Nick Mathewson
1e66ab363a [rust] Add "unsafe" to the testing-mode tor_malloc_ wrapper.
This change lets us remove the allow(unused_unsafe) directive
from allocate_and_copy_string().
2017-10-27 12:49:51 -04:00
Nick Mathewson
3a364529a4 Make distcleancheck pass with --enable-rust 2017-10-27 12:35:13 -04:00
Nick Mathewson
d5eea977be bump to 0.3.2.3-alpha-dev. 2017-10-27 12:33:13 -04:00
Nick Mathewson
2153814ba8 Include rust files in 'make dist' 2017-10-27 12:19:31 -04:00
Nick Mathewson
7f764bcba8 repair "make distcheck" 2017-10-27 11:59:15 -04:00
Nick Mathewson
f803c1bb17 declare shutdown_did_not_work_callback() with ATTR_NORETURN 2017-10-27 11:51:42 -04:00
Nick Mathewson
79e7c0af0e Add a comment about removing the failsafe event loop exit code 2017-10-27 11:15:43 -04:00
Nick Mathewson
0a10335d2e Clarify doc on tell_event_loop_to_run_external_code() 2017-10-27 11:14:37 -04:00
Nick Mathewson
30a681553f Merge remote-tracking branch 'public/exit_carefully' 2017-10-27 11:13:05 -04:00
Nick Mathewson
fa78546dbc Make sure all C files have copyright/license notices 2017-10-27 10:59:36 -04:00
Nick Mathewson
f5e9e2748f Merge branch 'protover-rust-impl_squashed' 2017-10-27 10:05:30 -04:00
Nick Mathewson
2ca8fcb892 Add missing copyright/license statements on all .rs files
(Yes, I have Chelsea's permission.)
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
6be75bd61d cargo fmt; fix line length warnings 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
90daad999e remove experimental rust features
allow unsafe on function that calls C
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
7999d0bf6b update tor_allocate and add tests 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
7d126b9db9 remove unused include.am for rust modules 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
cd2a036959 refactor smartlist for readability
limit scoping of unsafe, and other cleanup
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
91bca5c31b move to allocating c strings from rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
76bbdfbfa9 add tor allocator for rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
d14a83f74f remove unneeded dependencies, remove types where unnecessary 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
0c4d535972 refactor build infrastructure for single rust binary 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
be583a34a3 use tor allocator for string allocation in rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
0c04b54d4d minimize scope for unsafe
update documentation

missing check for null
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
d1820c1516 rust implementation of protover 2017-10-27 10:02:08 -04:00
David Goulet
7ee0a2b9aa sr: Don't use a dynamic voting schedule
The exposed get_voting_schedule() allocates and return a new object everytime
it is called leading to an awful lot of memory allocation when getting the
start time of the current round which is done for each node in the consensus.

Closes #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-27 09:23:37 -04:00
David Goulet
60164f057c dirvote: Move code. No behavior change
Needed for next commit to address #23623.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-27 09:23:18 -04:00
Nick Mathewson
fb88527195 update to 0.3.2.3-alpha 2017-10-27 08:59:07 -04:00
Nick Mathewson
a0f8c01004 Merge branch 'maint-0.3.2' 2017-10-27 08:05:04 -04:00
David Goulet
e598c6f6de hs-v3: Check the ed25519 key when picking intro point
If the intro point supports ed25519 link authentication, make sure we don't
have a zeroed key which would lead to a failure to extend to it.

We already check for an empty key if the intro point does not support it so
this makes the check on the key more consistent and symmetric.

Fixes #24002

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-26 14:54:20 -04:00
Nick Mathewson
4af1653e0f Merge branch 'maint-0.3.2' 2017-10-26 10:43:05 -04:00
David Goulet
c4ef21ff5e fuzzing: Make hsdescv3 use the decoding API correctly
Fixes #21509

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-26 09:52:15 -04:00
David Goulet
4d2de821ce Revert "Temporarily disable compilation of the v3 hs fuzzing code"
This reverts commit 5ef656e7d1.
2017-10-26 09:41:47 -04:00
George Kadianakis
42a47c0e7d Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-10-26 13:36:04 +03:00
George Kadianakis
cbc70437a7 Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-10-26 13:36:04 +03:00
teor
b4aa8fc3d9
Remove buggy IPv6 support from pick_intro_point() and service_intro_point_new()
The previous version of these functions had the following issues:
* they can't supply both the IPv4 and IPv6 addresses in link specifiers,
* they try to fall back to a 3-hop path when the address for a direct
  connection is unreachable, but this isn't supported by
  launch_rendezvous_point_circuit(), so it fails.
But we can't fix these things in a bugfix release.

Instead, always put IPv4 addresses in link specifiers.
And if a v3 single onion service can't reach any intro points, fail.

This supports v3 hidden services on IPv4, dual-stack, and IPv6, and
v3 single onion services on IPv4 only.

Part of 23820, bugfix on 0.3.2.1-alpha.
2017-10-26 17:02:46 +11:00
teor
20b0e9e07d
Remove buggy IPv6 support from hs_get_extend_info_from_lspecs()
The previous version of this function has the following issues:
* it doesn't choose between IPv4 and IPv6 addresses correctly, and
* it doesn't fall back to a 3-hop path when the address for a direct
  connection is unreachable.
But we can't fix these things in a bugfix release.

Instead, treat IPv6 addresses like any other unrecognised link specifier
and ignore them. If there is no IPv4 address, return NULL.

This supports v3 hidden services on IPv4, dual-stack, and IPv6, and
v3 single onion services on IPv4 only.

Part of 23820, bugfix on 0.3.2.1-alpha.
2017-10-26 14:38:06 +11:00
George Kadianakis
1a6814c096 Fix offending unittest and add changes file for #23862. 2017-10-25 20:22:52 +03:00
George Kadianakis
dfd3ed5bdc Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-10-25 20:22:52 +03:00
George Kadianakis
10c5eae3fa Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-10-25 20:22:52 +03:00
George Kadianakis
8c8d3b90f7 Add a unittest that reveals the offending case of #23862. 2017-10-25 20:22:52 +03:00
Nick Mathewson
c7a1a987d6 Merge branch 'maint-0.3.2' 2017-10-25 12:25:41 -04:00
David Goulet
9592797cf3 hs-v2: Copy needed information between service on prunning
Turns out that when reloading a tor configured with hidden service(s), we
weren't copying all the needed information between the old service object to
the new one.

For instance, the desc_is_dirty timestamp wasn't which could lead to the
service uploading its desriptor much later than it would need to.

The replaycache wasn't also moved over and some intro point information as
well.

Fixes #23790

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-25 11:21:28 -04:00
Nick Mathewson
f68c1b1406 bump to 0.3.1.8-dev 2017-10-25 09:28:05 -04:00
Nick Mathewson
4edbbee2fd bump to 0.3.0.12-dev 2017-10-25 09:27:50 -04:00
Nick Mathewson
46091a88ca bump to 0.2.9.13-dev 2017-10-25 09:27:23 -04:00
Nick Mathewson
9969b0dfda bump to 0.2.8.16-dev 2017-10-25 09:27:07 -04:00
Nick Mathewson
82f8b27ff5 bump to 0.2.5.15-dev 2017-10-25 09:26:53 -04:00
Nick Mathewson
e5c341eb7c Merge branch 'maint-0.3.2' 2017-10-24 19:43:13 -04:00
Nick Mathewson
3498183807 Turn a comment into a doxygen comment.
Crediting this * to teor, in penance for mis-crediting his x removal
to Isis.  The balance is restored.
2017-10-24 19:42:18 -04:00
Nick Mathewson
e7126a1030 Merge remote-tracking branch 'catalyst-oniongit/bug20532_031' into maint-0.3.2 2017-10-24 19:41:26 -04:00
Nick Mathewson
8d908b961f Merge branch 'maint-0.3.2' 2017-10-24 19:37:11 -04:00
Nick Mathewson
8cc57bccfe Isis has been noticing typos. 2017-10-24 19:37:09 -04:00
Nick Mathewson
b95ef19a77 Merge branch 'feature18329_029_squashed' into maint-0.3.2 2017-10-24 19:35:32 -04:00
Nick Mathewson
594cf92498 Merge branch 'feature18329_029_squashed' into maint-0.3.2 2017-10-24 19:35:28 -04:00
Nick Mathewson
f3af74ccf5 Updates to fix check-spaces/check-changes warnings 2017-10-24 19:35:16 -04:00
Nick Mathewson
44e8aaa9aa Adjust test to allow hyphens too. 2017-10-24 19:33:38 -04:00
Isis Lovecruft
02cde0d939 test: Add unittest for descriptors with BridgeDistribution option. 2017-10-24 19:26:24 -04:00
Isis Lovecruft
b0e10f23ba doc: Improve documentation for check_bridge_distribution_setting(). 2017-10-24 19:26:24 -04:00
Nick Mathewson
613b18f0af Always set bridge-distribution-request on bridges' descriptors.
Also, warn the user if the BridgeDistribution option is
unrecognized, and reject the value if it is invalid.
2017-10-24 19:26:24 -04:00
Roger Dingledine
ebab521525 Add new BridgeDistribution config option
Bridge relays can use it to add a "bridge-distribution-request" line
to their bridge descriptor, which tells BridgeDB how they'd like their
bridge address to be given out.

Implements tickets 18329.
2017-10-24 19:26:24 -04:00
Taylor Yu
9b60acd4d4 Rewrite bridge addresses earlier
Call rewrite_node_address_for_bridge() in
launch_direct_bridge_descriptor_fetch() in case there's an existing
node_t for it.
2017-10-24 17:35:17 -05:00
Nick Mathewson
649000662d Merge remote-tracking branch 'arma/ticket23637' 2017-10-24 12:52:41 -04:00
Nick Mathewson
5325e7ccab bump version in the other places :/ 2017-10-24 09:11:17 -04:00
Nick Mathewson
552b620280 bump version in the other places :/ 2017-10-24 09:11:07 -04:00
Nick Mathewson
cbb41ddfef bump to 0.3.1.8 2017-10-24 09:09:50 -04:00
Nick Mathewson
743eee4930 bump to 0.2.5.15 2017-10-24 09:09:00 -04:00
Nick Mathewson
abbd6a36fc Merge branch 'maint-0.3.2' 2017-10-24 08:25:29 -04:00
Nick Mathewson
0d4addfc73 Merge branch 'bug23952_032' into maint-0.3.2 2017-10-24 08:24:12 -04:00
Nick Mathewson
f0a6ea0bfd Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 15:55:48 -04:00
Nick Mathewson
f7707c9031 Merge branch 'maint-0.3.2' 2017-10-23 15:55:48 -04:00
Nick Mathewson
b1d6cf2508 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 15:55:48 -04:00
Nick Mathewson
9ae4ffc076 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 15:55:08 -04:00
Nick Mathewson
b1bd1bf19f Merge remote-tracking branch 'teor/bug23874-029' into maint-0.2.9 2017-10-23 15:53:45 -04:00
Nick Mathewson
48ee85e0c6 Have LOG_PROTOCOL_WARN call its own function
Also, make the function that implements LOG_PROTOCOL_WARN use a
cached value of the desired loglevel, rather than calling
get_options().
2017-10-23 12:22:26 -04:00
Nick Mathewson
af33fdd7c1 Remove the length limit from write_http_status_line
Fixes bug 23908; bugfix on 0.3.1.6-rc when we made the keypin
failure message really long.

Backport from 0.3.2's 771fb7e7ba,
where arma said "get rid of the scary 256-byte-buf landmine".
2017-10-23 09:21:22 -04:00
Nick Mathewson
fcd5c3144a Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 09:11:10 -04:00
Nick Mathewson
eac4c374e4 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 09:11:10 -04:00
Nick Mathewson
49e8352f16 Merge branch 'maint-0.3.2' 2017-10-23 09:11:10 -04:00
Nick Mathewson
6a7aa47357 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 09:11:10 -04:00
Nick Mathewson
85115796bb Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 09:11:10 -04:00
Nick Mathewson
a5f5bda462 Adjust test, now that there are 9 dirauths again 2017-10-23 09:11:07 -04:00
Nick Mathewson
1db5081ba1 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 09:06:34 -04:00
Nick Mathewson
c93ecb8189 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 09:06:34 -04:00
Nick Mathewson
d99c6b7252 Merge branch 'maint-0.3.2' 2017-10-23 09:06:34 -04:00
Nick Mathewson
009141c6a8 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 09:06:34 -04:00
Nick Mathewson
23e3d57e12 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 09:06:34 -04:00
Nick Mathewson
8cc147aa83 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-23 09:04:56 -04:00
David Goulet
15a699462d dirauth: Add bastet to the default authorities
Fixes #23910

Based on a patch by dgoulet; backported to 0.2.5
2017-10-23 09:03:36 -04:00
Nick Mathewson
97046436b2 Merge branch 'maint-0.3.2' 2017-10-23 08:59:12 -04:00
Nick Mathewson
c958fda6e2 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 08:59:11 -04:00
Nick Mathewson
783e458c07 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:59:11 -04:00
Nick Mathewson
b8dedaee74 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 08:59:11 -04:00
Nick Mathewson
df57d1e0c0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 08:59:11 -04:00
Nick Mathewson
9a1b385462 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-23 08:58:28 -04:00
Nick Mathewson
132e2f69b1 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 08:53:25 -04:00
Nick Mathewson
74e8fd22c9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:53:25 -04:00
Nick Mathewson
b68de63eb6 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 08:53:25 -04:00
Nick Mathewson
6f87a85897 Merge remote-tracking branch 'public/bug23690_028' into maint-0.2.8 2017-10-23 08:53:14 -04:00
Nick Mathewson
35574d4a9a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:47:58 -04:00
Nick Mathewson
fcaf3335b4 Merge remote-tracking branch 'public/bug23081_025' into maint-0.2.9 2017-10-23 08:47:52 -04:00
Nick Mathewson
d29e4c0597 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:46:29 -04:00
Nick Mathewson
68dea082e7 Merge remote-tracking branch 'public/bug22349_029' into maint-0.2.9 2017-10-23 08:46:26 -04:00
Nick Mathewson
a62f59f000 Mark "previously validated foo could not be set" blocks as unreachable. 2017-10-20 19:28:12 -04:00
Nick Mathewson
c4a07b261b Add unit tests for cases of starting with bogus keygen arguments
In particular, this tests that we give an appropriate warning when
we are told to use some keygen argument, but --keygen is not specified.
2017-10-20 19:27:48 -04:00
Nick Mathewson
3c99b810a4 Exit more carefully when options_act() fails.
Also, annotate options_act() with places where we should be
pre-validating values.
2017-10-20 11:39:17 -04:00
Nick Mathewson
1df43aff41 Return instead of exiting in options_init_from_torrc() 2017-10-20 11:39:17 -04:00
Nick Mathewson
853e73e815 Return from instead of exit()ing when ed25519 key check fails. 2017-10-20 11:39:17 -04:00
Nick Mathewson
c247a2df6b On locking failure, return -1 instead of exit()ing.
This is safe, since the only caller (options_act) will check the
return value, and propagate failure.
2017-10-20 11:39:17 -04:00
Nick Mathewson
9bafc3b1ef Replace most bad exits in main.c, hibernate.c
This should make most of the reasons that we hibernate cleaner.
2017-10-20 11:39:17 -04:00
Nick Mathewson
c82cc8acb5 Add a failsafe to kill tor if the new exit code doesn't work.
It _should_ work, and I don't see a reason that it wouldn't, but
just in case, add a 10 second timer to make tor die with an
assertion failure if it's supposed to exit but it doesn't.
2017-10-20 11:39:17 -04:00
Nick Mathewson
f0c3b62381 Expose a new function to make the event loop exit once and for all.
Instead of calling tor_cleanup(), exit(x), we can now call
tor_shutdown_event_loop_and_exit.
2017-10-20 11:39:17 -04:00
Nick Mathewson
78cbced45c Rename "tell_event_loop_to_finish" to "...run_external_code"
This function was never about 'finishing' the event loop, but rather
about making sure that the code outside the event loop would be run
at least once.
2017-10-20 09:59:48 -04:00
Nick Mathewson
35746a9ee7 Comment-only change: annotate exit() calls.
Sometimes when we call exit(), it's because the process is
completely hopeless: openssl has a broken AES-CTR implementation, or
the clock is in the 1960s, or something like that.

But sometimes, we should return cleanly from tor_main() instead, so
that embedders can keep embedding us and start another Tor process.

I've gone through all the exit() and _exit() calls to annotate them
with "exit ok" or "XXXX bad exit" -- the next step will be to fix
the bad exit()s.

First step towards 23848.
2017-10-19 13:42:28 -04:00
Nick Mathewson
0956242158 Mark some unreachable code in compat_winthreads.c as unreachable 2017-10-19 13:21:48 -04:00
Nick Mathewson
72b5e4a2db Move tor_git_revision into a new module.
At first, we put the tor_git_revision constant in tor_main.c, so
that we wouldn't have to recompile config.o every time the git
revision changed.  But putting it there had unintended side effect
of forcing every program that wanted to link libor.a (including
test, test-slow, the fuzzers, the benchmarks, etc) to declare their
own tor_git_revision instance.

That's not very nice, especially since we want to start supporting
others who want to link against Tor (see 23846).

So, create a new git_revision.c file that only contains this
constant, and remove the duplicated boilerplate from everywhere
else.

Part of implementing ticket 23845.
2017-10-18 13:49:35 -04:00
Nick Mathewson
f1bf9bf819 Add __OwningControllerFD to allow controllers without controlports
This feature should help programs that want to launch and manage a
Tor process, as well as programs that want to launch and manage a
Tor instance in a separate thread.  Right now, they have to open a
controlport, and then connect to it, with attendant authentication
issues.  This feature allows them to just start with an
authenticated connection.

Bug 23900.
2017-10-18 13:36:53 -04:00
Nick Mathewson
f0daaf8d60 Expose connection_init_accepted_conn. 2017-10-18 12:55:09 -04:00
Nick Mathewson
4eb5753bd2 New function for Tor to treat itself as the "owner" of a socket
Our socket accounting functions assumed that we'd never be asked to
close a socket that we didn't open ourselves.  But now we want to
support taking control sockets that we inherit -- so we need a way
of taking ownership of them, so we don't freak out later on when we
close them.
2017-10-18 12:17:44 -04:00
Nick Mathewson
5bcd8dc5c4 Make the mark_socket_open() no-op treat the socket as used.
This is preliminary for extracting the "take socket ownership" code
into its own function.
2017-10-18 12:13:26 -04:00
Nick Mathewson
5d219ecf98 Update Longclaw's IP address; fixes 23592. 2017-10-17 14:00:30 -04:00
Nick Mathewson
8652f3e9e8 Fix memory leak when freeing socket_table in KIST. 2017-10-17 13:40:31 -04:00
Nick Mathewson
d8604b8729 Merge branch 'teor_bug23813_squashed' 2017-10-15 20:36:23 -04:00
teor
eaf9c0f25a Describe what router_reset_descriptor_download_failures() actually does
Comment-only change.

Part of #23813.
2017-10-15 20:36:18 -04:00
teor
5bca66be49
Clear the address when node_get_prim_orport() returns early
Fixes bug 23874; bugfix on 0.2.8.2-alpha.
2017-10-15 16:48:36 -04:00
teor
67eeee0c71
Add a new consensus method that removes IPv6 address lines from microdescs
Implements #23828.
2017-10-15 12:31:39 -04:00
teor
56dbba3207
Add a consensus method for IPv6 address lines in the microdesc consensus
Implements #23826.
2017-10-15 12:31:06 -04:00
teor
b8d4588c90
Add a consensus_method argument to routerstatus_format_entry()
And pass ROUTERSTATUS_FORMAT_NO_CONSENSUS_METHOD when it's not applicable.

Preparation for #23826.
2017-10-15 12:09:52 -04:00
teor
305f947671
Improve the comment on networkstatus_compute_consensus() 2017-10-15 12:08:55 -04:00
Nick Mathewson
e00f12ec6c bump version on master to 0.3.3.0-alpha-dev 2017-10-15 11:57:06 -04:00
Nick Mathewson
bdf60fc7ce Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-05 11:03:36 -04:00
Nick Mathewson
0cd7c1af37 Merge branch 'maint-0.3.1' 2017-10-05 11:03:36 -04:00
Nick Mathewson
2984d99165 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-05 11:03:35 -04:00
Nick Mathewson
d6bdec1595 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-05 11:03:35 -04:00
Nick Mathewson
ad7db10770 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-05 11:03:35 -04:00
Karsten Loesing
b9d9b16b76 Update geoip and geoip6 to the October 4 2017 database. 2017-10-05 16:56:14 +02:00
David Goulet
469ee6e6fe hs-v3: Refactor client refetch function
Create a function that tells us if we can fetch or not the descriptor for the
given service key.

No behavior change. Mostly moving code but with a slight change so the
function can properly work by returning a boolean and also a possible fetch
status code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-04 15:50:22 -04:00
Taylor Yu
44e4a96bb5 Don't expect permission failure if running as root
Skip test_config_include_no_permission() when running as root, because
it will get an unexpected success from config_get_lines_include().
This affects some continuous integration setups.  Fixes bug 23758.
2017-10-04 08:42:05 -05:00
David Goulet
2e8de0de3b sched: Implement SCHED_BUG()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 14:43:09 -04:00
cathugger
9d90f9829c hs-v3: Always generate the public key file on disk
Fixes #23748

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 11:19:10 -04:00
Nick Mathewson
1e7e36da4b Merge branch 'bug23672_032_01_squashed' 2017-10-03 10:56:52 -04:00
David Goulet
30d2e0b71e test: Add an HS v3 descriptor fetch unit test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 10:56:46 -04:00
David Goulet
c232b6b59c hs-v3: Close pending SOCKS connection on descriptor fetch error
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 10:56:46 -04:00
Nick Mathewson
783a44b2cd Merge remote-tracking branch 'asn/bug23670' 2017-10-03 09:05:16 -04:00
George Kadianakis
f7306b16ec entrynodes: Better naming for dir info check functions. 2017-10-03 15:55:19 +03:00
Nick Mathewson
a6c62cbd13 Merge branch 'bug23678_032' 2017-10-03 08:18:08 -04:00
Nick Mathewson
f923aeee1b Follow-up on 23678: fix socks/wrong_protocol test 2017-10-03 08:17:41 -04:00
Nick Mathewson
f2e820c45f torcert.c: mark some lines unreachable by tests
These are related to handling of failures on functions which can't
fail.
2017-10-03 08:07:36 -04:00
Nick Mathewson
bb7288b2c3 Make the fp_pair_map tests cover {get,set}_by_digests 2017-10-03 08:07:36 -04:00
George Kadianakis
5352785d0c entrynodes: Error msg for missing guard descs is now more informative. 2017-10-03 14:41:20 +03:00
George Kadianakis
f2231306ba entrynodes: Move guard dirinfo check below path dirinfo check.
We do that because we want to use the path fraction dirinfo data in case
we are missing primary guard dirinfo.
2017-10-03 14:41:18 +03:00
George Kadianakis
c9729853a5 entrynodes: Be specific about how many primary descriptors we miss. 2017-10-03 14:39:34 +03:00
Nick Mathewson
d0cae9fbc5 bump master to 0.3.2.2-alpha-dev 2017-10-02 19:19:51 -04:00
Alexander Færøy
c61508f9aa
Bump version to 0.3.2.2-alpha.
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2017-10-02 19:23:32 +00:00
Nick Mathewson
ad4dcd7d1a Fix our "not an HTTP Proxy" message in light of HTTPTunnelPort
When we added HTTPTunnelPort, the answer that we give when you try
to use your SOCKSPort as an HTTP proxy became wrong.  Now we explain
that Tor sorta _is_ an HTTP proxy, but a SOCKSPort isn't.

I have left the status line the same, in case anything is depending
on it.  I have removed the extra padding for Internet Explorer,
since the message is well over 512 bytes without it.

Fixes bug 23678; bugfix on 0.3.2.1-alpha.
2017-10-02 12:53:13 -04:00
Nick Mathewson
c50c98ba6a Make changes in server_mode() affect workers; fix a crash.
Without this fix, changes from client to bridge don't trigger
transition_affects_workers(), so we would never have actually
initialized the cpuworkers.

Fixes bug 23693.  Bugfix on 3bcdb26267 0.2.6.3-alpha, which
fixed bug 14901 in the general case, but not on the case where
public_server_mode() did not change.
2017-10-02 11:11:30 -04:00
Nick Mathewson
dddae36f5e Merge remote-tracking branch 'dgoulet/ticket23696_032_01' 2017-09-29 17:46:50 -04:00
Nick Mathewson
ca2e7eabc2 Merge branches 'bug8185_031' and 'bug8185_diagnostic_032' 2017-09-29 17:26:40 -04:00
David Goulet
070064de89 sched: Always initialize scheduler_last_run to now
Because our monotonic time interface doesn't play well with value set to 0,
always initialize to now() the scheduler_last_run at init() of the KIST
scheduler.

Fixes #23696

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-29 14:07:55 -04:00
Matt Traudt
3ef7e6f187 sched: Don't get KIST stuck in an infinite loop
When a channel is scheduled and flush cells returns 0 that is no cells to
flush, we flag it back in waiting for cells so it doesn't get stuck in a
possible infinite loop.

It has been observed on moria1 where a closed channel end up in the scheduler
where the flush process returned 0 cells but it was ultimately kept in the
scheduling loop forever. We suspect that this is due to a more deeper problem
in tor where the channel_more_to_flush() is actually looking at the wrong
queue and was returning 1 for an empty channel thus putting the channel in the
"Case 4" of the scheduler which is to go back in pending state thus
re-considered at the next iteration.

This is a fix that allows the KIST scheduler to recover properly from a not
entirelly diagnosed problem in tor.

Fixes #23676

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-29 11:06:31 -04:00
Nick Mathewson
fc6c0b46fb Merge branch 'bug23690_additional_032' 2017-09-29 10:29:40 -04:00
Nick Mathewson
b0ddaac074 Make some assertions nonfatal to help prevent bug23690 recurrence. 2017-09-29 10:29:33 -04:00
Nick Mathewson
8ccefa7b7a Merge branch 'bug23690_028' 2017-09-29 10:28:33 -04:00
Nick Mathewson
f7222e6d8c Clear outbuf_flushlen when we clear a connection's outbuf
When we added single_conn_free_bytes(), we cleared the outbuf on a
connection without setting outbuf_flushlen() to 0.  This could cause
an assertion failure later on in flush_buf().

Fixes bug 23690; bugfix on 0.2.6.1-alpha.
2017-09-29 10:00:14 -04:00
Nick Mathewson
1a5746f8e1 Merge branch 'bug8185_025' into bug8185_031 2017-09-29 09:37:01 -04:00
Nick Mathewson
d256d4c0a6 Don't package cells onto marked circuits.
This caused a BUG log when we noticed that the circuit had no
channel.  The likeliest culprit for exposing that behavior is
d769cab3e5, where we made circuit_mark_for_close() NULL out
the n_chan and p_chan fields of the circuit.

Fixes bug 8185; bugfix on 0.2.5.4-alpha, I think.
2017-09-29 09:33:47 -04:00
Nick Mathewson
1b6ccb52ea Log more information when bug8185 is about to trigger.
My current theory is that this is just a marked circuit that hasn't
closed yet, but let's gather more information in case that theory is
wrong.

Diagnostic for 8185.
2017-09-29 09:24:01 -04:00
Nick Mathewson
4e6374c26b Merge remote-tracking branch 'catalyst-oniongit/bug23691' 2017-09-28 19:07:23 -04:00
Taylor Yu
2ae1b7e2db Fix leak in test_util.c
AddressSanitizer found a leak in test_util_decompress_dos_impl().
Fixes bug #23691.
2017-09-28 17:53:38 -05:00
Alexander Færøy
8d6940814a
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
2017-09-28 20:17:41 +02:00
Alexander Færøy
c2fac2c6b0
Enable disabled test that was disabled due to bug #23551
See: https://bugs.torproject.org/23551
2017-09-28 18:58:15 +02:00
Alexander Færøy
44dc4b73ec
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
2017-09-28 18:58:15 +02:00
Alexander Færøy
c3b7f9d762
Fix whitespace issue in compress.c 2017-09-28 18:58:15 +02:00
Alexander Færøy
a196fdb622
Fix typo in buffers.c. 2017-09-28 18:58:09 +02:00
Nick Mathewson
3a073c463d Improve unit test coverage for compression code.
These tests try uncompressing garbage, verify that we won't
make compression bombs, and verify that we won't uncompress
compression bombs.
2017-09-28 12:20:02 -04:00
Nick Mathewson
14614a592e Fix spelling: compressing, not compresing 2017-09-28 12:17:34 -04:00
Nick Mathewson
f71ff0cabc Unit test for case where %included dir exists but is unreadable 2017-09-28 09:49:30 -04:00
Nick Mathewson
5b6f2713cd unit test for config_lines_dup_and_filter 2017-09-28 09:40:17 -04:00
Nick Mathewson
55873107d0 Correct docs for config_lines_dup_and_filter 2017-09-28 09:40:04 -04:00
Nick Mathewson
a64d79ca4c Move around some LCOV_EXCLs in src/common
Apparently, my compiler now generates coverage markers for
label-only lines, so we need to exclude those too if they are meant
to be unreachable.
2017-09-28 09:25:17 -04:00
Nick Mathewson
99e52711bb Add unit test for buf_get_line(). 2017-09-28 08:35:30 -04:00
Nick Mathewson
01d67a9071 Note an unreachable (?) section in buffers.c 2017-09-28 08:35:24 -04:00
Nick Mathewson
f21102c069 Let's get 100% coverage for proto_http while we're at it.
There was some coverage before, but it was mostly accidental.
2017-09-27 21:45:55 -04:00
Nick Mathewson
57f04a482e Test more error cases of our socks code.
Coverage is now respectable. :)
2017-09-27 19:37:36 -04:00
Nick Mathewson
6882e711d0 Add unit tests for SOCKS functions that parse server responses
We use these when we're acting as a SOCKS client, but we'd never
actually written tests for them :/
2017-09-27 18:55:14 -04:00
Nick Mathewson
5418aa84ee socks5 unit tests: add check for ipv6 address type. 2017-09-27 11:23:09 -04:00
Nick Mathewson
04f7873bab Socks tests for bad socks5 username/passwd auth. 2017-09-27 11:16:29 -04:00
Nick Mathewson
14124f82df Mark some tests in parse_socks.c as unreachable (BUG, LCOV)
These tests aren't reachable, given their actual arguments.  I'm
going to mark them as BUG(), and as unreachable with LCOV.
2017-09-27 11:16:20 -04:00
Nick Mathewson
5427365907 testing: test many possible truncated SOCKS commands
Many of the 'truncated command' paths in fetch_from_buf_socks() were
not reached by the tests.  This new unit test tries to check them
exhaustively.
2017-09-27 10:54:56 -04:00
David Goulet
cf75c1af66 hs-v3: Don't fetch descriptor if we have a pending request
If 6 SOCKS requests are opened at once, it would have triggered 6 fetches
which ultimately poke all 6 HSDir. We don't want that, if we have multiple
SOCKS requests for the same service, do one fetch only.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-27 09:24:35 -04:00
George Kadianakis
178a2bbcff prop224: Fix one last instance of get_time_period_num() with now.
When purging last HSDir requests, we used time(NULL) for computing the
service blinded key but in all other places in our codebase we actually
use the consensus times. That can cause wrong behavior if the consensus
is in a different time period than time(NULL).

This commit is required for proper purging of HSDir requests.
2017-09-27 09:24:35 -04:00
George Kadianakis
6051375cca prop224: Update some function docs with the right retval. 2017-09-27 09:24:35 -04:00
Nick Mathewson
a57f495c1a Move ext_or_command tests to test_proto_misc.c
No other code changes.
2017-09-27 09:11:15 -04:00
Nick Mathewson
b8b016940d Add unit tests for var_cell and control0 proto functions. 2017-09-27 09:09:00 -04:00
Taylor Yu
8f8a4c0ced Eat redundant semicolons 2017-09-26 15:12:34 -04:00
David Goulet
40ab25db62 hs-v3: Don't non fatal assert if we can't get the intro extend info
Fixes #23159.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-26 13:55:51 -04:00
Nick Mathewson
6beeb10070 Merge branch 'typecheck4' 2017-09-26 12:26:01 -04:00
Nick Mathewson
49d2346b80 Type bug in shared_random_state -- make sure Version is int.
The confparse field has type UINT, which corresponds to an int
type.  We had uint32_t.

This shouldn't cause trouble in practice, since int happens to
4-bytes wide on every platform where an authority is running.  It's
still wrong, though.
2017-09-26 12:25:34 -04:00
Nick Mathewson
a5b18dfba9 Make the TransProxyType field non-const
The correct type for a STRING confparse value is char *, not const
char *.
2017-09-26 12:25:07 -04:00
Nick Mathewson
4d11a468b2 Correct two state-file variable types.
These should have been int, but we had listed them as unsigned.
That's an easy mistake to make, since "int" corresponds with either
INT or UINT in the configuration file.

This bug cannot have actually caused a problem in practice, since we
check those fields' values on load, and ensure that they are in
range 0..INT32_MAX.
2017-09-26 12:25:01 -04:00
Nick Mathewson
eb54a856a2 Add test to make sure all confparse variables are well-typed
New approach, suggested by Taylor: During testing builds, we
initialize a union member of an appropriate pointer type with the
address of the member field we're trying to test, so we can make
sure that the compiler doesn't warn.

My earlier approach invoked undefined behavior.
2017-09-26 12:24:04 -04:00
Nick Mathewson
1f3db0514e Merge remote-tracking branch 'asn/ticket23645_032_01' 2017-09-26 08:55:59 -04:00
David Goulet
648d5ea67e hs: Improve logging
Also demote a log message that can occur under natural causes
(if the circuit subsystem is missing descriptors/consensus etc.).
The HS subsystem will naturally retry to connect to intro points,
so no need to make that log user-facing.
2017-09-26 13:55:44 +03:00
David Goulet
4190f602bd circuit: Log n_circ_id and global identifier of HS circuits
So we can track them more easily in the logs and match any open/close/free
with those identifiers.

Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:21:04 -04:00
David Goulet
767b1815e9 circuit: Log circuit identifiers when cannibalizing
This removes the "nickname" of the cannibalized circuit last hop as it is
useless. It now logs the n_circ_id and global identifier so we can match it
with other logging statement.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:08:11 -04:00
David Goulet
fb4a82c485 circuit: Keep a copy of n_circ_id for logging
Prior to the log statement, the circuit n_circ_id value is zeroed so keep a
copy so we can log it at the end.

Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:04:30 -04:00
David Goulet
de54e14312 circuit: Closing reason are signed values
Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:01:12 -04:00
Nick Mathewson
45530ed729 Merge branch 'bug22109' 2017-09-25 14:32:04 -04:00
Nick Mathewson
81c4793232 Make testing rend1_payload variables static
This fixes a clang warning.
2017-09-25 13:26:43 -04:00
Nick Mathewson
90e8d1f58f Merge branch 'bug23539_032_01_squashed' 2017-09-25 11:12:56 -04:00
Nick Mathewson
581e2c8b2c Whitespace fix. 2017-09-25 11:12:45 -04:00
Matt Traudt
7bbc29b0f2 sched: make interval a plain int; initialize with macro 2017-09-25 11:11:30 -04:00
David Goulet
ef2a449cce sched: Make KISTSchedRunInterval non negative
Fixes #23539.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 11:11:30 -04:00
Nick Mathewson
777e828ef3 Merge remote-tracking branch 'asn/ticket23420_032_01' 2017-09-25 09:24:36 -04:00
George Kadianakis
03b3f5486a prop224: Add test for parsing RENDEZVOUS1 cell.
Just making sure that added padding does not screw up cell parsing.
2017-09-25 15:00:06 +03:00
Roger Dingledine
8dff23eb34 Assign Exit flag only for ports 80 and 443
Make the "Exit" flag assignment only depend on whether the exit
policy allows connections to ports 80 and 443. Previously relays
would get the Exit flag if they allowed connections to one of
these ports and also port 6667.

Resolves ticket 23637.
2017-09-24 19:27:07 -04:00
Roger Dingledine
a1f31c0671 fix typo 2017-09-22 17:26:29 -04:00
Nick Mathewson
01e984870a Remove an erroneous 0.5 in compute_weighted_bandwidths()
Back in 0.2.4.3-alpha (e106812a77), when we switched from using
double to using uint64 for selecting by bandwidth, I got the math
wrong: I should have used llround(x), or (uint64_t)(x+0.5), but
instead I wrote llround(x+0.5).  That means we would always round
up, rather than rounding to the closest integer

Fixes bug 23318; bugfix on 0.2.4.3-alpha.
2017-09-22 15:29:15 -04:00
Nick Mathewson
22e2c3bf7d Fix check-spaces and a weird copyright. 2017-09-22 12:20:26 -04:00
Nick Mathewson
230a336798 Use setup_full_capture_of_logs for 21800
setup_capture_of_logs() doesn't actually suppress warnings :p
2017-09-22 10:22:47 -04:00
Nick Mathewson
ac3fdb74c2 Remove unused chosen_scheduler_type variable. 2017-09-22 09:56:54 -04:00
Nick Mathewson
122eab78d9 Merge remote-tracking branch 'pastly/bug23552_032_03' 2017-09-22 09:54:41 -04:00
David Goulet
dc5c9af6c3 hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-22 09:09:13 -04:00
Nick Mathewson
91467e04b1 Merge branch 'bug22805_v2_squashed' 2017-09-22 08:58:17 -04:00
Nick Mathewson
95a7e7e925 Stop using CREATE_FAST as a signifier of clienthood.
Relays send it, and we may as well let them.  Part of our fix for
22805.
2017-09-22 08:57:45 -04:00
Nick Mathewson
ceb49c1c5f Use channel_is_client() accessor in channelpadding.c.
Also, allow channel_is_client() to take a const channel.
2017-09-22 08:55:53 -04:00
Nick Mathewson
d1e0e486e9 Stop clearing the is_client flag on channel directly 2017-09-22 08:55:53 -04:00
Nick Mathewson
66aff2d8f3 Remove or_circuit_t.is_first_hop; use channel_is_client() instead
The is_first_hop field should have been called used_create_fast,
but everywhere that we wanted to check it, we should have been
checking channel_is_client() instead.
2017-09-22 08:55:53 -04:00
Matt Traudt
88b317ef28 sched: move code to respect comments
The diff is confusing, but were two static scheduler functions that
needed moving to static comment block.

No code change. Thanks dgoulet for original commit
2017-09-22 08:52:27 -04:00
Matt Traudt
22699e3f16 sched: only log when scheduler type changes
Closes 23552. Thanks dgoulet for original impl
2017-09-22 08:51:22 -04:00
Nick Mathewson
512c57cff9 test_util: capture the log in the correct place. 2017-09-22 08:51:03 -04:00
Nick Mathewson
00d7b60557 Merge branch 'bug21800' 2017-09-21 17:39:54 -04:00
Nick Mathewson
bb9b8e65bb Merge remote-tracking branch 'pastly/bug23581_032_03' 2017-09-21 17:33:10 -04:00
Nick Mathewson
33d44dc4ac Capture "Result does not fit in tor_timegm()" warnings in util tests
Fixes bug 21800; bugfix on 0.2.9.x
2017-09-21 15:32:16 -04:00
David Goulet
7f3dc8327a hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:38:43 -04:00
David Goulet
1749e07891 hs: Improve comments for when we change timestamps
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:24:36 -04:00
David Goulet
c20d4db7bf sched: Hard exit if we can't select a scheduler
Fixes #23581

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:18:42 -04:00
David Goulet
6045bdd4a0 hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 13:13:53 -04:00
Nick Mathewson
4c7a89a226 Merge remote-tracking branch 'catalyst-oniongit/bug23607' 2017-09-21 10:58:06 -04:00
Nick Mathewson
c7b7cf8e18 Merge branch 'maint-0.3.1' 2017-09-21 10:39:10 -04:00
Mike Perry
d70a793cfc Bug 23608: Mock time for all channelpadding tests. 2017-09-21 10:36:57 -04:00
Taylor Yu
ad814cad41 Avoid assertion failure for state file clock skew
The clock_skew_warning() refactoring allowed calls from
or_state_load() to control_event_bootstrap_problem() to occur prior
bootstrap phase 0, causing an assertion failure.  Initialize the
bootstrap status prior to calling clock_skew_warning() from
or_state_load().
2017-09-20 18:54:37 -05:00
Taylor Yu
1c017edac3 Use correct sign for state file clock skew
or_state_load() was using an incorrect sign convention when calling
clock_skew_warning() to warn about state file clock skew.  This caused
the wording of the warning to be incorrect about the direction of the
skew.
2017-09-20 18:50:39 -05:00
Nick Mathewson
ac8e26a415 Use correct name for authtype 3 in a comment. 2017-09-20 15:46:21 -04:00
David Goulet
9b4513c5d1 hs: Log the intro point when we clean it up
When we remove an intro point from the service list, log info about it and
some useful data.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-20 13:08:16 -04:00
David Goulet
317dabc57f circuit: Log n_circ_id and global identifier
When we can, log the n circuit id and global identifier for origin circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-20 12:52:53 -04:00
Nick Mathewson
2998350122 Merge branch 'bug23080' 2017-09-20 12:12:02 -04:00
Nick Mathewson
f9155ff416 Unit test to make sure that our platform string is parseable
Closes 22109.
2017-09-20 10:10:02 -04:00
Nick Mathewson
ff0aabc35d Merge branch 'maint-0.3.1' 2017-09-20 09:45:07 -04:00
Andreas Stieger
427c2cc9e8 in zstd compression, fix 32 bit build
format '%lu' expects argument of type 'long unsigned int', but argument ... has type 'size_t'

Closes ticket 23568.
2017-09-20 09:43:08 -04:00
Nick Mathewson
427ae164f3 Fix a comment that misunderstood is_canonical
is_canonical doesn't mean "am I connected to the one true address of
this relay"; it means "does this relay tell me that the address I'm
connected to belong to it."  The point is to prevent TCP-based MITM,
not to prevent the relay from multi-homing.

Related to 22890.
2017-09-20 09:41:01 -04:00
Nick Mathewson
c4e8548c59 Warn on ExtORPort USERADDR that is missing or 0.
Diagnoses violations on #23080.
2017-09-20 08:50:49 -04:00
Nick Mathewson
9e0587f806 Merge remote-tracking branch 'dgoulet/ticket23305_032_01' 2017-09-20 08:36:11 -04:00
Nick Mathewson
2c93be80d9 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-09-20 08:32:55 -04:00
Nick Mathewson
746410fb24 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-20 08:32:55 -04:00
Nick Mathewson
654820ec1c Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-20 08:32:55 -04:00
Nick Mathewson
a8f4f5742e Merge branch 'maint-0.3.1' 2017-09-20 08:32:55 -04:00
teor
8e52c46581
Remove longclaw's IPv6 address, as it will soon change
Authority IPv6 addresses were originally added in 0.2.8.1-alpha.

This leaves 3/8 directory authorities with IPv6 addresses, but there
are also 52 fallback directory mirrors with IPv6 addresses.

Resolves 19760.
2017-09-20 14:48:53 +10:00
Matt Traudt
4a3b61a5b3 sched: reorder code to fit comment bodies; comment typos
Closes 23560
2017-09-19 20:13:28 -04:00
Roger Dingledine
1c956ccd5f fix typos/etc found while starting to look at scheduler 2017-09-19 19:55:57 -04:00
Nick Mathewson
6628c95e54 Merge remote-tracking branch 'pastly2/bug23566_032_01' 2017-09-19 19:35:46 -04:00
Matt Traudt
951b9f1fa5 tests: fix transproxy tests on BSD systems 2017-09-19 19:20:55 -04:00
Matt Traudt
a8c54ce581 sched: Allow the new sched to react to new cons 2017-09-19 19:07:48 -04:00
Nick Mathewson
ac73913d40 Merge branch 'bug23583_029' 2017-09-19 14:12:29 -04:00
Nick Mathewson
10ea3343b5 Avoid integer error in TEST_BITOPS tests
If "1" is not 64 bits wide already, then "1 << i" will not actually
work.

This bug only affects the TEST_BITOPS code, and shouldn't matter for
the actual use of the timeout code (except if/when it causes this
test to fail).

Reported by dcb314@hotmail.com.  Fix for bug 23583.  Not adding a
changes file, since this code is never compiled into Tor.
2017-09-19 13:58:35 -04:00
David Goulet
5dea4b565f Add a BASE32_DIGEST_LEN define
Use this value instead of hardcoded values of 32 everywhere. This also
addresses the use of REND_DESC_ID_V2_LEN_BASE32 in
hs_lookup_last_hid_serv_request() for the HSDir encoded identity digest length
which is accurate but semantically wrong.

Fixes #23305.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-19 12:33:04 -04:00
David Goulet
a3f5a24669 hs: Pad RENDEZVOUS1 v3 cell to match length of v2
RENDEZVOUS1 cell is 84 bytes long in v3 and 168 bytes long in v2 so this
commit pads with random bytes the v3 cells up to 168 bytes so they all look
alike at the rendezvous point.

Closes #23420

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-19 09:13:28 -04:00
Nick Mathewson
84d587bed8 Merge remote-tracking branch 'teor/minor-comments' 2017-09-19 08:24:49 -04:00
teor
e77ece3b31
Avoid a compilation warning on macOS in scheduler_ev_add()
This warning is caused by a different tv_usec data type on macOS
compared to the system on which the patch was developed.

Fixes 23575 on 0.3.2.1-alpha.
2017-09-19 16:32:47 +10:00
teor
429d88ad6a
Improve comments around connection_or_client_used() 2017-09-19 14:30:27 +10:00
teor
228d782229
Improve comments formatting in connection.c 2017-09-19 14:30:09 +10:00
Nick Mathewson
6afc924d7e Correct what-is-deprecated-when comments 2017-09-18 15:11:33 -04:00
Nick Mathewson
94a88eaa45 Merge remote-tracking branch 'public/ticket19704' 2017-09-18 15:02:16 -04:00
Nick Mathewson
32858610c7 bump to 0.3.2.1.-alpha-dev 2017-09-18 14:40:13 -04:00
Nick Mathewson
0e85b71066 bump to 0.3.1.7-dev 2017-09-18 14:40:04 -04:00
Nick Mathewson
e78347fcc2 bump to 0.3.0.11-dev 2017-09-18 14:39:55 -04:00
Nick Mathewson
a57f1ff7ab bump to 0.2.9.12-dev 2017-09-18 14:39:46 -04:00
Nick Mathewson
0a72d1c8f1 bump to 0.2.8.15-dev 2017-09-18 14:39:40 -04:00
Nick Mathewson
290274dbb5 Add a cast so that 32-bit compilation goes without errors 2017-09-18 12:44:26 -04:00
Nick Mathewson
a23a168f24 Merge remote-tracking branch 'dgoulet/bug23558_032_01' 2017-09-18 11:02:37 -04:00
David Goulet
c7af923567 sched: BUG() on event_add() and log_warn next_run
It is highly unlikely to happen but if so, we need to know and why. The
warning with the next_run values could help.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-18 10:58:38 -04:00
David Goulet
77cc97cf0a sched: Don't cast to int32_t the monotime_diff_msec() result
When the KIST schedule() is called, it computes a diff value between the last
scheduler run and the current monotonic time. If tha value is below the run
interval, the libevent even is updated else the event is run.

It turned out that casting to int32_t the returned int64_t value for the very
first scheduler run (which is set to 0) was creating an overflow on the 32 bit
value leading to adding the event with a gigantic usec value. The scheduler
was simply never running for a while.

First of all, a BUG() is added for a diff value < 0 because if the time is
really monotonic, we should never have a now time that is lower than the last
scheduler run time. And we will try to recover with a diff value to 0.

Second, the diff value is changed to int64_t so we avoid this "bootstrap
overflow" and future casting overflow problems.

Fixes #23558

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-18 10:55:54 -04:00
Nick Mathewson
aaf0fa6d11 Merge branch 'maint-0.3.1' 2017-09-18 10:48:31 -04:00
Nick Mathewson
63ae9ea316 Make hs_ntor_ref.py work with python3 2017-09-18 10:48:28 -04:00
Nick Mathewson
d9dccb00cc Bump to 0.3.2.1-alpha 2017-09-18 10:30:41 -04:00
Nick Mathewson
c7d0096f9d Merge branch 'maint-0.3.1' 2017-09-18 09:42:30 -04:00
Nick Mathewson
23c4592ee9 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-18 09:40:40 -04:00
Nick Mathewson
314652dc16 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-09-18 09:39:46 -04:00
Nick Mathewson
09ea89764a Fix log-uninitialized-stack bug in rend_service_intro_established.
Fixes bug 23490; bugfix on 0.2.7.2-alpha.

TROVE-2017-008
CVE-2017-0380
2017-09-18 09:32:41 -04:00
Nick Mathewson
4a2cbea6ce Fix log-uninitialized-stack bug in rend_service_intro_established.
Fixes bug 23490; bugfix on 0.2.7.2-alpha.

TROVE-2017-008
CVE-2017-0380
2017-09-18 09:27:07 -04:00
Nick Mathewson
dd8eeabfd1 Fix memory leak in tor-gencert.c
This was introduced in 4ff170d7b1, and is probably
unreachable, but coverity complained about it (CID 1417761). Bug not
in any released Tor, so no changes file.
2017-09-17 20:42:28 -04:00
Nick Mathewson
4519b7b469 kist_no_kernel_support is unused when we didn't detect it.
So, remove it.
2017-09-15 16:44:05 -04:00
Nick Mathewson
f4af1919ab Replace accumulated C ;;s with ;s
I don't know where these came from.
2017-09-15 16:43:17 -04:00
Nick Mathewson
76c33f7ff4 Merge branch 'scan-build-032' 2017-09-15 16:40:11 -04:00
Nick Mathewson
c1deabd3b0 Run our #else/#endif annotator on our source code. 2017-09-15 16:24:44 -04:00
Nick Mathewson
7a597718bb Split some long #if lines to make the #endif annotator happy 2017-09-15 16:24:21 -04:00
Nick Mathewson
639766dbc3 Merge branch 'maint-0.3.1'
Resolve conflict with 23532 code.
2017-09-15 14:40:35 -04:00
Nick Mathewson
a01e4a1a95 kist: Cast, then do operations on int32.
Otherwise integer overflows can happen.  Remember, doing a i32xi32
multiply doesn't actually produce a 64-bit output.  You need to do
i64xi32 or i64xi64.

Coverity found this as CID 1417753
2017-09-15 14:30:19 -04:00
Nick Mathewson
9201e4c74b Merge branch 'bug23487_029' 2017-09-15 14:27:58 -04:00
Nick Mathewson
75659fd548 Use different variable names for pw_uid usages
Catalyst points out that using pw_uid for two different purposes
here is likely to be confusing.
2017-09-15 14:26:59 -04:00
Nick Mathewson
03e102c1bb Make netinet/tcp include conditional too: windows lacks it. 2017-09-15 14:08:51 -04:00
Nick Mathewson
44fa866621 fix some 32-bit warnings about printf arguments 2017-09-15 14:02:08 -04:00
Nick Mathewson
37302e64a4 Merge branch 'remove_allow_dotexit_v2' 2017-09-15 12:10:47 -04:00
Nick Mathewson
f02fd6c3af Remove AllowDotExit.
It's been deprecated since 0.2.9.2-alpha.  Closes ticket 23426.
2017-09-15 12:09:33 -04:00
Nick Mathewson
fea2d84ce3 wrap a wide comment 2017-09-15 12:03:08 -04:00
Nick Mathewson
0f4f40b70f Merge remote-tracking branch 'dgoulet/ticket12541_032_02' 2017-09-15 12:00:50 -04:00
Nick Mathewson
962b0b849b Merge remote-tracking branch 'dgoulet/ticket19254_032_01' 2017-09-15 11:52:10 -04:00
Matt Traudt
ae9e6b547d sched: add comment about how we determine if a socket should write 2017-09-15 11:40:59 -04:00
Matt Traudt
501c58187d sched: add more per-socket limit documentation; int fix 2017-09-15 11:40:59 -04:00
David Goulet
513d642a66 sched: Revert IF_BUG_ONCE() to tor_assert()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
1033e14a69 sched: Define SCHEDULER_KIST_PRIVATE for more encapsulation
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
c910610701 sched: Improve logging if KIST is disabled
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
0d0b677b64 test: Fix unit tests with latest scheduler changes
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
734dbfa590 sched: Make the scheduler object static
Each type of scheduler implements its own static scheduler_t object and
returns a reference to it.

This commit also makes it a const pointer that is it can only change inside
the scheduler type subsystem but not outside for extra protection.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
bd34a0d30f sched: Compare channel pointer in the socket table
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
e0984b8a51 sched: Make the outbuf table local to run()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
ba08f8a4ed sched: Make check-spaces happy
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
3d2d8d6841 sched: Extra careful in channel_outbuf_length()
In case we don't have a connection object in the channel, just be careful and
recover.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
14cd8bdd4b sched: Don't expose the global scheduler libevent object
Instead, add wrappers to do the needed action the different scheduler needs
with the libevent object.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
84d18f70f3 sched: Always call on_channel_free() regardless of state
A channel can bounce in the scheduler and bounce out with the IDLE state which
means that if it came in the scheduler once, it has socket information that
needs to be freed from the global hash table.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
7cc9621d11 sched: Add Schedulers torrc option
This option is a list of possible scheduler type tor can use ordered by
priority. Its default value is "KIST,KISTLite,Vanilla" which means that KIST
will be used first and if unavailable will fallback to KISTLite and so on.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
6ff8c86ac6 sched: change most asserts to non-fatal BUGs 2017-09-15 11:40:59 -04:00
Matt Traudt
4bc97c6431 sched: revisist compatibility on non-linux systems
Wrap things in HAVE_KIST_SUPPORT until Tor compiles and tests cleanly on
my OS X machine.
2017-09-15 11:40:59 -04:00
Matt Traudt
8ccb2c106a sched: rename scheduler to the_scheduler 2017-09-15 11:40:59 -04:00
Matt Traudt
7f1d643083 sched: validate KIST sched options 2017-09-15 11:40:59 -04:00
Matt Traudt
61fc9c41ad sched: switch to monotonic time; add/fix comments, style, and logs msgs 2017-09-15 11:40:59 -04:00
David Goulet
6e598bbcd8 sched: Add sandbox support for KIST
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
a06f2a0509 sched: Fallback to naive approach if no runtime KIST support
It is possible that tor was compiled with KIST support but the running kernel
has no support for it. In that case, fallback to a naive approach and flag
that we have no kernel support.

At this commit, if the kernel support is disabled, there are no ways to come
back from it other than restarting tor with a kernel that supporst KIST.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
8424c4f35b sched: Detect KIST support at compile time
Add a detection for the KIST scheduler in our build system and set
HAVE_KIST_SUPPORT if available.

Adapt the should use kist function with this new compile option.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
dde358667d sched: Implement the KIST scheduler
Closes #12541

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
2034e0d1d4 sched: Groundwork before KIST implementation
- HT_FOREACH_FN defined in an additional place because nickm did that
  in an old kist prototype
- Make channel_more_to_flush mockable for future sched tests
- Add empty scheduler_{vanilla,kist}.c files and put in include.am

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
b2c56eacdd sched: Remove vanilla sched options that will be going away
- massive change to src/tgest/test_options.c since the sched options
  were added all over the place in it
- removing the sched options caused some tests to pass/fail in new ways
  so I assumed current behavior is correct and made them pass again
   - ex: "ConnLimit must be greater" lines
   - ex: "Authoritative directory servers must" line
- remove test_options_validate__scheduler in prep for new sched tests

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Nick Mathewson
e88fb4f4f8 Merge remote-tracking branch 'catalyst-oniongit/bug23532' 2017-09-15 11:17:18 -04:00
Taylor Yu
e31a7be161 Make NETINFO clock skew detection work on clients
An unnecessary routerlist check in the NETINFO clock skew detection in
channel_tls_process_netinfo_cell() was preventing clients from
reporting NETINFO clock skew to controllers.
2017-09-15 09:49:53 -05:00
Taylor Yu
37fed742d1 Refactor channeltls.c lightly
Refactor some repetitive deep indirections in several functions in
channeltls.c into local variables.
2017-09-15 09:49:53 -05:00
Nick Mathewson
e05414d241 Fix several places where md-using relays would get wrong behavior.
This patch replaces a few calls to router_get_by_id_digest ("do we
have a routerinfo?") with connection_or_digest_is_known_relay ("do
we know this relay to be in the consensus, or have been there some
time recently?").

Found while doing the 21585 audit; fixes bug 23533.  Bugfix on
0.3.0.1-alpha.
2017-09-15 09:35:59 -04:00
Nick Mathewson
b440560b8b bump to 0.3.1.7 2017-09-15 09:33:32 -04:00
Nick Mathewson
2c9f8badbd repair test_key_expiration.sh 2017-09-15 09:04:22 -04:00
Nick Mathewson
a213a32b7c Merge remote-tracking branch 'dgoulet/ticket23310_032_02' 2017-09-15 09:01:22 -04:00
Nick Mathewson
7facfc728e Merge branch 'bug23488' 2017-09-15 08:58:20 -04:00
David Goulet
21564c93ce test: Make check-spaces happy
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 08:34:56 -04:00
David Goulet
44ee5037ea fixup! test: Add HS v3 client-side test for picking intro points
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 08:34:30 -04:00
Nick Mathewson
123337bbc9 Merge remote-tracking branch 'teor/ticket23528' 2017-09-15 08:15:36 -04:00
Nick Mathewson
72391fce23 Merge remote-tracking branch 'teor/bug23524' 2017-09-15 08:13:45 -04:00
George Kadianakis
5cc80692b8 prop224: Fix memleak in client_get_random_intro().
The memleak was occuring because of the way ExcludeNodes is handled in
that function. Basically, we were putting excluded intro points extend
infos in a special variable which was never freed. Also, if there were
multiple excluded intro points then that variable was overwritten
everytime leaking more memory. This commit should fix both issues.
2017-09-15 12:46:26 +03:00
George Kadianakis
e9b4624cc5 test: Add HS v3 client-side test for picking intro points
This commit adds a pretty advanced test for the client-side making sure that
picking intro is done properly.

This unittest also reveals a memleak on the client_pick_intro() function which
is fixed by the subsequent commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 12:46:26 +03:00
George Kadianakis
29aa400908 test: Improve HS v3 helper for building intro points.
Valid intro points need both legacy key and ipv4.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 12:46:26 +03:00
David Goulet
75ec72f24d test: Unit test for the hs indexes
Using a test vector in python, test both hs_build_hsdir_index() and
hs_build_hs_index().

This commit also adds the hs_build_address.py to EXTRA_DIST which was missing.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 12:46:26 +03:00
George Kadianakis
715a8ea81c prop224 test: Enrich the client_service_hsdir_set_sync() test.
Do two major improvements:

a) Make the client pick 6 HSDirs instead of just 1 and make sure they
   all match the service's HSDirs.

b) Test two additional missing scenarios borrowed from the
   test_reachability() test.
2017-09-15 12:46:26 +03:00
teor
42e7d0ea14
Explain the restrictions on divisor in round*_to_next_multiple_of
Closes 23528.
2017-09-15 16:06:17 +10:00
teor
6e87c0b23e
Avoid an instance of the bug warning in any_bridge_descriptors_known()
Part of 23524.
2017-09-15 14:17:41 +10:00
teor
61b5d05358
Make control port download status next attempts consistent
Make download status next attempts reported over the control port
consistent with the time used by tor. This issue only occurs if a
download status has not been reset before  it is queried over the
control port.

Fixes 23525, not in any released version of tor.
2017-09-15 14:11:34 +10:00
teor
033691212a
Make an assert into a BUG warning in the bridge code
If future code asks if there are any running bridges, without checking
if bridges are enabled, log a BUG warning rather than crashing.

Fixes 23524 on 0.3.0.1-alpha
2017-09-15 14:02:22 +10:00
teor
d60e7df2da
Explain where bridge download statuses are initialised
And why we can't initialise them on config

Comment-only change, follow-up to 23347.
2017-09-15 13:50:29 +10:00
Nick Mathewson
d6568bad5e Merge branch 'bug23499' 2017-09-14 17:18:38 -04:00
Nick Mathewson
348b225bd8 version bump: 0.3.0.11 2017-09-14 13:20:52 -04:00
Nick Mathewson
3c6d4fe046 version bump: 0.2.9.12 2017-09-14 13:20:29 -04:00
Nick Mathewson
26f68dfcef version bump: 0.2.8.15 2017-09-14 13:20:14 -04:00
Nick Mathewson
471e0096ad Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-14 10:15:38 -04:00
Nick Mathewson
fecad31f10 Merge branch 'maint-0.3.1' 2017-09-14 10:15:38 -04:00
Martin Kepplinger
a971018f6d entrynodes.c: fix syntax error around BUG() statement
Fix those misplaced brackets.

Signed-off-by: Martin Kepplinger <martink@posteo.de>
2017-09-14 10:14:44 -04:00
Nick Mathewson
72b802001c Merge remote-tracking branch 'catalyst-oniongit/skew' 2017-09-14 09:49:11 -04:00
Taylor Yu
c0195ccb79 Refactor clock skew handling in networkstatus.c
Move the consensus clock skew handling in
networkstatus_set_current_consensus() to clock_skew_warning().
2017-09-14 08:25:27 -05:00
Taylor Yu
449bb2351e Make trusted clock skew a bootstrap warning
Make clock skew events based on trusted sources produce a bootstrap
warning so controllers can more easily alert users about clock skew
problems.
2017-09-14 08:25:27 -05:00
Taylor Yu
818332e7f1 Refactor control_event_bootstrap_problem
Change the contract of control_event_bootstrap_problem() to be more
general and to take a connection_t.  New function
control_event_bootstrap_prob_or() has the specific or_connection_t
funcionality previously used.
2017-09-14 08:25:27 -05:00
Nick Mathewson
fde18fed60 Merge branch 'bug23019_squashed' 2017-09-14 09:13:28 -04:00
George Kadianakis
0ac2afad0d prop224 client-side: Start validating onion address pubkeys.
Fix the test_build_address() test and its test vectors python script.
They were both using a bogus pubkey for building an HS address which
does not validate anymore.

Also fix a few more unittests that were using bogus onion addresses
and were failing the validation. I replaced the bogus address with
the one generated from the test vector script.
2017-09-14 09:13:11 -04:00
Nick Mathewson
63af663b8c Remove a download_status_reset() call that led to a crash -- see 23347 2017-09-14 08:47:11 -04:00
Nick Mathewson
98c103d91d Rename write_http_status_line, since it does more now. 2017-09-14 08:39:08 -04:00
Nick Mathewson
2385e3f667 Make missing reason_phrase into a BUG(). 2017-09-14 08:34:58 -04:00
Nick Mathewson
3de63fe4b1 Merge branch 'maint-0.3.1' 2017-09-14 07:58:11 -04:00
Nick Mathewson
6fc47062af Merge remote-tracking branch 'mikeperry/bug23077' into maint-0.3.1 2017-09-14 07:57:14 -04:00
Roger Dingledine
771fb7e7ba get rid of the scary 256-byte-buf landmine 2017-09-14 03:04:20 -04:00
Roger Dingledine
eb429232ef Make dir servers include a "Date:" http header more often
Directory servers now include a "Date:" http header for response
codes other than 200. Clients starting with a skewed clock and a
recent consensus were getting "304 Not modified" responses from
directory authorities, so without a Date header the client would
never hear about a wrong clock.

Fixes bug 23499; bugfix on 0.0.8rc1.
2017-09-14 03:02:37 -04:00
Roger Dingledine
dcd0aea85e get rid of a case where we might log a NULL as %s
this doesn't happen in our current code, and now it can't
2017-09-13 22:43:31 -04:00
Roger Dingledine
3247518f22 fix a copy-pasta issue from long ago 2017-09-13 22:28:06 -04:00
Mike Perry
361014255f Bug 23077: Make channelpadding tests use mocked time. 2017-09-14 01:18:30 +00:00