Commit Graph

20788 Commits

Author SHA1 Message Date
Sebastian Hahn
acdd349dee rename {,TOR_}RUST_DEPENDENCIES 2017-11-01 13:45:15 -04:00
Nick Mathewson
cd606d5ad3 Merge remote-tracking branch 'public/owning_control_fd' 2017-11-01 13:28:31 -04:00
Nick Mathewson
ef25f957e7 Merge branch 'tor_api_squashed' 2017-11-01 13:22:16 -04:00
Nick Mathewson
221f5238ae tor_runner.c: Add a circumlocution and a caveat. 2017-11-01 13:22:09 -04:00
Nick Mathewson
8c49194505 Add more usage notes on tor_api.h 2017-11-01 13:22:09 -04:00
Nick Mathewson
8b313bd4ad Explain purpose, usage, and status of tor_runner.c 2017-11-01 13:22:09 -04:00
Nick Mathewson
e8682c8594 Add a small library to emulate tor_run_main() with exec() 2017-11-01 13:22:09 -04:00
Nick Mathewson
fa02ea102e Add a public tor_api.h with an implementation in tor_api.c
The main effect of this change is to commit to an extensible
long-term API.

Closes ticket 23684.
2017-11-01 13:22:09 -04:00
David Goulet
198ede5314 test: Fix SR initialization in routerlist test
Fixes #24053

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-01 11:39:52 -04:00
Roger Dingledine
9635843342 trivial comment fixes
done while i was trying to debug nearby code
2017-10-31 23:09:00 -04:00
David Goulet
bd631a649b test: Fix voting schedule for hs_service.c
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:49:31 -04:00
David Goulet
814f4c6967 test: Fix voting schedule for hs_common.c
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:49:19 -04:00
David Goulet
19d32fd0d6 test: Fix voting schedule for shared random
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:48:50 -04:00
Nick Mathewson
43cbcd3896 Merge branch 'maint-0.3.2' 2017-10-31 14:31:55 -04:00
Nick Mathewson
0627512368 Merge branch 'bug24082_032' into maint-0.3.2 2017-10-31 14:31:21 -04:00
Nick Mathewson
f9aed40156 Merge branch 'maint-0.3.2' 2017-10-31 14:18:52 -04:00
Nick Mathewson
c3ea1ccf04 double newline 2017-10-31 14:18:48 -04:00
David Goulet
33da5d7672 test: Initialize the voting schedule in test_dir.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:07:41 -04:00
Nick Mathewson
2b6f246652 Merge branch 'maint-0.3.2' 2017-10-31 14:04:34 -04:00
Nick Mathewson
8dffc46748 Merge branch 'hsdescv3_fuzz_more' into maint-0.3.2 2017-10-31 14:04:31 -04:00
Nick Mathewson
b76a161e01 Merge branch 'fix-torrcd-sandbox-22605v2' 2017-10-31 13:58:33 -04:00
Nick Mathewson
00e781142b Don't give "exitrelay may become 0 when no policy" warning on ReducedExitPolicy 2017-10-31 13:25:41 -04:00
Nick Mathewson
6e2f8de62d Fix: when BridgeRelay is set, you do not get any exit policy. 2017-10-31 13:25:41 -04:00
Neel Chauhan
b70e11ef6b Add code for letting user select Reduced Exit Policy 2017-10-31 13:25:41 -04:00
Nick Mathewson
4700ba6c3d Merge branch 'maint-0.3.2' 2017-10-31 12:19:42 -04:00
Nick Mathewson
3d93ec3ef4 Merge branch 'bug23762_032_02_squashed' into maint-0.3.2 2017-10-31 12:14:21 -04:00
David Goulet
5dbcd48f0e hs-v3: Attempt descriptor refetch when dirinfo changes
When the directory information changes, callback to the HS client subsystem so
it can check if any pending SOCKS connections are waiting for a descriptor. If
yes, attempt a refetch for those.

Fixes #23762

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 12:14:11 -04:00
Nick Mathewson
c9ad172dd4 Merge branch 'bug23571_033_squashed' 2017-10-31 11:59:18 -04:00
teor
e9f57e193d Consistently use braced blocks in hibernate_go_dormant() 2017-10-31 11:58:34 -04:00
teor
e57604183c When hibernating, close connections normally and allow them to flush
Bugfix on 7267 in 0.2.4.7-alpha
2017-10-31 11:58:34 -04:00
Nick Mathewson
5a21b27083 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-31 11:43:14 -04:00
Nick Mathewson
f2e23d38ab Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-31 11:43:14 -04:00
Nick Mathewson
7c59c751b0 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-31 11:43:14 -04:00
Nick Mathewson
cf98ca715c Merge branch 'maint-0.3.2' 2017-10-31 11:43:14 -04:00
Nick Mathewson
04d4786cc4 Merge remote-tracking branch 'public/bug23693_029' into maint-0.2.9 2017-10-31 11:43:07 -04:00
David Goulet
ce99ebf25d Make tor recalculate voting schedule even if not a dirauth
Because the HS subsystem needs the voting schedule to compute time period, we
need all tor type to do that.

Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 09:55:24 -04:00
Nick Mathewson
5dce134fbb Initialize the mock options in the fuzzing code
Fixes bug 24082; bugfix on 0.3.0.3-alpha.  Found by Brian Carpenter.
2017-10-30 17:05:26 -04:00
Nick Mathewson
332d6bf901 Merge branch 'maint-0.3.2' 2017-10-30 11:07:44 -04:00
Nick Mathewson
5bee5fbac7 Merge remote-tracking branch 'public/bug23774_032' into maint-0.3.2 2017-10-30 11:07:26 -04:00
Nick Mathewson
7515eefb70 remove errant ; 2017-10-27 17:58:50 -04:00
Nick Mathewson
26e0909e51 In the hsdescv3 fuzzer, replace the decryption function.
The new decryption function performs no decryption, skips the salt,
and doesn't check the mac.  This allows us to fuzz the
hs_descriptor.c code using unencrypted descriptor test, and exercise
more of the code.

Related to 21509.
2017-10-27 14:28:02 -04:00
Nick Mathewson
5e52beceb0 Only prototype rust_welcome_string() when it exists. 2017-10-27 13:03:24 -04:00
Nick Mathewson
69502942b0 [rust] Avoid a clone in contract_protocol_list() 2017-10-27 13:02:14 -04:00
Nick Mathewson
12f58b42a8 Allow test_rust.sh to run from outside the makefile
(This is just a matter of making sure that we handle the case where
abs_top_builddir is not set)
2017-10-27 12:54:52 -04:00
Nick Mathewson
6e08807b54 Add a build-rust alias to just rebuild the rust code. 2017-10-27 12:52:07 -04:00
Nick Mathewson
1e66ab363a [rust] Add "unsafe" to the testing-mode tor_malloc_ wrapper.
This change lets us remove the allow(unused_unsafe) directive
from allocate_and_copy_string().
2017-10-27 12:49:51 -04:00
Nick Mathewson
3a364529a4 Make distcleancheck pass with --enable-rust 2017-10-27 12:35:13 -04:00
Nick Mathewson
d5eea977be bump to 0.3.2.3-alpha-dev. 2017-10-27 12:33:13 -04:00
Nick Mathewson
2153814ba8 Include rust files in 'make dist' 2017-10-27 12:19:31 -04:00
Nick Mathewson
7f764bcba8 repair "make distcheck" 2017-10-27 11:59:15 -04:00
Nick Mathewson
f803c1bb17 declare shutdown_did_not_work_callback() with ATTR_NORETURN 2017-10-27 11:51:42 -04:00
Nick Mathewson
79e7c0af0e Add a comment about removing the failsafe event loop exit code 2017-10-27 11:15:43 -04:00
Nick Mathewson
0a10335d2e Clarify doc on tell_event_loop_to_run_external_code() 2017-10-27 11:14:37 -04:00
Nick Mathewson
30a681553f Merge remote-tracking branch 'public/exit_carefully' 2017-10-27 11:13:05 -04:00
Nick Mathewson
fa78546dbc Make sure all C files have copyright/license notices 2017-10-27 10:59:36 -04:00
Nick Mathewson
f5e9e2748f Merge branch 'protover-rust-impl_squashed' 2017-10-27 10:05:30 -04:00
Nick Mathewson
2ca8fcb892 Add missing copyright/license statements on all .rs files
(Yes, I have Chelsea's permission.)
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
6be75bd61d cargo fmt; fix line length warnings 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
90daad999e remove experimental rust features
allow unsafe on function that calls C
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
7999d0bf6b update tor_allocate and add tests 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
7d126b9db9 remove unused include.am for rust modules 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
cd2a036959 refactor smartlist for readability
limit scoping of unsafe, and other cleanup
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
91bca5c31b move to allocating c strings from rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
76bbdfbfa9 add tor allocator for rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
d14a83f74f remove unneeded dependencies, remove types where unnecessary 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
0c4d535972 refactor build infrastructure for single rust binary 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
be583a34a3 use tor allocator for string allocation in rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
0c04b54d4d minimize scope for unsafe
update documentation

missing check for null
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
d1820c1516 rust implementation of protover 2017-10-27 10:02:08 -04:00
David Goulet
7ee0a2b9aa sr: Don't use a dynamic voting schedule
The exposed get_voting_schedule() allocates and return a new object everytime
it is called leading to an awful lot of memory allocation when getting the
start time of the current round which is done for each node in the consensus.

Closes #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-27 09:23:37 -04:00
David Goulet
60164f057c dirvote: Move code. No behavior change
Needed for next commit to address #23623.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-27 09:23:18 -04:00
Nick Mathewson
fb88527195 update to 0.3.2.3-alpha 2017-10-27 08:59:07 -04:00
Nick Mathewson
a0f8c01004 Merge branch 'maint-0.3.2' 2017-10-27 08:05:04 -04:00
David Goulet
e598c6f6de hs-v3: Check the ed25519 key when picking intro point
If the intro point supports ed25519 link authentication, make sure we don't
have a zeroed key which would lead to a failure to extend to it.

We already check for an empty key if the intro point does not support it so
this makes the check on the key more consistent and symmetric.

Fixes #24002

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-26 14:54:20 -04:00
Nick Mathewson
4af1653e0f Merge branch 'maint-0.3.2' 2017-10-26 10:43:05 -04:00
David Goulet
c4ef21ff5e fuzzing: Make hsdescv3 use the decoding API correctly
Fixes #21509

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-26 09:52:15 -04:00
David Goulet
4d2de821ce Revert "Temporarily disable compilation of the v3 hs fuzzing code"
This reverts commit 5ef656e7d1.
2017-10-26 09:41:47 -04:00
George Kadianakis
42a47c0e7d Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-10-26 13:36:04 +03:00
George Kadianakis
cbc70437a7 Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-10-26 13:36:04 +03:00
teor
b4aa8fc3d9
Remove buggy IPv6 support from pick_intro_point() and service_intro_point_new()
The previous version of these functions had the following issues:
* they can't supply both the IPv4 and IPv6 addresses in link specifiers,
* they try to fall back to a 3-hop path when the address for a direct
  connection is unreachable, but this isn't supported by
  launch_rendezvous_point_circuit(), so it fails.
But we can't fix these things in a bugfix release.

Instead, always put IPv4 addresses in link specifiers.
And if a v3 single onion service can't reach any intro points, fail.

This supports v3 hidden services on IPv4, dual-stack, and IPv6, and
v3 single onion services on IPv4 only.

Part of 23820, bugfix on 0.3.2.1-alpha.
2017-10-26 17:02:46 +11:00
teor
20b0e9e07d
Remove buggy IPv6 support from hs_get_extend_info_from_lspecs()
The previous version of this function has the following issues:
* it doesn't choose between IPv4 and IPv6 addresses correctly, and
* it doesn't fall back to a 3-hop path when the address for a direct
  connection is unreachable.
But we can't fix these things in a bugfix release.

Instead, treat IPv6 addresses like any other unrecognised link specifier
and ignore them. If there is no IPv4 address, return NULL.

This supports v3 hidden services on IPv4, dual-stack, and IPv6, and
v3 single onion services on IPv4 only.

Part of 23820, bugfix on 0.3.2.1-alpha.
2017-10-26 14:38:06 +11:00
George Kadianakis
1a6814c096 Fix offending unittest and add changes file for #23862. 2017-10-25 20:22:52 +03:00
George Kadianakis
dfd3ed5bdc Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-10-25 20:22:52 +03:00
George Kadianakis
10c5eae3fa Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-10-25 20:22:52 +03:00
George Kadianakis
8c8d3b90f7 Add a unittest that reveals the offending case of #23862. 2017-10-25 20:22:52 +03:00
Nick Mathewson
c7a1a987d6 Merge branch 'maint-0.3.2' 2017-10-25 12:25:41 -04:00
David Goulet
9592797cf3 hs-v2: Copy needed information between service on prunning
Turns out that when reloading a tor configured with hidden service(s), we
weren't copying all the needed information between the old service object to
the new one.

For instance, the desc_is_dirty timestamp wasn't which could lead to the
service uploading its desriptor much later than it would need to.

The replaycache wasn't also moved over and some intro point information as
well.

Fixes #23790

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-25 11:21:28 -04:00
Nick Mathewson
f68c1b1406 bump to 0.3.1.8-dev 2017-10-25 09:28:05 -04:00
Nick Mathewson
4edbbee2fd bump to 0.3.0.12-dev 2017-10-25 09:27:50 -04:00
Nick Mathewson
46091a88ca bump to 0.2.9.13-dev 2017-10-25 09:27:23 -04:00
Nick Mathewson
9969b0dfda bump to 0.2.8.16-dev 2017-10-25 09:27:07 -04:00
Nick Mathewson
82f8b27ff5 bump to 0.2.5.15-dev 2017-10-25 09:26:53 -04:00
Nick Mathewson
e5c341eb7c Merge branch 'maint-0.3.2' 2017-10-24 19:43:13 -04:00
Nick Mathewson
3498183807 Turn a comment into a doxygen comment.
Crediting this * to teor, in penance for mis-crediting his x removal
to Isis.  The balance is restored.
2017-10-24 19:42:18 -04:00
Nick Mathewson
e7126a1030 Merge remote-tracking branch 'catalyst-oniongit/bug20532_031' into maint-0.3.2 2017-10-24 19:41:26 -04:00
Nick Mathewson
8d908b961f Merge branch 'maint-0.3.2' 2017-10-24 19:37:11 -04:00
Nick Mathewson
8cc57bccfe Isis has been noticing typos. 2017-10-24 19:37:09 -04:00
Nick Mathewson
b95ef19a77 Merge branch 'feature18329_029_squashed' into maint-0.3.2 2017-10-24 19:35:32 -04:00
Nick Mathewson
594cf92498 Merge branch 'feature18329_029_squashed' into maint-0.3.2 2017-10-24 19:35:28 -04:00
Nick Mathewson
f3af74ccf5 Updates to fix check-spaces/check-changes warnings 2017-10-24 19:35:16 -04:00
Nick Mathewson
44e8aaa9aa Adjust test to allow hyphens too. 2017-10-24 19:33:38 -04:00
Isis Lovecruft
02cde0d939 test: Add unittest for descriptors with BridgeDistribution option. 2017-10-24 19:26:24 -04:00
Isis Lovecruft
b0e10f23ba doc: Improve documentation for check_bridge_distribution_setting(). 2017-10-24 19:26:24 -04:00
Nick Mathewson
613b18f0af Always set bridge-distribution-request on bridges' descriptors.
Also, warn the user if the BridgeDistribution option is
unrecognized, and reject the value if it is invalid.
2017-10-24 19:26:24 -04:00
Roger Dingledine
ebab521525 Add new BridgeDistribution config option
Bridge relays can use it to add a "bridge-distribution-request" line
to their bridge descriptor, which tells BridgeDB how they'd like their
bridge address to be given out.

Implements tickets 18329.
2017-10-24 19:26:24 -04:00
Taylor Yu
9b60acd4d4 Rewrite bridge addresses earlier
Call rewrite_node_address_for_bridge() in
launch_direct_bridge_descriptor_fetch() in case there's an existing
node_t for it.
2017-10-24 17:35:17 -05:00
Nick Mathewson
649000662d Merge remote-tracking branch 'arma/ticket23637' 2017-10-24 12:52:41 -04:00
Nick Mathewson
5325e7ccab bump version in the other places :/ 2017-10-24 09:11:17 -04:00
Nick Mathewson
552b620280 bump version in the other places :/ 2017-10-24 09:11:07 -04:00
Nick Mathewson
cbb41ddfef bump to 0.3.1.8 2017-10-24 09:09:50 -04:00
Nick Mathewson
743eee4930 bump to 0.2.5.15 2017-10-24 09:09:00 -04:00
Nick Mathewson
abbd6a36fc Merge branch 'maint-0.3.2' 2017-10-24 08:25:29 -04:00
Nick Mathewson
0d4addfc73 Merge branch 'bug23952_032' into maint-0.3.2 2017-10-24 08:24:12 -04:00
Nick Mathewson
f0a6ea0bfd Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 15:55:48 -04:00
Nick Mathewson
f7707c9031 Merge branch 'maint-0.3.2' 2017-10-23 15:55:48 -04:00
Nick Mathewson
b1d6cf2508 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 15:55:48 -04:00
Nick Mathewson
9ae4ffc076 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 15:55:08 -04:00
Nick Mathewson
b1bd1bf19f Merge remote-tracking branch 'teor/bug23874-029' into maint-0.2.9 2017-10-23 15:53:45 -04:00
Nick Mathewson
48ee85e0c6 Have LOG_PROTOCOL_WARN call its own function
Also, make the function that implements LOG_PROTOCOL_WARN use a
cached value of the desired loglevel, rather than calling
get_options().
2017-10-23 12:22:26 -04:00
Nick Mathewson
af33fdd7c1 Remove the length limit from write_http_status_line
Fixes bug 23908; bugfix on 0.3.1.6-rc when we made the keypin
failure message really long.

Backport from 0.3.2's 771fb7e7ba,
where arma said "get rid of the scary 256-byte-buf landmine".
2017-10-23 09:21:22 -04:00
Nick Mathewson
fcd5c3144a Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 09:11:10 -04:00
Nick Mathewson
eac4c374e4 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 09:11:10 -04:00
Nick Mathewson
49e8352f16 Merge branch 'maint-0.3.2' 2017-10-23 09:11:10 -04:00
Nick Mathewson
6a7aa47357 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 09:11:10 -04:00
Nick Mathewson
85115796bb Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 09:11:10 -04:00
Nick Mathewson
a5f5bda462 Adjust test, now that there are 9 dirauths again 2017-10-23 09:11:07 -04:00
Nick Mathewson
1db5081ba1 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 09:06:34 -04:00
Nick Mathewson
c93ecb8189 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 09:06:34 -04:00
Nick Mathewson
d99c6b7252 Merge branch 'maint-0.3.2' 2017-10-23 09:06:34 -04:00
Nick Mathewson
009141c6a8 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 09:06:34 -04:00
Nick Mathewson
23e3d57e12 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 09:06:34 -04:00
Nick Mathewson
8cc147aa83 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-23 09:04:56 -04:00
David Goulet
15a699462d dirauth: Add bastet to the default authorities
Fixes #23910

Based on a patch by dgoulet; backported to 0.2.5
2017-10-23 09:03:36 -04:00
Nick Mathewson
97046436b2 Merge branch 'maint-0.3.2' 2017-10-23 08:59:12 -04:00
Nick Mathewson
c958fda6e2 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 08:59:11 -04:00
Nick Mathewson
783e458c07 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:59:11 -04:00
Nick Mathewson
b8dedaee74 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 08:59:11 -04:00
Nick Mathewson
df57d1e0c0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 08:59:11 -04:00
Nick Mathewson
9a1b385462 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-23 08:58:28 -04:00
Nick Mathewson
132e2f69b1 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 08:53:25 -04:00
Nick Mathewson
74e8fd22c9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:53:25 -04:00
Nick Mathewson
b68de63eb6 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 08:53:25 -04:00
Nick Mathewson
6f87a85897 Merge remote-tracking branch 'public/bug23690_028' into maint-0.2.8 2017-10-23 08:53:14 -04:00
Nick Mathewson
35574d4a9a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:47:58 -04:00
Nick Mathewson
fcaf3335b4 Merge remote-tracking branch 'public/bug23081_025' into maint-0.2.9 2017-10-23 08:47:52 -04:00
Nick Mathewson
d29e4c0597 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:46:29 -04:00
Nick Mathewson
68dea082e7 Merge remote-tracking branch 'public/bug22349_029' into maint-0.2.9 2017-10-23 08:46:26 -04:00
Nick Mathewson
a62f59f000 Mark "previously validated foo could not be set" blocks as unreachable. 2017-10-20 19:28:12 -04:00
Nick Mathewson
c4a07b261b Add unit tests for cases of starting with bogus keygen arguments
In particular, this tests that we give an appropriate warning when
we are told to use some keygen argument, but --keygen is not specified.
2017-10-20 19:27:48 -04:00
Nick Mathewson
3c99b810a4 Exit more carefully when options_act() fails.
Also, annotate options_act() with places where we should be
pre-validating values.
2017-10-20 11:39:17 -04:00
Nick Mathewson
1df43aff41 Return instead of exiting in options_init_from_torrc() 2017-10-20 11:39:17 -04:00
Nick Mathewson
853e73e815 Return from instead of exit()ing when ed25519 key check fails. 2017-10-20 11:39:17 -04:00
Nick Mathewson
c247a2df6b On locking failure, return -1 instead of exit()ing.
This is safe, since the only caller (options_act) will check the
return value, and propagate failure.
2017-10-20 11:39:17 -04:00
Nick Mathewson
9bafc3b1ef Replace most bad exits in main.c, hibernate.c
This should make most of the reasons that we hibernate cleaner.
2017-10-20 11:39:17 -04:00
Nick Mathewson
c82cc8acb5 Add a failsafe to kill tor if the new exit code doesn't work.
It _should_ work, and I don't see a reason that it wouldn't, but
just in case, add a 10 second timer to make tor die with an
assertion failure if it's supposed to exit but it doesn't.
2017-10-20 11:39:17 -04:00
Nick Mathewson
f0c3b62381 Expose a new function to make the event loop exit once and for all.
Instead of calling tor_cleanup(), exit(x), we can now call
tor_shutdown_event_loop_and_exit.
2017-10-20 11:39:17 -04:00
Nick Mathewson
78cbced45c Rename "tell_event_loop_to_finish" to "...run_external_code"
This function was never about 'finishing' the event loop, but rather
about making sure that the code outside the event loop would be run
at least once.
2017-10-20 09:59:48 -04:00
Nick Mathewson
35746a9ee7 Comment-only change: annotate exit() calls.
Sometimes when we call exit(), it's because the process is
completely hopeless: openssl has a broken AES-CTR implementation, or
the clock is in the 1960s, or something like that.

But sometimes, we should return cleanly from tor_main() instead, so
that embedders can keep embedding us and start another Tor process.

I've gone through all the exit() and _exit() calls to annotate them
with "exit ok" or "XXXX bad exit" -- the next step will be to fix
the bad exit()s.

First step towards 23848.
2017-10-19 13:42:28 -04:00
Nick Mathewson
0956242158 Mark some unreachable code in compat_winthreads.c as unreachable 2017-10-19 13:21:48 -04:00
Nick Mathewson
72b5e4a2db Move tor_git_revision into a new module.
At first, we put the tor_git_revision constant in tor_main.c, so
that we wouldn't have to recompile config.o every time the git
revision changed.  But putting it there had unintended side effect
of forcing every program that wanted to link libor.a (including
test, test-slow, the fuzzers, the benchmarks, etc) to declare their
own tor_git_revision instance.

That's not very nice, especially since we want to start supporting
others who want to link against Tor (see 23846).

So, create a new git_revision.c file that only contains this
constant, and remove the duplicated boilerplate from everywhere
else.

Part of implementing ticket 23845.
2017-10-18 13:49:35 -04:00
Nick Mathewson
f1bf9bf819 Add __OwningControllerFD to allow controllers without controlports
This feature should help programs that want to launch and manage a
Tor process, as well as programs that want to launch and manage a
Tor instance in a separate thread.  Right now, they have to open a
controlport, and then connect to it, with attendant authentication
issues.  This feature allows them to just start with an
authenticated connection.

Bug 23900.
2017-10-18 13:36:53 -04:00
Nick Mathewson
f0daaf8d60 Expose connection_init_accepted_conn. 2017-10-18 12:55:09 -04:00
Nick Mathewson
4eb5753bd2 New function for Tor to treat itself as the "owner" of a socket
Our socket accounting functions assumed that we'd never be asked to
close a socket that we didn't open ourselves.  But now we want to
support taking control sockets that we inherit -- so we need a way
of taking ownership of them, so we don't freak out later on when we
close them.
2017-10-18 12:17:44 -04:00
Nick Mathewson
5bcd8dc5c4 Make the mark_socket_open() no-op treat the socket as used.
This is preliminary for extracting the "take socket ownership" code
into its own function.
2017-10-18 12:13:26 -04:00
Nick Mathewson
5d219ecf98 Update Longclaw's IP address; fixes 23592. 2017-10-17 14:00:30 -04:00
Nick Mathewson
8652f3e9e8 Fix memory leak when freeing socket_table in KIST. 2017-10-17 13:40:31 -04:00
Nick Mathewson
d8604b8729 Merge branch 'teor_bug23813_squashed' 2017-10-15 20:36:23 -04:00
teor
eaf9c0f25a Describe what router_reset_descriptor_download_failures() actually does
Comment-only change.

Part of #23813.
2017-10-15 20:36:18 -04:00
teor
5bca66be49
Clear the address when node_get_prim_orport() returns early
Fixes bug 23874; bugfix on 0.2.8.2-alpha.
2017-10-15 16:48:36 -04:00
teor
67eeee0c71
Add a new consensus method that removes IPv6 address lines from microdescs
Implements #23828.
2017-10-15 12:31:39 -04:00
teor
56dbba3207
Add a consensus method for IPv6 address lines in the microdesc consensus
Implements #23826.
2017-10-15 12:31:06 -04:00
teor
b8d4588c90
Add a consensus_method argument to routerstatus_format_entry()
And pass ROUTERSTATUS_FORMAT_NO_CONSENSUS_METHOD when it's not applicable.

Preparation for #23826.
2017-10-15 12:09:52 -04:00
teor
305f947671
Improve the comment on networkstatus_compute_consensus() 2017-10-15 12:08:55 -04:00
Nick Mathewson
e00f12ec6c bump version on master to 0.3.3.0-alpha-dev 2017-10-15 11:57:06 -04:00
Nick Mathewson
bdf60fc7ce Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-05 11:03:36 -04:00
Nick Mathewson
0cd7c1af37 Merge branch 'maint-0.3.1' 2017-10-05 11:03:36 -04:00
Nick Mathewson
2984d99165 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-05 11:03:35 -04:00
Nick Mathewson
d6bdec1595 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-05 11:03:35 -04:00
Nick Mathewson
ad7db10770 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-05 11:03:35 -04:00
Karsten Loesing
b9d9b16b76 Update geoip and geoip6 to the October 4 2017 database. 2017-10-05 16:56:14 +02:00
David Goulet
469ee6e6fe hs-v3: Refactor client refetch function
Create a function that tells us if we can fetch or not the descriptor for the
given service key.

No behavior change. Mostly moving code but with a slight change so the
function can properly work by returning a boolean and also a possible fetch
status code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-04 15:50:22 -04:00
Taylor Yu
44e4a96bb5 Don't expect permission failure if running as root
Skip test_config_include_no_permission() when running as root, because
it will get an unexpected success from config_get_lines_include().
This affects some continuous integration setups.  Fixes bug 23758.
2017-10-04 08:42:05 -05:00
David Goulet
2e8de0de3b sched: Implement SCHED_BUG()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 14:43:09 -04:00
cathugger
9d90f9829c hs-v3: Always generate the public key file on disk
Fixes #23748

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 11:19:10 -04:00
Nick Mathewson
1e7e36da4b Merge branch 'bug23672_032_01_squashed' 2017-10-03 10:56:52 -04:00
David Goulet
30d2e0b71e test: Add an HS v3 descriptor fetch unit test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 10:56:46 -04:00
David Goulet
c232b6b59c hs-v3: Close pending SOCKS connection on descriptor fetch error
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 10:56:46 -04:00
Nick Mathewson
783a44b2cd Merge remote-tracking branch 'asn/bug23670' 2017-10-03 09:05:16 -04:00
George Kadianakis
f7306b16ec entrynodes: Better naming for dir info check functions. 2017-10-03 15:55:19 +03:00
Nick Mathewson
a6c62cbd13 Merge branch 'bug23678_032' 2017-10-03 08:18:08 -04:00
Nick Mathewson
f923aeee1b Follow-up on 23678: fix socks/wrong_protocol test 2017-10-03 08:17:41 -04:00
Nick Mathewson
f2e820c45f torcert.c: mark some lines unreachable by tests
These are related to handling of failures on functions which can't
fail.
2017-10-03 08:07:36 -04:00
Nick Mathewson
bb7288b2c3 Make the fp_pair_map tests cover {get,set}_by_digests 2017-10-03 08:07:36 -04:00
George Kadianakis
5352785d0c entrynodes: Error msg for missing guard descs is now more informative. 2017-10-03 14:41:20 +03:00
George Kadianakis
f2231306ba entrynodes: Move guard dirinfo check below path dirinfo check.
We do that because we want to use the path fraction dirinfo data in case
we are missing primary guard dirinfo.
2017-10-03 14:41:18 +03:00
George Kadianakis
c9729853a5 entrynodes: Be specific about how many primary descriptors we miss. 2017-10-03 14:39:34 +03:00
Nick Mathewson
d0cae9fbc5 bump master to 0.3.2.2-alpha-dev 2017-10-02 19:19:51 -04:00
Alexander Færøy
c61508f9aa
Bump version to 0.3.2.2-alpha.
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2017-10-02 19:23:32 +00:00
Nick Mathewson
ad4dcd7d1a Fix our "not an HTTP Proxy" message in light of HTTPTunnelPort
When we added HTTPTunnelPort, the answer that we give when you try
to use your SOCKSPort as an HTTP proxy became wrong.  Now we explain
that Tor sorta _is_ an HTTP proxy, but a SOCKSPort isn't.

I have left the status line the same, in case anything is depending
on it.  I have removed the extra padding for Internet Explorer,
since the message is well over 512 bytes without it.

Fixes bug 23678; bugfix on 0.3.2.1-alpha.
2017-10-02 12:53:13 -04:00
Nick Mathewson
c50c98ba6a Make changes in server_mode() affect workers; fix a crash.
Without this fix, changes from client to bridge don't trigger
transition_affects_workers(), so we would never have actually
initialized the cpuworkers.

Fixes bug 23693.  Bugfix on 3bcdb26267 0.2.6.3-alpha, which
fixed bug 14901 in the general case, but not on the case where
public_server_mode() did not change.
2017-10-02 11:11:30 -04:00
Nick Mathewson
dddae36f5e Merge remote-tracking branch 'dgoulet/ticket23696_032_01' 2017-09-29 17:46:50 -04:00
Nick Mathewson
ca2e7eabc2 Merge branches 'bug8185_031' and 'bug8185_diagnostic_032' 2017-09-29 17:26:40 -04:00
David Goulet
070064de89 sched: Always initialize scheduler_last_run to now
Because our monotonic time interface doesn't play well with value set to 0,
always initialize to now() the scheduler_last_run at init() of the KIST
scheduler.

Fixes #23696

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-29 14:07:55 -04:00
Matt Traudt
3ef7e6f187 sched: Don't get KIST stuck in an infinite loop
When a channel is scheduled and flush cells returns 0 that is no cells to
flush, we flag it back in waiting for cells so it doesn't get stuck in a
possible infinite loop.

It has been observed on moria1 where a closed channel end up in the scheduler
where the flush process returned 0 cells but it was ultimately kept in the
scheduling loop forever. We suspect that this is due to a more deeper problem
in tor where the channel_more_to_flush() is actually looking at the wrong
queue and was returning 1 for an empty channel thus putting the channel in the
"Case 4" of the scheduler which is to go back in pending state thus
re-considered at the next iteration.

This is a fix that allows the KIST scheduler to recover properly from a not
entirelly diagnosed problem in tor.

Fixes #23676

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-29 11:06:31 -04:00
Nick Mathewson
fc6c0b46fb Merge branch 'bug23690_additional_032' 2017-09-29 10:29:40 -04:00
Nick Mathewson
b0ddaac074 Make some assertions nonfatal to help prevent bug23690 recurrence. 2017-09-29 10:29:33 -04:00
Nick Mathewson
8ccefa7b7a Merge branch 'bug23690_028' 2017-09-29 10:28:33 -04:00
Nick Mathewson
f7222e6d8c Clear outbuf_flushlen when we clear a connection's outbuf
When we added single_conn_free_bytes(), we cleared the outbuf on a
connection without setting outbuf_flushlen() to 0.  This could cause
an assertion failure later on in flush_buf().

Fixes bug 23690; bugfix on 0.2.6.1-alpha.
2017-09-29 10:00:14 -04:00
Nick Mathewson
1a5746f8e1 Merge branch 'bug8185_025' into bug8185_031 2017-09-29 09:37:01 -04:00
Nick Mathewson
d256d4c0a6 Don't package cells onto marked circuits.
This caused a BUG log when we noticed that the circuit had no
channel.  The likeliest culprit for exposing that behavior is
d769cab3e5, where we made circuit_mark_for_close() NULL out
the n_chan and p_chan fields of the circuit.

Fixes bug 8185; bugfix on 0.2.5.4-alpha, I think.
2017-09-29 09:33:47 -04:00
Nick Mathewson
1b6ccb52ea Log more information when bug8185 is about to trigger.
My current theory is that this is just a marked circuit that hasn't
closed yet, but let's gather more information in case that theory is
wrong.

Diagnostic for 8185.
2017-09-29 09:24:01 -04:00
Nick Mathewson
4e6374c26b Merge remote-tracking branch 'catalyst-oniongit/bug23691' 2017-09-28 19:07:23 -04:00
Taylor Yu
2ae1b7e2db Fix leak in test_util.c
AddressSanitizer found a leak in test_util_decompress_dos_impl().
Fixes bug #23691.
2017-09-28 17:53:38 -05:00
Alexander Færøy
8d6940814a
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
2017-09-28 20:17:41 +02:00
Alexander Færøy
c2fac2c6b0
Enable disabled test that was disabled due to bug #23551
See: https://bugs.torproject.org/23551
2017-09-28 18:58:15 +02:00
Alexander Færøy
44dc4b73ec
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
2017-09-28 18:58:15 +02:00
Alexander Færøy
c3b7f9d762
Fix whitespace issue in compress.c 2017-09-28 18:58:15 +02:00
Alexander Færøy
a196fdb622
Fix typo in buffers.c. 2017-09-28 18:58:09 +02:00
Nick Mathewson
3a073c463d Improve unit test coverage for compression code.
These tests try uncompressing garbage, verify that we won't
make compression bombs, and verify that we won't uncompress
compression bombs.
2017-09-28 12:20:02 -04:00
Nick Mathewson
14614a592e Fix spelling: compressing, not compresing 2017-09-28 12:17:34 -04:00
Nick Mathewson
f71ff0cabc Unit test for case where %included dir exists but is unreadable 2017-09-28 09:49:30 -04:00
Nick Mathewson
5b6f2713cd unit test for config_lines_dup_and_filter 2017-09-28 09:40:17 -04:00
Nick Mathewson
55873107d0 Correct docs for config_lines_dup_and_filter 2017-09-28 09:40:04 -04:00
Nick Mathewson
a64d79ca4c Move around some LCOV_EXCLs in src/common
Apparently, my compiler now generates coverage markers for
label-only lines, so we need to exclude those too if they are meant
to be unreachable.
2017-09-28 09:25:17 -04:00
Nick Mathewson
99e52711bb Add unit test for buf_get_line(). 2017-09-28 08:35:30 -04:00
Nick Mathewson
01d67a9071 Note an unreachable (?) section in buffers.c 2017-09-28 08:35:24 -04:00
Nick Mathewson
f21102c069 Let's get 100% coverage for proto_http while we're at it.
There was some coverage before, but it was mostly accidental.
2017-09-27 21:45:55 -04:00
Nick Mathewson
57f04a482e Test more error cases of our socks code.
Coverage is now respectable. :)
2017-09-27 19:37:36 -04:00
Nick Mathewson
6882e711d0 Add unit tests for SOCKS functions that parse server responses
We use these when we're acting as a SOCKS client, but we'd never
actually written tests for them :/
2017-09-27 18:55:14 -04:00
Nick Mathewson
5418aa84ee socks5 unit tests: add check for ipv6 address type. 2017-09-27 11:23:09 -04:00
Nick Mathewson
04f7873bab Socks tests for bad socks5 username/passwd auth. 2017-09-27 11:16:29 -04:00
Nick Mathewson
14124f82df Mark some tests in parse_socks.c as unreachable (BUG, LCOV)
These tests aren't reachable, given their actual arguments.  I'm
going to mark them as BUG(), and as unreachable with LCOV.
2017-09-27 11:16:20 -04:00
Nick Mathewson
5427365907 testing: test many possible truncated SOCKS commands
Many of the 'truncated command' paths in fetch_from_buf_socks() were
not reached by the tests.  This new unit test tries to check them
exhaustively.
2017-09-27 10:54:56 -04:00
David Goulet
cf75c1af66 hs-v3: Don't fetch descriptor if we have a pending request
If 6 SOCKS requests are opened at once, it would have triggered 6 fetches
which ultimately poke all 6 HSDir. We don't want that, if we have multiple
SOCKS requests for the same service, do one fetch only.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-27 09:24:35 -04:00
George Kadianakis
178a2bbcff prop224: Fix one last instance of get_time_period_num() with now.
When purging last HSDir requests, we used time(NULL) for computing the
service blinded key but in all other places in our codebase we actually
use the consensus times. That can cause wrong behavior if the consensus
is in a different time period than time(NULL).

This commit is required for proper purging of HSDir requests.
2017-09-27 09:24:35 -04:00
George Kadianakis
6051375cca prop224: Update some function docs with the right retval. 2017-09-27 09:24:35 -04:00
Nick Mathewson
a57f495c1a Move ext_or_command tests to test_proto_misc.c
No other code changes.
2017-09-27 09:11:15 -04:00
Nick Mathewson
b8b016940d Add unit tests for var_cell and control0 proto functions. 2017-09-27 09:09:00 -04:00
Taylor Yu
8f8a4c0ced Eat redundant semicolons 2017-09-26 15:12:34 -04:00
David Goulet
40ab25db62 hs-v3: Don't non fatal assert if we can't get the intro extend info
Fixes #23159.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-26 13:55:51 -04:00
Nick Mathewson
6beeb10070 Merge branch 'typecheck4' 2017-09-26 12:26:01 -04:00
Nick Mathewson
49d2346b80 Type bug in shared_random_state -- make sure Version is int.
The confparse field has type UINT, which corresponds to an int
type.  We had uint32_t.

This shouldn't cause trouble in practice, since int happens to
4-bytes wide on every platform where an authority is running.  It's
still wrong, though.
2017-09-26 12:25:34 -04:00
Nick Mathewson
a5b18dfba9 Make the TransProxyType field non-const
The correct type for a STRING confparse value is char *, not const
char *.
2017-09-26 12:25:07 -04:00
Nick Mathewson
4d11a468b2 Correct two state-file variable types.
These should have been int, but we had listed them as unsigned.
That's an easy mistake to make, since "int" corresponds with either
INT or UINT in the configuration file.

This bug cannot have actually caused a problem in practice, since we
check those fields' values on load, and ensure that they are in
range 0..INT32_MAX.
2017-09-26 12:25:01 -04:00
Nick Mathewson
eb54a856a2 Add test to make sure all confparse variables are well-typed
New approach, suggested by Taylor: During testing builds, we
initialize a union member of an appropriate pointer type with the
address of the member field we're trying to test, so we can make
sure that the compiler doesn't warn.

My earlier approach invoked undefined behavior.
2017-09-26 12:24:04 -04:00
Nick Mathewson
1f3db0514e Merge remote-tracking branch 'asn/ticket23645_032_01' 2017-09-26 08:55:59 -04:00
David Goulet
648d5ea67e hs: Improve logging
Also demote a log message that can occur under natural causes
(if the circuit subsystem is missing descriptors/consensus etc.).
The HS subsystem will naturally retry to connect to intro points,
so no need to make that log user-facing.
2017-09-26 13:55:44 +03:00
David Goulet
4190f602bd circuit: Log n_circ_id and global identifier of HS circuits
So we can track them more easily in the logs and match any open/close/free
with those identifiers.

Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:21:04 -04:00
David Goulet
767b1815e9 circuit: Log circuit identifiers when cannibalizing
This removes the "nickname" of the cannibalized circuit last hop as it is
useless. It now logs the n_circ_id and global identifier so we can match it
with other logging statement.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:08:11 -04:00
David Goulet
fb4a82c485 circuit: Keep a copy of n_circ_id for logging
Prior to the log statement, the circuit n_circ_id value is zeroed so keep a
copy so we can log it at the end.

Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:04:30 -04:00
David Goulet
de54e14312 circuit: Closing reason are signed values
Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:01:12 -04:00
Nick Mathewson
45530ed729 Merge branch 'bug22109' 2017-09-25 14:32:04 -04:00
Nick Mathewson
81c4793232 Make testing rend1_payload variables static
This fixes a clang warning.
2017-09-25 13:26:43 -04:00
Nick Mathewson
90e8d1f58f Merge branch 'bug23539_032_01_squashed' 2017-09-25 11:12:56 -04:00
Nick Mathewson
581e2c8b2c Whitespace fix. 2017-09-25 11:12:45 -04:00
Matt Traudt
7bbc29b0f2 sched: make interval a plain int; initialize with macro 2017-09-25 11:11:30 -04:00
David Goulet
ef2a449cce sched: Make KISTSchedRunInterval non negative
Fixes #23539.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 11:11:30 -04:00
Nick Mathewson
777e828ef3 Merge remote-tracking branch 'asn/ticket23420_032_01' 2017-09-25 09:24:36 -04:00
George Kadianakis
03b3f5486a prop224: Add test for parsing RENDEZVOUS1 cell.
Just making sure that added padding does not screw up cell parsing.
2017-09-25 15:00:06 +03:00
Roger Dingledine
8dff23eb34 Assign Exit flag only for ports 80 and 443
Make the "Exit" flag assignment only depend on whether the exit
policy allows connections to ports 80 and 443. Previously relays
would get the Exit flag if they allowed connections to one of
these ports and also port 6667.

Resolves ticket 23637.
2017-09-24 19:27:07 -04:00
Roger Dingledine
a1f31c0671 fix typo 2017-09-22 17:26:29 -04:00
Nick Mathewson
01e984870a Remove an erroneous 0.5 in compute_weighted_bandwidths()
Back in 0.2.4.3-alpha (e106812a77), when we switched from using
double to using uint64 for selecting by bandwidth, I got the math
wrong: I should have used llround(x), or (uint64_t)(x+0.5), but
instead I wrote llround(x+0.5).  That means we would always round
up, rather than rounding to the closest integer

Fixes bug 23318; bugfix on 0.2.4.3-alpha.
2017-09-22 15:29:15 -04:00
Nick Mathewson
22e2c3bf7d Fix check-spaces and a weird copyright. 2017-09-22 12:20:26 -04:00
Nick Mathewson
230a336798 Use setup_full_capture_of_logs for 21800
setup_capture_of_logs() doesn't actually suppress warnings :p
2017-09-22 10:22:47 -04:00
Nick Mathewson
ac3fdb74c2 Remove unused chosen_scheduler_type variable. 2017-09-22 09:56:54 -04:00
Nick Mathewson
122eab78d9 Merge remote-tracking branch 'pastly/bug23552_032_03' 2017-09-22 09:54:41 -04:00
David Goulet
dc5c9af6c3 hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-22 09:09:13 -04:00
Nick Mathewson
91467e04b1 Merge branch 'bug22805_v2_squashed' 2017-09-22 08:58:17 -04:00
Nick Mathewson
95a7e7e925 Stop using CREATE_FAST as a signifier of clienthood.
Relays send it, and we may as well let them.  Part of our fix for
22805.
2017-09-22 08:57:45 -04:00
Nick Mathewson
ceb49c1c5f Use channel_is_client() accessor in channelpadding.c.
Also, allow channel_is_client() to take a const channel.
2017-09-22 08:55:53 -04:00
Nick Mathewson
d1e0e486e9 Stop clearing the is_client flag on channel directly 2017-09-22 08:55:53 -04:00
Nick Mathewson
66aff2d8f3 Remove or_circuit_t.is_first_hop; use channel_is_client() instead
The is_first_hop field should have been called used_create_fast,
but everywhere that we wanted to check it, we should have been
checking channel_is_client() instead.
2017-09-22 08:55:53 -04:00
Matt Traudt
88b317ef28 sched: move code to respect comments
The diff is confusing, but were two static scheduler functions that
needed moving to static comment block.

No code change. Thanks dgoulet for original commit
2017-09-22 08:52:27 -04:00
Matt Traudt
22699e3f16 sched: only log when scheduler type changes
Closes 23552. Thanks dgoulet for original impl
2017-09-22 08:51:22 -04:00
Nick Mathewson
512c57cff9 test_util: capture the log in the correct place. 2017-09-22 08:51:03 -04:00
Nick Mathewson
00d7b60557 Merge branch 'bug21800' 2017-09-21 17:39:54 -04:00
Nick Mathewson
bb9b8e65bb Merge remote-tracking branch 'pastly/bug23581_032_03' 2017-09-21 17:33:10 -04:00
Nick Mathewson
33d44dc4ac Capture "Result does not fit in tor_timegm()" warnings in util tests
Fixes bug 21800; bugfix on 0.2.9.x
2017-09-21 15:32:16 -04:00
David Goulet
7f3dc8327a hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:38:43 -04:00
David Goulet
1749e07891 hs: Improve comments for when we change timestamps
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:24:36 -04:00
David Goulet
c20d4db7bf sched: Hard exit if we can't select a scheduler
Fixes #23581

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:18:42 -04:00
David Goulet
6045bdd4a0 hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 13:13:53 -04:00
Nick Mathewson
4c7a89a226 Merge remote-tracking branch 'catalyst-oniongit/bug23607' 2017-09-21 10:58:06 -04:00
Nick Mathewson
c7b7cf8e18 Merge branch 'maint-0.3.1' 2017-09-21 10:39:10 -04:00
Mike Perry
d70a793cfc Bug 23608: Mock time for all channelpadding tests. 2017-09-21 10:36:57 -04:00
Taylor Yu
ad814cad41 Avoid assertion failure for state file clock skew
The clock_skew_warning() refactoring allowed calls from
or_state_load() to control_event_bootstrap_problem() to occur prior
bootstrap phase 0, causing an assertion failure.  Initialize the
bootstrap status prior to calling clock_skew_warning() from
or_state_load().
2017-09-20 18:54:37 -05:00
Taylor Yu
1c017edac3 Use correct sign for state file clock skew
or_state_load() was using an incorrect sign convention when calling
clock_skew_warning() to warn about state file clock skew.  This caused
the wording of the warning to be incorrect about the direction of the
skew.
2017-09-20 18:50:39 -05:00
Nick Mathewson
ac8e26a415 Use correct name for authtype 3 in a comment. 2017-09-20 15:46:21 -04:00
David Goulet
9b4513c5d1 hs: Log the intro point when we clean it up
When we remove an intro point from the service list, log info about it and
some useful data.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-20 13:08:16 -04:00
David Goulet
317dabc57f circuit: Log n_circ_id and global identifier
When we can, log the n circuit id and global identifier for origin circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-20 12:52:53 -04:00
Nick Mathewson
2998350122 Merge branch 'bug23080' 2017-09-20 12:12:02 -04:00
Nick Mathewson
f9155ff416 Unit test to make sure that our platform string is parseable
Closes 22109.
2017-09-20 10:10:02 -04:00
Nick Mathewson
ff0aabc35d Merge branch 'maint-0.3.1' 2017-09-20 09:45:07 -04:00
Andreas Stieger
427c2cc9e8 in zstd compression, fix 32 bit build
format '%lu' expects argument of type 'long unsigned int', but argument ... has type 'size_t'

Closes ticket 23568.
2017-09-20 09:43:08 -04:00
Nick Mathewson
427ae164f3 Fix a comment that misunderstood is_canonical
is_canonical doesn't mean "am I connected to the one true address of
this relay"; it means "does this relay tell me that the address I'm
connected to belong to it."  The point is to prevent TCP-based MITM,
not to prevent the relay from multi-homing.

Related to 22890.
2017-09-20 09:41:01 -04:00
Nick Mathewson
c4e8548c59 Warn on ExtORPort USERADDR that is missing or 0.
Diagnoses violations on #23080.
2017-09-20 08:50:49 -04:00
Nick Mathewson
9e0587f806 Merge remote-tracking branch 'dgoulet/ticket23305_032_01' 2017-09-20 08:36:11 -04:00
Nick Mathewson
2c93be80d9 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-09-20 08:32:55 -04:00
Nick Mathewson
746410fb24 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-20 08:32:55 -04:00
Nick Mathewson
654820ec1c Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-20 08:32:55 -04:00
Nick Mathewson
a8f4f5742e Merge branch 'maint-0.3.1' 2017-09-20 08:32:55 -04:00
teor
8e52c46581
Remove longclaw's IPv6 address, as it will soon change
Authority IPv6 addresses were originally added in 0.2.8.1-alpha.

This leaves 3/8 directory authorities with IPv6 addresses, but there
are also 52 fallback directory mirrors with IPv6 addresses.

Resolves 19760.
2017-09-20 14:48:53 +10:00
Matt Traudt
4a3b61a5b3 sched: reorder code to fit comment bodies; comment typos
Closes 23560
2017-09-19 20:13:28 -04:00
Roger Dingledine
1c956ccd5f fix typos/etc found while starting to look at scheduler 2017-09-19 19:55:57 -04:00
Nick Mathewson
6628c95e54 Merge remote-tracking branch 'pastly2/bug23566_032_01' 2017-09-19 19:35:46 -04:00
Matt Traudt
951b9f1fa5 tests: fix transproxy tests on BSD systems 2017-09-19 19:20:55 -04:00
Matt Traudt
a8c54ce581 sched: Allow the new sched to react to new cons 2017-09-19 19:07:48 -04:00
Nick Mathewson
ac73913d40 Merge branch 'bug23583_029' 2017-09-19 14:12:29 -04:00
Nick Mathewson
10ea3343b5 Avoid integer error in TEST_BITOPS tests
If "1" is not 64 bits wide already, then "1 << i" will not actually
work.

This bug only affects the TEST_BITOPS code, and shouldn't matter for
the actual use of the timeout code (except if/when it causes this
test to fail).

Reported by dcb314@hotmail.com.  Fix for bug 23583.  Not adding a
changes file, since this code is never compiled into Tor.
2017-09-19 13:58:35 -04:00
David Goulet
5dea4b565f Add a BASE32_DIGEST_LEN define
Use this value instead of hardcoded values of 32 everywhere. This also
addresses the use of REND_DESC_ID_V2_LEN_BASE32 in
hs_lookup_last_hid_serv_request() for the HSDir encoded identity digest length
which is accurate but semantically wrong.

Fixes #23305.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-19 12:33:04 -04:00
David Goulet
a3f5a24669 hs: Pad RENDEZVOUS1 v3 cell to match length of v2
RENDEZVOUS1 cell is 84 bytes long in v3 and 168 bytes long in v2 so this
commit pads with random bytes the v3 cells up to 168 bytes so they all look
alike at the rendezvous point.

Closes #23420

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-19 09:13:28 -04:00
Nick Mathewson
84d587bed8 Merge remote-tracking branch 'teor/minor-comments' 2017-09-19 08:24:49 -04:00
teor
e77ece3b31
Avoid a compilation warning on macOS in scheduler_ev_add()
This warning is caused by a different tv_usec data type on macOS
compared to the system on which the patch was developed.

Fixes 23575 on 0.3.2.1-alpha.
2017-09-19 16:32:47 +10:00
teor
429d88ad6a
Improve comments around connection_or_client_used() 2017-09-19 14:30:27 +10:00
teor
228d782229
Improve comments formatting in connection.c 2017-09-19 14:30:09 +10:00
Nick Mathewson
6afc924d7e Correct what-is-deprecated-when comments 2017-09-18 15:11:33 -04:00
Nick Mathewson
94a88eaa45 Merge remote-tracking branch 'public/ticket19704' 2017-09-18 15:02:16 -04:00
Nick Mathewson
32858610c7 bump to 0.3.2.1.-alpha-dev 2017-09-18 14:40:13 -04:00
Nick Mathewson
0e85b71066 bump to 0.3.1.7-dev 2017-09-18 14:40:04 -04:00
Nick Mathewson
e78347fcc2 bump to 0.3.0.11-dev 2017-09-18 14:39:55 -04:00
Nick Mathewson
a57f1ff7ab bump to 0.2.9.12-dev 2017-09-18 14:39:46 -04:00
Nick Mathewson
0a72d1c8f1 bump to 0.2.8.15-dev 2017-09-18 14:39:40 -04:00
Nick Mathewson
290274dbb5 Add a cast so that 32-bit compilation goes without errors 2017-09-18 12:44:26 -04:00
Nick Mathewson
a23a168f24 Merge remote-tracking branch 'dgoulet/bug23558_032_01' 2017-09-18 11:02:37 -04:00
David Goulet
c7af923567 sched: BUG() on event_add() and log_warn next_run
It is highly unlikely to happen but if so, we need to know and why. The
warning with the next_run values could help.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-18 10:58:38 -04:00
David Goulet
77cc97cf0a sched: Don't cast to int32_t the monotime_diff_msec() result
When the KIST schedule() is called, it computes a diff value between the last
scheduler run and the current monotonic time. If tha value is below the run
interval, the libevent even is updated else the event is run.

It turned out that casting to int32_t the returned int64_t value for the very
first scheduler run (which is set to 0) was creating an overflow on the 32 bit
value leading to adding the event with a gigantic usec value. The scheduler
was simply never running for a while.

First of all, a BUG() is added for a diff value < 0 because if the time is
really monotonic, we should never have a now time that is lower than the last
scheduler run time. And we will try to recover with a diff value to 0.

Second, the diff value is changed to int64_t so we avoid this "bootstrap
overflow" and future casting overflow problems.

Fixes #23558

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-18 10:55:54 -04:00
Nick Mathewson
aaf0fa6d11 Merge branch 'maint-0.3.1' 2017-09-18 10:48:31 -04:00
Nick Mathewson
63ae9ea316 Make hs_ntor_ref.py work with python3 2017-09-18 10:48:28 -04:00
Nick Mathewson
d9dccb00cc Bump to 0.3.2.1-alpha 2017-09-18 10:30:41 -04:00
Nick Mathewson
c7d0096f9d Merge branch 'maint-0.3.1' 2017-09-18 09:42:30 -04:00
Nick Mathewson
23c4592ee9 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-18 09:40:40 -04:00
Nick Mathewson
314652dc16 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-09-18 09:39:46 -04:00
Nick Mathewson
09ea89764a Fix log-uninitialized-stack bug in rend_service_intro_established.
Fixes bug 23490; bugfix on 0.2.7.2-alpha.

TROVE-2017-008
CVE-2017-0380
2017-09-18 09:32:41 -04:00
Nick Mathewson
4a2cbea6ce Fix log-uninitialized-stack bug in rend_service_intro_established.
Fixes bug 23490; bugfix on 0.2.7.2-alpha.

TROVE-2017-008
CVE-2017-0380
2017-09-18 09:27:07 -04:00
Nick Mathewson
dd8eeabfd1 Fix memory leak in tor-gencert.c
This was introduced in 4ff170d7b1, and is probably
unreachable, but coverity complained about it (CID 1417761). Bug not
in any released Tor, so no changes file.
2017-09-17 20:42:28 -04:00
Nick Mathewson
4519b7b469 kist_no_kernel_support is unused when we didn't detect it.
So, remove it.
2017-09-15 16:44:05 -04:00
Nick Mathewson
f4af1919ab Replace accumulated C ;;s with ;s
I don't know where these came from.
2017-09-15 16:43:17 -04:00
Nick Mathewson
76c33f7ff4 Merge branch 'scan-build-032' 2017-09-15 16:40:11 -04:00
Nick Mathewson
c1deabd3b0 Run our #else/#endif annotator on our source code. 2017-09-15 16:24:44 -04:00
Nick Mathewson
7a597718bb Split some long #if lines to make the #endif annotator happy 2017-09-15 16:24:21 -04:00
Nick Mathewson
639766dbc3 Merge branch 'maint-0.3.1'
Resolve conflict with 23532 code.
2017-09-15 14:40:35 -04:00
Nick Mathewson
a01e4a1a95 kist: Cast, then do operations on int32.
Otherwise integer overflows can happen.  Remember, doing a i32xi32
multiply doesn't actually produce a 64-bit output.  You need to do
i64xi32 or i64xi64.

Coverity found this as CID 1417753
2017-09-15 14:30:19 -04:00
Nick Mathewson
9201e4c74b Merge branch 'bug23487_029' 2017-09-15 14:27:58 -04:00
Nick Mathewson
75659fd548 Use different variable names for pw_uid usages
Catalyst points out that using pw_uid for two different purposes
here is likely to be confusing.
2017-09-15 14:26:59 -04:00
Nick Mathewson
03e102c1bb Make netinet/tcp include conditional too: windows lacks it. 2017-09-15 14:08:51 -04:00
Nick Mathewson
44fa866621 fix some 32-bit warnings about printf arguments 2017-09-15 14:02:08 -04:00
Nick Mathewson
37302e64a4 Merge branch 'remove_allow_dotexit_v2' 2017-09-15 12:10:47 -04:00
Nick Mathewson
f02fd6c3af Remove AllowDotExit.
It's been deprecated since 0.2.9.2-alpha.  Closes ticket 23426.
2017-09-15 12:09:33 -04:00
Nick Mathewson
fea2d84ce3 wrap a wide comment 2017-09-15 12:03:08 -04:00
Nick Mathewson
0f4f40b70f Merge remote-tracking branch 'dgoulet/ticket12541_032_02' 2017-09-15 12:00:50 -04:00
Nick Mathewson
962b0b849b Merge remote-tracking branch 'dgoulet/ticket19254_032_01' 2017-09-15 11:52:10 -04:00
Matt Traudt
ae9e6b547d sched: add comment about how we determine if a socket should write 2017-09-15 11:40:59 -04:00
Matt Traudt
501c58187d sched: add more per-socket limit documentation; int fix 2017-09-15 11:40:59 -04:00
David Goulet
513d642a66 sched: Revert IF_BUG_ONCE() to tor_assert()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
1033e14a69 sched: Define SCHEDULER_KIST_PRIVATE for more encapsulation
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
c910610701 sched: Improve logging if KIST is disabled
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
0d0b677b64 test: Fix unit tests with latest scheduler changes
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
734dbfa590 sched: Make the scheduler object static
Each type of scheduler implements its own static scheduler_t object and
returns a reference to it.

This commit also makes it a const pointer that is it can only change inside
the scheduler type subsystem but not outside for extra protection.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
bd34a0d30f sched: Compare channel pointer in the socket table
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
e0984b8a51 sched: Make the outbuf table local to run()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
ba08f8a4ed sched: Make check-spaces happy
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
3d2d8d6841 sched: Extra careful in channel_outbuf_length()
In case we don't have a connection object in the channel, just be careful and
recover.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
14cd8bdd4b sched: Don't expose the global scheduler libevent object
Instead, add wrappers to do the needed action the different scheduler needs
with the libevent object.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
84d18f70f3 sched: Always call on_channel_free() regardless of state
A channel can bounce in the scheduler and bounce out with the IDLE state which
means that if it came in the scheduler once, it has socket information that
needs to be freed from the global hash table.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
7cc9621d11 sched: Add Schedulers torrc option
This option is a list of possible scheduler type tor can use ordered by
priority. Its default value is "KIST,KISTLite,Vanilla" which means that KIST
will be used first and if unavailable will fallback to KISTLite and so on.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
6ff8c86ac6 sched: change most asserts to non-fatal BUGs 2017-09-15 11:40:59 -04:00
Matt Traudt
4bc97c6431 sched: revisist compatibility on non-linux systems
Wrap things in HAVE_KIST_SUPPORT until Tor compiles and tests cleanly on
my OS X machine.
2017-09-15 11:40:59 -04:00
Matt Traudt
8ccb2c106a sched: rename scheduler to the_scheduler 2017-09-15 11:40:59 -04:00
Matt Traudt
7f1d643083 sched: validate KIST sched options 2017-09-15 11:40:59 -04:00
Matt Traudt
61fc9c41ad sched: switch to monotonic time; add/fix comments, style, and logs msgs 2017-09-15 11:40:59 -04:00
David Goulet
6e598bbcd8 sched: Add sandbox support for KIST
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
a06f2a0509 sched: Fallback to naive approach if no runtime KIST support
It is possible that tor was compiled with KIST support but the running kernel
has no support for it. In that case, fallback to a naive approach and flag
that we have no kernel support.

At this commit, if the kernel support is disabled, there are no ways to come
back from it other than restarting tor with a kernel that supporst KIST.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
David Goulet
8424c4f35b sched: Detect KIST support at compile time
Add a detection for the KIST scheduler in our build system and set
HAVE_KIST_SUPPORT if available.

Adapt the should use kist function with this new compile option.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
dde358667d sched: Implement the KIST scheduler
Closes #12541

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
2034e0d1d4 sched: Groundwork before KIST implementation
- HT_FOREACH_FN defined in an additional place because nickm did that
  in an old kist prototype
- Make channel_more_to_flush mockable for future sched tests
- Add empty scheduler_{vanilla,kist}.c files and put in include.am

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
b2c56eacdd sched: Remove vanilla sched options that will be going away
- massive change to src/tgest/test_options.c since the sched options
  were added all over the place in it
- removing the sched options caused some tests to pass/fail in new ways
  so I assumed current behavior is correct and made them pass again
   - ex: "ConnLimit must be greater" lines
   - ex: "Authoritative directory servers must" line
- remove test_options_validate__scheduler in prep for new sched tests

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Nick Mathewson
e88fb4f4f8 Merge remote-tracking branch 'catalyst-oniongit/bug23532' 2017-09-15 11:17:18 -04:00
Taylor Yu
e31a7be161 Make NETINFO clock skew detection work on clients
An unnecessary routerlist check in the NETINFO clock skew detection in
channel_tls_process_netinfo_cell() was preventing clients from
reporting NETINFO clock skew to controllers.
2017-09-15 09:49:53 -05:00
Taylor Yu
37fed742d1 Refactor channeltls.c lightly
Refactor some repetitive deep indirections in several functions in
channeltls.c into local variables.
2017-09-15 09:49:53 -05:00
Nick Mathewson
e05414d241 Fix several places where md-using relays would get wrong behavior.
This patch replaces a few calls to router_get_by_id_digest ("do we
have a routerinfo?") with connection_or_digest_is_known_relay ("do
we know this relay to be in the consensus, or have been there some
time recently?").

Found while doing the 21585 audit; fixes bug 23533.  Bugfix on
0.3.0.1-alpha.
2017-09-15 09:35:59 -04:00
Nick Mathewson
b440560b8b bump to 0.3.1.7 2017-09-15 09:33:32 -04:00
Nick Mathewson
2c9f8badbd repair test_key_expiration.sh 2017-09-15 09:04:22 -04:00
Nick Mathewson
a213a32b7c Merge remote-tracking branch 'dgoulet/ticket23310_032_02' 2017-09-15 09:01:22 -04:00
Nick Mathewson
7facfc728e Merge branch 'bug23488' 2017-09-15 08:58:20 -04:00
David Goulet
21564c93ce test: Make check-spaces happy
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 08:34:56 -04:00
David Goulet
44ee5037ea fixup! test: Add HS v3 client-side test for picking intro points
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 08:34:30 -04:00
Nick Mathewson
123337bbc9 Merge remote-tracking branch 'teor/ticket23528' 2017-09-15 08:15:36 -04:00
Nick Mathewson
72391fce23 Merge remote-tracking branch 'teor/bug23524' 2017-09-15 08:13:45 -04:00
George Kadianakis
5cc80692b8 prop224: Fix memleak in client_get_random_intro().
The memleak was occuring because of the way ExcludeNodes is handled in
that function. Basically, we were putting excluded intro points extend
infos in a special variable which was never freed. Also, if there were
multiple excluded intro points then that variable was overwritten
everytime leaking more memory. This commit should fix both issues.
2017-09-15 12:46:26 +03:00
George Kadianakis
e9b4624cc5 test: Add HS v3 client-side test for picking intro points
This commit adds a pretty advanced test for the client-side making sure that
picking intro is done properly.

This unittest also reveals a memleak on the client_pick_intro() function which
is fixed by the subsequent commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 12:46:26 +03:00
George Kadianakis
29aa400908 test: Improve HS v3 helper for building intro points.
Valid intro points need both legacy key and ipv4.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 12:46:26 +03:00
David Goulet
75ec72f24d test: Unit test for the hs indexes
Using a test vector in python, test both hs_build_hsdir_index() and
hs_build_hs_index().

This commit also adds the hs_build_address.py to EXTRA_DIST which was missing.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 12:46:26 +03:00
George Kadianakis
715a8ea81c prop224 test: Enrich the client_service_hsdir_set_sync() test.
Do two major improvements:

a) Make the client pick 6 HSDirs instead of just 1 and make sure they
   all match the service's HSDirs.

b) Test two additional missing scenarios borrowed from the
   test_reachability() test.
2017-09-15 12:46:26 +03:00
teor
42e7d0ea14
Explain the restrictions on divisor in round*_to_next_multiple_of
Closes 23528.
2017-09-15 16:06:17 +10:00
teor
6e87c0b23e
Avoid an instance of the bug warning in any_bridge_descriptors_known()
Part of 23524.
2017-09-15 14:17:41 +10:00
teor
61b5d05358
Make control port download status next attempts consistent
Make download status next attempts reported over the control port
consistent with the time used by tor. This issue only occurs if a
download status has not been reset before  it is queried over the
control port.

Fixes 23525, not in any released version of tor.
2017-09-15 14:11:34 +10:00
teor
033691212a
Make an assert into a BUG warning in the bridge code
If future code asks if there are any running bridges, without checking
if bridges are enabled, log a BUG warning rather than crashing.

Fixes 23524 on 0.3.0.1-alpha
2017-09-15 14:02:22 +10:00
teor
d60e7df2da
Explain where bridge download statuses are initialised
And why we can't initialise them on config

Comment-only change, follow-up to 23347.
2017-09-15 13:50:29 +10:00
Nick Mathewson
d6568bad5e Merge branch 'bug23499' 2017-09-14 17:18:38 -04:00
Nick Mathewson
348b225bd8 version bump: 0.3.0.11 2017-09-14 13:20:52 -04:00
Nick Mathewson
3c6d4fe046 version bump: 0.2.9.12 2017-09-14 13:20:29 -04:00
Nick Mathewson
26f68dfcef version bump: 0.2.8.15 2017-09-14 13:20:14 -04:00
Nick Mathewson
471e0096ad Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-14 10:15:38 -04:00
Nick Mathewson
fecad31f10 Merge branch 'maint-0.3.1' 2017-09-14 10:15:38 -04:00
Martin Kepplinger
a971018f6d entrynodes.c: fix syntax error around BUG() statement
Fix those misplaced brackets.

Signed-off-by: Martin Kepplinger <martink@posteo.de>
2017-09-14 10:14:44 -04:00
Nick Mathewson
72b802001c Merge remote-tracking branch 'catalyst-oniongit/skew' 2017-09-14 09:49:11 -04:00
Taylor Yu
c0195ccb79 Refactor clock skew handling in networkstatus.c
Move the consensus clock skew handling in
networkstatus_set_current_consensus() to clock_skew_warning().
2017-09-14 08:25:27 -05:00
Taylor Yu
449bb2351e Make trusted clock skew a bootstrap warning
Make clock skew events based on trusted sources produce a bootstrap
warning so controllers can more easily alert users about clock skew
problems.
2017-09-14 08:25:27 -05:00
Taylor Yu
818332e7f1 Refactor control_event_bootstrap_problem
Change the contract of control_event_bootstrap_problem() to be more
general and to take a connection_t.  New function
control_event_bootstrap_prob_or() has the specific or_connection_t
funcionality previously used.
2017-09-14 08:25:27 -05:00
Nick Mathewson
fde18fed60 Merge branch 'bug23019_squashed' 2017-09-14 09:13:28 -04:00
George Kadianakis
0ac2afad0d prop224 client-side: Start validating onion address pubkeys.
Fix the test_build_address() test and its test vectors python script.
They were both using a bogus pubkey for building an HS address which
does not validate anymore.

Also fix a few more unittests that were using bogus onion addresses
and were failing the validation. I replaced the bogus address with
the one generated from the test vector script.
2017-09-14 09:13:11 -04:00
Nick Mathewson
63af663b8c Remove a download_status_reset() call that led to a crash -- see 23347 2017-09-14 08:47:11 -04:00
Nick Mathewson
98c103d91d Rename write_http_status_line, since it does more now. 2017-09-14 08:39:08 -04:00
Nick Mathewson
2385e3f667 Make missing reason_phrase into a BUG(). 2017-09-14 08:34:58 -04:00
Nick Mathewson
3de63fe4b1 Merge branch 'maint-0.3.1' 2017-09-14 07:58:11 -04:00
Nick Mathewson
6fc47062af Merge remote-tracking branch 'mikeperry/bug23077' into maint-0.3.1 2017-09-14 07:57:14 -04:00
Roger Dingledine
771fb7e7ba get rid of the scary 256-byte-buf landmine 2017-09-14 03:04:20 -04:00
Roger Dingledine
eb429232ef Make dir servers include a "Date:" http header more often
Directory servers now include a "Date:" http header for response
codes other than 200. Clients starting with a skewed clock and a
recent consensus were getting "304 Not modified" responses from
directory authorities, so without a Date header the client would
never hear about a wrong clock.

Fixes bug 23499; bugfix on 0.0.8rc1.
2017-09-14 03:02:37 -04:00
Roger Dingledine
dcd0aea85e get rid of a case where we might log a NULL as %s
this doesn't happen in our current code, and now it can't
2017-09-13 22:43:31 -04:00
Roger Dingledine
3247518f22 fix a copy-pasta issue from long ago 2017-09-13 22:28:06 -04:00
Mike Perry
361014255f Bug 23077: Make channelpadding tests use mocked time. 2017-09-14 01:18:30 +00:00
Nick Mathewson
00bf4ed592 Merge branch 'bug23466_squashed' 2017-09-13 14:54:56 -04:00
George Kadianakis
6b794c7ed0 prop224 test: Test client desc expiration in tests.
We enrich the test_client_cache() test in two ways:

a) We check that transitioning time periods also cleans up expired
   descriptors in client memory.

b) We test hs_cache_lookup_as_client() instead of
   lookup_v3_desc_as_client(). The former is a higher level function
   which calls the latter and allows us to test deeper into the
   subsystem.
2017-09-13 14:54:49 -04:00
George Kadianakis
cf8a2b1567 prop224: Set stricter expiration time of cached client descriptors.
In #23466 we discovered that cached descriptors can stay around on the
client-side for up to 72 hours. In reality we only want those descs to
get cached for the duration of the current time period, since after that
TP is gone the client needs to compute a new blinded key to use for the HS.

In this commit we start using the consensus time (if available) when
cleaning up cached client descriptor entries. That makes sense because
the client uses consensus time anyway for connecting to hidden
services (e.g. computing blinded keys and time periods).

If no recent consensus is available, we consider descriptors to be
expired since we will want to fetch new ones when we get a live
consensus to avoid the Roger bug. If we didn't do that, when Roger
desuspends his laptop there would be a race between Tor fetching a new
consensus, and Tor connecting to the HS which would still cause
reachability issues.

We also turned a rev counter check into a BUG, since we should never
receive a descriptor with a strictly smaller rev counter than the one we
already have, except if there is a bug or if the HSDir wants to mess
with us. In any case, let's turn this into a BUG so that we can detect
and debug such cases easily.
2017-09-13 14:54:49 -04:00
Nick Mathewson
dcaf971a01 Merge remote-tracking branch 'teor/bug23470-029' 2017-09-13 09:20:19 -04:00
Nick Mathewson
4ff170d7b1 Fix warnings about passing uninitialized buffers into functions
Most of these buffers were never actually inspected, but it's still
bad style.
2017-09-12 21:32:42 -04:00
Nick Mathewson
491b6de168 Do not cast junk to an ed25519 key in test. 2017-09-12 21:32:42 -04:00
Nick Mathewson
7a4f4c35fa Fix unit test that likes to cast integers to void* 2017-09-12 21:32:42 -04:00
Nick Mathewson
f2f729e26b Clear up dead-assignment warnings from scan-build 2017-09-12 21:32:34 -04:00
teor
c86013291b
Stop relays calling directory_fetches_from_authorities on dir downloads
This change refactors find_dl_schedule() to only call dependent functions
as needed. In particular, directory_fetches_from_authorities() only needs
to be called on clients.

Stopping spurious directory_fetches_from_authorities() calls on every
download on public relays has the following impacts:
* fewer address resolution attempts, particularly those mentioned in 21789
* fewer descriptor rebuilds
* fewer log messages, particularly those limited in 20610

Fixes 23470 in 0.2.8.1-alpha.
The original bug was introduced in commit 35bbf2e as part of prop210.
2017-09-13 09:46:17 +10:00
Nick Mathewson
c3892a582f exit with nonzero status if certificate expiration dump fails
Fixes bug 23488.

Bugfix on b2a7e8df900eabe41d6e866f; bug not in any released Tor.
2017-09-12 19:05:33 -04:00
Nick Mathewson
db00f24d8b Return the actual number of hops in cpath_get_n_hops()
Bug not in any version of tor.

Found with clang's scan-build.
2017-09-12 19:03:04 -04:00
Nick Mathewson
a4847ffa91 clang scan-build: Fix "dead increment" warnings.
For the most part, these indicated a spot where the code could have
been better.
2017-09-12 19:03:04 -04:00
Nick Mathewson
0f58e17313 clang scan-build: Fix "dereference of null pointer" warnings
These warnings are all in the tests, and happen because something
that one part of the code checks for null-ness is later
dereferenced.
2017-09-12 19:03:04 -04:00
Daniel Pinto
ade9baaf9b Fix memory leak when options_init_from_string returns error #22605 2017-09-12 23:07:06 +01:00
Nick Mathewson
7ee486c15f Log correctly on owner/user mismatch.
Found with clang's scan-build while looking at dead assignments.

Fixes bug 23487; bugfix on 1135405c8c in 0.2.9.1-alpha
2017-09-12 17:37:25 -04:00
Nick Mathewson
dedafe95fe Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-12 17:09:47 -04:00
Nick Mathewson
eb078a3bd5 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-12 17:09:47 -04:00
Nick Mathewson
3092c8bb3e Merge branch 'maint-0.3.1' 2017-09-12 17:09:47 -04:00
Nick Mathewson
6ff6738963 Remove redundant items from testing_tor_network_defaults
These items were listed in testing_tor_network_defaults, but had the
same defaults as with the regular settings.

Closes ticket 22532.
2017-09-12 16:23:37 -04:00
Nick Mathewson
de6f121b59 Deprecate ReachableDirAddresses and ClientPreferIPv6DirPort
Closes ticket 19704.
2017-09-12 16:12:15 -04:00
Nick Mathewson
d9e2db1efd Avoid sscanf() warnings from openbsd in the unit tests
OpenBSD doesn't like tricks where you use a too-wide sscanf argument
for a too-narrow array, even when you know the input string
statically.  The fix here is just to use bigger buffers.

Fixes 15582; bugfix on a3dafd3f58 in 0.2.6.2-alpha.
2017-09-12 16:01:12 -04:00
David Goulet
6b4eace248 hs-v3: Stall SOCKS connection when no live consensus available
Fixes #23481

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-12 21:34:26 +03:00
George Kadianakis
f13ca360c9 prop224: Improve docs in time period funcs. 2017-09-12 21:17:35 +03:00
Nick Mathewson
d71a00e91f Merge remote-tracking branch 'dgoulet/ticket23480_032_01' 2017-09-12 11:20:27 -04:00
Nick Mathewson
6c5c74e11e Merge remote-tracking branch 'asn/bug23457_032_01' 2017-09-12 11:10:48 -04:00
David Goulet
98953b1fc2 hs-v3: Rate limit some log statements
Also fix an indentation issue.

Closes #23480

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-12 11:03:13 -04:00
David Goulet
184bd22586 hs: Fix digest256 to base64 issue in a log statement
Part of #23480.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-12 11:03:13 -04:00
Nick Mathewson
26d462c1f0 Merge branch 'ticket21031' 2017-09-12 10:43:34 -04:00
Nick Mathewson
4027bd2e96 Merge branch 'bug23347_squashed' 2017-09-12 10:38:35 -04:00
teor
1b5e34badb Add a missing bridge download status reset
17750 made unused download schedules automatically reset.
But we should make that explicit.
2017-09-12 10:38:25 -04:00
teor
93a8ed3b83 Make clients wait to refresh bridges when they have a recent descriptor
But when clients are just starting, make them try each bridge a few times
before giving up on it.

These changes make the bridge download schedules more explicit: before
17750, they relied on undocumented behaviour and specific schedule
entries. (And between 17750 and this fix, they were broken.)

Fixes 23347, not in any released version of tor.
2017-09-12 10:38:25 -04:00
teor
6370fb77c5 Refactor bridge download statuses to increment on attempt
We were always incrementing bridge download statuses on each attempt,
but we were using the "increment on failure" functions to do it.
And we never incremented them on failure.

No behaviour change.
2017-09-12 10:38:25 -04:00
teor
97249c4f5e Make bridge clients download bridge descriptors immediately
The download schedule tells Tor to wait 15 minutes before downloading
bridge descriptors. But 17750 made Tor ignore that and start immediately.
Since we fixed 17750, Tor waits 15 minutes for bridge client bootstrap,
like the schedule says.

This fixes the download schedule to start immediately, and to try each
bridge 3 times in the first 30 seconds. This should make bridge bootstraps
more reliable.

Fixes 23347.
2017-09-12 10:38:25 -04:00
Nick Mathewson
8eef7fc845 Merge branch 'maint-0.3.1' 2017-09-12 10:30:54 -04:00
Nick Mathewson
befddf6d2a Merge branch 'ticket17857_squashed' into maint-0.3.1 2017-09-12 10:29:00 -04:00
Mike Perry
6d221c8f37 Ticket #17857: Apply padding off-switch to existing connections. 2017-09-12 10:28:45 -04:00
Nick Mathewson
035fe2d208 Remove named_map and unnamed_map from networkstatus.c 2017-09-12 09:56:42 -04:00
Neel Chauhan
42b5e3cbb7 Remove networkstatus_nickname_is_unnamed() 2017-09-12 09:52:07 -04:00
Nick Mathewson
2bfc490c1e Merge remote-tracking branch 'teor/ticket22437' 2017-09-12 09:30:33 -04:00
Nick Mathewson
0729ba2868 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-12 09:23:57 -04:00
Nick Mathewson
bac160b4e0 One more implicit fallthrough warning to fix on GCC 7 2017-09-12 09:22:50 -04:00
Nick Mathewson
5bb4e0c88d Whoops -- options_trial_assign() was calling get_options() in #22281
So, move the get_options() call.
2017-09-12 08:40:13 -04:00
teor
d7d8d2c20e
Add v3 hidden service support to make test-network-all
Requires chutney master 50f64ea or later.

Implements ticket 22437.
2017-09-12 17:08:28 +10:00
David Goulet
7150214baf hs-v3: Cancel active descriptor directory connections before uploading
It is possible that two descriptor upload requests are launched in a very
short time frame which can lead to the second request finishing before the
first one and where that first one will make the HSDir send back a 400
malformed descriptor leading to a warning.

To avoid such, cancel all active directory connections for the specific
descriptor we are about to upload.

Note that this race is still possible on the HSDir side which triggers a log
info to be printed out but that is fine.

Fixes #23457

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-12 01:32:04 +03:00
Nick Mathewson
6e4967ef03 Merge remote-tracking branch 'dgoulet/ticket23462_032_01' 2017-09-11 17:57:31 -04:00
Nick Mathewson
2b26815e09 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-11 17:49:18 -04:00
Andreas Stieger
6cd5a80275 Fix GCC 7 -Wimplicit-fallthrough warnings
Add magic comments recognized by default -Wimplicit-fallthrough=3
or break, as required.
2017-09-11 17:47:04 -04:00
Andreas Stieger
b81a2e8f46 Fix GCC 7 -Wimplicit-fallthrough warnings (32 bit)
Add magic comments recognized by default -Wimplicit-fallthrough=3
Follow-up to e5f464, fixes Ticket 22446 for 32 bit.

[nick notes: Backport from 0.3.1.3-alpha.]
2017-09-11 17:45:07 -04:00
Nick Mathewson
b719fa7efe downgrade warning for #23465 2017-09-11 16:50:43 -04:00
Nick Mathewson
c5a5597572 spelling 2017-09-11 16:48:27 -04:00
Nick Mathewson
2a1ddd78da Merge remote-tracking branch 'dgoulet/bug23455_032_01' 2017-09-11 16:32:40 -04:00
Nick Mathewson
c894e9d3d4 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-11 16:29:10 -04:00
Nick Mathewson
6a49e3360b Fix mixed-sign comparison warning in fix for 22797. 2017-09-11 16:29:06 -04:00
Nick Mathewson
a25d97e530 Merge branch 'teor-bug22797-025' into maint-0.2.9 2017-09-11 16:28:59 -04:00
Nick Mathewson
b9ecb522fc Merge branch 'ticket22281_squashed' 2017-09-11 16:23:24 -04:00
Nick Mathewson
c4cb969a2a Taboo the get_options() function while options are validating
When option validation or transition is happening, there are no
"current options" -- only "old options" and "maybe new options".
Looking at get_options() is likely a mistake, so have a nonfatal
assertion let us know if we do that.

Closes 22281.
2017-09-11 16:23:16 -04:00
Nick Mathewson
fca590a63f Merge branch 'ticket23304_032_01_squashed' 2017-09-11 16:13:55 -04:00
David Goulet
00967cd2a8 prop224: Log undecodable descriptor when SafeLogging is off
Closes #23304

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-11 16:13:46 -04:00
David Goulet
84bb5cb1f1 circuit: Add a log info when marking for close
Closes #23462

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-11 16:10:18 -04:00
David Goulet
59072d2027 test: Fix memleaks
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-11 14:39:24 -04:00
Nick Mathewson
52c40330c8 Merge branch 'maint-0.3.1' 2017-09-11 13:49:20 -04:00
Nick Mathewson
72ea4a8f08 Extract the important parts of the run-pending-timers function.
Our unit tests will need this, so that they can simulate advancing
time without getting libevent involved.
2017-09-11 13:48:39 -04:00
David Goulet
b71f4ecb8d hs: Handled REND_JOINED circuit when getting an INTRODUCE_ACK
Because we can get a RENDEZVOUS2 cell before the INTRODUCE_ACK, we need to
correctly handle the circuit purpose REND_JOINED that is not change its
purpose when we get an INTRODUCE_ACK and simply close the intro circuit
normally.

Fixes #23455

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-11 13:38:58 -04:00
Nick Mathewson
3124c921e7 Split the behavior of node_supports_ed25519_link_authentication().
Before, this function meant "can we connect to this node and
authenticate it using its ed25519 key?"  Now it can additionally
mean, "when somebody else connects to this node, do we expect that
they can authenticate using the node's ed25519 key"?

This change lets us future-proof our link authentication a bit.

Closes ticket 20895.  No backport needed, since ed25519 link
authentication support has not been in any LTS release yet, and
existing releases with it should be obsolete before any releases
without support for linkauth=3 are released.
2017-09-11 10:00:11 -04:00
Nick Mathewson
362bc880b1 Add a function to check for support for "protocol X or later"
Also, add unit tests for this new function and for the regular
"does this list include support for protocol X" code.
2017-09-11 09:50:31 -04:00
Nick Mathewson
2df7f1d59d Merge branch 'ed25519_lookup' 2017-09-08 12:18:22 -04:00
Nick Mathewson
ca19a95d54 Merge remote-tracking branch 'dgoulet/ticket23355_032_01' 2017-09-08 12:13:48 -04:00
Nick Mathewson
2264172fb3 Merge remote-tracking branch 'asn/bug23387_squashed' 2017-09-08 12:09:02 -04:00
George Kadianakis
0307e7e0e7 test: Test that client picks the right HSDir for service.
This test is important because it tests that upload_descriptor_to_all()
is in synch with pick_hsdir_v3(). That's not the case for the
reachability test which just compares the responsible hsdir sets.
2017-09-08 19:07:00 +03:00
George Kadianakis
e0371935a1 prop224: Pick the right hsdir index based on descriptor.
There was a bug in upload_descriptor_to_all() where we picked between
first and second hsdir index based on which time segment we are. That's
not right and instead we should be uploading our two descriptors using a
different hsdir index every time. That is, upload first descriptor using
first hsdir index, and upload second descriptor using second hdsir index.

Also simplify stuff in pick_hdsir_v3() since that's only used to fetch
descriptors and hence we can just always use the fetch hsdir index.
2017-09-08 19:07:00 +03:00
George Kadianakis
e7bdb9eedc prop224: hs_time_between_tp_and_srv() -> hs_in_period_between_tp_and_srv()
Conflicts:
	src/or/nodelist.c
2017-09-08 19:07:00 +03:00
George Kadianakis
eb81a8e69c prop224: 'is_new_tp' -> 'use_second_hdsir_index' in hs_get_responsible_hsdirs() 2017-09-08 19:07:00 +03:00
David Goulet
6c6ba07517 test: Improve our rotation and build descriptor tests
Because of the latest changes on when we rotate, longer lifetime of
descriptors and no more overlap period, the tests needed to be improved to
test more functionnalities.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-08 19:07:00 +03:00
David Goulet
f2c93f9943 test: Fix use out of scope and consensus timings
First, this fixes #23372.

Second, the consensus timings for the build descriptor have been changed to
the current test can pass. More extensive tests of descriptor rotation are
coming in a commit near you because the rotation and time period logic has
been changed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-08 19:07:00 +03:00
David Goulet
87585ebd2d test: Add an HS v3 reachability unit test
This is a large and important unit test for the hidden service version
3! It tests the service reachability for a client using different
consensus timings and makes sure that the computed hashring is the same
on both side so it is actually reachable.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-08 19:07:00 +03:00
David Goulet
4d38731e93 prop224: Make client and service pick same HSDir
With the latest change on how we use the HSDir index, the client and service
need to pick their responsible HSDir differently that is depending on if they
are before or after a new time period.

The overlap mode is active function has been renamed for this and test added.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-08 19:07:00 +03:00
David Goulet
cd07af60c9 prop224: Expand the overlap period concept to be a full SRV protocol run
Because of #23387, we've realized that there is one scenario that makes
the client unable to reach the service because of a desynch in the time
period used. The scenario is as follows:

  +------------------------------------------------------------------+
  |                                                                  |
  | 00:00      12:00       00:00       12:00       00:00       12:00 |
  | SRV#1      TP#1        SRV#2       TP#2        SRV#3       TP#3  |
  |                                                                  |
  |  $==========|-----------$===========|-----------$===========|    |
  |                                    ^ ^                           |
  |                                    C S                           |
  +------------------------------------------------------------------+

In this scenario the HS has a newer consensus than the client, and the
HS just moved to the next TP but the client is still stuck on the old
one. However, the service is not in any sort of overlap mode so it
doesn't cover the old TP anymore, so the client is unable to fetch a
descriptor.

We've decided to solve this by extending the concept of overlap period
to be permanent so that the service always publishes two descriptors and
aims to cover clients with both older and newer consensuses. See the
spec patch in #23387 for more details.
2017-09-08 19:07:00 +03:00
David Goulet
b586de78e3 prop224: Use fetch and store HSDir indexes.
Based on our #23387 findings, it seems like to maintain 24/7
reachability we need to employ different logic when computing hsdir
indices for fetching vs storing. That's to guarantee that the client
will always fetch the current descriptor, while the service will always
publish two descriptors aiming to cover all possible edge cases.

For more details see the next commit and the spec branch.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-08 19:06:56 +03:00
Nick Mathewson
926914a09c Merge remote-tracking branch 'dgoulet/bug23429_032_01' 2017-09-08 09:01:39 -04:00
Nick Mathewson
c151f46445 Merge branch 'ticket20119' 2017-09-08 08:56:53 -04:00
Nick Mathewson
f5092e711f Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-08 08:24:47 -04:00
Nick Mathewson
7a83cf75dc Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-08 08:24:47 -04:00
Nick Mathewson
ad3f0953e6 Merge branch 'maint-0.3.1' 2017-09-08 08:24:47 -04:00
Nick Mathewson
3cace828a9 Merge branch 'bug22644_029' into maint-0.2.9 2017-09-08 08:24:36 -04:00
Nick Mathewson
eebfe4f539 Merge branch 'ticket22731' 2017-09-08 08:11:11 -04:00
Nick Mathewson
1b1eeb0fb9 Merge branch 'feature23237' 2017-09-08 08:10:15 -04:00
Nick Mathewson
22e6880296 Merge branch 'ticket22377' 2017-09-08 08:06:44 -04:00
Nick Mathewson
a9d4df9a08 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-07 15:18:01 -04:00
Nick Mathewson
54fb1d0f7f Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-07 15:18:01 -04:00
Nick Mathewson
36104e55e4 Merge branch 'maint-0.3.1' 2017-09-07 15:18:01 -04:00
Nick Mathewson
bcf2b413c3 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-09-07 15:18:00 -04:00
Nick Mathewson
08592c95fa Merge branch 'maint-0.2.8' into maint-0.2.9 2017-09-07 15:18:00 -04:00
Karsten Loesing
09618ffe38 Update geoip and geoip6 to the September 6 2017 database. 2017-09-07 21:06:16 +02:00
David Goulet
fa87aa00c4 hs: Do not assert on rend_data while iterating over circuits
The pruning process and the deleting ephemeral service function iterates over
all circuits and were asserting on rend_data for a matching circuit. This is
not good because now we have v3 circuits without a rend_data.

Fixes #23429

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-07 14:24:49 -04:00
Matt Traudt
91c7bebfa2 consensus: Add a generic notification function on new consensus
Some groundwork for the KIST scheduler implementation.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-07 11:49:38 -04:00
David Goulet
72c7f81459 prop224: When computing hsdir index and time period, use valid_after time
Use the valid_after time from the consensus to get the time period number else
we might get out of sync with the overlap period that uses valid_after.

Make it an optional feature since some functions require passing a
specific time (like hs_get_start_time_of_next_time_period()).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-07 18:16:07 +03:00
Nick Mathewson
27fa4a98d2 Make ClientDNSRejectInternalAddresses testing-only.
Undeprecate it;
rename it to TestingClientDNSRejectInternalAddresses;
add the old name as an alias;
reject configurations where it is set but TestingTorNetwork is not;
change the documentation accordingly.

Closes tickets 21031 and 21522.
2017-09-07 10:03:31 -04:00
Nick Mathewson
1502bf03fd Add a module comment to util_bug.h
Closes ticket 22824.
2017-09-07 09:31:30 -04:00
Nick Mathewson
12dad5ebf7 Fix crashes on empty +HSPOST and +POSTDESCRIPTOR commands
Fixes bug 22644; bugfix on 0.2.7.1-alpha and 0.2.0.1-alpha
respectively.
2017-09-07 09:20:00 -04:00
Nick Mathewson
1e079ec30d Merge branch 'maint-0.3.1' 2017-09-07 08:51:16 -04:00
Nick Mathewson
9c404602a0 Add a stack trace to the warning at issue with 23105.
With luck, this will help us diagnose 23105 and fix it.

I also added a stack trace to the warning right before it, since why
not.
2017-09-07 08:49:11 -04:00
Nick Mathewson
ae7cb3349e Merge branch 'bug23361_032_01_squashed2' 2017-09-07 08:35:35 -04:00
David Goulet
c527cde82f prop224: Pick rendezvous point of protover HSRend=2
Version 3 hidden service needs rendezvous point that have the protocol version
HSRend >= 2 else the rendezvous cells are rejected.

Fixes #23361

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-07 08:35:28 -04:00
Nick Mathewson
ab18e5e5fc Better error on failure to load seccomp2 sandbox
There are two reasons this is likeliest to happen -- no kernel
support, and some bug in Tor.  We'll ask people to check the former
before they report. Closes 23090.
2017-09-06 14:23:47 -04:00
Nick Mathewson
9261f612ad Merge remote-tracking branch 'dgoulet/bug23123_032_01' 2017-09-06 14:17:43 -04:00
Nick Mathewson
1098893e4f Exit when we can't write to a configured pid file
This is probably what the user wants, according to 20119.
2017-09-06 11:50:22 -04:00
Nick Mathewson
6fea44c673 Reject torrc if RunAsDaemon is given with relative paths.
The chdir() call in RunAsDaemon makes the behavior here surprising,
and either way of trying to resolve the surprise seems sure to
startle a significant fraction of users.  Instead, let's refuse to
guess, and refuse these configurations.

Closes ticket 22731.
2017-09-06 11:39:11 -04:00
Nick Mathewson
342712b9ef Make url-canonicalizer canonicalize correctly. 2017-09-05 15:02:16 -04:00
Nick Mathewson
4e02d02076 Fix an erroneous ! 2017-09-05 14:55:13 -04:00
Nick Mathewson
4ce60dab00 Resolve inconsistencies between buf refactor and HTTP connect 2017-09-05 14:41:35 -04:00
Nick Mathewson
73b0e2e6fd Merge branch 'http_tunnel_squashed' 2017-09-05 14:34:29 -04:00
Nick Mathewson
ad9190404b Add a fuzzer for HTTP CONNECT 2017-09-05 14:34:09 -04:00
Nick Mathewson
53e4272b65 Add stream isolation support for HTTP CONNECT tunnels
I'm doing this using the Proxy-Authorization: header to support
clients that understand it, and with a new tor-specific header that
makes more sense for our use.
2017-09-05 14:34:09 -04:00
Nick Mathewson
4b30ae1581 Add support for HTTP Connect tunnels 2017-09-05 14:34:09 -04:00
Nick Mathewson
eda79c2f78 Export http-command parsing functions. 2017-09-05 14:34:09 -04:00
Nick Mathewson
c0b9f594b6 Make preferred_chunk_size nonstatic, and add a prefix to it 2017-09-05 14:17:18 -04:00
Nick Mathewson
6ec5059723 Refactor buffer APIs to put a buf_t first.
By convention, a function that frobs a foo_t should be called
foo_frob, and it should have a foo_t * as its first argument.  But
for many of the buf_t functions, the buf_t was the final argument,
which is silly.
2017-09-05 13:57:51 -04:00
Nick Mathewson
d61da9e61f Repair wide lines from previous commit. 2017-09-05 13:57:51 -04:00
Nick Mathewson
4a7e90adc5 Repair buffer API so everything starts with buf_.
Our convention is that functions which manipulate a type T should be
named T_foo.  But the buffer functions were super old, and followed
all kinds of conventions.  Now they're uniform.

Here's the perl I used to do this:

\#!/usr/bin/perl -w -i -p

s/read_to_buf\(/buf_read_from_socket\(/;
s/flush_buf\(/buf_flush_to_socket\(/;
s/read_to_buf_tls\(/buf_read_from_tls\(/;
s/flush_buf_tls\(/buf_flush_to_tls\(/;
s/write_to_buf\(/buf_add\(/;
s/write_to_buf_compress\(/buf_add_compress\(/;
s/move_buf_to_buf\(/buf_move_to_buf\(/;
s/peek_from_buf\(/buf_peek\(/;
s/fetch_from_buf\(/buf_get_bytes\(/;
s/fetch_from_buf_line\(/buf_get_line\(/;
s/fetch_from_buf_line\(/buf_get_line\(/;
s/buf_remove_from_front\(/buf_drain\(/;
s/peek_buf_startswith\(/buf_peek_startswith\(/;
s/assert_buf_ok\(/buf_assert_ok\(/;
2017-09-05 13:57:51 -04:00
Nick Mathewson
336aa21e37 Move buffers.c and buffers_tls.c into src/common
These are no longer tor-specific, so they can be part of the
infrastructure.
2017-09-05 13:57:51 -04:00
Nick Mathewson
150089cbd7 Move the tls parts of buffers.c into buffers_tls.c 2017-09-05 13:57:51 -04:00
Nick Mathewson
5921b465e7 Make buffers.c independent of or.h
Also, put ext_or function in new module; it had accidentally gotten
into proto_socks.c
2017-09-05 13:57:51 -04:00
Nick Mathewson
f28e314b0d Make buf_pullup() expose the pulled-up data.
This lets us drop the testing-only function buf_get_first_chunk_data(),
and lets us implement proto_http and proto_socks without looking at
buf_t internals.
2017-09-05 13:57:51 -04:00
Nick Mathewson
cddac959e7 Replace buf->datalen usage in proto_*.c with buf_datalen() call.
This lets us remove BUFFERS_PRIVATE from two of the modules.
2017-09-05 13:57:51 -04:00
Nick Mathewson
234c5015f1 Move protocol-specific functions out of buffers.c
This commit does not change the implementation of any function: it
only moves code and adds new includes as necessary.  Part of #23149.
2017-09-05 13:57:51 -04:00
Nick Mathewson
fd0a894d28 Bump to 0.3.1.6-rc-dev 2017-09-05 10:20:34 -04:00
David Goulet
7eaf055b28 test: Fix memory leak in hs_descriptor/decode_bad_signature
Fixes #23319

Cherry-picked from master; bug not in any released Tor.
2017-09-05 09:26:21 -04:00
Nick Mathewson
2d55620a9e Bump version to 0.3.1.6-rc 2017-09-05 08:30:52 -04:00
Nick Mathewson
56df123933 Merge branch 'bug23331_032_01_squashed' 2017-09-05 08:24:28 -04:00
David Goulet
9e900d1db7 hs: Don't enter the HS v3 subsystem without a live consensus
The service needs the latest SRV and set of relays for the best accurate
hashring to upload its descriptor to so it needs a live consensus thus don't
do anything until we have it.

Fixes #23331

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-05 08:24:22 -04:00
Nick Mathewson
42394053c9 Merge branch 'maint-0.3.1' 2017-09-04 15:48:12 -04:00
Nick Mathewson
4d97efd4d1 Merge branch 'bug22752_031_simple' into maint-0.3.1 2017-09-04 15:48:01 -04:00
Nick Mathewson
33989cd002 Merge remote-tracking branch 'dgoulet/bug23366_032_01' 2017-09-04 12:48:26 -04:00
Nick Mathewson
834e1f8085 Merge remote-tracking branch 'asn/bug23346' 2017-09-04 12:30:51 -04:00
Nick Mathewson
109cfebca5 Merge remote-tracking branch 'dgoulet/bug23327_032_01' 2017-09-04 12:24:05 -04:00
Nick Mathewson
85688dc33d Merge branch 'bug23360_032_01' 2017-09-04 12:11:43 -04:00
David Goulet
8c41196254 hs: Remove dead code and uneeded feature
When merging #20657, somehow hs_service_dir_info_changed() became unused
leading to not use the re-upload to HSDir when we were missing information
feature.

Turns out that it is not possible to pick an HSDir with a missing descriptor
because in order to compute the HSDir index, the descriptor is mandatory to
have so we can know its position on the hashring.

This commit removes that dead feature and fix the
hs_service_dir_info_changed() not being used.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-04 12:11:31 -04:00
Nick Mathewson
e72dec18a9 Merge remote-tracking branch 'asn/ticket23056_v2' 2017-09-04 12:09:03 -04:00
Nick Mathewson
948be49ce0 22752: Improve comments to explain why we're doing this fix.
Based on questions and comments from dgoulet, I've tried to fill
in the reasoning about why these functions work in the way that they
do, so that it will be easier for future programmers to understand
why this code exists and works the way it does.
2017-09-04 11:54:49 -04:00
Nick Mathewson
e2e13e7c8a Merge branch 'maint-0.3.1' 2017-09-04 11:40:02 -04:00
Nick Mathewson
a7aeb6f58f Merge remote-tracking branch 'public/bug23275_031' into maint-0.3.1 2017-09-04 11:39:28 -04:00
David Goulet
a52a32c855 hs: Set rendezvous circuit timestamp_dirty all the time
We used to check if it was set to 0 which is what unused circuit have but when
the rendezvous circuit was cannibalized, the timestamp_dirty is not 0 but we
still need to reset it so we can actually use it without having the chance of
expiring the next second (or very soon).

Fixes #23123

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-31 11:40:22 -04:00
David Goulet
651629cbdf config: Make parse_outbound_addresses() return failures
The function was never returning an error code on failure to parse the
OutboundAddress* options.

In the process, it was making our test_options_validate__outbound_addresses()
not test the right thing.

Fixes #23366

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-31 08:29:09 -04:00
Daniel Pinto
23147dd168 Adds files included by torrc and defaults to sandbox filter #22605 2017-08-30 18:20:07 +01:00
David Goulet
22295759af prop224: Purge client state on NEWNYM
Closes #23355

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-30 09:15:54 -04:00
George Kadianakis
b9f849bdee prop224: Clear list of prev hsdirs before we upload all descs.
This fixes a serious bug in our hsdir set change logic:

We used to add nodes in the list of previous hsdirs everytime we
uploaded to a new hsdir and we only cleared the list when we built a new
descriptor. This means that our prev_hsdirs list could end up with 7
hsdirs, if for some reason we ended up uploading our desc to 7 hsdirs
before rebuilding our descriptor (e.g. this can happen if the set of
hsdirs changed).

After our previous hdsir set had 7 nodes, then our old algorithm would
always think that the set has changed since it was comparing a smartlist
with 7 elements against a smartlist with 6 elements.

This commit fixes this bug, by clearning the prev_hsdirs list before we
upload to all hsdirs. This makes sure that our prev_hsdirs list always
contains the latest hsdirs!
2017-08-30 15:42:25 +03:00
George Kadianakis
1dc21b8790 prop224: Simplify HSDir set change algo.
Our logic for detecting hsdir set changes was needlessly compicated: we
had to sort smartlists and compare them.

Instead, we can simplify things by employing the following logic:
"We should reupload our descriptor if the latest HSDir set contains
nodes that were not previously there"
2017-08-30 15:30:22 +03:00
George Kadianakis
d3cefddfc5 prop224 test: Improve desc_reupload_logic() test with more nodes. 2017-08-30 15:29:30 +03:00
George Kadianakis
ac9066660e prop224 test: Simplify interface for adding nodes to hash ring.
We want to have tests with big hash rings so let's make it an one-liner
to add nodes.
2017-08-30 15:29:30 +03:00
David Goulet
0850ae5049 hs: Implement an HS client free all function
Called from main.c, the function for now purges the hidden service directory
request cache.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-29 16:02:13 -04:00
Nick Mathewson
da159c45e2 On windows, allow many entries in conscache directories
Since we can't be sure that we can unlink enough files on windows
here, let's let the number of permitted entries grow huge if it
really must.

We do this by letting the storagedir hold lots of entries, but still
trying to keep the number of entries under the configured limit.  We
also have to tell consdiffmgr not to freak out if it can't actually
remove enough entries.

Part of a fix for bug 22752
2017-08-29 13:03:36 -04:00
Nick Mathewson
5e97b34daa On windows, don't force-unlink active conscache objects.
Part of a fix for bug 22752: We can't unlink these because Windows
doesn't allow you to unlink an in-use file.
2017-08-29 13:02:02 -04:00
Nick Mathewson
209bfe715c Merge branch 'maint-0.3.1' 2017-08-29 11:11:12 -04:00
Nick Mathewson
6307a759ed Merge remote-tracking branch 'dgoulet/bug22159_031_01' into maint-0.3.1 2017-08-29 11:11:09 -04:00
Nick Mathewson
5e08cf350b Add test_hs_descriptor.inc to include.am to unbreak distcheck. 2017-08-29 10:57:13 -04:00
Nick Mathewson
3cf8da02f7 Merge remote-tracking branch 'asn/bug23343' 2017-08-28 15:49:11 -04:00
David Goulet
6507ecb7e8 hs: Fix the intro circuit max retry
Some parentheses were missing making the rend_max_intro_circs_per_period()
return a lower value than it was suppose to.

The calculation is that a service at most will open a number of intro points
that it wants which is 3 by default or HiddenServiceNumIntroductionPoints. Two
extra are launched for performance reason. Finally, this can happen twice for
two descriptors for the current and next time period.

From:
  2 * n_intro_wanted + 2

...which resulted in 8 for 3 intro points, this commit fixes it to:

  (n_intro_wanted + 2) * 2

... resulting in 12 possible intro point circuit which is the correct maximum
intro circuit allowed per period.

Last, this commit rate limits the the log message if we ever go above that
limit else over a INTRO_CIRC_RETRY_PERIOD, we can print it often!

Fixes #22159

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-28 14:43:42 -04:00
Nick Mathewson
5ef656e7d1 Temporarily disable compilation of the v3 hs fuzzing code
Turns out, it wasn't up-to-date with the latest v3 hs API :(
2017-08-28 14:12:56 -04:00
Nick Mathewson
f53d405084 Fix compilation. 2017-08-28 14:00:00 -04:00
Nick Mathewson
18bc7fa70b Merge remote-tracking branch 'haxxpop/fuzzing-hsv3' 2017-08-28 13:46:24 -04:00
George Kadianakis
e94f68e301 fixup! prop224: Fix length check when purging hidserv requests.
Improve doc based on david's comments.
2017-08-28 19:55:26 +03:00
Nick Mathewson
63fc23f826 Merge branch 'ticket22348_031' into maint-0.3.1 2017-08-28 11:44:18 -04:00
Nick Mathewson
c107aae3c2 Merge branch 'ticket22348_031' 2017-08-28 11:43:55 -04:00
Nick Mathewson
ab166fe68f Try to improve the keypinning-failure message even more 2017-08-28 11:35:30 -04:00
Nick Mathewson
4b4b3afb56 Merge branch 'bug22802_squashed' 2017-08-28 10:23:05 -04:00
Nick Mathewson
b88d00fea3 Don't fall back to _atoi64
We only did this on windows when building with MSVC 6 and earlier,
which is now considered a screamingly bad idea.
2017-08-28 10:21:29 -04:00
Nick Mathewson
e37c1df9cd Don't use "0" as a "base" argument to tor_parse_*().
Telling these functions to autodetect the numeric base has lead to
trouble in the past.

Fixes bug 22469. Bugfix on 0.2.2.various.
2017-08-28 10:21:29 -04:00
Nick Mathewson
5b8956df3b In test_establish_intro_wrong_purpose, use tt_i64_op on ssize_t
Since ssize_t is signed and might be 64 bits, we should use
tt_i64_op to make sure it's positive.  Otherwise, if it is negative,
and we use tt_u64_op, we'll be treating it as a uint64_t, and we
won't detect negative values.

This fixes CID 1416338 and 1416339.  Bug not in any released Tor.
2017-08-28 10:11:49 -04:00
Nick Mathewson
8de4a80125 Fix unlikely memory leak introduced in 418f3d6298
This is CID 1416880; bug not in any released Tor.
2017-08-28 10:08:52 -04:00
Nick Mathewson
b27c029266 Merge remote-tracking branch 'asn/bug23335' 2017-08-28 10:05:21 -04:00
George Kadianakis
93a0a4a422 prop224: Fix length check when purging hidserv requests.
That check was wrong:

a) We should be making sure that the size of `key` is big enough before
   proceeding, since that's the buffer that we would overread with the
   tor_memeq() below.

   The old check used to check that `req_key_str` is big enough which is
   not right, since we won't read deep into that buffer.

   The new check makes sure that `key` has enough size to survive the
   tor_memeq(), and if not it moves to the next element of the strmap.

b) That check shouldn't be a BUG since that strmap contains
   variable-sized elements and we should not be bugging out if we happen
   to compare a small sized element (v2) to a bigger one (v3).
2017-08-28 16:34:16 +03:00
George Kadianakis
d4f1b566e1 prop224: Add test that exposes the #23343 bug. 2017-08-28 16:34:13 +03:00
George Kadianakis
b1cb16867e Fix compilation warning on old clangs. 2017-08-28 15:00:09 +03:00
George Kadianakis
ad56a342b4 Silence some leftover warnings. 2017-08-28 14:54:36 +03:00
David Goulet
e8c584176b hs: Note the connection attempt if descriptor is unusable
This way, we can clear off the directory requests from our cache and thus
allow the next client to query those HSDir again at the next SOCKS connection.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-25 13:39:40 -04:00
David Goulet
11443bb74c hs: Implement note_connection_attempt_succeeded()
v3 client now cleans up the HSDir request cache when a connection to a service
was successful.

Closes #23308

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-25 13:23:55 -04:00
Nick Mathewson
96aed28f14 New GETINFO target to check if geoip is loaded
Closes ticket 23237.
2017-08-25 12:25:05 -04:00
Nick Mathewson
b91dce9454 Merge branch 'maint-0.3.1' 2017-08-25 11:39:38 -04:00
Nick Mathewson
6069c829f9 Merge branch 'bug19418_029' into maint-0.3.1 2017-08-25 11:38:24 -04:00
Nick Mathewson
0de3147bf1 fix wide lines 2017-08-25 11:34:42 -04:00
Nick Mathewson
82b581f3fc Merge remote-tracking branch 'asn/bug23309_v2' 2017-08-25 11:31:53 -04:00
George Kadianakis
6d48e75685 prop224: Better missing hsdir index logs.
Seems like hsdir index bugs are around to haunt us. Let's improve the
log messages to make debugging easier.
2017-08-25 17:18:05 +03:00
George Kadianakis
ea5af8f442 prop224: When HUPing, move HS state from old to new service.
We used to not copy the state which means that after HUP we would forget
if we are in overlap mode or not. That caused bugs where the service
would enter overlap mode twice, and rotate its descs twice, causing all
sorts of bugs.
2017-08-25 17:18:05 +03:00
George Kadianakis
409ecbec52 prop224: Be more careful to not overwrite descriptors in HUP. 2017-08-25 17:18:05 +03:00
George Kadianakis
17fd2c8a51 prop224: Move function move_descriptors() around.
We want to use some static functions so move it below them.
2017-08-25 17:18:05 +03:00
David Goulet
a9fb97e91a prop224: Don't move intro points but rather descriptors
Apart from the fact that a newly allocated service doesn't have descriptors
thus the move condition can never be true, the service needs the descriptor
signing key to cross-certify the authentication key of each intro point so we
need to move the descriptors between services and not only the intro points.

Fixes #23056

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-25 17:18:05 +03:00
David Goulet
2549b3e923 sandbox: Fix double free when initializing HSv3 filenames
Don't free a reference that has been stolen.

Fixes #23329

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-25 09:28:10 -04:00
George Kadianakis
e07b677bd9 prop224: Move service_desc_hsdirs_changed() and make it static.
That function could be static but needed to be moved to the top.
2017-08-25 14:41:06 +03:00
George Kadianakis
c980be9511 prop224: Refactor descriptor reupload logic.
We refactor the descriptor reupload logic to be similar to the v2 logic
where we update a global 'consider_republishing_rend_descriptors' flag
and then we use that to check for hash ring changes during the global
hidden service callbacks.

This fixes bugs where we would inspect the hash ring immediately as we
receive new dirinfo (e.g. consensus) but before running the hidden
service housekeeping events. That was leaving us in an inconsistent
state wrt hsdir indices and causing bugs all around.
2017-08-25 14:41:06 +03:00
George Kadianakis
8b8e39e04b prop224: Refactor descriptor rotation logic.
The problem was that when we went from overlap mode to non-overlap mode,
we were not wiping the 'desc_next' descriptor and instead we left it on
the service. This meant that all functions that iterated service
descriptors were also inspecting the useless 'desc_next' descriptor that
should have been deleted.

This commit refactors rotate_all_descriptors() so that it rotates
descriptor both when entering overlap mode and also when leaving it.
2017-08-25 14:41:06 +03:00
Nick Mathewson
408ed52e3d Remove the AUTHDIR_NEWDESCS feature: nobody is using it any more
If somebody asks for it, log a warning.

Closes ticket 22377.
2017-08-24 16:53:35 -04:00
David Goulet
dfaa5c65f9 test: Fix memory leak in hs_descriptor/decode_bad_signature
Fixes #23319

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 16:21:44 -04:00
Nick Mathewson
a007c02df0 Re-run trunnel. Cosmetic changes only. 2017-08-24 16:13:01 -04:00
Alexander Færøy
77b92c2214 Ensure that make check-spaces is happy.
The `test-operator-cleanup` patch, and related coccinelle patches,
don't do any checks for line length. This patch fixes the line
length issues caused by the previous commits.
2017-08-24 16:09:41 -04:00
Nick Mathewson
011d94fb11 apply ahf's test_assert_null.cocci 2017-08-24 15:55:27 -04:00
Nick Mathewson
047790a253 apply ahf's test_assert_int.cocci 2017-08-24 15:49:59 -04:00
Nick Mathewson
0b36208fd8 apply ahf's test_assert_zero.cocci 2017-08-24 15:34:34 -04:00
Nick Mathewson
067a4422fe Apply ahf's ceil_div.cocci patch. 2017-08-24 15:33:27 -04:00
Nick Mathewson
e884248118 Fix a needless line-continuation in aes.c
coccinelle was getting confused
2017-08-24 15:32:30 -04:00
Nick Mathewson
1d0f7b7ccd Apply test-operator-cleanup to src/common too. 2017-08-24 15:26:57 -04:00
Alexander Færøy
c4744a01cc Fix operator usage in src/test/*.c
This patch fixes the operator usage in src/test/*.c to use the symbolic
operators instead of the normal C comparison operators.

This patch was generated using:

    ./scripts/coccinelle/test-operator-cleanup src/test/*.[ch]
2017-08-24 15:24:34 -04:00
Nick Mathewson
91c6bc160b Merge remote-tracking branch 'dgoulet/ticket17242_032_03-squashed' 2017-08-24 15:12:16 -04:00
George Kadianakis
dc0264f659 Silence some spammy log messages. 2017-08-24 13:03:29 -04:00
David Goulet
e546ac6b32 circuit: Consider v3 hidden service circuit in circuit_expire_building()
For a ready v3 rendezvous circuit, consider it so we don't expire.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:29 -04:00
David Goulet
a112562544 hs: Update intro circuit timestamp when re-extending
A client can re-extend up to 3 intro points on the same circuit. This happens
when we get NACKed by the intro point for which we choose a new intro and
re-extend the circuit to it.

That process can be arbitrarly long so reset the dirty timestamp of the
circuit everytime we choose to re-extend so we get a bit more time to actually
do our introduction.

This is a client circuit so it is short live once opened thus giving us a bit
more time to complete the introduction is ok.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:29 -04:00
David Goulet
1077e9894c circuit: Avoid needless log info in circuit_get_best()
When looking for an introduction circuit in circuit_get_best(), we log an info
message if we are about to launch a new intro circuit in parallel. However,
the condition was considering marked for close circuit leading to the function
triggering the log info even though there is actually no valid intro circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:29 -04:00
David Goulet
dca105d588 prop224: Register RP circuit when it opens
Only register the RP circuit when it opens and not when we send the INTRODUCE1
cell else, when re-extending to a new IP, we would register the same RP
circuit with the same cookie twice leading to the circuit being closed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:29 -04:00
David Goulet
954f663831 prop224: Try to recover from a bad intro circuit
Changed the assert_intro_circ_ok() to an almost non fatal function so tor can
recover properly. We keep the anonymity assert because if that is not right,
we have much deeper problems and client should stop sending bytes to the
network immediately.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
5f94c4a0f1 prop224: Refactor how we use connection_ap_handle_onion
Simply directly return its returned value.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
98efb646fc hs: Remove unused rend_client_rendezvous_acked()
This function has been replaced by hs_client_receive_rendezvous_acked(() doing
the same exact thing for both v2 and v3 service.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
a16627db1f prop224: Add a function to find an intro point by legacy ID
The client needs to find the right intro point object from the circuit
identity digest it is opened to. This new function does that.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
7c543412fc prop224: Add a function to clear INTRO data
New function named hs_cell_introduce1_data_clear() is introduced to clear off
an hs_cell_introduce1_data_t object.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
cb462b95b7 prop224: Rename hs_desc_encode_lspec()
Give it a name that shows the transition from a descriptor link spec to a
trunnel link spec.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
61009d40d1 hs: Stub link_specifier_t in hs_descriptor.h
Avoid including a huge trunnel interface everytime we include hs_descriptor.h

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
e046e6fb48 prop224: Update OOM counters when storing a client descriptor cache object
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
68887fdc5d prop224: Update OOM counters when freeing a client descriptor cache object
When we free a client descriptor cache object, tell the OOM handler.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
47672ec1c7 prop224: Check decoded descriptor matches the expected blinded key
When a client decodes a descriptor, make sure it matches the expected blinded
key which is derived from the hidden service identity key.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
520fcdf2f3 test: Fix broken HS upload descriptor test
We can't trigger a valid upload because it would require us to MOCK a long
list of functions ultimately not really testing the upload because we aren't
on a running network.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Conflicts:
	src/test/test_hs_service.c
2017-08-24 13:03:28 -04:00
David Goulet
31da3898e7 prop224: Add directory_request_fetch_set_hs_ident()
Needed by the client when fetching a descriptor. This function checks the
directory purpose and hard assert if it is not for fetching.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
a64ef7d6c5 prop224: Implement hs_client_any_intro_points_usable()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
14b858c4ce prop224: Use the intro point state cache
This commit makes the client use the intro point state cache. It notes down
when we get a NACK from the intro point and then uses that cache to decide if
it should either close the circuits or re-extend to a new intro point.

This also introduces a very useful function that checks if an intro point is
usable that is query the state cache and checks a series of requirement.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
2671399e67 prop224: Add a client intro point state cache
This cache keeps track of the state of intro points which is needed when we
have failures when using them. It is similar to the failure cache of the
legacy system.

At this commit, it is unused but initialized, cleanup and freed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
88b843608a prop224: Move and refactor rend_client_reextend_intro_circuit()
This moves it to hs_client.c so it can be used by both system (legacy and
prop224). For now, only the legacy system uses it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
88f64eee68 hs: Update the IP failure cache only if legacy
Don't assert() on rend_data when closing circuits to report an IP failure. The
prop224 code doesn't have yet the support for this.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
379ad6f6eb prop224: Use the client-side circuitmap in hs_client.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
3152c583af prop224: Add client-side rend circuit support to HS circuitmap
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
e67f8623f9 hs: Only note a connection attempt with a valid rend_data
For now, prop224 doesn't have a mechanism to note down connection attempts so
we only do it for legacy system using rend_data.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
9af3116306 prop224: Handle RENDEZVOUS2 cell
The client can now handle RENDEZVOUS2 cell when they arrive. This consolidate
both hidden service version in one function.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
ee15c16742 prop224: Parse RENDEZVOUS2 cell
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
2f1b3d647f trunnel: Add RENDEZVOUS2 cell definition
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
fca2f64e2f prop224: Handle INTRODUCE_ACK cell
The client is now able to handle an INTRODUCE_ACK cell and do the appropriate
actions.

An intro point failure cache is missing and a way to close all intro point
that were launched in parallel. Some notes are in the comment for that.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
cb336a7062 prop224: Parse INTRODUCE_ACK cell
Add a function to parse an INTRODUCE_ACK cell in hs_cell.c. Furthermore, add
an enum that lists all possible expected status code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
e7c06e6947 prop224: Make client send INTRODUCE1 cell
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
abb840bf64 prop224: Client function to pick intro point
From an edge connection object, add a function that randomly pick an
introduction point for the requested service.

This follows the code design of rend_client_get_random_intro() and returns an
extend_info_t object ready to be used to extend to.

At this commit, it is not used yet.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
c38144bb0f prop224: Client callback when descriptor has arrived
When a descriptor fetch has completed and it has been successfully stored in
the client cache, this callback will take appropriate actions to attach
streams and/or launch neede circuits to connect to the service.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
89eb96c19a prop224: Handle client RENDEZVOUS_ESTABLISHED cell
Client now handles a RENDEZVOUS_ESTABLISHED cell when it arrives on the
rendezvous circuit. This new function applies for both the legacy system and
prop224.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
b91693f7c3 prop224: Build ESTABLISH_RENDEZVOUS cell and logic
Add a function to build the cell.

Add a the logic to send the cell when the rendezvous circuit opens.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
6eb125d14b prop224: Client has opened circuit logic
Make a single entry point for the entire HS subsystem when a client circuit
opens (every HS version).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
d599325b5e prop224: Build INTRODUCE1 cell and send logic
Add a function in hs_cell.{c|h} for a client to build an INTRODUCE1 cell using
an object that contains all the needed keys to do so.

Add an entry point in hs_client.c that allows a tor client to send an
INTRODUCE1 cell on a given introduction circuit.

It includes the building of the cell, sending it and the setup of the
rendezvous circuit with the circuit identifier.

The entry point function is still unused at this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
8a552bf49b prop224: Make lspecs to extend info public
The hs circuit file had this function that takes a list of link specifiers and
return a newly allocated extend info object. Make it public so the client side
can also use it to be able to extend to introduction point.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
8e2854372d prop224: Helper function to assert on invalid client intro circuit
Put all the possible assert() we can do on a client introduction circuit in
one helper function to make sure it is valid and usable.

It is disabled for now so gcc doesn't complain that we have a unused function.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
b13ee8e4ae hs: Move link specifier encoding to a function
This commit only moves code into a function. The client code will need a way
to take a bunch of descriptor link specifier object and encode them into link
specifiers objects.

Make this a public function so it can be used outside of hs_descriptor.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
6222eae8ca conn: Add a function to return a list of connection by state
This will be useful to the hidden service subsystem that needs to go over all
connections of a certain state to attach them to a hidden service circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
6eb9de1b8c test: Add tests for fetching descs and handling SOCKS conns.
- Add tests that ensure that SOCKS requests for v2/v3 addresses get
  intercepted and handled.

- Add test that stores and lookups an HS descriptor in the client-side cache.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
79ff2e014f hs: Fix comment of the get max size descriptor function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
b2a820958e prop224: Rename hs_client_note_connection_attempt_succeeded()
This is a static function so don't polute the hs_client_ namespace.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
David Goulet
343af1a9cf prop224: Add the dir purpose HAS_FETCHED
Once a descriptor has been successfully downloaded from an HSDir, we flag the
directory connection to "has fetched descriptor" so the connection subsystem
doesn't trigger a new fetch on success.

Same has DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 but for prop224.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
f93b77a18c prop224: Add client code to handle fetched HS descriptors.
This code handles received HS descriptors by storing them in the
client-side HS cache.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
ebacf4dd6e prop224: Introduce v2/v3 HS desc fetch retry functionality.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
776e796d96 prop224: Connect to v3 services in connection_ap_handle_onion().
Recognize and handle v3 addresses.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
c754864cfd prop224: Add code that launches v3 HS desc fetches.
Entry point is hs_client_refetch_v3_renddesc().

Will be used in subsequent commits.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
0f6633abb2 prop224: Refactor pick_hsdir() to be used by both v2 and v3.
Also refactor rendclient.c to use the new hs_pick_hdsir() func.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
5c9cd912ee prop224: Refactor rendclient.c to use the new hsdir_req code.
- Also add tests for the hidserv_req subsystem.
- Introduce purge_v2_hidserv_req() wrapper to simplify v2 code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
15c9b7e891 prop224: Fix hidserv request code to work for both v2 and v3.
See documentation of `last_hid_serv_requests_` for how it works. strmaps are
cool!

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:28 -04:00
George Kadianakis
912c11761c prop224: Move some rendclient.c code to hs_common.c
Specifically move the pick_hsdir() function and all the HSDir request tracking
code. We plan to use all that code both for v2 and v3.

This commit only moves code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:27 -04:00
George Kadianakis
7aef3ec0fd prop224: Add client-side HS descriptor cache.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-24 13:03:27 -04:00
Nick Mathewson
b5c5086aba Merge branch 'bug23106_032' 2017-08-24 09:45:03 -04:00
Nick Mathewson
35a29e81ae Merge branch 'bug19281_025' 2017-08-24 09:27:26 -04:00
Nick Mathewson
d37e8b407a Merge branch 'feature22976_squashed' 2017-08-24 09:23:43 -04:00
Nick Mathewson
a0bb1ff6ab Also disable spawning on Sandbox.
This isn't a functional change, but it makes our logic more clear,
and catches bugs earlier.
2017-08-24 09:23:32 -04:00
Nick Mathewson
f4f828640f Merge branch 'bug22779_031' 2017-08-24 09:18:39 -04:00
Nick Mathewson
18f3f1ffa3 add parenthesis to make cast work right. 2017-08-23 13:12:58 -04:00
Nick Mathewson
ee73c1848e Add test_hs_descriptor.inc to include.am to unbreak distcheck. 2017-08-23 13:08:59 -04:00
Nick Mathewson
86ee35ad5b Don't do expensive consensus stuff when not a cache.
This includes generating and storing compressed consensuses, and
consensus diffs.  Fixes bug 23275; bugfix on 0.3.1.1-alpha.
2017-08-23 10:22:51 -04:00
Nick Mathewson
80d3887360 Refactor node lookup APIs to take flags
Right now there's a single warn_if_unnamed flag for
router_get_consensus_status_by_nickname() and
node_get_by_nickname(), that is nearly always 1.  I've turned it
into an 'unsigned' bitfield, and inverted its sense.  I've added the
flags argument to node_get_by_hex_id() too, though it does nothing
there right now.

I've removed the router_get_consensus_status_by_nickname() function,
since it was only used in once place.

This patch changes the warning behavior of GETINFO ns/name/<name>,
since all other name lookups from the controller currently warn.

Later I'm going to add more flags, for ed25519 support.
2017-08-22 19:13:40 -04:00
Nick Mathewson
d7a3e336ee Remove some support for nickname-based hexdigests
We once used $X=N to mean "A relay with RSA ID digest X with the
Named flag and the nickname N."  But authorities no longer assign
the Named flag.
2017-08-22 18:47:57 -04:00
Nick Mathewson
40887b4d2e Unit tests for maintaining ed25519->node map. 2017-08-22 16:12:58 -04:00
Ties Stuij
2e99f839e9 22839: Build tor with rust enabled on win
- make tor_util static library name configurable
- fix Rust libary dependency order for Windows
2017-08-21 15:08:24 -04:00
Nick Mathewson
8f8a061b0c Merge branch 'maint-0.3.1' 2017-08-21 15:08:17 -04:00
Nick Mathewson
10b2428224 Merge branch 'bug23291_028' into maint-0.3.1 2017-08-21 15:06:39 -04:00
Ties Stuij
7ba873ca2d 22839: fix check_heap_buffer buffer size in test-memwipe 2017-08-21 15:03:54 -04:00
Nick Mathewson
6f3208670a Merge branch 'maint-0.3.1' 2017-08-21 14:20:38 -04:00
Nick Mathewson
6be0e28670 whitespace fixes 2017-08-21 14:18:41 -04:00
George Kadianakis
1491c0d024 Fix triggerable BUG() when decoding hsv3 descriptors.
Also improve the unittest to make sure it catches the right error.
2017-08-21 19:16:45 +03:00
George Kadianakis
45732a1a13 Add unittest for #23233.
This will fail currently since the bug is not fixed yet.
2017-08-21 19:16:30 +03:00
George Kadianakis
5d89ea1e6c prop224: Decouple the HS part of connection_ap_handshake_rewrite_and_attach().
We will need to edit this function, and it's already pretty huge. Let's make
it a bit smaller.

This commit moves code, fixes a 80 char line and add two lines at the start to
make it compile. Trivial change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-19 16:42:26 +03:00
George Kadianakis
bce18a7642 prop224: Refactor parse_extended_hostname() to parse v3 addrs.
We need this func so that we recognize SOCKS conns to v3 addresses.

- Also rename rend_valid_service_id() to rend_valid_v2_service_id()

- Also move parse_extended_hostname() tests to their own unittest, and
  add a v3 address to the test as well.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-19 16:42:26 +03:00
George Kadianakis
3e593f09ad prop224: Recompute all HSDir indices when we enter overlap mode.
When we enter overlap mode we start using the next hsdir index of
relays. However, we only compute the next hsdir index of relays when we
receive a consensus or their descriptor. This means that there is a
window of time between entering the overlap period and fetching the
consensus where relays have their next hsdir index uninitialized. This
patch fixes this by recomputing all hsdir indices when we first enter
the overlap period.
2017-08-19 16:29:23 +03:00
George Kadianakis
7823c98a38 prop224: Improve descriptor reupload logic.
We want to reupload our descriptor if its set of responsible HSDirs
changed to minimize reachability issues.

This patch adds a callback everytime we get new dirinfo which checks if
the hash ring changed and reuploads descriptor if needed.
2017-08-19 16:28:48 +03:00
George Kadianakis
26c85fcc86 test: Improve get_responsible_hsdirs test. 2017-08-19 16:28:48 +03:00
George Kadianakis
1f7b8012ae prop224: Only upload descriptor if we have good hash ring and SRV.
Make sure we have a live consensus (for SRV) and enough descriptors (for
hash ring).

Also fix unittests that broke.
2017-08-19 16:28:47 +03:00
George Kadianakis
43343ec019 prop224: Improve our checks for unset HSDir index.
We used to not check next hsdir index.
2017-08-19 16:28:43 +03:00
David Goulet
5750f18bc7 sr: Log voting schedule at debug level
Because the HS subsystem calls it every second, change the log level to debug
so it doesn't spam the info log.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-19 16:20:07 +03:00
Suphanat Chunhapanya
97347b1109 Fuzz outer layer of hsv3 descriptor
The code in fuzz_hsdescv3.c fuzzes the unencrypted layer of the hsv3
descriptor. We need to fuzz the encrypted layer later.
2017-08-13 17:50:51 +07:00
Suphanat Chunhapanya
c860282fc0 Mock rsa_ed25519_crosscert_check
This commit just mocks the rsa_ed25519_crosscert_check to be used later
in the fuzzer.
2017-08-13 16:15:40 +07:00
David Goulet
257f50b22f Make Windows happy for time_t printf format
Our Windows compiler treats "time_t" as long long int but Linux likes it
long int so cast those to make Windows happy.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-11 15:08:45 -04:00
David Goulet
598bf986b6 test: Fix typing issues found by clang
Partially fix #23224.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-11 14:59:28 -04:00
David Goulet
9df4261407 test: Fix memory leak in test_hs_common.c
Partially fixes #23223

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-11 14:46:27 -04:00
David Goulet
60c7da71ab test: Fix hs common test for Windows
Use the PATH_SEPARATOR for a path comparaison so it works with Windows as
well.

Partially fix #23223

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-11 14:42:20 -04:00
Nick Mathewson
efbd4a33f4 Raise MIN_DL_PER_REQUEST to 32
This change should improve overhead for downloading small numbers of
descriptors and microdescriptors by improving compression
performance and lowering directory request overhead.

Closes ticket 23220.
2017-08-11 13:54:01 -04:00
Nick Mathewson
a368cadf95 Merge branch 'bug18982' 2017-08-11 12:11:42 -04:00
Nick Mathewson
c3a0cdeaab Add # to "hop N" messages to disambiguate from old messages. 2017-08-11 12:11:27 -04:00
Nick Mathewson
6247f5a5ba Merge branch 'maint-0.3.1' 2017-08-11 11:51:06 -04:00
Nick Mathewson
133e1e870b Merge remote-tracking branch 'dgoulet/bug23091_032_01' 2017-08-11 09:39:57 -04:00
Nick Mathewson
92b1dfd50e In node_get_ed25519_id, detect and warn on inconsistent IDs.
This shouldn't actually be possible, but it's worth checking for.
2017-08-09 15:00:32 -04:00
Nick Mathewson
fed3a08d8c Support the ed25519 map in nodelist_assert_ok() 2017-08-09 14:00:30 -04:00
Nick Mathewson
fc212458a6 Set formerly-unused fields of a stack-allocated routerinfo 2017-08-09 13:49:34 -04:00
Nick Mathewson
3cddd6570c Add a hashtable mapping to nodes from ed25519 ids 2017-08-09 13:45:03 -04:00
Nick Mathewson
b4963da987 Treat a bad tor_spawn_background() as a BUG().
The contract is that, if may_spawn_background_process() is 0, you're
not even allowed to try to spawn a process.
2017-08-09 10:58:07 -04:00
Nick Mathewson
5fa8d05bfa Block managed proxies at a higher point 2017-08-09 10:58:07 -04:00
Nick Mathewson
801aa5d03b Block the port-forwarding helper at a higher point 2017-08-09 10:58:07 -04:00
Nick Mathewson
eb43401bfb Add a 'NoExec' option that causes tor_spawn_background() to fail
Core of an implementation for 22976.
2017-08-09 10:45:48 -04:00
Nick Mathewson
94352368db Remove the #if 0ed code that was supposed to let the sandbox allow exec 2017-08-09 10:36:45 -04:00
Nick Mathewson
418f3d6298 Make sure we always wind up checking i2d_*'s output.
The biggest offender here was sometimes not checking the output of
crypto_pk_get_digest.

Fixes bug 19418.  Reported by Guido Vranken.
2017-08-09 09:24:16 -04:00
Nick Mathewson
6f7d548bc4 Make write_escaped_data more robust to large inputs.
The old implementation would fail with super-long inputs. We never
gave it any, but still, it's nicer to dtrt here.

Reported by Guido Vranken. Fixes bug 19281.
2017-08-09 09:02:12 -04:00
Nick Mathewson
d2713b4ddc fix another 32-bit warning 2017-08-09 08:32:39 -04:00
Nick Mathewson
a3685ba0c5 Fix a warning on 32-bit clang 2017-08-09 08:31:44 -04:00
George Kadianakis
21e5146529 prop224: Fix coverity warnings from #20657 merge.
- Fix various ssize_t/size_t confusions in the tests.

- Fix a weird memset argument:
  "bad_memset: Argument -16 in memset loses precision in
  memset(&desc_two->blinded_kp.pubkey.pubkey, -16, 32UL)."

- Fix check_after_deref instance in check_state_line_for_service_rev_counter():
  "check_after_deref: Null-checking items suggests that it may be null,
  but it has already been dereferenced on all paths leading to the
  check."
2017-08-09 13:49:12 +03:00
Nick Mathewson
8e84968ffb Re-run trunnel. 2017-08-08 20:34:39 -04:00
Nick Mathewson
34e4122025 Merge branch 'ticket20657_nickm_bugfixes_squashed' 2017-08-08 20:31:57 -04:00
Nick Mathewson
2f17743d6f Put comment in the trunnel file, so it wont go away. 2017-08-08 20:31:47 -04:00
George Kadianakis
686891d67e prop224: Add XXX about opaqueness of link_specifier_t. 2017-08-08 20:29:35 -04:00
George Kadianakis
5c4f4acedb prop224: Function to inc/decrement num rendezvous stream
Add a common function for both legacy and prop224 hidden service to increment
and decrement the rendezvous stream counter on an origin circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:35 -04:00
David Goulet
400ba2f636 prop224: Always note down the use of internal circuit
Also, this removes all the callsite of this rephist in the hs subsystem

Fixes #23097

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:35 -04:00
George Kadianakis
0a0bbfe96f Add note about handling INTRODUCE2 cells.
Also fix a check-spaces instance.
2017-08-08 20:29:35 -04:00
George Kadianakis
ff249ee4a6 Start caching disaster SRV values.
Also add some unittests.
2017-08-08 20:29:35 -04:00
George Kadianakis
101ce6da01 Fix the build_hs_index() function.
Also add a unittest for hs_get_responsible_hsdirs() which was used to
find and fix the bug.
2017-08-08 20:29:35 -04:00
George Kadianakis
8bac50d755 prop224: Improve comments and tests for ed25519 keys in IPs/RPs.
Also make sure we are not gonna advertise the ed25519 key of an intro
point that doesn't support it.
2017-08-08 20:29:35 -04:00
George Kadianakis
273638288d Improve docs on rendezvous circ relaunch. 2017-08-08 20:29:35 -04:00
George Kadianakis
827bd0e882 Increase HS desc cert lifetime.
We used to have a small HS desc cert lifetime but those certs can stick
around for 36 hours if they get initialized in the beginning of overlap
period.

[warn] Bug: Non-fatal assertion !(hs_desc_encode_descriptor(desc->desc, &desc->signing_kp, &encoded_desc) < 0) failed in
upload_descriptor_to_hsdir at src/or/hs_service.c:1886. Stack trace: (on Tor 0.3.2.0-alpha-dev b4a14555597fb9b3)
2017-08-08 20:29:35 -04:00
George Kadianakis
bd3213b17e prop224 tests: Better HS time period tests. 2017-08-08 20:29:35 -04:00
George Kadianakis
e70341deb7 prop224 tests: Better HS address tests. 2017-08-08 20:29:35 -04:00
George Kadianakis
4a1b57e9b0 prop224 tests: Improve SRV protocol tests. 2017-08-08 20:29:35 -04:00
George Kadianakis
0bf8587858 Do more type checking when setting HS idents.
I repurposed the old directory_request_set_hs_ident() into a new
directory_request_upload_set_hs_ident() which is only used for the
upload purpose and so it can assert on the dir_purpose.

When coding the client-side we can make a second function for fetch.
2017-08-08 20:29:35 -04:00
George Kadianakis
fe0c40c9b3 Fix broken intro point unittest.
The structure was not zeroed out, and left some boolean fields
uninitialized.
2017-08-08 20:29:35 -04:00
George Kadianakis
471489ca03 Extract intro point onion key even with multiple types. 2017-08-08 20:29:34 -04:00
George Kadianakis
a464d49aeb prop224 tests: test_gen_establish_intro_cell() check cell contents. 2017-08-08 20:29:34 -04:00
George Kadianakis
c62da5cf95 Improve code based on Nick review:
- Fix some more crazy ternary ops.
- Fix the order of disaster SRV computation.
- Whitespace fixes.
- Remove a redundant warn.
- Better docs.
2017-08-08 20:29:34 -04:00
George Kadianakis
4ad4467fa1 Don't double hash the ed25519 blind key parameter.
We used to do:
   h = H(BLIND_STRING | H(A | s | B | N )
when we should be doing:
   h = H(BLIND_STRING | A | s | B | N)

Change the logic so that hs_common.c does the hashing, and our ed25519
libraries just receive the hashed parameter ready-made. That's easier
than doing the hashing on the ed25519 libraries, since that means we
would have to pass them a variable-length param (depending on whether
's' is set or not).

Also fix the ed25519 test vectors since they were also double hashing.
2017-08-08 20:29:34 -04:00
George Kadianakis
b89d2fa1db Don't set HSDir index if we don't have a live consensus.
We also had to alter the SRV functions to take a consensus as optional
input, since we might be setting our HSDir index using a consensus that
is currently being processed and won't be returned by the
networkstatus_get_live_consensus() function.

This change has two results:

a) It makes sure we are using a fresh consensus with the right SRV value
   when we are calculating the HSDir hash ring.

b) It ensures that we will not use the sr_get_current/previous()
   functions when we don't have a consensus which would have falsely
   triggered the disaster SRV logic.
2017-08-08 20:29:34 -04:00
George Kadianakis
440eaa9b22 Correctly assign HSDir flags based on protocol list
In Nick's words:

"We want to always return false if the platform is a Tor version, and it
is not as new as 0.3.0.8 -- but if the platform is not a Tor version, or
if the version is as new as 0.3.0.8, then we want to obey the protocol
list.

That way, other implementations of our protocol won't have to claim any
particular Tor version, and future versions of Tor will have the freedom
to drop this protocol in the distant future."
2017-08-08 20:29:34 -04:00
George Kadianakis
a561a10da7 Fix small easy bugs all around
- Fix log message format string.
- Do extra circuit purpose check.
- wipe memory in a clear function
- Make sure we don't double add intro points in our list
- Make sure we don't double close intro circuits.
- s/tt_u64_op/tt_i64_op/
2017-08-08 20:29:34 -04:00
George Kadianakis
2c6f2e9be9 Constify functions that can be constified. 2017-08-08 20:29:34 -04:00
George Kadianakis
5ca9b830ea Improve documentation all around the codebase. 2017-08-08 20:29:34 -04:00
George Kadianakis
f106af3c41 Make ed25519 id keys optional for IPs and RPs. 2017-08-08 20:29:34 -04:00
George Kadianakis
d88984a137 Improve setting hsdir index procedure.
- Fix memleak.
2017-08-08 20:29:34 -04:00
George Kadianakis
706392e6b5 Make HidServRevCounter be a LINELIST as it should. 2017-08-08 20:29:34 -04:00
George Kadianakis
3ce69a58ce Rename some free() functions that are actually clear(). 2017-08-08 20:29:34 -04:00
George Kadianakis
3bc52dae89 Validate intro point limits to avoid asserts. 2017-08-08 20:29:34 -04:00
George Kadianakis
7c507a1f7f Relax assertions: turn them to BUGs and non-fatal asserts. 2017-08-08 20:29:34 -04:00
George Kadianakis
e42c55626a prop224: Don't use nodes as HSDirs if they don't have an HSDir index. 2017-08-08 20:29:34 -04:00
George Kadianakis
74981d1f13 memwipe interesting unused memory 2017-08-08 20:29:34 -04:00
George Kadianakis
29b3dd1c05 Fix 32-bit bug when writing address to descriptor.
We used to sizeof() a pointer. Let's just use asprintf to avoid having
to be smart.
2017-08-08 20:29:34 -04:00
George Kadianakis
434112df4b Fix ternary operator abuse. 2017-08-08 20:29:34 -04:00
George Kadianakis
1397ac11d6 Use htonll() when INT_8 is used.
Also prepend period_length to any period_num, as specified by the spec.
2017-08-08 20:29:34 -04:00
David Goulet
708789025d prop224: Remove INTRODUCE2 legacy handling
Turns out that introduction points don't care about the INTRODUCE2 cell
format as long as the top field is LEGACY_KEY_ID as expected. So let's
use a single INTRODUCE format regardless of the introduction point being
legacy or not.

This also removes the polymorphic void* situation.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
George Kadianakis
ec0da9a6f1 test: Unbreak test_upload_descriptors()
To upload the descriptor we needed a state file to write the rev counters in,
but that test did not have a state file initialized.

Also fix the typo in its func name.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
George Kadianakis
b47139d758 test: Unit tests for the revision counter state file codethe
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
George Kadianakis
6f046b2191 prop224: Use state file to save/load revision counters
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
George Kadianakis
2e5a2d64bd prop224: Refactor the overlap function to not use absolute time.
We consider to be in overlap mode when we are in the period of time between a
fresh SRV and the beginning of the new time period (in the normal network this
is between 00:00 and 12:00 UTC). This commit edits that function to use the
above semantic logic instead of absolute times.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
George Kadianakis
6c00bd1f10 prop224: Make prop224 time periods smaller in testnets.
It used to be that time periods were 24 hours long even on chutney,
which made testing harder. With this commit, time periods have the same
length as a full SRV protocol run, which means that they will change
every 4 minutes in a 10-second voting interval chutney network!
2017-08-08 20:29:34 -04:00
George Kadianakis
cf58451a8b prop224: Refactor hs_get_time_period_num() to not use absolute time.
Instead use the SRV protocol duration to calculate the rotation offset
that was previously hardcoded to 12 hours.
2017-08-08 20:29:34 -04:00
George Kadianakis
2cd5f9a2fc prop224: Compute start time of next time period. 2017-08-08 20:29:34 -04:00
George Kadianakis
0b22b7fce3 SR: Calculate current SRV phase/run duration.
This is also needed to make the HS desc overlap mode function
independent of absolute hours.
2017-08-08 20:29:34 -04:00
George Kadianakis
2af254096f SR: Compute the start time of the current protocol run.
This function will be used to make the HS desc overlap function be
independent of absolute times.
2017-08-08 20:29:34 -04:00
David Goulet
85c80adf4a prop224: HSDir v3 support is >= 0.3.0.8
Because of bug #22447, we have to select nodes that are at least this version.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
2cae4f4100 prop224: Move get_intro_circuit() to hs_circuit.c
Make this function public so we can use it both in hs_circuit.c and
hs_service.c to avoid code duplication.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
6c3d525c36 prop224: Make circuit prediction aware of v3 services
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
713eb08bc9 prop224: Add service rendezvous circuit relaunch
This introduces a callback to relaunch a service rendezvous circuit when a
previous one failed to build or expired.

It unifies the legacy function rend_service_relaunch_rendezvous() with one for
specific to prop224. There is now only one entry point for that which is
hs_circ_retry_service_rendezvous_point() supporting both legacy and prop224
circuits.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
1b403a8382 prop224: Different intro point timings with TestingNetwork
Change the timing for intro point's lifetime and maximum amount of circuit we
are allowed to launch in a TestingNetwork. This is particurlarly useful for
chutney testing to test intro point rotation.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
15864a1b70 prop224: Add a circuit has closed callback
When the circuit is about to be freed which has been marked close before, for
introduction circuit we now call this has_closed() callback so we can cleanup
any introduction point that have retried to many times or at least flag them
that their circuit is not established anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
4a8cf17897 hs: Rename num_rend_services()
Renamed to rend_num_services() so it is consistent with the legacy naming.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
George Kadianakis
a6b6227b21 test: Fix prop224 HS descriptor to use subcredential
We used to use NULL subcredential which is a terrible terrible idea.  Refactor
HS unittests to use subcredentials.

Also add some non-fatal asserts to make sure that we always use subcredentials
when decoding/encoding descs.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
b547c54239 test: Add unit test coverage of hs_service.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
559ffd7179 test: Refactor HS tests to use the new ESTABLISH_INTRO cell code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
8ffb49422b test: Add test_hs_common unit tests
Move tests from test_hs_service.c to this file.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
6061f5e2bd test: Add test_hs_ntor unit tests
Move the ntor test from test_hs_service.c to this file.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:34 -04:00
David Goulet
472835d6e9 test: Add test_hs_cell unit tests
Move ESTABLISH_INTRO tests from test_hs_service.c to this new file.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
30b5c6a95e prop224: Link rendezvous circuit to edge connection
This commit refactors the handle_hs_exit_conn() function introduced at a prior
commit that connects the rendezvous circuit to the edge connection used to
connect to the service virtual port requested in a BEGIN cell.

The refactor adds the support for prop224 adding the
hs_service_set_conn_addr_port() function that has the same purpose has
rend_service_set_connection_addr_port() from the legacy code.

The rend_service_set_connection_addr_port() has also been a bit refactored so
the common code can be shared between the two HS subsystems (legacy and
prop224).

In terms of functionallity, nothing has changed, we still close the circuits
in case of failure for the same reasons as the legacy system currently does.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
7163ce7f62 hs: Refactor the service exit connection code
This commit simply moves the code from the if condition of a rendezvous
circuit to a function to handle such a connection. No code was modified
_except_ the use or rh.stream_id changed to n_stream->stream_id so we don't
have to pass the cell header to the function.

This is groundwork for prop224 support which will break down the
handle_hs_exit_conn() depending on the version of hidden service the circuit
and edge connection is for.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
5d2506d70c prop224: Sandbox support for service
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
848e701f55 prop224: Make the number of extra intro point a consensus param
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
f0e02e3a14 prop224: Make intro point min/max lifetime a consensus param
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
670cecaf66 prop224: Make INTRODUCE2 min/max a consensus param
Introduction point are rotated either if we get X amounts of INTRODUCE2 cells
on it or a time based expiration. This commit adds two consensus parameters
which are the min and max value bounding the random value X.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
feed375f19 prop224: Implement a service intro point failure cache
Imagine a Tor network where you have only 8 nodes available due to some
reasons. And your hidden service wants 8 introduction points. Everything is
fine but then a node goes down bringing the network to 7. The service will
retry 3 times that node and then give up but keep it in a failure cache for 5
minutes (INTRO_CIRC_RETRY_PERIOD) so it doesn't retry it non stop and exhaust
the maximum number of circuit retry.

In the real public network today, this is unlikely to happen unless the
ExcludeNodes list is extremely restrictive.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
ac848777f9 prop224: Upload service descriptors
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
bce0c6caad prop224: Directory function to upload descriptor
This commit adds a directory command function to make an upload directory
request for a service descriptor.

It is not used yet, just the groundwork.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
0bcc9ad58d prop224: Add a responsible HSDir function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
06909cafef prop224: Add hsdir consensus parameters
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
267bc7bc3b prop224: Build hsdir index for node_t
This hsdir index value is used to give an index value to all node_t (relays)
that supports HSDir v3. An index value is then computed using the blinded key
to know where to fetch/upload the service descriptor from/to.

To avoid computing that index value everytime the client/service needs it, we
do that everytime we get a new consensus which then doesn't change until the
next one. The downside is that we need to sort them once we need to compute
the set of responsible HSDir.

Finally, the "hs_index" function is also added but not used. It will be used
in later commits to compute which node_t is a responsible HSDir for the
service we want to fetch/upload the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
77b279c35c prop224: Add service replay cache
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
27dd1a716c prop224: Support INTRODUCE2 cell replay cache
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
100386e659 prop224: Support legacy INTRODUCE2 cell
Also rename some function to follow a bit more the naming convention in that
file.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
dfa6301aed prop224: Handle service RENDEZVOUS1 cell
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
acc7c4ee95 prop224: Establish rendezvous circuit for service
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
5e710368b3 prop224: Handle service INTRODUCE2 cell
At this commit, launching rendezvous circuit is not implemented, only a
placeholder.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
faadbafba3 prop224: Add helper function to lookup HS objects
Add this helper function that can lookup and return all the needed object from
a circuit identifier. It is a pattern we do often so make it nicer and avoid
duplicating it everywhere.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
79e8d113d5 prop224: Handle service INTRO_ESTABLISHED cell
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
d765cf30b5 prop224: Circuit has opened and ESTABLISH_INTRO cell
Add the entry point from the circuit subsystem of "circuit has opened" which
is for all type of hidden service circuits. For the introduction point, this
commit actually adds the support for handling those circuits when opened and
sending ESTABLISH_INTRO on a circuit.

Rendevzou point circuit aren't supported yet at this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
6a21ac7f98 prop224: Introduction circuit creation
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
00a02a3a59 prop224: Service v3 descriptor creation and logic
This commit adds the functionality for a service to build its descriptor.
Also, a global call to build all descriptors for all services is added to the
service scheduled events.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
c4ba4d4cc8 prop224: Implement subcredential creation
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
George Kadianakis
f53b72baf7 prop224: Add descriptor overlap mode function
The function has been added but not used except for the unit tests.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
0f104ddce5 prop224: Scheduled events for service
Add the main loop entry point to the HS service subsystem. It is run every
second and make sure that all services are in their quiescent state after that
which means valid descriptors, all needed circuits opened and latest
descriptors have been uploaded.

For now, only v2 is supported and placeholders for v3 actions for that main
loop callback.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
9052530bdd prop224: API for the creation of blinded keys
Add a function for both the client and service side that is building a blinded
key from a keypair (service) and from a public key (client). Those two
functions uses the current time period information to build the key.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
David Goulet
44e3255c4d hs: Implement constructor for hs_desc_intro_point_t
Add a new and free function for hs_desc_intro_point_t so the service can use
them to setup those objects properly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-08 20:29:33 -04:00
Nick Mathewson
72832086e2 Use a single free-and-exit strategy in config_process_include.
This avoids a double-free when a pointer already freed with
tor_free(config_line) is freed again in the cleanup-and-exit code.

Fixes bug 23155.
2017-08-08 20:08:43 -04:00
Nick Mathewson
649104fdb9 Remove a needless memwipe.
The interior of ctx here is already wiped by
crypto_digest_free(). This memwipe call only wiped the pointer
itself, which isn't sensitive.
2017-08-08 19:58:19 -04:00
Nick Mathewson
b08a2dc954 Merge branch 'maint-0.3.1' 2017-08-08 19:29:10 -04:00
Nick Mathewson
a47b8fcf92 Merge branch 'bug23139' into maint-0.3.1 2017-08-08 19:29:05 -04:00
Nick Mathewson
48a57f9815 Merge branch 'maint-0.3.1' 2017-08-08 10:10:52 -04:00
Nick Mathewson
7465ea4ad9 Remove some LCOV_EXCL stuff that I think may be testable after all.
This is partial revert on 22286.

Also, tweak some log messages to be distinct.
2017-08-08 10:08:06 -04:00
Nick Mathewson
6121ca16bc Merge remote-tracking branch 'ahf/bugs/22286' into maint-0.3.1 2017-08-08 10:03:08 -04:00
Nick Mathewson
3af4aafbcb Fix a memory leak in consdiffmgr.c
Fixes bug 23139; bugfix on 0.3.1.1-alpha.
2017-08-08 09:13:45 -04:00
Roger Dingledine
2032b9b1b1 fix typo in comment 2017-08-07 00:22:27 -04:00
Nick Mathewson
ce07b4dd91 Fix memory leak of "torrcd" in test_config_include_folder_order()
Bugfix on 0265ced02b7a652c5941cb2c14ee1e0de0b1d90e; bug not in any
released Tor.
2017-08-04 13:50:27 -04:00
Nick Mathewson
89407bedf8 Tweak usage of get_current_working_dir() for tor_malloc() paranoia.
We assume that tor_free() is not required to be compatible with
the platform malloc(), so we need to use a strdup here.
2017-08-04 12:26:35 -04:00
cypherpunks
bfe740f065 Refactor retrieving the current working directory
The GNU C Library (glibc) offers an function which allocates the
necessary memory automatically [0]. When it is available, we use that.

Otherwise we depend upon the `getcwd` function which requires a
preallocated buffer (and its size). This function was used incorrectly
by depending on the initial buffer size being big enough and otherwise
failing to return the current working directory. The proper way of
getting the current working directory requires a loop which doubles the
buffer size if `getcwd` requires it. This code was copied from [1] with
modifications to fit the context.

[0] https://www.gnu.org/software/hurd/hurd/porting/guidelines.html
[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/getcwd.html
2017-08-04 12:22:53 -04:00
cypherpunks
0265ced02b Remove usage of the PATH_MAX variable
GNU Hurd does not define the PATH_MAX variable. Using the variable on
this platform results in compilation errors.

Closes #23098.
2017-08-04 12:22:53 -04:00
Nick Mathewson
3b646bf887 Fix ntohs() that should have been htons()
Fixes bug 23106; bugfix on 0.2.4.8-alpha.

Fortunately, we only support big-endian and little-endian platforms,
and on both of those, hton*() and ntoh*() behave the same.  And if
we did start to support middle endian systems (haha, no), most of
_those_ have hton*(x) == ntoh*(x) too.
2017-08-04 12:17:53 -04:00
Nick Mathewson
32b4fd5be9 Handle CMD_KEY_EXPIRATION in ntmain.c switch statement
This fixes a compilation warning on windows.

Bug not in any released Tor.
2017-08-04 12:00:51 -04:00
Isis Lovecruft
b2a7e8df90
routerkeys: Add cmdline option for learning signing key expiration.
* CLOSES #17639.
 * ADDS new --key-expiration commandline option which prints when the
   signing key expires.
2017-08-03 22:20:02 +00:00
Nick Mathewson
96cf608b2e Merge branch 'bug22885_squashed' 2017-08-03 09:33:40 -04:00
Nick Mathewson
7f32920648 Don't send missing X-Desc-Gen-Reason on startup
Since we start with desc_clean_since = 0, we should have been
starting with non-null desc_dirty_reason.

Fixes bug 22884; bugfix on 0.2.3.4-alpha when X-Desc-Gen-Reason was
added.
2017-08-03 09:33:33 -04:00
Nick Mathewson
1168e21b45 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-08-03 09:14:12 -04:00
Nick Mathewson
40c7871f46 Merge branch 'maint-0.3.1' 2017-08-03 09:14:12 -04:00
Nick Mathewson
b548371f76 Merge remote-tracking branch 'dgoulet/bug23078_030_01' into maint-0.3.0 2017-08-03 09:12:23 -04:00
Nick Mathewson
17073d7234 Merge branch 'maint-0.3.1' 2017-08-03 09:11:03 -04:00
Nick Mathewson
b13bf65062 Merge branch 'bug23081_025' into maint-0.3.1 2017-08-03 09:10:58 -04:00
Nick Mathewson
3e68db02c4 In ntmain, call set_main_thread() before running the loop.
Patch from Vort; fixes bug 23081; bugfix on fd992deeea in
0.2.1.16-rc when set_main_thread() was introduced.

See the changes file for a list of all the symptoms this bug has
been causing when running Tor as a Windows Service.
2017-08-03 09:09:08 -04:00
Neel Chauhan
5ee6ca8da2 Switch to offsetof() 2017-08-03 08:56:35 -04:00
Nick Mathewson
02fcb29d11 Merge branch 'maint-0.3.1' 2017-08-03 08:44:32 -04:00
Nick Mathewson
93b28972c1 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-08-03 08:44:31 -04:00
Nick Mathewson
9696021593 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-08-03 08:44:31 -04:00
Nick Mathewson
f33c96610f Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-03 08:44:31 -04:00
Nick Mathewson
e220e6e437 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-08-03 08:44:31 -04:00
Karsten Loesing
1280de42a4 Update geoip and geoip6 to the August 3 2017 database. 2017-08-03 10:00:54 +02:00
David Goulet
5b03c7ba6d Fix check_expired_networkstatus_callback() if condition
The condition was always true meaning that we would reconsider updating our
directory information every 2 minutes.

If valid_until is 6am today, then now - 24h == 1pm yesterday which means that
"valid_until < (now - 24h)" is false. But at 6:01am tomorrow, "valid_until <
(now - 24h)" becomes true which is that point that we shouldn't trust the
consensus anymore.

Fixes #23091

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-02 13:28:45 -04:00
Nick Mathewson
c4c5077af2 Merge branch 'maint-0.3.1' 2017-08-02 12:51:46 -04:00
Nick Mathewson
a9a8d53dec Merge branch 'bug23071_031' into maint-0.3.1 2017-08-02 12:51:42 -04:00
Nick Mathewson
ee849ee8b6 Make the hs_ntor_ref logic more correct when there is no sha3 module 2017-08-02 12:44:46 -04:00
Nick Mathewson
8925e84beb version bump to 0.3.0.10-dev 2017-08-02 12:28:34 -04:00
Nick Mathewson
4f7955d5de Bump to 0.3.0.10 2017-08-01 14:38:49 -04:00
David Goulet
ff9c529667 hs: Cleanup logging statement in hs_intropoint.c
One log statement was a warning and has been forgotten. It is triggered for a
successful attempt at introducting from a client.

It has been reported here:
https://lists.torproject.org/pipermail/tor-relays/2017-August/012689.html

Three other log_warn() statement changed to protocol warning because they are
errors that basically can come from the network and thus triggered by anyone.

Fixes #23078.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-08-01 14:15:47 -04:00
Nick Mathewson
9c294d29ea bump to 0.3.1.5-alpha-dev 2017-08-01 12:08:30 -04:00
Nick Mathewson
58e1c6dd86 Merge remote-tracking branch 'public/bug19769_19025_029' into maint-0.2.9 2017-08-01 11:30:29 -04:00
Nick Mathewson
8500f0e4e1 Merge remote-tracking branch 'public/bug20059_024_v2' into maint-0.2.9 2017-08-01 11:28:36 -04:00
Nick Mathewson
84c4a2bc3f Merge remote-tracking branch 'public/bug20270_029' into maint-0.3.0 2017-08-01 11:24:02 -04:00
Nick Mathewson
7c68b2f1a5 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-01 11:23:00 -04:00
Nick Mathewson
2b94b0ea72 Merge remote-tracking branch 'public/bug22245_024' into maint-0.2.9 2017-08-01 11:22:42 -04:00
Nick Mathewson
1d48712c28 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-01 11:21:19 -04:00
Nick Mathewson
f6ecda8400 Merge remote-tracking branch 'public/bug18100_029' into maint-0.2.9 2017-08-01 11:21:14 -04:00
Nick Mathewson
4a19498edc Merge branch 'maint-0.3.0' into maint-0.3.1 2017-08-01 11:19:30 -04:00
Nick Mathewson
64e5600103 Merge branch 'maint-0.3.1' 2017-08-01 11:19:30 -04:00
Nick Mathewson
9d24a352c0 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-08-01 11:19:30 -04:00
Nick Mathewson
0e7558ab64 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-08-01 11:19:29 -04:00
Nick Mathewson
925ef048a9 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-08-01 11:19:29 -04:00
Nick Mathewson
a48ae2aa67 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-08-01 11:19:29 -04:00
Nick Mathewson
6862eada65 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-08-01 11:19:29 -04:00
Nick Mathewson
0bfd1c318c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-08-01 11:19:28 -04:00
Nick Mathewson
ec99f038fa Improve the keypin failure message
Closes the human-factors part of ticket 22348.
2017-07-31 20:40:23 -04:00
Nick Mathewson
df3bdc6bde Clean up choose_good_entry_server() doc; add assertion
We used to allow state==NULL here, but we no longer do.

Fixes bug 22779.
2017-07-31 20:35:58 -04:00
Nick Mathewson
8b5b7d470f Fix the hs_ntor integration tests to work with the pysha3 module
The sha3 module should still work.  Fixes bug 23071; bugfix on
0.3.1.1-alpha.
2017-07-31 20:28:42 -04:00
Nick Mathewson
572f23a96e Now that "base -1" is a bug, tell our unit tests to expect bug warnings
Bugfix on accb734c5fc45481231b837; bug not in any released Tor.
2017-07-31 14:30:04 -04:00
Nick Mathewson
2cb8c8d99f Bump to 0.3.1.5-alpha 2017-07-31 14:29:33 -04:00
Nick Mathewson
769a94d9ce Bug 23055: cast, then multiply when doing u32*u32->u64.
No backport, since this bug won't trigger until people make
certificates expiring after the Y2106 deadline.

CID 1415728
2017-07-28 10:33:51 -04:00
Nick Mathewson
accb734c5f Turn base < 0 into a BUG() in our long-parse functions. 2017-07-28 10:26:06 -04:00
Nick Mathewson
decb927685 Add an assertion to try to please coverity.
Coverity, for some reason, thought that weight_scale might be 0,
leading to a divide-by-zero error.
2017-07-28 10:17:57 -04:00
Nick Mathewson
602c52cad4 Coverity deadcode shenanigans on BUG() macro.
We don't actually want Coverity to complain when a BUG() check can
never fail, since such checks can prevent us from introducing bugs
later on.

Closes ticket 23054. Closes CID 1415720, 1415724.
2017-07-28 10:02:38 -04:00
Nick Mathewson
5f0fa480dd Merge branch 'maint-0.3.1' 2017-07-28 09:54:39 -04:00
Nick Mathewson
eb677c5870 Fix an unreachable memory leak in the unit tests
This is CID 1415726.
2017-07-28 09:52:34 -04:00
Nick Mathewson
6252e04a37 Merge branch 'maint-0.3.1' 2017-07-28 09:50:26 -04:00
Nick Mathewson
911e2dc530 Merge branch 'bug23053_029' into maint-0.3.1 2017-07-28 09:50:16 -04:00
Nick Mathewson
9a0f38a349 Fix a small memory leak when parsing unix: ports twice
Fixes bug 23053; CID 1415725.
2017-07-28 09:49:42 -04:00
Nick Mathewson
baf53300d7 Merge branch 'maint-0.3.1' 2017-07-27 20:33:01 -04:00
Nick Mathewson
af3079a492 Try to work around a compile warning in workqueue.c 2017-07-27 20:32:59 -04:00
Nick Mathewson
15ed1c0c83 Merge branch 'maint-0.3.1' 2017-07-27 16:30:52 -04:00
Nick Mathewson
ba334c00da Merge branch 'multi-priority_squashed' into maint-0.3.1 2017-07-27 16:29:34 -04:00
Nick Mathewson
fdd8156ea3 Fix the cpuworker.c documentation to mention all the kinds of work 2017-07-27 16:28:59 -04:00
Nick Mathewson
f5a852de91 Note that threadpool_queue_work...() can't actually return NULL 2017-07-27 16:28:59 -04:00
Nick Mathewson
250c88014d Always start with one additional worker thread
Now that half the threads are permissive and half are strict, we
need to make sure we have at least two threads, so that we'll
have at least one of each kind.
2017-07-27 16:28:59 -04:00
Nick Mathewson
0ae0b5aa41 Queue consensus diffs at LOW priority.
Fixes bug 22883.
2017-07-27 16:28:59 -04:00
Nick Mathewson
bddea78ded Fix a pair of stale comments in workqueue.c
These comments said that each thread had a separate queue, but we
haven't been using that design for some while.
2017-07-27 16:28:59 -04:00
Nick Mathewson
efadebf7c3 Make the chance for priority inversion thread-specific
Instead of choosing a lower-priority job with a 1/37 chance, have
the chance be 1/37 for half the threads, and 1/2147483647 for the
other half.  This way if there are very slow jobs of low priority,
they shouldn't be able to grab all the threads when there is better
work to do.
2017-07-27 16:28:59 -04:00
Nick Mathewson
10e0bff4ca Add support for multi-priority workqueues
Each piece of queued work now has an associated priority value; each
priority goes on a separate queue.

With probability (N-1)/N, the workers will take work from the highest
priority nonempty queue.  Otherwise, they'll look for work in a
queue of lower priority.  This behavior is meant to prevent
starvation for lower-priority tasks.
2017-07-27 16:28:05 -04:00
Nick Mathewson
c2844d5377 Merge branch 'bug22895_027' 2017-07-27 11:27:07 -04:00
cypherpunks
89c0a00a9a Remove unused variables in donna's SSE2 code
Fixes unused-const-variable warnings with GCC on 32-bit x86 systems.

Closes #22895.
2017-07-27 11:26:13 -04:00
Nick Mathewson
ced2dd5f92 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-27 08:23:37 -04:00
Nick Mathewson
b387dd364f Merge branch 'maint-0.3.1' 2017-07-27 08:23:37 -04:00
Nick Mathewson
ad35e595e5 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-27 08:23:36 -04:00
Nick Mathewson
24ddf5862e Merge remote-tracking branch 'public/bug20247_029' into maint-0.2.9 2017-07-27 08:23:34 -04:00
Nick Mathewson
8d3c3f039d Merge branch 'maint-0.3.1' 2017-07-26 12:58:22 -04:00
Nick Mathewson
431c8d09ee Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-26 12:58:22 -04:00
Nick Mathewson
18734d3b25 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-26 12:58:22 -04:00
Nick Mathewson
32b9edeb91 Fix build warnings from Coverity related to our BUG macro
In the Linux kernel, the BUG() macro causes an instant panic.  Our
BUG() macro is different, however: it generates a nonfatal assertion
failure, and is usable as an expression.

Additionally, this patch tells util_bug.h to make all assertion
failures into fatal conditions when we're building with a static
analysis tool, so that the analysis tool can look for instances
where they're reachable.

Fixes bug 23030.
2017-07-26 12:57:49 -04:00
Nick Mathewson
8b5b3b5fb4 Merge branch 'maint-0.3.1' 2017-07-26 12:54:41 -04:00
Nick Mathewson
30a98c765f Merge branch 'bug22927_031' into maint-0.3.1 2017-07-26 12:54:37 -04:00
Nick Mathewson
3c017e823b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-26 12:53:38 -04:00
Nick Mathewson
5141360099 Merge branch 'maint-0.3.1' 2017-07-26 12:53:38 -04:00
Nick Mathewson
d068f3359f Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-26 12:53:38 -04:00
Nick Mathewson
6d3c5b8fb5 Merge branch 'bug22915_029_2' into maint-0.2.9 2017-07-26 12:53:13 -04:00
Nick Mathewson
fca1934c88 Suppress clang4-specific -Wdouble-promotion warnings
Wow, it sure seems like some compilers can't implement isnan() and
friends in a way that pleases themselves!

Fixes bug 22915. Bug trigged by 0.2.8.1-alpha and later; caused by
clang 4.
2017-07-26 12:53:00 -04:00
Nick Mathewson
b9ad49844b This caused my attempt to fix hs_config/valid_service_v2 to fail
_again_.

Third time's the charm?
2017-07-25 13:24:41 -04:00
David Goulet
c9927ce4d5 prop224: Add onion key to service descriptor intro point
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
David Goulet
78e2bc4000 prop224: Add the introduction point onion key to descriptor
A prop224 descriptor was missing the onion key for an introduction point which
is needed to extend to it by the client.

Closes #22979

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
David Goulet
b8ceab9bb3 prop224: Helper to dup a link_specifier_t object
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
David Goulet
2b9575a9c0 prop224: Update hs identifier circuit
Remove the legacy intro point key because both service and client only uses
the ed25519 key even though the intro point chosen is a legacy one.

This also adds the CLIENT_PK key that is needed for the ntor handshake.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
David Goulet
3e537c6fe4 trunnel: Add prop224 RENDEZVOUS1 cell definition
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-25 13:11:40 -04:00
Roger Dingledine
bb66a48541 fix wordo in comment 2017-07-25 11:14:39 -04:00
Nick Mathewson
a4217cc52f Fix remaining cases of hs_config failures without af_unix 2017-07-24 15:58:11 -04:00
Nick Mathewson
661e317697 Fix hs_config unit test on systems without unix sockets
Bugfix on 418059dd96f5f427eceffff1daeb2a2f6c4adbeb; jenkins found
this.
2017-07-24 15:13:23 -04:00
Nick Mathewson
6c8c973191 Rename the hybrid_encrypt/decrypt functions; label them as dangerous
We need to keep these around for TAP and old-style hidden services,
but they're obsolete, and we shouldn't encourage anyone to use them.
So I've added "obsolete" to their names, and a comment explaining
what the problem is.

Closes ticket 23026.
2017-07-24 14:34:53 -04:00
Nick Mathewson
db1664e593 Improve comment about why we disable TLS compression.
Closes bug 22964.  Based on Teor's replacement there, but tries
to put the comment in a more logical place, and explain why we're
actually disabling compression in the first place.
2017-07-24 14:17:16 -04:00
David Goulet
10331081c7 test: Remove buggy unit test in test_hs_service
There isn't much of a point of this buggy test afterall to add twice the same
service object but with a different key which ultinately can end up failing
the test because 1/N_BUCKETS of probability that we end up to put the service
in the same bucket.

Fixes #23023

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-24 11:33:52 -04:00
Roger Dingledine
ec5b30ca0b fix whitespace issue 2017-07-23 00:57:10 -04:00
Nick Mathewson
2ae51ed5e2 Fix zstd 1.3.0 trouble: Be more respectful of its state machine
In zstd 1.3.0, once you have called ZSTD_endStream and been told
that your putput buffer is full, it really doesn't want you to call
ZSTD_compressStream again.  ZSTD 1.2.0 didn't seem to mind about
this.

This patch fixes the issue by making sure never to call
ZSTD_endStream if there's any more data on the input buffer to
process, by flushing even when we're about to call "endStream", and
by never calling "compress" or "flush" after "endStream".
2017-07-14 16:31:29 -04:00
Nick Mathewson
0ccdf2f31e Merge branch 'bug17750_029_squashed' 2017-07-14 15:07:09 -04:00
Nick Mathewson
b7566d465f Fix a signed integer overflow in dir/download_status_random_backoff
Fix for 22924. Bugfix on 0.2.9.1-alpha when the test was introducd
-- though it couldn't actually overflow until we fixed 17750.

Additionally, this only seems to overflow on 32-bit, and only when
the compiler doesn't re-order the (possibly dead) assignment out of
the way.  We ran into it on a 32-bit ubuntu trusty builder.
2017-07-14 15:05:30 -04:00
Nick Mathewson
9a1338d9df Fix 32-bit warnings in hs_common.c 2017-07-14 11:33:12 -04:00
Nick Mathewson
f5d2f79aca Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-14 09:11:14 -04:00
Nick Mathewson
52c1754ff6 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-14 09:11:14 -04:00
Nick Mathewson
d0816a040d Merge branch 'maint-0.3.1' 2017-07-14 09:11:14 -04:00
Nick Mathewson
3a7d757140 Merge branch 'bug22916_027' into maint-0.2.9 2017-07-14 09:11:08 -04:00
Nick Mathewson
bbc75faed1 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-14 09:06:44 -04:00
Nick Mathewson
ce5d8c92dd Merge branch 'maint-0.3.1' 2017-07-14 09:06:44 -04:00
Nick Mathewson
c1afbbe8fe Merge branch 'bug22803_030' into maint-0.3.0 2017-07-14 09:06:33 -04:00
Nick Mathewson
3cec1783b7 Fix compiler warnings with openssl-scrypt/libscrypt test on clang
Clang didn't like that we were passing uint64_t values to an API
that wanted uint32_t.  GCC has either not cared, or has figured out
that the values in question were safe to cast to uint32_t.

Fixes bug22916; bugfix on 0.2.7.2-alpha.
2017-07-13 17:49:48 -04:00
Nick Mathewson
ef4ea864ea Merge remote-tracking branch 'dgoulet/ticket21979_032_04' 2017-07-13 17:23:37 -04:00
David Goulet
965e3a6628 prop224: Fix clang warnings
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 17:18:11 -04:00
Nick Mathewson
62d241ad22 Merge remote-tracking branch 'isis/bug19476' 2017-07-13 16:58:45 -04:00
Nick Mathewson
66a564fad8 Merge branch 'maint-0.3.1' 2017-07-13 16:55:06 -04:00
Nick Mathewson
66258f8878 Merge branch 'fewer-diffs' into maint-0.3.1 2017-07-13 16:55:02 -04:00
Nick Mathewson
ec29cae8d7 Merge branch 'maint-0.3.1' 2017-07-13 16:52:20 -04:00
Nick Mathewson
1ea155b28f Merge branch 'bug22520_031' into maint-0.3.1 2017-07-13 16:52:16 -04:00
Nick Mathewson
c73b35d428 Merge branch 'maint-0.3.1' 2017-07-13 16:51:18 -04:00
Nick Mathewson
e6d2059751 Merge remote-tracking branch 'isis/bug22830_0.3.1' into maint-0.3.1 2017-07-13 16:51:09 -04:00
David Goulet
5d64ceb12d prop224: Move service version into config object
It makes more sense to have the version in the configuration object of the
service because it is afterall a torrc option (HiddenServiceVersion).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
3eeebd1b0c prop224: Use the service config object when configuring
Both configuration function now takes the service config object instead of the
service itself.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
f64689f3f0 prop224: Don't use char * for binary data
It turns out that some char * sneaked in our hs_common.c code. Replace those
by uint8_t *.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
1b048fbfaa prop224: Add a clear configuration function
The added function frees any allocated pointers in a service configuration
object and reset all values to 0.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
750c684fff prop224: Don't use an array of config handlers
As per nickm suggestion, an array of config handlers will not play well with
our callgraph tool.

Instead, we'll go with a switch case on the version which has a good side
effect of allowing us to control what we pass to the function intead of a fix
set of parameters.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
e9dd4ed16d prop224: Detect duplicate configuration options
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
cfa6f8358b prop224: Use a common function to parse uint64_t
Add a helper function to parse uint64_t and also does logging so we can reduce
the amount of duplicate code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
28f6431399 Revert "fixup! prop224: Add hs_config.{c|h} with a refactoring"
This reverts commit e2497e2ba038133026a475f0f93c9054187b2a1d.
2017-07-13 16:50:09 -04:00
David Goulet
09b12c4094 test: Add v3 service load keys and accessors
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
418059dd96 test: Add v3 service config and registration test
This tests our hs_config.c API to properly load v3 services and register them
to the global map. It does NOT test the service object validity, that will be
the hs service unit test later on.

At this commit, we have 100% code coverage of hs_config.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
87f6f96f47 hs: Add rend_service_init()
Initialize both the global and staging service lists.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:09 -04:00
David Goulet
f76f873199 prop224: Add a function to check for invalid opts
Every hidden service option don't apply to every version so this new function
makes sure we don't have for instance an option that is only for v2 in a v3
configured service.

This works using an exclude lists for a specific version. Right now, there is
only one option that is not allowed in v3. The rest is common.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:50:08 -04:00
David Goulet
138e03c488 prop224: Load and/or generate v3 service keys
Try to load or/and generate service keys for v3. This write both the public
and private key file to disk along with the hostname file containing the onion
address.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:44 -04:00
David Goulet
f3899acdbf prop224: Service address creation/validation
This also adds unit test and a small python script generating a deterministic
test vector that a unit test tries to match.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:44 -04:00
David Goulet
c086a59ea1 prop224: Configure v3 service from options
This commit adds the support in the HS subsystem for loading a service from a
set of or_options_t and put them in a staging list.

To achieve this, service accessors have been created and a global hash map
containing service object indexed by master public key. However, this is not
used for now. It's ground work for registration process.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:44 -04:00
David Goulet
93774dcb54 test: Add HS v2 service configuration unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:08 -04:00
David Goulet
74193b9321 hs: Use v3 maximum intro points value when decoding v3
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:08 -04:00
David Goulet
765ed5dac1 prop224: Add a init/free_all function for the whole subsystem
Introduces hs_init() located in hs_common.c which initialize the entire HS v3
subsystem. This is done _prior_ to the options being loaded because we need to
allocate global data structure before we load the configuration.

The hs_free_all() is added to release everything from tor_free_all().

Note that both functions do NOT handle v2 service subsystem but does handle
the common interface that both v2 and v3 needs such as the cache and
circuitmap.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:08 -04:00
David Goulet
02e2edeb33 prop224: Add hs_config.{c|h} with a refactoring
Add the hs_config.{c|h} files contains everything that the HS subsystem needs
to load and configure services. Ultimately, it should also contain client
functions such as client authorization.

This comes with a big refactoring of rend_config_services() which has now
changed to only configure a single service and it is stripped down of the
common directives which are now part of the generic handler.

This is ground work for prop224 of course but only touches version 2 services
and add XXX note for version 3.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:08 -04:00
David Goulet
b03853b65f prop224: Initial import of hs_service_t
This object is the foundation of proposal 224 service work. It will change
and be adapted as it's being used more and more in the codebase. So, this
version is just a basic skeleton one that *will* change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-13 16:49:07 -04:00
Isis Lovecruft
c59ba01550
rephist: Remove unused crypto_pk statistics.
These statistics were largely ununsed, and kept track of statistical information
on things like how many time we had done TLS or how many signatures we had
verified.  This information is largely not useful, and would only be logged
after receiving a SIGUSR1 signal (but only if the logging severity level was
less than LOG_INFO).

 * FIXES #19871.
 * REMOVES note_crypto_pk_op(), dump_pk_op(), and pk_op_counts from
   src/or/rephist.c.
 * REMOVES every external call to these functions.
2017-07-13 20:24:48 +00:00
Chelsea H. Komlo
eb355e031e
use CARGO_HOME instead of HOME when building with rust 2017-07-13 18:12:35 +00:00
Nick Mathewson
abb9a5bdda New configuration option MaxConsensusAgeForDiffs
Relay operators (especially bridge operators) can use this to lower
or raise the number of consensuses that they're willing to hold for
diff generation purposes.

This enables a workaround for bug 22883.
2017-07-12 13:15:16 -04:00
Nick Mathewson
3aba8490ba Merge branch 'maint-0.3.1' 2017-07-12 10:16:06 -04:00
Nick Mathewson
5636b160d4 Merge branch 'bug22349_029' into maint-0.3.1 2017-07-12 10:15:49 -04:00
Nick Mathewson
4984d6242a Merge branch 'maint-0.3.1' 2017-07-12 09:24:01 -04:00
Nick Mathewson
e111cfcd54 Restore openssl and libscrypt includes in test_crypto_slow.c
This reverts part of commit 706c44a6ce.

It was a mistake to remove these includes: they were needed on
systems where we have openssl 1.1.0 *and* libscrypt, and where we
were validating the one against the other.

Fixes bug 22892; bugfix on 0.3.1.1-alpha.
2017-07-12 09:23:15 -04:00
Isis Lovecruft
9de12397cf
If writing a heartbeat message fails, retry after MIN_HEARTBEAT_PERIOD.
* FIXES #19476.
2017-07-12 03:08:04 +00:00
cypherpunks
f516c9ca99
Use the return value for choosing intervals 2017-07-12 03:08:02 +00:00
Nick Mathewson
7b2364035a Merge branch 'maint-0.3.1' 2017-07-10 15:27:16 -04:00
Matt Traudt
1ff98a7e89 Make consdiff tests pass on OS X too 2017-07-10 15:27:01 -04:00
Nick Mathewson
db71d42868 Avoid double-typedef errors on freebsd. 2017-07-10 09:28:50 -04:00
David Goulet
b50f39fb6f prop224: Add common intropoint object
Groundwork for more prop224 service and client code. This object contains
common data that both client and service uses.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 15:38:20 -04:00
Nick Mathewson
948158df33 Merge branch 'bug17750_029_squashed' 2017-07-07 13:28:22 -04:00
teor
527c0735f1 Comment that failure schedules always use exponential backoff 2017-07-07 13:18:04 -04:00
teor
32f0cbc0f6 Refactor exponential backoff multipliers into macros
There are only so many times you can type "4".
2017-07-07 13:18:04 -04:00
teor
f30d355903 Add regression tests for 17750 and 20534 2017-07-07 13:18:04 -04:00
teor
344f5a71c5 Use download_status_get_next_attempt_at() more often
This guards against future occurrences of 17750.
2017-07-07 13:18:04 -04:00
teor
f813b05202 Give correct bounds in next_random_exponential_delay() comment 2017-07-07 13:18:04 -04:00
teor
c21cfd28f4 Make clients try fallbacks before authorities
Make clients wait for 6 seconds before trying to download their
consensus from an authority.

Fixes bug 17750, bugfix on 0.2.8.1-alpha.
2017-07-07 13:18:04 -04:00
Nick Mathewson
63ceadb485 Use LANG_ENGLISH in windows error messages
This change prevents us from generating corrupt messages when we
are confused about codepage settings, and makes Windows errors
consistent with the rest of our logs.

Fixes bug 22520; bugfix on 0.1.2.8-alpha.  Patch from "Vort".
2017-07-07 13:12:45 -04:00
Nick Mathewson
8e8abbbbee Fix the expected bug warning in dir/param_voting_lookup tests 2017-07-07 13:06:02 -04:00
Nick Mathewson
eb01f35149 Merge branch 'bug21495' 2017-07-07 13:03:36 -04:00
Nick Mathewson
c7d2a67274 Fix a couple of clang warnings 2017-07-07 11:32:15 -04:00
Nick Mathewson
c387cc5022 Merge branch 'ticket21859_032_01_squashed' 2017-07-07 11:17:53 -04:00
Nick Mathewson
6a64563b1d Fix wide lines 2017-07-07 11:15:27 -04:00
Nick Mathewson
ec3e046986 Use LD_BUG, not LOG_PROTOCOL_WARN, for bad-purpose cases. 2017-07-07 11:14:47 -04:00
George Kadianakis
f35f52e869 Hide crypto_digest_t again and use an accessor for tests. 2017-07-07 11:12:27 -04:00
George Kadianakis
70d08f764d Explicit length checks in create_rend_cpath().
Had to also edit hs_ntor_circuit_key_expansion() to make it happen.
2017-07-07 11:12:27 -04:00
George Kadianakis
c4d17faf81 Explicit length checks in circuit_init_cpath_crypto(). 2017-07-07 11:12:27 -04:00
George Kadianakis
2432499705 Rename get_rend_cpath() to create_rend_cpath().
based on Nick's review.
2017-07-07 11:12:27 -04:00
George Kadianakis
b490ae68c7 Rename rend_circuit_validate_purpose() based on Nick's review. 2017-07-07 11:12:27 -04:00
George Kadianakis
fee95dabcf Turn some warnings into bugs and non-fatal asserts. 2017-07-07 11:12:26 -04:00
George Kadianakis
91da032e9c Improve docs based on Nick's review. 2017-07-07 11:12:26 -04:00
George Kadianakis
9bccc04f8d test: Add service-side unittests for e2e rendezvous circuits. 2017-07-07 11:12:26 -04:00
George Kadianakis
173dd486e3 test: Add client-side unittests for e2e rend circuits. 2017-07-07 11:12:26 -04:00
George Kadianakis
dc3a2037f5 test: Move some test code to test helpers.
Move code to create connection streams and rend_data structures to
test_helpers so that we can use them from the e2e rendezvous circuit
unittests.
2017-07-07 11:12:26 -04:00
George Kadianakis
43a73f6eb6 test: Crypto groundwork for e2e circuit unittests.
- Move some crypto structures so that they are visible by tests.

- Introduce a func to count number of hops in cpath which will be used
  by the tests.

- Mark a function as mockable.
2017-07-07 11:12:26 -04:00
George Kadianakis
9ff5613a34 test: Introduce hs_client_note_connection_attempt_succeeded().
This commit paves the way for the e2e circuit unittests.

Add a stub for the prop224 equivalent of rend_client_note_connection_attempt_ended().

That function was needed for tests, since the legacy function would get
called when we attach streams and our client-side tests would crash with
assert failures on rend_data.

This also introduces hs_client.[ch] to the codebase.
2017-07-07 11:12:26 -04:00
David Goulet
0cb66fc900 prop224: Introduce e2e rendezvous circuit code.
This commit adds most of the work of #21859. It introduces hs_circuit.c
functions that can handle the setup of e2e circuits for prop224 hidden
services, and also for legacy hidden service clients. Entry points are:

		prop224 circuits: hs_circuit_setup_e2e_rend_circ()
		legacy client-side circuits: hs_circuit_setup_e2e_rend_circ_legacy_client()

This commit swaps the old rendclient code to use the new API.

I didn't try to accomodate the legacy service-side code in this API, since
that's too tangled up and it would mess up the new API considerably IMO (all
this service_pending_final_cpath_ref stuff is complicated and I didn't want to
change it).

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 11:12:26 -04:00
George Kadianakis
0b2018a4d0 Refactor legacy code to support hs_ident along with rend_data.
The legacy HS circuit code uses rend_data to match between circuits and
streams. We refactor some of that code so that it understands hs_ident
as well which is used for prop224.
2017-07-07 11:12:26 -04:00
George Kadianakis
83249015c2 Refactor circuit_init_cpath_crypto() to do prop224 rend circuits.
circuit_init_cpath_crypto() is responsible for creating the cpath of legacy
SHA1/AES128 circuits currently. We want to use it for prop224 circuits, so we
refactor it to create circuits with SHA3-256 and AES256 as well.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 11:12:26 -04:00
George Kadianakis
ba928e1ac8 Refactor the HS ntor key expansion to fit the e2e circuit API.
We want to use the circuit_init_cpath_crypto() function to setup our
cpath, and that function accepts a key array as input. So let's make our
HS ntor key expansion function also return a key array as output,
instead of a struct.

Also, we actually don't need KH from the key expansion, so the key
expansion output can be one DIGEST256_LEN shorter. See here for more
info: https://trac.torproject.org/projects/tor/ticket/22052#comment:3
2017-07-07 11:12:26 -04:00
David Goulet
f8dc1164ba prop224: Add connection and circuit identifier object
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-07-07 11:12:26 -04:00
Nick Mathewson
67b6ba6f2f Avoid a scan_build warning in dirvote_get_intermediate_param_value
Fixes bug 21495.
2017-07-07 11:08:28 -04:00
Nick Mathewson
ed0fb21834 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-07-07 10:56:31 -04:00
Nick Mathewson
66c85cd881 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-07 10:56:31 -04:00
Nick Mathewson
ae756f251f mingw fix: avoid "unused var" warning.
This is a backport of 19615bce64 to
fix bug 22838.
2017-07-07 10:54:24 -04:00
Karsten Loesing
b6acfa491e Update geoip and geoip6 to the July 4 2017 database. 2017-07-07 16:27:54 +02:00
Nick Mathewson
86eb63deb4 Merge remote-tracking branch 'public/bug19648' 2017-07-06 09:32:22 -04:00
Nick Mathewson
139799cdce Merge branch 'bug20488_029_squashed' 2017-07-06 09:29:03 -04:00
Nick Mathewson
41fe94ef15 Improve warning message to stop implying nickname reg is a thing.
Closing ticket 20488.
2017-07-06 09:28:31 -04:00
Nick Mathewson
68a2c75ab7 Merge branch 'maint-0.3.1' 2017-07-05 17:37:14 -04:00
Nick Mathewson
9919638e98 Fix a wide line from 22207 2017-07-05 17:37:06 -04:00
Nick Mathewson
93bd60e5b0 Merge branch 'maint-0.3.1' 2017-07-05 17:00:46 -04:00
Nick Mathewson
2251667ff2 Merge remote-tracking branch 'karsten/task-22207' into maint-0.3.1 2017-07-05 17:00:43 -04:00
Nick Mathewson
55777b3ff9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 16:11:48 -04:00
Nick Mathewson
0dc7d68bb5 Merge branch 'maint-0.3.1' 2017-07-05 16:11:48 -04:00
Nick Mathewson
15b13578e8 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 16:11:48 -04:00
Nick Mathewson
dfc0614840 Only disable -Wfloat-conversion on mingw when it exists.
The 22081 fix disabled -Wfloat-conversion, but -Wfloat-conversion
didn't exist in every relevant mingw; it was added in GCC 4.9.x some
time, if the documentation can be trusted.

Bug not in any released version of tor.
2017-07-05 16:10:45 -04:00
Nick Mathewson
a85ee62e74 Make the strings from #1667 static. 2017-07-05 15:59:17 -04:00
Nick Mathewson
13024c7932 Merge branch 'maint-0.3.1' 2017-07-05 15:57:09 -04:00
Nick Mathewson
9383fa3851 Fix mixed-sign comparison warning in fix for 22797. 2017-07-05 15:56:57 -04:00
Nick Mathewson
759154b1ad Fix unit test memory leak in certs_ok_ed25519.
Fixes bug 22803; bugfix on 0.3.0.1-alpha.
2017-07-05 15:42:25 -04:00
Nick Mathewson
546f5b364b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 13:43:31 -04:00
Nick Mathewson
15fddaffd5 Merge branch 'maint-0.3.1' 2017-07-05 13:43:31 -04:00
Nick Mathewson
5434b2451e Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 13:43:31 -04:00
Nick Mathewson
32c0066e4b Merge branch 'maint-0.2.8' into maint-0.2.9 2017-07-05 13:43:21 -04:00
Nick Mathewson
5ff0f1ab9e Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-07-05 13:42:47 -04:00
Nick Mathewson
6cd6d488dc Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-07-05 13:42:37 -04:00
Nick Mathewson
f6420bceec Merge branch 'maint-0.2.5' into maint-0.2.6 2017-07-05 13:42:32 -04:00
Nick Mathewson
ff8c230d7c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-07-05 13:42:26 -04:00
Nick Mathewson
16d2bce893 Allow setsockopt(IPV6_V6ONLY) in sandbox.
Fixes bug 20247.  We started setting V6ONLY in 0.2.3.13-alpha and
added the sandbox on 0.2.5.1-alpha.
2017-07-05 13:09:21 -04:00
Nick Mathewson
8bc70a2ad2 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-07-05 11:19:03 -04:00
Nick Mathewson
d4f08c74fe Merge branch 'maint-0.3.1' 2017-07-05 11:19:03 -04:00
Nick Mathewson
0f97f963e3 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-07-05 11:19:03 -04:00
Nick Mathewson
bb97f680e7 Merge branch 'bug22801_028' into maint-0.2.9 2017-07-05 11:18:59 -04:00
Nick Mathewson
e04cc7e27f Merge branch 'maint-0.3.1' 2017-07-05 11:16:51 -04:00
Nick Mathewson
e88aa98451 Merge branch 'teor-bug22797-025' into maint-0.3.1 2017-07-05 11:16:30 -04:00
teor
878e0d45a5 Always allow extra file descriptors when setting the connection maximum
When setting the maximum number of connections allowed by the OS,
always allow some extra file descriptors for other files.

Fixes bug 22797; bugfix on 0.2.0.10-alpha.
2017-07-05 11:15:10 -04:00
Donncha O'Cearbhaill
2be4f793e6 Add a timestamp field to the CIRC_BW and STREAM_BW events
Closes ticket 19254.
2017-07-05 11:14:56 -04:00
Nick Mathewson
cd77ea782e Merge branch 'neena-fix-1667' 2017-07-05 11:01:36 -04:00
Nick Mathewson
03b6cfd591 Extract "not an HTTP proxy" messages. 2017-07-05 11:01:17 -04:00
Nick Mathewson
46e83477c1 Merge branch 'bug15554_032_01_squashed' 2017-07-05 10:15:24 -04:00
George Kadianakis
17bd118b4c Add test that parses a hardcoded v2 descriptor. 2017-07-05 10:14:26 -04:00
Nick Mathewson
13ccca69f1 Merge branch 'onionskin_refactor_2' 2017-07-05 10:01:48 -04:00
cypherpunks
c79e286386 Use the proper syscall in sandbox error messages
Fixes #22750.
2017-07-05 09:56:28 -04:00
Nick Mathewson
3402b14089 Merge remote-tracking branch 'asn/ticket22727_032_02' 2017-07-05 09:49:12 -04:00
Nick Mathewson
b6c8530fc3 Merge remote-tracking branch 'dgoulet/ticket22726_032_02' 2017-07-05 09:36:31 -04:00
Roger Dingledine
943d284752 CREATE_FAST is for when you don't know the onion key
it isn't (anymore) for when you think you can get away with saving some
crypto operations.
2017-07-03 17:20:52 -04:00
Roger Dingledine
69fba1f2cd better comments and mild refactoring 2017-07-03 17:13:08 -04:00
Nick Mathewson
9b44e2e50e Document the new functions from the refactor 2017-07-03 16:54:41 -04:00
Nick Mathewson
2814b86875 Reindent the functions split from circuit_send_next_onion_skin().
This is a whitespace change only.
2017-07-03 16:54:41 -04:00
Nick Mathewson
935f84bd40 Split circuit_send_next_onion_skin() into its three main cases.
This commit is designed to have a very small diff.  Therefore,
the indentation is wrong.  The next commit will fix that.
2017-07-03 16:54:41 -04:00
Nick Mathewson
bb3f74e66b Fix assertion failure related to openbsd strtol().
Fixes bug 22789; bugfix on 0.2.3.8-alpha.
2017-07-03 11:22:27 -04:00
Nick Mathewson
5361032219 Fix -Wfloat-conversion C warnings on mingw in clamp_double_to_int64.
We just have to suppress these warnings: Mingw's math.h uses gcc's
__builtin_choose_expr() facility to declare isnan, isfinite, and
signbit.  But as implemented in at least some versions of gcc,
__builtin_choose_expr() can generate type warnings even from
branches that are not taken.

Fixes bug 22801; bugfix on 0.2.8.1-alpha.
2017-07-03 10:59:31 -04:00
Roger Dingledine
0fe7c42e0e general formatting / whitespace / typo fixes 2017-07-01 17:56:06 -04:00
Nick Mathewson
83dc072e67 Bump version to 0.3.1.4-alpha-dev 2017-06-29 18:45:49 -04:00
Nick Mathewson
d9427c00df bump to 0.3.0.9-dev 2017-06-29 18:44:43 -04:00
Nick Mathewson
a53573559f Bump 0.3.1 to 0.3.1.4-alpha 2017-06-29 16:36:50 -04:00
Nick Mathewson
98ffb2e722 Update maint-0.3.0 to 0.3.0.9 2017-06-29 16:35:40 -04:00
Nick Mathewson
71b9f4f0bb Merge branch 'maint-0.3.1' 2017-06-29 15:57:49 -04:00
Nick Mathewson
1712dc98b0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-29 15:57:48 -04:00
Nick Mathewson
52c4440c48 Merge branch 'trove-2017-006' into maint-0.3.0 2017-06-29 15:57:42 -04:00
Nick Mathewson
3781678a3c Merge branch 'maint-0.3.1' 2017-06-29 11:38:06 -04:00
Nick Mathewson
31a08ba26f Merge remote-tracking branch 'public/bug22670_031' into maint-0.3.1 2017-06-29 11:34:06 -04:00
Nick Mathewson
2c718c1a12 Merge branch 'maint-0.3.1' 2017-06-29 10:43:50 -04:00
Nick Mathewson
bb5968cae1 Merge branch 'ticket22684' 2017-06-29 10:16:15 -04:00
Nick Mathewson
88666d0482 Adjust unit tests to account for fix to bug 22753.
Our mock network put all the guards on the same IPv4 address, which
doesn't fly when we start applying EnforceDistinctSubnets.  So in
this commit, I disable EnforceDistinctSubnets when running the old
guard_restriction_t test.

This commit also adds a regression test for #22753.
2017-06-29 10:11:21 -04:00
Nick Mathewson
665baf5ed5 Consider the exit family when applying guard restrictions.
When the new path selection logic went into place, I accidentally
dropped the code that considered the _family_ of the exit node when
deciding if the guard was usable, and we didn't catch that during
code review.

This patch makes the guard_restriction_t code consider the exit
family as well, and adds some (hopefully redundant) checks for the
case where we lack a node_t for a guard but we have a bridge_info_t
for it.

Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-006
and CVE-2017-0377.
2017-06-29 09:57:00 -04:00
Nick Mathewson
a088a08eeb Log real error message when unable to remove a storagedir file
Attempts to help diagnose 22752.
2017-06-28 14:24:27 -04:00
Nick Mathewson
de5f0d8ba7 Replace crash on missing handle in consdiffmgr with nonfatal assert
Attempts to mitigate 22752.
2017-06-28 14:21:21 -04:00
Nick Mathewson
4c21d4ef7a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-28 14:03:23 -04:00
Nick Mathewson
ec9c6d7723 Merge remote-tracking branch 'teor/bug21507-029' into maint-0.2.9 2017-06-28 14:03:20 -04:00
Nick Mathewson
4060253749 Merge remote-tracking branch 'teor/bug21576_029_v2' into maint-0.2.9 2017-06-28 13:57:54 -04:00
Nick Mathewson
75c6fdd286 whitespace fix 2017-06-28 13:53:52 -04:00
Nick Mathewson
e84127d99e Merge remote-tracking branch 'asn/bug21969_bridges_030' into maint-0.3.0 2017-06-28 13:48:52 -04:00
Nick Mathewson
01404d7c52 Merge branch 'maint-0.3.1' 2017-06-28 12:25:09 -04:00
George Kadianakis
551ad20c43 nodelist: Make HSv3 protover magic numbers a bit more readable. 2017-06-28 18:32:32 +03:00
Alexander Færøy
c239b2fc9c Fix crash in LZMA module when the Sandbox is enabled.
This patch fixes a crash in our LZMA module where liblzma will allocate
slightly more data than it is allowed to by its limit, which leads to a
crash.

See: https://bugs.torproject.org/22751
2017-06-28 10:00:24 -04:00
George Kadianakis
f85c1874ad ed25519: Add tests blinding bad ed25519 pubkeys. 2017-06-28 16:02:21 +03:00
George Kadianakis
0269e4ffba ed25519: Also check that retval in the ref10 implementation. 2017-06-28 14:58:22 +03:00
George Kadianakis
0d9873ac0d ed25519: Check retval of unpack_negative_vartime in donna. 2017-06-28 14:58:22 +03:00
Nick Mathewson
559195ea82 Merge branch 'maint-0.3.1' 2017-06-27 18:28:38 -04:00
Alexander Færøy
0a4af86335 Return "304 not modified" if a client already have the most recent consensus.
This makes our directory code check if a client is trying to fetch a
document that matches a digest from our latest consensus document.

See: https://bugs.torproject.org/22702
2017-06-27 18:25:48 -04:00
Alexander Færøy
07f2940b45 Set published_out for consensus cache entries in spooled_resource_estimate_size().
This patch ensures that the published_out output parameter is set to the
current consensus cache entry's "valid after" field.

See: https://bugs.torproject.org/22702
2017-06-27 18:25:48 -04:00
Nick Mathewson
733ce556ad Merge branch 'asn_bug22006_final_squashed' 2017-06-27 18:21:46 -04:00
Nick Mathewson
3f94041589 no newlines in log messages. 2017-06-27 18:21:35 -04:00
Nick Mathewson
c0f0351e06 whitespace fix 2017-06-27 17:22:53 -04:00
Nick Mathewson
7fff6cfead Merge branch 'asn_bug22006_final_squashed' 2017-06-27 17:19:08 -04:00
George Kadianakis
a155035d20 ed25519: Dirauths validate router ed25519 pubkeys before pinning. 2017-06-27 17:17:58 -04:00
George Kadianakis
e8eee3a50e ed25519: Add unittests for ed25519 pubkey validation. 2017-06-27 17:17:58 -04:00
George Kadianakis
559658ff1c ed25519: Add func that checks for torsion component in pubkeys.
See https://lists.torproject.org/pipermail/tor-dev/2017-April/012213.html .
2017-06-27 17:17:58 -04:00
Nick Mathewson
f367453cb5 Mark descriptors as undownloadable when dirserv_add_() rejects them
As of ac2f6b608a in 0.2.1.19-alpha,
Sebastian fixed bug 888 by marking descriptors as "impossible" by
digest if they got rejected during the
router_load_routers_from_string() phase. This fix stopped clients
and relays from downloading the same thing over and over.

But we never made the same change for descriptors rejected during
dirserv_add_{descriptor,extrainfo}.  Instead, we tried to notice in
advance that we'd reject them with dirserv_would_reject().

This notice-in-advance check stopped working once we added
key-pinning and didn't make a corresponding key-pinning change to
dirserv_would_reject() [since a routerstatus_t doesn't include an
ed25519 key].

So as a fix, let's make the dirserv_add_*() functions mark digests
as undownloadable when they are rejected.

Fixes bug 22349; I am calling this a fix on 0.2.1.19-alpha, though
you could also argue for it being a fix on 0.2.7.2-alpha.
2017-06-27 12:01:46 -04:00
Nick Mathewson
3483f7c003 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-27 11:04:44 -04:00
Nick Mathewson
9a0fd2dbb1 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-27 11:04:44 -04:00
Nick Mathewson
3de27618e6 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-27 11:04:44 -04:00
Nick Mathewson
ccae991662 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-27 11:04:44 -04:00
Nick Mathewson
a242d194c7 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-27 11:04:44 -04:00
Nick Mathewson
711160a46f Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-27 11:04:44 -04:00
Nick Mathewson
32eba3d6aa Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-27 11:04:44 -04:00
Nick Mathewson
0576f9f433 Merge branch 'maint-0.3.1' 2017-06-27 11:04:44 -04:00
Nick Mathewson
8d2978b13c Fix an errant memset() into the middle of a struct in cell_pack().
This mistake causes two possible bugs. I believe they are both
harmless IRL.

BUG 1: memory stomping

When we call the memset, we are overwriting two 0 bytes past the end
of packed_cell_t.body. But I think that's harmless in practice,
because the definition of packed_cell_t is:

// ...
typedef struct packed_cell_t {
  TOR_SIMPLEQ_ENTRY(packed_cell_t) next;
  char body[CELL_MAX_NETWORK_SIZE];
  uint32_t inserted_time;
} packed_cell_t;

So we will overwrite either two bytes of inserted_time, or two bytes
of padding, depending on how the platform handles alignment.

If we're overwriting padding, that's safe.

If we are overwriting the inserted_time field, that's also safe: In
every case where we call cell_pack() from connection_or.c, we ignore
the inserted_time field. When we call cell_pack() from relay.c, we
don't set or use inserted_time until right after we have called
cell_pack(). SO I believe we're safe in that case too.

BUG 2: memory exposure

The original reason for this memset was to avoid the possibility of
accidentally leaking uninitialized ram to the network. Now
remember, if wide_circ_ids is false on a connection, we shouldn't
actually be sending more than 512 bytes of packed_cell_t.body, so
these two bytes can only leak to the network if there is another bug
somewhere else in the code that sends more data than is correct.

Fortunately, in relay.c, where we allocate packed_cell_t in
packed_cell_new() , we allocate it with tor_malloc_zero(), which
clears the RAM, right before we call cell_pack. So those
packed_cell_t.body bytes can't leak any information.

That leaves the two calls to cell_pack() in connection_or.c, which
use stack-alocated packed_cell_t instances.

In or_handshake_state_record_cell(), we pass the cell's contents to
crypto_digest_add_bytes(). When we do so, we get the number of
bytes to pass using the same setting of wide_circ_ids as we passed
to cell_pack(). So I believe that's safe.

In connection_or_write_cell_to_buf(), we also use the same setting
of wide_circ_ids in both calls. So I believe that's safe too.

I introduced this bug with 1c0e87f6d8
back in 0.2.4.11-alpha; it is bug 22737 and CID 1401591
2017-06-27 10:47:20 -04:00
Nick Mathewson
22f441d4ee Merge branch 'maint-0.3.1' 2017-06-27 10:32:50 -04:00
Nick Mathewson
fd16dd2608 Merge branch 'bug22719_031' into maint-0.3.1 2017-06-27 10:31:33 -04:00
David Goulet
c17a04376d nodelist: Add functions to check for HS v3 support
This introduces node_supports_v3_hsdir() and node_supports_ed25519_hs_intro()
that checks the routerstatus_t of a node and if not present, checks the
routerinfo_t.

This is groundwork for proposal 224 service implementation in #20657.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-27 10:24:15 -04:00
David Goulet
82dee76740 hs: Ignore unparseable v3 introduction point
It is possible that at some point in time a client will encounter unknown or
new fields for an introduction point in a descriptor so let them ignore it for
forward compatibility.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-27 10:19:57 -04:00
Nick Mathewson
f6df433b91 Merge branch 'maint-0.3.1' 2017-06-26 14:30:21 -04:00
Nick Mathewson
32596016a2 Merge branch 'bug22105_031' into maint-0.3.1 2017-06-26 14:30:17 -04:00
Nick Mathewson
c29a559e7b Merge branch 'maint-0.3.1' 2017-06-26 14:15:21 -04:00
Nick Mathewson
d72cfb259d Patch for 22720 from huyvq: exit(1) more often
See changes file for full details.
2017-06-26 14:14:56 -04:00
Nick Mathewson
06414b9922 Merge branch 'maint-0.3.1' 2017-06-26 11:39:43 -04:00
Nick Mathewson
8f59661dba Merge branch 'bug22212_squashed' into maint-0.3.1 2017-06-26 11:27:09 -04:00
Mike Perry
0592ee45fc Demote a log message due to libevent delays.
This is a side-effect of being single-threaded. The worst cases of this are
actually Bug #16585.
2017-06-26 11:26:59 -04:00
Nick Mathewson
82a68be69a Merge branch 'maint-0.3.1' 2017-06-26 10:32:57 -04:00
Nick Mathewson
0c7c49483f Fix a coverity warning about a no-op assert with-64 bit size_t
This is CID 1403400
2017-06-26 10:31:13 -04:00
Nick Mathewson
b546d8bc2b Try a little harder to make sure we never call tor_compress_process wrong. 2017-06-26 09:39:59 -04:00
Nick Mathewson
acbe16a9a2 Log even more to try to debug 22719 2017-06-24 13:40:02 -04:00
Nick Mathewson
6caf924605 Add an additional log message to try to diagnose #22719 2017-06-24 11:27:46 -04:00
Mike Perry
79e2e4d3cb Ticket #17857: Padding off-switch for single hop connections
This doesn't apply to currently active connections.. yet...
2017-06-23 16:53:39 -04:00
Nick Mathewson
89d0261eb5 Merge remote-tracking branch 'isis/bug4019' 2017-06-23 14:38:20 -04:00
Nick Mathewson
80360ed9fa Merge branch 'bug3056_squashed' 2017-06-23 09:28:27 -04:00
Nick Mathewson
96fab4aaa6 Improve clarity, safety, and rate of dns spoofing log msg
Closes ticket 3056.
2017-06-23 09:28:17 -04:00
Nick Mathewson
90046a09dd Merge branch 'maint-0.3.1' 2017-06-22 10:56:08 -04:00
Nick Mathewson
2c49a9852d Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-22 10:56:08 -04:00
Nick Mathewson
bdd267e74d Combine our "don't do this if no consensus" entryguards checks
Suggested by asn on 22400 review.
2017-06-22 09:28:30 -04:00
Nick Mathewson
34ecfeb479 whitespace fix 2017-06-22 08:16:48 -04:00
Nick Mathewson
b9d8c8b126 Merge remote-tracking branch 'rl1987/bug22461' 2017-06-22 08:11:36 -04:00
Nick Mathewson
dc9ec519b5 Merge remote-tracking branch 'public/bug7890' 2017-06-22 08:04:12 -04:00
Isis Lovecruft
28344b74ba
config: Fix duplicate error message for nonlocal SocksPorts.
If `validate_only` is true, then just validate the configuration without warning
about it.  This way, we only emit warnings when the listener is actually opened.
(Otherwise, every time we parse the config we will might re-warn and we would
need to keep state; whereas the listeners are only opened once.)

 * FIXES #4019.
2017-06-22 00:28:31 +00:00
Roger Dingledine
005500e14d make assign_onionskin_to_cpuworker failure case more clear
now it looks like the other time we call it
2017-06-21 17:42:10 -04:00
Nick Mathewson
3a8a92fddd Merge branch 'callgraph_reduction_v2' 2017-06-21 16:47:55 -04:00
Nick Mathewson
5dcc6bef1e Add GETINFO targets to determine whether md/desc fetching is enabled
Closes ticket 22684.
2017-06-21 16:45:31 -04:00
Nick Mathewson
1c0a2335cd Extract channel_do_open_actions() from non-open _change_state cases
This reduces the size of the largest SCC in the callgraph by 30
functions, from 58 to 28.
2017-06-21 14:03:00 -04:00
Nick Mathewson
5d3f484f4a Merge branch 'maint-0.3.1' 2017-06-21 13:54:07 -04:00
Nick Mathewson
784b29a2bf Merge branch 'bug22356_029' into maint-0.3.1 2017-06-21 13:54:02 -04:00
Nick Mathewson
35d6313500 Call it a BUG to use -1 in authdir_mode_handles_descs 2017-06-21 13:49:17 -04:00
huyvq
ad97714f22 Remove obsolete authdir_mode_any_nonhidserv()
- Replace it with authdir_mode()
2017-06-21 13:49:17 -04:00
huyvq
18cd1993ca Convert authdir_mode_handles_descs() to alternative wrappers
-authdir_mode_handles_descs(options, ROUTER_PURPOSE_BRIDGE) to authdir_mode_bridge(options).

- authdir_mode_handles_descs(options, ROUTER_PURPOSE_GENERAL) to authdir_mode_v3(options).
2017-06-21 13:49:17 -04:00
huyvq
d92b999757 Convert authdir_mode_handles_descs(options, -1) with authdir_mode(options) 2017-06-21 13:49:17 -04:00
huyvq
0471c905a1 Remove obsolete authdir_mode_any_main() 2017-06-21 13:49:17 -04:00
Kevin Butler
0a96d11539 Better error message for GETINFO desc/(id|name) whenever microdescriptors are in use. Fixes #5847. 2017-06-21 12:19:01 -04:00
Nick Mathewson
6595f55020 unit tests for peek_buf_startswith() 2017-06-21 11:20:33 -04:00