Commit Graph

35300 Commits

Author SHA1 Message Date
Nick Mathewson
c0bc30b6f0 Merge branch 'maint-0.3.5' into maint-0.4.2 2020-07-27 12:56:18 -04:00
David Goulet
564a9a54a1 fallbackdir: Remove all three Digitalcourage3 relays
They are about to be shutdown in September.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-24 14:56:07 -04:00
Nick Mathewson
f7dbae4e89 Merge branch 'maint-0.4.3' into release-0.4.3 2020-07-23 10:09:14 -04:00
Nick Mathewson
6354b70e49 Merge branch 'maint-0.4.2' into maint-0.4.3 2020-07-23 10:09:14 -04:00
Nick Mathewson
3bcbd69a77 Merge branch 'maint-0.3.5' into maint-0.4.2 2020-07-23 10:09:14 -04:00
Nick Mathewson
f916ddd312 More info in the fallbackdir changes file 2020-07-23 10:08:42 -04:00
David Goulet
6f19e67c98 fallbackdir: Update list for 2020
Closes #40061

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-07-23 10:05:11 -04:00
Nick Mathewson
ceb6585a4b Treat all extorport connections with un-set addresses as remote
Without this fix, if an PT forgets to send a USERADDR command, that
results in a connection getting treated as local for the purposes of
rate-limiting.

If the PT _does_ use USERADDR, we still believe it.

Closes ticket 33747.
2020-07-22 15:21:56 -04:00
Nick Mathewson
faa752f3c9 Adjust the rules for warning about too many connections.
Previously we tolerated up to 1.5 connections for every relay we
were connected to, and didn't warn if we had fewer than 5
connections total.

Now we tolerate up to 1.5 connections per relay, and up to 4
connections per authority, and we don't warn at all when we have
fewer than 25 connections total.

Fixes bug 33880, which seems to have been provoked by our #17592
change in 0.3.5.
2020-07-22 14:45:03 -04:00
David Goulet
05af1e25a0 Merge branch 'maint-0.4.3' into release-0.4.3 2020-07-13 14:58:40 -04:00
Nick Mathewson
0acc3ae879 Remove check-cocci from check-local target.
check-cocci is still a good idea -- perhaps as a cron job?  But
doing it as part of our regular tests has just been confusing,
especially to volunteers who shouldn't have to become coccinelle
experts in order to get their patches through our CI.

Closes #40030.
2020-07-13 09:24:26 -04:00
Nick Mathewson
40eb6b19a3 NSS: Tell NSS that our SSL sockets are nonblocking.
Closes ticket 40035.
2020-07-10 13:14:33 -04:00
Nick Mathewson
af46b1d8cd Merge branch 'maint-0.4.3' into release-0.4.3 2020-07-09 13:15:59 -04:00
Nick Mathewson
3517d20322 Bump to 0.4.3.6-dev 2020-07-09 13:15:15 -04:00
Nick Mathewson
42c0358ceb Merge branch 'maint-0.4.2' into maint-0.4.3
`-s ours` to avoid version bump.
2020-07-09 13:14:58 -04:00
Nick Mathewson
49b4d1765c Bump to 0.4.2.8-dev 2020-07-09 13:14:48 -04:00
Nick Mathewson
6e01d5e685 Merge branch 'maint-0.3.5' into maint-0.4.2
`-s ours` to avoid version bump.
2020-07-09 13:14:22 -04:00
Nick Mathewson
c9751e2611 Bump to 0.3.5.11-dev 2020-07-09 13:12:45 -04:00
Nick Mathewson
30711296fd Merge branch 'maint-0.4.3' into release-0.4.3 2020-07-09 10:32:39 -04:00
Nick Mathewson
7ba849349a Update version to 0.4.3.6. 2020-07-09 10:31:09 -04:00
Nick Mathewson
70161785f9 Merge branch 'maint-0.4.2' into maint-0.4.3
`-s ours` to avoid version bump.
2020-07-09 10:30:46 -04:00
Nick Mathewson
5aaecf6d07 Update version to 0.4.2.8. 2020-07-09 10:30:37 -04:00
Nick Mathewson
78285594f5 Merge branch 'maint-0.3.5' into maint-0.4.2
`-s ours` to avoid version bump.
2020-07-09 10:30:03 -04:00
Nick Mathewson
0bb227d170 bump to 0.3.5.11 2020-07-09 10:28:21 -04:00
Nick Mathewson
412546c481 043: copy changelog into release notes 2020-07-09 10:24:47 -04:00
Nick Mathewson
9fd445f884 final entries for 0.4.3.6 changelog 2020-07-09 10:18:52 -04:00
Nick Mathewson
af08dad6d1 Merge branch 'maint-0.4.2' into maint-0.4.3 2020-07-09 09:28:53 -04:00
Nick Mathewson
283ce30c53 Merge branch 'maint-0.3.5' into maint-0.4.2 2020-07-09 09:28:53 -04:00
Nick Mathewson
18338f8771 Merge branch 'maint-0.4.3' into release-0.4.3 2020-07-09 09:28:53 -04:00
Nick Mathewson
7142f3e435 Merge branch 'trove_2020_001_035' into maint-0.3.5 2020-07-09 09:28:36 -04:00
Alexander Færøy
c364e0e83b Merge branch 'maint-0.4.2' into maint-0.4.3 2020-07-08 00:36:48 +00:00
Alexander Færøy
cee58b7f92 Merge branch 'maint-0.4.3' into release-0.4.3 2020-07-08 00:36:48 +00:00
Alexander Færøy
b81e24cda6 Merge branch 'maint-0.3.5' into maint-0.4.2 2020-07-08 00:36:47 +00:00
Nick Mathewson
3e08dd9df1 Resolve a compiler warning from a 32-bit signed/unsigned comparison
This warning only affects platforms (like win32) with 32-bit time_t.

Fixes bug 40028; bugfix on 0.3.2.8-rc.
2020-07-07 15:05:38 -04:00
Alexander Færøy
a213d27938 Merge branch 'maint-0.4.2' into maint-0.4.3 2020-07-07 14:48:36 +00:00
Alexander Færøy
dc45f0a8cb Merge branch 'maint-0.4.3' into release-0.4.3 2020-07-07 14:48:36 +00:00
Alexander Færøy
19d579e8cb Merge branch 'maint-0.3.5' into maint-0.4.2 2020-07-07 14:48:35 +00:00
David Goulet
d9cc2b2928 CI: Fix Appveyor printf format error
For some reasons, Appveyor started to use the stdio printf format for 64 bit
values (PRIu64, ...). Mingw doesn't like that so force it to use the Windows
specific macros by setting D__USE_MINGW_ANSI_STDIO=0.

Fixes #40026
2020-07-07 09:53:54 -04:00
Nick Mathewson
084cc7f6f8 Remove a changelog item that already appeared in 0.4.3.5 2020-07-06 17:05:35 -04:00
Nick Mathewson
c8f1ccbaef Start 0.4.3.6 changelog 2020-07-06 16:52:41 -04:00
Nick Mathewson
8f72303699 Remove changes files that were included in 0.4.3.5 2020-07-06 16:47:56 -04:00
Alexander Færøy
7b2d10700f Use ((x + 7) >> 3) instead of (x >> 3) when converting from bits to bytes.
This patch changes our bits-to-bytes conversion logic in the NSS
implementation of `tor_tls_cert_matches_key()` from using (x >> 3) to
((x + 7) >> 3) since DER bit-strings are allowed to contain a number of
bits that is not a multiple of 8.

Additionally, we add a comment on why we cannot use the
`DER_ConvertBitString()` macro from NSS, as we would potentially apply
the bits-to-bytes conversion logic twice, which would lead to an
insignificant amount of bytes being compared in
`SECITEM_ItemsAreEqual()` and thus turn the logic into being a
prefix match instead of a full match.

The `DER_ConvertBitString()` macro is defined in NSS as:

    /*
    ** Macro to convert der decoded bit string into a decoded octet
    ** string. All it needs to do is fiddle with the length code.
    */
    #define DER_ConvertBitString(item)            \
        {                                         \
            (item)->len = ((item)->len + 7) >> 3; \
        }

Thanks to Taylor Yu for spotting this problem.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
06f1e959c2 Add constness to length variables in tor_tls_cert_matches_key.
We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
`tor_tls_cert_matches_key` to ensure that we don't accidentally alter
the variables.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
b46984e97e Fix out-of-bound memory read in tor_tls_cert_matches_key() for NSS.
This patch fixes an out-of-bound memory read in
`tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS
instead of OpenSSL.

The NSS library stores some length fields in bits instead of bytes, but
the comparison function found in `SECITEM_ItemsAreEqual()` needs the
length to be encoded in bytes. This means that for a 140-byte,
DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key
in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120
bytes instead of 140 (140bytes * 8bits = 1120bits).

This patch fixes the issue by converting from bits to bytes before
calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to
bits before we leave the function.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
Alexander Færøy
33e1c2e6fd Run tor_tls_cert_matches_key() Test Suite with both OpenSSL and NSS.
This patch lifts the `tor_tls_cert_matches_key()` tests out of the
OpenSSL specific TLS test suite and moves it into the generic TLS test
suite that is executed for both OpenSSL and NSS.

This patch is largely a code movement, but we had to rewrite parts of
the test to avoid using OpenSSL specific data-types (such as `X509 *`)
and replace it with the generic Tor abstraction type
(`tor_x509_cert_impl_t *`).

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119
2020-07-06 16:19:16 -04:00
David Goulet
9eedfefc3d Merge branch 'maint-0.4.3' into release-0.4.3 2020-07-02 07:20:58 -04:00
David Goulet
5a5ff3d8c5 Merge branch 'maint-0.4.2' into maint-0.4.3 2020-07-02 07:20:57 -04:00
David Goulet
07d8d398ca Merge branch 'maint-0.3.5' into maint-0.4.2 2020-07-02 07:20:57 -04:00
Nick Mathewson
39830b6408 Downgrade "Bug: No entry found in extrainfo map" message.
This is not actually a bug!  It can happen for a bunch of reasons,
which all boil down to "trying to add an extrainfo for which we no
longer have the corresponding routerinfo".

Fixes #16016; bugfix on 0.2.6.3-alpha.
2020-06-30 11:54:13 -04:00
Alexander Færøy
be17fa1693 Merge branch 'maint-0.4.3' into release-0.4.3 2020-06-30 14:23:41 +00:00