Commit Graph

17148 Commits

Author SHA1 Message Date
David Goulet
6ac85ca2b4 prop224: Fix crosscert memory leaks on error 2016-11-04 14:16:42 -04:00
Nick Mathewson
29ae8dcf96 Fix a bunch of leaks in hs_cache/upload_and_download_hs_desc 2016-11-04 14:13:30 -04:00
David Goulet
954fb99a48 Fix a use-after-free error. 2016-11-04 14:07:33 -04:00
Nick Mathewson
6847b9f6af Fix make check-spaces 2016-11-04 14:00:08 -04:00
Nick Mathewson
0e2df2b653 Tell a broken test to skip itself 2016-11-04 13:57:07 -04:00
David Goulet
b876e5128a prop224: fix unit test to actually initialize a connection object
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 13:53:20 -04:00
Nick Mathewson
09c750cce3 Check the correct key when checking RSA crosscert in hs_descriptor.c
Note that the "signed key" in the signing key certificate is the
signing key.  The "signing key" in the  signing key certificate is
the key that signs the certificate -- that is, the blinded key.
2016-11-04 13:49:05 -04:00
Nick Mathewson
dbd01590cc Fix an assertion failure in hs_cache_free_all().
It's possible for Tor to decide to exit before it's 100% done
initializing.  So, don't assert that the initialization is done.
2016-11-04 13:30:10 -04:00
Nick Mathewson
d88046a80d Fix compilation. 2016-11-04 13:26:56 -04:00
Nick Mathewson
c35c43d7d9 Merge branch 'ticket17238_029_02-resquash'
Conflicts:
	src/or/rendclient.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/test/test_dir.c
	src/trunnel/ed25519_cert.h
2016-11-04 13:26:37 -04:00
Nick Mathewson
c189cb5cc2 Use a better salted-MAC construction in build_mac() 2016-11-04 13:15:28 -04:00
David Goulet
1eed6edf36 prop224: Add a cache free all function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
3f29688bdf prop224: Use a const pointer for the cache lookup entry
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
1263f74a12 prop224: Rename cert type to follow naming convention
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
1517a8a2eb Add EnableOnionServicesV3 consensus parameter
This parameter controls if onion services version 3 (first version of prop224)
is enabled or not. If disabled, the tor daemon will not support the protocol
for all components such as relay, directory, service and client. If the
parameter is not found, it's enabled by default.

Closes #19899

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
d795ed5871 Make check-spaces happy :)
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
a8efd087bd test: Add prop224 directory fetch/upload unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
f59990f24d prop224: Directory support for v3 descriptor fetch
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
45a72356cb prop224: Directory support for v3 descriptor publishing
Closes #19205

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
1aeaba4906 test: Add prop224 directory cache unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
025610612d prop224: Directory cache support
This implements the proposal 224 directory descriptor cache store and lookup
functionalities. Furthermore, it merges the OOM call for the HSDir cache with
current protocol v2 and the new upcoming v3.

Add hs_cache.{c|h} with store/lookup API.

Closes #18572

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:31:35 -04:00
David Goulet
473f99bf7b test: Add prop224 descriptor unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:28 -04:00
David Goulet
cff1fd63f1 prop224: Descriptor decoding implementation
Closes #18571

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:28 -04:00
David Goulet
91b5d0789f prop224: Descriptor encoding implementation
Add hs_descriptor.{c|h} with the needed ABI to represent a descriptor and
needed component.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:27 -04:00
David Goulet
02ad553ccd prop224: Add new cert type for hidden service
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:27 -04:00
David Goulet
15f3563f1b trunnel: Uncomment link_specifier so we can use it
Also add a trunnel definition for link_specifier_list

Signed-off-by: John Brooks <special@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:27 -04:00
David Goulet
e8c12175fe Move token parsing code to parsecommon.{c|h}
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:26 -04:00
David Goulet
8293356ad9 hs: Refactor rend_data_t for multi version support
In order to implement proposal 224, we need the data structure rend_data_t to
be able to accomodate versionning that is the current version of hidden
service (2) and the new version (3) and future version.

For that, we implement a series of accessors and a downcast function to get
the v2 data structure. rend_data_t becomes a top level generic place holder.

The entire rend_data_t API has been moved to hs_common.{c|h} in order to
seperate code that is shared from between HS versions and unshared code (in
rendcommon.c).

Closes #19024

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:26 -04:00
Nick Mathewson
00bdd56b18 Only check cert expiry vs TIME_MAX when time_t is less than 64-bit
Fixes issue 20558 / CID 1375988.
2016-11-03 19:29:52 -04:00
Nick Mathewson
bd6aa4f3d1 Split a wide line 2016-11-03 19:12:18 -04:00
Nick Mathewson
e8624b72a8 Merge remote-tracking branch 'dgoulet/bug20526_030_01' 2016-11-03 19:09:42 -04:00
Nick Mathewson
80a5091e4f Merge remote-tracking branch 'mintytoast/bug_19563' 2016-11-03 18:40:41 -04:00
Nick Mathewson
59f4cae68c Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 18:36:43 -04:00
Nick Mathewson
61bdc452b0 Merge branch 'bug20551_028' into maint-0.2.8 2016-11-03 18:36:25 -04:00
Nick Mathewson
63c94954b1 Fix BUG message in channel/queue_impossible 2016-11-03 18:34:44 -04:00
overcaffeinated
dce4603d9b Use tor_htonll in test_util_format_unaligned_accessors
Remove the inline htonll, switch to tor_htonll for
test_util_format_unaligned_accessors.
2016-11-03 21:18:02 +00:00
overcaffeinated
c613446ca2 Refactor tests for tor_htonll and tor_ntohll
Following kind feedback from dgoulet: add tests for min (0) and
max (UINT64_MAX) values. Rename expected results to something more
sensible than 'n'.
2016-11-03 20:52:11 +00:00
Nick Mathewson
0533d14213 Replace some assert(1)s with nonfatal_unreached_once().
These were probably supposed to be assert(0).
2016-11-03 16:06:53 -04:00
Nick Mathewson
272572c3a2 Merge branch 'maint-0.2.9' 2016-11-03 15:45:16 -04:00
Nick Mathewson
3cd520a52d Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:44:46 -04:00
Nick Mathewson
7a45ef5a47 Merge remote-tracking branch 'arma/bug19969_028_squashed' into maint-0.2.8 2016-11-03 15:44:30 -04:00
Nick Mathewson
3bb49c0110 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:41:04 -04:00
overcaffeinated
c4603233db Add unit test for tor_htonll and tor_ntohll
Add tests for tor_htonll and tor_ntohll - fixes bug 19563.
2016-11-03 19:37:59 +00:00
Nick Mathewson
f0b86e30d0 Add assertion that cpath_layer==NULL on OR circ 2016-11-03 14:36:10 -04:00
Nick Mathewson
40487b0141 Merge remote-tracking branch 'dgoulet/bug20376_030_01' 2016-11-03 14:35:03 -04:00
Nick Mathewson
df2615d43d fix wide lines 2016-11-03 14:29:18 -04:00
Nick Mathewson
16e75587f6 Merge branch 'bug20527_030_01_squashed' 2016-11-03 14:23:47 -04:00
Ivan Markin
2f52faee03 hs: Escape service directories before printing them
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-03 14:23:37 -04:00
Nick Mathewson
409984c6ae Fix two warnings in test_link_handshake.c
One is fixed by disabling the -Wredundant-decls warnings around
openssl headers here, because of the old double-declaration of
SSL_get_selected_srtp_profile().

One is fixed by including compat.h before or.h so that we get the
winsock2.h include before the windows.h include.
2016-11-03 11:16:06 -04:00
Nick Mathewson
957bdc4a42 Merge branch 'bug20553_028' 2016-11-03 10:52:21 -04:00
Nick Mathewson
9b18b215bb Work around a behavior change in openssl's BUF_MEM code
In our code to write public keys to a string, for some unfathomable
reason since 253f0f160e, we would allocate a memory BIO, then
set the NOCLOSE flag on it, extract its memory buffer, and free it.
Then a little while later we'd free the memory buffer with
BUF_MEM_free().

As of openssl 1.1 this doesn't work any more, since there is now a
BIO_BUF_MEM structure that wraps the BUF_MEM structure.  This
BIO_BUF_MEM doesn't get freed in our code.

So, we had a memory leak!

Is this an openssl bug?  Maybe.  But our code was already pretty
silly.  Why mess around with the NOCLOSE flag here when we can just
keep the BIO object around until we don't need the buffer any more?

Fixes bug 20553; bugfix on 0.0.2pre8
2016-11-03 10:51:10 -04:00
Nick Mathewson
b7a1e793e6 Declare a LINKAUTH subprotocol version for #15055 (ed link handshake)
Closes ticket 20552.
2016-11-03 10:01:40 -04:00
Nick Mathewson
1eef543f9d Merge branch 'bug20551_028' 2016-11-03 09:37:44 -04:00
Nick Mathewson
464783a8dc Use explicit casts to avoid warnings when building with openssl 1.1
fixes bug 20551; bugfix on 0.2.1.1-alpha
2016-11-03 09:35:41 -04:00
Nick Mathewson
32854aef28 whitespace fixes 2016-11-03 08:55:54 -04:00
Nick Mathewson
d9ca4e20bd Merge branch 'feature_15055_v2' 2016-11-03 08:44:46 -04:00
Nick Mathewson
f156156d56 Audit use of tor_tls_cert_get_key().
This function is allowed to return NULL if the certified key isn't
RSA. But in a couple of places we were treating this as a bug or
internal error, and in one other place we weren't checking for it at
all!

Caught by Isis during code review for #15055.  The serious bug was
only on the 15055 branch, thank goodness.
2016-11-03 08:40:11 -04:00
Nick Mathewson
b978494ed9 Extract the common code in add_*_cert to a helper. 2016-11-03 08:40:11 -04:00
Isis Lovecruft
19abc2eae7 Mark some functions as needing documentation in src/or/routerkeys.c. 2016-11-03 08:40:10 -04:00
Isis Lovecruft
a53059c6a0 Document two additional functions in src/or/routerkeys.c.
Adds docstrings for generate_ed_link_cert() and should_make_new_ed_keys().
2016-11-03 08:40:10 -04:00
Nick Mathewson
70e7d28b3e Generate our x509 certificates using sha256, not sha1.
All supported Tors (0.2.4+) require versions of openssl that can
handle this.

Now that our link certificates are RSA2048, this might actually help
vs fingerprinting a little.
2016-11-03 08:40:10 -04:00
Nick Mathewson
805e97a433 Drop support for AUTHTYPE_RSA_SHA256_RFC5705 authentication.
This was a stopgap method, designed on the theory that some routers
might support it before they could support Ed25519.  But it looks
like everybody who supports RFC5705 will also have an Ed25519 key,
so there's not a lot of reason to have this even supported.
2016-11-03 08:40:10 -04:00
Nick Mathewson
5a2f70f86a Clean up comments, mark more branches as BUG. 2016-11-03 08:40:10 -04:00
Nick Mathewson
d4c57909f8 Test failing cases of ed25519 authentication. 2016-11-03 08:40:10 -04:00
Nick Mathewson
acbb60cd63 Move unittests' RSA pregen code into a new file, and improve.
This patch moves the pregenerated RSA key logic into a new
testing_rsakeys.c.

Also, it adds support for RSA2048, since the link handshake tests
want that.

Also, it includes pregenerated keys, rather than trying to actually
generate the keys at startup, since generating even a small handful
of RSA2048 keys makes for an annoying delay.
2016-11-03 08:40:10 -04:00
Nick Mathewson
af2459f09e Unit tests for cert-chain-processing, including failed cases
Check out the coverage!
2016-11-03 08:40:10 -04:00
Nick Mathewson
a90a111a5f Label a few conditions in link authentication code as bugs. 2016-11-03 08:40:09 -04:00
Nick Mathewson
672fe4bee4 Extend link handshake tests to handle successful Ed25519 handshakes.
Success cases only. Failure cases to come.
2016-11-03 08:40:09 -04:00
Nick Mathewson
99af260acc For testing: function to construct (but not save) Ed keys and certs 2016-11-03 08:40:09 -04:00
Nick Mathewson
67e66898d2 For testing: add a tor_x509_cert_dup(). 2016-11-03 08:39:31 -04:00
Nick Mathewson
88c2a6b936 Send and receive AUTHENTICATE cells correctly with ED keys.
Includes updated test for authchallenge cells
2016-11-03 08:39:31 -04:00
Nick Mathewson
e64bac6eb4 Increase TLS RSA link key length to 2048 bits
Oddly, nothing broke.

Closes ticket 13752.
2016-11-03 08:39:30 -04:00
Nick Mathewson
b4a5c77901 Verify ed25519 link handshake certificates
This code stores the ed certs as appropriate, and tries to check
them. The Ed25519 result is not yet used, and (because of its
behavior) this will break RSA authenticate cells.  That will get
fixed as we go, however.

This should implement 19157, but it needs tests, and it needs
to get wired in.
2016-11-03 08:39:28 -04:00
Nick Mathewson
99b3e54691 Add "Ed ID" arguments to a bunch of connection-ID-related fns.
In particular, these functions are the ones that set the identity of
a given connection or channel, and/or confirm that we have learned
said IDs.

There's a lot of stub code here: we don't actually need to use the
new keys till we start looking up connections/channels by Ed25519
IDs.  Still, we want to start passing the Ed25519 IDs in now, so it
makes sense to add these stubs as part of 15055.
2016-11-03 08:37:22 -04:00
Nick Mathewson
0704fa8a63 Handle u32 overflow in ed25519 cert expiration time.
The impact here isn't too bad. First, the only affected certs that
expire after 32-bit signed time overflows in Y2038. Second, it could
only make it seem that a non-expired cert is expired: it could never
make it seem that an expired cert was still live.

Fixes bug 20027; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:22 -04:00
Nick Mathewson
fae7060aea Fix a misfeature with the Ed cert expiration API
The batch-verification helper didn't expose the expiration time,
which made it pretty error-prone.

This closes ticket 15087.
2016-11-03 08:37:22 -04:00
Nick Mathewson
0b4221f98d Make the current time an argument to x509 cert-checking functions
This makes the code a bit cleaner by having more of the functions be
pure functions that don't depend on the current time.
2016-11-03 08:37:22 -04:00
Nick Mathewson
e3c8253721 Add function to check RSA->Ed cross-certifications
Also, adjust signing approach to more closely match the signing
scheme in the proposal.

(The format doesn't quite match the format in the proposal, since
RSA signatures aren't fixed-length.)

Closes 19020.
2016-11-03 08:37:22 -04:00
Nick Mathewson
348b90a915 Refactor RSA certificate checking into its own function. 2016-11-03 08:37:22 -04:00
Nick Mathewson
e94f1b4e0d Free rsa_ed_crosscert at exit.
Fixes bug 17779; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:21 -04:00
Nick Mathewson
e23389841c Migrate certificates into a sub-structure of or_handshake_state
This will help us do cert-checking in the background in the future,
perhaps.
2016-11-03 08:37:21 -04:00
Nick Mathewson
4ef42e7c52 Refactor ...compute_authenticate_cell_body() to return a var_cell_t.
This means we don't need to precompute the length.

Helps simplify the implementation of 19156.
2016-11-03 08:37:21 -04:00
Nick Mathewson
2bf6553949 Code to send correct authentication data when we are using AUTHTYPE>2
Implements the major part of 19156, except doesn't actually send the
new cell type yet.
2016-11-03 08:37:21 -04:00
Nick Mathewson
b004ff45d7 New authentication types to use RFC5705.
See proposal 244.  This feature lets us stop looking at the internals
of SSL objects, *and* should let us port better to more SSL libraries,
if they have RFC5705 support.

Preparatory for #19156
2016-11-03 08:37:20 -04:00
Nick Mathewson
fdd8f8df67 Send ed25519 certificates in certs cell, when we have them.
Implements 19155 (send CERTS cells correctly for Ed25519)

Also send RSA->Ed crosscert
2016-11-03 08:37:16 -04:00
Nick Mathewson
5205e95275 Refactor connection_or_send_certs_cell() to use trunnel
We no longer generate certs cells by pasting the certs together one
by one. Instead we use trunnel to generate them.

Preliminary work for 19155 (send CERTS cell with ed certs)
2016-11-03 08:35:40 -04:00
Nick Mathewson
986695fb74 When parsing certs cells, allow more certs types
Implements the parsing part of #19157
2016-11-03 08:35:36 -04:00
teor
8f465808a0
Check for getpagesize before using it to mmap files
This fixes compilation in some MinGW environments.

Fixes bug 20530; bugfix on commit bf72878 in tor-0.1.2.1-alpha.
Reported by "ice".
2016-11-03 08:44:57 +11:00
Ivan Markin
922bc45a56 hs: Added rend_service_is_ephemeral() and made related code use it
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-02 10:01:35 -04:00
teor
0ee9049e94
Use the latest options in rend_service_check_private_dir
Fixup on both:
* Refactor, adding a create argument... and
* Check every hidden service directory's permissions...
2016-11-02 14:55:14 +11:00
teor
1747f28861
Check every hidden service directory's permissions when configuring
Previously, we would only check the last hidden service directory.

Fixes #20529, bugfix on ticket 13942 commit 85bfad1 in 0.2.6.2-alpha.
2016-11-02 14:32:04 +11:00
teor
01fe039b78
Test single onion service configs where the directory does not exist
Runs a test for each combination of create/don't create directories.

Tests #20484.
2016-11-02 14:17:52 +11:00
teor
13fbbe9cce
Make sure passthrough_test_setup doesn't inadvertently fail or skip tests
passthrough_test_setup doesn't pass through arguments if the argument
is equal to 0 or TT_SKIP. Instead, it fails or skips the test.

Assert on this, so we don't accidentally fail or skip tests.
2016-11-02 14:16:14 +11:00
teor
77e1d660ee
Add get_fname_rnd for unit tests that want a unique path every time 2016-11-02 14:14:19 +11:00
teor
d7634dc519
Create get_fname_suffix, and refactor get_fname to use it 2016-11-02 14:13:34 +11:00
teor
2f48693663
Improve comments in check_private_dir and onion poisoning
Comment changes only
2016-11-02 14:11:26 +11:00
teor
a906ff88a3
fixup! Refactor, adding a create argument to rend_service_check_private_dir 2016-11-02 14:10:52 +11:00
teor
fedafe7c0e
Use check_private_dir in test_single_onion_poisoning
This avoids Win32 conditionals for mkdir.
2016-11-02 11:37:11 +11:00
teor
6c54181559
Remove redundant group permission code from rend_service_check_private_dir
check_private_dir already does this for existing directories.
2016-11-02 11:20:49 +11:00
teor
c9db775243
Refactor, adding a create argument to rend_service_check_private_dir
It used to be rend_service_check_and_create_private_dir, which always
created the directory.

No behaviour change.
2016-11-02 11:20:19 +11:00
Nick Mathewson
b2f82d45b7 Always call connection_ap_attach_pending() once a second.
Fixes bug 19969; bugfix on b1d56fc58.  We can fix this some more in
later Tors, but for now, this is probably the simplest fix possible.

This is a belt-and-suspenders fix, where the earlier fix ("Ask
event_base_loop to finish when we add a pending stream") aims to respond
to new streams as soon as they arrive, and this one aims to make sure
that we definitely respond to all of the streams.
2016-11-01 20:09:44 -04:00
Roger Dingledine
d89804a69d Ask event_base_loop to finish when we add a pending stream
Fixes bug 19969; bugfix on b1d56fc58. We can fix this some more in
later Tors, but for now, this is probably the right fix for us.
2016-11-01 19:52:55 -04:00
Roger Dingledine
28b755e660 refactor out the tor_event_base_loopexit() call
no actual changes
2016-11-01 19:52:54 -04:00
Nick Mathewson
25f53955f6 Merge branch 'maint-0.2.9' 2016-11-01 13:32:29 -04:00
Nick Mathewson
ff3e08f2af Attempt to fix unit tests on netbsd 2016-11-01 13:32:21 -04:00
Nick Mathewson
cb35a7c271 Merge branch 'maint-0.2.9' 2016-11-01 13:05:45 -04:00
Nick Mathewson
733b245283 Merge remote-tracking branch 'teor/bug20472-029-v2' into maint-0.2.9 2016-11-01 13:05:33 -04:00
Nick Mathewson
68a27dad43 Merge branch 'maint-0.2.9' 2016-10-31 16:33:12 -04:00
Nick Mathewson
e712b5d784 Merge branch 'bug19968_029' into maint-0.2.9 2016-10-31 16:33:03 -04:00
Nick Mathewson
1d76d38903 Re-run trunnel. 2016-10-31 16:25:34 -04:00
David Goulet
0fa671843e prop224: Add INTRODUCE1 and INTRODUCE_ACK trunnel definition
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-31 16:24:30 -04:00
David Goulet
f22eb2730c prop224: Add ESTABLISH_INTRO and INTRO_ESTABLISHED trunnel definition
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-31 16:03:28 -04:00
Nick Mathewson
59a78187cd Merge branch 'maint-0.2.9' 2016-10-31 15:20:45 -04:00
Nick Mathewson
24b7b922ae Actually free the worker_state_t object when we do an update with it
Previously we freed the old "keys" object, but leaked the
worker_state_t that we had taken it from.

Fixes bug 20401; bugfix on 0.2.6.3-alpha.
2016-10-31 15:20:25 -04:00
Nick Mathewson
d73c671d6d policy_is_reject_star():
ome policies are default-reject, some default-accept.  But
policy_is_reject_star() assumed they were all default_reject.  Fix
that!

Also, document that policy_is_reject_star() treats a NULL policy as
empty. This allows us to simplify the checks in
parse_reachable_addresses() by quite a bit.

Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-31 15:05:56 -04:00
Nick Mathewson
8841a9e396 Create single-onion-service directory before poisoning it, if needed
(Also, refactor the code to create a hidden service directory into a
separate funcion, so we don't have to duplicate it.)

Fixes bug 20484; bugfix on 0.2.9.3-alpha.
2016-10-31 14:54:20 -04:00
Nick Mathewson
becc957839 Actually clamp the number of detected CPUs to 16.
Previously we said we did, but didn't.

Fixes #19968; bugfix on 0.2.3.1-alpha.
2016-10-31 14:19:39 -04:00
teor
3158777d35
Rename routerstatus_version_supports_ntor to *_supports_extend2_cells
This helps avoid the confusion that caused bug 20472.
Bugfix on commit 10aa913 from #19163 in tor-0.2.9.3-alpha.
2016-10-31 17:02:21 +11:00
teor
d81f2b5d81
Refactor circuit_pick_create_handshake
Make the structure of circuit_pick_create_handshake consistent with
circuit_pick_extend_handshake.

No behaviour change.
2016-10-31 17:01:33 +11:00
teor
26d7a07ad7
In circuit_pick_extend_handshake, assume all hops support EXTEND2 and ntor
This simplifies the function: if we have an ntor key, use ntor/EXTEND2,
otherwise, use TAP/EXTEND.

Bugfix on commit 10aa913 from 19163 in 0.2.9.3-alpha.
2016-10-31 17:01:04 +11:00
Nick Mathewson
cac495f0ff Merge branch 'bug20494' 2016-10-28 22:55:08 -04:00
Nick Mathewson
ada75d5567 Fix bad warning when checking IP policies.
I had replaced a comment implying that a set of ifs was meant to be
exhaustive with an actual check for exhaustiveness.  It turns out,
they were exhaustive, but not in the way I had assumed. :(

Bug introduced in f3e158edf7, not in any released Tor.
2016-10-28 15:33:12 -04:00
Matt Traudt
183fbc4137 Hopefully fix int64 comparisons in test_dir_networkstatus_compute_bw_weights_v10 2016-10-28 11:37:28 -04:00
Nick Mathewson
f3e158edf7 Comment the heck out of the stream/circuit attaching process. 2016-10-27 12:04:43 -04:00
David Goulet
70b9e79700 Slightly refactor and fix couple callsites
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-27 10:34:02 -04:00
Nick Mathewson
dc79504e2a Document main.c a lot better 2016-10-27 10:25:26 -04:00
Ivan Markin
23b878b875 Do assert when calling relay_send_command_from_edge() on OR-side circs 2016-10-27 10:19:06 -04:00
Ivan Markin
2d04946960 Do not mark circs for close again after relay_send_command_from_edge() 2016-10-27 10:19:04 -04:00
Nick Mathewson
172b124006 Resolve memory leaks in test_dir_networkstatus_compute_bw_weights_v10 2016-10-27 09:41:19 -04:00
overcaffeinated
e2577cce0c Convert remaining files to smartlist_add_strdup
The coccinelle script produced errors with these test files so
convert the remaining cases of smartlist_add to
smartlist_add_strdup by hand.
2016-10-27 11:15:57 +01:00
overcaffeinated
265d5446fa Automated change to use smartlist_add_strdup
Use the following coccinelle script to change uses of
smartlist_add(sl, tor_strdup(str)) to
smartlist_add_strdup(sl, string) (coccinelle script from nickm
via bug 20048):

@@
expression a;
expression b;
@@
- smartlist_add
+ smartlist_add_strdup
   (a,
- tor_strdup(
   b
- )
  )
2016-10-27 10:26:06 +01:00
overcaffeinated
b8b8b6b70e Add implementation of smartlist_add_strdup
Add smartlist_add_strdup(sl, string) - replaces the use of
smartlist_add(sl, tor_strdup(string)). Fixes bug 20048.
2016-10-27 10:12:28 +01:00
Nick Mathewson
77d14b5f56 Small refactoring: explain G,M,E,D,T initialization 2016-10-26 16:39:59 -04:00
Matt Traudt
6629c5c3fe Add historic bwweight tests, comments, line len fixes 2016-10-26 16:37:16 -04:00
Matt Traudt
7ba0ae9426 Add consensus weight calculation tests 2016-10-26 16:37:16 -04:00
Matt Traudt
909ee0e55f Fix default bw weights with new consensus method
See #14881
2016-10-26 16:33:54 -04:00
Nick Mathewson
39375db3dc Merge remote-tracking branch 'pastly/ticket20459' 2016-10-26 16:22:06 -04:00
Nick Mathewson
5a1779b7ff Merge branch 'maint-0.2.9' 2016-10-26 14:17:21 -04:00
Nick Mathewson
d288704023 Avoid tor_fragile_assert() failure with DNSPort on RESOLVED_TYPE_ERROR
The tor_fragile_assert() bug has existed here since c8a5e2d588
in tor-0.2.1.7-alpha forever, but tor_fragile_assert() was mostly a
no-op until 0.2.9.1-alpha.

Fixes bug 19869.
2016-10-26 14:16:40 -04:00
Nick Mathewson
8a38d053a0 Continue the module documentation effort with circuitbuild and circuituse 2016-10-26 13:30:23 -04:00
Nick Mathewson
9c8dbcd0d6 More module documentation (circpathbias, circuitlist) 2016-10-26 12:38:50 -04:00
Nick Mathewson
206a9726b1 Regenerate trunnel code with trunnel 1.5 2016-10-26 11:06:45 -04:00
Nick Mathewson
a5f07a6c2a More module-level documentation. 2016-10-26 11:02:57 -04:00
Nick Mathewson
04b8af9dc0 Whitespace fixes 2016-10-26 08:39:04 -04:00
Nick Mathewson
8cc528c750 Allow asking a bridge's own descriptor over one-hop connection
When we refactored purpose_needs_anonymity(), we made it so _all_
bridge requests required anonymity.  But that missed the case
that we are allowed to ask a bridge for its own descriptor.

With this patch, we consider the resource, and allow "authority.z"
("your own descriptor, compressed") for a bridge's server descriptor
to be non-anonymous.

Fix for bug 20410; bug not in any released Tor.
2016-10-26 08:32:48 -04:00
Matt Traudt
c09993fdf6 Fix ewma_cmp_cmux never considering policies different 2016-10-25 10:07:05 -04:00
Nick Mathewson
01482e30ad Merge remote-tracking branch 'pastly/ticket20273' 2016-10-24 12:47:29 -04:00
Nick Mathewson
961c8f4838 Module-document dnsserv.c, policies.c, routerkeys.c 2016-10-24 11:47:40 -04:00
Nick Mathewson
e3592cd8b5 html error in doxygen comment in rendservice.c 2016-10-24 10:31:16 -04:00
Nick Mathewson
3a232ef64a Module documentation for config.c and confparse.c 2016-10-24 10:16:46 -04:00