nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-25 07:25:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
23,379 Commits 53 Branches 629 Tags 108 MiB
50facb40bb
Commit Graph

558 Commits

Author SHA1 Message Date
Nick Mathewson
50facb40bb On v3 link handshake, send the correct link certificate 
Previously we'd send the _current_ link certificate, which would
cause a handshaking failure when the TLS context rotated.
 2017-06-05 15:27:33 -04:00
Nick Mathewson
59f4cae68c Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 18:36:43 -04:00
Nick Mathewson
464783a8dc Use explicit casts to avoid warnings when building with openssl 1.1 
fixes bug 20551; bugfix on 0.2.1.1-alpha
 2016-11-03 09:35:41 -04:00
Nick Mathewson
c2d1356739 Change servers to never pick 3DES. 
Closes ticket 19998.
 2016-09-05 14:09:14 -04:00
Nick Mathewson
69dce09031 Do not call tor_tls_server_info_callback(NULL) from tests. 
This isn't valid behavior, and it causes a crash when you run
the unit tests at --debug.

I've added an IF_BUG_ONCE() check for this case.
 2016-08-31 13:18:13 -04:00
Nick Mathewson
8f2f06c9b3 Merge branch 'maint-0.2.8' 2016-08-19 19:35:39 -04:00
Nick Mathewson
49843c980a Avoid confusing GCC 4.2.1 by saying "int foo()... inline int foo() {...}" 
Fixes bug 19903; bugfix on 0.2.8.1-alpha.
 2016-08-19 19:34:39 -04:00
Nick Mathewson
8fd6b0fc46 Remove USE_BUFFEREVENTS code outside src/or 2016-08-02 13:22:06 -04:00
Nick Mathewson
df4fa92a88 Merge branch 'maint-0.2.8' 2016-06-14 12:17:24 -04:00
Yawning Angel
6ddef1f7e0 Bug 19406: OpenSSL removed SSL_R_RECORD_TOO_LARGE in 1.1.0. 
This is a logging onlu change, we were suppressing the severity down to
INFO when it occured (treating it as "Mostly harmless").  Now it is no
more.
 2016-06-14 12:13:09 -04:00
Yawning Angel
b563a3a09d Bug 19406: OpenSSL made RSA and DH opaque in 1.1.0. 
There's accessors to get at things, but it ends up being rather
cumbersome.  The only place where behavior should change is that the
code will fail instead of attempting to generate a new DH key if our
internal sanity check fails.

Like the previous commit, this probably breaks snapshots prior to pre5.
 2016-06-14 12:13:09 -04:00
Nick Mathewson
53a3b39da1 Add -Wmissing-variable-declarations, with attendant fixes 
This is a big-ish patch, but it's very straightforward.  Under this
clang warning, we're not actually allowed to have a global variable
without a previous extern declaration for it.  The cases where we
violated this rule fall into three roughly equal groups:
  * Stuff that should have been static.
  * Stuff that was global but where the extern was local to some
    other C file.
  * Stuff that was only global when built for the unit tests, that
    needed a conditional extern in the headers.

The first two were IMO genuine problems; the last is a wart of how
we build tests.
 2016-06-11 10:11:54 -04:00
Nick Mathewson
9bbd6502f0 Use autoconf, not gcc version, to decide which warnings we have 
This gives more accurate results under Clang, which can only help us
detect more warnings in more places.

Fixes bug 19216; bugfix on 0.2.0.1-alpha
 2016-06-11 10:11:53 -04:00
Nick Mathewson
0df2c5677a Use ENABLE_GCC_WARNING and DISABLE_GCC_WARNING in tortls.c 
Previously we'd done this ad hoc.
 2016-05-27 11:25:42 -04:00
Yawning Angel
5db21f8f81 OpenSSL 1.1.0-pre5-dev and later made BIO opaque. 
Detect newer versions and fix our TLS code to use the new API.
 2016-04-05 10:03:24 -04:00
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00
Nick Mathewson
882e0fbd76 Merge branch 'bug17795' 2016-02-23 07:25:12 -05:00
Nick Mathewson
9746aed2ba Another automated rename. 
Also simplify crypto_common_digests() to have no loop.
 2016-02-10 15:32:12 -05:00
Nick Mathewson
8a4bba06d2 Rename crypto_digest_all, and digests_t. 
They are no longer "all" digests, but only the "common" digests.

Part of 17795.

This is an automated patch I made with a couple of perl one-liners:

  perl -i -pe 's/crypto_digest_all/crypto_common_digests/g;' src/*/*.[ch]
  perl -i -pe 's/\bdigests_t\b/common_digests_t/g;' src/*/*.[ch]
 2016-02-10 15:28:19 -05:00
Nick Mathewson
fa52b6f075 Make tortls unit tests pass with LibreSSL. 
Part of the fix for 17921.
 2016-02-03 11:31:57 -05:00
Nick Mathewson
27582325dc Make Tor build happily with OpenSSL master and libressl. 
Also tested with 1.0.0t and 1.0.2f.

Closes ticket 19784.

Closes most of 17921. (Still need to make some tests pass.)
 2016-02-03 11:13:12 -05:00
Nick Mathewson
bb19799a49 Appease "make check-spaces" 2015-12-20 15:00:20 -05:00
Nick Mathewson
14c9b99051 mark a variable unused to fix a warning. 2015-12-18 13:16:40 -05:00
Nick Mathewson
0c5d8d9a4f Move some more code inside a tortls.c ifdef to fix deadcode warning. 2015-12-18 11:11:42 -05:00
Nick Mathewson
6b5b1a02d4 Fix a coverity NULL-pointer deref warning in the tortls tests. 
Also, make our cert validation code more NULL-resistant.

This is CID 1327891.
 2015-12-18 10:25:15 -05:00
Nick Mathewson
9e2c4ee557 Fix some dead code in tortls.c 
If SSL_CIPHER_find exists, then we won't use either of the two
kludges that would replace it.

Found by Coverity; fixes CID 1340256.
 2015-12-18 10:04:01 -05:00
cypherpunks
824a6a2a90 Replace usage of INLINE with inline 
This patch was generated using;

  sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
 2015-12-15 11:34:00 -05:00
Nick Mathewson
e5754c42d1 Merge branch 'bug17686_v2_027' 2015-11-25 22:33:49 -05:00
Nick Mathewson
ddcbe26474 Now that crypto_rand() cannot fail, it should return void. 2015-11-25 22:29:59 -05:00
Nick Mathewson
d467227323 Merge remote-tracking branch 'public/ticket11150_client_only' 2015-11-13 09:58:16 -05:00
Nick Mathewson
c32a43a4d2 Move openssl version compatibility defines into a new header. 2015-11-10 10:02:21 -05:00
Yawning Angel
3e3ec750cd Fix compilation with OpenSSL 1.1.0-dev. 
OpenSSL changed the API:
 * 5998e29035
 * b0700d2c8d
 2015-11-06 19:02:56 +00:00
Nick Mathewson
5e9f2384cf Fix various coverity-found issues 2015-10-21 16:01:29 -04:00
Nick Mathewson
f217b24e05 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 12:03:04 -04:00
Nick Mathewson
4fb4906975 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.7 2015-10-21 12:02:42 -04:00
Nick Mathewson
9459ae260e Fix the return value 2015-10-21 12:01:05 -04:00
Nick Mathewson
895a98dbaf Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 11:53:00 -04:00
Nick Mathewson
b809c265e7 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.7 2015-10-21 11:51:03 -04:00
Nick Mathewson
35bf07b8d6 Check for len < 4 in dn_indicates_v3_cert 
Without this check, we potentially look up to 3 characters before
the start of a malloc'd segment, which could provoke a crash under
certain (weird afaik) circumstances.

Fixes 17404; bugfix on 0.2.6.3-alpha.
 2015-10-21 11:44:43 -04:00
Nick Mathewson
5bd3290df3 Remove workaround code for broken client-side renegotiation 
Since 11150 removed client-side support for renegotiation, we no
longer need to make sure we have an openssl/TLSvX combination that
supports it (client-side)
 2015-10-07 10:16:37 -04:00
Nick Mathewson
6505d529a5 Remove client-side support for detecting v1 handshake 
Fixes more of 11150
 2015-10-07 10:13:39 -04:00
Nick Mathewson
2ad6e1bb0e Make the mis-named V2_HANDSHAKE_SERVER/CLIENT macros always-on. 
They selected the V2 handshake *and* the V3 handshake, in a strange
mixture.  Both handshakes have been mandatory for a long time.
 2015-10-07 10:07:29 -04:00
Nick Mathewson
bd1a137893 Remove the client-side code for the v1 and v2 tls handshakes. 
(This is safe since super-old Tor servers are no longer allowed on
the network.)

Closes the client-side part of 11150.
 2015-10-07 10:04:12 -04:00
Nick Mathewson
bfd9dccdb8 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-06 09:06:57 -04:00
Nick Mathewson
1eb838b303 Work around openssl declaring x509_get_not{Before,After} as functions 
Now that x509_get_not{Before,After} are functions in OpenSSL 1.1
(not yet releasesd), we need to define a variant that takes a const
pointer to X509 and returns a const pointer to ASN1_time.

Part of 17237. I'm not convinced this is an openssl bug or a tor
bug. It might be just one of those things.
 2015-10-06 09:04:37 -04:00
Nick Mathewson
11e3db3ee8 clean up whitespace 2015-10-02 15:13:19 +02:00
Nick Mathewson
b5aa257d46 Fix "make check-spaces" 2015-10-02 14:33:54 +02:00
Nick Mathewson
39901bd408 Make test_tortls compile without warnings 2015-10-02 14:20:28 +02:00
Nick Mathewson
086c33ea61 Merge remote-tracking branch 'twstrike/tortls_tests' 2015-10-02 14:12:27 +02:00
Ola Bini
94e5db3dca
Add tests for tortls.c 2015-09-15 17:09:18 +02:00