Commit Graph

14934 Commits

Author SHA1 Message Date
Nick Mathewson
1360326588 Do more consistency checks in ed_key_init_from_file()
When there is a signing key and the certificate lists a key, make
sure that the certificate lists the same signing key.

When there are public key and secret key stored in separate files,
make sure they match.

Use the right file name when we load an encrypted secret key and
then find a problem with it.

This is part of 16581.
2015-07-14 11:12:18 -04:00
Nick Mathewson
5e8edba3d8 If loading an ed25519 master key fails with errno != ENOENT, give up.
This implements feature 16582: if we get EMFILE or something when
loading our master key, we should not at that point attempt to
overwrite it.
2015-07-14 10:36:39 -04:00
Nick Mathewson
0a6997d78b Preserve errno when loading encrypted ed25519 keys. 2015-07-14 10:23:07 -04:00
Nick Mathewson
b566cb9e84 Make file-reading and key-reading preserve errno
This is an important part of #16582.
2015-07-14 10:18:52 -04:00
John Brooks
e03eaa3c4a Remove empty rend_service_validate_intro_early function 2015-07-14 02:30:04 -04:00
John Brooks
cdc5debfde Rename ambiguous introduction point functions
Task #15824
2015-07-14 02:29:17 -04:00
Nick Mathewson
b06759edfd Try to convince coverity not to worry about this loop either 2015-07-12 17:01:17 -04:00
Nick Mathewson
7892aff3a8 Try to convince coverity not to worryh about this loop 2015-07-12 17:00:45 -04:00
Nick Mathewson
920c63877c Tell coverity to tolerate ed25519_verify 2015-07-12 16:59:37 -04:00
Nick Mathewson
9d1801b4b9 Bump maint-0.2.6 to 0.2.6.10-dev 2015-07-12 16:37:20 -04:00
Nick Mathewson
19f9803f8e Okay, this time it was my fault 2015-07-12 15:44:43 -04:00
Nick Mathewson
58cd21f601 Fine, mingw! fine! are you happy now?? 2015-07-12 15:30:35 -04:00
Nick Mathewson
7ed477786c This should be the last SecureZeroMemory fix 2015-07-12 15:14:52 -04:00
Nick Mathewson
9f21c85e04 Dammit, autoconf! 2015-07-12 15:02:43 -04:00
Nick Mathewson
d835264690 Disable -Wstack-protector diagnostics in curve25519-donna-helpers.h
This was causing a false positive on our arm builders.
2015-07-12 14:48:48 -04:00
Nick Mathewson
db88d91ebe Nth time is maybe the charm for fixing windows readpassword build errors 2015-07-12 14:34:11 -04:00
Nick Mathewson
3d0c09019f Bump maint-0.2.6 to 0.2.6.10 2015-07-12 13:33:47 -04:00
Nick Mathewson
de397d57c9 note some dead code in set_max_file_descriptors 2015-07-11 16:53:32 -04:00
Nick Mathewson
8507d75c82 Fix a leak in test_microdesc (CID 1311631) 2015-07-11 16:47:25 -04:00
Nick Mathewson
d18215ed16 Try one more one more time to get tor-ci-windows working
Apparently its mingw headers are missing some stuff.
2015-07-10 09:59:29 -04:00
Nick Mathewson
ad0d181854 Attempt yet again to make the tor-ci-windows builder happy 2015-07-10 09:16:32 -04:00
Nick Mathewson
2f8cf524ba Remove the HidServDirV2 and VoteOnHidServDirectoriesV2 options
(Mark them as obsolete)

Closes 16543.
2015-07-10 09:05:26 -04:00
Nick Mathewson
fdf5014d11 Fix missing-macro errors 2015-07-09 16:34:51 -04:00
Nick Mathewson
0ca98c1ee5 Merge branch 'libscrypt_eq_openssl_squashed' 2015-07-09 16:31:42 -04:00
rl1987
5c86708e4d Assert interoperability betweeen libscrypt and OpenSSL EBP_PBE_scrypt().
Add a new and slow unit test that checks if libscrypt_scrypt() and
EBP_PBE_scrypt() yield the same keys from test vectors.

squash! Assert interoperability betweeen libscrypt and OpenSSL EBP_PBE_scrypt().

squash! Assert interoperability betweeen libscrypt and OpenSSL EBP_PBE_scrypt().

squash! Assert interoperability betweeen libscrypt and OpenSSL EBP_PBE_scrypt().
2015-07-09 16:31:19 -04:00
Nick Mathewson
3301b7a1af Repair make dist-check 2015-07-09 13:04:53 -04:00
Nick Mathewson
a6a0759e3a Merge remote-tracking branch 'yawning/feature16467_9663' 2015-07-09 12:53:55 -04:00
Nick Mathewson
327efe9190 Merge branch 'bug4862_027_04_squashed' 2015-07-09 12:05:14 -04:00
David Goulet
5fa280f7ad Fix comments in rendservice.c
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:12 -04:00
David Goulet
7657194d77 Count intro circuit and not only established ones
When cleaning up extra circuits that we've opened for performance reason, we
need to count all the introduction circuit and not only the established ones
else we can end up with too many introduction points.

This also adds the check for expiring nodes when serving an INTRODUCE cell
since it's possible old clients are still using them before we have time to
close them.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:12 -04:00
David Goulet
d67bf8b2f2 Upload descriptor when all intro points are ready
To upload a HS descriptor, this commits makes it that we wait for all
introduction point to be fully established.

Else, the HS ends up uploading a descriptor that may contain intro points
that are not yet "valid" meaning not yet established or proven to work. It
could also trigger three uploads for the *same* descriptor if every intro
points takes more than 30 seconds to establish because of desc_is_dirty
being set at each intro established.

To achieve that, n_intro_points_established varialbe is added to the
rend_service_t object that is incremented when we established introduction
point and decremented when we remove a valid intro point from our list.

The condition to upload a descriptor also changes to test if all intro
points are ready by making sure we have equal or more wanted intro points
that are ready.

The desc_id_dirty flag is kept to be able to still use the
RendInitialPostPeriod option.

This partially fixes #13483.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
David Goulet
1125a4876b Reuse intro points that failed but are still valid
There is a case where if the introduction circuit fails but the node is
still in the consensus, we clean up the intro point and choose an other one.
This commit fixes that by trying to reuse the existing intro point with a
maximum value of retry.

A retry_nodes list is added to rend_services_introduce() and when we remove
an invalid intro points that fits the use case mentionned before, we add the
node to the retry list instead of removing it. Then, we retry on them before
creating new ones.

This means that the requirement to remove an intro point changes from "if no
intro circuit" to "if no intro circuit then if no node OR we've reached our
maximum circuit creation count".

For now, the maximum retries is set to 3 which it completely arbitrary. It
should also at some point be tied to the work done on detecting if our
network is down or not.

Fixes #8239

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
David Goulet
7c7bb8b97e Refactor rend_services_introduce()
The reasoning for refactoring this function is that removing the
introduction point adaptative algorithm (#4862) ended up changing quite a
bit rend_services_introduce(). Also, to fix some open issues (#8239, #8864
and #13483), this work had to be done.

First, this removes time_expiring variable in an intro point object and
INTRO_POINT_EXPIRATION_GRACE_PERIOD trickery and use an expiring_nodes list
where intro nodes that should expire are moved to that list and cleaned up
only once the new descriptor is successfully uploaded. The previous scheme
was adding complexity and arbitrary timing to when we expire an intro point.
We keep the intro points until we are sure that the new descriptor is
uploaded and thus ready to be used by clients. For this,
rend_service_desc_has_uploaded() is added to notify the HS subsystem that
the descriptor has been successfully uploaded. The purpose of this function
is to cleanup the expiring nodes and circuits if any.

Secondly, this adds the remove_invalid_intro_points() function in order to
split up rend_services_introduce() a bit with an extra modification to it
that fixes #8864. We do NOT close the circuit nor delete the intro point if
the circuit is still alive but the node was removed from the consensus. Due
to possible information leak, we let the circuit and intro point object
expire instead.

Finally, the whole code flow is simplified and large amount of documentation
has been added to mostly explain the why of things in there.

Fixes #8864

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
teor
57c61f39a0 Always use the sandbox in tor_open_cloexec
Use the sandbox in tor_open_cloexec, whether or not O_CLOEXEC is defined.
Patch by "teor". Fix on 0.2.3.1-alpha.
2015-07-08 02:17:31 +10:00
Yawning Angel
840e68d917 Integrate and enable ed25519-donna.
The runtime sanity checking is slightly different from the optimized
basepoint stuff in that it uses a given implementation's self tests if
available, and checks if signing/verification works with a test vector
from the IETF EdDSA draft.

The unit tests include a new testcase that will fuzz donna against ref0,
including the blinding and curve25519 key conversion routines.  If this
is something that should be done at runtime (No?), the code can be
stolen from there.

Note: Integrating batch verification is not done yet.
2015-07-06 10:11:10 +00:00
Yawning Angel
f079c27761 Integrate the accelerated Curve25519 scalar basemult.
Integration work scavanged from nickm's `ticket8897_9663_v2` branch,
with minor modifications.  Tor will still sanity check the output but
now also attempts to catch extreme breakage by spot checking the
optimized implementation vs known values from the NaCl documentation.

Implements feature 9663.
2015-07-06 09:57:23 +00:00
Yawning Angel
be113f0bce Add Curve25519->Ed25519 support to ed25519-donna (Not yet used).
This needs to be done to allow for the possibility of removing the
ref10 code at a later date, though it is not performance critical.
When integrated by kludging it into tor, it passes unit tests, and is
twice as fast.
2015-07-06 09:48:00 +00:00
Yawning Angel
b7aa3074fc Add blinding support to ed25519-donna (Not yet used).
Integrating it the "wrong" way into common/crypto_ed25519.c passes
`make check`, and there appear to be some known answer tests for this,
so I assume I got it right.

Blinding a public key goes from 139.10 usec to 70.78 usec using
ed25519-donna (NB: Turboboost/phase of moon), though the code isn't
critical path, so supporting it is mostly done for completeness.
2015-07-06 09:44:43 +00:00
Yawning Angel
0f3eeca9b8 Integrate ed25519-donna (Not yet used).
Integrate ed25519-donna into the build process, and provide an
interface that matches the `ref10` code.  Apart from the blinding and
Curve25519 key conversion, this functions as a drop-in replacement for
ref10 (verified by modifying crypto_ed25519.c).

Tests pass, and the benchmarks claim it is quite a bit faster, however
actually using the code requires additional integration work.
2015-07-06 09:40:28 +00:00
Yawning Angel
7b10741be4 Import Andrew Moon's ed25519-donna.
This is a clean copy of ed25519-donna as of commit:

  8757bd4cd209cb032853ece0ce413f122eef212c

https://github.com/floodyberry/ed25519-donna
2015-07-06 08:00:01 +00:00
teor
128d4a6896 Add chutney performance testing support to src/test/test-network.sh
The following arguments change how chutney verifies the network:
--bytes n             sends n bytes per test connection (10 KBytes)
--connections n       makes n test connections per client (1)
--hs-multi-client 1   makes each client connect to each HS (0)
Requires the corresponding chutney performance testing changes.
Note: using --connections 7 or greater on a HS will trigger #15937.
Patch by "teor".
2015-07-06 16:59:15 +10:00
Nick Mathewson
19440b9e58 Make test_workqueue.c faster, and on-by-default.
Instead of having a 30-second timer be the only way to end the test,
add a 2 second shutdown timer when the test is actually about to be over.
2015-07-03 14:38:14 -04:00
Nick Mathewson
877354a9af Try a little harder to fix the tor-ci-windows builder, or figure out why it is broke 2015-06-29 16:09:37 -04:00
Nick Mathewson
753797391f More tweaks for windows compilation. (ick) 2015-06-29 13:47:44 -04:00
Nick Mathewson
d9052c629b Remove checks for visual C 6. 2015-06-29 12:55:03 -04:00
David Goulet
adc04580f8 Add the torrc option HiddenServiceNumIntroductionPoints
This is a way to specify the amount of introduction points an hidden service
can have. Maximum value is 10 and the default is 3.

Fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
David Goulet
8dcbdf58a7 Remove intro points adaptative algorithm
Partially fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
Nick Mathewson
cc3a791d55 fix a windows unused var warning 2015-06-28 02:18:15 -04:00
Nick Mathewson
f491aed8d0 Whoops; fix linux build again 2015-06-27 22:41:39 -04:00
Nick Mathewson
229bb7e50f Fix some compilation issues. 2015-06-27 14:27:00 -04:00
Nick Mathewson
48f69685f5 Avoid a segfault when reading an encrypted key that isn't there
Patch from cypherpunks. Fixes bug 16449. Bug not in any released tor.
2015-06-27 14:14:13 -04:00
Nick Mathewson
80fb1ef8ba Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-25 11:46:16 -04:00
Nick Mathewson
418b6f8197 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-06-25 11:43:17 -04:00
Nick Mathewson
fd082c394b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-06-25 11:43:04 -04:00
Nick Mathewson
fde4199e1c Merge remote-tracking branch 'karsten/geoip6-jun2015' into maint-0.2.4 2015-06-25 11:42:47 -04:00
Nick Mathewson
cb8c5c023f Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-06-25 11:42:31 -04:00
Nick Mathewson
3149bfc254 Merge branch 'bug16288_027_03_squashed' 2015-06-25 11:30:52 -04:00
David Goulet
699acd8d54 Validate the open file limit when creating a socket
Fixes #16288

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-25 11:30:47 -04:00
Nick Mathewson
bd73168307 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-25 11:14:53 -04:00
Nick Mathewson
1c1d71fe1a Merge remote-tracking branch 'public/bug16013_025' into maint-0.2.6 2015-06-25 11:14:44 -04:00
Nick Mathewson
68eaaed798 Avoid crashing on busy/NEWNYM+hidden service clients
When we ran out of intro points for a hidden service (which could
happen on a newnym), we would change the connection's state back to
"waiting for hidden service descriptor."  But this would make an
assertion fail if we went on to call circuit_get_open_circ_or_launch
again.

This fixes bug 16013; I believe the bug was introduced in
38be533c69, where we made it possible for
circuit_get_open_circ_or_launch() to change the connection's state.
2015-06-25 11:10:43 -04:00
Nick Mathewson
07e1e754f3 Merge branch 'readpassphrase_v2' 2015-06-25 10:53:13 -04:00
Nick Mathewson
272229ff5d Remove janky getpass implementations 2015-06-25 10:52:47 -04:00
Nick Mathewson
a64f2d167e Add a getpass implementation for windows that won't totally suck
The logic here is inspired by Python's win_getpass(), which I'm
assuming is better than nothing.
2015-06-25 10:52:47 -04:00
Nick Mathewson
fce2a15ffb Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-25 10:41:15 -04:00
Nick Mathewson
03e3cf6a7a Merge remote-tracking branch 'public/bug16400_026' into maint-0.2.6 2015-06-25 10:40:58 -04:00
Yawning Angel
3f336966a2 Work around nytimes.com's broken hostnames in our SOCKS checks.
RFC 952 is approximately 30 years old, and people are failing to comply,
by serving A records with '_' as part of the hostname.  Since relaxing
the check is a QOL improvement for our userbase, relax the check to
allow such abominations as destinations, especially since there are
likely to be other similarly misconfigured domains out there.
2015-06-24 13:52:29 +00:00
Nick Mathewson
e0b7598833 Repair breakage in early-error case of microdesc parsing
When I fixed #11243, I made it so we would take the digest of a
descriptor before tokenizing it, so we could desist from download
attempts if parsing failed.  But when I did that, I didn't remove an
assertion that the descriptor began with "onion-key".  Usually, this
was enforced by "find_start_of_next_microdescriptor", but when
find_start_of_next_microdescriptor returned NULL, the assertion was
triggered.

Fixes bug 16400.  Thanks to torkeln for reporting and
cypherpunks_backup for diagnosing and writing the first fix here.
2015-06-22 13:51:56 -04:00
Nick Mathewson
8b35d85088 Merge remote-tracking branch 'dgoulet/rendcache_027_01' 2015-06-19 09:10:03 -04:00
Nick Mathewson
1edaef2adf fix some memory leaks that coverity found 2015-06-19 09:03:34 -04:00
David Goulet
a7624de1aa Move cache objects and functions to rendcache.{c|h}
Every functions and objects that are used for hidden service descriptor
caches are moved to rendcache.{c|h}.

This commit does NOT change anything, just moving code around.

Fixes #16399

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-18 12:56:46 -04:00
David Goulet
33b1a33c33 Add rendcache.{c|h}
For now, rend_cache_entry_t has been moved from or.h to rendcache.h and
those files have been added to the build system.

In the next commit, these will contain hidden service descriptor cache ABI
and API for both client and directory side. The goal is to consolidate the
descriptor caches in one location to ease development, maintenance, review
and improve documentation for each cache behavior and algorithm.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-18 12:56:24 -04:00
Nick Mathewson
583a387c1e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-18 11:33:24 -04:00
Nick Mathewson
f18ee7fc72 Merge remote-tracking branch 'dgoulet/bug16381_026_01-revert' into maint-0.2.6 2015-06-18 11:30:01 -04:00
Nick Mathewson
c2c23d1443 Handle "keygen" if datadir does not yet exist 2015-06-17 13:51:45 -04:00
Nick Mathewson
d3b4214c6e Fix an unchecked-case warning on windows 2015-06-17 11:31:53 -04:00
Nick Mathewson
b9b658e727 Add the openssh 6.8p1 readpassphrase implementation
This way glibc users don't have to fall back to getpass.

Windows users are still out of luck
2015-06-17 10:41:22 -04:00
Nick Mathewson
8d44ce910d Add readpassphrase.c in src/ext
This is taken verbatim from openssh 6.8p1, which appears to have
lightly tweaked it from the openbsd version.
2015-06-17 10:19:40 -04:00
Nick Mathewson
d68133c745 Merge branch '13642_offline_master_v2_squashed' 2015-06-17 10:12:37 -04:00
Nick Mathewson
b6eee531bb Support encrypted offline master keys with a new --keygen flag
When --keygen is provided, we prompt for a passphrase when we make a
new master key; if it is nonempty, we store the secret key in a new
crypto_pwbox.

Also, if --keygen is provided and there *is* an encrypted master key,
we load it and prompt for a passphrase unconditionally.

We make a new signing key unconditionally when --keygen is provided.
We never overwrite a master key.
2015-06-17 10:11:18 -04:00
Nick Mathewson
cbdf2c5d8f Add a tor_getpass to read passphrases. Needs better backend. 2015-06-17 10:11:18 -04:00
David Goulet
a5b5d4bd2e Extend intro point to a 4th hop on cannibalization
Fixes #16260

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-17 09:32:26 -04:00
Nick Mathewson
43a98c7da6 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-17 09:19:11 -04:00
Nick Mathewson
c8cb55659a Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-06-17 09:18:45 -04:00
teor
75388f67c0 Correctly handle failed crypto_early_init
If crypto_early_init fails, a typo in a return value from tor_init
means that tor_main continues running, rather than returning
an error value.

Fixes bug 16360; bugfix on d3fb846d8c in 0.2.5.2-alpha,
introduced when implementing #4900.

Patch by "teor".
2015-06-17 09:18:32 -04:00
David Goulet
8acf5255c2 Revert "Do not replace a HS descriptor with a different replica of itself"
This reverts commit 9407040c59.

Small fix, "e->received" had to be removed since that variable doesn't exist
anymore.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-16 13:41:42 -04:00
teor
8092ae0c4e Document the consensus download interval used by hidden services
In the comments in update_consensus_networkstatus_fetch_time_impl
in networkstatus.c
2015-06-16 03:11:09 +10:00
teor
4079d2e0a5 Fix spacing in tortls.c 2015-06-16 03:10:44 +10:00
Nick Mathewson
130a9c0ac8 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-15 10:19:46 -04:00
Nick Mathewson
59fa0c2d99 Fix another seccomp2 issue
Allow pipe() and pipe2() syscalls; we need these when eventfd2()
support is missing. Fixes bug 16363; bugfix on 0.2.6.3-alpha.  Patch
from "teor".
2015-06-15 10:13:11 -04:00
Nick Mathewson
aab7d666cd Add a log message to try to track down #16013 2015-06-11 09:55:47 -04:00
teor
e870f6285d Fix clang address of struct member always non-NULL in SSL master key
clang complains that the address of struct member in an assert in
SSL_SESSION_get_master_key is always non-NULL.
Instead, check each pointer argument is non-NULL before using it.

Fix on f90a704f12 from 27 May 2015, not in any released version of tor.
2015-06-11 01:06:15 +10:00
Andrea Shepard
1eb2c0cbd3 Bump version to 0.2.6.9 2015-06-10 15:02:04 +00:00
Karsten Loesing
08e14e1448 Update geoip6 to the June 3 2015 database. 2015-06-09 16:28:48 +02:00
Karsten Loesing
e5907e94c2 Update geoip to the June 3 2015 database. 2015-06-09 16:26:10 +02:00
Nick Mathewson
c0c0a6085e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-08 10:33:38 -04:00
David Goulet
6785f0b65a HSDir flag now requires the Stable flag
Fixes #8243
2015-06-08 10:28:35 -04:00
Nick Mathewson
2f67a6e8c9 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-04 15:02:47 -04:00
Yawning Angel
f2ff814582 Set session_group after the port's data structure has been populated.
Fixes #16247, patch by "jojelino".
2015-06-04 13:53:35 +00:00
Nick Mathewson
e48f8e5e87 Merge remote-tracking branch 'public/bug15760_hard_026_v2' 2015-06-02 15:08:14 -04:00