Nick Mathewson
98a590577a
Treat absent argument to crypto_log_errors as a bug.
2016-05-16 08:26:00 -04:00
Nick Mathewson
d88656ec06
Slight improvements to DH coverage.
2016-05-16 08:25:59 -04:00
Nick Mathewson
c395334879
Mark some unreachable lines in crypto.c
2016-05-16 08:25:59 -04:00
Nick Mathewson
7a5f15b6e0
Improve test coverage of our strongest-rng code.
2016-05-16 08:25:59 -04:00
Nick Mathewson
148f0004e1
Test coverage on ed25519 load/store functions.
2016-05-16 08:25:59 -04:00
Nick Mathewson
ec81329339
Do not leak the 'tag' when trying to read a truncated ed25519 key file
...
Fix for bug 18956.
2016-05-16 08:25:59 -04:00
Nick Mathewson
5b91e70a4f
Mark unreachable lines in crypto_ed25519.c
2016-05-16 08:25:59 -04:00
Nick Mathewson
8a536be705
Mark unreachable lines in crypto_curve25519.c
...
Also, resolve a bug in test_ntor_cl.c
2016-05-16 08:25:53 -04:00
Nick Mathewson
820b1984ad
Mark three lines unreachable, with extensive docs and use of BUG macros
2016-05-16 08:25:53 -04:00
Nick Mathewson
df3a5e0cad
HKDF-SHA256 test vectors from RFC5869
2016-05-16 08:25:53 -04:00
Nick Mathewson
7bc9d1e002
Merge branch 'maint-0.2.8'
2016-05-12 15:33:56 -04:00
Nick Mathewson
e8cc9f3edf
Merge branch 'maint-0.2.7' into maint-0.2.8
2016-05-12 15:33:47 -04:00
Nick Mathewson
4165b1a0da
Merge branch 'bug18977_026_v2' into maint-0.2.7
2016-05-12 15:33:35 -04:00
Nick Mathewson
44cbd00dfa
Fix a compiler warning on windows when sizeof(long)==sizeof(int)
2016-05-12 14:51:38 -04:00
Nick Mathewson
20b01cece8
Merge branch 'bug18977_024_v2' into bug18977_026_v2
...
Had conflicts related to other correct_tm bugs in 0.2.6. Added wday
for another case.
2016-05-12 14:39:06 -04:00
Nick Mathewson
e57f26c135
Have correct_tm set tm_wday as well.
...
The tm_wday field had been left uninitialized, which was causing
some assertions to fail on Windows unit tests.
Fixes bug 18977.
2016-05-12 14:37:27 -04:00
Nick Mathewson
6bc052365a
Use a much less clever scan_signed no-overflow hack
2016-05-12 14:33:26 -04:00
Nick Mathewson
a7207329a8
Run tor_sscanf test in subprocess, in hopes of coaxing more info from jenkins
2016-05-12 13:37:05 -04:00
Nick Mathewson
445e05a015
Fix inconsistent tab/space mixing in include.am files.
...
This is a whitespace only, cosmetic fix.
There is still some inconsistency between lists, but less
inconsistency inside individual lists.
2016-05-12 13:06:58 -04:00
Nick Mathewson
607a9056d4
Merge branch 'ftrapv_v3'
...
There were some conflicts here, and some breakage to fix concerning
library link order in newer targets.
2016-05-12 13:00:45 -04:00
Nick Mathewson
fb999abea6
Document why we build memwipe that way.
2016-05-12 12:56:47 -04:00
Nick Mathewson
b1dce55b82
Do not apply bugtrapping flags to test-memwipe, since testing memwipe requires bugs.
...
Fixes bug 18901.
2016-05-12 11:22:10 -04:00
Nick Mathewson
ef01109932
Rename SOURCES to SRC for things in include.am
2016-05-12 11:21:28 -04:00
Nick Mathewson
e40cfc4425
Move the ctime part of choose_array_element_by_weight into di_ops
...
This way it gets the ctime options.
2016-05-12 11:21:28 -04:00
Nick Mathewson
20432fc541
Refactor out u64_dbl_t
...
This type saved a tiny amount of allocation, but not enough to be
worth keeping.
(This is in preparation for moving choose_array_element_by_weight)
2016-05-12 11:21:28 -04:00
Nick Mathewson
ce854a8d22
Add -ftrapv to gcc-hardening ... mostly!
...
We know there are overflows in curve25519-donna-c32, so we'll have
to have that one be fwrapv.
Only apply the asan, ubsan, and trapv options to the code that does
not need to run in constant time. Those options introduce branches
to the code they instrument.
(These introduced branches should never actually be taken, so it
might _still_ be constant time after all, but branch predictors are
complicated enough that I'm not really confident here. Let's aim for
safety.)
Closes 17983.
2016-05-12 11:21:28 -04:00
Nick Mathewson
58e0e587a6
Merge branch 'maint-0.2.8'
2016-05-12 11:09:40 -04:00
Nick Mathewson
ce6f2d1c4d
Merge remote-tracking branch 'arma/bug19003-try2' into maint-0.2.8
2016-05-12 11:09:33 -04:00
Nick Mathewson
f936f186b2
Use tor_queue.h, not sys/queue.h, in timeouts.[ch].
...
Closes 19041.
2016-05-12 10:10:59 -04:00
Nick Mathewson
99c0e1bd5b
Fix bad allocation in pubsub.c
...
Closes 19038. Bug not in any released Tor.
2016-05-12 09:56:42 -04:00
Roger Dingledine
9e44273a4a
fix 'make dist' which was broken by ticket 18365's merge
2016-05-11 16:15:37 -04:00
Nick Mathewson
e3a4511049
Merge remote-tracking branch 'public/bug18815'
2016-05-11 14:12:39 -04:00
Roger Dingledine
ad8b9dcd47
Merge branch 'maint-0.2.8'
2016-05-11 13:43:06 -04:00
Roger Dingledine
163cee1b64
Merge branch 'maint-0.2.7' into maint-0.2.8
2016-05-11 13:42:40 -04:00
Roger Dingledine
d40e8695f4
unbreak the build (when warnings are enabled)
2016-05-11 13:42:00 -04:00
Nick Mathewson
60e9e48448
Merge branch 'ticket16698_v2'
2016-05-11 13:39:38 -04:00
Nick Mathewson
03ae44a9e8
Fix comment for directory_handle_command_get
2016-05-11 13:39:11 -04:00
teor (Tim Wilson-Brown)
cdb528d841
Fetch certificates from the same directory as previous certificates
...
Improves the fix to #18963 .
2016-05-11 13:30:30 -04:00
teor (Tim Wilson-Brown)
730cfeb6bd
Fetch certificates from the same directory as the consensus
...
Resolves ticket 18963; fix on #4483 in 0.2.8.1-alpha.
2016-05-11 13:30:08 -04:00
Nick Mathewson
00ee62b8a5
Merge branch 'pubsub_squashed'
2016-05-11 13:26:29 -04:00
Nick Mathewson
80a6c8caa3
Basic work on a publish/subscribe abstraction
...
The goal here is to provide a way to decouple pieces of the code
that want to learn "when something happens" from those that realize
that it has happened.
The implementation here consists of a generic backend, plus a set of
macros to define and implement a set of type-safe frontends.
2016-05-11 13:25:11 -04:00
Nick Mathewson
3c6f059e6a
Merge remote-tracking branch 'arma/feature18760'
2016-05-11 13:22:31 -04:00
Nick Mathewson
e9e6a1f547
Merge branch 'maint-0.2.8'
2016-05-11 13:20:57 -04:00
Nick Mathewson
8d962233f6
Merge remote-tracking branch 'teor/bug18816_simplify' into maint-0.2.8
2016-05-11 13:20:51 -04:00
Nick Mathewson
022d32252a
Merge branch 'maint-0.2.8'
2016-05-11 13:17:02 -04:00
Nick Mathewson
24fbb9a81b
Merge branch 'maint-0.2.7' into maint-0.2.8
2016-05-11 13:15:17 -04:00
John Brooks
bf3e32a452
Fix out-of-bounds write during voting with duplicate ed25519 keys
...
In dirserv_compute_performance_thresholds, we allocate arrays based
on the length of 'routers', a list of routerinfo_t, but loop over
the nodelist. The 'routers' list may be shorter when relays were
filtered by routers_make_ed_keys_unique, leading to an out-of-bounds
write on directory authorities.
This bug was originally introduced in 26e89742
, but it doesn't look
possible to trigger until routers_make_ed_keys_unique was introduced
in 13a31e72
.
Fixes bug 19032; bugfix on tor 0.2.8.2-alpha.
2016-05-11 13:11:03 -04:00
teor (Tim Wilson-Brown)
797ece042d
Confim we want certificates from fallbacks
...
Comment-only change
2016-05-11 13:08:45 -04:00
teor (Tim Wilson-Brown)
2cbad2aac7
Revert "Switch between fallback and authority when auth cert fetch fails"
...
This reverts commit 92d7ee08b8
.
2016-05-11 13:06:13 -04:00
Roger Dingledine
b8b5bccfd9
refactor the #19003 patches
...
fix the logic in one of the comments
2016-05-11 13:03:49 -04:00
Nick Mathewson
71267bef4c
Merge branch 'maint-0.2.8'
2016-05-11 12:36:55 -04:00
Nick Mathewson
28e1aa1118
Merge branch 'bug18761_028_squashed' into maint-0.2.8
2016-05-11 12:36:27 -04:00
Nick Mathewson
b59d79134e
Log find_rp_for_intro_() failures at LOG_PROTOCOL_WARN.
...
Closes ticket 18761.
Also fix a whitespace issue.
2016-05-11 12:36:19 -04:00
Nick Mathewson
79f9e63ebf
Merge branch 'maint-0.2.8'
2016-05-11 12:30:18 -04:00
Nick Mathewson
50d777dcf4
Split directory_handle_command_get into subfunctions.
...
This was one of our longest functions, at 600 lines. It makes a nice
table-driven URL-based function instead.
The code is a bit ugly, it leave the indentation as it is in hopes of
making pending directory.c changes easier to merge. Later we can
clean up the indentation.
Also, remove unused mallinfo export code from directory.c
Closes ticket 16698
2016-05-10 14:19:03 -04:00
teor (Tim Wilson-Brown)
92d7ee08b8
Switch between fallback and authority when auth cert fetch fails
2016-05-10 11:25:55 -04:00
teor (Tim Wilson-Brown)
64b948f5fa
Use the consensus download schedule for authority certificates
...
Previously, we were using the generic schedule for some downloads,
and the consensus schedule for others.
Resolves ticket 18816; fix on fddb814fe
in 0.2.4.13-alpha.
2016-05-10 11:25:50 -04:00
Roger Dingledine
53aaed81dd
get rid of another no-longer-used function
2016-05-10 11:16:30 -04:00
Roger Dingledine
be0e1e9e2f
Stop being so strict about the payload length of "rendezvous1" cells
...
We used to be locked in to the "tap" handshake length, and now we can
handle better handshakes like "ntor".
Resolves ticket 18998.
I checked that relay_send_command_from_edge() behaves fine when you
hand it a payload with length 0. Clients behave fine too, since current
clients remain strict about the required length in the rendezvous2 cells.
(Clients will want to become less strict once they have an alternate
format that they're willing to receive.)
2016-05-09 20:34:27 -04:00
Nick Mathewson
7fa11a92d5
Merge branch 'maint-0.2.8'
2016-05-09 14:59:47 -04:00
Nick Mathewson
55cf1970bc
Merge branch 'maint-0.2.7' into maint-0.2.8
2016-05-09 14:59:18 -04:00
Nick Mathewson
7fe80c2905
Merge branch 'maint-0.2.6' into maint-0.2.7
2016-05-09 14:56:56 -04:00
Nick Mathewson
0b477bfd55
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-05-09 14:55:45 -04:00
Nick Mathewson
368146370b
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-05-09 14:55:22 -04:00
Roger Dingledine
aa6341d4b9
stop looping once we know what the answer will be
...
suggested during code review by dgoulet
2016-05-09 14:42:42 -04:00
Roger Dingledine
1f72653544
fix a bug where relays would use the aggressive client bootstrapping retry number
2016-05-09 14:42:32 -04:00
Roger Dingledine
d5a96286c2
simplify more -- we only call these funcs when bootstrapping
2016-05-09 14:42:21 -04:00
Roger Dingledine
c98fbd4169
remove some more unused code
2016-05-09 14:42:09 -04:00
Roger Dingledine
bcae392e0e
avoid another redundant check
...
we should avoid launching a consensus fetch if we don't want one,
but if we do end up with an extra one, we should let the other checks
take care of it.
2016-05-09 14:41:54 -04:00
Nick Mathewson
33d3572a1d
Merge branch 'feature15588_squashed'
2016-05-09 14:41:36 -04:00
Roger Dingledine
e230e80ab3
get rid of the scattered checks to cancel a consensus fetch
...
We'll back off from the request in connection_ap_handshake_attach_circuit,
or cancel it in connection_dir_close_consensus_fetches, and those are the
only places we need to check.
2016-05-09 14:41:32 -04:00
Roger Dingledine
a7665df2f8
close other consensus fetches when we get a consensus
...
not once per second, and only do it when a consensus arrives
2016-05-09 14:41:14 -04:00
Roger Dingledine
59da060f10
use the new function here too
2016-05-09 14:40:54 -04:00
Roger Dingledine
91c58013be
avoid following through on a consensus fetch if we have one already arriving
2016-05-09 14:40:42 -04:00
Roger Dingledine
ce8266d52d
fix typos/etc before i go nuts on #18809
2016-05-09 14:40:21 -04:00
John Brooks
162aa14eef
Move rend client name checks to one function
2016-05-09 14:30:34 -04:00
teor (Tim Wilson-Brown)
c2817774c2
Allow directories in small networks to bootstrap
...
Skip DirPort checks when the consensus has no exits.
Resolves #19003 , bugfix on #18050 in 0.2.8.1-alpha.
2016-05-09 14:29:07 -04:00
John Brooks
dcc11674db
Add client auth for ADD_ONION services
2016-05-09 14:28:58 -04:00
John Brooks
d15354c73b
Add client auth to rend_service_add_ephemeral
2016-05-09 14:28:08 -04:00
John Brooks
d5a23ce115
Move rend auth cookie en-/decoding to a function
...
Tor stores client authorization cookies in two slightly different forms.
The service's client_keys file has the standard base64-encoded cookie,
including two chars of padding. The hostname file and the client remove
the two padding chars, and store an auth type flag in the unused bits.
The distinction makes no sense. Refactor all decoding to use the same
function, which will accept either form, and use a helper function for
encoding the truncated format.
2016-05-09 14:28:08 -04:00
teor (Tim Wilson-Brown)
0c41ae1832
Add a comment to have_enough_path_info()
...
Comment only change
2016-05-09 14:26:13 -04:00
Nick Mathewson
69380033d6
Merge branch 'timeouts_v2_squashed'
2016-05-09 14:06:10 -04:00
Nick Mathewson
af132fc299
timer tests: differences in timing accuracy can be negative.
...
Also, use symbolic names for good-enough thresholds for timer accuracy.
2016-05-09 14:04:54 -04:00
Nick Mathewson
11a09778d6
Test coverage for timers.
2016-05-09 14:04:54 -04:00
Nick Mathewson
10fd4535c2
Fix an OSX/clang compilation warning
2016-05-09 14:04:54 -04:00
Nick Mathewson
118556e4b3
Quick-and-dirty test for timers code.
2016-05-09 14:04:53 -04:00
Nick Mathewson
dcf948da06
Add wrappers to tie the new timeouts into libevent.
2016-05-09 14:04:06 -04:00
John Brooks
e7ff23beea
Make rend_authorized_client_free public
...
This is needed by control.c.
Also, check whether client_name is set before doing memwipe.
2016-05-09 13:53:24 -04:00
John Brooks
896271d525
Use uint8_t for rend descriptor_cookie fields
2016-05-09 13:53:09 -04:00
Karsten Loesing
3c2d4611ce
Update geoip and geoip6 to the May 4 2016 database.
2016-05-09 17:51:15 +02:00
Nick Mathewson
641cdc345c
Merge branch 'maint-0.2.8'
2016-05-05 08:25:27 -04:00
teor (Tim Wilson-Brown)
03fc4cf04c
Refactor router_pick_directory_server_impl to use node functions
...
No behavioural change
This makes the use of the node explicit in the function, rather
than hiding the node lookup in fascist_firewall_allows_rs.
2016-05-05 08:24:17 -04:00
teor (Tim Wilson-Brown)
225448ad34
Comment-only change to clarify routerstatus_t IPv4 byte order
2016-05-05 08:24:17 -04:00
teor (Tim Wilson-Brown)
7ec273bd4a
Rename skip_or and skip_dir to avoid confusion
...
Variable rename only
2016-05-05 08:24:17 -04:00
Nick Mathewson
68d913c49c
Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8
2016-05-05 08:16:36 -04:00
teor (Tim Wilson-Brown)
9aa280cc0c
Only choose directory DirPorts on relays
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
88deb52d55
Make clients only select directories with reachable ORPorts
...
This makes sure clients will only select relays which support
begindir over ORPort.
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
833b5f71a7
Make clients always use begindir for directory requests
...
This improves client anonymity and avoids directory header tampering.
The extra load on the authorities should be offset by the fallback
directories feature.
This also simplifies the fixes to #18809 .
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
2e5b35db81
Make directory node selection more reliable
...
Delete an unnecessary check for non-preferred IP versions.
Allows clients which can't reach any directories of their
preferred IP address version to get directory documents.
Patch on #17840 in 0.2.8.1-alpha.
2016-05-05 11:54:53 +10:00
Nick Mathewson
2da2718609
Merge branch 'maint-0.2.8'
2016-05-04 15:23:38 -04:00