teor
b100c9e980
Merge remote-tracking branch 'tor-github/pr/911' into maint-0.4.0
2019-04-06 12:15:41 +10:00
Nick Mathewson
5cb94cbf9d
NSS: disable TLS1.2 SHA-384 ciphersuites.
...
In current NSS versions, these ciphersuites don't work with
SSL_ExportKeyingMaterial(), which was causing relays to fail when
they tried to negotiate the v3 link protocol authentication.
Fixes bug 29241; bugfix on 0.4.0.1-alpha.
2019-04-06 11:06:34 +10:00
Nick Mathewson
680fd3f8fb
NSS: Log an error message when SSL_ExportKeyingMaterial() fails
...
Diagnostic for 29241.
2019-04-06 11:06:22 +10:00
George Kadianakis
217db9efe1
Merge branch 'tor-github/pr/902' into maint-0.4.0
2019-04-05 14:53:33 +03:00
Nick Mathewson
db1c1dba34
Merge branch 'bug30021_029' into bug30021_035
2019-04-04 11:26:33 -04:00
George Kadianakis
00b073b1bc
Merge branch 'maint-0.3.5'
2019-02-14 18:01:07 +02:00
Nick Mathewson
49ec29044d
Add more openssl includes to fix no-deprecated compilation
...
Closes ticket 29026; patch from Mangix.
2019-02-08 08:51:23 -05:00
Nick Mathewson
2f683465d4
Bump copyright date to 2019
2019-01-16 12:33:22 -05:00
Nick Mathewson
efe55b8898
Bump copyright date to 2019.
2019-01-16 12:32:32 -05:00
Nick Mathewson
27853938a1
Merge branch 'maint-0.3.5'
2019-01-03 09:02:40 -05:00
Nick Mathewson
ed62f0fa15
Merge branch 'maint-0.3.4' into maint-0.3.5
2019-01-03 09:02:39 -05:00
Nick Mathewson
e429e31ad1
Normalize .may_include to always have paths, and paths to include
2018-11-14 16:07:35 -05:00
Nick Mathewson
f6b8c7da66
Move buffers.c out of lib/containers to resolve a circularity.
2018-11-14 16:07:03 -05:00
Nick Mathewson
d1e9285b1d
Merge branch 'maint-0.3.5'
2018-11-11 18:05:45 -05:00
Nick Mathewson
896d0ebb99
Merge branch 'maint-0.3.4' into maint-0.3.5
2018-11-11 18:05:45 -05:00
Nick Mathewson
bf4f55a13d
Merge branch 'subsystems'
2018-11-09 15:01:49 -05:00
Nick Mathewson
c6336727ca
Rename subsystem callback functions to make them consistent
2018-11-09 11:12:12 -05:00
Nick Mathewson
2ac2d0a426
Merge branch 'maint-0.3.4' into maint-0.3.5
2018-11-09 10:49:47 -05:00
Nick Mathewson
32b23a4c40
Make tortls use the subsystems interface
...
This one only needs a shutdown right now.
2018-11-05 09:22:02 -05:00
Nick Mathewson
2dccef0eb4
Merge branch 'bug27772_squashed'
2018-10-14 15:31:52 -04:00
Nick Mathewson
7c8f20ba44
In tor_tls_get_my_certs(), set cert ptrs even on failure
...
Nothing should ever look at them on failure, but in some cases,
the unit tests don't check for failure, and then GCC-LTO freaks out.
Fixes part of 27772.
2018-10-14 15:25:16 -04:00
Nick Mathewson
4e2028152d
Fix an NSS socket leak-on-error found by dgoulet
2018-09-20 13:53:04 -04:00
Nick Mathewson
d6c564e09a
Use the correct macro to detect an invalid socket in tortls_nss.c
...
Fixes bug 27782; bugfix on 0.3.5.1-alpha
2018-09-20 12:55:31 -04:00
Nick Mathewson
62b709bc26
Release ownership of the dummy socket that tortls_nss.c will close
...
Related to #27795 -- since NSS will close the socket, we must not
count it as owned by Tor.
2018-09-20 12:53:39 -04:00
Nick Mathewson
991bec67ee
When Tor is compiled with NSS, don't claim support for LinkAuth=1
...
Closes ticket 27288
2018-09-16 13:28:29 -04:00
Nick Mathewson
af39649aad
Explicitly ignore BIO_set_close() return val to fix #27711
2018-09-14 13:09:10 -04:00
Nick Mathewson
79f8641ee5
Merge branch 'nss_countbytes_squashed'
2018-09-14 12:45:30 -04:00
Nick Mathewson
ac93c911ce
Allow malloc includes in tls library
2018-09-14 12:44:56 -04:00
Nick Mathewson
126819c947
Add support for lower-level byte counting with NSS
...
This is harder than with OpenSSL, since OpenSSL counts the bytes on
its own and NSS doesn't. To fix this, we need to define a new
PRFileDesc layer that has its own byte-counting support.
Closes ticket 27289.
2018-09-14 12:44:56 -04:00
Nick Mathewson
ae5692994f
Add a tor_tls_release_socket() function.
...
This function tells the underlying TLS object that it shouldn't
close the fd on exit. Mostly, we hope not to have to use it, since
the NSS implementation is kludgey, but it should allow us to fix
2018-09-12 11:12:05 -04:00
Nick Mathewson
ee6d8bcf71
Merge branch 'maint-0.3.4'
2018-09-07 09:15:56 -04:00
Nick Mathewson
22e2403145
Revert "Avoid double-close on TCP sockets under NSS."
...
This reverts commit b5fddbd241
.
The commit here was supposed to be a solution for #27451 (fd
management with NSS), but instead it caused an assertion failure.
Fixes bug 27500; but not in any released Tor.
2018-09-06 11:06:30 -04:00
Nick Mathewson
b8a2bdbdc8
Backport to older NSS, which does not have SEC_DerSignDataWithAlgorithmID
2018-09-05 16:49:15 -04:00
Nick Mathewson
710aa122e4
Suppress strict-prototypes warnings in one more batch of NSS headers
2018-09-05 16:36:18 -04:00
Nick Mathewson
824160fd82
Fix a type, and hopefully the win64 builds.
2018-09-05 09:36:15 -04:00
Nick Mathewson
79a7fbb79b
Fix a reverse-inull warning from coverity in new code.
2018-09-05 08:34:14 -04:00
Nick Mathewson
03efb67b42
Debug one last reference-counting issue that only appeared on openssl master
2018-09-04 20:46:46 -04:00
Nick Mathewson
0db5c54957
Merge branch 'nss_squashed' into nss_merge
2018-09-04 20:21:07 -04:00
Nick Mathewson
d644c93ae9
Resolve openssl-only memory leaks
2018-09-04 19:45:28 -04:00
Nick Mathewson
c50537fd94
Fix a pair of remaining leaks in tortls_nss.c
...
Fun fact: PR_Close leaks memory if its socket is not valid.
2018-09-04 19:45:21 -04:00
Nick Mathewson
274efb1263
Use FREE_AND_NULL for impl types
2018-09-04 14:52:35 -04:00
Nick Mathewson
ad94d43fc5
Port test_tortls_verify to not depend on openssl internals
2018-09-04 14:52:35 -04:00
Nick Mathewson
59c1b34b72
Remove tor_tls_check_lifetime as unused.
...
Everything that might have used it, uses tor_tls_cert_is_valid() instead.
2018-09-04 14:52:35 -04:00
Nick Mathewson
7acb8c8d18
Document winsock includes better
2018-09-04 14:52:35 -04:00
Nick Mathewson
52ac539b99
Test a few more tortls.c functions
2018-09-04 14:52:35 -04:00
Nick Mathewson
7163389b55
Several unit tests to improve test coverage of x509*.c
2018-09-04 14:52:35 -04:00
Nick Mathewson
02086a216f
Remove tor_x509_get_cert_impl as unneeded.
2018-09-04 14:52:35 -04:00
Nick Mathewson
b5fddbd241
Avoid double-close on TCP sockets under NSS.
2018-09-04 14:52:35 -04:00
Nick Mathewson
52d5f4da12
Avoid spurious error logs when using NSS
...
The tls_log_errors() function now behaves differently for NSS than
it did for OpenSSL, so we need to tweak it a bit.
2018-09-04 14:52:35 -04:00
Nick Mathewson
dd04fc35c6
Remove tor_tls_shutdown()
...
This function was supposed to implement a half-duplex mode for our
TLS connections. However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me. It's probably best to remove it. We can add a tested one
later if we need one in the future.
2018-09-04 14:52:35 -04:00