Commit Graph

347 Commits

Author SHA1 Message Date
Sebastian Hahn
f137ae896e Don't warn on http connection to my orport
Also remove a few other related warnings that could occur during the ssl
handshake. We do this because the relay operator can't do anything about
them, and they aren't their fault.
2011-08-11 20:37:51 +02:00
Nick Mathewson
44cfa53873 Make WIN32_WINNT defines conditional
Requested by Gisle Vanem on tor-dev.  I'm not quite sure this is the
right solution, but it's probably harmless.
2011-07-15 10:03:59 -04:00
Nick Mathewson
3f97c665aa Document feature3116 fns and improve output
- We were reporting the _bottom_ N failing states, not the top N.
- With bufferevents enabled, we logged all TLS states as being "in
  bufferevent", which isn't actually informative.
- When we had nothing to report, we reported nothing too loudly.
- Also, we needed documentation.
2011-07-11 16:13:17 -04:00
Nick Mathewson
734d9486f6 Record the states of failing OR connections
This code lets us record the state of any outgoing OR connection
that fails before it becomes open, so we can notice if they're all
dying in the same SSL state or the same OR handshake state.

More work is still needed:
  - We need documentation
  - We need to actually call the code that reports the failure when
    we realize that we're having a hard time connecting out or
    making circuits.
  - We need to periodically clear out all this data -- perhaps,
    whenever we build a circuit successfully?
  - We'll eventually want to expose it to controllers, perhaps.

Partial implementation of feature 3116.
2011-07-11 16:13:17 -04:00
Nick Mathewson
410e440a8d Log SSL state changes at LOG_DEBUG, LD_HANDSHAKE.
This can be slightly useful for debugging blocking events.

Addresses ticket 3116; based on loud_ssl_states branch.
2011-06-20 17:45:12 -04:00
Nick Mathewson
f608872b0c C style fix: a no-args function is void fn(void), not void fn(). 2011-03-03 23:42:14 -05:00
Nick Mathewson
8ae179deec Add a magic field to tor_tls_t to catch exdata corruption bugs, if any appear. 2011-03-03 23:41:34 -05:00
Robert Ransom
74fc993b98 Check the result of SSL_set_ex_data
Reported by piebeer.
2011-03-03 16:17:39 -08:00
Robert Ransom
fe1137be6f Use SSL_*_ex_data instead of SSL_*_app_data
SSL_*_app_data uses ex_data index 0, which will be the first one allocated
by SSL_get_ex_new_index. Thus, if we ever started using the ex_data feature
for some other purpose, or a library linked to Tor ever started using
OpenSSL's ex_data feature, Tor would break in spectacular and mysterious
ways. Using the SSL_*_ex_data functions directly now may save us from
that particular form of breakage in the future.

But I would not be surprised if using OpenSSL's ex_data functions at all
(directly or not) comes back to bite us on our backends quite hard. The
specified behaviour of dup_func in the man page is stupid, and
crypto/ex_data.c is a horrific mess.
2011-03-03 15:34:53 -08:00
Robert Ransom
13ee803469 Remove now-unused helper functions
These functions were needed only by code removed in the preceding commit.

Reported by mobmix.
2011-03-03 14:59:21 -08:00
Gladys Shufflebottom
49de5431d5 remove tls related hash table code 2011-03-01 18:11:25 -05:00
Nick Mathewson
50c259d763 Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged.  This is yet another small step on the path of
protocol fingerprinting resistance.

(Backport from 0.2.2's 5ed73e3807)
2011-02-10 15:55:06 -05:00
Nick Mathewson
912b76a1bf Merge remote branch 'origin/maint-0.2.2' 2011-02-03 13:56:37 -05:00
Nick Mathewson
76582442a8 Handle failing cases of DH allocation 2011-01-25 18:09:38 -05:00
Nick Mathewson
aaa5737a2e Merge remote branch 'origin/maint-0.2.2' 2011-01-24 17:51:52 -05:00
Nick Mathewson
5ed73e3807 Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged.  This is yet another small step on the path of
protocol fingerprinting resistance.
2011-01-24 16:50:11 -05:00
Nick Mathewson
8730884ebe Merge remote branch 'origin/maint-0.2.2' 2011-01-03 11:53:28 -05:00
Nick Mathewson
f1de329e78 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/test.h
	src/or/test.c
2011-01-03 11:51:17 -05:00
Nick Mathewson
1a07348a50 Bump copyright statements to 2011 2011-01-03 11:50:39 -05:00
mingw-san
78df6404eb Fix compilation with mingw and OpenSSL 0.9.8m+ 2010-11-23 12:47:38 -05:00
Nick Mathewson
cbd3745924 Merge remote branch 'origin/maint-0.2.2' 2010-11-21 14:34:22 -05:00
Nick Mathewson
2bd64f9e8f Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-11-21 14:33:11 -05:00
Nick Mathewson
92a99736fd Do not set the hostname TLS extension server-side; only client-side
This may fix bug 2204, and resolve the incompatibility with openssl
0.9.8p/1.0.0b.
2010-11-20 22:21:50 -05:00
Nick Mathewson
d238d8386f Add a testing-only option to use bufferevent_openssl as a filter
We need filtering bufferevent_openssl so that we can wrap around
IOCP bufferevents on Windows.  This patch adds a temporary option to
turn on filtering mode, so that we can test it out on non-IOCP
systems to make sure it hasn't got any surprising bugs.

It also fixes some allocation/teardown errors in using
bufferevent_openssl as a filter.
2010-11-09 15:36:27 -05:00
Nick Mathewson
17fdde3d92 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/common/tortls.c
2010-10-21 16:23:01 -04:00
Sebastian Hahn
9bed40eb10 Make check-spaces happy 2010-10-14 17:54:45 +02:00
Nick Mathewson
fbacbf9fd9 Set OpenSSL 0.9.8l renegotiation flag early enough for bufferevents
This seems to fix another case of bug2001.
2010-10-12 14:52:33 -04:00
Nick Mathewson
a9172c87be Actually call connection_tls_finish_handshake() with bufferevents
First start of a fix for bug2001, but my test network still isn't
working: the client and the server send each other VERSIONS cells,
but never notice that they got them.
2010-10-12 14:52:33 -04:00
Nick Mathewson
4cfa6fbaca Log OpenSSL errors coming from bufferevent_openssl 2010-10-11 13:25:41 -04:00
Robert Ransom
17efbe031d Maintain separate server and client TLS contexts.
Fixes bug #988.
2010-10-04 21:51:47 -07:00
Robert Ransom
d3879dbd16 Refactor tor_tls_context_new:
* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.
2010-10-04 17:57:29 -07:00
Nick Mathewson
4c71be65d8 Merge remote branch 'origin/maint-0.2.2' 2010-10-04 13:56:17 -04:00
Robert Ransom
1b8c8059c7 Correct a bogus comment.
Whether or not OpenSSL reference-counts SSL_CTX objects is irrelevant;
what matters is that Tor reference-counts its wrapper objects for
SSL_CTXs.
2010-10-04 13:53:54 -04:00
Robert Ransom
c70d9d77ab Correct a couple of log messages in tortls.c 2010-10-04 13:53:48 -04:00
Robert Ransom
068185eca2 Fix several comments in tortls.c 2010-10-04 13:47:57 -04:00
Nick Mathewson
6950749c0a Make the bufferevent code use the renegotiation-reenabling hack 2010-09-27 16:07:14 -04:00
Nick Mathewson
b7ae108e18 Always defer bufferevent_openssl callbacks to avoid reentrant invocations 2010-09-27 14:29:42 -04:00
Nick Mathewson
b49cf6a77a Fix whitespace in bufferevents branch 2010-09-27 14:22:18 -04:00
Nick Mathewson
a16ed90ec8 Document and/or fix stuff found by Sebastian in code review
Thanks to Sebastian for his code-review of the bufferevents patch series.x
2010-09-27 14:22:18 -04:00
Sebastian Hahn
865bea3b89 Some bufferevents related fixes and pointers for nickm 2010-09-27 14:22:18 -04:00
Nick Mathewson
ffd5070b04 Convert bufferevents to use rate-limiting.
This requires the latest Git version of Libevent as of 24 March 2010.
In the future, we'll just say it requires Libevent 2.0.5-alpha or
later.

Since Libevent doesn't yet support hierarchical rate limit groups,
there isn't yet support for tracking relayed-bytes separately when
using the bufferevent system.  If a future version does add support
for hierarchical buckets, we can add that back in.
2010-09-27 14:22:18 -04:00
Nick Mathewson
c74a4ab515 Documentation for a few bufferevent functions. 2010-09-27 12:31:14 -04:00
Nick Mathewson
bd3612cd2b Get SSL connections and linked connections working with bufferevents.
Clients are now verified to work and build circuits correctly.  There
are still a few warnings given here and there that I need to look into.
2010-09-27 12:31:14 -04:00
mingw-san
856a36c434 Fix compilation with mingw and OpenSSL 0.9.8m+ 2010-07-26 15:05:11 -04:00
Nick Mathewson
14bc4dcc22 Rename log.h to torlog.h
This should make us conflict less with system files named "log.h".
Yes, we shouldn't have been conflicting with those anyway, but some
people's compilers act very oddly.

The actual change was done with one "git mv", by editing
Makefile.am, and running
   find . -name '*.[ch]' | xargs perl -i -pe 'if (/^#include.*\Wlog.h/) {s/log.h/torlog.h/; }'
2010-07-09 22:05:38 -04:00
valerino
076063ca90 moved wince related includes and defs to compat.h where possible, removed unused/redundant wince includes 2010-05-24 11:46:54 -04:00
Sebastian Hahn
0b82ce3eb6 Demote a warning about missing client ciphers 2010-04-20 03:57:33 -04:00
Roger Dingledine
77babb832a minor cleanups 2010-04-20 02:48:35 -04:00
Nick Mathewson
c38fa93ad1 Merge commit 'origin/maint-0.2.1' 2010-04-15 10:35:09 -04:00
Nick Mathewson
6ad09cc6af Fix renegotiation on OpenSSL versions that backport RFC5746.
Our code assumed that any version of OpenSSL before 0.9.8l could not
possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.  This is
so... except that many vendors have backported the flag from later
versions of openssl when they backported the RFC5476 renegotiation
feature.

The new behavior is particularly annoying to detect.  Previously,
leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that
clients would fail to renegotiate.  People noticed that one fast!
Now, OpenSSL's RFC5476 support means that clients will happily talk to
any servers there are, but servers won't accept renegotiation requests
from unpatched clients unless SSL_OP_ALLOW_etc is set.  More fun:
servers send back a "no renegotiation for you!" error, which unpatched
clients respond to by stalling, and generally producing no useful
error message.

This might not be _the_ cause of bug 1346, but it is quite likely _a_
cause for bug 1346.
2010-04-13 15:05:03 -04:00
Nick Mathewson
b006e3279f Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	src/common/test.h
	src/or/test.c
2010-02-27 17:16:31 -05:00
Nick Mathewson
c3e63483b2 Update Tor Project copyright years 2010-02-27 17:14:21 -05:00
Roger Dingledine
603432090d fix typo and garbage grammar 2010-02-21 17:18:42 -05:00
Nick Mathewson
715f104eeb Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-02-18 12:01:56 -05:00
Sebastian Hahn
c2c3a5a3f5 Fix compile 2010-02-18 13:08:57 +01:00
Nick Mathewson
e861b3be88 Even more conservative option-setting for SSL renegotiation.
This time, set the SSL3_FLAGS_ALLOW_UNSAFE_RENEGOTIATION flag on every
version before OpenSSL 0.9.8l.  I can confirm that the option value (0x0010)
wasn't reused until OpenSSL 1.0.0beta3.
2010-02-17 23:55:03 -05:00
Nick Mathewson
5314438799 Merge remote branch 'origin/maint-0.2.1' 2010-01-31 22:53:19 -05:00
Nick Mathewson
abd447f876 Revise OpenSSL fix to work with OpenSSL 1.0.0beta*
In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
they use it for something different.

For the ugly version, see my long comment in tortls.c
2010-01-31 22:48:29 -05:00
Nick Mathewson
1744e447a1 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.

[backported]
2010-01-29 17:17:47 -05:00
Nick Mathewson
4905eaa38c Detect the correct versions of openssl for tls negotiation fix
Since it doesn't seem to hurt, we should use _both_ fixes whenever
we see OpenSSL 0.9.7L .. 0.9.8, or OpenSSL 0.9.8L..
2010-01-29 17:11:20 -05:00
Nick Mathewson
8d68e5c748 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.
2010-01-29 17:02:17 -05:00
Nick Mathewson
3b4b6009a0 Merge remote branch 'origin/maint-0.2.1' 2010-01-23 20:46:57 -05:00
Nick Mathewson
4ad5094c90 Avoid a possible crash in tls_log_errors.
We were checking for msg==NULL, but not lib or proc.  This case can
only occur if we have an error whose string we somehow haven't loaded,
but it's worth coding defensively here.

Spotted by rieo on IRC.
2010-01-22 16:32:15 -05:00
Nick Mathewson
0c1b3070cf Now that FOO_free(NULL) always works, remove checks before calling it. 2009-12-12 02:07:59 -05:00
Sebastian Hahn
3807db001d *_free functions now accept NULL
Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.

This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
2009-12-12 03:29:44 +01:00
Nick Mathewson
b51a33e527 Merge commit 'origin/maint-0.2.1' 2009-12-04 14:31:17 -05:00
Martin Peck
3a2d677fa7 Improved workaround for disabled OpenSSL renegotiation.
It turns out that OpenSSL 0.9.8m is likely to take a completely
different approach for reenabling renegotiation than OpenSSL 0.9.8l
did, so we need to work with both. :p   Fixes bug 1158.

(patch by coderman; commit message by nickm)
2009-12-04 14:25:08 -05:00
Nick Mathewson
0a58567ce3 Merge commit 'origin/maint-0.2.1'
Conflicts:
	src/common/tortls.c
2009-11-06 15:24:52 -05:00
Nick Mathewson
ce0a89e262 Make Tor work with OpenSSL 0.9.8l
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default.  We are not affected by this security problem, however,
since we do renegotiation right.  (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.

Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.

For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done.  There's no way to exploit a second handshake
either, but we might as well not allow it.
2009-11-05 18:13:08 -05:00
Nick Mathewson
a3f1da2ec0 Fix compilation on OpenSSLs with unusual state lists.
"Unusual" in this context means "not the same as nickm's."  We should grow a
better list later.

(Also, move TLS state table to a separate header.)
2009-09-24 13:00:28 -04:00
Nick Mathewson
b8b2935367 Debugging logs for TLS handshake
The big change is to add a function to display the current SSL handshake
state, and to log it everywhere reasonable.  (A failure in
SSL23_ST_CR_SRVR_HELLO_A is different from one in
SSL3_ST_CR_SESSION_TICKET_A.)

This patch also adds a new log domain for OR handshaking, so you can pull out
all the handshake log messages without having to run at debug for everything.
For example, you'd just say "log notice-err [handshake]debug-err file
tor.log".
2009-09-24 12:31:22 -04:00
Nick Mathewson
4b10ba484b Merge commit 'origin/maint-0.2.1' 2009-09-17 00:42:41 -04:00
Nick Mathewson
9c38941195 Work around a memory leak in openssl 0.9.8g (and maybe others) 2009-09-17 00:01:20 -04:00
Nick Mathewson
1cda6f3e75 Merge commit 'origin/maint-0.2.1' 2009-09-01 15:59:40 -04:00
Sebastian Hahn
aea9cf1011 Fix compile warnings on Snow Leopard
Big thanks to nickm and arma for helping me with this!
2009-09-01 18:36:27 +02:00
Nick Mathewson
e84ddead34 Merge branch 'hardware_accel_improvements' 2009-05-31 13:36:50 -04:00
Nick Mathewson
f0453c45c8 Spelling fixes in comments and strings 2009-05-27 16:36:13 -04:00
Martin Peck
7703b887f5 Add support for dynamic OpenSSL hardware crypto acceleration engines. 2009-05-23 16:42:44 -07:00
Karsten Loesing
9b32e8c141 Update copyright to 2009. 2009-05-04 11:28:27 -04:00
Karsten Loesing
4ebcc4da34 Update copyright to 2009. 2009-05-02 22:00:54 +02:00
Roger Dingledine
2f69c67957 doxygen tweak
svn:r18818
2009-03-09 06:20:15 +00:00
Nick Mathewson
c4b8fef362 Remove svn $Id$s from our source, and remove tor --version --version.
The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed.  They were not actually useful for
telling the version of Tor files in the wild.

svn:r17867
2009-01-04 00:35:51 +00:00
Nick Mathewson
52932d6f1a Remove some code that is #ifdefed out, and that we no longer seem to use, if we ever did.
svn:r17827
2008-12-30 04:16:49 +00:00
Nick Mathewson
9c3d17ebb5 Fix a small memory leak of around 32 bytes per TLS connection opened. Bugfix on 0.2.1.1-alpha.
svn:r17678
2008-12-18 15:00:09 +00:00
Nick Mathewson
6693f32530 Resolve many DOCDOCs.
svn:r17662
2008-12-17 22:58:20 +00:00
Nick Mathewson
339f094056 Refactor some code and add some asserts based on scanner results.
svn:r16783
2008-09-05 21:19:53 +00:00
Karsten Loesing
9231858ff5 Fix bug 763. When a hidden service is giving up on an introduction point candidate that was not included in the last published rendezvous descriptor, don't reschedule publication of the next descriptor.
svn:r15825
2008-07-10 21:02:01 +00:00
Nick Mathewson
cb7cc9e12d r16882@tombo: nickm | 2008-07-10 14:31:25 -0400
Fix for session-related bug found by Geoff Goodell. backport candidate, once tested.


svn:r15821
2008-07-10 18:31:33 +00:00
Roger Dingledine
d395135e2f fix a few typos, and give the bootstrap phase stuff a changelog entry.
svn:r15183
2008-06-13 04:26:05 +00:00
Nick Mathewson
22080354ed r16217@tombo: nickm | 2008-06-12 21:13:09 -0400
Remove spurious debugging message.


svn:r15176
2008-06-13 01:13:12 +00:00
Nick Mathewson
617843988c r16215@tombo: nickm | 2008-06-12 18:39:03 -0400
Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, *even if* we do not know all those ciphers.  This is a bit of a kludge, but it is at least decently well commented.


svn:r15173
2008-06-12 22:39:13 +00:00
Nick Mathewson
61ac80a914 Ouch. We were sometimes getting openssl compression by default. This is pointless for us, since the overwhelming majority of our cells are encrypted, full of compressed data, or both. This is also harmful, since doing piles of compression is not cheap. Backport candidate once more tested.
svn:r14830
2008-05-29 14:39:56 +00:00
Nick Mathewson
da67500336 If the user has an openssl that supports my "release buffer ram" patch, use it.
svn:r14671
2008-05-19 18:13:00 +00:00
Nick Mathewson
1823c45a71 r19613@catbus: nickm | 2008-05-05 19:57:06 -0400
Log correct openssl buf capacity when using my sooper sekrit buffer hack.  This will help test the aforementioned ssbh.


svn:r14567
2008-05-05 23:57:17 +00:00
Roger Dingledine
a364592ca0 make check-spaces wants a newline at the end of tortls
svn:r14508
2008-04-29 19:51:38 +00:00
Nick Mathewson
b927ede48c r15161@31-33-107: nickm | 2008-04-10 11:11:58 -0400
Make dumpstats() log the size and fullness of openssl-internal buffers, so I can test my hypothesis that many of them are empty, and my alternative hypothesis that many of them are mostly empty, against the null hypothesis that we really need to be burning 32K per open OR connection on this.


svn:r14350
2008-04-10 15:12:24 +00:00
Nick Mathewson
02acee891c r19089@catbus: nickm | 2008-03-27 11:05:23 -0400
Free some static hashtables and the log mutex on exit. Backport candidate.


svn:r14212
2008-03-27 15:05:28 +00:00
Roger Dingledine
901e2ad04b correct a confusing log message
svn:r14165
2008-03-24 18:37:52 +00:00
Nick Mathewson
05f5d778a2 r18919@catbus: nickm | 2008-03-18 10:53:38 -0400
Forward-port bug 622 fix as diagnosed by lodger.


svn:r14096
2008-03-18 14:53:41 +00:00
Nick Mathewson
0b941640df r18852@catbus: nickm | 2008-03-16 22:47:19 -0400
Downgrade "sslv3 alert handshake failure" message to info.


svn:r14057
2008-03-17 02:47:49 +00:00