Nick Mathewson
8acfac7375
Copy the signing_key_cert field into signed_descriptor_t
...
We need this field to be in signed_descriptor_t so that
routerinfo_incompatible_with_extrainfo can work correctly (#17150 ).
But I don't want to move it completely in this patch, since a great
deal of the code that messes with it has been in flux since 0.2.7,
when this ticket was opened. I should open another ticket about
removing the field from routerinfo_t and extrainfo_t later on.
This patch fixes no actual behavior.
2016-05-17 13:14:04 -04:00
Nick Mathewson
64748f2f98
Fix documentation for routerinfo_incompatible_with_extrainfo
2016-05-17 13:08:34 -04:00
Nick Mathewson
7d1eb0d570
When making sure digest256 matches in ei, look at sd, not ri.
...
The routerinfo we pass to routerinfo_incompatible_with_extrainfo is
the latest routerinfo for the relay. The signed_descriptor_t, on
the other hand, is the signed_descriptor_t that corresponds to the
extrainfo. That means we should be checking the digest256 match
with that signed_descriptor_t, not with the routerinfo.
Fixes bug 17150 (and 19017); bugfix on 0.2.7.2-alpha.
2016-05-17 12:57:03 -04:00
Nick Mathewson
44da47d3c1
Move extra_info_digest256 into signed_descriptor_t
...
This patch includes no semantic changes; it's just a field movement.
It's prerequisite for a fix to 19017/17150.
2016-05-17 12:53:12 -04:00
Nick Mathewson
36909674b4
Merge remote-tracking branch 'teor/bug18963-remember-v2'
2016-05-17 12:15:53 -04:00
Nick Mathewson
6382cd93cb
Merge branch 'maint-0.2.8'
2016-05-17 11:10:20 -04:00
Nick Mathewson
548d14247e
Merge remote-tracking branch 'arma/bug18616-v4' into maint-0.2.8
2016-05-17 10:48:12 -04:00
Roger Dingledine
06031b441e
touchups and refactorings on bug 18616 branch
...
no behavior changes
2016-05-16 17:43:47 -04:00
Nick Mathewson
0f9b0b8bfe
Initialize networking _before_ initializing libevent in the tests
...
This prevents WSANOTINITIALISED errors and fixes bug 18668. Bugfix
on 0.2.8.1-alpha -- 1bac468882
specifically.
2016-05-16 14:30:04 -04:00
David Goulet
50ff24e276
dirauth: don't use hardcoded length when parsing digests
...
When parsing detached signature, we make sure that we use the length of the
digest algorithm instead of an hardcoded DIGEST256_LEN in order to avoid
comparing bytes out of bound with a smaller digest length such as SHA1.
Fixes #19066
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-05-16 11:18:51 -04:00
Nick Mathewson
249f3a1664
Fix memory leak in test_crypto_aes_ctr_testvec
2016-05-16 09:55:09 -04:00
Nick Mathewson
9abd7b8f90
Windows lacks truncate(3).
...
Fix the new crypto tests, which used truncate(3).
2016-05-16 09:25:19 -04:00
Nick Mathewson
060e0d0a75
Merge branch 'crypto_unit_tests_v2_squashed'
2016-05-16 08:26:11 -04:00
Nick Mathewson
62c5a1fa45
Mark even more crypto lines (the fragile_assert ones) as unreachable
2016-05-16 08:26:00 -04:00
Nick Mathewson
b688945dfb
Refactor digest allocation backend code
...
I'm doing this to simplify crypto_digest_smartlist_prefix, and make
it better covered by our tests.
2016-05-16 08:26:00 -04:00
Nick Mathewson
365d0fcc6d
Cover all our DH code, and/or mark it unreachable.
2016-05-16 08:26:00 -04:00
Nick Mathewson
94b34d1be6
At long last, unit tests for degenerate DH public keys.
...
Apparently, we detect and reject them correctly. Aren't you glad?
2016-05-16 08:26:00 -04:00
Nick Mathewson
98a590577a
Treat absent argument to crypto_log_errors as a bug.
2016-05-16 08:26:00 -04:00
Nick Mathewson
d88656ec06
Slight improvements to DH coverage.
2016-05-16 08:25:59 -04:00
Nick Mathewson
c395334879
Mark some unreachable lines in crypto.c
2016-05-16 08:25:59 -04:00
Nick Mathewson
7a5f15b6e0
Improve test coverage of our strongest-rng code.
2016-05-16 08:25:59 -04:00
Nick Mathewson
148f0004e1
Test coverage on ed25519 load/store functions.
2016-05-16 08:25:59 -04:00
Nick Mathewson
ec81329339
Do not leak the 'tag' when trying to read a truncated ed25519 key file
...
Fix for bug 18956.
2016-05-16 08:25:59 -04:00
Nick Mathewson
5b91e70a4f
Mark unreachable lines in crypto_ed25519.c
2016-05-16 08:25:59 -04:00
Nick Mathewson
8a536be705
Mark unreachable lines in crypto_curve25519.c
...
Also, resolve a bug in test_ntor_cl.c
2016-05-16 08:25:53 -04:00
Nick Mathewson
820b1984ad
Mark three lines unreachable, with extensive docs and use of BUG macros
2016-05-16 08:25:53 -04:00
Nick Mathewson
df3a5e0cad
HKDF-SHA256 test vectors from RFC5869
2016-05-16 08:25:53 -04:00
Nick Mathewson
7bc9d1e002
Merge branch 'maint-0.2.8'
2016-05-12 15:33:56 -04:00
Nick Mathewson
e8cc9f3edf
Merge branch 'maint-0.2.7' into maint-0.2.8
2016-05-12 15:33:47 -04:00
Nick Mathewson
4165b1a0da
Merge branch 'bug18977_026_v2' into maint-0.2.7
2016-05-12 15:33:35 -04:00
Nick Mathewson
44cbd00dfa
Fix a compiler warning on windows when sizeof(long)==sizeof(int)
2016-05-12 14:51:38 -04:00
Nick Mathewson
20b01cece8
Merge branch 'bug18977_024_v2' into bug18977_026_v2
...
Had conflicts related to other correct_tm bugs in 0.2.6. Added wday
for another case.
2016-05-12 14:39:06 -04:00
Nick Mathewson
e57f26c135
Have correct_tm set tm_wday as well.
...
The tm_wday field had been left uninitialized, which was causing
some assertions to fail on Windows unit tests.
Fixes bug 18977.
2016-05-12 14:37:27 -04:00
Nick Mathewson
6bc052365a
Use a much less clever scan_signed no-overflow hack
2016-05-12 14:33:26 -04:00
Nick Mathewson
a7207329a8
Run tor_sscanf test in subprocess, in hopes of coaxing more info from jenkins
2016-05-12 13:37:05 -04:00
Nick Mathewson
445e05a015
Fix inconsistent tab/space mixing in include.am files.
...
This is a whitespace only, cosmetic fix.
There is still some inconsistency between lists, but less
inconsistency inside individual lists.
2016-05-12 13:06:58 -04:00
Nick Mathewson
607a9056d4
Merge branch 'ftrapv_v3'
...
There were some conflicts here, and some breakage to fix concerning
library link order in newer targets.
2016-05-12 13:00:45 -04:00
Nick Mathewson
fb999abea6
Document why we build memwipe that way.
2016-05-12 12:56:47 -04:00
Nick Mathewson
b1dce55b82
Do not apply bugtrapping flags to test-memwipe, since testing memwipe requires bugs.
...
Fixes bug 18901.
2016-05-12 11:22:10 -04:00
Nick Mathewson
ef01109932
Rename SOURCES to SRC for things in include.am
2016-05-12 11:21:28 -04:00
Nick Mathewson
e40cfc4425
Move the ctime part of choose_array_element_by_weight into di_ops
...
This way it gets the ctime options.
2016-05-12 11:21:28 -04:00
Nick Mathewson
20432fc541
Refactor out u64_dbl_t
...
This type saved a tiny amount of allocation, but not enough to be
worth keeping.
(This is in preparation for moving choose_array_element_by_weight)
2016-05-12 11:21:28 -04:00
Nick Mathewson
ce854a8d22
Add -ftrapv to gcc-hardening ... mostly!
...
We know there are overflows in curve25519-donna-c32, so we'll have
to have that one be fwrapv.
Only apply the asan, ubsan, and trapv options to the code that does
not need to run in constant time. Those options introduce branches
to the code they instrument.
(These introduced branches should never actually be taken, so it
might _still_ be constant time after all, but branch predictors are
complicated enough that I'm not really confident here. Let's aim for
safety.)
Closes 17983.
2016-05-12 11:21:28 -04:00
Nick Mathewson
58e0e587a6
Merge branch 'maint-0.2.8'
2016-05-12 11:09:40 -04:00
Nick Mathewson
ce6f2d1c4d
Merge remote-tracking branch 'arma/bug19003-try2' into maint-0.2.8
2016-05-12 11:09:33 -04:00
Nick Mathewson
f936f186b2
Use tor_queue.h, not sys/queue.h, in timeouts.[ch].
...
Closes 19041.
2016-05-12 10:10:59 -04:00
Nick Mathewson
99c0e1bd5b
Fix bad allocation in pubsub.c
...
Closes 19038. Bug not in any released Tor.
2016-05-12 09:56:42 -04:00
Roger Dingledine
5a83122961
Authorities now sort the "package" lines in their votes
...
(They are already sorted in the consensus documents)
Fixes bug 18840; bugfix on 0.2.6.3-alpha.
2016-05-11 19:04:13 -04:00
Roger Dingledine
694f1fe808
write v3-status-votes file earlier in consensus voting
...
Make directory authorities write the v3-status-votes file out
to disk earlier in the consensus process, so we have the votes
even if we abort the consensus process later on.
Resolves ticket 19036.
2016-05-11 17:34:38 -04:00
Roger Dingledine
9e44273a4a
fix 'make dist' which was broken by ticket 18365's merge
2016-05-11 16:15:37 -04:00
Nick Mathewson
e3a4511049
Merge remote-tracking branch 'public/bug18815'
2016-05-11 14:12:39 -04:00
Roger Dingledine
ad8b9dcd47
Merge branch 'maint-0.2.8'
2016-05-11 13:43:06 -04:00
Roger Dingledine
163cee1b64
Merge branch 'maint-0.2.7' into maint-0.2.8
2016-05-11 13:42:40 -04:00
Roger Dingledine
d40e8695f4
unbreak the build (when warnings are enabled)
2016-05-11 13:42:00 -04:00
Nick Mathewson
60e9e48448
Merge branch 'ticket16698_v2'
2016-05-11 13:39:38 -04:00
Nick Mathewson
03ae44a9e8
Fix comment for directory_handle_command_get
2016-05-11 13:39:11 -04:00
teor (Tim Wilson-Brown)
cdb528d841
Fetch certificates from the same directory as previous certificates
...
Improves the fix to #18963 .
2016-05-11 13:30:30 -04:00
teor (Tim Wilson-Brown)
730cfeb6bd
Fetch certificates from the same directory as the consensus
...
Resolves ticket 18963; fix on #4483 in 0.2.8.1-alpha.
2016-05-11 13:30:08 -04:00
Nick Mathewson
00ee62b8a5
Merge branch 'pubsub_squashed'
2016-05-11 13:26:29 -04:00
Nick Mathewson
80a6c8caa3
Basic work on a publish/subscribe abstraction
...
The goal here is to provide a way to decouple pieces of the code
that want to learn "when something happens" from those that realize
that it has happened.
The implementation here consists of a generic backend, plus a set of
macros to define and implement a set of type-safe frontends.
2016-05-11 13:25:11 -04:00
Nick Mathewson
3c6f059e6a
Merge remote-tracking branch 'arma/feature18760'
2016-05-11 13:22:31 -04:00
Nick Mathewson
e9e6a1f547
Merge branch 'maint-0.2.8'
2016-05-11 13:20:57 -04:00
Nick Mathewson
8d962233f6
Merge remote-tracking branch 'teor/bug18816_simplify' into maint-0.2.8
2016-05-11 13:20:51 -04:00
Nick Mathewson
022d32252a
Merge branch 'maint-0.2.8'
2016-05-11 13:17:02 -04:00
Nick Mathewson
24fbb9a81b
Merge branch 'maint-0.2.7' into maint-0.2.8
2016-05-11 13:15:17 -04:00
John Brooks
bf3e32a452
Fix out-of-bounds write during voting with duplicate ed25519 keys
...
In dirserv_compute_performance_thresholds, we allocate arrays based
on the length of 'routers', a list of routerinfo_t, but loop over
the nodelist. The 'routers' list may be shorter when relays were
filtered by routers_make_ed_keys_unique, leading to an out-of-bounds
write on directory authorities.
This bug was originally introduced in 26e89742
, but it doesn't look
possible to trigger until routers_make_ed_keys_unique was introduced
in 13a31e72
.
Fixes bug 19032; bugfix on tor 0.2.8.2-alpha.
2016-05-11 13:11:03 -04:00
teor (Tim Wilson-Brown)
797ece042d
Confim we want certificates from fallbacks
...
Comment-only change
2016-05-11 13:08:45 -04:00
teor (Tim Wilson-Brown)
2cbad2aac7
Revert "Switch between fallback and authority when auth cert fetch fails"
...
This reverts commit 92d7ee08b8
.
2016-05-11 13:06:13 -04:00
Roger Dingledine
b8b5bccfd9
refactor the #19003 patches
...
fix the logic in one of the comments
2016-05-11 13:03:49 -04:00
Nick Mathewson
71267bef4c
Merge branch 'maint-0.2.8'
2016-05-11 12:36:55 -04:00
Nick Mathewson
28e1aa1118
Merge branch 'bug18761_028_squashed' into maint-0.2.8
2016-05-11 12:36:27 -04:00
Nick Mathewson
b59d79134e
Log find_rp_for_intro_() failures at LOG_PROTOCOL_WARN.
...
Closes ticket 18761.
Also fix a whitespace issue.
2016-05-11 12:36:19 -04:00
Nick Mathewson
79f9e63ebf
Merge branch 'maint-0.2.8'
2016-05-11 12:30:18 -04:00
Nick Mathewson
50d777dcf4
Split directory_handle_command_get into subfunctions.
...
This was one of our longest functions, at 600 lines. It makes a nice
table-driven URL-based function instead.
The code is a bit ugly, it leave the indentation as it is in hopes of
making pending directory.c changes easier to merge. Later we can
clean up the indentation.
Also, remove unused mallinfo export code from directory.c
Closes ticket 16698
2016-05-10 14:19:03 -04:00
teor (Tim Wilson-Brown)
92d7ee08b8
Switch between fallback and authority when auth cert fetch fails
2016-05-10 11:25:55 -04:00
teor (Tim Wilson-Brown)
64b948f5fa
Use the consensus download schedule for authority certificates
...
Previously, we were using the generic schedule for some downloads,
and the consensus schedule for others.
Resolves ticket 18816; fix on fddb814fe
in 0.2.4.13-alpha.
2016-05-10 11:25:50 -04:00
Roger Dingledine
53aaed81dd
get rid of another no-longer-used function
2016-05-10 11:16:30 -04:00
Roger Dingledine
be0e1e9e2f
Stop being so strict about the payload length of "rendezvous1" cells
...
We used to be locked in to the "tap" handshake length, and now we can
handle better handshakes like "ntor".
Resolves ticket 18998.
I checked that relay_send_command_from_edge() behaves fine when you
hand it a payload with length 0. Clients behave fine too, since current
clients remain strict about the required length in the rendezvous2 cells.
(Clients will want to become less strict once they have an alternate
format that they're willing to receive.)
2016-05-09 20:34:27 -04:00
Nick Mathewson
7fa11a92d5
Merge branch 'maint-0.2.8'
2016-05-09 14:59:47 -04:00
Nick Mathewson
55cf1970bc
Merge branch 'maint-0.2.7' into maint-0.2.8
2016-05-09 14:59:18 -04:00
Nick Mathewson
7fe80c2905
Merge branch 'maint-0.2.6' into maint-0.2.7
2016-05-09 14:56:56 -04:00
Nick Mathewson
0b477bfd55
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-05-09 14:55:45 -04:00
Nick Mathewson
368146370b
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-05-09 14:55:22 -04:00
Roger Dingledine
aa6341d4b9
stop looping once we know what the answer will be
...
suggested during code review by dgoulet
2016-05-09 14:42:42 -04:00
Roger Dingledine
1f72653544
fix a bug where relays would use the aggressive client bootstrapping retry number
2016-05-09 14:42:32 -04:00
Roger Dingledine
d5a96286c2
simplify more -- we only call these funcs when bootstrapping
2016-05-09 14:42:21 -04:00
Roger Dingledine
c98fbd4169
remove some more unused code
2016-05-09 14:42:09 -04:00
Roger Dingledine
bcae392e0e
avoid another redundant check
...
we should avoid launching a consensus fetch if we don't want one,
but if we do end up with an extra one, we should let the other checks
take care of it.
2016-05-09 14:41:54 -04:00
Nick Mathewson
33d3572a1d
Merge branch 'feature15588_squashed'
2016-05-09 14:41:36 -04:00
Roger Dingledine
e230e80ab3
get rid of the scattered checks to cancel a consensus fetch
...
We'll back off from the request in connection_ap_handshake_attach_circuit,
or cancel it in connection_dir_close_consensus_fetches, and those are the
only places we need to check.
2016-05-09 14:41:32 -04:00
Roger Dingledine
a7665df2f8
close other consensus fetches when we get a consensus
...
not once per second, and only do it when a consensus arrives
2016-05-09 14:41:14 -04:00
Roger Dingledine
59da060f10
use the new function here too
2016-05-09 14:40:54 -04:00
Roger Dingledine
91c58013be
avoid following through on a consensus fetch if we have one already arriving
2016-05-09 14:40:42 -04:00
Roger Dingledine
ce8266d52d
fix typos/etc before i go nuts on #18809
2016-05-09 14:40:21 -04:00
John Brooks
162aa14eef
Move rend client name checks to one function
2016-05-09 14:30:34 -04:00
teor (Tim Wilson-Brown)
c2817774c2
Allow directories in small networks to bootstrap
...
Skip DirPort checks when the consensus has no exits.
Resolves #19003 , bugfix on #18050 in 0.2.8.1-alpha.
2016-05-09 14:29:07 -04:00
John Brooks
dcc11674db
Add client auth for ADD_ONION services
2016-05-09 14:28:58 -04:00
John Brooks
d15354c73b
Add client auth to rend_service_add_ephemeral
2016-05-09 14:28:08 -04:00
John Brooks
d5a23ce115
Move rend auth cookie en-/decoding to a function
...
Tor stores client authorization cookies in two slightly different forms.
The service's client_keys file has the standard base64-encoded cookie,
including two chars of padding. The hostname file and the client remove
the two padding chars, and store an auth type flag in the unused bits.
The distinction makes no sense. Refactor all decoding to use the same
function, which will accept either form, and use a helper function for
encoding the truncated format.
2016-05-09 14:28:08 -04:00
teor (Tim Wilson-Brown)
0c41ae1832
Add a comment to have_enough_path_info()
...
Comment only change
2016-05-09 14:26:13 -04:00
Nick Mathewson
69380033d6
Merge branch 'timeouts_v2_squashed'
2016-05-09 14:06:10 -04:00
Nick Mathewson
af132fc299
timer tests: differences in timing accuracy can be negative.
...
Also, use symbolic names for good-enough thresholds for timer accuracy.
2016-05-09 14:04:54 -04:00
Nick Mathewson
11a09778d6
Test coverage for timers.
2016-05-09 14:04:54 -04:00
Nick Mathewson
10fd4535c2
Fix an OSX/clang compilation warning
2016-05-09 14:04:54 -04:00
Nick Mathewson
118556e4b3
Quick-and-dirty test for timers code.
2016-05-09 14:04:53 -04:00
Nick Mathewson
dcf948da06
Add wrappers to tie the new timeouts into libevent.
2016-05-09 14:04:06 -04:00
John Brooks
e7ff23beea
Make rend_authorized_client_free public
...
This is needed by control.c.
Also, check whether client_name is set before doing memwipe.
2016-05-09 13:53:24 -04:00
John Brooks
896271d525
Use uint8_t for rend descriptor_cookie fields
2016-05-09 13:53:09 -04:00
Karsten Loesing
3c2d4611ce
Update geoip and geoip6 to the May 4 2016 database.
2016-05-09 17:51:15 +02:00
Nick Mathewson
641cdc345c
Merge branch 'maint-0.2.8'
2016-05-05 08:25:27 -04:00
teor (Tim Wilson-Brown)
03fc4cf04c
Refactor router_pick_directory_server_impl to use node functions
...
No behavioural change
This makes the use of the node explicit in the function, rather
than hiding the node lookup in fascist_firewall_allows_rs.
2016-05-05 08:24:17 -04:00
teor (Tim Wilson-Brown)
225448ad34
Comment-only change to clarify routerstatus_t IPv4 byte order
2016-05-05 08:24:17 -04:00
teor (Tim Wilson-Brown)
7ec273bd4a
Rename skip_or and skip_dir to avoid confusion
...
Variable rename only
2016-05-05 08:24:17 -04:00
Nick Mathewson
68d913c49c
Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8
2016-05-05 08:16:36 -04:00
teor (Tim Wilson-Brown)
9aa280cc0c
Only choose directory DirPorts on relays
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
88deb52d55
Make clients only select directories with reachable ORPorts
...
This makes sure clients will only select relays which support
begindir over ORPort.
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
833b5f71a7
Make clients always use begindir for directory requests
...
This improves client anonymity and avoids directory header tampering.
The extra load on the authorities should be offset by the fallback
directories feature.
This also simplifies the fixes to #18809 .
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
2e5b35db81
Make directory node selection more reliable
...
Delete an unnecessary check for non-preferred IP versions.
Allows clients which can't reach any directories of their
preferred IP address version to get directory documents.
Patch on #17840 in 0.2.8.1-alpha.
2016-05-05 11:54:53 +10:00
Nick Mathewson
2da2718609
Merge branch 'maint-0.2.8'
2016-05-04 15:23:38 -04:00
Nick Mathewson
01e7f42a09
Merge branch 'bug18921_squashed' into maint-0.2.8
2016-05-04 15:23:26 -04:00
teor (Tim Wilson-Brown)
0cf90bac2a
Choose the correct address for one-hop connections
...
After #17840 in 0.2.8.1-alpha, we incorrectly chose an IPv4
address for all DIRIND_ONEHOP directory connections,
even if the routerstatus didn't have an IPv4 address.
This likely affected bridge clients with IPv6 bridges.
Resolves #18921 .
2016-05-04 15:23:14 -04:00
Nick Mathewson
2384256a37
Merge branch 'maint-0.2.8'
2016-05-04 15:12:20 -04:00
Nick Mathewson
b8e8910d60
Merge branch 'bug18686_025' into maint-0.2.8
2016-05-04 15:12:11 -04:00
Nick Mathewson
c7b9e0b8ed
Report success when not terminating an already terminated process.
...
Also, document the actual behavior and return values of
tor_terminate_process.
Fixes bug18686; bugfix on 0.2.3.9-alpha.
2016-05-04 15:10:36 -04:00
Nick Mathewson
e24c902272
Merge branch 'maint-0.2.8'
2016-05-04 14:47:13 -04:00
Nick Mathewson
31332a878d
Merge branch 'bug18710_025' into maint-0.2.8
2016-05-04 14:47:04 -04:00
Scott Dial
0ca3f495c6
Fix dnsserv.c assertion when no supported questions are requested.
...
The problem is that "q" is always set on the first iteration even
if the question is not a supported question. This set of "q" is
not necessary, and will be handled after exiting the loop if there
if a supported q->type was found.
[Changes file by nickm]
lease enter the commit message for your changes. Lines starting
2016-05-04 14:45:09 -04:00
Nick Mathewson
230a3d1400
Merge branch 'maint-0.2.8'
2016-05-03 16:12:29 -04:00
Yawning Angel
8f292f1c33
Fix keccak-tiny portability on exotic
platforms.
...
* SHA-3/SHAKE use little endian for certain things, so byteswap as
needed.
* The code was written under the assumption that unaligned access to
quadwords is allowed, which isn't true particularly on non-Intel.
2016-05-03 16:12:07 -04:00
Nick Mathewson
5845c22822
Ed25519 test vectors from draft-irtf-cfrg-eddsa-05
2016-05-03 09:54:26 -04:00
Nick Mathewson
54697fa40b
Add test vector for AES_CTR from NIST SP800-38a sec F.5
2016-05-03 09:40:47 -04:00
Nick Mathewson
44a3248197
Add test vector for Curve25519 from RFC7748
2016-05-03 09:31:34 -04:00
Nick Mathewson
405b637598
tests for some of the simpler functions in crypto.c
2016-05-03 09:21:08 -04:00
Nick Mathewson
d1f2af57df
White-box tests for crypto_rand_*_range(), rand_hostname().
...
Coverage-driven; part of ticket 16794.
2016-05-03 09:21:07 -04:00
Nick Mathewson
8340becd39
Merge branch 'maint-0.2.8'
2016-05-02 14:02:15 -04:00
s0rlxmh0
054d939853
(cherry-picked by nickm, with changes file from isis.)
2016-05-02 14:01:36 -04:00
Nick Mathewson
b2083cba9e
Merge remote-tracking branch 'dgoulet/bug13239_029_01'
2016-05-02 13:55:00 -04:00
Nick Mathewson
b72aa18d73
test_bt.sh: Check stderr for backtrace as well as stdout.
...
addresssanitizer likes to put backtraces on stderr.
2016-05-02 12:58:58 -04:00
teor (Tim Wilson-Brown)
b6ba6afa37
Refactor DirPort & begindir descriptor checks
...
No actual behaviour changes
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
211e56ad87
Remove redundant descriptor checks for OR/Dir reachability
...
The ORPort and DirPort must be reachable, or we won't publish a
descriptor.
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
b51316c0e7
Refactor common code out of reachability checks
...
No actual changes in behavior
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
d3c60f2bd7
Avoid checking ORPort reachability when the network is disabled
...
This is consistent with existing DirPort reachability checks.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
05cf286713
Make mock function static to prevent future clashes
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
75dd2a285b
Descriptors depend on more config options now they list begindir support
...
Bugfix on #12538 in 0.2.8.1-alpha.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
692828bea5
Decide to advertise begindir support like we decide to advertise DirPort
...
Decide to advertise begindir support in a similar way to how
we decide to advertise DirPort.
Fix up the associated descriptor-building unit tests.
Resolves #18616 , bugfix on 0c8e042c30
in #12538 in 0.2.8.1-alpha.
2016-04-28 12:26:38 +10:00
Nick Mathewson
fb9c9e04f0
Merge branch 'maint-0.2.8'
2016-04-26 19:27:39 -04:00
teor (Tim Wilson-Brown)
1fd4340f82
April 2016 fallbacks for 0.2.8-rc
2016-04-26 19:26:22 -04:00
Nick Mathewson
4a44e2d6f1
Merge remote-tracking branch 'yawning-schwanenleid/feature18685'
2016-04-26 13:39:50 -04:00
Nick Mathewson
bff53aabce
Remove redundant declarations of MIN
...
Apparently somewhere along the line we decided that MIN might be
missing.
But we already defined it (if it was missing) in compat.h, which
everybody includes.
Closes ticket 18889.
2016-04-25 15:28:58 -04:00
Nick Mathewson
26db1b65b9
Remove trunnel files from libor/libcrypto, since they are in libtrunnel. Found with modularity tool.
2016-04-20 13:39:07 -04:00
David Goulet
1e553b6c68
Increase number of preemptive internal circuits
...
When we connect to a hidden service as a client we may need three internal
circuits, one for the descriptor retrieval, introduction, and rendezvous.
Let's try to make sure we have them. Closes #13239 .
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-04-19 14:24:20 -04:00
Nick Mathewson
520799f084
Merge branch 'handles_squashed'
2016-04-19 14:08:05 -04:00
Nick Mathewson
e015f7c9cc
Basic 'handle' implementation and tests.
...
This abstraction covers the case where one part of the program needs
to refer to another object that is allowed to disappear.
2016-04-19 14:07:43 -04:00
Nick Mathewson
94e3555187
Merge remote-tracking branch 'public/lcov_excl'
2016-04-19 14:05:51 -04:00
Nick Mathewson
4f37919fa1
Change UseOptimisticData default to 1.
...
This lets us use optimistic data for downloading our initial
consensus.
Closes ticket 18815.
2016-04-18 13:55:23 -04:00
Nick Mathewson
12e26a6e76
Disambiguate: Avoid defining two static functions called chunk_free_unchecked
2016-04-15 12:20:14 -04:00
Nick Mathewson
8c6b528b00
Disambiguate: Avoid defining two static functions both called gettweak()
2016-04-15 12:19:51 -04:00
Nick Mathewson
381dae43b6
Add branch prediction to util_bug.h, and fix a bug.
2016-04-15 09:12:03 -04:00
Nick Mathewson
c77cf8825a
Quick function to find out the timeout object's view of "now"
2016-04-15 09:03:22 -04:00
Nick Mathewson
9d6c530015
Fix compilation of timeout.c with our flags and warnings.
2016-04-15 09:03:22 -04:00
Nick Mathewson
05499b6ded
Add timeouts to libor-event.a
2016-04-15 09:03:22 -04:00
Nick Mathewson
32e80ea3d3
Import timeouts.c directly from William Ahern's git.
...
Imported from here: https://github.com/wahern/timeout
Imported as of upstream e5a9e8bfaa9c631bdc54002181795931b65bdc1a.
All sources unmodified.
2016-04-15 09:03:22 -04:00
Nick Mathewson
0e354ad459
Merge branch 'assert_nonfatal_squashed'
2016-04-14 16:25:21 -04:00
Nick Mathewson
a86ed1d717
Add an IF_BUG_ONCE macro, since that's a pretty common pattern too.
2016-04-14 16:25:07 -04:00
Nick Mathewson
532820b11c
Add a BUG macro for usage in if checks.
2016-04-14 16:25:06 -04:00
Nick Mathewson
a885271c08
Add new tor_assert_nonfatal*() macros.
...
Unlike tor_assert(), these macros don't abort the process. They're
good for checking conditions we want to warn about, but which don't
warrant a full crash.
This commit also changes the default implementation for
tor_fragile_assert() to tor_assert_nonfatal_unreached_once().
Closes ticket 18613.
2016-04-14 16:24:28 -04:00
Roger Dingledine
525307c0ea
fix typos/etc before i go nuts on #18809
2016-04-13 00:06:30 -04:00
Nick Mathewson
0630f1982d
Add LCOV_EXCL* markers to crypto.c and crypto_s2k.c
...
This marks some lines as unreachable by the unit tests, and as
therefore excluded from test coverage.
(Note: This convention is only for lines that are absolutely
unreachable. Don't use it anywhere you wouldn't add a
tor_fragile_assert().)
2016-04-12 21:13:33 -04:00
Roger Dingledine
0aacc07036
encourage rejected relays to contact us
...
When the directory authorities refuse a bad relay's descriptor,
encourage the relay operator to contact us. Many relay operators
won't notice this line in their logs, but it's a win if even a
few learn why we don't like what their relay was doing.
Resolves ticket 18760.
I didn't specify a contact mechanism (e.g. an email address), because
every time we've done that in the past, a few years later we noticed
that the code was pointing people to an obsolete contact address.
2016-04-12 19:54:04 -04:00
Nick Mathewson
eafcd7b0fc
Merge branch 'maint-0.2.8'
2016-04-12 13:02:37 -04:00
Nick Mathewson
7babf33239
Merge remote-tracking branch 'public/bug18716_027' into maint-0.2.8
2016-04-12 13:02:02 -04:00
Nick Mathewson
1a065cea46
Do not link tests against both libor.a and libor-testing.a
...
Also, put libor-testing.a at a better position in the list of
libraries, to avoid linker errors.
This is a fix, or part of a fix, for 18490.
Conflicts:
src/test/include.am
2016-04-12 02:48:46 +00:00
Nick Mathewson
39c057d45a
memarea: Don't assume that sizeof(ulong) >= sizeof(void*).
...
Fixes bug 18716; bugfix on 0.2.1.1-alpha where memarea.c was
introduced. Found by wbenny.
2016-04-07 11:10:14 -04:00
Nick Mathewson
591029253f
Merge branch 'bug14334_squashed'
2016-04-07 10:59:55 -04:00
George Kadianakis
d5acb633ae
Don't mark guards as unreachable if connection_connect() fails.
2016-04-07 10:59:46 -04:00
David Goulet
40827da3bf
Turn TestingClientBootstrap* into non-testing options
...
This changes simply renames them by removing "Testing" in front of them and
they do not require TestingTorNetwork to be enabled anymore.
Fixes #18481
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-04-07 10:57:59 -04:00
Nick Mathewson
7532cd439b
When we get a bad nickname, explain what a good one is.
...
Closes #18300 ; patch from "icanhasaccount".
2016-04-07 10:54:53 -04:00
Nick Mathewson
e703484722
Merge branch 'maint-0.2.8'
2016-04-07 10:46:15 -04:00
Nick Mathewson
d8a056daed
Merge branch 'maint-0.2.7' into maint-0.2.8
2016-04-07 10:46:07 -04:00
Nick Mathewson
ad4ff7a5b9
Merge branch 'maint-0.2.6' into maint-0.2.7
2016-04-07 10:45:46 -04:00
Nick Mathewson
2ce99b9f48
Merge branch 'maint-0.2.5' into maint-0.2.6
2016-04-07 10:45:38 -04:00
Nick Mathewson
34a51d1621
Merge branch 'maint-0.2.4' into maint-0.2.5
2016-04-07 10:45:32 -04:00
Karsten Loesing
97c6e717b9
Update geoip and geoip6 to the April 5 2016 database.
2016-04-07 11:10:09 +02:00
Nick Mathewson
d5b3679392
Merge branch 'maint-0.2.8'
2016-04-05 23:56:21 -04:00
Nick Mathewson
d7a0382ba3
Don't call the system toupper or tolower.
...
Yes, we could cast to unsigned char first, but it's probably safest
to just use our own (in test_util), or remove bad-idea features that
we don't use (in readpassphrase.c).
Fixes 18728.
2016-04-05 23:22:28 -04:00
Nick Mathewson
20d39e86af
Merge branch 'maint-0.2.8'
2016-04-05 23:18:48 -04:00
Roger Dingledine
d037369e56
quiet debug logs from periodic_event_dispatch()
...
Stop blasting twelve lines per second from periodic_event_dispatch()
at loglevel debug.
Resolves ticket 18729; fix on 0.2.8.1-alpha.
2016-04-05 23:13:55 -04:00
Nick Mathewson
b46d126e64
Merge branch 'maint-0.2.8'
2016-04-05 10:38:53 -04:00
Nick Mathewson
967491f156
Only define NEW_THREAD_API when not building with LibreSSL.
2016-04-05 10:38:15 -04:00
Nick Mathewson
16f7851807
Merge remote-tracking branch 'teor/bug18720'
2016-04-05 10:08:11 -04:00
Nick Mathewson
6720628c97
Merge branch 'maint-0.2.8'
2016-04-05 10:06:18 -04:00
Yawning Angel
5db21f8f81
OpenSSL 1.1.0-pre5-dev and later made BIO opaque.
...
Detect newer versions and fix our TLS code to use the new API.
2016-04-05 10:03:24 -04:00
Yawning Angel
6729d7328c
OpenSSL 1.1.0-pre4 and later(?) have a new "thread API".
...
It appears that setting the various callbacks is no longer required, so
don't.
2016-04-05 10:03:24 -04:00
teor (Tim Wilson-Brown)
6a2b4db4f9
Fix a comment typo in compat.h
2016-04-05 13:45:37 +10:00
teor (Tim Wilson-Brown)
5d2b1c784b
Clarify comments on connection_t's address fields
2016-04-05 13:45:09 +10:00
Nick Mathewson
7865402106
Move tor_assert implementation into its own header/module.
2016-04-04 11:06:04 -04:00
Nick Mathewson
705d3b221e
Merge branch 'incoming_queue_symbol_fix'
2016-04-01 14:16:49 -04:00
Nick Mathewson
4b3e6c4d43
Merge branch 'maint-0.2.8'
2016-04-01 08:18:03 -04:00
Nick Mathewson
fdb57db581
Merge branch 'bug18133_027' into maint-0.2.8
2016-04-01 08:17:56 -04:00
Nick Mathewson
4093f343ca
fix indentation
2016-04-01 08:16:21 -04:00
Nick Mathewson
9e57ffa520
Merge branch 'maint-0.2.8'
2016-04-01 08:15:05 -04:00
Nick Mathewson
e247093e0e
Merge remote-tracking branch 'karsten/task-18460-2' into maint-0.2.8
2016-04-01 08:10:58 -04:00
Yawning Angel
a19f4192da
Issue a STATUS_SERVER
event on meaningful hibernation state changes.
...
Implements feature #18685 .
2016-03-30 20:19:11 +00:00
Andrea Shepard
183d465f0e
Merge branch 'bug15221_027' into maint-0.2.7
2016-03-30 12:23:42 +00:00
Nick Mathewson
beba70ec77
Don't declare "incoming_queue" in every file including channel.h
...
Found with my wacky symbol-usage-enforcer.
2016-03-29 13:55:14 -04:00
Andrea Shepard
0b45cab147
Merge branch 'bug18570_027' into maint-0.2.7
2016-03-29 15:01:36 +00:00
Roger Dingledine
1103d82492
fix typo in comment
2016-03-29 10:56:26 -04:00
Andrea Shepard
1218d731d1
Merge branch 'bug16248_027' into maint-0.2.7
2016-03-29 14:33:45 +00:00
Nick Mathewson
4e76b206b5
Merge remote-tracking branch 'arma/feature18624'
2016-03-29 08:06:21 -04:00
Nick Mathewson
90c24c0ced
Merge branch 'maint-0.2.8'
2016-03-28 20:09:22 -04:00
Nick Mathewson
ba87f5bb25
Fix my dumb unreleased bug in 18673
2016-03-28 20:09:09 -04:00
Nick Mathewson
055a7a198a
Rename tor_dup_addr to tor_addr_to_str_dup.
...
Patch from icanhasaccount; closes 18462.
2016-03-28 16:36:51 -04:00
Nick Mathewson
3220bd816b
Merge branch 'maint-0.2.8'
2016-03-28 16:14:21 -04:00
Nick Mathewson
447b1c6b1d
Begin an 0.2.9 branch
2016-03-28 15:54:59 -04:00
Nick Mathewson
a3f36bfd81
and NOW the version is 0.2.8.2-alpha-dev
2016-03-28 15:53:17 -04:00
Nick Mathewson
5b12642d09
Bump version correctly this time
2016-03-28 11:22:20 -04:00
Nick Mathewson
addd181721
Fix memory leak in TestingEnableCellStatsEvent
...
Only when we were actually flushing the cell stats to a controller
would we free them. Thus, they could stay in RAM even after the
circuit was freed (eg if we didn't have any controllers).
Fixes bug 18673; bugfix on 0.2.5.1-alpha.
2016-03-28 11:12:15 -04:00
Nick Mathewson
68e663f777
Fix memory leaks that stopped chutney working with asan
2016-03-28 10:24:28 -04:00
Nick Mathewson
1d315b28a2
Fix a memory leak in tor-gencert.
...
This way I can run chutney under asan.
Fixes part of 18672.
2016-03-28 10:21:41 -04:00
Nick Mathewson
fc877b3c9e
Bump the version number
2016-03-28 09:32:14 -04:00
Nick Mathewson
32e8886314
One more test that didnt pass on windows. See #18665 .
2016-03-28 08:57:29 -04:00
Nick Mathewson
9604a5ba91
Fix memory-counting error in rephist.c. Bug 18651. (Now with actual patch)
2016-03-28 07:40:20 -04:00
Nick Mathewson
4895d8288c
Do not treat "DOCDOC" as doxygen.
2016-03-26 10:11:45 -04:00
Nick Mathewson
cc90b57b04
add a little documentation to memarea. (I have been testing a tool.)
2016-03-26 10:09:19 -04:00
Nick Mathewson
c0568a89d9
Whitespace fixes
2016-03-26 09:54:31 -04:00
Nick Mathewson
dd572dac34
Fix all doxygen warnings (other than missing docs)
2016-03-26 09:53:12 -04:00
Nick Mathewson
c81b1358e7
Merge branch 'bug18649_squashed'
2016-03-26 08:17:19 -04:00
teor (Tim Wilson-Brown)
6057fb2f5b
Clarify excess consensus connection cleanup by adding comments
...
Comment-only change
2016-03-26 08:16:33 -04:00
Nick Mathewson
24c0c5ef19
Disable failing broken time format case for windows.
2016-03-25 22:00:20 -04:00
Nick Mathewson
8d16c2f30e
Merge remote-tracking branch 'arma/bug18625'
2016-03-25 17:19:59 -04:00
Nick Mathewson
4bb44f2c15
Only check in-boundsness of seconds when time_t is smaller than i64
...
Otherwise coverity complains that we're checking an whether an int64 is
less than INT64_MIN, which of course it isn't.
Fixes CID 1357176. Not in any released Tor.
2016-03-25 16:46:02 -04:00
Karsten Loesing
b79d8590c9
Include IPv6 consensus downloads in dirreq stats.
...
Fixes #18460 .
2016-03-25 20:56:29 +01:00
Roger Dingledine
8251fe5150
use a clearer argument for connection_ap_make_link()
...
that function calls it argument "want_onehop", so it makes more
sense to pass that boolean into it.
2016-03-24 19:57:39 -04:00
Roger Dingledine
98abd49f6f
remove the extraneous dir_port variable
...
we already are using "port" to describe the place we're going to
ask to connect to.
2016-03-24 19:14:32 -04:00
Roger Dingledine
fbd79f38c2
remove a redundant check about whether dirport is 0
2016-03-24 19:14:31 -04:00
Roger Dingledine
f590a303db
revert the or_connection and dir_connection flags
...
They incorrectly summarized what the function was planning to do,
leading to wrong behavior like making an http request to an orport,
or making a begindir request to a dirport.
This change backs out some of the changes made in commit e72cbf7a
, and
most of the changes made in commit ba6509e9
.
This patch resolves bug 18625. There more changes I want to make
after this one, for code clarity.
2016-03-24 19:14:21 -04:00
Nick Mathewson
d5f50cb052
Merge remote-tracking branch 'dgoulet/bug18623_028_01'
2016-03-24 15:03:50 -04:00
Roger Dingledine
c4208ef65f
dir auths only give Guard if they're giving Stable
...
This change allows us to simplify path selection for clients, and it
should have minimal effect in practice since >99% of Guards already have
the Stable flag. Implements ticket 18624.
2016-03-24 15:00:01 -04:00
David Goulet
ba6509e9e1
Fix broken directory request to the DirPort
...
Commit e72cbf7a4
introduced a change to directory_initiate_command_rend()
that made tor use the ORPort when making a directory request to the DirPort.
The primary consequence was that a relay couldn't selftest its DirPort thus
failing to work and join the network properly.
The main issue was we were always considering an anonymized connection to be
an OR connection which is not true.
Fixes #18623
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-03-24 13:57:53 -04:00
Nick Mathewson
4f86d75a4b
try to fix a test failure for sizeof(time_t)==4.
2016-03-24 12:26:46 -04:00
Nick Mathewson
6256c61d95
Merge branch 'timegm_overflow_squashed'
2016-03-24 10:18:00 -04:00
teor (Tim Wilson-Brown)
19fb86a2dc
Add a missing UL on a long in a unit test
2016-03-24 10:17:48 -04:00
teor (Tim Wilson-Brown)
b99bd3e7ff
Add unit tests with dates from 2035 to 2039
...
Platforms with 32-bit time_t sometimes give different results.
They don't always indicate failure on overflow, #18480 should
fix these.
2016-03-24 10:17:48 -04:00
teor (Tim Wilson-Brown)
e71e8e005a
Avoid overflow in tor_timegm on 32 bit platforms due to year 2038
2016-03-24 10:17:48 -04:00
Nick Mathewson
424af93ded
Merge branch 'bug18517_squashed'
2016-03-24 10:14:05 -04:00
teor (Tim Wilson-Brown)
f2153f9716
Always allow OR connections to bridges on private addresses
...
Regardless of the setting of ExtendAllowPrivateAddresses.
This fixes a bug with pluggable transports that ignore the
(potentially private) address in their bridge line.
Fixes bug 18517; bugfix on 23b088907f
in tor-0.2.8.1-alpha.
2016-03-24 10:13:58 -04:00
Nick Mathewson
54559e5845
Merge remote-tracking branch 'teor/bug18351'
2016-03-24 09:33:58 -04:00
Nick Mathewson
ea9472d085
Merge remote-tracking branch 'teor/bug18489'
2016-03-24 09:01:28 -04:00
teor (Tim Wilson-Brown)
b1569e39c8
Check if fallbacks support extrainfo descriptors before requesting them
...
When requesting extrainfo descriptors from a trusted directory
server, check whether it is an authority or a fallback directory
which supports extrainfo descriptors.
Fixes bug 18489; bugfix on 90f6071d8d
in tor-0.2.4.7-alpha.
Reported by "atagar", patch by "teor".
2016-03-24 22:03:58 +11:00
teor (Tim Wilson-Brown)
eb5a262a15
Code indentation whitespace-only fix
2016-03-24 21:56:37 +11:00