nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-22 22:14:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,254 Commits 53 Branches 629 Tags 108 MiB
b353cd7e50
Commit Graph

381 Commits

Author SHA1 Message Date
Nick Mathewson
361260ff8f Resolve some markup complaints from doxygen 2012-06-04 19:56:33 -04:00
Nick Mathewson
329e1c65d3 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-06-04 11:36:33 -04:00
Nick Mathewson
841a8d551a Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 support 
It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it
decides to renegotiate, the client will send a record with version "1.0"
rather than with the current TLS version.  This would cause the
connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor
handshake was in use.

As a workaround, disable TLS 1.1 and TLS 1.2.  When a later version of
OpenSSL is released, we can make this conditional on running a fixed
version of OpenSSL.

Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client
side.  But doing it this way for now means that we not only fix TLS with
patched clients; we also fix TLS when the server has this patch and the
client does not.  That could be important to keep the network running
well.

Fixes bug 6033.
 2012-06-02 20:09:05 -04:00
Nick Mathewson
21e3261914 Bump _WIN32_WINNT to 0x0501 throughout the code 
This tells the windows headers to give us definitions that didn't
exist before XP -- like the ones that we need for IPv6 support.

See bug #5861.  We didn't run into this issue with mingw, since
mingw doesn't respect _WIN32_WINNT as well as it should for some of
its definitions.
 2012-05-14 13:46:37 -04:00
Nick Mathewson
9ffccb3f49 Remove all instances of WIN32_WINNT (without leading _) 
We started adding it in 59e2c77824 back in 2004, 8 years and 3
days ago.  It's time to deprogram ourselves from this cargo cult.
 2012-05-14 13:36:52 -04:00
Nick Mathewson
62f8e3926d Merge remote-tracking branch 'public/bug4591' 2012-05-10 15:55:12 -04:00
Nick Mathewson
f0212197cc Only disable cert chaining on the first TLS handshake 
If the client uses a v2 cipherlist on the renegotiation handshake,
it looks as if they could fail to get a good cert chain from the
server, since they server would re-disable certificate chaining.

This patch makes it so the code that make the server side of the
first v2 handshake special can get called only once.

Fix for 4591; bugfix on 0.2.0.20-rc.
 2012-04-27 12:13:56 -04:00
Nick Mathewson
8855b2a90c Merge remote-tracking branch 'origin/maint-0.2.2' 
Conflicts:
	src/common/tortls.c

Conflict on comment near use of the new OPENSSL_V macro
 2012-02-10 10:56:37 -05:00
Nick Mathewson
2da0efb547 Use correct CVE number for CVE-2011-4576. Found by fermenthor. bug 5066 2012-02-10 10:55:39 -05:00
Nick Mathewson
5cf9167f91 Use the standard _WIN32, not the Torism MS_WINDOWS or deprecated WIN32 
This commit is completely mechanical; I used this perl script to make it:

 #!/usr/bin/perl -w -i.bak -p

 if (/^\s*\#/) {
     s/MS_WINDOWS/_WIN32/g;
     s/\bWIN32\b/_WIN32/g;
 }
 2012-01-31 15:48:47 -05:00
Nick Mathewson
26e789fbfd Rename nonconformant identifiers. 
Fixes bug 4893.

These changes are pure mechanical, and were generated with this
perl script:

  /usr/bin/perl -w -i.bak -p

  s/crypto_pk_env_t/crypto_pk_t/g;
  s/crypto_dh_env_t/crypto_dh_t/g;
  s/crypto_cipher_env_t/crypto_cipher_t/g;
  s/crypto_digest_env_t/crypto_digest_t/g;

  s/aes_free_cipher/aes_cipher_free/g;
  s/crypto_free_cipher_env/crypto_cipher_free/g;
  s/crypto_free_digest_env/crypto_digest_free/g;
  s/crypto_free_pk_env/crypto_pk_free/g;

  s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
  s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
  s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
  s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;

  s/crypto_new_cipher_env/crypto_cipher_new/g;
  s/crypto_new_digest_env/crypto_digest_new/g;
  s/crypto_new_digest256_env/crypto_digest256_new/g;
  s/crypto_new_pk_env/crypto_pk_new/g;

  s/crypto_create_crypto_env/crypto_cipher_new/g;

  s/connection_create_listener/connection_listener_new/g;
  s/smartlist_create/smartlist_new/g;
  s/transport_create/transport_new/g;
 2012-01-18 15:53:30 -05:00
Nick Mathewson
411cf8f714 Make openssl 0.9.8l log message accurate 
fixes 4837
 2012-01-11 15:41:46 -05:00
Nick Mathewson
f371816209 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-11 11:07:37 -05:00
Nick Mathewson
0126150c2d Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2012-01-11 11:07:13 -05:00
Nick Mathewson
8d5c0e58ea Fix a compilation warning for our bug4822 fix on 64-bit linux 2012-01-11 11:06:31 -05:00
Nick Mathewson
85c7d7659e Add macros to construct openssl version numbers 
It's a pain to convert 0x0090813f to and from 0.9.8s-release on the
fly, so these macros should help.
 2012-01-10 10:40:30 -05:00
Nick Mathewson
1e5d66997b Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-09 16:40:42 -05:00
Nick Mathewson
c78a314e95 Fix comment about TLSv1_method() per comments by wanoskarnet 2012-01-09 16:40:21 -05:00
Roger Dingledine
ecdea4eeaf Merge branch 'maint-0.2.2' 2012-01-08 12:17:16 -05:00
Roger Dingledine
1416dd47a9 add a note from wanoskarnet 
he disagrees about what the code that we decided not to use would do
 2012-01-08 09:03:03 -05:00
Emile Snyder
d7eaa4b396 Change to use SSL_state_string_long() instead of homebrew ssl_state_to_string() function. 2012-01-06 05:31:34 -08:00
Nick Mathewson
ef69f2f2ab Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-05 14:17:44 -05:00
Nick Mathewson
ccd8289958 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2012-01-05 14:16:30 -05:00
Robert Ransom
4752b34879 Log at info level when disabling SSLv3 2012-01-05 12:28:56 -05:00
Nick Mathewson
db78fe4589 Disable SSLv3 when using a not-up-to-date openssl 
This is to address bug 4822, and CVE-2011-4576.
 2012-01-05 12:28:55 -05:00
Roger Dingledine
ff03347579 note some dead code. if i'm right, should this be removed? 2012-01-05 05:37:06 -05:00
Nick Mathewson
71ecfaa52f indent; add comment 
This re-applies 40a87c4c08 which got
accidentally reverted in 75134c6c86.
Thanks asn for spotting this.
 2011-12-08 08:45:24 +01:00
Nick Mathewson
0ebcf345ce Revert "Refactor the SSL_set_info_callback() callbacks." 
This reverts commit 69a821ea1c.
 2011-12-06 19:49:21 -05:00
Nick Mathewson
9727d21f68 Revert "Detect renegotiation when it actually happens." 
This reverts commit 4fd79f9def.
 2011-12-06 19:49:21 -05:00
Nick Mathewson
e09dd43ab3 Revert "Detect and deny excess renegotiations attempts." 
This reverts commit ecd239e3b5.
 2011-12-06 19:49:21 -05:00
Nick Mathewson
021ff31ba6 Revert "Get rid of tor_tls_block_renegotiation()." 
This reverts commit 340809dd22.
 2011-12-06 19:49:21 -05:00
Nick Mathewson
fa74af0cfa Revert "Also handle needless renegotiations in SSL_write()." 
This reverts commit e2b3527106.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
45c46129ed Revert "Fix issues pointed out by nickm." 
This reverts commit e097bffaed.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
616b60cef3 Revert "Use callback-driven approach to block renegotiations." 
This reverts commit 406ae1ba5a.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
df1f72329a Revert "Refactor tor_event_base_once to do what we actually want" 
This reverts commit 7920ea55b8.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
17880e4c0a Revert "Fix some wide lines in tortls.c" 
This reverts commit e8dde3aabd.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
acc1806eb8 Revert "Don't schedule excess_renegotiations_callback unless it's set" 
This reverts commit 617617e21a.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
75134c6c86 Revert "indent; add comment" 
This reverts commit 40a87c4c08.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
135a5102a3 Revert "Make pending libevent actions cancelable" 
This reverts commit aba25a6939.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
50fd99d7ef Revert "Set renegotiation callbacks immediately on tls inititation" 
This reverts commit e27a26d568.
 2011-12-06 19:49:19 -05:00
Nick Mathewson
8bb23c7def Merge branch 'bug4587_v2' 2011-11-29 19:15:40 -05:00
Nick Mathewson
e27a26d568 Set renegotiation callbacks immediately on tls inititation 
This way, we can't miss a renegotiation attempt in a v2 handshake,
or miss excess renegotiation attempts.  Partial fix for bug 4587.
 2011-11-29 19:10:19 -05:00
Nick Mathewson
aba25a6939 Make pending libevent actions cancelable 
This avoids a dangling pointer issue in the 3412 code, and should
fix bug 4599.
 2011-11-29 17:08:29 -05:00
Nick Mathewson
40a87c4c08 indent; add comment 2011-11-27 09:24:41 -05:00
Nick Mathewson
e665ec6409 Merge remote-tracking branch 'asn/bug4584' 2011-11-27 09:18:55 -05:00
Nick Mathewson
617617e21a Don't schedule excess_renegotiations_callback unless it's set 
Partial fix for bug 4587; reported by "frosty_un".
 2011-11-27 08:21:59 -05:00
George Kadianakis
b42ff6545a Use random bytes as our certificate serial numbers. 
Instead of using time(NULL) in our certificate serial numbers, use
eight random bytes as suggested in proposal 179.
 2011-11-27 08:20:17 +01:00
Nick Mathewson
e8dde3aabd Fix some wide lines in tortls.c 2011-11-25 17:22:46 -05:00
Nick Mathewson
7920ea55b8 Refactor tor_event_base_once to do what we actually want 
This version avoids the timeout system entirely, gives a nicer
interface, and lets us manage allocation explicitly.
 2011-11-25 17:18:54 -05:00
Nick Mathewson
e5f2f10844 Merge remote-tracking branch 'asn/bug4312' 2011-11-25 17:00:47 -05:00