Commit Graph

16343 Commits

Author SHA1 Message Date
Nick Mathewson
a8d6989589 Whitespace fixes 2016-02-10 15:35:46 -05:00
Nick Mathewson
9746aed2ba Another automated rename.
Also simplify crypto_common_digests() to have no loop.
2016-02-10 15:32:12 -05:00
Nick Mathewson
8a4bba06d2 Rename crypto_digest_all, and digests_t.
They are no longer "all" digests, but only the "common" digests.

Part of 17795.

This is an automated patch I made with a couple of perl one-liners:

  perl -i -pe 's/crypto_digest_all/crypto_common_digests/g;' src/*/*.[ch]
  perl -i -pe 's/\bdigests_t\b/common_digests_t/g;' src/*/*.[ch]
2016-02-10 15:28:19 -05:00
Andrea Shepard
ae0f858602 Properly detach circuits from cmuxes when calling circuit_free_all() on shutdown again 2016-02-10 05:35:03 +00:00
Andrea Shepard
3014bfb61b Appease make check-spaces 2016-02-10 02:20:59 +00:00
Nick Mathewson
92048a1b43 Add missing consts; my fault. 2016-02-08 08:34:18 -05:00
Nick Mathewson
9f6589d65a Merge branch 'decorated_ipv6_directory_send_command_squashed' 2016-02-08 08:33:28 -05:00
Malek
061586e36c decorated ipv6 address for directory send command 2016-02-08 08:33:18 -05:00
Nick Mathewson
d004f06830 fix wide lines, use more locals. 2016-02-08 08:31:31 -05:00
Harini Kannan
c30be5a82d Using router_get_my_routerinfo() 2016-02-07 16:07:35 -05:00
Peter Palfrader
42e131e9ac Fix a segfault during startup
If unix socket was configured as listener (such as a ControlSocket or a
SocksPort unix socket), and tor was started as root but not configured
to switch to another user, tor would segfault while trying to string
compare a NULL value.  Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch
by weasel.
2016-02-06 22:17:02 +01:00
Nick Mathewson
2d879bd39f Document port_out argument to tor_addr_from_sockaddr 2016-02-06 15:34:47 -05:00
Nick Mathewson
0f5f6b8a41 Merge remote-tracking branch 'yawning/bug18221' 2016-02-06 15:30:22 -05:00
Nick Mathewson
b645e2f2b0 Merge remote-tracking branch 'alec/dead_code_removal' 2016-02-06 15:08:49 -05:00
Alec Heifetz
6852868b4a Removed dead code in main.c 2016-02-06 14:41:31 -05:00
Nick Mathewson
31a27729b9 Fix spaces. 2016-02-06 14:00:24 -05:00
Nick Mathewson
03371e3d3c Merge branch 'cleaned_aes_crypt' 2016-02-06 13:54:09 -05:00
Malek
a9cd291753 Removed aes_crypt, left only aes_crypt_inplace. Removed should_use_openssl_CTR, was used for openssl 1.0.0 bug. 2016-02-06 13:38:11 -05:00
Hassan Alsibyani
edd93f9de8 changing output of crypto_cipher_crypt_inplace from int to void 2016-02-06 12:14:39 -05:00
Sebastian Hahn
55d6fd27cb Fix the --disable-asserts-in-tests configure option 2016-02-05 14:40:07 +01:00
Nick Mathewson
1f5cdf2b6c Merge branch 'maint-0.2.7' 2016-02-05 08:13:47 -05:00
Nick Mathewson
d920cbb82c Merge branch 'maint-0.2.6' into maint-0.2.7 2016-02-05 08:13:35 -05:00
Nick Mathewson
44ad3be221 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-02-05 08:13:24 -05:00
Nick Mathewson
f06d9a9cef Merge branch 'maint-0.2.4' into maint-0.2.5 2016-02-05 08:13:13 -05:00
teor (Tim Wilson-Brown)
add8acf428 Avoid calling log functions in logv when SMARTLIST_DEBUG is defined 2016-02-05 14:14:17 +11:00
teor (Tim Wilson-Brown)
db72b509d1 Check that the log mutex is initialised before trying to lock or unlock it 2016-02-05 14:08:58 +11:00
Nick Mathewson
6149703089 Bump to 0.2.8.1-alpha-dev 2016-02-04 18:24:20 -05:00
Nick Mathewson
af116081f9 Make the no-assertions-during-coverage check into a configure option
Closes ticket 18242.

The rationale here is that I like having coverage on by default in my
own working directory, but I always want assertions turned on unless
I'm doing branch coverage specifically.
2016-02-04 12:51:52 -05:00
Nick Mathewson
c595f6d25e Add an assertion to tor_libevent_get_base()
Closes ticket 18241.
2016-02-04 12:37:00 -05:00
Nick Mathewson
1bac468882 Fix two problems in the 0.2.8.x unit tests
1. We were sometimes using libevent uninitialized, which is Not Allowed.

2. The malformed-PTR dns test was supposed to get a -1 output... but
   the test was wrong, since it forgot that in-addr.arpa addresses
   are in reverse order.

Bugs not in any released tor.
2016-02-04 12:30:48 -05:00
Nick Mathewson
5da517e689 Bump version. (This is not yet the release.) 2016-02-04 10:07:06 -05:00
Karsten Loesing
d5ac79e056 Update geoip and geoip6 to the February 2 2016 database. 2016-02-04 08:53:24 +01:00
Nick Mathewson
fa52b6f075 Make tortls unit tests pass with LibreSSL.
Part of the fix for 17921.
2016-02-03 11:31:57 -05:00
Nick Mathewson
c1c3e45eab Make crypto/rng_engine test pass on libressl. Bug not in any released tor. 2016-02-03 11:18:16 -05:00
Nick Mathewson
27582325dc Make Tor build happily with OpenSSL master and libressl.
Also tested with 1.0.0t and 1.0.2f.

Closes ticket 19784.

Closes most of 17921. (Still need to make some tests pass.)
2016-02-03 11:13:12 -05:00
teor (Tim Wilson-Brown)
c213f277cd Make bridge clients prefer the configured bridge address
When ClientPreferIPv6ORPort is auto, bridges prefer the configured
bridge ORPort address. Otherwise, they use the value of the option.
Other clients prefer IPv4 ORPorts if ClientPreferIPv6ORPort is auto.

When ClientPreferIPv6DirPort is auto, all clients prefer IPv4 DirPorts.
2016-02-03 23:56:19 +11:00
teor (Tim Wilson-Brown)
b316c87bc9 Make bridge clients prefer the configured bridge address
When ClientPreferIPv6ORPort is auto, bridges prefer the configured
bridge ORPort address. Otherwise, they use the value of the option.
Other clients prefer IPv4 ORPorts if ClientPreferIPv6ORPort is auto.

When ClientPreferIPv6DirPort is auto, all clients prefer IPv4 DirPorts.
2016-02-03 23:52:39 +11:00
Yawning Angel
c625ab9f5a Validate the DH parameters for correctness.
We use sensible parameters taken from common sources, and no longer
have dynamic DH groups as an option, but it feels prudent to have
OpenSSL validate p and g at initialization time.
2016-02-02 22:03:48 +00:00
teor (Tim Wilson-Brown)
92b1c3b604 Update ExitPolicy when interface addresses change
Tor exit relays reject local interface addresses in their exit policy.

Make sure those policies are updated when interface addresses change.
2016-02-02 15:05:59 +11:00
Nick Mathewson
b860f82d56 Treat bt_test.py failures as "SKIP" on freebsd.
Closes #18204.
2016-02-01 14:11:45 -05:00
Nick Mathewson
c6fa55d2da Bitwise negate is ~, not !.
Spotted by coverity; bug in tests only, not in any released Tor.

This is CID 1351128
2016-02-01 13:12:58 -05:00
Nick Mathewson
7631cffbcc Fix warnings from check-spaces 2016-02-01 10:24:13 -05:00
Nick Mathewson
ac7e43d30a Redux: don't expect unix sockets to be accepted on windows 2016-02-01 10:21:11 -05:00
Nick Mathewson
49442b5e67 Don't expect unix sockets to be accepted on Windows
Fixes failures in test_config.c; bug not in any released tor.
2016-02-01 09:57:54 -05:00
Nick Mathewson
f4ac44c9f2 Merge branch 'options_validate_second_round_cleaned' 2016-02-01 09:52:11 -05:00
teor (Tim Wilson-Brown)
e3da5ad6e3 Replace incorrect use of snprintf in unit tests with tor_snprintf
This avoids a potential out of bounds write.
2016-02-01 09:50:43 -05:00
teor (Tim Wilson-Brown)
f7b2ae91e9 Make all unit tests independent of log message order and count 2016-02-01 09:50:43 -05:00
teor (Tim Wilson-Brown)
dbb5819e96 Report malformed options in options_validate unit tests 2016-02-01 09:50:42 -05:00
Ola Bini
fe92e9bb96 Add a helper to search for strings in the log, and change option tests to use this helper instead of looking at specific indices in the log list 2016-02-01 09:50:42 -05:00
Nick Mathewson
4cd93a6a59 Merge branch 'maint-0.2.7'
(We already had a fix for the address test freebsd issues)
2016-02-01 09:41:45 -05:00
Nick Mathewson
7d1fe7c9e7 Try to fix address tests on FreeBSD
In jails, there is not always a localhost.

Bugfix not on any released Tor.
2016-02-01 09:38:31 -05:00
teor (Tim Wilson-Brown)
1dae4dac12 Add unit tests for ClientUseIPv[4,6] and ClientPreferIPv6[OR,Dir]Port 2016-02-01 09:15:07 +11:00
teor (Tim Wilson-Brown)
26f68a771c Report malformed options in options_validate unit tests 2016-02-01 09:11:16 +11:00
teor (Tim Wilson-Brown)
13db39b856 Fix existing options_validate unit tests for ClientUseIPv4 2016-02-01 09:10:52 +11:00
Ola Bini
8627a40fba Add a helper to search for strings in the log, and change option tests to use this helper instead of looking at specific indices in the log list 2016-02-01 09:09:44 +11:00
Nick Mathewson
5f7df92571 Remove support for unsigned time_t
We've never actually tested this support, and we should probably assume
it's broken.

To the best of my knowledge, only OpenVMS has this, and even on
OpenVMS it's a compile-time option to disable it.  And I don't think
we build on openvms anyway.  (Everybody else seems to be working
around the 2038 problem by using a 64-bit time_t, which won't expire
for roughly 292 billion years.)

Closes ticket 18184.
2016-01-29 09:18:59 -05:00
teor (Tim Wilson-Brown)
c4cb4706c9 Merge branch 'feature17840-v11-squashed' into feature17840-v11-merged
Conflicts:
	src/or/directory.c
	src/test/test_routerlist.c

Fix minor conflicts.
2016-01-29 07:37:06 +11:00
teor (Tim Wilson-Brown)
73fc67bc89 Tor2Web: tell extend_info_from_node intro point connections are direct 2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
1401117ff2 Return NULL from extend_info_from_node if the node has no allowed address
Modify callers to correctly handle these new NULL returns:
* fix assert in onion_extend_cpath
* warn and discard circuit in circuit_get_open_circ_or_launch
* warn, discard circuit, and tell controller in handle_control_extendcircuit
2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
77a9de0d48 Automatically use IPv6 when ClientUseIPv4 is 0
Consequential changes to log messages:
  * it's no longer possible to disable both IPv4 and IPv6,
  * refactor common string out of remaining log messages
2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
3a00215c35 Minor whitespace-only fix 2016-01-29 07:16:05 +11:00
teor (Tim Wilson-Brown)
4db5a35e66 Consistently format addresses in node_get_address_string
Also, don't write to a buffer with length zero.
2016-01-29 07:16:05 +11:00
teor (Tim Wilson-Brown)
772577b547 Optimise reachability checks when iterating through relay lists
Skip address checks on servers.

Skip allowed-only address checks on non-bridge clients with IPv4.
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
e991d642ec Add firewall_is_fascist_dir()
Refactor common parts of firewall_is_fascist_or().
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
3b8216f215 Use fascist firewall and ClientUseIPv4 for bridge clients
Bridge clients ignore ClientUseIPv6, acting as if it is always 1.
This preserves existing behaviour.

Make ClientPreferIPv6OR/DirPort auto by default:
 * Bridge clients prefer IPv6 by default.
 * Other clients prefer IPv4 by default.
This preserves existing behaviour.
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
4528f89316 Make entry_guard_set_status consistent with entry_is_live
Check fascist_firewall_allows_node in entry_guard_set_status and
return the same message as entry_is_live.
2016-01-29 07:15:53 +11:00
teor (Tim Wilson-Brown)
1648666203 Choose bridge addresses by IPv4/IPv6 preferences 2016-01-29 07:15:53 +11:00
teor (Tim Wilson-Brown)
c3cc8e16e9 Log when IPv4/IPv6 restrictions or preferences weren't met 2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
e72cbf7a4e Choose directory servers by IPv4/IPv6 preferences
Add unit tests, refactor pick_directory functions.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
268608c0a0 Choose OR Entry Guards using IPv4/IPv6 preferences
Update unit tests.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
2d33d192fc Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options
ClientUseIPv4 0 tells tor to avoid IPv4 client connections.
ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections.

Refactor policy for IPv4/IPv6 preferences.

Fix a bug where node->ipv6_preferred could become stale if
ClientPreferIPv6ORPort was changed after the consensus was loaded.

Update documentation, existing code, add unit tests.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
4460feaf28 Fix *_get_all_orports to use ipv6_orport
node_get_all_orports and router_get_all_orports incorrectly used or_port
with IPv6 addresses. They now use ipv6_orport.

Also refactor and remove duplicated code.
2016-01-29 07:13:56 +11:00
Nick Mathewson
39b597c2fd Restrict the meaning of digests_t to sha1+sha256.
This saves CPU and RAM when handling consensuses and x509 certs.

Closes ticket 17795; bug not in any released tor.
2016-01-27 13:10:17 -05:00
Nick Mathewson
bca7083e82 avoid integer overflow in and around smartlist_ensure_capacity.
This closes bug 18162; bugfix on a45b131590, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
2016-01-27 12:32:41 -05:00
Nick Mathewson
1a022525f7 attempt to fix crashes in unit tests 2016-01-27 09:42:08 -05:00
Nick Mathewson
39a86185c8 Correct further grammatical errors in tor comments
Avoid using a pronoun where it makes comments unclear.
Avoid using gender for things that don't have it.
Avoid assigning gender to people unnecessarily.
2016-01-27 08:51:28 -05:00
Nick Mathewson
42dea56363 Merge remote-tracking branch 'teor/bug18145' 2016-01-26 10:01:34 -05:00
teor (Tim Wilson-Brown)
4339fa5609 Replace "Alice" with "the client" in a hidden service log message 2016-01-26 13:49:16 +11:00
teor (Tim Wilson-Brown)
fb939ed82e Replace Alice/Bob with client/service in hidden service comments 2016-01-26 13:48:31 +11:00
teor (Tim Wilson-Brown)
7a4b4f0c3a Correct grammatical errors in tor log messages
Avoid using gender for things that don't have it.
2016-01-26 13:47:23 +11:00
teor (Tim Wilson-Brown)
c927b6cb1a Correct grammatical errors in tor comments
Avoid using gender for things that don't have it.

Avoid assigning a gender to tor users.
2016-01-26 13:46:54 +11:00
Nick Mathewson
0010b8064e Fix redundant-declaration warning 2016-01-22 09:53:42 -05:00
Nick Mathewson
cbed61d128 Merge remote-tracking branch 'twstrike/parse_port_config_tests' 2016-01-21 12:15:39 -05:00
Nick Mathewson
ae3d2a93f0 Merge remote-tracking branch 'twstrike/options_test' 2016-01-19 20:14:18 -05:00
Ola Bini
32946e2c96
Make sure that tests for domain sockets only run on OSes with domain sockets 2016-01-19 11:14:41 -05:00
Ola Bini
3e738211d4
Use correct u64 int ops instead of regular int ops, in order to avoid warnings on 32bit clang 2016-01-19 11:11:01 -05:00
Nick Mathewson
f557a7f327 Merge branch 'maint-0.2.7' 2016-01-19 08:30:48 -05:00
Nick Mathewson
534a0ba59b Merge branch 'maint-0.2.6' into maint-0.2.7 2016-01-19 08:30:39 -05:00
Nick Mathewson
e2efa9e321 Refine the memwipe() arguments check for 18089 a little more.
We still silently ignore
     memwipe(NULL, ch, 0);
and
     memwipe(ptr, ch, 0);  /* for ptr != NULL */

But we now assert on:
     memwipe(NULL, ch, 30);
2016-01-19 08:28:58 -05:00
Nick Mathewson
7b6d7aae09 Merge branch 'fallbacks-0281-squashed' 2016-01-18 20:16:05 -05:00
teor (Tim Wilson-Brown)
ab3c86479a Add default fallback directories for the 0.2.8 alpha releases
Allow fallback directories which have been stable for 30 days
to work around #18050, which causes relays to submit descriptors
with 0 DirPorts when restarted. (Particularly during Tor version
upgrades.)

Ignore low fallback directory count in alpha builds.
2016-01-18 20:15:59 -05:00
Nick Mathewson
ab58f60321 Merge branch 'maint-0.2.7' 2016-01-18 20:03:28 -05:00
Nick Mathewson
8335b1f9a9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-01-18 20:00:16 -05:00
teor (Tim Wilson-Brown)
db81565331 Make memwipe() do nothing when passed a NULL pointer or zero size
Check size argument to memwipe() for underflow.

Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
2016-01-18 19:58:07 -05:00
Nick Mathewson
0ace22ef6d Merge remote-tracking branch 'origin/maint-0.2.7' 2016-01-18 19:52:34 -05:00
Nick Mathewson
83dfcfbc4a Merge remote-tracking branch 'teor/bug18050' into maint-0.2.7 2016-01-18 19:51:57 -05:00
teor (Tim Wilson-Brown)
6094a886cf Check ORPort and DirPort reachability before publishing a relay descriptor
Otherwise, relays publish a descriptor with DirPort 0 when the DirPort
reachability test takes longer than the ORPort reachability test.

Closes bug #18050. Reported by "starlight", patch by "teor".
Bugfix on 0.1.0.1-rc, commit a1f1fa6ab on 27 Feb 2005.
2016-01-18 14:00:29 +11:00
Nick Mathewson
da4dbb29b7 Fix some leaks in the unit tests. 2016-01-15 11:45:19 -05:00
Nick Mathewson
f6ea7a6258 Make the new directory tests build and run again.
Had to disable a couple.

Also add changes file for 17003.
2016-01-15 11:20:14 -05:00
Nick Mathewson
537214d10e Merge remote-tracking branch 'twstrike/directory-tests' 2016-01-15 11:08:22 -05:00
Nick Mathewson
f47d4af04c Whitespace cleanup 2016-01-15 10:57:03 -05:00
Nick Mathewson
00b13cb091 Merge remote-tracking branch 'twstrike/options_test' 2016-01-15 10:52:27 -05:00
Ola Bini
1722232d78
Update tests to match current changes to options_validate 2016-01-13 10:54:08 -05:00
Ola Bini
6d5215fd19
Move clearing of log messages on advice from @cypherpunks, in order to minimize risk of race conditions leading to another memory leak 2016-01-13 10:35:49 -05:00
Ola Bini
5c1c117b8e
Revert my addition of callback cleaner and instead use existing functionality for temporary log files 2016-01-13 10:35:06 -05:00
Ola Bini
0bfa616e2e
Remove a small memory leak in log callback setup 2016-01-13 10:35:05 -05:00
Ola Bini
ce953b864b
Fix memory leaks 2016-01-13 10:35:05 -05:00
Ola Bini
f2a7a83626
Fix all white space issues 2016-01-13 10:34:24 -05:00
Ola Bini
1a3fcda0a3
Fix some issues in gcc warnings 2016-01-13 10:32:09 -05:00
Ola Bini
5edd431d92
Add tests for options_act 2016-01-13 10:31:13 -05:00
Fergus Dall
d748c193e1 Include square brackets and port number in calcs for max_dl_per_request 2016-01-13 18:05:52 +10:30
Fergus Dall
91077d3aca Update the limits in max_dl_per_request for IPv6 address length 2016-01-13 06:57:24 +10:30
Ola Bini
fcd7923a96
Fix remaining memory leaks 2016-01-12 12:33:05 -05:00
Ola Bini
ee39869f67
Fix some memory leaks 2016-01-12 12:14:34 -05:00
Ola Bini
b24a16e56e
Make it compile with gcc-warnings turned on 2016-01-12 11:53:07 -05:00
Nick Mathewson
3074b8365f Add another safe_str_client to fix bug 17419 2016-01-12 10:42:01 -05:00
Fergus Dall
9e5a6f0293 Stop log_heartbeat test from failing in timezones with non-integer offsets
Instead of comparing the end of the time string against a constant,
compare it to the output of format_local_iso_time when given the
correct input.
2016-01-12 22:01:46 +10:30
Nick Mathewson
16840e52e5 Make the touch_file unit test work around FS/system time sync issues
Sometimes you can call time() and then touch a file, and have the
second come out a little before the first.  See #18025 for way more
information than you necessarily wanted.
2016-01-11 10:03:00 -05:00
Nick Mathewson
1d6dd288e1 Try a little harder to only use SecureZeroMemory when it's present
We could be using AC_CHECK_FUNC_DECL too, but it shouldn't be needed.
2016-01-11 09:02:42 -05:00
Nick Mathewson
d10ea49588 Merge remote-tracking branch 'rl1987/feature17950' 2016-01-11 08:54:51 -05:00
rl1987
fd26c1d994 Re-add the removed address family check. 2016-01-09 15:03:54 +01:00
Nick Mathewson
95f5910810 Merge branch 'unixninja_ticket15989_squashed' 2016-01-08 15:52:22 -08:00
unixninja92
4f0e28977d Added AccountRule in and AccountingRule out options 2016-01-08 15:52:10 -08:00
Nick Mathewson
5b5abd8c03 Merge commit '110765f5564a588c5f019d32b5e6f66cc7806c41' 2016-01-08 15:08:28 -08:00
Nick Mathewson
a1019b82c1 Merge remote-tracking branch 'public/feature16794_more' 2016-01-08 14:54:51 -08:00
cypherpunks
4c10a9c445 Simplify micro-revision dependency rules
The Automake variable OBJEXT is automatically adjusted to the correct
object file extension for the target platform.
2016-01-08 13:27:36 -08:00
rl1987
fb373a9ef6 On win32, use SecureZeroMemory() to securely wipe buffers.
{Also tweak the comments. -nickm)
2016-01-07 14:25:31 -08:00
Nick Mathewson
3783046f3b Use memset_s or explicit_bzero when available. 2016-01-07 12:53:24 -08:00
Nick Mathewson
8d6aafbb4a Merge remote-tracking branch 'teor/comments-20151213' 2016-01-07 12:50:10 -08:00
dana koch
be841f77aa Compatibility defines should be used for LibreSSL.
LibreSSL doesn't use OpenSSL_version (it uses the older SSLeay_version
API), but it reports a major version number as 2 in
OPENSSL_VERSION_NUMBER. Instead of fudging the version check, for now,
let's just check if we're using LibreSSL by checking the version number
macro exists, and use compatibility defines unconditionally when we
detect LibreSSL.
2016-01-07 12:48:59 -08:00
Nick Mathewson
62bc4a199a Fix #18012 harder. 2016-01-07 09:58:48 -08:00
Nick Mathewson
77bc95cb5e Merge remote-tracking branch 'public/17826_redux' 2016-01-07 09:52:09 -08:00
Nick Mathewson
55232e32c7 Merge branch 'maint-0.2.7' 2016-01-07 09:43:24 -08:00
Nick Mathewson
b34c5c6b8a Merge branch 'maint-0.2.6' into maint-0.2.7
Conflicts:
	src/or/config.c
2016-01-07 09:43:12 -08:00
Nick Mathewson
c7b0cd9c2f Merge branch 'maint-0.2.5' into maint-0.2.6 2016-01-07 09:41:36 -08:00
Nick Mathewson
9ca329581a Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2016-01-07 09:40:23 -08:00
teor (Tim Wilson-Brown)
11f63d26ac Update dannenberg's V3 authority identity fingerprint
This new identity key was changed on 18 November 2015.
2016-01-07 09:39:04 -08:00
Nick Mathewson
b5ce332958 Try to fix windows test build (#18012) 2016-01-07 09:25:44 -08:00
Nick Mathewson
5ba7b1a74d Merge remote-tracking branch 'gtank/feature16774-squashed' 2016-01-07 09:20:03 -08:00
Nick Mathewson
37b0d27a34 Merge branch 'maint-0.2.7' 2016-01-07 09:14:31 -08:00
Nick Mathewson
d9b11d05e8 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-01-07 09:14:15 -08:00
Nick Mathewson
400df18688 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-01-07 09:14:05 -08:00
Nick Mathewson
ae223138fb Merge branch 'maint-0.2.4' into maint-0.2.5 2016-01-07 09:13:54 -08:00
Karsten Loesing
1496056c12 Update geoip and geoip6 to the January 5 2016 database. 2016-01-07 11:10:37 +01:00
George Tankersley
3bc45f2628 Add FallbackDir list to GETINFO config/defaults 2016-01-06 11:22:30 -08:00
rl1987
110765f556 Use get_interface6_via_udp_socket_hack() properly in _list().
When _list() is called with AF_UNSPEC family and fails to enumerate
network interfaces using platform specific API, have it call
_hack() twice to find out IPv4 and/or IPv6 address of a machine Tor
instance is running on. This is correct way to handle this case
because _hack() can only be called with AF_INET and AF_INET6 and
does not support any other address family.
2016-01-06 14:47:35 +01:00
rl1987
680d0701e5 Tweak ioctl case. 2016-01-06 11:47:31 +01:00
Nick Mathewson
7660471054 Unit tests for getpw* functions 2016-01-03 09:00:30 -08:00
Nick Mathewson
c941240f32 clean up the "skip this util test on windows" logic. 2016-01-03 08:47:14 -08:00
Nick Mathewson
8aa9ee73da Add a test for touch_file 2016-01-03 08:37:14 -08:00
Nick Mathewson
de8110fba2 Explicitly test our get/set_uint{8,16,32,64}. 2016-01-03 08:27:54 -08:00
Nick Mathewson
a8749ea9fd Test another codepath in inet_ntop 2016-01-03 08:27:44 -08:00
rl1987
44497e9ebc Add family argument to get_interface_addresses_raw (and subfunctions). 2016-01-03 15:35:45 +01:00
teor (Tim Wilson-Brown)
ce5406b71a Fix a comment typo in main.c 2016-01-03 17:34:42 +11:00
teor (Tim Wilson-Brown)
3a24364a69 Fix typos in microdesc_t and node_t comments 2016-01-03 17:34:42 +11:00
teor (Tim Wilson-Brown)
1949908d13 Fix a typo in the comment for tor_addr_port_split 2016-01-03 17:34:41 +11:00
Nick Mathewson
603110aa1d Merge branch 'feature17796_squashed' 2015-12-29 09:48:39 -05:00
Nick Mathewson
a12c5f462f Remove the (now-unused) digest_algorithm_bitfield_t 2015-12-29 09:47:04 -05:00
Nick Mathewson
488cdee5e7 When allocating a crypto_digest_t, allocate no more bytes than needed
Previously we would allocate as many bytes as we'd need for a
keccak--even when we were only calculating SHA1.

Closes ticket 17796.
2015-12-29 09:47:04 -05:00
Nick Mathewson
bc2cd0ff2b Use timingsafe_memcmp() where available.
See ticket 17944; patch from "logan".
2015-12-29 09:43:01 -05:00
Nick Mathewson
263f6d11fd Mark all object files built based on micro-revision.i as depending on it
Fixes make -j for some users; fixes bug 17826.

Bugfix on 0.2.5.1, when we started building testing versions of all
the object files.
2015-12-26 13:43:13 -05:00
Nick Mathewson
6365859825 Disable the dynlock functions we were giving openssl.
OpenSSL doesn't use them, and fwict they were never called. If some
version of openssl *does* start using them, we should test them before
we turn them back on.

See ticket 17926
2015-12-23 09:58:36 -05:00
Nick Mathewson
d7c841f467 Unit tests for crypto_force_rand_ssleay().
Part of 16794.
2015-12-23 09:58:08 -05:00
Nick Mathewson
b18f533cf0 Always test both ed25519 backends.
Part of #16794
2015-12-23 09:16:26 -05:00
Nick Mathewson
45f5e59751 Remove extra quotes from log message
Bug 17843; fix on ddc65e2b
2015-12-22 10:31:26 -05:00
Nick Mathewson
4ec0f8531e Add an unreachable line to make the compiler happy 2015-12-22 10:27:04 -05:00
Nick Mathewson
f2a5df252f whoops; really fix the 32-bit builds 2015-12-21 13:10:10 -05:00
Nick Mathewson
8ede8d411a Fix a couple of jenkins issues from 12538. 2015-12-21 12:32:20 -05:00
Nick Mathewson
62f97545e4 Merge remote-tracking branch 'public/bug12538_merged' 2015-12-21 07:30:32 -05:00
Nick Mathewson
bb19799a49 Appease "make check-spaces" 2015-12-20 15:00:20 -05:00
Nick Mathewson
2d9c38ea72 Repair "make distcheck". 2015-12-20 14:57:27 -05:00
Nick Mathewson
7b0cbf22c0 Merge remote-tracking branch 'yawning/feature17783_take2' 2015-12-20 14:10:52 -05:00
Yawning Angel
081b159abc Add the randomized large buffer test for SHA-3 incremental hashing.
This creates a random 100 KiB buffer, and incrementally hashes
(SHA3-512) between 1 and 5 * Rate bytes in a loop, comparing the running
digest with the equivalent one shot call from the start of the buffer.
2015-12-20 07:11:20 +00:00
Yawning Angel
9467485517 Add crypto_xof_t and assorted routines, backed by SHAKE256.
This is an eXtendable-Output Function with the following claimed
security strengths against *all* adversaries:

 Collision: min(d/2, 256)
 Preimage: >= min(d, 256)
 2nd Preimage: min(d, 256)

 where d is the amount of output used, in bits.
2015-12-19 22:45:21 +00:00
Yawning Angel
687f9b3bd7 Add the SHA-3 hash functions to common/crypto.h.
* DIGEST_SHA3_[256,512] added as supported algorithms, which do
   exactly what is said on the tin.
 * test/bench now benchmarks all of the supported digest algorithms,
   so it's possible to see just how slow SHA-3 is, though the message
   sizes could probably use tweaking since this is very dependent on
   the message size vs the SHA-3 rate.
2015-12-19 22:44:05 +00:00
Yawning Angel
5356eba6ca Use tor specific headers and memwipe() instead of memset_s(), and build.
This is where things get tor specific.  It's just replacing stdint.h
and memset_s with the tor compat code so going back is trivial...
2015-12-19 22:34:39 +00:00
Yawning Angel
18685df031 Expose an incremental API in addition to the one-shot routines.
The digest routines use init/update/sum, where sum will automatically
copy the internal state to support calculating running digests.

The XOF routines use init/absorb/squeeze, which behave exactly as stated
on the tin.
2015-12-19 22:34:39 +00:00
Yawning Angel
e993003792 Clean import of keccak-tiny (https://github.com/coruus/keccak-tiny)
As of commit: 64b6647514212b76ae7bca0dea9b7b197d1d8186
2015-12-18 20:32:10 +00:00
Nick Mathewson
f0a4282e9a fix routerlist/pick_directory_server_impl in light of 12538 2015-12-18 14:10:03 -05:00
Nick Mathewson
f5f35e9009 Fix config/directory_fetch after 12538 merge 2015-12-18 13:36:41 -05:00
Nick Mathewson
a6c9fcc486 Fix nodelist/node_is_dir test wrt 12538. 2015-12-18 13:24:23 -05:00
Nick Mathewson
c4fb7ad034 Merge branch 'feature12538_028_01_squashed' 2015-12-18 13:16:49 -05:00
Nick Mathewson
14c9b99051 mark a variable unused to fix a warning. 2015-12-18 13:16:40 -05:00
David Goulet
ea6f88478c Use dir_server_mode() in find_dl_schedule()
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-12-18 13:14:10 -05:00
Nick Mathewson
0c8e042c30 Restore semantics of advertise vs serve on directory cacheing
When we are low on accounted bandwidth, we stop advertising that
we're a directory, but we will continue to answer directory
requests, just as before.
2015-12-18 13:14:10 -05:00
Nick Mathewson
54406f78b8 Change dataflow on generating 'dir-cache' flag.
Convention is that router_dump_router_to_string() should look at its
input "router", which should be generated by
router_build_fresh_descirptor().
2015-12-18 13:14:10 -05:00
Matthew Finkel
6a5528356f Assert rs are added in con and con_md tests 2015-12-18 13:14:10 -05:00
Matthew Finkel
185c93c954 Automatically generate md-con method vers in test 2015-12-18 13:14:10 -05:00
Matthew Finkel
21654ca7bd Let make_consensus_method_list be used in tests 2015-12-18 13:14:10 -05:00
Matthew Finkel
fb80a748ea A router must be a dir cache before it may be HSDir
Fixes #15801
2015-12-18 13:14:09 -05:00
Matthew Finkel
3007de8efc {dis,en}abling DirCache is a semantic change 2015-12-18 13:14:09 -05:00
Matthew Finkel
d49ad438a8 Rebuild descriptor when DirCache is {dis,en}abled 2015-12-18 13:14:09 -05:00
Matthew Finkel
997f779a7f Add new DirCache configuration option
This will give relay operators the ability of disabling the caching of
directory data. In general, this should not be necessary, but on some
lower-resource systems it may beneficial.
2015-12-18 13:14:09 -05:00
Matthew Finkel
e0bd6cdef2 Add unit test for router_pick_directory_server_impl 2015-12-18 13:14:09 -05:00
Matthew Finkel
0a7d22a664 Client should check if dir server has open dir port or handles tunnelled requests
Final piece of prop 237. Closes 12538.
2015-12-18 13:14:09 -05:00
cypherpunks
59e5bf7e2a Remove an extra space in backtrace version string 2015-12-18 13:09:05 -05:00
cypherpunks
4c55ccbe95 Fix a memory leak in the backtrace test 2015-12-18 13:09:05 -05:00
cypherpunks
afc5af3f00 Log the backtrace when the backtrace test fails 2015-12-18 13:09:04 -05:00
Nick Mathewson
0c5d8d9a4f Move some more code inside a tortls.c ifdef to fix deadcode warning. 2015-12-18 11:11:42 -05:00
Nick Mathewson
4ede2decad Fix an unreached null-pointer deref in connection tests
This is CID 1343603
2015-12-18 10:35:25 -05:00
Nick Mathewson
9b1c491ec6 Fix a buffer overrun in connection tests.
This is CID 1343601.
2015-12-18 10:32:50 -05:00
Nick Mathewson
498897e33d Fix a coverity uninitialized-pointer warning in policy tests.
This is CID 1340255
2015-12-18 10:29:27 -05:00
Nick Mathewson
428e2b7636 Fix a coverity NULL-pointer deref warning in the DNS tests.
This is CID 1340251
2015-12-18 10:27:30 -05:00
Nick Mathewson
6b5b1a02d4 Fix a coverity NULL-pointer deref warning in the tortls tests.
Also, make our cert validation code more NULL-resistant.

This is CID 1327891.
2015-12-18 10:25:15 -05:00
Nick Mathewson
2e99371eb9 Looks like I added one X509_free too many :( 2015-12-18 10:20:14 -05:00
Nick Mathewson
9e2c4ee557 Fix some dead code in tortls.c
If SSL_CIPHER_find exists, then we won't use either of the two
kludges that would replace it.

Found by Coverity; fixes CID 1340256.
2015-12-18 10:04:01 -05:00
Nick Mathewson
4604b3ab19 Fix a null-pointer deref when writing geoip stats
Found by coverity; CID 1327892.
2015-12-18 10:00:44 -05:00
Nick Mathewson
2e74d182b2 Fix remaining memory leaks in unit tests. 2015-12-18 09:58:14 -05:00
cypherpunks
6598581d81 Add zlib path when linking the switch_id test 2015-12-18 08:42:16 -05:00
Nick Mathewson
f96d191cf3 Merge branch '17752_again' 2015-12-17 16:31:56 -05:00
Nick Mathewson
8585cc57f8 Merge branch 'maint-0.2.7' 2015-12-17 14:57:16 -05:00
Nick Mathewson
2cbaf39af4 Add some more ed25519 key files to the seccomp sandbox list
Fixes bug 17675; bugfix on 0.2.7.3-alpha.
2015-12-17 14:56:24 -05:00
Nick Mathewson
f1be33fc00 Another try at fixing 17752
I believe that the final SMARTLIST_DEL_CURRENT was sometimes
double-removing items that had already been removed by
connection_mark_unattached_ap or
connection_ap_handshake_attach_circuit().

The fix here is to prevent iteration over the list that other
functions might be modifying.
2015-12-17 12:30:13 -05:00
cypherpunks
54d9632cdd Fix unused variable errors 2015-12-17 12:18:07 -05:00
Nick Mathewson
4bb72a4d12 Return 77 means "skipped" 2015-12-17 08:36:31 -05:00
cypherpunks
759e6f8afb Improve warning message
The user parameter is not checked so we do not know the user has been
specified.
2015-12-17 08:34:27 -05:00
cypherpunks
9d5e47d2d7 Add missing parentheses 2015-12-17 08:34:27 -05:00
cypherpunks
fd399ec850 Remove Windows specific data type usage
The Tor code base already contains usage of setsockopt(2) with an int as
their option value without problems.
2015-12-17 08:34:27 -05:00
cypherpunks
2d2312d989 Conform to the type signature of setsockopt(2)
According to the POSIX standard the option value is a pointer to void
and the option length a socklen_t. The Windows implementation makes the
option value be a pointer to character and the option length an int.

Casting the option value to a pointer to void conforms to the POSIX
standard while the implicit cast to a pointer to character conforms to
the Windows implementation.

The casts of the option length to the socklen_t data type conforms to
the POSIX standard. The socklen_t data type is actually an alias of an
int so it also conforms to the Windows implementation.
2015-12-17 08:34:27 -05:00
cypherpunks
596f9a4b4c Use a Windows specific socket error code 2015-12-17 08:34:27 -05:00
cypherpunks
46694f2862 Do not run switch_id test on Windows 2015-12-17 08:34:27 -05:00
Nick Mathewson
b9714e1366 Merge remote-tracking branch 'teor/fix-multi-dir' 2015-12-16 20:04:49 -05:00
teor (Tim Wilson-Brown)
1b70497948 Prop210: Fix directory fetch tests
Check that directory fetches behave as expected under Prop 210.
2015-12-17 11:40:49 +11:00
teor (Tim Wilson-Brown)
e7e61ec7ec Prop210: Check fallback directories and authorities work as expected
Also clarify comments.
2015-12-17 11:39:40 +11:00
teor (Tim Wilson-Brown)
9882a88b74 Prop210: Only clients benefit from multiple consensus downloads
Anything that's a server can afford to wait for a few minutes.
(Except for bridge relays, which act like clients.)
2015-12-17 11:38:24 +11:00
Nick Mathewson
e6be486aea More emergency-check code for un-removed pending entry conns
This might also be what #17752 needs.
2015-12-16 19:16:07 -05:00
Nick Mathewson
24fcb6adbb Add an edge_about_to_close() call to ap_about_to_close().
Fixes #17876
2015-12-16 18:52:34 -05:00
Nick Mathewson
613e0e1c1a Move pending-connection code into connection_ap_about_to_close
It is AP-specific, so that's where it belongs.  This shouldn't have
caused a bug, but due to #17876, we were never actually calling
connection_edge_about_to_close from connection_ap_about_to_close,
causing bug #17874 (aka bug #17752).
2015-12-16 18:49:23 -05:00
Matthew Finkel
1ceb7142a1 A relay now advertises "tunnelled-dir-server" in its descriptor
When a relay does not have an open directory port but it has an
orport configured and is accepting client connections then it can
now service tunnelled directory requests, too. This was already true
of relays with an dirport configured.

We also conditionally stop advertising this functionality if the
relay is nearing its bandwidth usage limit - same as how dirport
advertisement is determined.

Partial implementation of prop 237, ticket 12538
2015-12-16 16:16:01 +01:00
Matthew Finkel
467d0919d2 Authorities must set a router's V2Dir flag if it supports tunnelled reqs
Partial implementation of prop 237, ticket 12538
2015-12-16 16:15:41 +01:00
Nick Mathewson
3317cd3a1f Merge branch 'maint-0.2.7' 2015-12-16 09:24:40 -05:00
Nick Mathewson
33b5bfb948 Don't call pthread_condattr_setclock() unless it exists
Fixes bug 17819; bugfix on 0.2.6.3-alpha (specifically, d684dbb0).
2015-12-16 09:23:44 -05:00
Nick Mathewson
a5da27cb35 Merge branch 'maint-0.2.7' 2015-12-16 09:07:11 -05:00
Nick Mathewson
784e9fff9b ... and fix another backtrace_symbols_fd call in sandbox.c 2015-12-16 09:05:49 -05:00
Nick Mathewson
e0aa4f837c ... and fix the linux backtrace_symbols{,_fd} calls 2015-12-16 09:05:18 -05:00
Nick Mathewson
9d17d10b36 tweak router_parse_addr_policy_item_from_string docs 2015-12-16 08:49:32 -05:00
Nick Mathewson
bb23ad3e47 Merge remote-tracking branch 'teor/feature17863' 2015-12-16 08:48:28 -05:00
Nick Mathewson
10e442ba93 Merge remote-tracking branch 'teor/feature17864' 2015-12-16 08:41:20 -05:00
Nick Mathewson
a03469aa85 More debugging code to try to track down #17659 2015-12-16 08:37:40 -05:00
Nick Mathewson
a4ca2ef1ff Add some assertions to try to catch #17752 2015-12-16 08:24:54 -05:00
Nick Mathewson
c4df0c9f52 ... and fix the linux backtrace_symbols{,_fd} calls 2015-12-16 08:20:53 -05:00
teor (Tim Wilson-Brown)
978210d5a8 Wait for busy authorities/fallbacks rather than ignoring excluded nodes
Applies the 6c443e987d fix to router_pick_directory_server_impl.

6c443e987d applied to directory servers chosen from the consensus,
and was:
"Tweak the 9969 fix a little

If we have busy nodes and excluded nodes, then don't retry with the
excluded ones enabled. Instead, wait for the busy ones to be nonbusy."
2015-12-16 09:07:11 +11:00
teor (Tim Wilson-Brown)
e2e09a2dbe Warn when comparing against an AF_UNSPEC address in a policy
It produces unexpected results, and it's most likely a bug.
2015-12-16 08:51:59 +11:00
teor (Tim Wilson-Brown)
ce92335214 Add policy assume_action support for IPv6 addresses
These IPv6 addresses must be quoted, because : is the port separator,
and "acce" is a valid hex block.

Add unit tests for assumed actions in IPv6 policies.
2015-12-16 08:51:35 +11:00
teor (Tim Wilson-Brown)
cd0a5db5e9 Initialise malformed_list to 0 each time we parse a policy 2015-12-16 08:51:34 +11:00
teor (Tim Wilson-Brown)
e54e71fb6b Limit IPv6 mask bits to 128 2015-12-16 08:51:34 +11:00
Nick Mathewson
6ba8afe5f8 Merge remote-tracking branch 'teor/feature15775-fallback-v9-squashed' 2015-12-15 14:04:00 -05:00
Nick Mathewson
a56fb58d6e Fix some memory leaks in the unit tests 2015-12-15 14:00:08 -05:00
teor
4c1c2a313d Add Fallback Directory Candidate Selection Script
"Tor has included a feature to fetch the initial consensus from nodes
 other than the authorities for a while now. We just haven't shipped a
 list of alternate locations for clients to go to yet.

 Reasons why we might want to ship tor with a list of additional places
 where clients can find the consensus is that it makes authority
 reachability and BW less important.

 We want them to have been around and using their current key, address,
 and port for a while now (120 days), and have been running, a guard,
 and a v2 directory mirror for most of that time."

Features:
* whitelist and blacklist for an opt-in/opt-out trial.
* excludes BadExits, tor versions that aren't recommended, and low
  consensus weight directory mirrors.
* reduces the weighting of Exits to avoid overloading them.
* places limits on the weight of any one fallback.
* includes an IPv6 address and orport for each FallbackDir, as
  implemented in #17327. (Tor won't bootstrap using IPv6 fallbacks
  until #17840 is merged.)
* generated output includes timestamps & Onionoo URL for traceability.
* unit test ensures that we successfully load all included default
  fallback directories.

Closes ticket #15775. Patch by "teor".
OnionOO script by "weasel", "teor", "gsathya", and "karsten".
2015-12-16 05:54:40 +11:00
Nick Mathewson
efc8b2dbbf clean whitespace 2015-12-15 13:22:41 -05:00
Nick Mathewson
aa4be914f0 Merge remote-tracking branch 'teor/feature17327-v4' 2015-12-15 13:19:18 -05:00
Nick Mathewson
aba39ea390 Merge branch 'feature8195_small_squashed' 2015-12-15 13:11:06 -05:00
Nick Mathewson
405a8d3fb4 Update KeepCapabilities based on comments from asn
* The option is now KeepBindCapabilities
* We now warn if the user specifically asked for KeepBindCapabilities
  and we can't deliver.
* The unit tests are willing to start.
* Fewer unused-variable warnings.
* More documentation, fewer misspellings.
2015-12-15 13:10:57 -05:00
Nick Mathewson
fd0c6671d1 Add unit tests for switch_id(), including tests for capabilities 2015-12-15 13:10:57 -05:00
Nick Mathewson
e8cc839e41 Add ability to keep the CAP_NET_BIND_SERVICE capability on Linux
This feature allows us to bind low ports when starting as root and
switching UIDs.

Based on code by David Goulet.

Implement feature 8195
2015-12-15 13:10:57 -05:00
Nick Mathewson
744958e0dd Fix a few compilation warnings and errors 2015-12-15 13:03:21 -05:00
Nick Mathewson
a7d44731d9 Merge remote-tracking branch 'teor/feature4483-v10-squashed' 2015-12-15 12:57:57 -05:00
teor (Tim Wilson-Brown)
d72af1085a Prop210: Add router_digest_is_fallback_dir
router_digest_is_fallback_dir returns 1 if the digest is in the
currently loaded list of fallback directories, and 0 otherwise.

This function is for future use.
2015-12-16 04:37:59 +11:00
teor (Tim Wilson-Brown)
2212530bf5 Prop210: Close excess connections once a consensus is downloading
Once tor is downloading a usable consensus, any other connection
attempts are not needed.

Choose a connection to keep, favouring:
* fallback directories over authorities,
* connections initiated earlier over later connections

Close all other connections downloading a consensus.
2015-12-16 04:37:59 +11:00
teor (Tim Wilson-Brown)
35bbf2e4a4 Prop210: Add schedules for simultaneous client consensus downloads
Prop210: Add attempt-based connection schedules

Existing tor schedules increment the schedule position on failure,
then retry the connection after the scheduled time.

To make multiple simultaneous connections, we need to increment the
schedule position when making each attempt, then retry a (potentially
simultaneous) connection after the scheduled time.

(Also change find_dl_schedule_and_len to find_dl_schedule, as it no
longer takes or returns len.)

Prop210: Add multiple simultaneous consensus downloads for clients

Make connections on TestingClientBootstrapConsensus*DownloadSchedule,
incrementing the schedule each time the client attempts to connect.

Check if the number of downloads is less than
TestingClientBootstrapConsensusMaxInProgressTries before trying any
more connections.
2015-12-16 04:37:49 +11:00
Nick Mathewson
54433993c7 Merge branch 'feature17576-UseDefaultFallbackDirs-v2-squashed' 2015-12-15 12:19:08 -05:00
teor (Tim Wilson-Brown)
080ae03ee4 Add UseDefaultFallbackDirs for hard-coded directory mirrors
UseDefaultFallbackDirs enables any hard-coded fallback
directory mirrors. Default is 1, set it to 0 to disable fallbacks.

Implements ticket 17576.
Patch by "teor".
2015-12-15 12:19:01 -05:00
teor (Tim Wilson-Brown)
d3546aa92b Prop210: Add want_authority to directory_get_from_dirserver 2015-12-16 04:03:45 +11:00
teor (Tim Wilson-Brown)
df0c135d62 Prop210: Refactor connection_get_* to produce lists and counts 2015-12-16 04:02:12 +11:00
Nick Mathewson
fec5aa75f4 Merge branch 'maint-0.2.7' 2015-12-15 11:55:46 -05:00
cypherpunks
07cca627ea Fix backtrace compilation on FreeBSD
On FreeBSD backtrace(3) uses size_t instead of int (as glibc does). This
causes integer precision loss errors when we used int to store its
results.

The issue is fixed by using size_t to store the results of backtrace(3).

The manual page of glibc does not mention that backtrace(3) returns
negative values. Therefore, no unsigned integer wrapping occurs when its
result is stored in an unsigned data type.
2015-12-15 11:52:00 -05:00
cypherpunks
62c4d3880f Remove eventdns specific inline definition
The header includes compat.h which already defines inline.
2015-12-15 11:34:00 -05:00
cypherpunks
e91ccbb4f6 Remove obsolete INLINE preprocessor definition
The INLINE keyword is not used anymore in favor of inline.

Windows only supports __inline so an inline preprocessor definition is
still needed.
2015-12-15 11:34:00 -05:00
cypherpunks
824a6a2a90 Replace usage of INLINE with inline
This patch was generated using;

  sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
2015-12-15 11:34:00 -05:00
Nick Mathewson
9a179ff751 Merge branch 'maint-0.2.7' 2015-12-14 15:45:54 -05:00
cypherpunks
254d63dabe Use TESTS_ENVIRONMENT for older Automake versions
The AM_TESTS_ENVIRONMENT variable is available since Automake v1.12 but
some distributions have older Automake versions so we use
TESTS_ENVIRONMENT.
2015-12-14 15:45:23 -05:00
Nick Mathewson
39b2f2d35e Merge branch 'maint-0.2.7' 2015-12-14 13:21:16 -05:00
cypherpunks
01a9575ad0 Use variables instead of substitutions
Using variables removes the ambiguity about when to use variables and
when to use substitutions. Variables always work. Substitutions only
work when Autoconf knows about them which is not always the case.

The variables are also placed between quotes to ensures spaces in the
variables are handled properly.
2015-12-14 13:11:20 -05:00
cypherpunks
670affa792 Only setup environment variables for tests
Using the AM_TESTS_ENVIRONMENT variable ensures the environment
variables are only set during test execution and not during the
compilation phase.
2015-12-14 13:11:20 -05:00
teor (Tim Wilson-Brown)
60fc2b2539 Add IPv6 addresses & orports to the default directory authorities
Source: Globe entries for each authority.
2015-12-14 23:46:47 +11:00
teor (Tim Wilson-Brown)
1c2366ea43 Authorities on IPv6: minor fixes and unit tests
Update the code for IPv6 authorities and fallbacks for function
argument changes.

Update unit tests affected by the function argument changes in
the patch.

Add unit tests for authority and fallback:
 * adding via a function
 * line parsing
 * adding default authorities
(Adding default fallbacks is unit tested in #15775.)
2015-12-14 23:46:47 +11:00
Nick Mathewson
85003f4c80 Add a new ipv6=address:orport flag to DirAuthority and FallbackDir
Resolves # 6027
2015-12-14 23:43:50 +11:00
Nick Mathewson
f3ed5ec0ca Fix a pair of dead assignments 2015-12-11 09:35:43 -05:00
Nick Mathewson
a807bb781b Whitespace fix 2015-12-10 20:04:04 -05:00
Nick Mathewson
4b0e9fff27 Fix wide line; log why chmod failed. 2015-12-10 20:03:37 -05:00
Nick Mathewson
01334589f1 Simplify cpd_opts usage. 2015-12-10 20:02:22 -05:00
Jamie Nguyen
dcbfe46cd6 Defer creation of Unix socket until after setuid 2015-12-10 20:00:06 -05:00
Jamie Nguyen
ec4ef68271 Introduce DataDirectoryGroupReadable boolean 2015-12-10 20:00:06 -05:00
Jamie Nguyen
08c7ceb5df Permit filesystem group to be root 2015-12-10 20:00:06 -05:00
Arlo Breault
d68b7fd442 Refactor clock skew warning code to avoid duplication 2015-12-10 19:54:11 -05:00
Nick Mathewson
aa40f28962 bump to 0.2.7.6-dev 2015-12-10 14:24:55 -05:00
Nick Mathewson
4d13cc69ce make stack-protector happy 2015-12-10 11:50:02 -05:00
Nick Mathewson
7fb19f1ca8 bump maint version to 0.2.7.6 2015-12-10 10:04:59 -05:00
Nick Mathewson
390d3fa3af add a static 2015-12-10 09:43:55 -05:00
Nick Mathewson
ce3b7ddb54 improve a comment in memwipe 2015-12-10 09:03:47 -05:00
Nick Mathewson
7186e2a943 Merge remote-tracking branch 'public/feature17694_strongest_027' 2015-12-10 09:02:10 -05:00
cypherpunks
7e7188cb00 Assert when the TLS contexts fail to initialize 2015-12-10 08:50:40 -05:00
Nick Mathewson
6102efbee2 Merge remote-tracking branch 'teor/fix-exitpolicy-leak' 2015-12-09 16:25:17 -05:00
Nick Mathewson
631e3517e3 Mark a couple more arguments as unused. 2015-12-09 11:58:32 -05:00
cypherpunks
91ab2ac5aa Assert that memory held by rephist is freed
The internal memory allocation and history object counters of the
reputation code can be used to verify the correctness of (part of) the
code. Using these counters revealed an issue where the memory allocation
counter is not decreased when the bandwidth arrays are freed.

A new function ensures the memory allocation counter is decreased when a
bandwidth array is freed.

This commit also removes an unnecessary cast which was found while
working on the code.
2015-12-09 11:31:17 -05:00
Nick Mathewson
b3eba8ef12 Merge branch 'refactor-effective-entry' 2015-12-09 11:05:41 -05:00
Nick Mathewson
580d788b3f Tweak policies_log_first_redundant_entry even more
* Use smartlist_foreach_begin/end instead of a plain for loop.
  * constify the pointers.
2015-12-09 11:04:57 -05:00
Nick Mathewson
db433b8dc3 Tweak policies_log_first_redundant_entry more.
* Since the variable is no longer modified, it should be called
     'policy' instead of 'dest'.  ("Dest" is short for
     "destination".)
   * Fixed the space issue that dgoulet found on the ticket.
   * Fixed the comment a little. (We use the imperative for function
     documentation.)
2015-12-09 11:02:15 -05:00
Nick Mathewson
caff665309 Merge remote-tracking branch 'teor/first-hop-no-private' 2015-12-09 10:47:59 -05:00
cypherpunks
c76059ec9b Assert that the directory server digest is given
This prevents a possible crash when memory is copied from a pointer to
NULL.
2015-12-09 10:22:26 -05:00
cypherpunks
fbdd32ebe9 Mention the expected length of the digests
Some functions that use digest maps did not mention that the digests are
expected to have DIGEST_LEN bytes. This lead to buffer over-reads in the
past.
2015-12-09 10:22:26 -05:00
cypherpunks
0a97a3095b Remove unnecessary casting 2015-12-09 10:22:26 -05:00
cypherpunks
c94aa4573a Fix buffer over-reads in the rendcache tests
The hidden service descriptor cache (rendcache) tests use digest maps
which expect keys to have a length of DIGEST_LEN.

Because the tests use key strings with a length lower than DIGEST_LEN,
the internal copy operation reads outside the key strings which leads to
buffer over-reads.

The issue is resolved by using character arrays with a size of
DIGEST_LEN.

Patch on ade5005853.
2015-12-09 10:22:26 -05:00
cypherpunks
3d0d2a511c Fix buffer over-reads in the directory tests
The tests pass empty digest strings to the dir_server_new function which
copies it into a directory server structure. The copy operation expects
the digest strings to be DIGEST_LEN characters long.

Because the length of the empty digest strings are lower than
DIGEST_LEN, the copy operation reads outside the digest strings which
leads to buffer over-reads.

The issue is resolved by using character arrays with a size of
DIGEST_LEN.

Patch on 4ff08bb581.
2015-12-09 10:22:26 -05:00
Nick Mathewson
3843c6615c Small cleanups and comment fixes to rng functions. 2015-12-09 09:15:57 -05:00
Nick Mathewson
3a69fcb01f try a little harder with getrandom types to avoid warnings 2015-12-09 08:31:29 -05:00
Nick Mathewson
0df014edad mark a variable unused. 2015-12-08 17:17:17 -05:00
David Goulet
4a7964b3bc Don't allow a rendezvous point to have a private address
When an HS process an INTRODUCE2 cell, we didn't validate if the IP address
of the rendezvous point was a local address. If it's the case, we end up
wasting resources by trying to extend to a local address which fails since
we do not allow that in circuit_extend().

This commit now rejects a rendezvous point that has a local address once
seen at the hidden service side unless ExtendAllowPrivateAddresses is set.

Fixes #8976

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-12-08 15:57:12 -05:00
Nick Mathewson
b701b7962b Fix comment switcheroo. Spotted by skruffy 2015-12-08 12:53:51 -05:00
Nick Mathewson
9ce431f032 Fix spaces. 2015-12-08 12:37:36 -05:00
Nick Mathewson
7f074e08d8 Merge branch 'feature13696_squashed' 2015-12-08 12:35:26 -05:00
Yawning Angel
353c71516e Add support for getrandom() and getentropy() when available
Implements feature #13696.
2015-12-08 12:34:53 -05:00
Nick Mathewson
2259de0de7 Always hash crypto_strongest_rand() along with some prng
(before using it for anything besides feeding the PRNG)

Part of #17694
2015-12-08 10:54:42 -05:00
Nick Mathewson
252149e8b4 Merge branch 'maint-0.2.7' 2015-12-08 10:23:56 -05:00
Nick Mathewson
c6a337557a Merge branch 'maint-0.2.6' into maint-0.2.7 2015-12-08 10:23:41 -05:00
Nick Mathewson
1adc2bf66f Merge branch 'maint-0.2.5' into maint-0.2.6 2015-12-08 10:20:21 -05:00
Nick Mathewson
c3d11b119d Merge branch 'maint-0.2.4' into maint-0.2.5 2015-12-08 10:20:14 -05:00
Arlo Breault
5138f5ca69 Ensure node is a guard candidate when picking a directory guard 2015-12-08 09:49:01 -05:00
Nick Mathewson
4328525770 Merge branch 'maint-0.2.4' into maint-0.2.5 2015-12-08 09:38:48 -05:00
Nick Mathewson
b0867fec96 Fix a compilation warning introduced by clang 3.6
There was a dead check when we made sure that an array member of a
struct was non-NULL.  Tor has been doing this check since at least
0.2.3, maybe earlier.

Fixes bug 17781.
2015-12-08 09:37:05 -05:00
cypherpunks
95c03b29de Fix memory leak by circuit marked for close list
This commit fixes a memory leak introduced by commit
8b4e5b7ee9.
2015-12-08 08:52:10 -05:00
Nick Mathewson
1321608786 Merge branch 'maint-0.2.7' 2015-12-08 08:45:09 -05:00
Nick Mathewson
e9bf584694 Format IPv6 policies correctly.
Previously we'd suppressed the mask-bits field in the output when
formatting a policy if it was >=32.  But that should be a >=128 if
we're talking about IPv6.

Since we didn't put these in descriptors, this bug affects only log
messages and controller outputs.

Fix for bug 16056.  The code in question was new in 0.2.0, but the
bug was introduced in 0.2.4 when we started supporting IPv6 exits.
2015-12-08 08:44:58 -05:00
cypherpunks
4ae555face Fix memory leak in ntor test 2015-12-08 08:28:27 -05:00
Nick Mathewson
79fdfd5231 Merge remote-tracking branch 'teor/exitpolicy-multicast' 2015-12-07 10:23:30 -05:00
Nick Mathewson
f727ebcba8 Merge remote-tracking branch 'teor/comments-20151204' 2015-12-07 10:13:20 -05:00
Nick Mathewson
0ec6757091 Merge branch 'maint-0.2.7' 2015-12-07 10:11:54 -05:00
Nick Mathewson
9c66afe772 Merge branch 'maint-0.2.6' into maint-0.2.7 2015-12-07 10:11:21 -05:00
Nick Mathewson
089ee13534 Merge branch 'maint-0.2.5' into maint-0.2.6 2015-12-07 10:10:44 -05:00
Nick Mathewson
e8e89fd7a1 Merge branch 'maint-0.2.4' into maint-0.2.5 2015-12-07 10:10:21 -05:00
teor (Tim Wilson-Brown)
329aa59e43 Comment-only change to connection_get_by_type_addr_port_purpose
connection_get_by_type_addr_port_purpose also ignores connections
that are marked for close.
2015-12-07 16:13:07 +11:00
teor (Tim Wilson-Brown)
b7525c39bf Comment-only changes to connection_connect
port is in host order (addr is tor_addr_t, endianness is abstracted).

addr and port can be different to conn->addr and conn->port if
connecting via a proxy.
2015-12-07 16:10:37 +11:00
teor (Tim Wilson-Brown)
3461bcb10e Move a comment in router_get_my_descriptor to the correct line 2015-12-07 16:10:37 +11:00
teor (Tim Wilson-Brown)
fb3e862b86 Update comment: get_connection_array no longer takes "n" 2015-12-07 16:10:37 +11:00
teor (Tim Wilson-Brown)
021958934f Consistently ignore multicast in internal reject private exit policies
Consistently ignore multicast addresses when automatically
generating reject private exit policies.

Closes ticket 17763. Bug fix on 10a6390deb,
not in any released version of Tor. Patch by "teor".
2015-12-07 14:46:19 +11:00
teor (Tim Wilson-Brown)
bca4095b93 Make policies_log_first_redundant_entry take a const smartlist_t *
Also fixup code style.
2015-12-06 21:34:52 +11:00
teor (Tim Wilson-Brown)
ba5053b45d Refactor policies_parse_exit_policy_internal
Move logging of redundant policy entries in
policies_parse_exit_policy_internal into its own function.

Closes ticket 17608; patch from "juce".
2015-12-06 21:32:09 +11:00
teor (Tim Wilson-Brown)
bb32c29986 Initialise configured_addresses to a known value (NULL) 2015-12-06 20:24:45 +11:00
cypherpunks
16bec0dfd9 Fix a memory leak in the exit policy parsing code
This memory leak only occurs when the Tor instance is not an exit node.

Fixes code introduced in 10a6390deb.
2015-12-06 20:24:07 +11:00
Karsten Loesing
dbb919cf94 Update geoip and geoip6 to the December 1 2015 database. 2015-12-05 17:02:59 +01:00
Jeremy
b3639c8291 src/common/compat.c:tor_vasprintf() - vsnprintf() was properly checked but tor_vsnprintf() available so why not use it? 2015-12-01 13:00:58 -05:00
Jeremy
86a5305d46 ext/eventdns.c multiple replacements of snprintf() with tor_snprintf() which always null terminates and returns -1 if result is truncated. 2015-12-01 12:29:08 -05:00
Jeremy
fcc6541fde src/common/compat.c:tor_vasprintf() - changed vsnprintf() to tor_vsnprintf() which ensures string is null terminated. 2015-12-01 12:27:29 -05:00
Nick Mathewson
ee5337e904 Merge branch 'maint-0.2.7' 2015-11-30 22:03:00 -05:00
cypherpunks
be0891667e Fix undefined behavior caused by memory overlap
The tor_cert_get_checkable_sig function uses the signing key included in
the certificate (if available) when a separate public key is not given.

When the signature is valid, the tor_cert_checksig function copies the
public key from the checkable structure to the public key field of the
certificate signing key.

In situations where the separate public key is not given but the
certificate includes a signing key, the source and destination pointers
in the copy operation are equal and invoke undefined behavior.

Undefined behaviour is avoided by ensuring both pointers are different.
2015-11-30 22:02:22 -05:00
teor (Tim Wilson-Brown)
7ff18cc1b6 Avoid relying on malloc internals in test_rend_cache_purge.
Closes ticket 17724. Bug fix on ade5005853 and 5e9f2384cf,
not in any released version of Tor. Patch by "teor".
2015-12-01 10:50:14 +11:00
Nick Mathewson
0a701e5377 More fixes/debugging attempts for 17659 2015-11-27 12:54:57 -05:00
Nick Mathewson
a33e9f208a Add a stack trace for help debugging one part of 17659 2015-11-27 12:11:51 -05:00
Nick Mathewson
85a48d5e47 Merge branch 'fix-policies-memory-v2-squashed' 2015-11-27 11:54:52 -05:00
cypherpunks
8ce70fcbf3 Fix memory leak in policies test 2015-11-27 11:54:47 -05:00
teor (Tim Wilson-Brown)
3f83ea84c7 Fix use-after-free of stack memory in getinfo_helper_policies 2015-11-27 11:54:47 -05:00
teor (Tim Wilson-Brown)
7a6ed3e65e Fix use-after-free of stack memory in policies_parse_exit_policy*
Change the function names & comments to make the copying explicit.
2015-11-27 11:54:47 -05:00
Nick Mathewson
eedef41944 use sockaddr_storage for stack-allocated sockets in ersatz socketpair 2015-11-27 11:52:59 -05:00
Nick Mathewson
f108be7c25 Make SIZEOF_SOCKADDR return socklen_t to avoid bad compares. 2015-11-27 11:48:54 -05:00
Nick Mathewson
a45aacd2e2 Use uint16_t, not in_port_t (which does not exist on Windows). See #17638. 2015-11-27 11:39:03 -05:00
Nick Mathewson
5665775e8c Check magic number in connection_ap_attach_pending 2015-11-27 11:21:51 -05:00
Nick Mathewson
0c7bfb206e improve log messages to try to track down #17659 2015-11-26 12:44:12 -05:00
teor (Tim Wilson-Brown)
fc264975b1 Unit test the full length of SHA256 and SHA512 digests
Bugfix on a tor version before the refactoring in git commit
cea1225199 (23 Sep 2009). Patch by "teor".
2015-11-27 02:25:31 +11:00
Nick Mathewson
09e0ae0588 Merge remote-tracking branch 'teor/rand-failure-modes-v2' 2015-11-26 10:05:38 -05:00
Nick Mathewson
0285054189 Fix buffer size in sha512 unit test
Nobody likes a stack overflow, even in unit tests.

Closes 17699; but not in any released tor.
2015-11-26 10:00:12 -05:00
Nick Mathewson
fe46fffd98 Fix test_tortls.c to no longer test failing crypto_rand.
(crypto_rand is no longer allowed to fail.)

Closes bug 17686; bug not in any released tor.  (No backport, since
the tortls tests aren't in 0.2.7)
2015-11-26 09:34:44 -05:00
teor (Tim Wilson-Brown)
b0e6010861 Correctly free a smartlist in getinfo_helper_policies 2015-11-26 09:32:33 -05:00
teor (Tim Wilson-Brown)
155fa2dbdb Add unit tests that check for common RNG failure modes
Check that crypto_rand doesn't return all zeroes, identical values,
or incrementing values (OpenSSL's rand_predictable feature).
2015-11-26 21:27:05 +11:00
Nick Mathewson
e5754c42d1 Merge branch 'bug17686_v2_027' 2015-11-25 22:33:49 -05:00
Nick Mathewson
1cfa2bc859 Fix documentation for crypto_rand* 2015-11-25 22:29:59 -05:00
Nick Mathewson
ddcbe26474 Now that crypto_rand() cannot fail, it should return void. 2015-11-25 22:29:59 -05:00
Nick Mathewson
10fdee6285 Add crypto-initializer functions to those whose return values must be checked 2015-11-25 22:29:59 -05:00
Nick Mathewson
dedea28c2e Make crypto_seed_rng() and crypto_rand() less scary.
These functions must really never fail; so have crypto_rand() assert
that it's working okay, and have crypto_seed_rng() demand that
callers check its return value.  Also have crypto_seed_rng() check
RAND_status() before returning.
2015-11-25 22:29:59 -05:00
Nick Mathewson
c875265bbb Merge remote-tracking branch 'teor/check-crypto-errors-v2' 2015-11-25 22:28:12 -05:00
teor (Tim Wilson-Brown)
e14f9dd44f fixup! Add controller getinfo exit-policy/reject-private
Stop ignoring ExitPolicyRejectPrivate in getinfo
exit-policy/reject-private. Fix a memory leak.

Set ExitPolicyRejectPrivate in the unit tests, and make a mock
function declaration static.
2015-11-25 22:26:10 -05:00
teor (Tim Wilson-Brown)
b1b8f7982e Check the return value of HMAC in crypto.c and assert on error
Fixes bug #17658; bugfix on commit in fdbb9cdf74 (11 Oct 2011)
in tor version 0.2.3.5-alpha-dev.
2015-11-26 10:46:36 +11:00
Nick Mathewson
289b184e11 Merge branch 'bug17654_try1' 2015-11-25 12:25:44 -05:00
cypherpunks
c59c622d85 Initialize libevent before periodic events
The initialization of libevent interferes with other tests so we also
fork the circuit_timeout test.
2015-11-25 09:38:46 -05:00
teor (Tim Wilson-Brown)
a09e7cd31a fixup! Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relays
Fix unit tests for get_interface_address6_list to assume less
about the interface addresses on the system.

Instead, mock get_interface_address6_list and use the mocked
function to provide a range of address combinations.
2015-11-25 09:31:27 -05:00
Nick Mathewson
fe8eb9b366 Merge remote-tracking branch 'public/decouple_dir_request_failed' 2015-11-25 09:21:25 -05:00
Nick Mathewson
dce708d11c Fix a logic error in connection_tls_continue_handshake().
(If we take the branch above this assertion, than we *didn't* have a
v1 handshake.  So if we don't take the branch, we did.  So if we
reach this assertion, we must be running as a server, since clients
no longer attempt v1 handshakes.)

Fix for bug 17654; bugfix on 9d019a7db7.

Bug not in any released Tor.
2015-11-25 09:17:44 -05:00
Nick Mathewson
45caeec9a0 Merge remote-tracking branch 'teor/comments-20151123' 2015-11-25 09:08:15 -05:00
Nick Mathewson
7194d3d957 Tweak gtank's sha512 patch a little 2015-11-25 09:04:17 -05:00
Nick Mathewson
74e5385da7 Merge remote-tracking branch 'gtank/feature17663' 2015-11-25 09:00:01 -05:00
Nick Mathewson
2079ec9ee6 Merge remote-tracking branch 'teor/feature8961-replaycache-sha256' 2015-11-25 08:55:18 -05:00
Nick Mathewson
be30c61ac1 Merge branch 'maint-0.2.7' 2015-11-25 08:53:46 -05:00
teor (Tim Wilson-Brown)
23b088907f Refuse to make direct connections to private OR addresses
Refuse connection requests to private OR addresses unless
ExtendAllowPrivateAddresses is set. Previously, tor would
connect, then refuse to send any cells to a private address.

Fixes bugs 17674 and 8976; bugfix on b7c172c9ec (28 Aug 2012)
Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint
release.

Patch by "teor".
2015-11-25 03:11:15 +11:00
George Tankersley
695412302b implement teor's comments 2015-11-24 02:17:37 +00:00
George Tankersley
ff54cc8481 add SHA512 support to crypto 2015-11-24 01:34:28 +00:00
teor (Tim Wilson-Brown)
2e9779e5d8 Use SHA256 in the replaycache, rather than SHA1
This migrates away from SHA1, and provides further hash flooding
protection on top of the randomised siphash implementation.

Add unit tests to make sure that different inputs don't have the
same hash.
2015-11-24 09:08:53 +11:00
David Goulet
273b267fa2 Fix: use the right list in find_expiring_intro_point()
The wrong list was used when looking up expired intro points in a rend
service object causing what we think could be reachability issues and
triggering a BUG log.

Fixes #16702

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-11-23 09:02:54 -05:00
Roger Dingledine
6cdd024c94 fix two typos in comments 2015-11-23 07:40:13 -05:00
teor (Tim Wilson-Brown)
5b2adfb3d4 Fix comments to describe actual return values (crypto.c) 2015-11-23 20:31:57 +11:00
teor (Tim Wilson-Brown)
84d1373ba0 Fix typo in comment on crypto_add_spaces_to_fp 2015-11-23 18:59:11 +11:00
teor (Tim Wilson-Brown)
604d3ee48d Comment only: crypto_seed_rng no longer has a "startup" parameter 2015-11-23 10:26:07 +11:00
Nick Mathewson
cbc1b8a4f7 fix "make check-spaces" 2015-11-20 10:52:56 -05:00
Nick Mathewson
e3cf39cefd Fix compilation warnings 2015-11-20 10:51:19 -05:00
Nick Mathewson
35e886fe13 Merge branch 'getinfo-private-exitpolicy-v4-squashed' 2015-11-20 10:48:28 -05:00
teor (Tim Wilson-Brown)
10a6390deb Add controller getinfo exit-policy/reject-private
exit-policy/reject-private lists the reject rules added by
ExitPolicyRejectPrivate. This makes it easier for stem to
display exit policies.

Add unit tests for getinfo exit-policy/*.

Completes ticket #17183. Patch by "teor".
2015-11-20 10:48:19 -05:00
Nick Mathewson
18ee193ad1 bump version to 0.2.7-dev 2015-11-20 10:27:35 -05:00
teor (Tim Wilson-Brown)
6913bdfcc5 Refactor router_dump_exit_policy_to_string
Split out policy_dump_to_string to use it in getinfo_helper_policies.
2015-11-20 10:39:37 +11:00
teor (Tim Wilson-Brown)
66fac9fbad Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relays
Modify policies_parse_exit_policy_reject_private so it also blocks
the addresses configured for OutboundBindAddressIPv4_ and
OutboundBindAddressIPv6_, and any publicly routable port addresses
on exit relays.

Add and update unit tests for these functions.
2015-11-20 10:39:13 +11:00
teor (Tim Wilson-Brown)
e726ad4664 Add unit tests for policies_parse_exit_policy_reject_private
Test that policies_parse_exit_policy_reject_private rejects supplied
IPv4 and IPv6 relay addresses, and the addresses of local interfaces.
2015-11-20 10:32:51 +11:00
teor (Tim Wilson-Brown)
c73c5a293f Refactor policies_parse_exit_policy_internal
Move the code that rejects publicly routable exit relay addresses
to policies_parse_exit_policy_reject_private. Add
addr_policy_append_reject_addr_list and use it to reject interface
addresses.

This removes the duplicate reject checks on local_address and
ipv6_local_address, but duplicates will be removed by
exit_policy_remove_redundancies at the end of the function.

This also removes the info-level logging on rejected interface
addresses. Instead, log a debug-level message in
addr_policy_append_reject_addr.

This simplifies policies_parse_exit_policy_internal and prepares for
reporting these addresses over the control port in #17183.
2015-11-20 10:32:51 +11:00
Nick Mathewson
35bfd782ea Merge remote-tracking branch 'teor/bug17632-no-ipv4-no-localhost-squashed' 2015-11-19 11:19:31 -05:00
Nick Mathewson
5f4cd245ec Merge remote-tracking branch 'teor/bug17638-ipv6-ersatz-socketpair' 2015-11-19 10:48:40 -05:00
Nick Mathewson
118bdc3a6d Merge remote-tracking branch 'public/decouple_conn_attach_2' 2015-11-19 10:44:31 -05:00
teor (Tim Wilson-Brown)
f19d6b81c8 Fixup #17638: ignore EINVAL from FreeBSD jails without ::1
In my testing, an IPv6-only FreeBSD jail without ::1 returned EINVAL
from tor_ersatz_socketpair. Let's not fail the unit test because of
this - it would only ever use tor_socketpair() anyway.
2015-11-19 19:20:01 +11:00
teor (Tim Wilson-Brown)
53ec840bdf Make tor_ersatz_socketpair work on IPv6-only systems
(But it won't work on some systems without IPv4/IPv6 localhost
(some BSD jails) by design, to avoid creating sockets on routable
IP addresses. However, those systems likely have the AF_UNIX socketpair,
which tor prefers.)

Fixes bug #17638; bugfix on a very early tor version,
earlier than 22dba27d8d (23 Nov 2004) / svn:r2943.

Patch by "teor".
2015-11-19 19:08:22 +11:00
Nick Mathewson
913fbf8f2f Merge remote-tracking branch 'teor/bug17632-no-ipv4-no-localhost' 2015-11-18 15:02:45 -05:00
teor (Tim Wilson-Brown)
2c151d8082 Update comments in get_interface_addresses_ioctl
Comment-only change noting platforms that can return IPv6
addresses from SIOCGIFCONF (or SIOCGLIFCONF).
2015-11-19 00:41:06 +11:00
teor (Tim Wilson-Brown)
71fd66c866 Fix unit tests on systems without IPv4 or localhost addresses
Make unit tests pass on IPv6-only systems, and systems without
localhost addresses (like some FreeBSD jails).

Fixes:
* get_if_addrs_ifaddrs: systems without localhost
* get_if_addrs_ioctl: only works on IPv4 systems
* socket: check IPv4 and IPv6, skip on EPROTONOSUPPORT
* socketpair_ersatz: uses IPv4, skip on EPROTONOSUPPORT

Fixes bug #17632; bugfix on unit tests in 0.2.7.3-rc.
c464a36772 was a partial fix for this issue in #17255;
it was released in unit tests in 0.2.7.4-rc.

Patch by "teor".
2015-11-19 00:41:06 +11:00
teor (Tim Wilson-Brown)
a1ce111d32 Really Really Fixup 86eba14ac5: Windows support, error return values 2015-11-19 00:13:58 +11:00
teor (Tim Wilson-Brown)
eed86892dd Really Fixup 86eba14ac5: error return values are negative 2015-11-18 23:54:26 +11:00
teor (Tim Wilson-Brown)
3351f69c75 Fixup 86eba14ac5: add errno.h for EPROTONOSUPPORT 2015-11-18 23:47:12 +11:00
teor (Tim Wilson-Brown)
878b5738c2 Update comments in get_interface_addresses_ioctl
Comment-only change noting platforms that can return IPv6
addresses from SIOCGIFCONF (or SIOCGLIFCONF).
2015-11-18 23:30:25 +11:00
teor (Tim Wilson-Brown)
86eba14ac5 Fix unit tests on systems without IPv4 or localhost addresses
Make unit tests pass on IPv6-only systems, and systems without
localhost addresses (like some FreeBSD jails).

Fixes:
* get_if_addrs_ifaddrs: systems without localhost
* get_if_addrs_ioctl: only works on IPv4 systems
* socket: check IPv4 and IPv6, skip on EPROTONOSUPPORT
* socketpair_ersatz: uses IPv4, skip on EPROTONOSUPPORT

Fixes bug #17632; bugfix on unit tests in 0.2.7.3-rc.
c464a36772 was a partial fix for this issue in #17255;
it was released in unit tests in 0.2.7.4-rc.

Patch by "teor".
2015-11-18 23:25:21 +11:00
Yawning Angel
85bb71049a Fix a startup time assert caused by periodic events not being initialized.
Loading a on disk bridge descriptor causes a directory download to be
scheduled, which asserts due to the periodic events not being
initialized yet.

Fixes bug #17635, not in any released version of tor.
2015-11-18 11:31:05 +00:00
Nick Mathewson
8af5afedc9 windows already has a CALLBACK macro... 2015-11-17 10:00:41 -05:00
Nick Mathewson
dc0d2b5970 Don't relaunch dir requests recursively if connection_connect() returns -1
Closes ticket 17589.
2015-11-17 09:40:05 -05:00
Nick Mathewson
d3cb659541 Fix a server-side crash on DNS init 2015-11-17 09:37:50 -05:00
Nick Mathewson
70f337fdb2 Some unit tests now require that periodic events be initialized. 2015-11-17 09:26:50 -05:00
Nick Mathewson
58edf92678 Free pending_entry_connections on shutdown. 2015-11-17 09:06:47 -05:00
Nick Mathewson
84b3350c83 Be more conservative in scanning the list of pending streams
Now we only re-scan the list in the cases we did before: when we
have a new circuit that we should try attaching to, or when we have
added a new stream that we haven't tried to attach yet.

This is part of 17590.
2015-11-17 09:04:25 -05:00
Nick Mathewson
b1d56fc589 Decouple ..attach_circuit() from most of its callers.
Long ago we used to call connection_ap_handshake_attach_circuit()
only in a few places, since connection_ap_attach_pending() attaches
all the pending connections, and does so regularly.  But this turned
out to have a performance problem: it would introduce a delay to
launching or connecting a stream.

We couldn't just call connection_ap_attach_pending() every time we
make a new connection, since it walks the whole connection list.  So
we started calling connection_ap_attach_pending all over, instead!
But that's kind of ugly and messes up our callgraph.

So instead, we now have connection_ap_attach_pending() use a list
only of the pending connections, so we can call it much more
frequently.  We have a separate function to scan the whole
connection array to see if we missed adding anything, and log a
warning if so.

Closes ticket #17590
2015-11-17 08:53:34 -05:00
Nick Mathewson
b91bd27e6f Whoops; in this context the EV_TIMEOUT flag is needed 2015-11-17 08:53:16 -05:00
Nick Mathewson
c113d19b53 Merge branch 'bug3199_redux_3' 2015-11-17 08:27:42 -05:00
Nick Mathewson
661e5bdbfa Changes to 3199 branch based on feedback from special 2015-11-17 08:26:04 -05:00
Nick Mathewson
eb721ed2d9 Add documentation for periodic event api 2015-11-16 10:40:23 -05:00
teor (Tim Wilson-Brown)
d3b7546753 Add a missing "if" in the comment on warn_nonlocal_controller_ports
Also reflow all the lines of that comment so that they're under
the maximum width.
2015-11-16 16:27:11 +11:00
teor (Tim Wilson-Brown)
dd82550a5e Add missing " in AccountingMax comment in or.h 2015-11-16 12:34:53 +11:00
Nick Mathewson
dd00fd0a1f Change periodic.c to use libevent directly
Libevent's periodic timers aren't the right solution when the
timeout potentially changes every time.
2015-11-13 16:25:40 -05:00
Nick Mathewson
65a6489e5e fix whitespace; remove dead code 2015-11-13 16:24:45 -05:00
Nick Mathewson
2bf8fb5ee3 Fold all of the run-every-second stuff back into run_scheduled_events() 2015-11-13 16:24:45 -05:00
Nick Mathewson
9f31908a40 Turn all of run_scheduled_events() into a bunch of periodic events
This patch is designed to look good when you see it through 'diff -b':
it mostly leaves entries in the same order, and leaves the code unmodified.
2015-11-13 16:24:45 -05:00
Nick Mathewson
e8b459a2fa Connect periodic events to main 2015-11-13 16:24:44 -05:00
Kevin Butler
fbeff307f7 Infrastructure for replacing global periodic events in main.c
(This is from Kevin's bug3199 patch series; nick extracted it into
 a new file and changed the interface a little, then did some API
 tweaks on it.)
2015-11-13 16:24:44 -05:00
Nick Mathewson
7a940fac1c appease check-spaces 2015-11-13 13:46:47 -05:00
Nick Mathewson
d467227323 Merge remote-tracking branch 'public/ticket11150_client_only' 2015-11-13 09:58:16 -05:00
Nick Mathewson
accb726db6 Remove a little duplicated code in TAP key expansion
patch from pfrankw; closes 17587.
2015-11-13 09:46:32 -05:00
Nick Mathewson
741d2dc685 Bump to 0.2.7.5 2015-11-13 08:41:30 -05:00
Nick Mathewson
f7ccc9b975 Merge branch 'decouple_circuit_mark_squashed' 2015-11-12 14:20:24 -05:00
Nick Mathewson
8b4e5b7ee9 Experimentally decouple the main body of circuit_mark_for_close 2015-11-12 14:20:16 -05:00
Nick Mathewson
d20a3d07e3 Merge branch 'karsten_bug13192_026_03_teor' 2015-11-12 11:40:58 -05:00
Nick Mathewson
1f7ba115a4 Rename cast_double_to_int64 to clamp_double_to_int64 2015-11-12 11:33:48 -05:00
Nick Mathewson
0694263b75 Make round_to_next_multiple_of always round upwards.
Yes, even if it has to return a non-multiple.  This prevents us from
ever having a bug where we try to use it for allocation, and under-allocate.
2015-11-12 11:32:14 -05:00
Nick Mathewson
0a3eed5f20 Merge branch 'bug17549' 2015-11-10 10:40:31 -05:00
Nick Mathewson
05c34b3330 appease check-spaces 2015-11-10 10:40:19 -05:00
Nick Mathewson
39e8fa81f7 every version of openssl we support has SSL_get_state 2015-11-10 10:14:58 -05:00
Nick Mathewson
3aebeeffa5 Every openssl we support has ERR_remove_thread_state 2015-11-10 10:13:04 -05:00
Nick Mathewson
c32a43a4d2 Move openssl version compatibility defines into a new header. 2015-11-10 10:02:21 -05:00
teor (Tim Wilson-Brown)
0d5a439292 Mark fallback directoriess as too busy after a 503 response
Mark fallback directory mirrors as "too busy" when they return
a 503 response. Previously, the code just marked authorities as busy.

Unless clients set their own fallback directories, they will never see
this bug. (There are no default fallbacks yet.)

Fixes bug 17572; bugfix on 5c51b3f1f0 released in 0.2.4.7-alpha.
Patch by "teor".
2015-11-10 09:47:48 +11:00
Yawning Angel
6512df34a4 Fix the tortls.c unit tests to pass with OpenSSL 1.1.0-dev.
The string description for the states got changed slightly.
2015-11-06 19:42:39 +00:00
Yawning Angel
89cb2e467d Fix compilation with OpenSSL 1.1.0 --enable-gcc-warnings is set. 2015-11-06 19:12:43 +00:00
Yawning Angel
3e3ec750cd Fix compilation with OpenSSL 1.1.0-dev.
OpenSSL changed the API:
 * 5998e29035
 * b0700d2c8d
2015-11-06 19:02:56 +00:00
Nick Mathewson
af80d472f7 "And now a better patch which builds the tests if LibreSSL is used."
Works on the latest LibreSSL (in OpenBSD-current).

(Patch from 'rubiate' on #17253.
2015-11-06 10:58:00 -05:00
Yawning Angel
b71f6d6a47 Fix SipHash-2-4 performance for non multiple of 8 buffers.
Code cribbed from Andrew Moon's Public Domain SipHash-2-4
implementation (which IMO is also cleaner).

Fixes bug 17544.
2015-11-05 18:21:43 +00:00
Nick Mathewson
1385ab0605 Merge remote-tracking branch 'rl1987/ticket16831_part2_rebased' 2015-10-30 09:59:11 -04:00
rl1987
2e980e9a2e Fix GCC warnings. 2015-10-29 13:12:29 +01:00
Nick Mathewson
19e10f95c1 Merge remote-tracking branch 'rl1987/bug17417_take2' 2015-10-26 09:18:48 -04:00
rl1987
e2f9c7d54f Avoid crashing due to double-freeing memory. 2015-10-24 16:21:35 +03:00
rl1987
a187c772af Seventh test case for dns_resolve_impl(). 2015-10-24 14:30:53 +03:00
rl1987
f53dcf6a35 Sixth test case for dns_resolve_impl. 2015-10-24 14:30:52 +03:00
rl1987
cc1bed9974 Add a fifth unit test. 2015-10-24 14:30:52 +03:00
rl1987
bb8ec2e1c6 Whitespace fixes. 2015-10-24 14:30:52 +03:00
rl1987
72bd192d80 Add a fourth test case. 2015-10-24 14:30:52 +03:00
rl1987
787a27be3e Third test case for dns_resolve_impl. 2015-10-24 14:30:51 +03:00
rl1987
1096f7638e A second test case for dns_resolve_impl. 2015-10-24 14:30:50 +03:00
rl1987
2fc841aacb Making it slightly cleaner. 2015-10-24 14:30:50 +03:00
rl1987
595bd9295c First test case for dns_resolve_impl(). 2015-10-24 14:30:36 +03:00
rl1987
882d33a80c Using namespace macros for mock functions in test_dns.c 2015-10-24 14:30:20 +03:00
rl1987
2f5d0ea133 Use NS_SUBMODULEs in test_dns.c 2015-10-24 14:30:20 +03:00
Nick Mathewson
8acaac4622 Compilation was off by one character 2015-10-22 18:47:26 -04:00
Nick Mathewson
7dbcdfab58 Fix windows build: do not assume util_process works on windows 2015-10-22 10:01:05 -04:00
Nick Mathewson
ed0c2a5e3d Fix valgrind errors in test_util_process 2015-10-21 16:51:21 -04:00
Nick Mathewson
5431c60001 Fix whitespaces 2015-10-21 16:46:28 -04:00
Nick Mathewson
a61158aa23 Merge remote-tracking branch 'twstrike/util_process_tests' 2015-10-21 16:45:49 -04:00
Nick Mathewson
5e9f2384cf Fix various coverity-found issues 2015-10-21 16:01:29 -04:00
Nick Mathewson
79b3c4a8a3 Yet more memory leaks closed in test_tortls 2015-10-21 14:30:34 -04:00
Nick Mathewson
13ff8e31ba More memory leaks closed in test_tortls 2015-10-21 14:19:43 -04:00
Nick Mathewson
f5a002f69b Fix another pile of test_tortls memory leaks 2015-10-21 14:06:13 -04:00
Nick Mathewson
eead861266 More leaks to fix. 2015-10-21 13:12:19 -04:00
Nick Mathewson
2acf72795a resolve some leaks in test_tortls.c 2015-10-21 12:41:00 -04:00
Nick Mathewson
f217b24e05 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 12:03:04 -04:00
Nick Mathewson
4fb4906975 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.7 2015-10-21 12:02:42 -04:00
Nick Mathewson
9459ae260e Fix the return value 2015-10-21 12:01:05 -04:00
Nick Mathewson
895a98dbaf Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 11:53:00 -04:00
Nick Mathewson
b809c265e7 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.7 2015-10-21 11:51:03 -04:00
Nick Mathewson
35bf07b8d6 Check for len < 4 in dn_indicates_v3_cert
Without this check, we potentially look up to 3 characters before
the start of a malloc'd segment, which could provoke a crash under
certain (weird afaik) circumstances.

Fixes 17404; bugfix on 0.2.6.3-alpha.
2015-10-21 11:44:43 -04:00
Nick Mathewson
52fd384a46 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 11:18:11 -04:00
Nick Mathewson
f41be5f9df memory leaks in procmon tests 2015-10-21 11:17:59 -04:00
Nick Mathewson
9c4a0aef0c Fix a memory leak in reading an expired ed signing key.
Closes 17403.
2015-10-21 11:16:28 -04:00
Nick Mathewson
9f5210ae46 Fix all leaks (and an introduced failure) in the rendcache tests 2015-10-21 11:05:27 -04:00
Nick Mathewson
35edd74e25 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:56:40 -04:00
Nick Mathewson
5d45a26f39 Whoops; infinite recursion 2015-10-21 10:56:27 -04:00
Nick Mathewson
d14b009b23 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:54:12 -04:00
Nick Mathewson
8b01849f3b Yet more memory leaks in the rendcache tests 2015-10-21 10:54:07 -04:00
Nick Mathewson
aa96abe66b Fix memory leak in rend_cache_failure_entry_free()
Bug 17402.
2015-10-21 10:52:57 -04:00
Nick Mathewson
a5e873ff29 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:28:16 -04:00
Nick Mathewson
6ef35319d9 More leaks here 2015-10-21 10:28:10 -04:00
Nick Mathewson
03eb999d42 Fix an (unreachable) memory leak in rendcache.c
The 0.2.8 unit tests provoke this leak, though I don't think it can
happen IRL.
2015-10-21 10:27:19 -04:00
Nick Mathewson
46cd466dec Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:00:52 -04:00
Nick Mathewson
34b4da709d Fix a bunch more memory leaks in the tests. 2015-10-21 10:00:05 -04:00
Nick Mathewson
5b2070198a Fix a use-after-free in validate_intro_point_failure. Bug 17401. Found w valgrind 2015-10-21 09:59:19 -04:00
Nick Mathewson
b7941cbfbb Fix numerous leaks and memory errors in tests. Found by valgrind 2015-10-21 08:49:29 -04:00
Nick Mathewson
2461ea1faa Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 08:17:34 -04:00
Nick Mathewson
d478704de8 Fix a number of unit-test memory leaks, found by valgrind. 2015-10-21 08:17:30 -04:00
Nick Mathewson
542cc8a5ff Fix a memory leak; bug 17398. 2015-10-21 08:17:07 -04:00
Nick Mathewson
8378a3310a Bump version to 0.2.7.4-rc 2015-10-19 11:19:51 -04:00
Nick Mathewson
a8a26ca30e Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-15 13:56:53 -04:00
Nick Mathewson
7e7683b254 Merge remote-tracking branch 'origin/maint-0.2.6' into maint-0.2.7 2015-10-15 13:56:41 -04:00
David Goulet
2ec5e24c58 Add hidserv-stats filname to our sandbox filter
Fixes #17354

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-10-15 13:42:34 -04:00
Nick Mathewson
a5ed8b1667 Fix compilation of sandbox.[ch] under musl-libc
Patch from jamestk; fix on 0.2.5.1-alpha. Fixes 17347.
2015-10-15 10:37:41 -04:00
Nick Mathewson
fa4a81518a Merge branch 'bug17347' 2015-10-15 10:36:29 -04:00
Nick Mathewson
50148dc45d Fix compilation of sandbox.[ch] under musl-libc
Patch from jamestk; fix on 0.2.5.1-alpha. Fixes 17347.
2015-10-15 10:35:45 -04:00
Nick Mathewson
4e5e93a74b blank line at eof for test_address.c 2015-10-15 10:22:33 -04:00
Nick Mathewson
0d8b8fa585 Merge remote-tracking branch 'twstrike/address_tests' 2015-10-15 10:21:42 -04:00
Nick Mathewson
49ccb7e7b8 Mention trunnel in CodingStandards; describe how in trunnel/README 2015-10-14 10:40:27 -04:00
Nick Mathewson
4da2f89f95 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-09 10:18:42 -04:00
Nick Mathewson
7c3f210e70 Merge remote-tracking branch 'origin/maint-0.2.6' into maint-0.2.7 2015-10-09 10:14:59 -04:00
Nick Mathewson
552136668c Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-10-09 10:14:46 -04:00
Nick Mathewson
3569cffe14 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-10-09 10:12:59 -04:00
Karsten Loesing
62b02a1941 Update geoip and geoip6 to the October 9 2015 database. 2015-10-09 15:27:55 +02:00
Nick Mathewson
3780a6b439 Fix some 64bit issues 2015-10-07 16:54:29 -04:00
Nick Mathewson
cd14405a43 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-07 15:21:23 -04:00
teor (Tim Wilson-Brown)
c464a36772 Make get_ifaddrs tests more tolerant of unusual network configs
* Don't assume that every test box has an IPv4 address
* Don't assume that every test box has a non-local address

Resolves issue #17255 released in unit tests in 0.2.7.3-rc.
2015-10-07 15:20:31 -04:00
Nick Mathewson
aeb9373158 Fix 32-bit case of rend_cache/entry_allocation 2015-10-07 14:31:21 -04:00
Nick Mathewson
b23a0465f1 Fix implicit overflow in rendcache tests 2015-10-07 14:29:14 -04:00
Nick Mathewson
9d019a7db7 tor_tls_finish_handshake is server-side only. 2015-10-07 10:32:54 -04:00
Nick Mathewson
5bd3290df3 Remove workaround code for broken client-side renegotiation
Since 11150 removed client-side support for renegotiation, we no
longer need to make sure we have an openssl/TLSvX combination that
supports it (client-side)
2015-10-07 10:16:37 -04:00
Nick Mathewson
6505d529a5 Remove client-side support for detecting v1 handshake
Fixes more of 11150
2015-10-07 10:13:39 -04:00
Nick Mathewson
2ad6e1bb0e Make the mis-named V2_HANDSHAKE_SERVER/CLIENT macros always-on.
They selected the V2 handshake *and* the V3 handshake, in a strange
mixture.  Both handshakes have been mandatory for a long time.
2015-10-07 10:07:29 -04:00
Nick Mathewson
bd1a137893 Remove the client-side code for the v1 and v2 tls handshakes.
(This is safe since super-old Tor servers are no longer allowed on
the network.)

Closes the client-side part of 11150.
2015-10-07 10:04:12 -04:00
Nick Mathewson
5a5112f701 Fix "make check-spaces" 2015-10-07 09:34:02 -04:00
Nick Mathewson
cec2bc435e Merge remote-tracking branch 'twstrike/procmon_tests'
Conflicts:
	src/test/include.am
	src/test/log_test_helpers.c
	src/test/log_test_helpers.h
2015-10-07 09:32:51 -04:00
Nick Mathewson
15bfdbeb9d fix check-spaces once more 2015-10-06 11:32:37 -04:00
Nick Mathewson
f179abdca9 Merge remote-tracking branch 'twstrike/rendcache_tests'
Conflicts:
        src/test/include.am
	src/test/rend_test_helpers.c
	src/test/rend_test_helpers.h
2015-10-06 11:32:06 -04:00
Nick Mathewson
2592d537f9 Merge remote-tracking branch 'twstrike/util_format_tests'
Conflicts:
	src/test/test_util_format.c
2015-10-06 11:20:33 -04:00
Nick Mathewson
41782bf3ac Merge remote-tracking branch 'tvdw/fix-16563' 2015-10-06 10:57:31 -04:00
Nick Mathewson
20ec030d9b Fix compilation with openssl 1.1 by forcibly disabling some tests
Some of these tests can be ported to work with openssl 1.1, but
probably some can't.
2015-10-06 09:59:47 -04:00
Nick Mathewson
94669c829c Allow case-insensitive match in test_tortls_debug_state_callback 2015-10-06 09:40:56 -04:00
Nick Mathewson
bfd9dccdb8 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-06 09:06:57 -04:00
Nick Mathewson
1eb838b303 Work around openssl declaring x509_get_not{Before,After} as functions
Now that x509_get_not{Before,After} are functions in OpenSSL 1.1
(not yet releasesd), we need to define a variant that takes a const
pointer to X509 and returns a const pointer to ASN1_time.

Part of 17237. I'm not convinced this is an openssl bug or a tor
bug. It might be just one of those things.
2015-10-06 09:04:37 -04:00
Nick Mathewson
f7ce93d979 Fix 17251: avoid integer overflow in test_crypto_slow 2015-10-06 08:58:03 -04:00
Ola Bini
f319231e6e
Divide the different parse_port_config groups into separate tests 2015-10-05 15:31:49 -05:00
Ola Bini
49eefc0884
Use tor_addr_eq instead of tt_mem_op 2015-10-05 15:17:11 -05:00
Ola Bini
5cb7242012
Move CL_PORT definitions so they are accessible to the tests as well 2015-10-05 15:10:58 -05:00
Ola Bini
017047e7b2
Fix all spaces 2015-10-05 15:06:34 -05:00
Ola Bini
598cd4690c
Make compilation work under gcc-warnings 2015-10-05 14:56:57 -05:00
Ola Bini
70de8d4bf8
Fix spaces and other smaller issues 2015-10-05 14:31:10 -05:00
Ola Bini
c31791b798
Test behavior on success, and fix spaces 2015-10-05 14:07:55 -05:00
rl1987
b216340d75 Fix compilation failure when SSL_SESSION_get_master_key() is provided by OpenSSL. 2015-10-05 21:56:27 +03:00
Ola Bini
ca927b7f63
Fix spaces 2015-10-05 13:42:43 -05:00
Ola Bini
be7ef94a7d
Fix compiling under gcc warnings to errors 2015-10-05 13:41:00 -05:00
Ola Bini
fb5cefbfa0
Fix spaces 2015-10-05 10:07:31 -05:00
Ola Bini
987c38e6c3
Test full IP addresses instead of just one nibble 2015-10-05 10:01:10 -05:00
Tom van der Woerdt
c44a94606a Use __FUNCTION__ instead of __PRETTY_FUNCTION__
Fixes ticket #16563
2015-10-04 19:55:38 +02:00
Roger Dingledine
c9cb5516ab fix easy typo 2015-10-04 12:28:25 -04:00
Ola Bini
b54133fbd9
Fix spaces warnings 2015-10-03 18:46:40 -05:00
Ola Bini
d0abf16119
Actually test success cases as well 2015-10-03 18:37:29 -05:00
Nick Mathewson
3c67823957 Perhaps this is the permutation of headers that will please everything 2015-10-02 18:44:55 +02:00
Nick Mathewson
b31cdf4ad6 Try to fix mingw build. 2015-10-02 18:31:43 +02:00
Nick Mathewson
561d4136ac These logs seem openssl-version-dependent 2015-10-02 17:56:10 +02:00
Nick Mathewson
0ead9a58b9 Avoid warnings in tortls.h includes 2015-10-02 15:57:33 +02:00
Nick Mathewson
5d5d26ccee Fix a 32-bit error from jenkins 2015-10-02 15:39:08 +02:00
Nick Mathewson
578830ad30 Fix "make distcheck" 2015-10-02 15:36:59 +02:00
Nick Mathewson
11e3db3ee8 clean up whitespace 2015-10-02 15:13:19 +02:00
Nick Mathewson
92c436ccbc Fix warnings. 2015-10-02 15:12:04 +02:00
Nick Mathewson
21c201202e Merge remote-tracking branch 'twstrike/dir-handle-cmd-get' 2015-10-02 15:04:28 +02:00
Nick Mathewson
b5aa257d46 Fix "make check-spaces" 2015-10-02 14:33:54 +02:00
Nick Mathewson
39901bd408 Make test_tortls compile without warnings 2015-10-02 14:20:28 +02:00
Nick Mathewson
086c33ea61 Merge remote-tracking branch 'twstrike/tortls_tests' 2015-10-02 14:12:27 +02:00
Nick Mathewson
67182226f1 Merge remote-tracking branch 'teor/warn-when-time-goes-backwards' 2015-10-02 13:56:28 +02:00
Nick Mathewson
488e9a0502 Merge remote-tracking branch 'teor/routerset-parse-IPv6-literals'
(Minor conflicts)
2015-10-02 13:54:20 +02:00
Nick Mathewson
0d44679d3b Fix a test failure 2015-10-02 13:47:08 +02:00
Nick Mathewson
0b3190d4b7 Merge remote-tracking branch 'donncha/feature14846_4' 2015-10-02 13:40:26 +02:00
Nick Mathewson
0e03a0421e Fix check-spaces complaints 2015-10-02 13:22:00 +02:00
Nick Mathewson
3b09322c9b Merge remote-tracking branch 'sebastian/bug17026' 2015-10-02 13:15:36 +02:00
Nick Mathewson
46f2682ff3 new headers must get distributed 2015-10-02 13:15:20 +02:00
Nick Mathewson
ac8c5ec67a Clean up compat_libevent tests 2015-10-02 13:13:58 +02:00
Nick Mathewson
c01f9d9ffe Fix style and compilation in log_test_helpers 2015-10-02 13:03:43 +02:00
Nick Mathewson
f774813129 Merge remote-tracking branch 'twstrike/compat_libevent_tests' 2015-10-02 12:56:37 +02:00
Nick Mathewson
39eb075c20 Give test_util_format some succeeding test cases 2015-10-02 12:52:35 +02:00
Nick Mathewson
144a0cb704 Add notes and whitespace fixes to test_util_format 2015-10-02 12:44:35 +02:00
Nick Mathewson
3321e4a025 Merge remote-tracking branch 'twstrike/util_format_tests' 2015-10-02 12:40:30 +02:00
teor (Tim Wilson-Brown)
763cb393d3 fixup #17188: Add most likely reasons for clock going backwards
Add "You might have an empty clock battery or bad NTP server."
2015-10-01 09:58:15 +02:00
Nick Mathewson
71e4649f02 Disallow transitions on SyslogIdentityTag, since they do not work right 2015-09-30 18:34:15 +02:00
Peter Palfrader
335af6fed8 Document syslog_identity_tag for add_syslog_log 2015-09-30 18:34:15 +02:00
Peter Palfrader
1cf0d82280 Add SyslogIdentityTag
When logging to syslog, allow a tag to be added to the syslog identity
("Tor"), i.e. the string prepended to every log message.  The tag can be
configured by setting SyslogIdentityTag and defaults to none.  Setting
it to "foo" will cause logs to be tagged as "Tor-foo".  Closes: #17194.
2015-09-30 18:34:15 +02:00
teor (Tim Wilson-Brown)
cd279ca7f5 Warn when the system clock is set back in time
Warn when the state file was last written in the future.
Tor doesn't know that consensuses have expired if the clock is in the past.

Patch by "teor". Implements ticket #17188.
2015-09-30 13:33:56 +02:00
Nick Mathewson
003462432b Merge remote-tracking branch 'origin/maint-0.2.7' 2015-09-29 13:51:08 +02:00
Nick Mathewson
d4212d581a fix compilation; mark test fns static 2015-09-29 13:50:52 +02:00
Nick Mathewson
62d6a8ef4d Add a README for the trunnel directory 2015-09-29 13:43:12 +02:00
Nick Mathewson
efff55bdfd Merge remote-tracking branch 'origin/maint-0.2.7' 2015-09-29 10:22:38 +02:00
Nick Mathewson
87dee5c651 Socks->SOCKS in torrcs. Fixes 15609 2015-09-29 10:20:31 +02:00
Nick Mathewson
8e93cfb47f Merge remote-tracking branch 'origin/maint-0.2.7' 2015-09-29 10:18:09 +02:00
teor (Tim Wilson-Brown)
7fa102b487 Add checks and unit tests for get_interface_address* failure
Ensure that either a valid address is returned in address pointers,
or that the address data is zeroed on error.

Ensure that free_interface_address6_list handles NULL lists.

Add unit tests for get_interface_address* failure cases.

Fixes bug #17173.
Patch by fk/teor, not in any released version of tor.
2015-09-29 10:17:05 +02:00
Fabian Keil
3ea834ce0a get_interface_address6_list(): Bring back a return code check
... that was removed by 31eb486c46 which first appeared in
0.2.7.3-rc.

If tor is running in a ElectroBSD (or FreeBSD) jail it can't
get any IP addresses that aren't assigned to the jail by
looking at the interfaces and (by design) the
get_interface_address6_via_udp_socket_hack() fallback doesn't
work either.

The missing return code check resulted in tor_addr_is_internal()
complaining about a "non-IP address of type 49", due to reading
uninitialised memory.

Fixes #17173.
2015-09-29 10:17:00 +02:00
Nick Mathewson
3d8a045bd6 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-09-29 10:12:05 +02:00
Marcin Cieślak
f75325c132 No spaces around = in variable assignment
BSD make takes spaces around = literally
and produces a "TESTING_TOR_BINARY "
variable with a trailing space, which leads
to test_keygen.sh failure.

Fixes 17154
2015-09-29 10:09:02 +02:00
Marcin Cieślak
5c95762ec6 Skip tests if backtrace support not compiled-in
FreeBSD needs -lexecinfo to fully support
backtrace reporting.
2015-09-29 10:04:14 +02:00
Nick Mathewson
551dba3290 Bump master to 0.2.8.0-alpha-dev 2015-09-25 09:27:39 -04:00
Nick Mathewson
4ce9b8f1ec Bump to 0.2.7.3-rc-dev 2015-09-25 09:26:35 -04:00
Nick Mathewson
7b1d2726e4 Add test-network.sh to EXTRA_DIST 2015-09-24 19:38:50 -04:00
Nick Mathewson
8d6bb3a559 Make our digest-mismatch warnings a touch better 2015-09-24 17:45:33 -04:00
Nick Mathewson
9febbf0451 Merge branch 'bug17149' 2015-09-24 17:19:21 -04:00
Nick Mathewson
4b2ae5a16b Include some content when exporting abs_top_srcdir and builddir
FreeBSD make demands this.
2015-09-24 17:06:49 -04:00
Nick Mathewson
e62fe2f02d Put braces around reject-lines for IPv6 addrs
Fixes bug 17149; bug not in any released Tor.
2015-09-24 16:51:25 -04:00
Nick Mathewson
85b65bf29f Add more quotes in the test scripts 2015-09-24 15:25:53 -04:00
Nick Mathewson
eb2188168e Stop trying to generate test scripts via autoconf substitution.
Use environment variables instead. This repairs 'make distcheck',
which was running into trouble when it tried to chmod the generated
scripts.

Fixes 17148.
2015-09-24 15:07:39 -04:00
Nick Mathewson
744f8c8277 Increment version. 2015-09-24 12:19:33 -04:00
Nick Mathewson
a395d1aa46 Merge branch 'underpinning_squashed' 2015-09-24 11:29:14 -04:00
Nick Mathewson
09e272eb1e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-09-24 10:06:36 -04:00
Nick Mathewson
fb5a858a35 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-09-24 10:06:15 -04:00
Nick Mathewson
809217e6f3 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-09-24 10:06:00 -04:00
Karsten Loesing
8b3e0b7729 Update geoip and geoip6 to the September 3 2015 database. 2015-09-24 15:08:15 +02:00
Nick Mathewson
01733e2b15 New AuthDirPinKeys option to enable/disable keypinning enforcement
Implements ticket #17135.  We're going to need this one to avoid
chaos as everybody figures out how ed25519 keys work.
2015-09-23 11:22:26 -04:00
Nick Mathewson
efea1e904a Extract the add-or-replace-keypin logic into a new function
We're about to need to call it in another place too.
2015-09-23 11:07:17 -04:00
Nick Mathewson
c5e87e33c7 Allow conflicts to occur in keypinning journal
When we find a conflict in the keypinning journal, treat the new
entry as superseding all old entries that overlap either of its
keys.

Also add a (not-yet-used) configuration option to disable keypinning
enforcement.
2015-09-23 11:02:21 -04:00
Nick Mathewson
53fc782e49 add a README to src/config 2015-09-22 17:06:39 -04:00
Nick Mathewson
6b6a714732 Fix a memory leak in router_parse_addr_policy_item_from_string. CID 1324770 2015-09-22 09:55:05 -04:00
Nick Mathewson
df0b4f0342 Merge branch 'feature16769_squashed' 2015-09-22 09:26:30 -04:00
Nick Mathewson
1911f80fb5 Disable --master-key as not-yet-working for 0.2.7 2015-09-22 09:24:35 -04:00
Nick Mathewson
bca4211de5 Add a --master-key option
This lets the user override the default location for the master key
when used with --keygen

Part of 16769.
2015-09-22 09:24:35 -04:00
Nick Mathewson
d8f031aec2 Add a new --newpass option to add or remove secret key passphrases. 2015-09-22 09:24:35 -04:00
Nick Mathewson
e94ef30a2f Merge branch 'feature16944_v2' 2015-09-22 09:19:28 -04:00
teor (Tim Wilson-Brown)
b584152874 Update private ExitPolicy in man page and torrcs for 10727, formatting
Update the definition of the private exit policy in the man page
and torrcs. It didn't get merged correctly into the man page, and
it was incomplete in the torrcs. (Unfortunately, we only reject the
primary configured IPv4 and IPv6 addresses, not all configured IPv4
and IPv6 addresses.)

Also fixup msn page formatting errors from changes in tickets 16069
and 17027, mainly unescaped *s.
2015-09-22 12:14:27 +10:00
teor (Tim Wilson-Brown)
249e82c906 Update docs with advice for separate IPv4 and IPv6 exit policies
Advise users how to configure separate IPv4 and IPv6 exit
policies in the manpage and sample torrcs.

Related to fixes in ticket #16069 and #17027. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-22 11:41:16 +10:00
Nick Mathewson
c84f3c9177 Merge remote-tracking branch 'public/bug17047' 2015-09-16 08:46:13 -04:00
Nick Mathewson
b257e34583 Merge remote-tracking branch 'teor/bug16069-bug17027' 2015-09-16 08:20:15 -04:00
Sebastian Hahn
98da122ab4 Don't enable SSE2 on X86-64.
This removes a comment presumably introduced for debugging that was left
in accidentally. Bug not in any released version of Tor. Fixes bug
17092.
2015-09-16 14:08:38 +02:00
teor (Tim Wilson-Brown)
a659a3fced Merge branch 'bug17027-reject-private-all-interfaces-v2' into bug16069-bug17027
src/test/test_policy.c:
Merged calls to policies_parse_exit_policy by adding additional arguments.
fixup to remaining instance of ~EXIT_POLICY_IPV6_ENABLED.
Compacting logic test now produces previous list length of 4, corrected this.

src/config/torrc.sample.in:
src/config/torrc.minimal.in-staging:
Merged torrc modification dates in favour of latest.
2015-09-16 09:09:54 +10:00
teor (Tim Wilson-Brown)
fd85f2cd70 fixup Clarify ambiguous log message in router_add_exit_policy 2015-09-16 03:59:30 +10:00
teor (Tim Wilson-Brown)
ab6f93caa7 fixup Only set TAPMP_STAR_IPV6_ONLY if TAPMP_EXTENDED_STAR is set
Also fix a comment.
2015-09-16 03:58:06 +10:00
teor (Tim Wilson-Brown)
eb1759e63c Log an info-level message for each IP blocked by ExitPolicyRejectPrivate
Log an info-level message containing the reject line added to the
exit policy for each local IP address blocked by ExitPolicyRejectPrivate:
 - Published IPv4 and IPv6 addresses
 - Publicly routable IPv4 and IPv6 interface addresses
2015-09-16 02:58:34 +10:00
teor (Tim Wilson-Brown)
098b82c7b2 ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses
ExitPolicyRejectPrivate now rejects more local addresses by default:
 * the relay's published IPv6 address (if any), and
 * any publicly routable IPv4 or IPv6 addresses on any local interfaces.

This resolves a security issue for IPv6 Exits and multihomed Exits that
trust connections originating from localhost.

Resolves ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-16 02:56:50 +10:00
Ola Bini
5b43ecf2b3
Fix procmon_new to correctly use zeroed memory - otherwise it can blow up if the free call by mistake works on something that is allocated 2015-09-15 18:44:53 +02:00
Ola Bini
3b535869a4
Add tests for parse_port_config 2015-09-15 18:12:14 +02:00
Reinaldo de Souza Jr
4ff08bb581 Add tests for directory_handle_command_get 2015-09-15 11:08:50 -05:00
Reinaldo de Souza Jr
d5e860e3dc Add tests for src/or/directory.c 2015-09-15 11:08:25 -05:00
Ola Bini
b4950c9334
Add tests for procmon. These currently fail. Investigation should happen before submitting 2015-09-15 17:56:56 +02:00
Ola Bini
28370fe77f
Add tests for util_format 2015-09-15 17:40:16 +02:00
Ola Bini
cf4f50f943
Add tests for util_process 2015-09-15 17:37:25 +02:00
Ola Bini
9985a62a67
Add tests for compat_libevent 2015-09-15 17:20:44 +02:00
Ola Bini
94e5db3dca
Add tests for tortls.c 2015-09-15 17:09:18 +02:00
teor (Tim Wilson-Brown)
047989ea28 fixup add malformed_list to unit tests from d3358a0a05 IPv6 wildcards
The unit tests added in e033d5e90b got malformed_list added to
router_parse_addr_policy_item_from_string calls, but unit tests from
subsequent commits didn't get the extra argument until now.
2015-09-16 00:34:12 +10:00
Ola Bini
ade5005853
Add tests for the rend cache 2015-09-15 16:21:50 +02:00
teor (Tim Wilson-Brown)
d3358a0a05 ExitPolicy accept6/reject6 produces IPv6 wildcard addresses only
In previous versions of Tor, ExitPolicy accept6/reject6 * produced
policy entries for IPv4 and IPv6 wildcard addresses.

To reduce operator confusion, change accept6/reject6 * to only produce
an IPv6 wildcard address.

Resolves bug #16069.

Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
36ad8d8fdc Warn about redundant torrc ExitPolicy lines due to accept/reject *:*
Tor now warns when ExitPolicy lines occur after accept/reject *:*
or variants. These lines are redundant, and were always ignored.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
e033d5e90b Ignore accept6/reject6 IPv4, warn about unexpected rule outcomes
When parsing torrc ExitPolicies, we now warn if:
  * an IPv4 address is used on an accept6 or reject6 line. The line is
    ignored, but the rest of the policy items in the list are used.
    (accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.)
  * a "private" address alias is used on an accept6 or reject6 line.
    The line filters both IPv4 and IPv6 private addresses, disregarding
    the 6 in accept6/reject6.

When parsing torrc ExitPolicies, we now issue an info-level message:
  * when expanding an accept/reject * line to include both IPv4 and IPv6
    wildcard addresses.

In each instance, usage advice is provided to avoid the message.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:03 +10:00
Ola Bini
73ba9f337c
Add several tests for address.h 2015-09-15 15:49:54 +02:00
teor (Tim Wilson-Brown)
31eb486c46 Add get_interface_address[6]_list for a list of interface IP addresses
Add get_interface_address[6]_list by refactoring
get_interface_address6. Add unit tests for new and existing functions.

Preparation for ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-15 17:04:18 +10:00
teor (Tim Wilson-Brown)
99d2869ab5 Add unit tests for wildcard, IPv4, IPv6 routerset parsing
Tests changes to enable IPv6 literals in routerset_parse in #17060.
Patch by "teor".
2015-09-14 20:16:43 +10:00
teor (Tim Wilson-Brown)
c58b3726d6 Allow IPv6 literal addresses in routersets
routerset_parse now accepts IPv6 literal addresses.

Fix for ticket 17060. Patch by "teor".
Patch on 3ce6e2fba2 (24 Jul 2008), and related commits,
released in 0.2.1.3-alpha.
2015-09-14 20:01:36 +10:00
teor (Tim Wilson-Brown)
60312dc08b Update comments about ExitPolicy parsing
Fix incomplete and incorrect comments.

Comment changes only.
2015-09-14 11:12:28 +10:00