Commit Graph

3699 Commits

Author SHA1 Message Date
George Kadianakis
b9010c8bf5 prop224 prepwork: Introduce HMAC-SHA3 function. 2016-12-14 15:17:57 -05:00
Nick Mathewson
954eeda619 Stop checking whether environ is declared.
There seems to be pretty good evidence that it's always declared,
and that checking for it is pointless.

Closes ticket 19142.
2016-12-12 10:55:10 -05:00
Nick Mathewson
b659ffe9ac Merge remote-tracking branch 'jryans/log-severity' 2016-12-12 09:46:07 -05:00
Nick Mathewson
e1f00c5f86 whitespace cleanups 2016-12-08 16:53:29 -05:00
Nick Mathewson
e93234af70 Merge branch 'feature15056_v1_squashed' 2016-12-08 16:49:24 -05:00
Nick Mathewson
937aef48ee Add an ed25519_copy; use it in a couple of places dgoulet suggested. 2016-12-08 16:48:01 -05:00
Nick Mathewson
2cdd24ddd6 Helper function for logging ed25519 public keys. 2016-12-08 16:47:58 -05:00
Nick Mathewson
129cee1c75 Merge branch 'maint-0.2.9' 2016-12-07 10:52:28 -05:00
Nick Mathewson
d6ca36defa Merge branch 'bug20710_025' into maint-0.2.9 2016-12-07 10:52:12 -05:00
J. Ryan Stinnett
9b2b799d82 Accept non-space whitespace characters in log severity syntax.
Adds a test_config_parse_log_severity unit test to verify behavior.

Fixes #19965.
2016-12-06 11:11:43 -10:00
Nick Mathewson
daeb633825 whitespace fix 2016-12-05 10:31:10 -05:00
Nick Mathewson
f92630941a Merge remote-tracking branch 'chelseakomlo/20717_hashing_api_bug' 2016-12-05 10:27:16 -05:00
J. Ryan Stinnett
7ffa95abd9 Clarify that ClientRejectInternalAddresses also rejects mDNS *.local hosts
Fixes #17070.
2016-12-03 21:10:40 -06:00
Nick Mathewson
e6facbfe7a Add accessor for inspecting timer callbacks. 2016-12-02 12:15:07 -05:00
Nick Mathewson
6a069959c6 Fix major errors in freeing getaddrinfo sandbox cache
Patch from cypherpunks. Fixes bug 20710; bugfix on 0.2.5.5-alpha.
2016-12-01 10:36:02 -05:00
teor
1e8f68a9c7 Add an extra warning message to check_private_dir 2016-12-01 09:51:19 -05:00
Nick Mathewson
21c47c4410 Add a smartlist_remove_keeporder() function, with tests. 2016-11-30 14:42:52 -05:00
Nick Mathewson
bf64564e37 Add a GUARD log domain, for use with new guards code 2016-11-30 14:42:52 -05:00
Nick Mathewson
539eba0a4b Teach parse_iso_time about the spaceless variant.
(We previously added support for generating the spaceless
2016-11-14T19:58:12 variant, but not for actually parsing it.)
2016-11-30 14:42:52 -05:00
Chelsea H. Komlo
e01b09d5ce
crypto_digest512 returns expected error value of -1 2016-11-24 12:14:54 -05:00
Chelsea H. Komlo
9d9110f65d
crypto_digest256 returns expected error value of -1 2016-11-24 12:13:07 -05:00
Chelsea H. Komlo
276d07a88a
crypto_digest returns expected error value of -1 2016-11-24 10:01:03 -05:00
Nick Mathewson
4614f8e681 Merge remote-tracking branch 'teor/fix-mingw-pagesize' 2016-11-22 18:29:50 -05:00
Fabian Keil
db2dd8434e finish_writing_to_file_impl(): Remove temporary file if replacing the existing one failed
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-16 11:25:26 -05:00
Nick Mathewson
431565e053 Helper function to see if an ed25519 pk is set. 2016-11-10 09:43:27 -05:00
Nick Mathewson
31f41fe096 Merge branch 'maint-0.2.9' 2016-11-08 18:45:10 -05:00
Nick Mathewson
286fa94064 Use va_copy() in pure-windows version of tor_asprintf().
It's not okay to use the same varargs list twice, and apparently
some windows build environments produce code here that would leave
tor_asprintf() broken. Fix for bug 20560; bugfix on 0.2.2.11-alpha
when tor_asprintf() was introduced.
2016-11-08 18:44:06 -05:00
Nick Mathewson
3e3040a5d9 Merge branch 'maint-0.2.9'
Conflicts:
	src/or/rendservice.c
2016-11-07 16:31:40 -05:00
Nick Mathewson
c2fc0941a5 Merge remote-tracking branch 'teor/bug20484_029_v2' into maint-0.2.9 2016-11-07 16:12:13 -05:00
Nick Mathewson
a415fee58a Merge branch 'maint-0.2.9' 2016-11-07 09:09:06 -05:00
Nick Mathewson
0bd55ed96a Always Use EVP_aes_*_ctr() with openssl 1.1
(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
2016-11-06 21:01:25 -05:00
Nick Mathewson
59f4cae68c Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 18:36:43 -04:00
Nick Mathewson
61bdc452b0 Merge branch 'bug20551_028' into maint-0.2.8 2016-11-03 18:36:25 -04:00
Nick Mathewson
3bb49c0110 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:41:04 -04:00
Nick Mathewson
957bdc4a42 Merge branch 'bug20553_028' 2016-11-03 10:52:21 -04:00
Nick Mathewson
9b18b215bb Work around a behavior change in openssl's BUF_MEM code
In our code to write public keys to a string, for some unfathomable
reason since 253f0f160e, we would allocate a memory BIO, then
set the NOCLOSE flag on it, extract its memory buffer, and free it.
Then a little while later we'd free the memory buffer with
BUF_MEM_free().

As of openssl 1.1 this doesn't work any more, since there is now a
BIO_BUF_MEM structure that wraps the BUF_MEM structure.  This
BIO_BUF_MEM doesn't get freed in our code.

So, we had a memory leak!

Is this an openssl bug?  Maybe.  But our code was already pretty
silly.  Why mess around with the NOCLOSE flag here when we can just
keep the BIO object around until we don't need the buffer any more?

Fixes bug 20553; bugfix on 0.0.2pre8
2016-11-03 10:51:10 -04:00
Nick Mathewson
1eef543f9d Merge branch 'bug20551_028' 2016-11-03 09:37:44 -04:00
Nick Mathewson
464783a8dc Use explicit casts to avoid warnings when building with openssl 1.1
fixes bug 20551; bugfix on 0.2.1.1-alpha
2016-11-03 09:35:41 -04:00
Nick Mathewson
d9ca4e20bd Merge branch 'feature_15055_v2' 2016-11-03 08:44:46 -04:00
Nick Mathewson
f156156d56 Audit use of tor_tls_cert_get_key().
This function is allowed to return NULL if the certified key isn't
RSA. But in a couple of places we were treating this as a bug or
internal error, and in one other place we weren't checking for it at
all!

Caught by Isis during code review for #15055.  The serious bug was
only on the 15055 branch, thank goodness.
2016-11-03 08:40:11 -04:00
Nick Mathewson
70e7d28b3e Generate our x509 certificates using sha256, not sha1.
All supported Tors (0.2.4+) require versions of openssl that can
handle this.

Now that our link certificates are RSA2048, this might actually help
vs fingerprinting a little.
2016-11-03 08:40:10 -04:00
Nick Mathewson
67e66898d2 For testing: add a tor_x509_cert_dup(). 2016-11-03 08:39:31 -04:00
Nick Mathewson
e64bac6eb4 Increase TLS RSA link key length to 2048 bits
Oddly, nothing broke.

Closes ticket 13752.
2016-11-03 08:39:30 -04:00
Nick Mathewson
0b4221f98d Make the current time an argument to x509 cert-checking functions
This makes the code a bit cleaner by having more of the functions be
pure functions that don't depend on the current time.
2016-11-03 08:37:22 -04:00
Nick Mathewson
b004ff45d7 New authentication types to use RFC5705.
See proposal 244.  This feature lets us stop looking at the internals
of SSL objects, *and* should let us port better to more SSL libraries,
if they have RFC5705 support.

Preparatory for #19156
2016-11-03 08:37:20 -04:00
teor
8f465808a0
Check for getpagesize before using it to mmap files
This fixes compilation in some MinGW environments.

Fixes bug 20530; bugfix on commit bf72878 in tor-0.1.2.1-alpha.
Reported by "ice".
2016-11-03 08:44:57 +11:00
teor
2f48693663
Improve comments in check_private_dir and onion poisoning
Comment changes only
2016-11-02 14:11:26 +11:00
Nick Mathewson
68a27dad43 Merge branch 'maint-0.2.9' 2016-10-31 16:33:12 -04:00
Nick Mathewson
becc957839 Actually clamp the number of detected CPUs to 16.
Previously we said we did, but didn't.

Fixes #19968; bugfix on 0.2.3.1-alpha.
2016-10-31 14:19:39 -04:00
overcaffeinated
265d5446fa Automated change to use smartlist_add_strdup
Use the following coccinelle script to change uses of
smartlist_add(sl, tor_strdup(str)) to
smartlist_add_strdup(sl, string) (coccinelle script from nickm
via bug 20048):

@@
expression a;
expression b;
@@
- smartlist_add
+ smartlist_add_strdup
   (a,
- tor_strdup(
   b
- )
  )
2016-10-27 10:26:06 +01:00
overcaffeinated
b8b8b6b70e Add implementation of smartlist_add_strdup
Add smartlist_add_strdup(sl, string) - replaces the use of
smartlist_add(sl, tor_strdup(string)). Fixes bug 20048.
2016-10-27 10:12:28 +01:00
Nick Mathewson
f3174428e2 Fix a syntax problem 2016-10-17 10:25:13 -04:00
Nick Mathewson
aae034d13e Write a bunch of module documentation.
This commit adds or improves the module-level documenation for:

  buffers.c circuitstats.c command.c connection_edge.c control.c
  cpuworker.c crypto_curve25519.c crypto_curve25519.h
  crypto_ed25519.c crypto_format.c dircollate.c dirserv.c dns.c
  dns_structs.h fp_pair.c geoip.c hibernate.c keypin.c ntmain.c
  onion.c onion_fast.c onion_ntor.c onion_tap.c periodic.c
  protover.c protover.h reasons.c rephist.c replaycache.c
  routerlist.c routerparse.c routerset.c statefile.c status.c
  tor_main.c workqueue.c

In particular, I've tried to explain (for each documented module)
what each module does, what's in it, what the big idea is, why it
belongs in Tor, and who calls it.  In a few cases, I've added TODO
notes about refactoring opportunities.

I've also renamed an argument, and fixed a few DOCDOC comments.
2016-10-17 10:16:59 -04:00
Nick Mathewson
af70e43131 Merge remote-tracking branch 'public/spaces_in_unix_addrs' 2016-10-14 10:21:41 -04:00
Nick Mathewson
2e7e635c59 Switch from "AF_UNIX is always equal" to "always unequal" to avoid wacky bugs. See discussion on 20261 2016-10-11 11:11:21 -04:00
Nick Mathewson
d25fed5174 Merge remote-tracking branch 'yawning-schwanenlied/bug20261' 2016-10-11 11:08:20 -04:00
paolo.ingls@gmail.com
ab78a4df93 torrc parsing b0rks on carriage-return
(Specifically, carriage return after a quoted value in a config
line. Fixes bug 19167; bugfix on 0.2.0.16-alpha when we introduced
support for quoted values. Unit tests, changes file, and this
parenthetical by nickm.)
2016-10-11 09:25:22 -04:00
Yawning Angel
7b2c856785 Bug 20261: Treat AF_UNIX addresses as equal when comparing them.
This is a kludge to deal with the fact that `tor_addr_t` doesn't contain
`sun_path`.  This currently ONLY happens when circuit isolation is being
checked, for an isolation mode that is force disabled anyway, so the
kludge is "ugly but adequate", but realistically, making `tor_addr_t`
and the AF_UNIX SocksPort code do the right thing is probably the better
option.
2016-10-10 20:57:45 +00:00
Nick Mathewson
850ec1e282 Stop implying that we support openssl 1.0.0; we don't.
Closes ticket 20303.

The LIBRESSL_VERSION_NUMBER check is needed because if our openssl
is really libressl, it will have an openssl version number we can't
really believe.
2016-10-06 12:58:49 -04:00
Nick Mathewson
05aed5b635 Allow a unix: address to contain a C-style quoted string.
Feature 18753 -- all this to allow spaces.
2016-10-04 15:43:20 -04:00
cypherpunks
3b2f012e28 Avoid reordering IPv6 interface addresses
When deleting unsuitable addresses in get_interface_address6_list(), to
avoid reordering IPv6 interface addresses and keep the order returned by
the OS, use SMARTLIST_DEL_CURRENT_KEEPORDER() instead of
SMARTLIST_DEL_CURRENT().

This issue was reported by René Mayrhofer.

[Closes ticket 20163; changes file written by teor. This paragraph
added by nickm]
2016-10-03 13:50:27 -04:00
Nick Mathewson
a633baf632 Merge branch 'osx_sierra_028' 2016-09-24 13:33:09 -07:00
Nick Mathewson
951638a06d Fix pthread_cond_timedwait() on OSX Sierra
Sierra provides clock_gettime(), but not pthread_condattr_setclock.
So we had better lot try to use CLOCK_MONOTONIC as our source for
time when waiting, since we ccan never actually tell the condition
that we mean CLOCK_MONOTONIC.

This isn't a tor bug yet, since we never actually pass a timeout to
tor_cond_wait() outside of the unit tests.
2016-09-24 09:12:00 -07:00
Nick Mathewson
1eba088054 Fix compilation on OSX Sierra (10.12) 2016-09-24 08:48:47 -07:00
Nick Mathewson
4c69ba5895 Fix conflicting types errors for aes.c. 2016-09-22 08:52:42 -04:00
Nick Mathewson
6cb9c2cf77 Add support for AES256 and AES192
(This will be used by prop224)
2016-09-16 11:21:33 -04:00
Nick Mathewson
83129031b1 Remove a needless level of indirection from crypto_cipher_t
Now that crypto_cipher_t only contains a pointer, it no longer
has any reason for an independent existence.
2016-09-16 10:20:08 -04:00
Nick Mathewson
ff116b7808 Simplify the crypto_cipher_t interface and structure
Previously, the IV and key were stored in the structure, even though
they mostly weren't needed.  The only purpose they had was to
support a seldom-used API where you could pass NULL when creating
a cipher in order to get a random key/IV, and then pull that key/IV
back out.

This saves 32 bytes per AES instance, and makes it easier to support
different key lengths.
2016-09-16 10:12:30 -04:00
Nick Mathewson
981d0a24b8 In aes.c, support 192-bit and 256-bit keys.
Also, change the input types for aes_new_cipher to be unsigned,
as they should have been all along.
2016-09-16 09:51:51 -04:00
Nick Mathewson
b88f918227 Remove an extraneous parenthesis in IF_BUG_OHNCE__
Fixes bug 20141; bugfix on 0.2.9.1-alpha.

Patch from Gisle Vanem.
2016-09-14 10:53:49 -04:00
Nick Mathewson
b488bd54ba Merge remote-tracking branch 'public/bug20063' 2016-09-13 11:25:59 -04:00
Nick Mathewson
4b182dfc23 Merge remote-tracking branch 'public/ticket19998' 2016-09-13 08:54:43 -04:00
Nick Mathewson
64521a9d35 Merge remote-tracking branch 'public/solaris_warnings_028' 2016-09-11 16:52:24 -04:00
Nick Mathewson
4c55e8a58f Fix cases where the tests were doing closesocket() on a non-socket
These seem to have caused warnings on windows. Hmmm.
2016-09-09 10:28:12 -04:00
Nick Mathewson
5e30e26c6d Chop another ~93 RSA key generations out of the unit tests
We have a mock for our RSA key generation function, so we now wire
it to pk_generate(). This covers all the cases that were not using
pk_generate() before -- all ~93 of them.
2016-09-09 09:45:50 -04:00
Nick Mathewson
3269307daf Treat all nonfatal assertion failures as unit test failures.
Part of 19999.
2016-09-08 13:27:30 -04:00
Nick Mathewson
d09723ad19 Add facility to suppress/capture tor_bug_occurred_() messages in unit tests. 2016-09-06 21:01:17 -04:00
Nick Mathewson
2b39c927c7 Add !(...) to BUG() log messages
They use the same code as reporting assertion failures, so we should
invert the sense of what we're "asserting".

Fixes bug 20093.
2016-09-06 21:00:51 -04:00
Nick Mathewson
5927ed8d33 checkSpace.pl now forbids more identifiers.
The functions it warns about are:
  assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
  strdup, strndup, calloc.

Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 12:35:37 -04:00
teor (Tim Wilson-Brown)
41ad244dd6
Fix a comment typo in smartlist_get_most_frequent_() 2016-09-06 17:49:44 +10:00
Nick Mathewson
b9a43c8f43 For me, asan/ubsan require more syscalls.
Permit sched_yield() and sigaltstack() in the sandbox.

Closes ticket 20063
2016-09-05 14:25:58 -04:00
Nick Mathewson
c2d1356739 Change servers to never pick 3DES.
Closes ticket 19998.
2016-09-05 14:09:14 -04:00
Nick Mathewson
251b348d7b It is not a bug to attempt to base32_decode a non-base32 string
(Rationale: it isn't a bug to try this for a base16 or base64
string. It's just a bad input that we're detecting.)
2016-08-31 14:31:00 -04:00
Nick Mathewson
69dce09031 Do not call tor_tls_server_info_callback(NULL) from tests.
This isn't valid behavior, and it causes a crash when you run
the unit tests at --debug.

I've added an IF_BUG_ONCE() check for this case.
2016-08-31 13:18:13 -04:00
Nick Mathewson
f74916a98f setup_capture_of_logs: no longer suppress log messages
Previously setup_capture_of_logs would prevent log messages from
going to the console entirely.  That's a problem, since sometimes
log messages are bugs!  Now setup_capture_of_logs() acts sensibly.

If you really do need to keep a message from going to the console
entirely, there is setup_full_capture_of_logs().  But only use that
if you're prepared to make sure that there are no extraneous
messages generated at all.
2016-08-31 12:51:22 -04:00
Nick Mathewson
40d05983c4 Fix some comments in sandbox.c
Closes ticket 19942; patch from "cypherpunks"
2016-08-23 10:02:11 -04:00
Nick Mathewson
a3d419634b Merge remote-tracking branch 'asn/bug19872_v2' 2016-08-23 08:50:32 -04:00
George Kadianakis
b8bfdf638e Introduce ed25519_{sign,checksig}_prefixed functions(). 2016-08-23 14:53:01 +03:00
Nick Mathewson
8f2f06c9b3 Merge branch 'maint-0.2.8' 2016-08-19 19:35:39 -04:00
Nick Mathewson
49843c980a Avoid confusing GCC 4.2.1 by saying "int foo()... inline int foo() {...}"
Fixes bug 19903; bugfix on 0.2.8.1-alpha.
2016-08-19 19:34:39 -04:00
Nick Mathewson
7f145b54af Merge remote-tracking branch 'public/Fix_19450' 2016-08-12 16:11:28 -04:00
cypherpunks
8d67c079b4 Fix integer overflows in the conversion tables 2016-08-12 14:18:01 -04:00
Nick Mathewson
e788c577f1 Only use evutil_secure_rng_add_bytes() when present.
OpenBSD removes this function, and now that Tor requires Libevent 2,
we should also support the OpenBSD Libevent 2.

Fixes bug 19904; bugfix on 0.2.5.4-alpha.
2016-08-11 20:37:18 -04:00
Nick Mathewson
60997a00e8 Fix a bug in the old-gcc version of ENABLE_GCC_WARNING
Fixes bug 19901; bugfix on 0.2.9.1-alpha.
2016-08-11 19:58:13 -04:00
Nick Mathewson
4d4ccc505b Search for remaining references to 'bufferevent'.
Remove or adjust as appropriate.
2016-08-02 13:59:47 -04:00
Nick Mathewson
88a7a02728 Bufferevent removal: remove more bufferevent-only options
(All this IOCP stuff was bufferevent-only.)
2016-08-02 13:33:08 -04:00
Nick Mathewson
8fd6b0fc46 Remove USE_BUFFEREVENTS code outside src/or 2016-08-02 13:22:06 -04:00
Andrea Shepard
1995328a3d Keep make check-spaces happy 2016-07-29 05:05:12 +00:00
Nick Mathewson
dffc6910b1 Three more -Wshadow fixes. 2016-07-28 11:24:03 -04:00
Nick Mathewson
94bff894f9 Fix a large pile of solaris warnings for bug 19767.
In nearly all cases, this is a matter of making sure that we include
orconfig.h before we include any standard c headers.
2016-07-28 10:47:46 -04:00