Commit Graph

18570 Commits

Author SHA1 Message Date
David Goulet
a3bbb9ce77 fixup! Move encode_cert to torcert.c and rename it to tor_cert_encode_ed22519() 2016-11-10 11:00:59 -05:00
Neel Chauhan
9f74f8f732 Move encode_cert to torcert.c and rename it to tor_cert_encode_ed22519()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-10 11:00:50 -05:00
Nick Mathewson
1be671f505 Trunnel-side: start migrating extend/extend2 to trunnel 2016-11-10 09:43:27 -05:00
Nick Mathewson
b5e75ae7dd Add an ed25519 identity to extend_info 2016-11-10 09:43:27 -05:00
Nick Mathewson
8406677a5e Accessor functions to get a node's ID keys. 2016-11-10 09:43:27 -05:00
Nick Mathewson
431565e053 Helper function to see if an ed25519 pk is set. 2016-11-10 09:43:27 -05:00
Nick Mathewson
0980787f91 Merge remote-tracking branch 'dgoulet/bug20570_030_01' 2016-11-10 09:28:31 -05:00
Nick Mathewson
5e16c3f5fa Merge remote-tracking branch 'dgoulet/bug20567_030_01' 2016-11-10 09:27:45 -05:00
Nick Mathewson
b6164e1604 Merge remote-tracking branch 'public/feature20552' 2016-11-10 09:25:11 -05:00
Nick Mathewson
217b895831 Merge remote-tracking branch 'dgoulet/ticket19642_030_01' 2016-11-10 09:16:00 -05:00
Matt Nordhoff
7dee70c3e1 Add "TByte" and "TBytes" units; also add "TBits" to man page 2016-11-10 09:13:27 -05:00
Nick Mathewson
0f4f63b7b8 Merge branch 'maint-0.2.9' 2016-11-10 09:11:35 -05:00
Nick Mathewson
e8e7a8f3db Merge remote-tracking branch 'teor/bug20613' into maint-0.2.9 2016-11-10 09:10:55 -05:00
rubiate
d46c1b49a4 Do not serve a consensus if it is too old
Closes ticket 20511.
2016-11-10 10:16:18 +13:00
Nick Mathewson
d564187dee Merge branch 'maint-0.2.9' 2016-11-08 19:25:44 -05:00
teor
0ec94588ab
Stop logging single onion and Tor2web long-term one-hop circuits
Single onion services and Tor2web deliberately create long-term one-hop
circuits to their intro and rend points, respectively.

These log messages are intended to diagnose issue 8387, which relates to
circuits hanging around forever for no reason.

Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly".
2016-11-09 11:23:51 +11:00
Nick Mathewson
e4ef9f7491 In torrc.sample.in, note that bandwidth must be >=75 KB.
Queue a corresponding change for torrc.minimal.in.

Closes ticket 20085.
2016-11-08 19:23:49 -05:00
teor
5dca9487c4
Call get_options() once at the top of circuit_log_ancient_one_hop_circuits()
Refactoring, no behaviour change.
2016-11-09 11:15:48 +11:00
Nick Mathewson
c58592e658 Merge branch 'maint-0.2.9' 2016-11-08 18:51:19 -05:00
Nick Mathewson
89ec191b68 Merge remote-tracking branch 'public/bug20306_029' into maint-0.2.9 2016-11-08 18:51:07 -05:00
Nick Mathewson
31f41fe096 Merge branch 'maint-0.2.9' 2016-11-08 18:45:10 -05:00
Nick Mathewson
286fa94064 Use va_copy() in pure-windows version of tor_asprintf().
It's not okay to use the same varargs list twice, and apparently
some windows build environments produce code here that would leave
tor_asprintf() broken. Fix for bug 20560; bugfix on 0.2.2.11-alpha
when tor_asprintf() was introduced.
2016-11-08 18:44:06 -05:00
David Goulet
34f14a35b6 hs: Add single-onion-service line to v3 descriptor
This field indicates if the service is a Single Onion Service if present in
the descriptor.

Closes #19642

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-08 13:22:42 -05:00
Nick Mathewson
74e84b7eb7 Bump version to 0.2.9.5-alpha-dev 2016-11-08 07:55:15 -05:00
Nick Mathewson
d1a0f2e7e4 Merge branch 'maint-0.2.9' 2016-11-08 07:12:16 -05:00
teor
38e3f91c63
When using exponential backoff in test networks, use a lower exponent
Lower exponents mean that delays do not vary as much. This helps test
networks bootstrap consistently.

Bugfix on 20499.
2016-11-08 16:42:26 +11:00
Nick Mathewson
3dfecffa7d bump version to 0.2.9.5-alpha 2016-11-07 16:38:53 -05:00
Nick Mathewson
3e3040a5d9 Merge branch 'maint-0.2.9'
Conflicts:
	src/or/rendservice.c
2016-11-07 16:31:40 -05:00
Nick Mathewson
c2fc0941a5 Merge remote-tracking branch 'teor/bug20484_029_v2' into maint-0.2.9 2016-11-07 16:12:13 -05:00
Nick Mathewson
7236e42684 Merge branch 'maint-0.2.9' 2016-11-07 16:10:55 -05:00
Nick Mathewson
e482541cfb Fix another 20499-broken test 2016-11-07 16:10:42 -05:00
Nick Mathewson
d2071c36f6 Fix a unit test (broken by recent 20499 hacking) 2016-11-07 16:02:55 -05:00
David Goulet
4ff534495f hs: Document arguments of rend_data_*_create()
Fixes #20567

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-07 14:03:32 -05:00
Nick Mathewson
89edef6afb Treat bacoff/schedule mismatch as a bug. 2016-11-07 11:05:57 -05:00
Nick Mathewson
1934bf75ef Merge branch 'maint-0.2.9' 2016-11-07 11:02:15 -05:00
Nick Mathewson
e51f105c41 Reduce multiplier to 3, per teor's recommendation on #20534
(Three _is_ a good number for anonymity!)
2016-11-07 11:01:21 -05:00
Nick Mathewson
85970f7047 Always increment delays by at least 1. 2016-11-07 11:01:21 -05:00
Nick Mathewson
1fdf6e5814 Avoid integer overflow in delay calculation. 2016-11-07 11:01:21 -05:00
Nick Mathewson
864c42f4d6 Count HTTP 503 as a download failure.
Because as Teor puts it: "[Resetting on 503] is exactly what we
don't want when relays are busy - imagine clients doing an automatic
reset every time they DoS a relay..."

Fixes bug 20593.
2016-11-07 11:01:21 -05:00
Nick Mathewson
667ba776b1 Adjust download schedules per teor's #20534 recommendataions 2016-11-07 11:01:20 -05:00
David Goulet
18e0a0b70d test: Remove useless HS decode multiple intro points
The test was broken and skipped because the hardcoded cross certificate didn't
include the dynamically generated signing key generated by the test. The only
way we could have fixed that is extracting the signing key from the hardcoded
string and put it in the descriptor object or dynamically generate the cross
certificate.

In the end, all this was kind of pointless as we already test the decoding of
multiple introduction points elsewhere and we don't gain anything with that
specific test thus the removal.

Fixes #20570

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-07 10:59:30 -05:00
David Goulet
3ee9a6d6fd hs: Remove EnableOnionServiceV3 consensus param
As of #19899, we decided to allow any relay understanding the onion service
version 3 protocol to be able to use it. The service and client will be the
one controlled by a consensus parameter (different one for both of them) but
if you are a relay and you can understand a protocol, basically you should use
the feature.

Closes #19899

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-07 10:49:10 -05:00
Nick Mathewson
800dff1308 Merge branch 'maint-0.2.9' 2016-11-07 09:32:21 -05:00
Nick Mathewson
e4b793fe41 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-07 09:32:00 -05:00
Nick Mathewson
2639fd08e7 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-11-07 09:31:36 -05:00
Nick Mathewson
f5fdf188b9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-11-07 09:30:42 -05:00
Nick Mathewson
6c2174d44d Merge branch 'maint-0.2.5' into maint-0.2.6 2016-11-07 09:30:16 -05:00
Nick Mathewson
db2571be61 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-11-07 09:29:54 -05:00
Nick Mathewson
d82ffb77f3 Merge branch '20499_part1_029_squashed', remote-tracking branches 'teor/bug20591_029' and 'teor/bug20533_029' into maint-0.2.9 2016-11-07 09:20:13 -05:00
Nick Mathewson
858867a31a Allow infinitely long delays in exponential-backoff downloads
It's only safe to remove the failure limit (per 20536) if we are in
fact waiting a bit longer each time we try to download.

Fixes bug 20534; bugfix on 0.2.9.1-alpha.
2016-11-07 09:19:35 -05:00
Nick Mathewson
a415fee58a Merge branch 'maint-0.2.9' 2016-11-07 09:09:06 -05:00
Karsten Loesing
ea597832e2 Update geoip and geoip6 to the November 3 2016 database. 2016-11-07 15:05:19 +01:00
teor
e819d420c5
When downloading certificates, check for related failures
If a consensus expires while we are waiting for certificates to download,
stop waiting for certificates.

If we stop waiting for certificates less than a minute after we started
downloading them, do not consider the certificate download failure a
separate failure.

Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha.
2016-11-08 00:01:20 +11:00
teor
1bb28cecd9
Ensure relays don't make multiple connections during bootstrap
Relays do not deliberately launch multiple attempts, so the impact of this
bug should be minimal. This fix also defends against bugs like #20499.

Bugfix on 0.2.8.1-alpha.
2016-11-07 23:05:55 +11:00
Nick Mathewson
0bd55ed96a Always Use EVP_aes_*_ctr() with openssl 1.1
(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
2016-11-06 21:01:25 -05:00
Nick Mathewson
4e15c2cb7d Merge branch 'maint-0.2.9' 2016-11-06 20:32:21 -05:00
Nick Mathewson
f6a3d213e4 Finish a sentence in a comment. Close 20576. 2016-11-06 20:31:50 -05:00
Nick Mathewson
0b787b1daf Workaround for warning in desc_encode_v3().
Fixes bug 20581.
2016-11-06 20:27:14 -05:00
Nick Mathewson
61612f980d Merge branch 'maint-0.2.9' 2016-11-06 20:24:29 -05:00
Nick Mathewson
def41e93bd In test_tortls_classify_client_ciphers(), s/ECDH/ECDHE/
(We weren't actually using these ciphers; we were just requing that
ciphers of that name existed.)

Patch from rubiate.  Fixes 20460
2016-11-06 20:23:40 -05:00
Nick Mathewson
5385a023e1 Do not apply 'max_failures' to random-exponential schedules.
Fixes bug 20536; bugfix on 0.2.9.1-alpha.
2016-11-06 20:08:11 -05:00
Nick Mathewson
e9ce181955 Change a BUG warning to be a warning, not an info. 2016-11-06 20:01:24 -05:00
Nick Mathewson
1b22eae120 Fix get_delay() code to avoid TIME_MAX overflow, not INT_MAX.
Fixes bug 20587; bugfix on 35bbf2e4a4 in 0.2.8.1-alpha.
2016-11-06 19:50:08 -05:00
Nick Mathewson
0fed324c2c Would you believe me if I said there were more 32-bit and clang warnings? 2016-11-04 15:47:28 -04:00
Nick Mathewson
f45a581486 Fix some 32-bit warnings and clang warnings 2016-11-04 15:24:30 -04:00
David Goulet
c1bbc8405b prop224: Fix memleaks in hs descriptor unit test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 14:47:09 -04:00
Nick Mathewson
7a78a37f1d Fix memory leaks in test_hs_cache.c 2016-11-04 14:39:35 -04:00
Nick Mathewson
ed4aebcd97 Fix more unit test leaks. 2016-11-04 14:35:15 -04:00
David Goulet
791625750e prop224: Remove pointless unit test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 14:31:28 -04:00
Nick Mathewson
1a03edefba Fix a heap overrun in test_decode_plaintext 2016-11-04 14:28:19 -04:00
Nick Mathewson
d16b4b3e48 Fix memory leaks in hs_descriptor/decode_descriptor and in encode_enc_key() 2016-11-04 14:27:45 -04:00
Nick Mathewson
a4291eef5a Expose desc_intro_point_free to the tests, and use it.
Also fix another couple of leaks.
2016-11-04 14:22:04 -04:00
David Goulet
6ac85ca2b4 prop224: Fix crosscert memory leaks on error 2016-11-04 14:16:42 -04:00
Nick Mathewson
29ae8dcf96 Fix a bunch of leaks in hs_cache/upload_and_download_hs_desc 2016-11-04 14:13:30 -04:00
David Goulet
954fb99a48 Fix a use-after-free error. 2016-11-04 14:07:33 -04:00
Nick Mathewson
6847b9f6af Fix make check-spaces 2016-11-04 14:00:08 -04:00
Nick Mathewson
0e2df2b653 Tell a broken test to skip itself 2016-11-04 13:57:07 -04:00
David Goulet
b876e5128a prop224: fix unit test to actually initialize a connection object
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 13:53:20 -04:00
Nick Mathewson
09c750cce3 Check the correct key when checking RSA crosscert in hs_descriptor.c
Note that the "signed key" in the signing key certificate is the
signing key.  The "signing key" in the  signing key certificate is
the key that signs the certificate -- that is, the blinded key.
2016-11-04 13:49:05 -04:00
Nick Mathewson
dbd01590cc Fix an assertion failure in hs_cache_free_all().
It's possible for Tor to decide to exit before it's 100% done
initializing.  So, don't assert that the initialization is done.
2016-11-04 13:30:10 -04:00
Nick Mathewson
d88046a80d Fix compilation. 2016-11-04 13:26:56 -04:00
Nick Mathewson
c35c43d7d9 Merge branch 'ticket17238_029_02-resquash'
Conflicts:
	src/or/rendclient.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/test/test_dir.c
	src/trunnel/ed25519_cert.h
2016-11-04 13:26:37 -04:00
Nick Mathewson
c189cb5cc2 Use a better salted-MAC construction in build_mac() 2016-11-04 13:15:28 -04:00
David Goulet
1eed6edf36 prop224: Add a cache free all function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
3f29688bdf prop224: Use a const pointer for the cache lookup entry
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
1263f74a12 prop224: Rename cert type to follow naming convention
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
1517a8a2eb Add EnableOnionServicesV3 consensus parameter
This parameter controls if onion services version 3 (first version of prop224)
is enabled or not. If disabled, the tor daemon will not support the protocol
for all components such as relay, directory, service and client. If the
parameter is not found, it's enabled by default.

Closes #19899

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
d795ed5871 Make check-spaces happy :)
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
a8efd087bd test: Add prop224 directory fetch/upload unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
f59990f24d prop224: Directory support for v3 descriptor fetch
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
45a72356cb prop224: Directory support for v3 descriptor publishing
Closes #19205

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
1aeaba4906 test: Add prop224 directory cache unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
025610612d prop224: Directory cache support
This implements the proposal 224 directory descriptor cache store and lookup
functionalities. Furthermore, it merges the OOM call for the HSDir cache with
current protocol v2 and the new upcoming v3.

Add hs_cache.{c|h} with store/lookup API.

Closes #18572

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:31:35 -04:00
David Goulet
473f99bf7b test: Add prop224 descriptor unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:28 -04:00
David Goulet
cff1fd63f1 prop224: Descriptor decoding implementation
Closes #18571

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:28 -04:00
David Goulet
91b5d0789f prop224: Descriptor encoding implementation
Add hs_descriptor.{c|h} with the needed ABI to represent a descriptor and
needed component.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:27 -04:00
David Goulet
02ad553ccd prop224: Add new cert type for hidden service
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:27 -04:00
David Goulet
15f3563f1b trunnel: Uncomment link_specifier so we can use it
Also add a trunnel definition for link_specifier_list

Signed-off-by: John Brooks <special@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:27 -04:00
David Goulet
e8c12175fe Move token parsing code to parsecommon.{c|h}
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:26 -04:00
David Goulet
8293356ad9 hs: Refactor rend_data_t for multi version support
In order to implement proposal 224, we need the data structure rend_data_t to
be able to accomodate versionning that is the current version of hidden
service (2) and the new version (3) and future version.

For that, we implement a series of accessors and a downcast function to get
the v2 data structure. rend_data_t becomes a top level generic place holder.

The entire rend_data_t API has been moved to hs_common.{c|h} in order to
seperate code that is shared from between HS versions and unshared code (in
rendcommon.c).

Closes #19024

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:26 -04:00
Nick Mathewson
00bdd56b18 Only check cert expiry vs TIME_MAX when time_t is less than 64-bit
Fixes issue 20558 / CID 1375988.
2016-11-03 19:29:52 -04:00
Nick Mathewson
bd6aa4f3d1 Split a wide line 2016-11-03 19:12:18 -04:00
Nick Mathewson
e8624b72a8 Merge remote-tracking branch 'dgoulet/bug20526_030_01' 2016-11-03 19:09:42 -04:00
Nick Mathewson
80a5091e4f Merge remote-tracking branch 'mintytoast/bug_19563' 2016-11-03 18:40:41 -04:00
Nick Mathewson
59f4cae68c Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 18:36:43 -04:00
Nick Mathewson
61bdc452b0 Merge branch 'bug20551_028' into maint-0.2.8 2016-11-03 18:36:25 -04:00
Nick Mathewson
63c94954b1 Fix BUG message in channel/queue_impossible 2016-11-03 18:34:44 -04:00
overcaffeinated
dce4603d9b Use tor_htonll in test_util_format_unaligned_accessors
Remove the inline htonll, switch to tor_htonll for
test_util_format_unaligned_accessors.
2016-11-03 21:18:02 +00:00
overcaffeinated
c613446ca2 Refactor tests for tor_htonll and tor_ntohll
Following kind feedback from dgoulet: add tests for min (0) and
max (UINT64_MAX) values. Rename expected results to something more
sensible than 'n'.
2016-11-03 20:52:11 +00:00
Nick Mathewson
0533d14213 Replace some assert(1)s with nonfatal_unreached_once().
These were probably supposed to be assert(0).
2016-11-03 16:06:53 -04:00
Nick Mathewson
272572c3a2 Merge branch 'maint-0.2.9' 2016-11-03 15:45:16 -04:00
Nick Mathewson
3cd520a52d Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:44:46 -04:00
Nick Mathewson
7a45ef5a47 Merge remote-tracking branch 'arma/bug19969_028_squashed' into maint-0.2.8 2016-11-03 15:44:30 -04:00
Nick Mathewson
3bb49c0110 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:41:04 -04:00
overcaffeinated
c4603233db Add unit test for tor_htonll and tor_ntohll
Add tests for tor_htonll and tor_ntohll - fixes bug 19563.
2016-11-03 19:37:59 +00:00
Nick Mathewson
f0b86e30d0 Add assertion that cpath_layer==NULL on OR circ 2016-11-03 14:36:10 -04:00
Nick Mathewson
40487b0141 Merge remote-tracking branch 'dgoulet/bug20376_030_01' 2016-11-03 14:35:03 -04:00
Nick Mathewson
df2615d43d fix wide lines 2016-11-03 14:29:18 -04:00
Nick Mathewson
16e75587f6 Merge branch 'bug20527_030_01_squashed' 2016-11-03 14:23:47 -04:00
Ivan Markin
2f52faee03 hs: Escape service directories before printing them
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-03 14:23:37 -04:00
Nick Mathewson
409984c6ae Fix two warnings in test_link_handshake.c
One is fixed by disabling the -Wredundant-decls warnings around
openssl headers here, because of the old double-declaration of
SSL_get_selected_srtp_profile().

One is fixed by including compat.h before or.h so that we get the
winsock2.h include before the windows.h include.
2016-11-03 11:16:06 -04:00
Nick Mathewson
957bdc4a42 Merge branch 'bug20553_028' 2016-11-03 10:52:21 -04:00
Nick Mathewson
9b18b215bb Work around a behavior change in openssl's BUF_MEM code
In our code to write public keys to a string, for some unfathomable
reason since 253f0f160e, we would allocate a memory BIO, then
set the NOCLOSE flag on it, extract its memory buffer, and free it.
Then a little while later we'd free the memory buffer with
BUF_MEM_free().

As of openssl 1.1 this doesn't work any more, since there is now a
BIO_BUF_MEM structure that wraps the BUF_MEM structure.  This
BIO_BUF_MEM doesn't get freed in our code.

So, we had a memory leak!

Is this an openssl bug?  Maybe.  But our code was already pretty
silly.  Why mess around with the NOCLOSE flag here when we can just
keep the BIO object around until we don't need the buffer any more?

Fixes bug 20553; bugfix on 0.0.2pre8
2016-11-03 10:51:10 -04:00
Nick Mathewson
b7a1e793e6 Declare a LINKAUTH subprotocol version for #15055 (ed link handshake)
Closes ticket 20552.
2016-11-03 10:01:40 -04:00
Nick Mathewson
1eef543f9d Merge branch 'bug20551_028' 2016-11-03 09:37:44 -04:00
Nick Mathewson
464783a8dc Use explicit casts to avoid warnings when building with openssl 1.1
fixes bug 20551; bugfix on 0.2.1.1-alpha
2016-11-03 09:35:41 -04:00
Nick Mathewson
32854aef28 whitespace fixes 2016-11-03 08:55:54 -04:00
Nick Mathewson
d9ca4e20bd Merge branch 'feature_15055_v2' 2016-11-03 08:44:46 -04:00
Nick Mathewson
f156156d56 Audit use of tor_tls_cert_get_key().
This function is allowed to return NULL if the certified key isn't
RSA. But in a couple of places we were treating this as a bug or
internal error, and in one other place we weren't checking for it at
all!

Caught by Isis during code review for #15055.  The serious bug was
only on the 15055 branch, thank goodness.
2016-11-03 08:40:11 -04:00
Nick Mathewson
b978494ed9 Extract the common code in add_*_cert to a helper. 2016-11-03 08:40:11 -04:00
Isis Lovecruft
19abc2eae7 Mark some functions as needing documentation in src/or/routerkeys.c. 2016-11-03 08:40:10 -04:00
Isis Lovecruft
a53059c6a0 Document two additional functions in src/or/routerkeys.c.
Adds docstrings for generate_ed_link_cert() and should_make_new_ed_keys().
2016-11-03 08:40:10 -04:00
Nick Mathewson
70e7d28b3e Generate our x509 certificates using sha256, not sha1.
All supported Tors (0.2.4+) require versions of openssl that can
handle this.

Now that our link certificates are RSA2048, this might actually help
vs fingerprinting a little.
2016-11-03 08:40:10 -04:00
Nick Mathewson
805e97a433 Drop support for AUTHTYPE_RSA_SHA256_RFC5705 authentication.
This was a stopgap method, designed on the theory that some routers
might support it before they could support Ed25519.  But it looks
like everybody who supports RFC5705 will also have an Ed25519 key,
so there's not a lot of reason to have this even supported.
2016-11-03 08:40:10 -04:00
Nick Mathewson
5a2f70f86a Clean up comments, mark more branches as BUG. 2016-11-03 08:40:10 -04:00
Nick Mathewson
d4c57909f8 Test failing cases of ed25519 authentication. 2016-11-03 08:40:10 -04:00
Nick Mathewson
acbb60cd63 Move unittests' RSA pregen code into a new file, and improve.
This patch moves the pregenerated RSA key logic into a new
testing_rsakeys.c.

Also, it adds support for RSA2048, since the link handshake tests
want that.

Also, it includes pregenerated keys, rather than trying to actually
generate the keys at startup, since generating even a small handful
of RSA2048 keys makes for an annoying delay.
2016-11-03 08:40:10 -04:00
Nick Mathewson
af2459f09e Unit tests for cert-chain-processing, including failed cases
Check out the coverage!
2016-11-03 08:40:10 -04:00
Nick Mathewson
a90a111a5f Label a few conditions in link authentication code as bugs. 2016-11-03 08:40:09 -04:00
Nick Mathewson
672fe4bee4 Extend link handshake tests to handle successful Ed25519 handshakes.
Success cases only. Failure cases to come.
2016-11-03 08:40:09 -04:00
Nick Mathewson
99af260acc For testing: function to construct (but not save) Ed keys and certs 2016-11-03 08:40:09 -04:00
Nick Mathewson
67e66898d2 For testing: add a tor_x509_cert_dup(). 2016-11-03 08:39:31 -04:00
Nick Mathewson
88c2a6b936 Send and receive AUTHENTICATE cells correctly with ED keys.
Includes updated test for authchallenge cells
2016-11-03 08:39:31 -04:00
Nick Mathewson
e64bac6eb4 Increase TLS RSA link key length to 2048 bits
Oddly, nothing broke.

Closes ticket 13752.
2016-11-03 08:39:30 -04:00
Nick Mathewson
b4a5c77901 Verify ed25519 link handshake certificates
This code stores the ed certs as appropriate, and tries to check
them. The Ed25519 result is not yet used, and (because of its
behavior) this will break RSA authenticate cells.  That will get
fixed as we go, however.

This should implement 19157, but it needs tests, and it needs
to get wired in.
2016-11-03 08:39:28 -04:00
Nick Mathewson
99b3e54691 Add "Ed ID" arguments to a bunch of connection-ID-related fns.
In particular, these functions are the ones that set the identity of
a given connection or channel, and/or confirm that we have learned
said IDs.

There's a lot of stub code here: we don't actually need to use the
new keys till we start looking up connections/channels by Ed25519
IDs.  Still, we want to start passing the Ed25519 IDs in now, so it
makes sense to add these stubs as part of 15055.
2016-11-03 08:37:22 -04:00
Nick Mathewson
0704fa8a63 Handle u32 overflow in ed25519 cert expiration time.
The impact here isn't too bad. First, the only affected certs that
expire after 32-bit signed time overflows in Y2038. Second, it could
only make it seem that a non-expired cert is expired: it could never
make it seem that an expired cert was still live.

Fixes bug 20027; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:22 -04:00
Nick Mathewson
fae7060aea Fix a misfeature with the Ed cert expiration API
The batch-verification helper didn't expose the expiration time,
which made it pretty error-prone.

This closes ticket 15087.
2016-11-03 08:37:22 -04:00
Nick Mathewson
0b4221f98d Make the current time an argument to x509 cert-checking functions
This makes the code a bit cleaner by having more of the functions be
pure functions that don't depend on the current time.
2016-11-03 08:37:22 -04:00
Nick Mathewson
e3c8253721 Add function to check RSA->Ed cross-certifications
Also, adjust signing approach to more closely match the signing
scheme in the proposal.

(The format doesn't quite match the format in the proposal, since
RSA signatures aren't fixed-length.)

Closes 19020.
2016-11-03 08:37:22 -04:00
Nick Mathewson
348b90a915 Refactor RSA certificate checking into its own function. 2016-11-03 08:37:22 -04:00
Nick Mathewson
e94f1b4e0d Free rsa_ed_crosscert at exit.
Fixes bug 17779; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:21 -04:00
Nick Mathewson
e23389841c Migrate certificates into a sub-structure of or_handshake_state
This will help us do cert-checking in the background in the future,
perhaps.
2016-11-03 08:37:21 -04:00
Nick Mathewson
4ef42e7c52 Refactor ...compute_authenticate_cell_body() to return a var_cell_t.
This means we don't need to precompute the length.

Helps simplify the implementation of 19156.
2016-11-03 08:37:21 -04:00
Nick Mathewson
2bf6553949 Code to send correct authentication data when we are using AUTHTYPE>2
Implements the major part of 19156, except doesn't actually send the
new cell type yet.
2016-11-03 08:37:21 -04:00
Nick Mathewson
b004ff45d7 New authentication types to use RFC5705.
See proposal 244.  This feature lets us stop looking at the internals
of SSL objects, *and* should let us port better to more SSL libraries,
if they have RFC5705 support.

Preparatory for #19156
2016-11-03 08:37:20 -04:00
Nick Mathewson
fdd8f8df67 Send ed25519 certificates in certs cell, when we have them.
Implements 19155 (send CERTS cells correctly for Ed25519)

Also send RSA->Ed crosscert
2016-11-03 08:37:16 -04:00
Nick Mathewson
5205e95275 Refactor connection_or_send_certs_cell() to use trunnel
We no longer generate certs cells by pasting the certs together one
by one. Instead we use trunnel to generate them.

Preliminary work for 19155 (send CERTS cell with ed certs)
2016-11-03 08:35:40 -04:00
Nick Mathewson
986695fb74 When parsing certs cells, allow more certs types
Implements the parsing part of #19157
2016-11-03 08:35:36 -04:00
teor
8f465808a0
Check for getpagesize before using it to mmap files
This fixes compilation in some MinGW environments.

Fixes bug 20530; bugfix on commit bf72878 in tor-0.1.2.1-alpha.
Reported by "ice".
2016-11-03 08:44:57 +11:00
Ivan Markin
922bc45a56 hs: Added rend_service_is_ephemeral() and made related code use it
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-02 10:01:35 -04:00
teor
0ee9049e94
Use the latest options in rend_service_check_private_dir
Fixup on both:
* Refactor, adding a create argument... and
* Check every hidden service directory's permissions...
2016-11-02 14:55:14 +11:00
teor
1747f28861
Check every hidden service directory's permissions when configuring
Previously, we would only check the last hidden service directory.

Fixes #20529, bugfix on ticket 13942 commit 85bfad1 in 0.2.6.2-alpha.
2016-11-02 14:32:04 +11:00
teor
01fe039b78
Test single onion service configs where the directory does not exist
Runs a test for each combination of create/don't create directories.

Tests #20484.
2016-11-02 14:17:52 +11:00
teor
13fbbe9cce
Make sure passthrough_test_setup doesn't inadvertently fail or skip tests
passthrough_test_setup doesn't pass through arguments if the argument
is equal to 0 or TT_SKIP. Instead, it fails or skips the test.

Assert on this, so we don't accidentally fail or skip tests.
2016-11-02 14:16:14 +11:00
teor
77e1d660ee
Add get_fname_rnd for unit tests that want a unique path every time 2016-11-02 14:14:19 +11:00
teor
d7634dc519
Create get_fname_suffix, and refactor get_fname to use it 2016-11-02 14:13:34 +11:00
teor
2f48693663
Improve comments in check_private_dir and onion poisoning
Comment changes only
2016-11-02 14:11:26 +11:00
teor
a906ff88a3
fixup! Refactor, adding a create argument to rend_service_check_private_dir 2016-11-02 14:10:52 +11:00
teor
fedafe7c0e
Use check_private_dir in test_single_onion_poisoning
This avoids Win32 conditionals for mkdir.
2016-11-02 11:37:11 +11:00
teor
6c54181559
Remove redundant group permission code from rend_service_check_private_dir
check_private_dir already does this for existing directories.
2016-11-02 11:20:49 +11:00
teor
c9db775243
Refactor, adding a create argument to rend_service_check_private_dir
It used to be rend_service_check_and_create_private_dir, which always
created the directory.

No behaviour change.
2016-11-02 11:20:19 +11:00
Nick Mathewson
b2f82d45b7 Always call connection_ap_attach_pending() once a second.
Fixes bug 19969; bugfix on b1d56fc58.  We can fix this some more in
later Tors, but for now, this is probably the simplest fix possible.

This is a belt-and-suspenders fix, where the earlier fix ("Ask
event_base_loop to finish when we add a pending stream") aims to respond
to new streams as soon as they arrive, and this one aims to make sure
that we definitely respond to all of the streams.
2016-11-01 20:09:44 -04:00
Roger Dingledine
d89804a69d Ask event_base_loop to finish when we add a pending stream
Fixes bug 19969; bugfix on b1d56fc58. We can fix this some more in
later Tors, but for now, this is probably the right fix for us.
2016-11-01 19:52:55 -04:00
Roger Dingledine
28b755e660 refactor out the tor_event_base_loopexit() call
no actual changes
2016-11-01 19:52:54 -04:00
Nick Mathewson
25f53955f6 Merge branch 'maint-0.2.9' 2016-11-01 13:32:29 -04:00
Nick Mathewson
ff3e08f2af Attempt to fix unit tests on netbsd 2016-11-01 13:32:21 -04:00
Nick Mathewson
cb35a7c271 Merge branch 'maint-0.2.9' 2016-11-01 13:05:45 -04:00
Nick Mathewson
733b245283 Merge remote-tracking branch 'teor/bug20472-029-v2' into maint-0.2.9 2016-11-01 13:05:33 -04:00
Nick Mathewson
68a27dad43 Merge branch 'maint-0.2.9' 2016-10-31 16:33:12 -04:00
Nick Mathewson
e712b5d784 Merge branch 'bug19968_029' into maint-0.2.9 2016-10-31 16:33:03 -04:00
Nick Mathewson
1d76d38903 Re-run trunnel. 2016-10-31 16:25:34 -04:00
David Goulet
0fa671843e prop224: Add INTRODUCE1 and INTRODUCE_ACK trunnel definition
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-31 16:24:30 -04:00
David Goulet
f22eb2730c prop224: Add ESTABLISH_INTRO and INTRO_ESTABLISHED trunnel definition
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-31 16:03:28 -04:00
Nick Mathewson
59a78187cd Merge branch 'maint-0.2.9' 2016-10-31 15:20:45 -04:00
Nick Mathewson
24b7b922ae Actually free the worker_state_t object when we do an update with it
Previously we freed the old "keys" object, but leaked the
worker_state_t that we had taken it from.

Fixes bug 20401; bugfix on 0.2.6.3-alpha.
2016-10-31 15:20:25 -04:00
Nick Mathewson
d73c671d6d policy_is_reject_star():
ome policies are default-reject, some default-accept.  But
policy_is_reject_star() assumed they were all default_reject.  Fix
that!

Also, document that policy_is_reject_star() treats a NULL policy as
empty. This allows us to simplify the checks in
parse_reachable_addresses() by quite a bit.

Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-31 15:05:56 -04:00
Nick Mathewson
8841a9e396 Create single-onion-service directory before poisoning it, if needed
(Also, refactor the code to create a hidden service directory into a
separate funcion, so we don't have to duplicate it.)

Fixes bug 20484; bugfix on 0.2.9.3-alpha.
2016-10-31 14:54:20 -04:00
Nick Mathewson
becc957839 Actually clamp the number of detected CPUs to 16.
Previously we said we did, but didn't.

Fixes #19968; bugfix on 0.2.3.1-alpha.
2016-10-31 14:19:39 -04:00
teor
3158777d35
Rename routerstatus_version_supports_ntor to *_supports_extend2_cells
This helps avoid the confusion that caused bug 20472.
Bugfix on commit 10aa913 from #19163 in tor-0.2.9.3-alpha.
2016-10-31 17:02:21 +11:00
teor
d81f2b5d81
Refactor circuit_pick_create_handshake
Make the structure of circuit_pick_create_handshake consistent with
circuit_pick_extend_handshake.

No behaviour change.
2016-10-31 17:01:33 +11:00
teor
26d7a07ad7
In circuit_pick_extend_handshake, assume all hops support EXTEND2 and ntor
This simplifies the function: if we have an ntor key, use ntor/EXTEND2,
otherwise, use TAP/EXTEND.

Bugfix on commit 10aa913 from 19163 in 0.2.9.3-alpha.
2016-10-31 17:01:04 +11:00
Nick Mathewson
cac495f0ff Merge branch 'bug20494' 2016-10-28 22:55:08 -04:00
Nick Mathewson
ada75d5567 Fix bad warning when checking IP policies.
I had replaced a comment implying that a set of ifs was meant to be
exhaustive with an actual check for exhaustiveness.  It turns out,
they were exhaustive, but not in the way I had assumed. :(

Bug introduced in f3e158edf7, not in any released Tor.
2016-10-28 15:33:12 -04:00
Matt Traudt
183fbc4137 Hopefully fix int64 comparisons in test_dir_networkstatus_compute_bw_weights_v10 2016-10-28 11:37:28 -04:00
Nick Mathewson
f3e158edf7 Comment the heck out of the stream/circuit attaching process. 2016-10-27 12:04:43 -04:00
David Goulet
70b9e79700 Slightly refactor and fix couple callsites
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-27 10:34:02 -04:00
Nick Mathewson
dc79504e2a Document main.c a lot better 2016-10-27 10:25:26 -04:00
Ivan Markin
23b878b875 Do assert when calling relay_send_command_from_edge() on OR-side circs 2016-10-27 10:19:06 -04:00
Ivan Markin
2d04946960 Do not mark circs for close again after relay_send_command_from_edge() 2016-10-27 10:19:04 -04:00
Nick Mathewson
172b124006 Resolve memory leaks in test_dir_networkstatus_compute_bw_weights_v10 2016-10-27 09:41:19 -04:00
overcaffeinated
e2577cce0c Convert remaining files to smartlist_add_strdup
The coccinelle script produced errors with these test files so
convert the remaining cases of smartlist_add to
smartlist_add_strdup by hand.
2016-10-27 11:15:57 +01:00
overcaffeinated
265d5446fa Automated change to use smartlist_add_strdup
Use the following coccinelle script to change uses of
smartlist_add(sl, tor_strdup(str)) to
smartlist_add_strdup(sl, string) (coccinelle script from nickm
via bug 20048):

@@
expression a;
expression b;
@@
- smartlist_add
+ smartlist_add_strdup
   (a,
- tor_strdup(
   b
- )
  )
2016-10-27 10:26:06 +01:00
overcaffeinated
b8b8b6b70e Add implementation of smartlist_add_strdup
Add smartlist_add_strdup(sl, string) - replaces the use of
smartlist_add(sl, tor_strdup(string)). Fixes bug 20048.
2016-10-27 10:12:28 +01:00
Nick Mathewson
77d14b5f56 Small refactoring: explain G,M,E,D,T initialization 2016-10-26 16:39:59 -04:00
Matt Traudt
6629c5c3fe Add historic bwweight tests, comments, line len fixes 2016-10-26 16:37:16 -04:00
Matt Traudt
7ba0ae9426 Add consensus weight calculation tests 2016-10-26 16:37:16 -04:00
Matt Traudt
909ee0e55f Fix default bw weights with new consensus method
See #14881
2016-10-26 16:33:54 -04:00
Nick Mathewson
39375db3dc Merge remote-tracking branch 'pastly/ticket20459' 2016-10-26 16:22:06 -04:00
Nick Mathewson
5a1779b7ff Merge branch 'maint-0.2.9' 2016-10-26 14:17:21 -04:00
Nick Mathewson
d288704023 Avoid tor_fragile_assert() failure with DNSPort on RESOLVED_TYPE_ERROR
The tor_fragile_assert() bug has existed here since c8a5e2d588
in tor-0.2.1.7-alpha forever, but tor_fragile_assert() was mostly a
no-op until 0.2.9.1-alpha.

Fixes bug 19869.
2016-10-26 14:16:40 -04:00
Nick Mathewson
8a38d053a0 Continue the module documentation effort with circuitbuild and circuituse 2016-10-26 13:30:23 -04:00
Nick Mathewson
9c8dbcd0d6 More module documentation (circpathbias, circuitlist) 2016-10-26 12:38:50 -04:00
Nick Mathewson
206a9726b1 Regenerate trunnel code with trunnel 1.5 2016-10-26 11:06:45 -04:00
Nick Mathewson
a5f07a6c2a More module-level documentation. 2016-10-26 11:02:57 -04:00
Nick Mathewson
04b8af9dc0 Whitespace fixes 2016-10-26 08:39:04 -04:00
Nick Mathewson
8cc528c750 Allow asking a bridge's own descriptor over one-hop connection
When we refactored purpose_needs_anonymity(), we made it so _all_
bridge requests required anonymity.  But that missed the case
that we are allowed to ask a bridge for its own descriptor.

With this patch, we consider the resource, and allow "authority.z"
("your own descriptor, compressed") for a bridge's server descriptor
to be non-anonymous.

Fix for bug 20410; bug not in any released Tor.
2016-10-26 08:32:48 -04:00
Matt Traudt
c09993fdf6 Fix ewma_cmp_cmux never considering policies different 2016-10-25 10:07:05 -04:00
Nick Mathewson
01482e30ad Merge remote-tracking branch 'pastly/ticket20273' 2016-10-24 12:47:29 -04:00
Nick Mathewson
961c8f4838 Module-document dnsserv.c, policies.c, routerkeys.c 2016-10-24 11:47:40 -04:00
Nick Mathewson
e3592cd8b5 html error in doxygen comment in rendservice.c 2016-10-24 10:31:16 -04:00
Nick Mathewson
3a232ef64a Module documentation for config.c and confparse.c 2016-10-24 10:16:46 -04:00
Nick Mathewson
5382b174c5 Module documentation (and an important caveat) for dirvote.c 2016-10-24 09:21:54 -04:00
Nick Mathewson
d1bcba19a9 Turn scheduler.c documentation into doxygen. 2016-10-20 11:02:04 -04:00
Ivan Markin
e77033e9ee Say 'Invalid argument' instead of unclear 'Unrecognized' 2016-10-19 18:06:04 -04:00
Nick Mathewson
c87d9b13a4 BUG in purpose_needs_anonymity if switch not matched.
I believe that this should never trigger, but if it does, it
suggests that there was a gap between is_sensitive_dir_purpose and
purpose_needs_anonymity that we need to fill.  Related to 20077.
2016-10-19 18:04:47 -04:00
Nick Mathewson
df387b94e8 Merge remote-tracking branch 'chelseakomlo/master' 2016-10-19 17:17:12 -04:00
Nick Mathewson
9f6bb29b05 Compilation fix. (function pointer implicit cast in tests.) 2016-10-19 17:15:42 -04:00
Nick Mathewson
12cf73c451 Merge remote-tracking branch 'andrea/ticket19858_v2'
Conflict in entrynodes.c: any_bridge_supports_microdescriptors was
removed in master, and modified in 19858_v2
2016-10-19 17:11:47 -04:00
Nick Mathewson
ec4142abdf Unify code in channel_write_*cell()
Patch from pingl; patch for 13827.
2016-10-19 17:07:23 -04:00
Nick Mathewson
87e4b9259a Merge remote-tracking branch 'arma/bug6769' 2016-10-19 17:04:44 -04:00
Nick Mathewson
e12560db76 Bump version on master to 0.3.0.0-alpha-dev. 2016-10-19 17:03:22 -04:00
Chelsea H. Komlo
471b0c5175
Refactor purpose_needs_anonymity to use switch statement 2016-10-19 12:25:50 -05:00
Chelsea H. Komlo
195ccce94e
Refactor to use purpose_needs_anonymity and remove is_sensitive_dir_purpose 2016-10-18 18:40:50 -05:00
Nick Mathewson
54fda6b98a Module-level docs for ext_orport and router.c 2016-10-18 19:32:49 -04:00
Nick Mathewson
4396540129 Turn replaycache.c module doc into doxygen 2016-10-18 12:31:50 -04:00
Nick Mathewson
d1b45786b1 Document connection_or.c and connection.c at module level 2016-10-18 12:25:55 -04:00
Nick Mathewson
84829e336c Module documentation for circuitmux_ewma.c 2016-10-18 11:28:40 -04:00
Nick Mathewson
56933787d5 Turn circuitmux.c comments into module docs. 2016-10-18 11:17:34 -04:00
Nick Mathewson
35df48b189 Module docs for channel.c and channeltls.c 2016-10-18 10:53:12 -04:00
Nick Mathewson
b0f1241a1d Bump to 0.2.8.9-dev 2016-10-17 16:32:11 -04:00
Nick Mathewson
702c1dcf7b Bump master to 0.2.9.4-alpha-dev 2016-10-17 16:31:40 -04:00
Nick Mathewson
0fa3811c78 bump to 0.2.8.9 2016-10-17 14:57:26 -04:00
Nick Mathewson
66ecdcdd75 Update the buffer sentinel fix to work with our #20081 fix. 2016-10-17 14:52:44 -04:00
Nick Mathewson
1a74881063 Merge branch 'maint-0.2.8' 2016-10-17 14:51:45 -04:00
Nick Mathewson
1df114330e Merge branch 'buf_sentinel_026_v2' into maint-0.2.8 2016-10-17 14:51:06 -04:00
Nick Mathewson
3cea86eb2f Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.

It also closes TROVE-2016-10-001 (aka bug 20384).
2016-10-17 14:49:54 -04:00
Nick Mathewson
edcad379cf Bump version to 0.2.9.4-alpha. 2016-10-17 14:05:42 -04:00
Nick Mathewson
f3174428e2 Fix a syntax problem 2016-10-17 10:25:13 -04:00
Nick Mathewson
fd9a1045d8 Merge branch 'module_docs_1' 2016-10-17 10:17:32 -04:00
Nick Mathewson
aae034d13e Write a bunch of module documentation.
This commit adds or improves the module-level documenation for:

  buffers.c circuitstats.c command.c connection_edge.c control.c
  cpuworker.c crypto_curve25519.c crypto_curve25519.h
  crypto_ed25519.c crypto_format.c dircollate.c dirserv.c dns.c
  dns_structs.h fp_pair.c geoip.c hibernate.c keypin.c ntmain.c
  onion.c onion_fast.c onion_ntor.c onion_tap.c periodic.c
  protover.c protover.h reasons.c rephist.c replaycache.c
  routerlist.c routerparse.c routerset.c statefile.c status.c
  tor_main.c workqueue.c

In particular, I've tried to explain (for each documented module)
what each module does, what's in it, what the big idea is, why it
belongs in Tor, and who calls it.  In a few cases, I've added TODO
notes about refactoring opportunities.

I've also renamed an argument, and fixed a few DOCDOC comments.
2016-10-17 10:16:59 -04:00
Nick Mathewson
df84536ac1 Add a logic-consistency test when parsing unix socket configs
Coverity couldn't tell that 'addrport' was always non-NULL at this
point in the function, so I'm adding an explicit check. This closes
CID 1374060.
2016-10-17 08:27:10 -04:00
Nick Mathewson
55c468c521 Whitespace cleaning 2016-10-14 10:40:31 -04:00
Nick Mathewson
ac707ae70a Merge branch 'bug20176_v2' 2016-10-14 10:23:24 -04:00
Nick Mathewson
af70e43131 Merge remote-tracking branch 'public/spaces_in_unix_addrs' 2016-10-14 10:21:41 -04:00
Nick Mathewson
9615ad338f Make the FreeBSD ersatz_socketpair test even more skippable.
(This is safe, since only windows actually -uses- erstaz_socketpair.)
2016-10-14 09:14:07 -04:00
Nick Mathewson
d2ab58c48d Merge branch 'bug18357_v2' 2016-10-14 09:10:34 -04:00
Nick Mathewson
87865c8aca Extract ExitPolicy-and-IPv6Exit check into a new function
(I've done this instead of changing the semantics of
router_compare_to_my_exit_policy, because dns.c uses
router_compare_to_my_exit_policy too, in a slightly weird way.)
2016-10-14 09:08:52 -04:00
Andrea Shepard
1c6f8841f4 Refactor to always allocate chosen_entry_guards in new guard_selection_new() function 2016-10-14 00:15:30 +00:00
Andrea Shepard
3b8a40f262 Use tor_memeq() instead of tor_memcmp() per code review 2016-10-13 23:48:49 +00:00
Andrea Shepard
fca605e763 Adjust comment per code review 2016-10-13 23:47:08 +00:00
Nick Mathewson
07f2e5748e ersatz socketpair tests: work around freebsd jails. 2016-10-13 09:47:28 -04:00
Nick Mathewson
49d7feb8a0 Tweak patch for 18529.
- function doesn't need to be inline.

- rename function

- Make documentation more pedantically correct

- Remove needless "? 1 : 0."
2016-10-13 09:19:51 -04:00
Nick Mathewson
1fc3e29108 Remove duplicate code that checks for default authorities
Patch from ericho.

Fixes 18529. Simple refactoring.
2016-10-13 09:19:37 -04:00
Nick Mathewson
0e1b228aa6 Fix a bug in displaying IPv6 addrs in test_op_ipv6_ with --verbose
The test code, if it failed, or if it was run in verbose mode, would
use the wrong variable for its loop.  Patch from rubiate uploaded to
19999.
2016-10-11 20:09:24 -04:00
Nick Mathewson
2e7e635c59 Switch from "AF_UNIX is always equal" to "always unequal" to avoid wacky bugs. See discussion on 20261 2016-10-11 11:11:21 -04:00
Nick Mathewson
d25fed5174 Merge remote-tracking branch 'yawning-schwanenlied/bug20261' 2016-10-11 11:08:20 -04:00
Nick Mathewson
5a9696fad8 Fix a new compilation warning with broken-mulodi i386 clang builds. :( 2016-10-11 10:29:43 -04:00
Nick Mathewson
7026b607a0 Fix spurious compiler warning in do_getpass().
Some compilers apparently noticed that p2len was allowed to be equal
to msg, and so maybe we would be doing memset(prompt2, ' ', 0), and
decided that we probably meant to do memset(prompt2, 0, 0x20);
instead.

Stupid compilers, doing optimization before this kind of warning!

My fix is to just fill the entire prompt2 buffer with spaces,
because it's harmless.

Bugfix on e59f0d4cb9, not in any released Tor.
2016-10-11 09:34:08 -04:00
paolo.ingls@gmail.com
ab78a4df93 torrc parsing b0rks on carriage-return
(Specifically, carriage return after a quoted value in a config
line. Fixes bug 19167; bugfix on 0.2.0.16-alpha when we introduced
support for quoted values. Unit tests, changes file, and this
parenthetical by nickm.)
2016-10-11 09:25:22 -04:00
Nick Mathewson
3328658728 Merge remote-tracking branch 'asn/bug19223' 2016-10-11 08:48:39 -04:00
Yawning Angel
7b2c856785 Bug 20261: Treat AF_UNIX addresses as equal when comparing them.
This is a kludge to deal with the fact that `tor_addr_t` doesn't contain
`sun_path`.  This currently ONLY happens when circuit isolation is being
checked, for an isolation mode that is force disabled anyway, so the
kludge is "ugly but adequate", but realistically, making `tor_addr_t`
and the AF_UNIX SocksPort code do the right thing is probably the better
option.
2016-10-10 20:57:45 +00:00
George Kadianakis
e59f0d4cb9 Fix non-triggerable heap corruption at do_getpass(). 2016-10-10 12:03:39 -04:00
Nick Mathewson
850ec1e282 Stop implying that we support openssl 1.0.0; we don't.
Closes ticket 20303.

The LIBRESSL_VERSION_NUMBER check is needed because if our openssl
is really libressl, it will have an openssl version number we can't
really believe.
2016-10-06 12:58:49 -04:00
Nick Mathewson
80e2896d52 comment tweak. Fixes 20271. patch from pastly. 2016-10-06 12:04:04 -04:00
Nick Mathewson
7410adb330 Merge branch 'maint-0.2.8' 2016-10-06 09:59:49 -04:00
Nick Mathewson
ab98c4387e Merge branch 'maint-0.2.7' into maint-0.2.8 2016-10-06 09:59:42 -04:00
Nick Mathewson
ec718aa839 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-10-06 09:59:18 -04:00
Nick Mathewson
12a7298376 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-10-06 09:59:03 -04:00
Nick Mathewson
304d8f3bbb Merge branch 'maint-0.2.4' into maint-0.2.5 2016-10-06 09:58:54 -04:00
Muhammad Falak R Wani
fdc0a660b4 dircollate: Use correct tor_calloc args.
Flip the tor_calloc arguments in the call.

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2016-10-05 13:06:27 -04:00
Nick Mathewson
785176e975 Clean up and fix exit policy check in connection_exit_connect().
Previously, we would reject even rendezvous connections to IPv6
addresses when IPv6Exit was false.  But that doesn't make sense; we
don't count that as "exit"ing.  I've corrected the logic and tried
to make it a lottle more clear.

Fixes bug 18357; this code has been wrong since 9016d9e829 in
0.2.4.7-alpha.
2016-10-05 12:44:53 -04:00
Karsten Loesing
1b4984f196 Update geoip and geoip6 to the October 6 2016 database. 2016-10-05 16:35:14 +02:00
Nick Mathewson
05aed5b635 Allow a unix: address to contain a C-style quoted string.
Feature 18753 -- all this to allow spaces.
2016-10-04 15:43:20 -04:00
Matt Traudt
5503eec3aa Change some dirvote.c comments to reflect reality 2016-10-03 20:43:50 -04:00
Nick Mathewson
4bbdebff3f Merge remote-tracking branch 'arma/bug20277' 2016-10-03 14:05:26 -04:00
cypherpunks
3b2f012e28 Avoid reordering IPv6 interface addresses
When deleting unsuitable addresses in get_interface_address6_list(), to
avoid reordering IPv6 interface addresses and keep the order returned by
the OS, use SMARTLIST_DEL_CURRENT_KEEPORDER() instead of
SMARTLIST_DEL_CURRENT().

This issue was reported by René Mayrhofer.

[Closes ticket 20163; changes file written by teor. This paragraph
added by nickm]
2016-10-03 13:50:27 -04:00
Paolo Inglese
ae4077916c Fix parse_virtual_addr_network minimum network size 2016-10-03 12:18:51 +01:00
Roger Dingledine
14a6047210 remove whitespace accidentally added in 4f1a04ff 2016-10-02 19:34:23 -04:00
Roger Dingledine
9228db5f1b remove confusing comment about conditional consensus download
We removed that feature in 0.2.4.2-alpha, but some comments seem to
have lingered.

I didn't add a changes/ file since this is just internal code cleanup.
2016-10-02 19:13:35 -04:00
Roger Dingledine
f0fb55ad30 simplify we_use_microdescriptors_for_circuits() 2016-10-02 02:22:03 -04:00
Roger Dingledine
782b6ec288 Bridges and relays now use microdescriptors
(like clients do) rather than old-style router descriptors. Now bridges
will blend in with clients in terms of the circuits they build.

Fixes bug 6769; bugfix on 0.2.3.2-alpha.
2016-10-02 01:12:27 -04:00
Roger Dingledine
bfaded9143 Bridge-using clients now use their cached microdesc consensus
Clients that use bridges were ignoring their cached microdesc-flavor
consensus files, because they only thought they should use the microdesc
flavor once they had a known-working bridge that could offer microdescs,
and at first boot no bridges are known-working.

This bug caused bridge-using clients to download a new microdesc consensus
on each startup.

Fixes bug 20269; bugfix on 0.2.3.12-alpha.
2016-10-01 16:34:17 -04:00
Yawning Angel
847e001d28 Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.
The client addr is essentially meaningless in this context (yes, it is
possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
but no one does it, and there are better ways to grant that sort of
feature if people want it like using `SO_PASSCRED`).
2016-09-30 18:43:31 +00:00
Nick Mathewson
53255e925c Fix memory leak from prop264 branch. CID 1373401 2016-09-28 08:21:33 -07:00
Nick Mathewson
153ff4f559 fix a warning in protover. 2016-09-26 11:03:31 -07:00
Nick Mathewson
ed5d2daba1 Merge remote-tracking branch 'public/ticket20001_v2' 2016-09-26 11:01:10 -07:00
Nick Mathewson
97337844b7 Merge branch 'protover_v2_squashed' 2016-09-26 11:00:08 -07:00
Nick Mathewson
501fc3bbc6 protovers: during voting, assert that we are not voting to shut down.
As a failsafe, we should make sure that no authority ever votes for
a set of protocol versions that it does not itself support.
2016-09-26 10:56:54 -07:00
Nick Mathewson
1ab641a70e Remove version_known, and subtly change the meaning of protocols_known 2016-09-26 10:56:53 -07:00
Nick Mathewson
f3382bd722 Rename "proto " to "pr " in consensuses 2016-09-26 10:56:53 -07:00
Nick Mathewson
4cbfee14d4 Update prop264 implementation to split HSMid->HS{Intro,Rend} 2016-09-26 10:56:53 -07:00
Nick Mathewson
0a3da5ce79 prop264: sometimes check client _and_ server versions.
As before, we check server protocols whenever server_mode(options)
is true and we check client protocols whenever server_mode(options)
is false.

Additionally, we now _also_ check client protocols whenever any
client port is set.
2016-09-26 10:56:53 -07:00
Nick Mathewson
afe0419db7 Rename get_supported_protocols to protover_get_supported_protocols 2016-09-26 10:56:53 -07:00
Nick Mathewson
3a3120819c Rename compute_protover_vote to protover_compute_vote 2016-09-26 10:56:53 -07:00
Nick Mathewson
4f57d5871e Update authority votes to match updated proposal. 2016-09-26 10:56:52 -07:00
Nick Mathewson
e402cddefe Clean whitespace, add missing documentation 2016-09-26 10:56:52 -07:00
Nick Mathewson
1e29c68ba9 Remove DoS vector in protover.c voting code 2016-09-26 10:56:51 -07:00
Nick Mathewson
e525f5697f Use protocols to see when EXTEND2 support exists.
(Technically, we could just remove extend2 cell checking entirely,
since all Tor versions on our network are required to have it, but
let's keep this around as an example of How To Do It.)
2016-09-26 10:56:51 -07:00
Nick Mathewson
90a6fe318c Vote on 'proto' lines and include them after 'v' lines.
(Despite the increased size of the consensus, this should have
approximately zero effect on the compressed consensus size, since
the "proto" line should be completely implied by the "v" line.)
2016-09-26 10:56:51 -07:00
Nick Mathewson
f33b90324a Include protocol versions in votes. 2016-09-26 10:56:51 -07:00
Nick Mathewson
d97a385535 Workaround a test bug 2016-09-26 10:56:51 -07:00
Nick Mathewson
a3e82563df Implement voting on the protocol-version options 2016-09-26 10:56:51 -07:00
Nick Mathewson
84f913024d Include protocol version lines in votes. 2016-09-26 10:56:50 -07:00
Nick Mathewson
07a9b79520 Remove a little duplicated code before it becomes a lot 2016-09-26 10:56:50 -07:00
Nick Mathewson
c6a2204e23 Add code to infer protocol versions for old Tor versions. 2016-09-26 10:56:50 -07:00
Nick Mathewson
a232161f7b Cover the error cases of parsing protocol versions
Also, detect an additional failure type. Thanks, tests!

(How distinctly I recall thee)
2016-09-26 10:56:50 -07:00
Nick Mathewson
0697e413ef Unit tests for protover_all_supported 2016-09-26 10:56:49 -07:00
Nick Mathewson
c1be8f9d57 Basic backend for the protocol-versions voting algorithm.
[This is a brute-force method that potentially uses way too much
RAM. Need to rethink this a little. Right now you can DOS an
authority by saying "Foo=1-4294967295".]
2016-09-26 10:56:49 -07:00
Nick Mathewson
7f718c46f3 Actually check for missing protocols and exit as appropriate. 2016-09-26 10:56:49 -07:00
Nick Mathewson
cca1e0acff Add necessary code to parse and handle required/recommended protocols 2016-09-26 10:56:49 -07:00
Nick Mathewson
4df12239f6 Emit and parse protocol lists in router descriptors 2016-09-26 10:56:49 -07:00
Nick Mathewson
b2b2e1c7f2 checkpoint basic protover backend 2016-09-26 10:56:48 -07:00
Andrea Shepard
006c26f54f Abolish globals in entrynodes.c; relativize guard context to new guard_selection_t structure 2016-09-25 02:11:44 +00:00
Nick Mathewson
a633baf632 Merge branch 'osx_sierra_028' 2016-09-24 13:33:09 -07:00
Nick Mathewson
951638a06d Fix pthread_cond_timedwait() on OSX Sierra
Sierra provides clock_gettime(), but not pthread_condattr_setclock.
So we had better lot try to use CLOCK_MONOTONIC as our source for
time when waiting, since we ccan never actually tell the condition
that we mean CLOCK_MONOTONIC.

This isn't a tor bug yet, since we never actually pass a timeout to
tor_cond_wait() outside of the unit tests.
2016-09-24 09:12:00 -07:00
Nick Mathewson
1eba088054 Fix compilation on OSX Sierra (10.12) 2016-09-24 08:48:47 -07:00
Nick Mathewson
9965059fbe Bump to 0.2.9.3-alpha-dev 2016-09-23 15:58:29 -04:00
Nick Mathewson
ec19ecce4b Bump to 0.2.8.8-dev. 2016-09-23 15:58:06 -04:00
Nick Mathewson
6a01164538 Merge branch 'maint-0.2.8' 2016-09-23 09:30:56 -04:00
Nick Mathewson
db6153e70c Merge remote-tracking branch 'teor/broken-028-fallbacks' into maint-0.2.8 2016-09-23 09:29:55 -04:00
teor
30275b048f
Remove another fallback whose operator opted-out 2016-09-22 16:38:04 -07:00
Nick Mathewson
33f81b8712 bump master to 0.2.9.3-alpha 2016-09-22 16:11:50 -04:00
Nick Mathewson
ad1824f91d Update versions to 0.2.8.8 2016-09-22 15:37:06 -04:00
Nick Mathewson
077f6a4888 Merge branch 'maint-0.2.8' 2016-09-22 15:20:31 -04:00
Nick Mathewson
6e96eababe Merge branch 'bug20203_027_squashed' into maint-0.2.8 2016-09-22 15:17:00 -04:00
Nick Mathewson
e4aaf76660 When clearing cells from a circuit for OOM reasons, tell cmux we did so.
Not telling the cmux would sometimes cause an assertion failure in
relay.c when we tried to get an active circuit and found an "active"
circuit with no cells.

Additionally, replace that assert with a test and a log message.

Fix for bug 20203. This is actually probably a bugfix on
0.2.8.1-alpha, specifically my code in 8b4e5b7ee9 where I
made circuit_mark_for_close_() do less in order to simplify our call
graph. Thanks to "cypherpunks" for help diagnosing.
2016-09-22 15:16:07 -04:00
Nick Mathewson
0baa276ea9 Coverity warning fix: let coverity tell we're closing sockets
Our use of the (mockable) tor_close_socket() in the util/socket_..
tests confused coverity, which could no longer tell that we were
actually closing the sockets.
2016-09-22 09:24:56 -04:00
Nick Mathewson
4c69ba5895 Fix conflicting types errors for aes.c. 2016-09-22 08:52:42 -04:00
Nick Mathewson
cff1274b06 Simplify a few functions that dont need to call get_latest_consensus() so much 2016-09-21 15:20:27 -04:00
Nick Mathewson
266d7733f8 fix wide lines 2016-09-21 15:15:17 -04:00
Nick Mathewson
2196c7ad64 Remove current_consensus macro.
It's a macro that calls down to a function whose behavior has been
getting progresively more complicated.... but we named it as if it
were a variable.  That's not so smart.  So, replace it with a
function call to a function that was just doing "return
current_consensus".

Fixes bug 20176.
2016-09-21 15:13:19 -04:00
Nick Mathewson
f6d7b71719 Merge remote-tracking branch 'isis/bug20201' 2016-09-21 12:20:33 -04:00
Isis Lovecruft
f1d7b7b600
Update documentation for parse_bridge_line() in src/or/config.c.
* FIXES #20201: https://bugs.torproject.org/20201
2016-09-21 13:26:34 +00:00
Nick Mathewson
62ee4f185f Merge branch 'maint-0.2.8' 2016-09-20 19:30:45 -04:00
Nick Mathewson
9ebe202da0 Merge remote-tracking branch 'public/bug20103_028_v3' into maint-0.2.8 2016-09-20 19:30:24 -04:00
Nick Mathewson
06d99aa2c4 Merge branch 'maint-0.2.8' 2016-09-20 19:29:17 -04:00
teor
19a9872be2
fixup! Update hard-coded fallback list based on pre-0.2.9 checks 2016-09-21 09:13:04 +10:00
David Goulet
32926b008b dns: Always enable DNS request for our DNSPort
Commit 41cc1f612b introduced a "dns_request"
configuration value which wasn't set to 1 for an entry connection on the
DNSPort leading to a refusal to resolve the given hostname.

This commit set the dns_request flag by default for every entry connection
made to the DNSPort.

Fixes #20109

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-09-20 15:05:31 -04:00
Nick Mathewson
9b5a19c64b Don't look at any routerstatus_t when the networkstatus is inconsistent
For a brief moment in networkstatus_set_current_consensus(), the old
consensus has been freed, but the node_t objects still have dead
pointers to the routerstatus_t objects within it.  During that
interval, we absolutely must not do anything that would cause Tor to
look at those dangling pointers.

Unfortunately, calling the (badly labeled!) current_consensus macro
or anything else that calls into we_use_microdescriptors_for_circuits(),
can make us look at the nodelist.

The fix is to make sure we identify the main consensus flavor
_outside_ the danger zone, and to make the danger zone much much
smaller.

Fixes bug 20103.  This bug has been implicitly present for AGES; we
just got lucky for a very long time.  It became a crash bug in
0.2.8.2-alpha when we merged 35bbf2e4a4 to make
find_dl_schedule start looking at the consensus, and 4460feaf28
which made node_get_all_orports less (accidentally) tolerant of
nodes with a valid ri pointer but dangling rs pointer.
2016-09-20 10:43:58 -04:00
teor
c6d51b4577
Update hard-coded fallback list based on pre-0.2.9 checks 2016-09-20 16:49:45 +10:00
Nick Mathewson
6cb9c2cf77 Add support for AES256 and AES192
(This will be used by prop224)
2016-09-16 11:21:33 -04:00
Nick Mathewson
83129031b1 Remove a needless level of indirection from crypto_cipher_t
Now that crypto_cipher_t only contains a pointer, it no longer
has any reason for an independent existence.
2016-09-16 10:20:08 -04:00
Nick Mathewson
ff116b7808 Simplify the crypto_cipher_t interface and structure
Previously, the IV and key were stored in the structure, even though
they mostly weren't needed.  The only purpose they had was to
support a seldom-used API where you could pass NULL when creating
a cipher in order to get a random key/IV, and then pull that key/IV
back out.

This saves 32 bytes per AES instance, and makes it easier to support
different key lengths.
2016-09-16 10:12:30 -04:00
Nick Mathewson
981d0a24b8 In aes.c, support 192-bit and 256-bit keys.
Also, change the input types for aes_new_cipher to be unsigned,
as they should have been all along.
2016-09-16 09:51:51 -04:00
Nick Mathewson
b08ddb60c9 Ensure that dir1 and dir2 are freed at the end of poisoning test
Found by coverity.
2016-09-14 11:01:21 -04:00
Nick Mathewson
425f5e6d40 Fix a bogus memwipe length in rend_service_load_auth_keys().
Bugfix on a4f46ff8ba. Found by Coverity.
2016-09-14 10:58:53 -04:00
Nick Mathewson
b88f918227 Remove an extraneous parenthesis in IF_BUG_OHNCE__
Fixes bug 20141; bugfix on 0.2.9.1-alpha.

Patch from Gisle Vanem.
2016-09-14 10:53:49 -04:00
Nick Mathewson
8b7922b282 Merge remote-tracking branch 'teor/feature20072' 2016-09-14 10:18:41 -04:00
Nick Mathewson
4f4e995d42 Merge branch 'bug20081' 2016-09-14 10:17:04 -04:00
teor
16085a8421
Add some chutney single onion networks to make test-network-all
This requires a recent version of chutney, with the single onion
network flavours (git c72a652 or later).

Closes ticket #20072.
2016-09-14 12:17:10 +10:00
Nick Mathewson
b488bd54ba Merge remote-tracking branch 'public/bug20063' 2016-09-13 11:25:59 -04:00
Nick Mathewson
831649f56e Fix a memory leak in options/validate__single_onion 2016-09-13 10:40:42 -04:00
Nick Mathewson
2c7d09dfd2 Fix a check-spaces warning. 2016-09-13 10:24:45 -04:00
Nick Mathewson
2237478045 options/validate__single_onion test: use new log capture api
I changed the API here in deb294ff53, to be less annoying
to use.
2016-09-13 10:22:34 -04:00
Nick Mathewson
9f0cb5af15 Merge branch 'feature-17178-v7-squashed-v2' 2016-09-13 10:20:08 -04:00
teor
f311c9ffa2 Replace OnionService* with HiddenService* in option names
And make consequential line-length adjustments.
2016-09-13 10:13:57 -04:00
teor
365ca3ca0f Refactor Single Onion code to improve consistency
* Check consistency between the two single onion torrc options
* Use the more relevant option each time we check for single onion mode
* Clarify log messages
* Clarify comments
* Otherwise, no behaviour change
2016-09-13 10:13:57 -04:00
teor
f686fa2ee6 Comments: prefer circuit_build_times_disabled() to LearnCircuitBuildTimeout 2016-09-13 10:13:57 -04:00
teor
a00fee2f54 Ephemeral Single Onion Services must have the NonAnonymous ADD_ONION flag
Tor checks that the flag matches the configured onion service anonymity.

Tor refuses to create unflagged onion service using ADD_ONION, if they
would be non-anonymous. The error is:
512 Tor is in non-anonymous onion mode

Similarly, if the NonAnonymous flag is present, and Tor has the default
anonymous onion config:
512 Tor is in anonymous onion mode
2016-09-13 10:13:57 -04:00
teor
a4f46ff8ba Refactor the hidden service code to use rend_service_path
And make consequential changes to make it less error-prone.

No behaviour change.
2016-09-13 10:13:57 -04:00
teor
65b2d34c9c Allow the unit tests to pass a service list to rend_service_load_all_keys 2016-09-13 10:13:56 -04:00
teor
41f96078c2 Refactor UseEntryNodes so the original configured value is preserved
Parse the value to UseEntryNodes_option, then set UseEntryNodes before
validating options.

This way, Authorities, Tor2web, and Single Onion Services don't write
spurious "UseEntryNodes 0" lines to their configs. Document the fact that
these tor configurations ignore UseEntryNodes in the manual page.

Also reorder options validation so we modify UseEntryNodes first, then
check its value against EntryNodes.

And silence a warning about disabled UseEntryNodes for hidden services
when we're actually in non-anonymous single onion service mode.
2016-09-13 10:13:56 -04:00
teor
0285f4f34d Use CircuitBuildTimeout whenever circuit_build_times_disabled is true
Previously, we checked LearnCircuitBuildTimeout directly.

Fixes bug #20073 in commit 5b0b51ca3 on tor 0.2.4.12-alpha.
2016-09-13 10:13:56 -04:00
teor
3e4a401ead Fix a typo in a comment in rend_consider_services_intro_points 2016-09-13 10:13:56 -04:00
teor
4d9d2553ba Fix a typo in the LearnCircuitBuildTimeout disabled log message 2016-09-13 10:13:56 -04:00
teor
c43211fd6c When LearnCircuitBuildTimeout is disabled by other options, be quieter 2016-09-13 10:13:56 -04:00
teor
07d32d2e68 Remove a duplicate non-anonymous warning log message
We log this message every time we validate tor's options.
There's no need to log a duplicate in main() as well.

(It is impossible to run main() without validating our options.)
2016-09-13 10:13:56 -04:00
teor (Tim Wilson-Brown)
831cf6d1d8 Refactor crypto init to use existing options variable 2016-09-13 10:13:56 -04:00
teor
e5ad00330c Make Tor2web work with ReachableAddresses and CRN_DIRECT_CONN
The changes in #19973 fixed ReachableAddresses being applied
too broadly, but they also broke Tor2web (somewhat unintentional)
compatibility with ReachableAddresses.

This patch restores that functionality, which makes intro and
rend point selection is consistent between Tor2web and Single Onion
Services.
2016-09-13 10:13:55 -04:00
teor
75ebbed557 Make Single Onion Service intro points respect ReachableAddresses 2016-09-13 10:13:55 -04:00
teor (Tim Wilson-Brown)
b560f852f2 Implement Prop #260: Single Onion Services
Add experimental OnionServiceSingleHopMode and
OnionServiceNonAnonymousMode options. When both are set to 1, every
hidden service on a tor instance becomes a non-anonymous Single Onion
Service. Single Onions make one-hop (direct) connections to their
introduction and renzedvous points. One-hop circuits make Single Onion
servers easily locatable, but clients remain location-anonymous.
This is compatible with the existing hidden service implementation, and
works on the current tor network without any changes to older relays or
clients.

Implements proposal #260, completes ticket #17178. Patch by teor & asn.

squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services

Redesign single onion service poisoning.

When in OnionServiceSingleHopMode, each hidden service key is poisoned
(marked as non-anonymous) on creation by creating a poison file in the
hidden service directory.

Existing keys are considered non-anonymous if this file exists, and
anonymous if it does not.

Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
are anonymous. Similarly, it refuses to launch in anonymous client mode
if any existing keys are non-anonymous.

Rewrite the unit tests to match and be more comprehensive.
Adds a bonus unit test for rend_service_load_all_keys().
2016-09-13 10:10:54 -04:00
teor (Tim Wilson-Brown)
b494ccc3c9 Make rend_service_free available to the unit tests
Also check that the port list exists before freeing it.

Patch by asn.
2016-09-13 10:08:06 -04:00
Nick Mathewson
8fdf2f583c Unit tests for proposal 271 client-side implementation 2016-09-13 09:45:55 -04:00
Nick Mathewson
08d2d7c404 prop272: Believe that all routers are Valid and Running.
(We check consensus method when deciding whether to assume a node is
valid.  No need to check the consensus method for Running, since
we will never see a method before 13.)

Closes ticket 20001

g
2016-09-13 09:29:22 -04:00
Nick Mathewson
20c4b01694 Make preferred_chunk_size avoid overflow, handle big inputs better
Also, add tests for the function.

Closes 20081; bugfix on 0.2.0.16-alpha. This is a Guido Vranken
issue. Thanks, Guido!
2016-09-13 09:07:12 -04:00
Nick Mathewson
4b182dfc23 Merge remote-tracking branch 'public/ticket19998' 2016-09-13 08:54:43 -04:00
Nick Mathewson
c897328fee Merge remote-tracking branch 'samdney/ticket19209' 2016-09-12 08:58:04 -04:00
Nick Mathewson
d5d29cd5a2 Whoops. Cant call sockaddr_in a "sin", since sin() is a thing. 2016-09-11 17:59:25 -04:00
Nick Mathewson
ccea2a5aa9 Fix gmtime unit test on openbsd
openbsd helpfully handles gmtime() of INT64_MIN.  Good job!

Our tests didn't handle that so well.
2016-09-11 17:43:20 -04:00
Nick Mathewson
c6e70dacb8 Try to make our ersatz-socketpair test work better on FreeBSD jails 2016-09-11 17:28:29 -04:00
Nick Mathewson
a671a1c9d6 Tweak tor_gmtime_r test.
On openbsd64, I'm seeing a warning that the log isn't saying what
I'd expect, but I'm not seeing what the answer actually _is_ here.
2016-09-11 17:13:51 -04:00
Nick Mathewson
64521a9d35 Merge remote-tracking branch 'public/solaris_warnings_028' 2016-09-11 16:52:24 -04:00
Carolin Zöbelein
87b91949f1
Add some clarifications in the comments. Bug 19209 2016-09-11 01:30:02 +02:00
Nick Mathewson
77e2be06f6 make check-spaces 2016-09-09 15:38:46 -04:00
Nick Mathewson
75a7997148 Fix a coupole of coverity complaints. 2016-09-09 15:29:57 -04:00
Nick Mathewson
4c55e8a58f Fix cases where the tests were doing closesocket() on a non-socket
These seem to have caused warnings on windows. Hmmm.
2016-09-09 10:28:12 -04:00
Nick Mathewson
2fe7e3d9d2 Oh dear, I was missing an extern. 2016-09-09 10:20:34 -04:00
Nick Mathewson
373bfd9630 Make a couple more tests run faster.
The point of diminishing returns has been reached.
2016-09-09 10:08:27 -04:00
Nick Mathewson
7c52109641 Disable a single pbkdf2 test vector
The other test vectors are pretty complete, and get full coverage, I
believe.

This one test vector accounted for half the time spent in
test-slow.  "Now that's slow!"
2016-09-09 09:57:15 -04:00
Nick Mathewson
5e30e26c6d Chop another ~93 RSA key generations out of the unit tests
We have a mock for our RSA key generation function, so we now wire
it to pk_generate(). This covers all the cases that were not using
pk_generate() before -- all ~93 of them.
2016-09-09 09:45:50 -04:00
Nick Mathewson
05110c9294 Move the donna-fuzzing tests into test_slow.
This shaves another 3-4 seconds off the main-path tests for me,
which is again worth it, according to XKCD#1204.
2016-09-09 08:58:42 -04:00
Nick Mathewson
5ec395b27f Re-enable RSA cacheing in tests, with a better design.
This makes tests faster and saves about 6 seconds for me, which
makes it worth it, according to https://xkcd.com/1205.
2016-09-09 08:58:42 -04:00
Nick Mathewson
63e34e9e49 Reinstate a couple of teardown_capture_of_logs that I missed
Patch from rubiate. See #19999
2016-09-08 19:49:21 -04:00
Nick Mathewson
55713f0d79 Placate "make check-spaces" 2016-09-08 15:43:56 -04:00
Nick Mathewson
d860b99dbf Fix remaining test warnings. (in test_relay.c) 2016-09-08 15:25:56 -04:00
Nick Mathewson
3fcd5d71ad Fix typo error in bug warning in relay.c 2016-09-08 15:15:57 -04:00
Nick Mathewson
e9fdec2b1d capture and detect expected BUG messages in shared-random tests 2016-09-08 15:13:53 -04:00
Nick Mathewson
deb294ff53 Simplify log_test_helpers interface
Previously, you needed to store the previous log severity in a local
variable, and it wasn't clear if you were allowed to call these
functions more than once.
2016-09-08 15:03:11 -04:00
Nick Mathewson
b0a9e54705 Resolve more BUG warnings in the unit tests 2016-09-08 14:39:20 -04:00
Nick Mathewson
d0fe86f39e Fix bug warnings in test_circuitlist. 2016-09-08 14:04:55 -04:00
Nick Mathewson
3269307daf Treat all nonfatal assertion failures as unit test failures.
Part of 19999.
2016-09-08 13:27:30 -04:00
Nick Mathewson
6a1454aa46 Tolerate another failure mode of get_if_addres6_list in tests 2016-09-08 11:47:16 -04:00
Nick Mathewson
f9cb9d8990 more consistent use of expect_log_msg_containing 2016-09-08 11:16:09 -04:00
Nick Mathewson
f64f293c48 Suppress a really impressive pile of warnings in conection/.. tests 2016-09-08 10:56:51 -04:00
Nick Mathewson
d626ffe29c Fix a bug in connection/download_status.. tests 2016-09-08 10:48:22 -04:00
Nick Mathewson
3705ee8fe4 Revise log-testing macros to dump the actual log contents on failure 2016-09-08 10:33:01 -04:00
Nick Mathewson
ae3ea9a7a1 Remove redundant definitions of expect_{no_,}log_msg() 2016-09-08 10:32:59 -04:00
Nick Mathewson
8acb951fc8 Unit test fix: windows should be able to handle DNSPort just fine. 2016-09-08 09:23:20 -04:00
Nick Mathewson
08d1ac4f2a Patch from rubiate: disable openbsd memory protections in test-memwipe
Test-memwipe is *supposed* to invoke undefined behavior, alas.

Closes 20066.
2016-09-08 09:00:24 -04:00
Nick Mathewson
bee5f38e39 set the "addr" field in the dir_handle_get tests, to resolve bug warnings. 2016-09-07 14:30:51 -04:00
Nick Mathewson
ab4485e281 Remove the useless (and uninitialized) MOCK_TOR_ADDR in test_dir_handle_get.c 2016-09-07 14:26:43 -04:00
Nick Mathewson
f028434a5f Merge branch 'maint-0.2.8' 2016-09-07 13:54:21 -04:00
Nick Mathewson
6494f3346b Merge branch 'maint-0.2.7' into maint-0.2.8 2016-09-07 13:54:12 -04:00
Nick Mathewson
11edbf4808 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-09-07 13:54:03 -04:00
Nick Mathewson
52a99cb6c1 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-09-07 13:53:53 -04:00
Nick Mathewson
e4d82da05b Merge branch 'maint-0.2.4' into maint-0.2.5 2016-09-07 13:53:43 -04:00
Nick Mathewson
9d933bbacf Capture and enforce BUG warnings in dir/param_voting_lookup 2016-09-07 13:49:18 -04:00
Nick Mathewson
075c52084d Fix unit test failure introduced by #20002
Updating the consensus algorithm made a non-valid node never get
listed, which messed up some other tests.
2016-09-07 13:40:38 -04:00
Nick Mathewson
a49fee1c29 Capture and enforce bug warnings in util/time test 2016-09-07 12:15:46 -04:00
Nick Mathewson
e9b1d0619f Merge remote-tracking branch 'dgoulet/ticket18693_029_01' 2016-09-07 11:46:00 -04:00
Nick Mathewson
2a3b651790 Merge remote-tracking branch 'sebastian/bug20064' 2016-09-07 11:38:43 -04:00
Karsten Loesing
56f95ba94d Update geoip and geoip6 to the September 6 2016 database. 2016-09-07 11:08:04 +02:00
Nick Mathewson
3823d0aa7d Capture and detect the BUG() warnings in test_util_parse_integer. 2016-09-06 21:01:52 -04:00
Nick Mathewson
d09723ad19 Add facility to suppress/capture tor_bug_occurred_() messages in unit tests. 2016-09-06 21:01:17 -04:00
Nick Mathewson
2b39c927c7 Add !(...) to BUG() log messages
They use the same code as reporting assertion failures, so we should
invert the sense of what we're "asserting".

Fixes bug 20093.
2016-09-06 21:00:51 -04:00
Nick Mathewson
2a4a815f58 Fix a unit test bug for passing arguments to tor_parse_ulong.
We wanted to make sure -50 was a bad input, but instead we were
passing a 'min' that was greater than 'max'.
2016-09-06 20:29:55 -04:00
Nick Mathewson
7ba47ca1fd Split tor_parse_{some_int} testing into separate fn. Code movement only. 2016-09-06 20:25:54 -04:00
Nick Mathewson
af58a89b86 Merge remote-tracking branch 'teor/bug20012' 2016-09-06 19:14:02 -04:00
Nick Mathewson
43092e21c1 Merge remote-tracking branch 'teor/feature20069' 2016-09-06 19:06:32 -04:00
Nick Mathewson
128f7ffbc0 Merge remote-tracking branch 'public/ticket20002' 2016-09-06 14:27:13 -04:00
Nick Mathewson
5927ed8d33 checkSpace.pl now forbids more identifiers.
The functions it warns about are:
  assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
  strdup, strndup, calloc.

Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 12:35:37 -04:00
Nick Mathewson
440228907d Merge remote-tracking branch 'sebastian/bug20065' 2016-09-06 10:12:42 -04:00
teor
55a2bfb056
Fix an indentation issue in rend_config_services 2016-09-06 17:49:52 +10:00
teor (Tim Wilson-Brown)
41ad244dd6
Fix a comment typo in smartlist_get_most_frequent_() 2016-09-06 17:49:44 +10:00
teor
26b47f80dd
Add hs-ipv6 to the chutney IPv6 tests
Requires a recent version of chutney.

Also remove bridges+hs, as it's somewhat redundant.
2016-09-06 13:45:09 +10:00
Sebastian Hahn
74d710e7dc Give useful error if authority_signing_key doesn't exist 2016-09-06 00:14:20 +02:00
Sebastian Hahn
0d485fcfef Vote Exit correctly with DirAllowPrivateAddresses set
When allowing private addresses, mark Exits that only exit to private
locations as such. Fixes bug 20064; bugfix on 0.2.2.9-alpha.
2016-09-05 23:39:47 +02:00
Nick Mathewson
b9a43c8f43 For me, asan/ubsan require more syscalls.
Permit sched_yield() and sigaltstack() in the sandbox.

Closes ticket 20063
2016-09-05 14:25:58 -04:00
Nick Mathewson
c2d1356739 Change servers to never pick 3DES.
Closes ticket 19998.
2016-09-05 14:09:14 -04:00
Andrea Shepard
341a159ab4 Appease make check-spaces 2016-09-05 17:47:39 +00:00
Nick Mathewson
6abce601f2 Fix BUG warning with stack trace from config/parse_port_config__listenaddress 2016-09-05 13:30:50 -04:00
Nick Mathewson
6c1d1127a8 Fix memory leaks in the shared random tests.
Please remember to test your code with
--enable-expensive-hardening. :)
2016-09-01 09:10:27 -04:00
Nick Mathewson
7ef4eef764 Actually, always monotime_init() in the unit tests. 2016-08-31 14:38:17 -04:00
Nick Mathewson
cfc62e2374 Initialize monotonic timer code before using it in the tests 2016-08-31 14:34:49 -04:00
Nick Mathewson
251b348d7b It is not a bug to attempt to base32_decode a non-base32 string
(Rationale: it isn't a bug to try this for a base16 or base64
string. It's just a bad input that we're detecting.)
2016-08-31 14:31:00 -04:00
Nick Mathewson
d4f05dcd0e Detect and suppress bug message from zlib compression bomb test 2016-08-31 14:30:34 -04:00
Nick Mathewson
d299c043d4 Require specific messages for remaining link-handshake failure cases 2016-08-31 14:10:15 -04:00
Nick Mathewson
273290d4fe Always log [bug] warnings from the unit tests.
We should consider them bugs.  If they are happening intentionally,
we should use the log_test_helpers code to capture and suppress
them.  But having them off-by-default has potential to cause
programming errors.
2016-08-31 13:22:07 -04:00
Nick Mathewson
69dce09031 Do not call tor_tls_server_info_callback(NULL) from tests.
This isn't valid behavior, and it causes a crash when you run
the unit tests at --debug.

I've added an IF_BUG_ONCE() check for this case.
2016-08-31 13:18:13 -04:00
Nick Mathewson
871b711f10 Work even harder not to suppress logging messages unless we mean to. 2016-08-31 13:12:36 -04:00
Nick Mathewson
2df6cdc9f9 Document and clean log_test_helpers.c a bit
In addition to documentation, this commit makes a function static,
and removes a weird single-point-of-return-ism, and notes a thing I
should fix.
2016-08-31 13:11:26 -04:00
Nick Mathewson
d5614b2102 Use setup_full_capture_of_logs() where appropriate. 2016-08-31 12:53:18 -04:00
Nick Mathewson
f74916a98f setup_capture_of_logs: no longer suppress log messages
Previously setup_capture_of_logs would prevent log messages from
going to the console entirely.  That's a problem, since sometimes
log messages are bugs!  Now setup_capture_of_logs() acts sensibly.

If you really do need to keep a message from going to the console
entirely, there is setup_full_capture_of_logs().  But only use that
if you're prepared to make sure that there are no extraneous
messages generated at all.
2016-08-31 12:51:22 -04:00
Nick Mathewson
1f7dc823c5 Improvements to test_link_handshake: check specific error messages
Otherwise it's too easy to lose our test coverage.
2016-08-31 12:11:01 -04:00
Nick Mathewson
26a63a9303 Fix all "BUG" warnings created from link-handshake tests. 2016-08-31 11:37:18 -04:00
Nick Mathewson
14c07f3f21 Another log testing helper helper, for matching partial strings. 2016-08-31 11:35:12 -04:00
Nick Mathewson
bbac9e1d0c Don't warn on unlink(bw_accounting) when errno == ENOENT
Patch from pastly; fixes bug 19964.
2016-08-31 10:57:09 -04:00
Nick Mathewson
c15b99e6e9 Fix a deref-before-null-check complaint
Found by coverity scan; this is CID 1372329.

Also, reindent some oddly indented code.
2016-08-31 10:32:10 -04:00
teor
0a3009bb85
Stop inadvertently upgrading client intro connections to ntor
Also stop logging the intro point details on error by default.

Fixes #20012, introduced with ntor in tor 0.2.4.8-alpha.
2016-08-31 15:10:58 +10:00
teor (Tim Wilson-Brown)
16386a8cd1
Count unix sockets when counting client listeners
Users can't run an anonymous client and non-anonymous single
onion service at the same time. We need to know whether we have
any client ports or sockets open to do this check.

When determining whether a client port (SOCKS, Trans, NATD, DNS)
is set, count unix sockets when counting client listeners. This
has no user-visible behaviour change, because these options are
set once and never read in the current tor codebase.

Don't count sockets when setting ControlPort_set, that's what
ControlSocket is for. (This will be reviewed in #19665.)

Don't count sockets when counting server listeners, because the code
that uses these options expects to count externally-visible ports.
(And it would change the behaviour of Tor.)
2016-08-31 13:41:31 +10:00
Nick Mathewson
e3bf8854c8 We no longer need to tag UseNTorHandshake as deprecated, since it is obsolete 2016-08-29 15:03:55 -04:00
Nick Mathewson
bbaa7d09a0 Merge remote-tracking branch 'teor/reject-tap-v6' 2016-08-29 15:02:11 -04:00
David Goulet
f46ce6e3d8 test: Fix shared random unit test for big endian
Copying the integer 42 in a char buffer has a different representation
depending on the endianess of the system thus that unit test was failing on
big endian system.

This commit introduces a python script, like the one we have for SRV, that
computes a COMMIT/REVEAL from scratch so we can use it as a test vector for
our encoding unit tests.

With this, we use a random value of bytes instead of a number fixing the
endianess issue and making the whole test case more solid with an external
tool that builds the COMMIT and REVEAL according to the spec.

Fixes #19977

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-08-26 14:46:29 -04:00
Nick Mathewson
9b9fb63276 prop272: When voting, include no non-Valid relays in consensus
Implements ticket 20002, and part of proposal 272.
2016-08-26 14:14:34 -04:00
Andrea Shepard
33a3e6f718 Avoid asserts in oos/kill_conn_list unit test 2016-08-26 00:02:00 +00:00
Andrea Shepard
32fbc9738a Fix OOS comparator fix 2016-08-26 00:01:25 +00:00
David Goulet
9e1cb3660b Fix duplicated if condition in connection.c
Furthermore, fix a test that could returned an uninitialized value.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-08-25 14:52:28 -04:00
Nick Mathewson
1dfa2213a4 Merge remote-tracking branch 'andrea/ticket18640_v3' 2016-08-25 14:29:06 -04:00
Nick Mathewson
e9124b8cc7 bump to 0.2.8.7-dev 2016-08-24 14:46:08 -04:00
Nick Mathewson
7be7f42d45 bump to 0.2.9.2-alpha-dev 2016-08-24 14:45:33 -04:00
teor (Tim Wilson-Brown)
382a28951f Check onion hostnames against client port flags
Check NoOnionTraffic before attaching a stream.

NoOnionTraffic refuses connections to all onion hostnames,
but permits non-onion hostnames and IP addresses.
2016-08-24 14:40:54 -04:00
teor (Tim Wilson-Brown)
b311f82026 Check non-onion hostnames & IP addresses against client port flags
Check NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic before
attaching a stream.

NoDNSRequest refuses connections to all non-onion hostnames,
but permits IP addresses.
NoIPv4Traffic refuses connections to IPv4 addresses, but resolves
hostnames.
NoIPv6Traffic refuses connections to IPv6 addresses, but resolves
hostnames.

Combined, they refuse all non-onion hostnames and IP addresses.
2016-08-24 14:40:54 -04:00
teor (Tim Wilson-Brown)
45b4e63519 Make Tor2Web error message clearer
Tor2Web refuses non-onion hostnames and IP addresses.
2016-08-24 14:40:54 -04:00
teor (Tim Wilson-Brown)
f41ddbecc6 Comment-only punctuation fix 2016-08-24 14:40:53 -04:00
teor (Tim Wilson-Brown)
ce747f01aa Make port names and types consistent in the port unit tests
String constant changes only, and only in the unit tests.
These strings are used in log messages only.
2016-08-24 14:40:53 -04:00
teor (Tim Wilson-Brown)
41cc1f612b Parse *Port flags NoDNSRequest, NoOnionTraffic & OnionTrafficOnly
OnionTrafficOnly is equivalent to NoDNSRequest, NoIPv4Traffic,
and NoIPv6Traffic.

Add unit tests for parsing and checking option validity.
Add documentation for each flag to the man page.

Add changes file for all of #18693.

Parsing only: the flags do not change client behaviour (yet!)
2016-08-24 14:40:53 -04:00
Nick Mathewson
10f8607125 make check-spaces fixes 2016-08-24 13:39:22 -04:00
Nick Mathewson
57ba7ab39a Bump to 0.2.8.7 2016-08-24 11:01:57 -04:00
Nick Mathewson
e2ede7c9d5 Bump to 0.2.9.2-alpha 2016-08-24 11:01:33 -04:00
Nick Mathewson
5132905419 Merge branch 'maint-0.2.8' 2016-08-24 10:45:11 -04:00
teor
b1ad024d30 Fix path selection on firewalled clients
Signed-off-by: teor <teor2345@gmail.com>
2016-08-24 10:07:47 -04:00
Nick Mathewson
297635f806 Merge branch 'maint-0.2.8' 2016-08-24 10:03:19 -04:00
Nick Mathewson
d3a975ea05 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-08-24 10:02:52 -04:00
Isis Lovecruft
41ab23bed5 Replace Tonga with Bifroest.
* FIXES #19728: https://bugs.torproject.org/19728
 * CLOSES #19690: https://bugs.torproject.org/19690
2016-08-24 10:01:23 -04:00
teor
19816f2f78
Add a stub for rend_service_allow_direct_connection
It always returns 0. It should be replaced with the Single
Onion version from #17178 when both are merged.
2016-08-24 11:02:19 +10:00
teor (Tim Wilson-Brown)
10aa913acc
Client & HS ignore UseNTorHandshake, all non-HS handshakes use ntor
Rely on onion_populate_cpath to check that we're only using
TAP for the rare hidden service cases.

Check and log if handshakes only support TAP when they should support
ntor.
2016-08-24 11:02:00 +10:00
teor (Tim Wilson-Brown)
cad9046632
Improve comments in circuit_get_cpath_* 2016-08-24 10:32:22 +10:00
teor (Tim Wilson-Brown)
febd4ab0e5
Client & HS make sure every hop in every non-HS path supports ntor
When a client connects to an intro point not in the client's consensus,
or a hidden service connects to a rend point not in the hidden service's
consensus, we are stuck with using TAP, because there is no ntor link
specifier.
2016-08-24 10:32:10 +10:00
Nick Mathewson
40d05983c4 Fix some comments in sandbox.c
Closes ticket 19942; patch from "cypherpunks"
2016-08-23 10:02:11 -04:00
Nick Mathewson
a0398dd348 Merge remote-tracking branch 'jigsaw/fix-17758' 2016-08-23 09:57:14 -04:00
Nick Mathewson
ff65618f16 Merge remote-tracking branch 'jigsaw/fix-15381' 2016-08-23 09:55:37 -04:00
Nick Mathewson
e8d7953c61 Use tor_assert, not assert. 2016-08-23 09:24:20 -04:00
Nick Mathewson
bd45f7c668 Merge branch 'bug13953_squashed' 2016-08-23 09:22:04 -04:00
teor
a60ef72345 Reword the router_check_descriptor_address_port_consistency log message
The new message covers static and dynamic public IPv4 addresses,
and external / internal addresses in NAT setups.
2016-08-23 09:16:08 -04:00
Nick Mathewson
a3d419634b Merge remote-tracking branch 'asn/bug19872_v2' 2016-08-23 08:50:32 -04:00
George Kadianakis
b8bfdf638e Introduce ed25519_{sign,checksig}_prefixed functions(). 2016-08-23 14:53:01 +03:00
Nick Mathewson
62b239dd9c Merge branch 'maint-0.2.8' 2016-08-22 10:19:15 -04:00
Nick Mathewson
0ba05313d5 Do not pass NULL to log(%s) in dir_server_new.
This bug had existed since 0.2.4.7-alpha, but now that we have
FallbackDirs by default, it actually matters.

Fixes bug 19947; bugfix on 0.2.4.7-alpha or maybe 0.2.8.1-alpha.

Rubiate wrote the patch; teor wrote the changes file.
2016-08-22 01:22:19 -04:00
Andrea Shepard
9a09513c0b Use connection_mark_for_close() rather than connection_mark_on_flush() on OOS 2016-08-20 04:43:01 +00:00
Andrea Shepard
31028af440 Add DisableOOSCheck option, on by default until we have better heuristics 2016-08-20 04:36:37 +00:00
Andrea Shepard
3efe92ba58 Consider the case that a connection doesn't have a valid socket during OOS 2016-08-20 03:57:32 +00:00
Andrea Shepard
1a7709d409 Add connection_is_moribund() inline 2016-08-20 03:34:16 +00:00
Andrea Shepard
a403230fe3 Use SMARTLIST_FOREACH in connection_count_moribund() per code review 2016-08-20 03:12:58 +00:00
Andrea Shepard
dbdac1dc27 s/connection_handle_oos/connection_check_oos/g per code review 2016-08-20 02:44:33 +00:00
Andrea Shepard
d65f030915 Unit test for pick_oos_victims() 2016-08-20 01:43:52 +00:00
Andrea Shepard
e17083b432 Unit test for kill_conn_list_for_oos() 2016-08-20 01:43:52 +00:00
Andrea Shepard
26c2ded00c Unit test for connection_handle_oos() 2016-08-20 01:43:51 +00:00
Andrea Shepard
709f2cbf58 Implement OOS comparator 2016-08-20 01:43:51 +00:00
Andrea Shepard
d502efbd47 Implement pick_oos_victims() except for sort step 2016-08-20 01:43:51 +00:00
Andrea Shepard
e9464737af Implement kill_conn_list_for_oos() 2016-08-20 01:43:50 +00:00
Andrea Shepard
c76d45bdec Stub out pick_oos_victims() and kill_conn_list_for_oos() 2016-08-20 01:43:50 +00:00
Andrea Shepard
2bc19171ef Implement connection_count_moribund() for OOS handler 2016-08-20 01:43:50 +00:00
Andrea Shepard
4f253d4c67 Don't say OOS unless the ConnLimit thresholds have been set 2016-08-20 01:43:49 +00:00
Andrea Shepard
34d9d02150 Stub out connection_handle_oos() and call it from places we can change the socket count or thresholds 2016-08-20 01:43:46 +00:00
Andrea Shepard
1c0c0022d8 Compute thresholds for OOS from ConnLimit_ when setting options 2016-08-20 01:42:30 +00:00
Nick Mathewson
3c8baa77a1 Log a warning when Testing options are deprecated. 2016-08-19 20:21:04 -04:00
Nick Mathewson
05ad2db283 Add comments to explain when things were deprecated 2016-08-19 20:09:51 -04:00
Nick Mathewson
507f07de09 Merge remote-tracking branch 'public/deprecation_v2' 2016-08-19 19:58:51 -04:00
Nick Mathewson
5aad921e3a Rename free_voting_schedule to voting_schedule_free. Wrap line. Follow if convention. 2016-08-19 19:44:19 -04:00
Nick Mathewson
3e8f93bb10 Merge remote-tracking branch 'jigsaw/fix-19562' 2016-08-19 19:41:53 -04:00
Nick Mathewson
fdc2a91956 Merge remote-tracking branch 'public/bug19466' 2016-08-19 19:37:48 -04:00
Nick Mathewson
8f2f06c9b3 Merge branch 'maint-0.2.8' 2016-08-19 19:35:39 -04:00
Nick Mathewson
65cf5130ef Merge branch 'bug19903_028_v2' into maint-0.2.8 2016-08-19 19:35:26 -04:00
Nick Mathewson
49843c980a Avoid confusing GCC 4.2.1 by saying "int foo()... inline int foo() {...}"
Fixes bug 19903; bugfix on 0.2.8.1-alpha.
2016-08-19 19:34:39 -04:00
Daniel Pinto
8c0fdf6a27 Added a voting_schedule_free function to free voting schedules.
Existing Uses of the tor_free function on voting schedules were
replaced with voting_schedule_free.
Fixes #19562.
2016-08-16 17:53:38 +01:00
Daniel Pinto
3d6ae798cf Fixes inconsistent version prefix in log messages.
Fixes #15381.
2016-08-16 17:22:16 +01:00
Daniel Pinto
4f19f85eda Prevents negative number of written bytes on error message.
Fixes #17758.
2016-08-16 17:12:18 +01:00
teor
4b4389280e
Check parameters to router_check_descriptor_address_port_consistency 2016-08-16 14:39:46 +10:00
teor
427663428b
Refactor duplicate code in router_check_descriptor_address_consistency
No behaviour change
2016-08-16 14:05:46 +10:00
s7r
4d2b3164ec Make log message clearer
Longer and more explicit log message so we don't confuse users with behind NAT with working configurations and state that public IP addresses only should be provided with "Address", won't work with internal addresses.
2016-08-15 09:50:10 +00:00
Nick Mathewson
be820f41a3 Fix quite a few slow memory leaks in config.c
This bug was introduced in 8bbbbaf87b when we added a separate
or_options_free() function but didn't start using it everywhere.

Fixes bug 19466.
2016-08-12 18:47:35 -04:00
Nick Mathewson
7f145b54af Merge remote-tracking branch 'public/Fix_19450' 2016-08-12 16:11:28 -04:00
cypherpunks
8d67c079b4 Fix integer overflows in the conversion tables 2016-08-12 14:18:01 -04:00
Nick Mathewson
06e82084d6 Merge remote-tracking branch 'andrea/bug8625_prod' 2016-08-12 12:44:06 -04:00
Nick Mathewson
a7e317927b Merge branch 'maint-0.2.8' 2016-08-12 10:27:23 -04:00
Nick Mathewson
459e5d705e Merge branch 'maint-0.2.7' into maint-0.2.8 2016-08-12 10:27:14 -04:00
Nick Mathewson
db372addc8 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-08-12 10:27:08 -04:00
Nick Mathewson
742ff2cddb Merge branch 'maint-0.2.5' into maint-0.2.6 2016-08-12 10:27:01 -04:00
Nick Mathewson
46754d6081 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-08-12 10:26:48 -04:00
Karsten Loesing
1410947351 Update geoip and geoip6 to the August 2 2016 database. 2016-08-12 11:53:38 +02:00
Nick Mathewson
e788c577f1 Only use evutil_secure_rng_add_bytes() when present.
OpenBSD removes this function, and now that Tor requires Libevent 2,
we should also support the OpenBSD Libevent 2.

Fixes bug 19904; bugfix on 0.2.5.4-alpha.
2016-08-11 20:37:18 -04:00
Nick Mathewson
60997a00e8 Fix a bug in the old-gcc version of ENABLE_GCC_WARNING
Fixes bug 19901; bugfix on 0.2.9.1-alpha.
2016-08-11 19:58:13 -04:00
Nick Mathewson
d5c47f0436 Add some how-to documentation for ht.h. Closes #19896 2016-08-11 10:18:51 -04:00
Andrea Shepard
09a0f2d0b2 Eliminate redundant hourly reset of descriptor download failures 2016-08-10 03:34:54 +00:00
Andrea Shepard
05853485a4 Debug logging for router/consensus descriptor download resets 2016-08-10 03:34:54 +00:00
Nick Mathewson
7e3e482dad bump master to 0.2.9.1-alpha.dev 2016-08-08 14:31:30 -04:00
Nick Mathewson
f5dcab8072 Add new warn_deprecated option to config_assign*().
Also, collapse all the config_assign*() options into a flags
argument, since having two boolean arguments was already confusing.
2016-08-03 12:52:26 -04:00
Nick Mathewson
f3314aa6e1 Deprecate some SocksPort sub-options. 2016-08-03 12:24:07 -04:00
Nick Mathewson
9b6ff4c882 Teach checkOptionDocs about deprecation.
In particular, teach it that deprecated options must exist.
2016-08-03 12:16:58 -04:00
Nick Mathewson
66e610da72 Mark a big pile of options as deprecated. 2016-08-03 12:08:57 -04:00
Nick Mathewson
e6220ccbf8 Add deprecation for configuration options that need to go away. 2016-08-03 11:43:19 -04:00
Nick Mathewson
c9b8d4c086 We no longer use config_var_description_t 2016-08-03 11:19:08 -04:00
Nick Mathewson
70fd23f498 Bump master version to 0.2.9.1-alpha 2016-08-02 15:37:35 -04:00
Nick Mathewson
7b896fe61e Remove/fix remaining evbuffer references 2016-08-02 14:02:35 -04:00
Nick Mathewson
4d4ccc505b Search for remaining references to 'bufferevent'.
Remove or adjust as appropriate.
2016-08-02 13:59:47 -04:00
Nick Mathewson
46ef4487d3 Remove generic_buffer_*() functions as needless.
These functions were there so that we could abstract the differences
between evbuffer and buf_t.  But with the bufferevent removal, this
no longer serves a purpose.
2016-08-02 13:50:00 -04:00
Nick Mathewson
cd9d39d54b Rename generic_buffer_set_to_copy, since generic buffers are not a thing 2016-08-02 13:33:41 -04:00
Nick Mathewson
88a7a02728 Bufferevent removal: remove more bufferevent-only options
(All this IOCP stuff was bufferevent-only.)
2016-08-02 13:33:08 -04:00
Nick Mathewson
8fd6b0fc46 Remove USE_BUFFEREVENTS code outside src/or 2016-08-02 13:22:06 -04:00
Nick Mathewson
c68a23a135 Bufferevent removal: remove HAS_BUFFEREVENT macros and usage
This is another way that we had bufferevents-only code marked.
2016-08-02 13:15:10 -04:00
Nick Mathewson
8e9a6543e1 More bufferevent removal: bev_str is no longer needed in tor_init 2016-08-02 13:08:00 -04:00
Nick Mathewson
6b740aa46b bump maint-0.2.8 to 0.2.8.6-dev 2016-08-02 11:13:44 -04:00
teor
8c2ee16b8f
Get the extend_info_from_router check the right way around 2016-08-02 14:28:56 +10:00
Nick Mathewson
11386eb6d1 bump to 0.2.8.6 2016-07-29 11:17:28 -04:00
Nick Mathewson
f3575a45ce Merge branch 'maint-0.2.8' 2016-07-29 10:23:38 -04:00
teor (Tim Wilson-Brown)
1c4a2dd208 Remove a fallback that was on the hardcoded list, then opted-out
The fallback was added in 0.2.8.2-alpha.
2016-07-29 10:23:15 -04:00
Andrea Shepard
1995328a3d Keep make check-spaces happy 2016-07-29 05:05:12 +00:00
Nick Mathewson
dffc6910b1 Three more -Wshadow fixes. 2016-07-28 11:24:03 -04:00
Nick Mathewson
25513ae174 Re-run trunnel. 2016-07-28 10:52:43 -04:00
Nick Mathewson
94bff894f9 Fix a large pile of solaris warnings for bug 19767.
In nearly all cases, this is a matter of making sure that we include
orconfig.h before we include any standard c headers.
2016-07-28 10:47:46 -04:00
Nick Mathewson
9fe6fea1cc Fix a huge pile of -Wshadow warnings.
These appeared on some of the Jenkins platforms. Apparently some
GCCs care when you shadow globals, and some don't.
2016-07-28 10:22:10 -04:00
Nick Mathewson
0390e1a60c Fix a set of variable-shadowing warnings in curve25519-donna.c 2016-07-28 10:03:29 -04:00
Nick Mathewson
a8676b1ede Merge branch 'bug18902_squashed' 2016-07-28 06:59:03 -04:00
Nick Mathewson
4757303873 Fix all -Wshadow warnings on Linux
This is a partial fix for 18902.
2016-07-28 06:58:44 -04:00
Nick Mathewson
f0488551e7 Merge branch 'bug19639_squashed' 2016-07-26 19:31:15 -04:00
teor (Tim Wilson-Brown)
64bf6b70a8 Check that extend_info_from_router is never called on a client 2016-07-26 19:31:05 -04:00
Nick Mathewson
9de9f2d48b Merge branch 'feature19116_squashed' 2016-07-26 19:21:04 -04:00
teor (Tim Wilson-Brown)
bf2f7c265c We fixed #15937, update a comment 2016-07-26 19:20:53 -04:00
teor (Tim Wilson-Brown)
64b5140256 Call chutney's test-network.sh when it is available
Also mark the parts of tor's test-network.sh that can be deleted
once everyone has updated to chutney's test-network.sh.
2016-07-26 19:20:53 -04:00
teor (Tim Wilson-Brown)
bb4506da6f Add a dry run mode to test-network.sh 2016-07-26 19:20:53 -04:00
Nick Mathewson
d70fac15ff Merge remote-tracking branch 'teor/bug19702' 2016-07-26 19:12:23 -04:00
Nick Mathewson
d97fca16d0 Fix an integer overflow related to monotonic time on windows.
To maintain precision, to get nanoseconds, we were multiplying our
tick count by a billion, then dividing by ticks-per-second.  But
that apparently isn't such a great idea, since ticks-per-second is
sometimes a billion on its own, so our intermediate result was
giving us attoseconds.

When you're counting in attoseconds, you can only fit about 9
seconds into an int64_t, which is not so great for our purposes.

Instead, we now simplify the 1000000000/1000000000 fraction before
we start messing with nanoseconds.  This has potential to mess us
up if some future MS version declares that performance counters will
use 1,000,000,007 units per second, but let's burn that bridge when
we come to it.
2016-07-26 11:23:58 -04:00
Nick Mathewson
09c25697d7 Add a function to simplify a fraction.
Apparently remembering euclid's algorithm does pay off sooner or later.
2016-07-26 11:23:34 -04:00
Nick Mathewson
90ca446048 Remove windows debugging prints: it was an integer overflow hitting ftrapv 2016-07-26 11:07:53 -04:00
Nick Mathewson
019b7ddb9f fix identifier mistake :( 2016-07-26 10:44:51 -04:00
Nick Mathewson
160d2c6aab Redux^3: Temporarily add windows verbosity to track down jenkins failures 2016-07-26 10:36:44 -04:00
Nick Mathewson
0cef69713c Redux^2: Temporarily add windows verbosity to track down jenkins failures 2016-07-26 10:04:40 -04:00
Nick Mathewson
fb7f90c181 Tweaks on 19435 fix:
* Raise limit: 16k isn't all that high.
   * Don't log when limit exceded; log later on.
   * Say "over" when we log more than we say we log.
   * Add target version to changes file
2016-07-26 09:59:48 -04:00
Ivan Markin
77459b97aa Fix integer overflow in the rate-limiter (#19435). 2016-07-26 09:49:40 -04:00
Nick Mathewson
264fb7eb82 debugging: print ticks-per-second on windows. is it 0? 2016-07-26 09:44:41 -04:00
Nick Mathewson
e77c23e455 Redux: Temporarily add windows verbosity to track down jenkins failures 2016-07-26 09:24:53 -04:00
Nick Mathewson
1033713c9c Temporarily add some windows verbosity to track down unit test failure on jenkins. 2016-07-26 08:56:55 -04:00
Nick Mathewson
3f9c036821 Try a little harder to work around mingw clock_gettime weirdness 2016-07-26 08:22:37 -04:00
Roger Dingledine
81cc31d3fa three typo fixes i found in my sandbox 2016-07-25 20:17:35 -04:00
Peter Palfrader
518c8fe0ec Also ship compat_time.h in release tarballs. Fixes bug #19746 2016-07-25 09:07:29 +02:00
Nick Mathewson
53f9f71985 ug no, the RIGHT fix. 2016-07-21 15:29:56 +02:00
Nick Mathewson
9c210d0e81 Avoid infinite stack explosion in windows monotime.
[init calls get calls init calls get calls init.... ]
2016-07-21 15:26:05 +02:00
Nick Mathewson
1d0775684d Once more, 32-bit fixes on monotime mocking 2016-07-21 14:32:15 +02:00
Nick Mathewson
9c87869dde Merge branch 'maint-0.2.8' 2016-07-21 14:15:19 +02:00
Nick Mathewson
f1973e70a4 Coverity hates it when we do "E1 ? E2 : E2".
It says, 'Incorrect expression (IDENTICAL_BRANCHES)'

Fix for CID 1364127. Not in any released Tor.
2016-07-21 14:14:33 +02:00
Nick Mathewson
22314f9050 loony mingwcross bug: insist we dont have clock_gettime. 2016-07-21 14:09:00 +02:00
Nick Mathewson
852cff043b fix monotime test mocking on 32-bit systems 2016-07-21 14:05:29 +02:00
Nick Mathewson
61ce6dcb40 Make monotime test mocking work with oom tests. 2016-07-21 07:02:34 -04:00
Nick Mathewson
50463524a9 Use new mock functions in buffer/time_tracking test 2016-07-21 07:02:33 -04:00
Nick Mathewson
2d26b1a549 Actually make monotonic time functions mockable.
This is different from making the functions mockable, since
monotime_t is opaque and so providing mocks for the functions is
really hard.
2016-07-21 07:02:33 -04:00
Nick Mathewson
72a1f0180d Revert "Make the monotonic{_coarse,}_get() functions mockable."
This reverts commit 2999f0b33f.
2016-07-21 10:30:21 +02:00
Nick Mathewson
2999f0b33f Make the monotonic{_coarse,}_get() functions mockable. 2016-07-21 10:25:23 +02:00
Nick Mathewson
a31078a581 Merge branch 'maint-0.2.8' 2016-07-19 12:34:37 +02:00
Nick Mathewson
4d5b252f0f Merge branch 'maint-0.2.7' into maint-0.2.8 2016-07-19 12:34:27 +02:00
Nick Mathewson
4d70ed7be0 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-07-19 12:32:14 +02:00
Nick Mathewson
210928f66a Merge branch 'maint-0.2.5' into maint-0.2.6 2016-07-19 12:31:54 +02:00
Nick Mathewson
d95c2809b3 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-07-19 12:31:20 +02:00
Nick Mathewson
558f7d3701 Merge branch 'monotonic_v2_squashed' 2016-07-19 11:42:26 +02:00
Nick Mathewson
1e3cf1cc83 Be sure to call monotime_init() at startup. 2016-07-19 11:40:47 +02:00
Nick Mathewson
6ba415d400 Make sure initialized_at is initialized before use. 2016-07-19 11:40:47 +02:00
Nick Mathewson
abcb8ce25d Unit tests for monotonic time 2016-07-19 11:40:47 +02:00
Nick Mathewson
2a217ef723 Expose monotonic time ratchet functions for testing. 2016-07-19 11:40:47 +02:00
Nick Mathewson
7bc4ca7de9 Remove tor_gettimeofday_cached_monotonic as broken and unneeded 2016-07-19 11:40:47 +02:00
Nick Mathewson
c7558c906a Use coarse monotonic timer instead of cached monotonized libevent time. 2016-07-19 11:40:46 +02:00
Nick Mathewson
6a2002fc09 convert timers.c to use real monotonic time. 2016-07-19 11:40:46 +02:00
Nick Mathewson
dc6f5d1dc1 Basic portable monotonic timer implementation
This code uses QueryPerformanceCounter() [**] on Windows,
mach_absolute_time() on OSX, clock_gettime() where available, and
gettimeofday() [*] elsewhere.

Timer types are stored in an opaque OS-specific format; the only
supported operation is to compute the difference between two timers.

[*] As you know, gettimeofday() isn't monotonic, so we include
a simple ratchet function to ensure that it only moves forward.

[**] As you may not know, QueryPerformanceCounter() isn't actually
always as monotonic as you might like it to be, so we ratchet that
one too.

We also include a "coarse monotonic timer" for cases where we don't
actually need high-resolution time.  This is GetTickCount{,64}() on
Windows, clock_gettime(CLOCK_MONOTONIC_COARSE) on Linux, and falls
back to regular monotonic time elsewhere.
2016-07-19 11:40:46 +02:00
Karsten Loesing
79939c6f11 Update geoip and geoip6 to the July 6 2016 database. 2016-07-18 08:40:22 +02:00
teor (Tim Wilson-Brown)
d8cd994ef6
Allow clients to retry HSDirs much faster in test networks 2016-07-18 13:25:15 +10:00
teor (Tim Wilson-Brown)
6afd5506e9
Rewrite test-network.sh so out-of-tree and $PATH binaries work 2016-07-18 12:15:49 +10:00
Andrea Shepard
94c27d4e8f Keep make check-spaces happy 2016-07-17 23:22:29 +00:00
Nick Mathewson
c138c9a2be Merge branch 'maint-0.2.8' 2016-07-17 13:55:04 -04:00
Nick Mathewson
fbae15a856 Merge remote-tracking branch 'weasel/bug19660' into maint-0.2.8 2016-07-17 13:54:40 -04:00
Nick Mathewson
bec4e41f4b Fix warnings in test_util_formats.
Storing 255 into a char gives a warning when char is signed.

Fixes bug 19682; bugfix on 0.2.8.1-alpha, where these tests were added.
2016-07-17 13:51:45 -04:00
teor (Tim Wilson-Brown)
579a80d4ae
Clients avoid choosing nodes that can't do ntor
If we know a node's version, and it can't do ntor, consider it not running.
If we have a node's descriptor, and it doesn't have a valid ntor key,
consider it not running.

Refactor these checks so they're consistent between authorities and clients.
2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
a76d528bec
Clients no longer download descriptors for relays without ntor 2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
24e8bb2d83
Relays make sure their own descriptor has an ntor key 2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
33da2abd05
Authorities reject descriptors without ntor keys
Before, they checked for version 0.2.4.18-rc or later, but this
would not catch relays without version lines, or buggy or malicious
relays missing an ntor key.
2016-07-15 09:55:49 +10:00
U+039b
c735220a0b
Remove bufferevents dead code
Signed-off-by: U+039b <*@0x39b.fr>
2016-07-14 18:46:37 +02:00
Nick Mathewson
9932544297 Merge branch 'maint-0.2.8' 2016-07-13 09:19:35 -04:00
Nick Mathewson
bb731ca665 Merge remote-tracking branch 'Jigsaw52/seccomp-fix-18397' into maint-0.2.8 2016-07-13 09:16:59 -04:00
Peter Palfrader
36b06be738 Add (SOCK_DGRAM, IPPROTO_UDP) sockets to the sandboxing whitelist
If we did not find a non-private IPaddress by iterating over interfaces,
we would try to get one via
get_interface_address6_via_udp_socket_hack().  This opens a datagram
socket with IPPROTO_UDP.  Previously all our datagram sockets (via
libevent) used IPPROTO_IP, so we did not have that in the sandboxing
whitelist.  Add (SOCK_DGRAM, IPPROTO_UDP) sockets to the sandboxing
whitelist.  Fixes bug 19660.
2016-07-11 09:37:01 +02:00
Daniel Pinto
20e89453fd Adds missing syscalls to seccomp filter.
Fixes #18397 which prevented tor starting with Sandbox 1.
2016-07-09 00:36:37 +01:00
Nick Mathewson
aa971c5924 Move our "what time is it now" compat functions into a new module
I'm not moving our "format and parse the time" functions, since
those have been pretty volatile over the last couple of years.
2016-07-08 10:38:59 -04:00
Nick Mathewson
466259eb50 Merge remote-tracking branch 'sebastian/libevent2' 2016-07-08 09:57:31 -04:00
Nick Mathewson
a931d157fd Bump maint-0.2.8 to 0.2.8.5-rc-dev 2016-07-07 12:43:52 -04:00
Nick Mathewson
acba4cc954 test coverage on onion_fast: 0%->100% 2016-07-06 13:43:12 -04:00
Nick Mathewson
08cc0ef832 Capture the LOG_ERR messages in our tests that had logged errors.
(It's confusing for the test to write an expected error to stdout,
and then tell the user "OK".)
2016-07-06 13:01:08 -04:00
Nick Mathewson
96d32f02f2 When saving mocked log messages, always create the list.
Otherwise, our code needs to check "list && smarlist_len(list)..."
2016-07-06 12:59:43 -04:00
Nick Mathewson
ae22c249c3 Improve test coverage a little on onion*.c 2016-07-06 12:37:52 -04:00
Nick Mathewson
9c1d8cdd8d Merge branch 'maint-0.2.8' 2016-07-06 10:17:22 -04:00
Nick Mathewson
3252550fc5 Fix sign in test-timers 2016-07-06 10:07:02 -04:00
teor (Tim Wilson-Brown)
b167e82f62
When checking if a routerstatus is reachable, don't check the node
This fixes #19608, allowing IPv6-only clients to use
microdescriptors, while preserving the ability of bridge clients
to have some IPv4 bridges and some IPv6 bridges.

Fix on c281c036 in 0.2.8.2-alpha.
2016-07-06 14:46:22 +10:00
Nick Mathewson
78196c8822 Merge remote-tracking branch 'teor/bug18456' 2016-07-05 19:10:08 -04:00
David Goulet
245c10de07 Test: fix shared random test checking bad errno
The test was checking for EISDIR which is a Linux-ism making other OSes
unhappy. Instead of checking for a negative specific errno value, just make
sure it's negative indicating an error. We don't need more for this test.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-05 14:00:06 -04:00
Nick Mathewson
1135405c8c Fix a variable-shadowing bug in check_private_dir
We introduded a shadowed variable, thereby causing a log message to
be wrong. Fixes 19578. I believe the bug was introduced by
54d7d31cba in 0.2.2.29-beta.
2016-07-05 13:43:58 -04:00
Nick Mathewson
5a047cdc5f Fix shared-random test 2016-07-05 13:31:18 -04:00
Nick Mathewson
8f44d2822e Update version to 0.2.8.5-rc. This is not yet a release. 2016-07-05 13:05:36 -04:00
Nick Mathewson
5c97b42cac Merge branch 'maint-0.2.8' 2016-07-05 12:52:30 -04:00
Nick Mathewson
e99cc8740f Repair unit test that assumed we have 9 dirauths. 2016-07-05 12:52:19 -04:00
Nick Mathewson
8cae4abbac Merge branch 'maint-0.2.8' 2016-07-05 12:43:17 -04:00
Nick Mathewson
8d25ab6347 Merge remote-tracking branch 'weasel/bug19557' into maint-0.2.8 2016-07-05 12:40:25 -04:00
Nick Mathewson
74cbbda86e Merge remote-tracking branch 'weasel/bug19556' into maint-0.2.8 2016-07-05 12:39:40 -04:00
Nick Mathewson
f54ffa463a Merge branch 'maint-0.2.8' 2016-07-05 12:23:25 -04:00
Nick Mathewson
f4408747d3 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-07-05 12:23:14 -04:00
Nick Mathewson
6e96aadadb Merge branch 'maint-0.2.6' into maint-0.2.7 2016-07-05 12:22:47 -04:00
Nick Mathewson
c28ba994ec Merge branch 'maint-0.2.5' into maint-0.2.6 2016-07-05 12:21:25 -04:00
Nick Mathewson
9d3de77d4d Merge branch 'maint-0.2.4' into maint-0.2.5 2016-07-05 12:20:42 -04:00
Nick Mathewson
e11cc95717 Merge remote-tracking branch 'asn/bug19555' 2016-07-05 12:17:21 -04:00
Nick Mathewson
87758dbebc Merge remote-tracking branch 'dgoulet/bug19567_029_01' 2016-07-05 12:14:04 -04:00
Nick Mathewson
e889da1d7f Merge remote-tracking branch 'asn/bug19551' 2016-07-05 12:12:09 -04:00
Nick Mathewson
8ba4ba0a74 Grammar.
I grepped and hand-inspected the "it's" instances, to see if any
were supposed to be possessive.  While doing that, I found a
"the the", so I grepped to see if there were any more.
2016-07-05 12:10:12 -04:00
Sebastian Hahn
e7b70b69ec Remove src/or/eventdns_tor.h based on cypherpunk's review 2016-07-04 21:39:43 +02:00
David Goulet
267e16ea61 sr: add the base16 RSA identity digest to commit
Keep the base16 representation of the RSA identity digest in the commit object
so we can use it without using hex_str() or dynamically encoding it everytime
we need it. It's used extensively in the logs for instance.

Fixes #19561

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 12:05:48 -04:00
David Goulet
cc34929abc sr: Fix comment in shared_random.h
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 11:44:10 -04:00
David Goulet
7d04638a60 test: Fix shared random buffer overrun
Encoded commit has an extra byte at the end for the NUL terminated byte and
the test was overrunning the payload buffer by one byte.

Found by Coverity issue 1362984.

Fixes #19567

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 11:40:06 -04:00
David Goulet
c6de05d529 sr: Remove useless code in disk_state_update()
This patch also updates a comment in the same function for accuracy.

Found by Coverity issue 1362985. Partily fixes #19567.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 11:33:41 -04:00
George Kadianakis
34bd333529 prop250: Fix voting_schedule_t memleak in sr_state_update(). 2016-07-04 17:42:25 +03:00
George Kadianakis
f03c74c631 prop250: Plug TorVersion memleak in disk_state_reset(). 2016-07-04 17:42:25 +03:00
Sebastian Hahn
bd1a85cc91 Address review comments from cypherpunks 2016-07-04 16:34:40 +02:00
Sebastian Hahn
265e40b481 Raise libevent dependency to 2.0.10-stable or newer
Only some very ancient distributions don't ship with Libevent 2 anymore,
even the oldest supported Ubuntu LTS version has it. This allows us to
get rid of a lot of compat code.
2016-07-04 12:40:09 +02:00
Sebastian Hahn
ec6ea66240 Remove two wrong comments 2016-07-04 12:26:14 +02:00
Sebastian Hahn
7ae34e722a
Remove urras as a default trusted directory authority
It had been a directory authority since 0.2.1.20.
2016-07-03 21:59:32 +02:00
Peter Palfrader
55d380f3df sandboxing: allow writing to stats/hidserv-stats
Our sandboxing code would not allow us to write to stats/hidserv-stats,
causing tor to abort while trying to write stats.  This was previously
masked by bug#19556.
2016-07-03 18:05:43 +02:00
Peter Palfrader
2c4e78d95b sandboxing: allow open() of stats dir
When sandboxing is enabled, we could not write any stats to disk.
check_or_create_data_subdir("stats"), which prepares the private stats
directory, calls check_private_dir(), which also opens and not just stats() the
directory.  Therefore, we need to also allow open() for the stats dir in our
sandboxing setup.
2016-07-03 17:47:45 +02:00
Sebastian Hahn
0d6f3d647d Remove HAVE_EVENT_H from winconfig
This was accidentally left in in f25e2167f5.
2016-07-03 04:34:38 +02:00
Sebastian Hahn
19054ab18a Remove HAVE_EVENT_* defines from winconfig
They were accidentally left sitting around in 517e0f965.
2016-07-03 04:32:54 +02:00
George Kadianakis
43d317f99c Fix edge case fail of shared random unittest.
The test_state_update() test would fail if you run it between 23:30 and
00:00UTC in the following line because n_protocol_runs was 2:

  tt_u64_op(state->n_protocol_runs, ==, 1);

The problem is that when you launch the test at 23:30UTC (reveal phase),
sr_state_update() gets called from sr_state_init() and it will prepare
the state for the voting round at 00:00UTC (commit phase). Since we
transition from reveal to commit phase, this would trigger a phase
transition and increment the n_protocol_runs counter.

The solution is to initialize the n_protocol_runs to 0 explicitly in the
beginning of the test, as we do for n_reveal_rounds, n_commit_rounds etc.
2016-07-02 02:49:59 +03:00
Andrea Shepard
be78e9ff37 Keep make check-spaces happy 2016-07-01 21:52:32 +00:00
Nick Mathewson
aa05dea5ff Windows open() returns eacces when eisdir would be sane 2016-07-01 16:23:06 -04:00
Nick Mathewson
1597c42384 Fix i386 conversion warnings 2016-07-01 15:53:01 -04:00
Nick Mathewson
3566ff05fd Fix a -Wmissing-variable-declarations warning 2016-07-01 15:30:12 -04:00
Nick Mathewson
aaa3129043 Merge remote-tracking branch 'dgoulet/ticket16943_029_05-squashed'
Trivial Conflicts:
	src/or/or.h
	src/or/routerparse.c
2016-07-01 15:29:05 -04:00
David Goulet
36e201dffc prop250: Add a DEL state action and return const SRVs
The *get* state query functions for the SRVs now only return const pointers
and the DEL action needs to be used to delete the SRVs from the state.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
David Goulet
4a1904c126 prop250: Use the new dirvote_get_intermediate_param_value for AuthDirNumSRVAgreements
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
Nick Mathewson
6927467bef Refactor parameter computation and add a helper function
This patch makes us retain the intermediate list of K=V entries for
the duration of computing our vote, and lets us use that list with
a new function in order to look up parameters before the consensus
is published.

We can't actually use this function yet because of #19011: our
existing code to do this doesn't actually work, and we'll need a new
consensus method to start using it.

Closes ticket #19012.
2016-07-01 14:01:42 -04:00
David Goulet
09ecbdd8ee prop250: Fix format string encoding in log statement
Commit and reveal length macro changed from int to unsigned long int
(size_t) because of the sizeof().

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
David Goulet
e62f3133bb prop250: Change reveal_num to uint64_t and version to uint32_t
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
George Kadianakis
899d2b890b prop250: Don't use {0} to init static struct -- causes warning on clang.
See ticket #19132 for the clang/llvm warning.

Since voting_schedule is a global static struct, it will be initialized
to zero even without explicitly initializing it with {0}.

This is what the C spec says:

	If an object that has automatic storage duration is not initialized
	explicitly, its value is indeterminate. If an object that has static
	storage duration is not initialized explicitly, then:

	— if it has pointer type, it is initialized to a null pointer;
	— if it has arithmetic type, it is initialized to (positive or unsigned) zero;
	— if it is an aggregate, every member is initialized (recursively) according to these rules;
	— if it is a union, the first named member is initialized (recursively) according to these rules.
2016-07-01 14:01:41 -04:00
George Kadianakis
ebbff31740 prop250: Silence a logging message.
LOG_NOTICE is a bit too much for that one.
2016-07-01 14:01:41 -04:00
George Kadianakis
f6f4668b1d prop250: Don't reject votes containing commits of unknown dirauths.
Instead just ignore those commits.

Squash this commit with 33b2ade.
2016-07-01 14:01:41 -04:00
David Goulet
5fe9a50c31 prop250: Pass the dst length to sr_srv_encode()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
d43646e191 prop250: Fix unit tests about the RSA fingerprint check
Code has been changed so every RSA fingerprint for a commit in our state is
validated before being used. This fixes the unit tests by mocking one of the
key function and updating the hardcoded state string.

Also, fix a time parsing overflow on platforms with 32bit time_t

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
cd858d78a7 prop250: Sort commits in lexicographical order in votes
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
63ca307127 prop250: Improve log messages
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
George Kadianakis
edea044147 prop250: Sort smartlist before you get most frequent SRV.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
545b77e2f8 prop250: Only trust known authority when computing SRV
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
0f27d92e4c prop250: Add version to Commit line in vote and state
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
8ac88f6f97 prop250: Add a valid flag to sr_commit_t
We assert on it using the ASSERT_COMMIT_VALID() macro in critical places
where we use them expecting a commit to be valid.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
056b6186ad prop250: Use RSA identity digest instead of fingerprint
The prop250 code used the RSA identity key fingerprint to index commit in a
digestmap instead of using the digest.

To behavior change except the fact that we are actually using digestmap
correctly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
c0cec2ffd3 prop250: change time_t to uint64_t
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-07-01 14:01:41 -04:00
David Goulet
39be8af709 prop250: Add unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
727d419a9d prop250: Initialize the SR subsystem and us it!
This commit makes it that tor now uses the shared random protocol by
initializing the subsystem.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
0c26a6db7e prop250: Parse votes and consensus
One of the last piece that parses the votes and consensus in order to update
our state and make decision for the SR values.

We need to inform the SR subsystem when we set the current consensus because
this can be called when loaded from file or downloaded from other authorities
or computed.

The voting schedule is used for the SR timings since we are bound to the
voting system.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
ca6ceec112 prop250: Put commits and SRVs in votes/consensus
This commit adds the commit(s) line in the vote as well as the SR values. It
also has the mechanism to add the majority SRVs in the consensus.

Signed-off-by: George Kadianakis <desnacked@riseup.net>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 13:25:03 -04:00
David Goulet
5b183328fd prop250: Add commit and SR values generation code
This adds the logic of commit and SR values generation. Furthermore, the
concept of a protocol run is added that is commit is generated at the right
time as well as SR values which are also rotated before a new protocol run.

Signed-off-by: George Kadianakis <desnacked@riseup.net>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 13:23:27 -04:00
Nick Mathewson
738a8c655a Add an extra check to test_dir to try to debug windows jenkins issue 2016-07-01 10:10:55 -04:00
Nick Mathewson
ac9784f7f5 Fix a missing break; in dump_desc_init()
Found by coverity scan; this is CID 1362983
2016-07-01 10:02:22 -04:00
Nick Mathewson
0531d5155e Merge remote-tracking branch 'teor/bug19530-v2' 2016-07-01 10:00:37 -04:00
Nick Mathewson
903ec20c0b Merge branch 'maint-0.2.8' 2016-07-01 09:54:08 -04:00
teor (Tim Wilson-Brown)
514f0041d1
Avoid disclosing exit IP addresses in exit policies by default
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses
they knew about in their exit policy. But this may have disclosed
addresses that were otherwise unlisted.

Now, only advertised addresses are rejected by default by
ExitPolicyRejectPrivate. All known addresses are only rejected when
ExitPolicyRejectLocalInterfaces is explicitly set to 1.
2016-07-01 15:37:13 +10:00
teor (Tim Wilson-Brown)
744077dd15
When tor can't find a directory, log less 2016-07-01 14:26:00 +10:00
teor (Tim Wilson-Brown)
516c02b178
Make authority_certs_fetch_missing support bridge hints
This also fixes an issue where bridge clients may have found a
routerstatus for a directory mirror, and connected to it directly.
2016-07-01 14:01:25 +10:00
teor (Tim Wilson-Brown)
f90bfaae8d
Refactor duplicate code in authority_certs_fetch_missing 2016-07-01 14:00:25 +10:00
teor (Tim Wilson-Brown)
d3ca6fe475
Call purpose_needs_anonymity in authority_certs_fetch_missing 2016-07-01 14:00:20 +10:00
teor (Tim Wilson-Brown)
b4dcf56768
Hex-encode raw digest before printing in authority_certs_fetch_missing 2016-07-01 14:00:07 +10:00
teor (Tim Wilson-Brown)
596ccbf839
Refactor authority_certs_fetch_missing to call get_options once 2016-07-01 09:35:27 +10:00
Nick Mathewson
64ee7bcd0c Make sure that our tests expect the windows path separator as needed 2016-06-30 18:26:44 -04:00
Nick Mathewson
69e22e294b Set binary mode when checking malformed descriptor. 2016-06-30 18:23:58 -04:00
Nick Mathewson
889cfac676 One more tt_u64_op 2016-06-30 16:46:53 -04:00
Nick Mathewson
591078c76d use tt_u64_op for comparing len_descs_dumped 2016-06-30 15:34:36 -04:00
Nick Mathewson
b750a77e3f fix naked memcmps 2016-06-30 15:34:16 -04:00
Nick Mathewson
2713de2a47 Fix more naked strdup/malloc/free instances 2016-06-30 14:36:31 -04:00
Nick Mathewson
9a92f58219 Avoid naked strdups in test_dir.c 2016-06-30 14:30:28 -04:00
Nick Mathewson
7a7bd1f9ea Fix a memory leak in test_dir_populate_dump_desc_fifo 2016-06-30 14:30:26 -04:00
Nick Mathewson
c3b720fb26 Try to fix warnings when size_t is smaller than st.st_size. 2016-06-30 14:20:04 -04:00
Nick Mathewson
b5beb2afa6 fix a syntax warning 2016-06-30 14:19:55 -04:00
Nick Mathewson
ded7e8093c Fix three -Wtautological-constant-out-of-range-compare warnings. 2016-06-30 14:08:28 -04:00
Nick Mathewson
3627718348 Fix -Wextra-semi warning 2016-06-30 13:50:16 -04:00
Nick Mathewson
6d2f006bf4 Fix a 32-bit compilation failure 2016-06-30 13:47:45 -04:00
Nick Mathewson
8917c4f19f A little more specificity in documentation for getinfo download/ stuff
Also, a const.
2016-06-30 13:42:38 -04:00
Nick Mathewson
cb54390e0f Merge remote-tracking branch 'andrea/ticket19323_squashed' 2016-06-30 11:44:58 -04:00
Nick Mathewson
c6846d7bf0 Merge remote-tracking branch 'andrea/bug18322_v3_squashed' 2016-06-30 11:18:00 -04:00
Nick Mathewson
a31f55b16b Merge remote-tracking branch 'teor/bug19483-fix-v2' 2016-06-30 11:04:13 -04:00
Andrea Shepard
13a16e0011 Also check if the sandbox is configured as well as if it's active; sandbox_init() runs rather late in the startup process 2016-06-30 09:37:23 +00:00
Andrea Shepard
34d9dabed1 Do sandbox_is_active() check before reconstructing dump_desc() FIFO on startup too 2016-06-30 07:45:55 +00:00
Andrea Shepard
9580b99dab Add unit test for dump_desc_populate_fifo_from_directory() 2016-06-30 07:03:26 +00:00
Andrea Shepard
f99c9df02b Make things mockable for dump_desc_populate_fifo_from_directory() unit test 2016-06-30 07:03:26 +00:00
Andrea Shepard
42f089473a Unit test for dump_desc_populate_one_file() 2016-06-30 07:03:26 +00:00
Andrea Shepard
2154160a24 Add support for mocking functions declared with attributes without causing gcc warnings 2016-06-30 07:03:26 +00:00
Andrea Shepard
421cf21b3c Reload unparseable descriptor dump FIFO state from on-disk dumped descriptors at startup 2016-06-30 07:03:26 +00:00
Andrea Shepard
38cced90ef Move unparseable descriptor dumps into subdirectory of DataDir 2016-06-30 07:03:25 +00:00
Andrea Shepard
dc37546cff Add sandbox_is_active() check to dump_desc() 2016-06-30 07:03:25 +00:00
Andrea Shepard
603f483092 Use uint64_t for total length of dumped descriptors, nad be careful about overflows in the loop in dump_desc_fifo_add_and_clean() 2016-06-30 07:03:25 +00:00
Andrea Shepard
824ee581b0 Add dir/dump_unparseable_descriptors unit test 2016-06-30 07:03:25 +00:00
Andrea Shepard
2a17b93cc4 Make options_get_datadir_fname2_suffix() mockable 2016-06-30 07:03:25 +00:00
Andrea Shepard
35fc5879fb Expose a few more dump_desc()-related things to the test suite 2016-06-30 07:03:25 +00:00
Andrea Shepard
4e4a760491 Add extern support for file-scope variables in testsupport.h 2016-06-30 07:03:25 +00:00
Andrea Shepard
17ed2fed68 Expose dump_desc() to the test suite and make things it calls mockable 2016-06-30 07:03:24 +00:00
Andrea Shepard
726dc9acf5 Remove old unparseable descriptor logging mechanism, add bump-to-head-of-queue for repeated unparseable descriptors, rename config variable 2016-06-30 07:03:24 +00:00
Andrea Shepard
1cde3e2776 Add multiple descriptor dump support for dump_desc() in routerparse.c; fixes bug 18322 2016-06-30 07:03:24 +00:00
Roger Dingledine
4dc7b3ca28 fix typo 2016-06-29 22:56:56 -04:00
teor (Tim Wilson-Brown)
69535f1284
Add tv_udiff and tv_mdiff unit tests with negative values 2016-06-30 09:29:18 +10:00
teor (Tim Wilson-Brown)
aae14f8346
Fix bug19483: avoid range checks when they are always true
Some compilers are smart enough to work out that comparisons to
LONG_MAX are a no-op on L64.
2016-06-30 09:29:14 +10:00
Nick Mathewson
7602b0b31f Merge remote-tracking branch 'weasel/bug19503' 2016-06-29 16:10:10 -04:00
teor (Tim Wilson-Brown)
d36a0c4d22
Add more unit tests for tv_udiff and tv_mdiff 2016-06-29 17:23:42 +10:00
teor (Tim Wilson-Brown)
4234ca3bf2
Improve overflow checks in tv_udiff and tv_mdiff
Validate that tv_usec inputs to tv_udiff and tv_mdiff are in range.

Do internal calculations in tv_udiff and tv_mdiff in 64-bit,
which makes the function less prone to integer overflow,
particularly on platforms where long and time_t are 32-bit,
but tv_sec is 64-bit, like some BSD configurations.

Check every addition and subtraction that could overflow.
2016-06-29 17:23:24 +10:00
Andrea Shepard
ad0ce8716d Unit tests for GETINFO download/desc and download/bridge cases 2016-06-29 06:55:57 +00:00
Andrea Shepard
45724beac4 Unit test for GETINFO download/cert case 2016-06-29 05:58:22 +00:00
Andrea Shepard
becf510ef2 Unit test for GETINFO download/networkstatus case 2016-06-29 05:56:21 +00:00
Andrea Shepard
657eaee6ae Expose GETINFO download status statics for test suite and make things mockable 2016-06-29 05:55:42 +00:00
Andrea Shepard
c692900728 Add bridge descriptor download status queries to GETINFO 2016-06-29 05:55:42 +00:00
Andrea Shepard
8798ca4be2 Add router descriptor download status queries to GETINFO 2016-06-29 05:55:42 +00:00
Andrea Shepard
18c6e13993 Expose authority certificate download statuses on the control port 2016-06-29 05:55:42 +00:00
teor (Tim Wilson-Brown)
2e51608a8b
Fix an integer overflow bug in the tv_mdiff range check
The temporary second used for rounding can cause overflow,
depending on the order the compiler performs the operations.
2016-06-29 12:53:50 +10:00
Nick Mathewson
f42dbc4e26 Merge branch 'maint-0.2.8' 2016-06-28 19:15:43 -04:00
Nick Mathewson
2c9354fc10 Merge branch 'bug19071-extra-squashed' into maint-0.2.8 2016-06-28 19:15:20 -04:00
teor (Tim Wilson-Brown)
26146dbe9e Comment-out fallbacks in a way the stem fallback parser understands
If we manually remove fallbacks in C by adding '/*' and '*/' on separate
lines, stem still parses them as being present, because it only looks at
the start of a line.

Add a comment to this effect in the generated source code.
2016-06-28 19:15:08 -04:00
Nick Mathewson
d793a988cd Merge branch 'maint-0.2.8' 2016-06-28 11:22:48 -04:00
Nick Mathewson
bc9a0f82b3 whitespace fixes 2016-06-28 11:14:42 -04:00
Nick Mathewson
f87aa4555d Merge remote-tracking branch 'teor/bug18812' into maint-0.2.8 2016-06-28 11:12:51 -04:00
teor (Tim Wilson-Brown)
608c12baaf
Resolve bug18812 by logging fallback key changes at info level 2016-06-28 14:18:16 +10:00
teor (Tim Wilson-Brown)
812fd416ef
Make it clear that fallbacks include authorities
Comment-only change
2016-06-28 14:14:04 +10:00
teor (Tim Wilson-Brown)
14b1c7a66e
Refactor connection_or_client_learned_peer_id for bug18812
No behavioural change.
Also clarify some comments.
2016-06-28 14:12:18 +10:00
Nick Mathewson
4e2a7cd3ae Add missing braces around conditional. 2016-06-27 13:19:49 -04:00
Nick Mathewson
14169a3d70 Remove an always-true condition: all ints are <= INT_MAX 2016-06-27 13:18:54 -04:00
Nick Mathewson
2197bfcc6a Merge branch 'maint-0.2.8' 2016-06-27 13:17:42 -04:00
Andrea Shepard
8cf9fe5ba6 Expose consensus download statuses on the control port 2016-06-27 16:38:37 +00:00
Peter Palfrader
54c3066c72 Fix a typo in the getting passphrase prompt for the ed25519 identity key 2016-06-25 13:33:35 +02:00
Yawning Angel
0116eae59a Bug19499: Fix GCC warnings when building against bleeding edge OpenSSL.
The previous version of the new accessors didn't specify const but it
was changed in master.
2016-06-24 22:20:41 +00:00
Nick Mathewson
703254a832 Merge remote-tracking branch 'public/bug15942_v2_alternative' 2016-06-23 09:01:24 -04:00
teor (Tim Wilson-Brown)
828e2e1a2e
Remove a fallback that changed DirPort
The operator has confirmed that the DirPort change is perament.
The relay will be reconsidered as a fallback in 0.2.9.
2016-06-23 10:38:03 +10:00
Nick Mathewson
61dac57aa3 Merge branch 'maint-0.2.8' 2016-06-22 08:20:11 -04:00
teor (Tim Wilson-Brown)
69635e41c8
Remove and blacklist 3 fallbacks which disappeared
Blacklist them in case they appear again.
2016-06-22 12:18:10 +10:00
teor (Tim Wilson-Brown)
b15cecd4f8
Remove 2 fallbacks: one lost guard, the other had bad uptime
Leave these fallbacks in the whitelist, they may improve before 0.2.9.
2016-06-22 12:18:06 +10:00
teor (Tim Wilson-Brown)
7e9532b9be
Remove and blacklist 4 fallbacks which are unsuitable
Remove a fallback that changed its fingerprint after it was listed
This happened after to a software update:
https://lists.torproject.org/pipermail/tor-relays/2016-June/009473.html

Remove a fallback that changed IPv4 address

Remove two fallbacks that were slow to deliver consensuses,
we can't guarantee they'll be fast in future.

Blacklist all these fallbacks until operators confirm they're stable.
2016-06-22 12:16:57 +10:00
Nick Mathewson
cb8557f7c9 Merge branch 'maint-0.2.8' 2016-06-21 09:00:40 -04:00
Ivan Markin
b432efb838 Remove useless message about nonexistent onion services after uploading a descriptor 2016-06-21 09:00:22 -04:00
Nick Mathewson
dd9cebf109 Merge branch 'maint-0.2.8' 2016-06-21 08:54:49 -04:00
George Kadianakis
f038e9cb00 Fix bug when disabling heartbeats.
Callbacks can't return 0.
2016-06-21 08:54:30 -04:00
David Goulet
b3b4ffce2e prop250: Add memory and disk state in new files
This commit introduces two new files with their header.

"shared_random.c" contains basic functions to initialize the state and allow
commit decoding for the disk state to be able to parse them from disk.

"shared_random_state.c" contains everything that has to do with the state
for both our memory and disk. Lots of helper functions as well as a
mechanism to query the state in a synchronized way.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-06-20 15:26:58 -04:00
David Goulet
9744a40f7a Add tor_htonll/ntohll functions
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-06-20 15:26:58 -04:00
David Goulet
49e8f47505 util: zero target buffer of base*_encode/decode
Make sure to memset(0) the destination buffer so we don't leave any
uninitialized data.

Fixes #19462

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-20 13:47:19 -04:00
Nick Mathewson
2f75b34dce Patch from dgoulet: fix a base16 problem that manifested w stem 2016-06-20 13:37:45 -04:00
Nick Mathewson
5fbd195918 Coverage hack for test_switch_id.sh
This hack provides a way to make sure we can see coverage from
test-switch-id.  If you set OVERRIDE_GCDA_PERMISSIONS_HACK, we
temporarily make the .gcda files mode 0666 before we run the
test scripts, and then we set them to 0644 again afterwards.

That's necessary because the test_switch_id.sh script does a
setuid() to 'nobody' part way through, and drops the ability to
change its mind back.
2016-06-20 11:15:47 -04:00
Nick Mathewson
603cb712ef Small coverage improvements on compat.c 2016-06-20 11:03:13 -04:00
Nick Mathewson
ba28da8de5 compat.c coverage: simplify under-tested alloc_getcwd.
Yes, HURD lacks PATH_MAX.  But we already limited the maximum buffer
to 4096, so why not just use that?
2016-06-20 10:47:31 -04:00
Nick Mathewson
2b74e13a7c More coverage in backtrace.c 2016-06-20 10:31:36 -04:00
Nick Mathewson
c1f0ec3058 Merge remote-tracking branch 'dgoulet/bug19465_029_01' 2016-06-20 10:20:41 -04:00
Nick Mathewson
ba88d78127 Fix unit test crash on 32-bit. 2016-06-20 10:20:03 -04:00
Nick Mathewson
a09ec22a9b Simpler implementation of random exponential backoff.
Consumes more entropy, but is easier to read.
2016-06-20 10:10:02 -04:00
David Goulet
85edef27eb test: Increase offset to rendcache descriptor time
Slow system can sometime take more than 10 seconds to reach the test
callsite resulting in the unit test failing when using time in the future or
in the past.

Fixes #19465

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-20 09:53:11 -04:00
Nick Mathewson
6cedd49323 Merge branch 'bug14013_029_01_squashed' 2016-06-20 08:48:09 -04:00
nikkolasg
568dc27a19 Make base16_decodes return number of decoded bytes
base16_decodes() now returns the number of decoded bytes. It's interface
changes from returning a "int" to a "ssize_t". Every callsite now checks the
returned value.

Fixes #14013

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-20 08:44:58 -04:00
Nick Mathewson
1160ac1283 Changes file for 19063; use the BUG macro 2016-06-19 12:38:15 -04:00
U+039b
58e6a6aaeb Fix #19063: Add check in utility macro 2016-06-19 12:34:49 -04:00
Nick Mathewson
81cfd5c9a1 Merge branch 'zlib_coverage_squashed' 2016-06-19 12:20:38 -04:00
Nick Mathewson
d937b86699 Unindent block 2016-06-19 12:20:24 -04:00
Nick Mathewson
5a725dab0a Mark some torgzip lines as unreachable/untestable. 2016-06-19 12:20:24 -04:00
Nick Mathewson
358fc026d9 Remove a ridiculous realloc call from torgzip.c
realloc()ing a thing in order to try to save memory on it just
doesn't make sense with today's allocators.  Instead, let's use the
fact that whenever we decompress something, either it isn't too big,
or we chop it up, or we reallocate it.
2016-06-19 12:20:24 -04:00
Nick Mathewson
808015316a Remove support for zlib <= 1.1
zlib 1.2 came out in 2003; earlier versions should be dead by now.

Our workaround code was only preventing us from using the gzip
encoding (if we decide to do so), and having some dead code linger
around in torgzip.c
2016-06-19 12:20:24 -04:00
Nick Mathewson
b421648da2 Merge remote-tracking branch 'public/thread_coverage' 2016-06-19 12:15:55 -04:00
Andrea Shepard
5a4ed29f01 Better comments on exponential-backoff related members of download_status_t 2016-06-18 19:05:46 +00:00
Andrea Shepard
1f1df4ab74 Move exponential-random backoff computation out of download_status_schedule_get_delay() into separate function, per code review 2016-06-18 18:23:55 +00:00
Andrea Shepard
1dfbfd319e Better comment for download_status_schedule_get_delay() per code review 2016-06-18 17:11:32 +00:00
Andrea Shepard
6370c4ee87 Use exponential backoff for router descriptor downloads from consensuses 2016-06-18 16:32:17 +00:00
Andrea Shepard
5cb27d8991 Use exponential backoffs for bridge descriptor downloads 2016-06-18 16:32:17 +00:00
Andrea Shepard
36d45a9f64 Use exponential backoffs for certificate downloads 2016-06-18 16:32:17 +00:00
Andrea Shepard
5104e5645f Use exponential backoffs for consensus downloads 2016-06-18 16:32:16 +00:00
Andrea Shepard
1553512af4 Unit test for DL_SCHED_RANDOM_EXPONENTIAL 2016-06-18 16:32:16 +00:00
Andrea Shepard
695b0bd1d5 Implement DL_SCHED_RANDOM_EXPONENTIAL support for download_status_t 2016-06-18 16:32:16 +00:00
Andrea Shepard
033cf30b3c Keep make check-spaces happy 2016-06-18 16:07:44 +00:00
Nick Mathewson
48b25e6811 Merge branch 'bug18280_029_03_nm_squashed' 2016-06-17 13:53:57 -04:00
David Goulet
f4f9a9be40 test: Add base32_encode/decode unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-17 13:53:47 -04:00
David Goulet
4e4a7d2b0c Fix base32 API to take any source length in bytes
Fixes #18280

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-06-17 13:53:47 -04:00
cypherpunks
94762e37b9 Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS
The Autoconf macro AC_USE_SYSTEM_EXTENSIONS defines preprocessor macros
which turn on extensions to C and POSIX. The macro also makes it easier
for developers to use the extensions without needing (or forgetting) to
define them manually.

The macro can be safely used because it was introduced in Autoconf 2.60
and Tor requires Autoconf 2.63 and above.
2016-06-17 10:17:44 -04:00
Nick Mathewson
9a63f059b9 Merge remote-tracking branch 'dgoulet/bug18604_029_01' 2016-06-17 09:07:41 -04:00
Nick Mathewson
a8c766220f Mark an abort() as unreachable. 2016-06-16 15:53:05 -04:00
Nick Mathewson
a418904962 Coverage on parse_config_line_from_str_verbose. 2016-06-16 15:52:19 -04:00
Nick Mathewson
c9ea9de806 Remove parse_config_line_from_str alias
All of our code just uses parse_config_line_from_str_verbose.
2016-06-16 15:40:56 -04:00
Nick Mathewson
128ab31c64 Mark code unreachable in unescape_string()
Also, add tests for it in case someday it does become reachable.
2016-06-16 15:36:08 -04:00
Nick Mathewson
dd73787190 On Windows, tv_sec is long, not time_t.
I'm not angry, Windows: just very disappointed.
2016-06-16 13:57:16 -04:00
David Goulet
ab35f9de46 Correctly close intro circuit when deleting ephemeral HS
When deleting an ephemeral HS, we were only iterating on circuit with an
OPEN state. However, it could be possible that an intro point circuit didn't
reached the open state yet.

This commit makes it that we close the circuit regardless of its state
except if it was already marked for close.

Fixes #18604

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-16 13:09:24 -04:00
Nick Mathewson
6ceb37971e Try to fix memarea test on 32-bit systems 2016-06-16 11:59:51 -04:00
Nick Mathewson
5c596cdbc0 Tests for message rate-limiting
Also note a bug in the rate-limiting message.
2016-06-16 11:54:50 -04:00
Nick Mathewson
9b0bd65f22 I believe I found some dead code in our time parsing functions 2016-06-16 11:14:12 -04:00
Nick Mathewson
79370914d1 tests for size_mul_check__()
it's important, and we should make sure we got it right.
2016-06-16 10:43:01 -04:00
Nick Mathewson
41cb26c169 Correct the rounding behavior on tv_mdiff.
Fix for bug 19428.
2016-06-16 10:16:04 -04:00
Nick Mathewson
f05a213fe1 Improve coverage on tv_udiff, and tv_mdiff.
I found some bugs in tv_mdiff; separate commit for that
2016-06-16 10:07:44 -04:00
Nick Mathewson
6dc2b605b8 Improve coverage on esc_for_log, esc_for_log_len 2016-06-16 09:58:53 -04:00
Nick Mathewson
d1ab295d7b add LCOV_EXCL for unreachable exit() blocks in src/common 2016-06-16 09:50:52 -04:00
Nick Mathewson
f986e26850 Reach 100% line coverage on memarea.c 2016-06-16 09:37:44 -04:00
Nick Mathewson
7b54d7ebbd Mark src/common tor_assert(0)/tor_fragile_assert() unreached for coverage
I audited this to make sure I was only marking ones that really
should be unreachable.
2016-06-15 17:28:26 -04:00
Nick Mathewson
e718a582af Bump to 0.2.8.4-rc-dev 2016-06-15 12:55:17 -04:00
David Goulet
c7f1b46a10 Perform cache lookup when FetchHidServDescriptors is set
The FetchHidServDescriptors check was placed before the descriptor cache
lookup which made the option not working because it was never using the
cache in the first place.

Fixes #18704

Patched-by: twim
Signef-off-by: David Goulet <dgoulet@torproject.org>
2016-06-15 10:04:07 -04:00
Nick Mathewson
3a0d42fbf9 bump version to 0.2.8.4-rc 2016-06-14 20:36:35 -04:00
Nick Mathewson
05e2750ea7 whoops; blank line 2016-06-14 20:21:59 -04:00
Nick Mathewson
227d3b3d6b Use ENABLE/DISABLE_GCC_WARNING in masater. 2016-06-14 20:21:02 -04:00
Nick Mathewson
8486dea8d7 Merge branch 'maint-0.2.8' 2016-06-14 20:16:46 -04:00
Nick Mathewson
d6b01211b9 Resolve the remaining openssl "-Wredundant-decls" warnings.
Another part of 19406
2016-06-14 20:14:53 -04:00
Nick Mathewson
3bffdf05d1 use new-form macros to disable -Wredundant-decls 2016-06-14 12:22:52 -04:00
Nick Mathewson
df4fa92a88 Merge branch 'maint-0.2.8' 2016-06-14 12:17:24 -04:00
Nick Mathewson
71aacbe427 Suppress the Wredundant-decls warning in another set of openssl headers 2016-06-14 12:17:02 -04:00
Yawning Angel
c5e2f7b944 Bug 19406: Fix the unit tests to work with OpenSSL 1.1.x
Just as it says on the tin.  Don't need to fully disable any tests and
reduce coverage either.  Yay me.
2016-06-14 12:13:09 -04:00
Yawning Angel
6ddef1f7e0 Bug 19406: OpenSSL removed SSL_R_RECORD_TOO_LARGE in 1.1.0.
This is a logging onlu change, we were suppressing the severity down to
INFO when it occured (treating it as "Mostly harmless").  Now it is no
more.
2016-06-14 12:13:09 -04:00
Yawning Angel
b563a3a09d Bug 19406: OpenSSL made RSA and DH opaque in 1.1.0.
There's accessors to get at things, but it ends up being rather
cumbersome.  The only place where behavior should change is that the
code will fail instead of attempting to generate a new DH key if our
internal sanity check fails.

Like the previous commit, this probably breaks snapshots prior to pre5.
2016-06-14 12:13:09 -04:00
Yawning Angel
86f0b80681 Bug 19406: OpenSSL changed the Thread API in 1.1.0 again.
Instead of `ERR_remove_thread_state()` having a modified prototype, it
now has the old prototype and a deprecation annotation.  Since it's
pointless to add extra complexity just to remain compatible with an old
OpenSSL development snapshot, update the code to work with 1.1.0pre5
and later.
2016-06-14 12:13:09 -04:00
Nick Mathewson
4c90cdc0e7 Coverity dislikes (double) (int/int).
When you divide an int by an int and get a fraction and _then_ cast
to double, coverity assumes that you meant to cast to a double
first.

In my fix for -Wfloat-conversion in 493499a339, I
did something like this that coverity didn't like.

Instead, I'm taking another approach here.

Fixes CID 1232089, I hope.
2016-06-13 11:25:19 -04:00
Nick Mathewson
6a7d11f38a Merge branch 'maint-0.2.8' 2016-06-13 10:49:24 -04:00
Nick Mathewson
2ee3dbe801 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-06-13 10:49:05 -04:00
Nick Mathewson
80089c9e7c Merge branch 'maint-0.2.6' into maint-0.2.7 2016-06-13 10:48:56 -04:00
Nick Mathewson
b4bb88606e Merge branch 'maint-0.2.5' into maint-0.2.6 2016-06-13 10:48:48 -04:00
Nick Mathewson
f25f7b759c Merge branch 'maint-0.2.4' into maint-0.2.5 2016-06-13 10:48:35 -04:00
Andrea Shepard
925f76b486 Keep make check-spaces happy 2016-06-12 21:47:14 +00:00
Roger Dingledine
0616fd6fb6 typo/comment/log fixes i found in my sandbox from montreal 2016-06-12 16:14:15 -04:00
Karsten Loesing
c14c662758 Update geoip and geoip6 to the June 7 2016 database. 2016-06-12 11:35:50 +02:00
Nick Mathewson
47edbd4fad Fix build on 32-bit systems. 2016-06-11 13:26:05 -04:00
Nick Mathewson
ada5668c5e Merge remote-tracking branch 'public/bug19203_027' into maint-0.2.8 2016-06-11 10:16:00 -04:00
Nick Mathewson
d6b2af7a3a Merge branch 'bug19180_easy_squashed' 2016-06-11 10:15:40 -04:00
Nick Mathewson
e80a032b61 Add clang's -Wstring-conversion, and fix the one place it hits 2016-06-11 10:11:54 -04:00
Nick Mathewson
53a3b39da1 Add -Wmissing-variable-declarations, with attendant fixes
This is a big-ish patch, but it's very straightforward.  Under this
clang warning, we're not actually allowed to have a global variable
without a previous extern declaration for it.  The cases where we
violated this rule fall into three roughly equal groups:
  * Stuff that should have been static.
  * Stuff that was global but where the extern was local to some
    other C file.
  * Stuff that was only global when built for the unit tests, that
    needed a conditional extern in the headers.

The first two were IMO genuine problems; the last is a wart of how
we build tests.
2016-06-11 10:11:54 -04:00
Nick Mathewson
80f1a2cbbd Add the -Wextra-semi warning from clang, and fix the cases where it triggers 2016-06-11 10:11:54 -04:00
Nick Mathewson
c3adbf755b Resolve some warnings from OSX clang. 2016-06-11 10:11:53 -04:00
Nick Mathewson
9bbd6502f0 Use autoconf, not gcc version, to decide which warnings we have
This gives more accurate results under Clang, which can only help us
detect more warnings in more places.

Fixes bug 19216; bugfix on 0.2.0.1-alpha
2016-06-11 10:11:53 -04:00
Nick Mathewson
4caed2424a Enable -Woverlength-strings for GCC>=4.6 on MOST of the code.
IMO it's fine for us to make exceptions to this rule in the unit
tests, but not in the code at large.
2016-06-11 10:11:52 -04:00
Nick Mathewson
8f2d2933f9 Use -Wdouble-promotion in GCC >= 4.6
This warning triggers on silently promoting a float to a double.  In
our code, it's just a sign that somebody used a float by mistake,
since we always prefer double.
2016-06-11 10:11:52 -04:00
Nick Mathewson
493499a339 Add -Wfloat-conversion for GCC >= 4.9
This caught quite a few minor issues in our unit tests and elsewhere
in our code.
2016-06-11 10:11:52 -04:00
Nick Mathewson
2ff20c93a5 Add -Wunused-const-variable=2 on GCC >=6.1
This caused a trivial warning in curve25519-donna-64bit.h, which
had two unused constants.  I commented them out.
2016-06-11 10:11:52 -04:00
Nick Mathewson
b14c1f4082 Merge remote-tracking branch 'public/bug19203_027' into HEAD 2016-06-11 10:11:44 -04:00
Nick Mathewson
4f8086fb20 Enable -Wnull-dereference (GCC >=6.1), and fix the easy cases
This warning, IIUC, means that the compiler doesn't like it when it
sees a NULL check _after_ we've already dereferenced the
variable. In such cases, it considers itself free to eliminate the
NULL check.

There are a couple of tricky cases:

One was the case related to the fact that tor_addr_to_in6() can
return NULL if it gets a non-AF_INET6 address.  The fix was to
create a variant which asserts on the address type, and never
returns NULL.
2016-06-11 10:10:29 -04:00
Nick Mathewson
c274f825da Merge remote-tracking branch 'asn/bug17688' 2016-06-11 10:07:15 -04:00
Andrea Shepard
9eeaeddbb1 Reduce make check-spaces noise 2016-06-09 11:50:25 +00:00
Nick Mathewson
f016213f7f Unit tests for our zlib code to test and reject compression bombs. 2016-06-08 18:08:30 -04:00
Nick Mathewson
429d15c529 Mark the unreachable lines in compat_{,p}threads and workqueue
These are all related to failures from functions that either can't
fail as we call them, or where we cannot provoke failure.
2016-06-08 17:30:22 -04:00
Nick Mathewson
3cc374456b Add several test scripts wrapping test_workqueue
This is a fairly easy way for us to get our test coverage up on
compat_threads.c and workqueue.c -- I already implemented these
tests, so we might as well enable them.
2016-06-08 17:29:06 -04:00
George Kadianakis
36dd9538d9 Don't rely on consensus parameter to use a single guard. 2016-06-07 17:22:47 +03:00
Nick Mathewson
1e330e1947 Repair test_crypto_openssl_version with LibreSSL 2016-06-06 10:45:23 -04:00
Nick Mathewson
c19a3d1bf8 Merge branch 'maint-0.2.8' 2016-06-06 10:18:07 -04:00
Nick Mathewson
83513a93a1 Check tor_sscanf return value in test_crypto.c
Coverity noticed that we check tor_sscanf's return value everywhere
else.
2016-06-06 10:01:50 -04:00
Nick Mathewson
6eeedc02d8 Use directory_must_use_begindir to predict we'll surely use begindir
Previously, we used !directory_fetches_from_authorities() to predict
that we would tunnel connections.  But the rules have changed
somewhat over the course of 0.2.8
2016-06-02 10:40:39 -04:00
Nick Mathewson
ed0ecd9f13 Use tor_sscanf, not sscanf, in test_crypto.c
Fixes the 0.2.9 instance of bug #19213, which prevented mingw64 from
working.  This case wasn't in any released Tor.
2016-06-02 10:16:15 -04:00
Nick Mathewson
b458a81cc5 Merge branch 'maint-0.2.8' 2016-06-02 10:13:35 -04:00
Nick Mathewson
a32ca313c4 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-06-02 10:12:56 -04:00
Nick Mathewson
5854b19816 Use tor_sscanf, not sscanf, in test_util.c.
Fixes the 0.2.7 case of bug #19213, which prevented mingw64 from
working.
2016-06-02 10:11:29 -04:00
Nick Mathewson
3cdc8bfa2c Let's not even talk about those errors, ok? 2016-05-30 17:14:46 -04:00
Nick Mathewson
97f2c1c58e Wait, we had sprintf() in our unit tests?? FOR SHAME! 2016-05-30 16:50:57 -04:00
Nick Mathewson
4f1a04ff9c Replace nearly all XXX0vv comments with smarter ones
So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we
had better revisit this comment and fix it!"

But we have a huge pile of such comments accumulated for a large
number of released versions!  Not cool.

So, here's what I tried to do:

  * 0.2.9 and 0.2.8 are retained, since those are not yet released.

  * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks
    quite important!"

  * The others, after one-by-one examination, are downgraded to
    plain old XXX.  Which doesn't mean they aren't a problem -- just
    that they cannot possibly be a release-blocking problem.
2016-05-30 16:18:16 -04:00
Nick Mathewson
ce31db4326 We no longer generate v0 directories. Remove the code to do so 2016-05-30 16:05:37 -04:00
Nick Mathewson
bdc59e33c1 Fix a warning on unnamed nodes in node_get_by_nickname().
There was a > that should have been an ==, and a missing !.  These
together prevented us from issuing a warning in the case that a
nickname matched an Unnamed node only.

Fixes bug 19203; bugfix on 0.2.3.1-alpha.
2016-05-30 12:03:03 -04:00
Nick Mathewson
1e5ad15688 Merge remote-tracking branch 'arma/task19035-fixedup' 2016-05-27 13:22:16 -04:00
Roger Dingledine
3b83da1069 remove a now-unused section of or.h 2016-05-27 12:32:41 -04:00
Nick Mathewson
ce1dbbc4fd Enable the -Waggregate-return warning
Suppress it in the one spot in the code where we actually do want to
allow an aggregate return in order to call the mallinfo() API.
2016-05-27 11:26:14 -04:00
Nick Mathewson
0df2c5677a Use ENABLE_GCC_WARNING and DISABLE_GCC_WARNING in tortls.c
Previously we'd done this ad hoc.
2016-05-27 11:25:42 -04:00
Nick Mathewson
0279e48473 Add support for temporarily suppressing a warning
There are a few places where we want to disable a warning: for
example, when it's impossible to call a legacy API without
triggering it, or when it's impossible to include an external header
without triggering it.

This pile of macros uses GCC's c99 _Pragma support, plus the usual
macro trickery, to enable and disable warnings.
2016-05-27 11:23:52 -04:00
Roger Dingledine
500c4bf807 remove an unneeded layer of indentation
no actual behavior changes
2016-05-27 11:15:21 -04:00
Roger Dingledine
11d52a449c Disable GET /tor/bytes.txt and GETINFO dir-usage
Remove support for "GET /tor/bytes.txt" DirPort request, and
"GETINFO dir-usage" controller request, which were only available
via a compile-time option in Tor anyway.

Feature was added in 0.2.2.1-alpha. Resolves ticket 19035.
2016-05-27 11:15:21 -04:00
Nick Mathewson
437cbb17c2 Merge remote-tracking branch 'asn/feature19036' 2016-05-27 10:37:11 -04:00
Nick Mathewson
476714e1a4 Merge remote-tracking branch 'arma/bug18840' 2016-05-27 10:35:55 -04:00
Nick Mathewson
f25806409d Bump to 0.2.8.3-alpha-dev 2016-05-26 21:09:01 -04:00
Nick Mathewson
0a74346fe4 Bump to 0.2.8.3-alpha 2016-05-26 12:29:45 -04:00
Nick Mathewson
8c1c71aa2c Merge branch 'maint-0.2.8' 2016-05-26 12:12:54 -04:00
Nick Mathewson
a873ba8edd Fix two long lines 2016-05-26 12:11:57 -04:00
George Kadianakis
d875101e03 Functionify code that writes votes to disk. 2016-05-26 15:35:13 +03:00
Nick Mathewson
b7fac185a6 Merge branch 'maint-0.2.8' 2016-05-25 16:59:46 -04:00
Nick Mathewson
36b2b48308 Merge branch 'bug18668_028' into maint-0.2.8 2016-05-25 16:58:43 -04:00
Nick Mathewson
28cbcd033c Merge branch 'maint-0.2.8' 2016-05-25 16:40:51 -04:00
Nick Mathewson
9cf6af76eb Fix a double-free bug in routerlist_reparse_old
I introduced this bug when I moved signing_key_cert into
signed_descriptor_t. Bug not in any released Tor.  Fixes bug 19175, and
another case of 19128.

Just like signed_descriptor_from_routerinfo(), routerlist_reparse_old()
copies the fields from one signed_descriptor_t to another, and then
clears the fields from the original that would have been double-freed by
freeing the original.  But when I fixed the s_d_f_r() bug [#19128] in
50cbf22099, I missed the fact that the code was duplicated in
r_p_o().

Duplicated code strikes again!

For a longer-term solution here, I am not only adding the missing fix to
r_p_o(): I am also extracting the duplicated code into a new function.

Many thanks to toralf for patiently sending me stack traces until
one made sense.
2016-05-25 16:11:35 -04:00
Nick Mathewson
44ea3dc331 Merge branch 'maint-0.2.8' 2016-05-25 10:21:15 -04:00
Nick Mathewson
6d375f17fc Merge branch 'bug19161_028_v2' into maint-0.2.8 2016-05-25 10:17:26 -04:00
Nick Mathewson
a3ec811c2e Merge branch 'maint-0.2.8' 2016-05-25 09:27:47 -04:00
Nick Mathewson
fdfc528f85 Merge branch 'bug19152_024_v2' into maint-0.2.8 2016-05-25 09:26:45 -04:00
Nick Mathewson
c4c4380a5e Fix a dangling pointer issue in our RSA keygen code
If OpenSSL fails to generate an RSA key, do not retain a dangling
pointer to the previous (uninitialized) key value. The impact here
should be limited to a difficult-to-trigger crash, if OpenSSL is
running an engine that makes key generation failures possible, or if
OpenSSL runs out of memory. Fixes bug 19152; bugfix on
0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and Baishakhi
Ray.

This is potentially scary stuff, so let me walk through my analysis.
I think this is a bug, and a backport candidate, but not remotely
triggerable in any useful way.

Observation 1a:

Looking over the OpenSSL code here, the only way we can really fail in
the non-engine case is if malloc() fails.  But if malloc() is failing,
then tor_malloc() calls should be tor_asserting -- the only way that an
attacker could do an exploit here would be to figure out some way to
make malloc() fail when openssl does it, but work whenever Tor does it.

(Also ordinary malloc() doesn't fail on platforms like Linux that
overcommit.)

Observation 1b:

Although engines are _allowed_ to fail in extra ways, I can't find much
evidence online  that they actually _do_ fail in practice. More evidence
would be nice, though.

Observation 2:

We don't call crypto_pk_generate*() all that often, and we don't do it
in response to external inputs. The only way to get it to happen
remotely would be by causing a hidden service to build new introduction
points.

Observation 3a:

So, let's assume that both of the above observations are wrong, and the
attacker can make us generate a crypto_pk_env_t with a dangling pointer
in its 'key' field, and not immediately crash.

This dangling pointer will point to what used to be an RSA structure,
with the fields all set to NULL.  Actually using this RSA structure,
before the memory is reused for anything else, will cause a crash.

In nearly every function where we call crypto_pk_generate*(), we quickly
use the RSA key pointer -- either to sign something, or to encode the
key, or to free the key.  The only exception is when we generate an
intro key in rend_consider_services_intro_points().  In that case, we
don't actually use the key until the intro circuit is opened -- at which
point we encode it, and use it to sign an introduction request.

So in order to exploit this bug to do anything besides crash Tor, the
attacker needs to make sure that by the time the introduction circuit
completes, either:
  * the e, d, and n BNs look valid, and at least one of the other BNs is
    still NULL.
OR
  * all 8 of the BNs must look valid.

To look like a valid BN, *they* all need to have their 'top' index plus
their 'd' pointer indicate an addressable region in memory.

So actually getting useful data of of this, rather than a crash, is
going to be pretty damn hard.  You'd have to force an introduction point
to be created (or wait for one to be created), and force that particular
crypto_pk_generate*() to fail, and then arrange for the memory that the
RSA points to to in turn point to 3...8 valid BNs, all by the time the
introduction circuit completes.

Naturally, the signature won't check as valid [*], so the intro point
will reject the ESTABLISH_INTRO cell.  So you need to _be_ the
introduction point, or you don't actually see this information.

[*] Okay, so if you could somehow make the 'rsa' pointer point to a
different valid RSA key, then you'd get a valid signature of an
ESTABLISH_INTRO cell using a key that was supposed to be used for
something else ... but nothing else looks like that, so you can't use
that signature elsewhere.

Observation 3b:

Your best bet as an attacker would be to make the dangling RSA pointer
actually contain a fake method, with a fake RSA_private_encrypt
function that actually pointed to code you wanted to execute.  You'd
still need to transit 3 or 4 pointers deep though in order to make that
work.

Conclusion:

By 1, you probably can't trigger this without Tor crashing from OOM.

By 2, you probably can't trigger this reliably.

By 3, even if I'm wrong about 1 and 2, you have to jump through a pretty
big array of hoops in order to get any kind of data leak or code
execution.

So I'm calling it a bug, but not a security hole. Still worth
patching.
2016-05-25 09:23:57 -04:00
Nick Mathewson
6abceca182 Merge branch 'memarea_overflow_027_squashed' into maint-0.2.8 2016-05-25 09:22:02 -04:00
Nick Mathewson
be2d37ad3c Fix a pointer arithmetic bug in memarea_alloc()
Fortunately, the arithmetic cannot actually overflow, so long as we
*always* check for the size of potentially hostile input before
copying it.  I think we do, though.  We do check each line against
MAX_LINE_LENGTH, and each object name or object against
MAX_UNPARSED_OBJECT_SIZE, both of which are 128k.  So to get this
overflow, we need to have our memarea allocated way way too high up
in RAM, which most allocators won't actually do.

Bugfix on 0.2.1.1-alpha, where memarea was introduced.

Found by Guido Vranken.
2016-05-25 09:20:37 -04:00
Nick Mathewson
0ef36626ea Use calloc, not malloc(a*b), in ed25519 batch signature check fn
[Not a triggerable bug unless somebody is going to go checking
millions+ of signatures in a single go.]
2016-05-25 08:59:08 -04:00
Nick Mathewson
be3875cda2 Make sure that libscrypt_scrypt actually exists before using it.
Previously, if the header was present, we'd proceed even if the
function wasn't there.

Easy fix for bug 19161.  A better fix would involve trying harder to
find libscrypt_scrypt.
2016-05-24 10:31:02 -04:00
Nick Mathewson
b53a2059c4 Expose crypto_digest_algorithm_get_length from crypto.c
Also, use it in routerparse.c
2016-05-23 10:58:27 -04:00
Nick Mathewson
2a884926c0 Merge remote-tracking branch 'dgoulet/bug19066_029_01' 2016-05-23 10:45:13 -04:00
Nick Mathewson
9c7edb0f3e Merge branch 'maint-0.2.8' 2016-05-20 10:46:50 -04:00
cypherpunks
0e20d056e9 Prevent ASAN from registering a SIGSEGV handler
AddressSanitizer's (ASAN) SIGSEGV handler overrides the backtrace
handler and prevents it from printing its backtrace. The output of ASAN
is different from what 'bt_test.py' expects and causes backtrace test
failures.

The 'allow_user_segv_handler' option allows applications to set their
own SIGSEGV handler but is not supported by older GCC versions. These
older GCC versions do support the 'handle_segv' which prevents ASAN from
setting its SIGSEGV handler.
2016-05-20 08:34:18 -04:00
Nick Mathewson
22eed6dec2 Whoops. We use -Wmussing-prototypes. 2016-05-20 08:29:26 -04:00
Nick Mathewson
acc083b520 Make another variable unsigned. 2016-05-20 08:12:09 -04:00
Nick Mathewson
50cbf22099 Fix a bug related to moving signing_key_cert
Now that the field exists in signed_descriptor_t, we need to make
sure we free it when we free a signed_descriptor_t, and we need to
make sure that we don't free it when we convert a routerinfo_t to a
signed_descriptor_t.

But not in any released Tor. I found this while working on #19128.

One problem: I don't see how this could cause 19128.
2016-05-20 07:59:09 -04:00
Nick Mathewson
f2205071f0 Remove round_int64_to_next_multiple_of: It is now unused. 2016-05-19 21:21:24 -04:00
Nick Mathewson
2775dd8649 Compute HS stats outputs without round_int64_...
Fix for bug 19130.
2016-05-19 21:21:24 -04:00
Nick Mathewson
dcc4fd4403 Merge branch 'maint-0.2.8' 2016-05-19 16:05:13 -04:00
Nick Mathewson
33841a6030 Merge remote-tracking branch 'teor/fix18809-warnings' into maint-0.2.8 2016-05-19 16:04:56 -04:00
Nick Mathewson
649785d464 Merge branch 'link_ftrapv_clang32' 2016-05-19 16:01:35 -04:00
Nick Mathewson
4a14c2cfc7 Merge branch 'maint-0.2.8' 2016-05-19 15:56:39 -04:00
Nick Mathewson
0d6f293e0e Merge remote-tracking branch 'public/bug19073' into maint-0.2.8 2016-05-19 15:56:31 -04:00
teor (Tim Wilson-Brown)
2d21f03cdc
Fix unused-but-set-variable warnings in the connection unit tests
No behaviour change - just remove the variables
2016-05-19 12:49:36 -04:00
teor (Tim Wilson-Brown)
c5d87ef6af
Describe what happens when we get a consensus, but no certificates
Comment-only change
2016-05-19 12:35:09 -04:00
Nick Mathewson
a7a44f2db0 Merge branch 'maint-0.2.8' 2016-05-19 08:29:58 -04:00
Nick Mathewson
06803c317f Fix a compilation error in test_dir.c 2016-05-19 08:27:11 -04:00
Nick Mathewson
d718c717a6 Merge branch 'maint-0.2.8' 2016-05-19 08:25:12 -04:00
Nick Mathewson
9f217c83b0 Merge branch 'bug18809_028_squashed' into maint-0.2.8 2016-05-19 08:17:02 -04:00
teor (Tim Wilson-Brown)
f698b509d8 Add unit tests for networkstatus_consensus_is_bootstrapping 2016-05-19 07:58:41 -04:00
teor (Tim Wilson-Brown)
d5c70d7102 Restore and improve download schedule unit tests 2016-05-19 07:58:41 -04:00
teor (Tim Wilson-Brown)
4254d0297c Update unit tests for multiple bootstrap connections 2016-05-19 07:58:41 -04:00
teor (Tim Wilson-Brown)
ab0a7e2961 Remove consensus_max_download_tries by refactoring
No behaviour change

This function is used twice. The code is simpler if we split
it up and inline it where it is used.
2016-05-19 07:58:40 -04:00
teor (Tim Wilson-Brown)
84ab26c320 Stop downloading consensuses when a consensus has been downloaded
Previosuly, during bootstrap, we would continue to download
consensuses if we had a consensus, but didn't have the certificates
to validate it.
2016-05-19 07:58:40 -04:00
Nick Mathewson
6d6c8287d5 Include __mulodi4 in libor_ctime when it fixes clang -m32 -ftrapv
We use a pretty specific pair of autoconf tests here to make sure
that we only add this code when:
   a) a 64-bit signed multiply fails to link,
 AND
   b) the same 64-bit signed multiply DOES link correctly when
      __mulodi4 is defined.

Closes ticket 19079.
2016-05-18 09:50:38 -04:00
Nick Mathewson
33034600c2 Add __mulodi4 source to src/ext
We need to define this function when compiling with clang -m32 -ftrapv,
since otherwise we get link errors, since apparently some versions
of libclang_rt.builtins don't define a version of it that works? Or
clang doesn't know to look for it?

This definition is taken from the LLVM source at
  https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/builtins/mulodi4.c

I've also included the license (dual BSD-ish/MIT-ish).
2016-05-18 09:44:01 -04:00
Nick Mathewson
159ea7a88f Fix a bad sizeof() in test_crypto.c. Harmless. Spotted by coverity. 2016-05-18 08:29:13 -04:00
Nick Mathewson
2729f166cb whitespace fixes 2016-05-17 20:08:03 -04:00
Nick Mathewson
ab932cd7bf Remove duplicate siging_key_cert fields.
With the fix for #17150, I added a duplicate certificate here.  Here
I remove the original location in 0.2.8.  (I wouldn't want to do
that in 027, due to the amount of authority-voting-related code
drift.)

Closes 19073.
2016-05-17 20:04:16 -04:00
Nick Mathewson
a7f6e434be Merge branch 'maint-0.2.8' 2016-05-17 19:48:49 -04:00
Nick Mathewson
3f49474349 Merge branch 'bug17150_027_extra' into maint-0.2.8 2016-05-17 19:47:22 -04:00
Nick Mathewson
00f74e0372 Improve API of routerinfo_incompatible_with_extrainfo()
This API change makes it so that routerinfo_incompatible...() no
longer takes a routerinfo_t, so that it's obvious that it should
only look at fields from the signed_descriptor_t.

This change should prevent a recurrence of #17150.
2016-05-17 13:24:01 -04:00
Nick Mathewson
49ff09aef2 Fix another, more subtle, case of bug 17150.
We need to make sure that the corresponding sd and ei match in their
certificates.
2016-05-17 13:16:36 -04:00
Nick Mathewson
8acfac7375 Copy the signing_key_cert field into signed_descriptor_t
We need this field to be in signed_descriptor_t so that
routerinfo_incompatible_with_extrainfo can work correctly (#17150).
But I don't want to move it completely in this patch, since a great
deal of the code that messes with it has been in flux since 0.2.7,
when this ticket was opened.  I should open another ticket about
removing the field from routerinfo_t and extrainfo_t later on.

This patch fixes no actual behavior.
2016-05-17 13:14:04 -04:00
Nick Mathewson
64748f2f98 Fix documentation for routerinfo_incompatible_with_extrainfo 2016-05-17 13:08:34 -04:00
Nick Mathewson
7d1eb0d570 When making sure digest256 matches in ei, look at sd, not ri.
The routerinfo we pass to routerinfo_incompatible_with_extrainfo is
the latest routerinfo for the relay.  The signed_descriptor_t, on
the other hand, is the signed_descriptor_t that corresponds to the
extrainfo.  That means we should be checking the digest256 match
with that signed_descriptor_t, not with the routerinfo.

Fixes bug 17150 (and 19017); bugfix on 0.2.7.2-alpha.
2016-05-17 12:57:03 -04:00
Nick Mathewson
44da47d3c1 Move extra_info_digest256 into signed_descriptor_t
This patch includes no semantic changes; it's just a field movement.

It's prerequisite for a fix to 19017/17150.
2016-05-17 12:53:12 -04:00
Nick Mathewson
36909674b4 Merge remote-tracking branch 'teor/bug18963-remember-v2' 2016-05-17 12:15:53 -04:00
Nick Mathewson
6382cd93cb Merge branch 'maint-0.2.8' 2016-05-17 11:10:20 -04:00
Nick Mathewson
548d14247e Merge remote-tracking branch 'arma/bug18616-v4' into maint-0.2.8 2016-05-17 10:48:12 -04:00
Roger Dingledine
06031b441e touchups and refactorings on bug 18616 branch
no behavior changes
2016-05-16 17:43:47 -04:00
Nick Mathewson
0f9b0b8bfe Initialize networking _before_ initializing libevent in the tests
This prevents WSANOTINITIALISED errors and fixes bug 18668. Bugfix
on 0.2.8.1-alpha -- 1bac468882 specifically.
2016-05-16 14:30:04 -04:00
David Goulet
50ff24e276 dirauth: don't use hardcoded length when parsing digests
When parsing detached signature, we make sure that we use the length of the
digest algorithm instead of an hardcoded DIGEST256_LEN in order to avoid
comparing bytes out of bound with a smaller digest length such as SHA1.

Fixes #19066

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-05-16 11:18:51 -04:00
Nick Mathewson
249f3a1664 Fix memory leak in test_crypto_aes_ctr_testvec 2016-05-16 09:55:09 -04:00
Nick Mathewson
9abd7b8f90 Windows lacks truncate(3).
Fix the new crypto tests, which used truncate(3).
2016-05-16 09:25:19 -04:00
Nick Mathewson
060e0d0a75 Merge branch 'crypto_unit_tests_v2_squashed' 2016-05-16 08:26:11 -04:00
Nick Mathewson
62c5a1fa45 Mark even more crypto lines (the fragile_assert ones) as unreachable 2016-05-16 08:26:00 -04:00
Nick Mathewson
b688945dfb Refactor digest allocation backend code
I'm doing this to simplify crypto_digest_smartlist_prefix, and make
it better covered by our tests.
2016-05-16 08:26:00 -04:00
Nick Mathewson
365d0fcc6d Cover all our DH code, and/or mark it unreachable. 2016-05-16 08:26:00 -04:00
Nick Mathewson
94b34d1be6 At long last, unit tests for degenerate DH public keys.
Apparently, we detect and reject them correctly. Aren't you glad?
2016-05-16 08:26:00 -04:00
Nick Mathewson
98a590577a Treat absent argument to crypto_log_errors as a bug. 2016-05-16 08:26:00 -04:00
Nick Mathewson
d88656ec06 Slight improvements to DH coverage. 2016-05-16 08:25:59 -04:00
Nick Mathewson
c395334879 Mark some unreachable lines in crypto.c 2016-05-16 08:25:59 -04:00
Nick Mathewson
7a5f15b6e0 Improve test coverage of our strongest-rng code. 2016-05-16 08:25:59 -04:00
Nick Mathewson
148f0004e1 Test coverage on ed25519 load/store functions. 2016-05-16 08:25:59 -04:00
Nick Mathewson
ec81329339 Do not leak the 'tag' when trying to read a truncated ed25519 key file
Fix for bug 18956.
2016-05-16 08:25:59 -04:00
Nick Mathewson
5b91e70a4f Mark unreachable lines in crypto_ed25519.c 2016-05-16 08:25:59 -04:00
Nick Mathewson
8a536be705 Mark unreachable lines in crypto_curve25519.c
Also, resolve a bug in test_ntor_cl.c
2016-05-16 08:25:53 -04:00
Nick Mathewson
820b1984ad Mark three lines unreachable, with extensive docs and use of BUG macros 2016-05-16 08:25:53 -04:00
Nick Mathewson
df3a5e0cad HKDF-SHA256 test vectors from RFC5869 2016-05-16 08:25:53 -04:00
Nick Mathewson
7bc9d1e002 Merge branch 'maint-0.2.8' 2016-05-12 15:33:56 -04:00
Nick Mathewson
e8cc9f3edf Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-12 15:33:47 -04:00
Nick Mathewson
4165b1a0da Merge branch 'bug18977_026_v2' into maint-0.2.7 2016-05-12 15:33:35 -04:00
Nick Mathewson
44cbd00dfa Fix a compiler warning on windows when sizeof(long)==sizeof(int) 2016-05-12 14:51:38 -04:00
Nick Mathewson
20b01cece8 Merge branch 'bug18977_024_v2' into bug18977_026_v2
Had conflicts related to other correct_tm bugs in 0.2.6.  Added wday
for another case.
2016-05-12 14:39:06 -04:00
Nick Mathewson
e57f26c135 Have correct_tm set tm_wday as well.
The tm_wday field had been left uninitialized, which was causing
some assertions to fail on Windows unit tests.

Fixes bug 18977.
2016-05-12 14:37:27 -04:00
Nick Mathewson
6bc052365a Use a much less clever scan_signed no-overflow hack 2016-05-12 14:33:26 -04:00
Nick Mathewson
a7207329a8 Run tor_sscanf test in subprocess, in hopes of coaxing more info from jenkins 2016-05-12 13:37:05 -04:00
Nick Mathewson
445e05a015 Fix inconsistent tab/space mixing in include.am files.
This is a whitespace only, cosmetic fix.

There is still some inconsistency between lists, but less
inconsistency inside individual lists.
2016-05-12 13:06:58 -04:00
Nick Mathewson
607a9056d4 Merge branch 'ftrapv_v3'
There were some conflicts here, and some breakage to fix concerning
library link order in newer targets.
2016-05-12 13:00:45 -04:00
Nick Mathewson
fb999abea6 Document why we build memwipe that way. 2016-05-12 12:56:47 -04:00
Nick Mathewson
b1dce55b82 Do not apply bugtrapping flags to test-memwipe, since testing memwipe requires bugs.
Fixes bug 18901.
2016-05-12 11:22:10 -04:00
Nick Mathewson
ef01109932 Rename SOURCES to SRC for things in include.am 2016-05-12 11:21:28 -04:00
Nick Mathewson
e40cfc4425 Move the ctime part of choose_array_element_by_weight into di_ops
This way it gets the ctime options.
2016-05-12 11:21:28 -04:00
Nick Mathewson
20432fc541 Refactor out u64_dbl_t
This type saved a tiny amount of allocation, but not enough to be
worth keeping.

(This is in preparation for moving choose_array_element_by_weight)
2016-05-12 11:21:28 -04:00
Nick Mathewson
ce854a8d22 Add -ftrapv to gcc-hardening ... mostly!
We know there are overflows in curve25519-donna-c32, so we'll have
to have that one be fwrapv.

Only apply the asan, ubsan, and trapv options to the code that does
not need to run in constant time.  Those options introduce branches
to the code they instrument.

(These introduced branches should never actually be taken, so it
might _still_ be constant time after all, but branch predictors are
complicated enough that I'm not really confident here. Let's aim for
safety.)

Closes 17983.
2016-05-12 11:21:28 -04:00
Nick Mathewson
58e0e587a6 Merge branch 'maint-0.2.8' 2016-05-12 11:09:40 -04:00
Nick Mathewson
ce6f2d1c4d Merge remote-tracking branch 'arma/bug19003-try2' into maint-0.2.8 2016-05-12 11:09:33 -04:00
Nick Mathewson
f936f186b2 Use tor_queue.h, not sys/queue.h, in timeouts.[ch].
Closes 19041.
2016-05-12 10:10:59 -04:00
Nick Mathewson
99c0e1bd5b Fix bad allocation in pubsub.c
Closes 19038.  Bug not in any released Tor.
2016-05-12 09:56:42 -04:00
Roger Dingledine
5a83122961 Authorities now sort the "package" lines in their votes
(They are already sorted in the consensus documents)

Fixes bug 18840; bugfix on 0.2.6.3-alpha.
2016-05-11 19:04:13 -04:00
Roger Dingledine
694f1fe808 write v3-status-votes file earlier in consensus voting
Make directory authorities write the v3-status-votes file out
to disk earlier in the consensus process, so we have the votes
even if we abort the consensus process later on.

Resolves ticket 19036.
2016-05-11 17:34:38 -04:00
Roger Dingledine
9e44273a4a fix 'make dist' which was broken by ticket 18365's merge 2016-05-11 16:15:37 -04:00
Nick Mathewson
e3a4511049 Merge remote-tracking branch 'public/bug18815' 2016-05-11 14:12:39 -04:00
Roger Dingledine
ad8b9dcd47 Merge branch 'maint-0.2.8' 2016-05-11 13:43:06 -04:00
Roger Dingledine
163cee1b64 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-11 13:42:40 -04:00
Roger Dingledine
d40e8695f4 unbreak the build (when warnings are enabled) 2016-05-11 13:42:00 -04:00
Nick Mathewson
60e9e48448 Merge branch 'ticket16698_v2' 2016-05-11 13:39:38 -04:00
Nick Mathewson
03ae44a9e8 Fix comment for directory_handle_command_get 2016-05-11 13:39:11 -04:00
teor (Tim Wilson-Brown)
cdb528d841
Fetch certificates from the same directory as previous certificates
Improves the fix to #18963.
2016-05-11 13:30:30 -04:00
teor (Tim Wilson-Brown)
730cfeb6bd
Fetch certificates from the same directory as the consensus
Resolves ticket 18963; fix on #4483 in 0.2.8.1-alpha.
2016-05-11 13:30:08 -04:00
Nick Mathewson
00ee62b8a5 Merge branch 'pubsub_squashed' 2016-05-11 13:26:29 -04:00
Nick Mathewson
80a6c8caa3 Basic work on a publish/subscribe abstraction
The goal here is to provide a way to decouple pieces of the code
that want to learn "when something happens" from those that realize
that it has happened.

The implementation here consists of a generic backend, plus a set of
macros to define and implement a set of type-safe frontends.
2016-05-11 13:25:11 -04:00
Nick Mathewson
3c6f059e6a Merge remote-tracking branch 'arma/feature18760' 2016-05-11 13:22:31 -04:00
Nick Mathewson
e9e6a1f547 Merge branch 'maint-0.2.8' 2016-05-11 13:20:57 -04:00
Nick Mathewson
8d962233f6 Merge remote-tracking branch 'teor/bug18816_simplify' into maint-0.2.8 2016-05-11 13:20:51 -04:00
Nick Mathewson
022d32252a Merge branch 'maint-0.2.8' 2016-05-11 13:17:02 -04:00
Nick Mathewson
24fbb9a81b Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-11 13:15:17 -04:00
John Brooks
bf3e32a452 Fix out-of-bounds write during voting with duplicate ed25519 keys
In dirserv_compute_performance_thresholds, we allocate arrays based
on the length of 'routers', a list of routerinfo_t, but loop over
the nodelist. The 'routers' list may be shorter when relays were
filtered by routers_make_ed_keys_unique, leading to an out-of-bounds
write on directory authorities.

This bug was originally introduced in 26e89742, but it doesn't look
possible to trigger until routers_make_ed_keys_unique was introduced
in 13a31e72.

Fixes bug 19032; bugfix on tor 0.2.8.2-alpha.
2016-05-11 13:11:03 -04:00
teor (Tim Wilson-Brown)
797ece042d
Confim we want certificates from fallbacks
Comment-only change
2016-05-11 13:08:45 -04:00
teor (Tim Wilson-Brown)
2cbad2aac7
Revert "Switch between fallback and authority when auth cert fetch fails"
This reverts commit 92d7ee08b8.
2016-05-11 13:06:13 -04:00
Roger Dingledine
b8b5bccfd9 refactor the #19003 patches
fix the logic in one of the comments
2016-05-11 13:03:49 -04:00
Nick Mathewson
71267bef4c Merge branch 'maint-0.2.8' 2016-05-11 12:36:55 -04:00
Nick Mathewson
28e1aa1118 Merge branch 'bug18761_028_squashed' into maint-0.2.8 2016-05-11 12:36:27 -04:00
Nick Mathewson
b59d79134e Log find_rp_for_intro_() failures at LOG_PROTOCOL_WARN.
Closes ticket 18761.

Also fix a whitespace issue.
2016-05-11 12:36:19 -04:00
Nick Mathewson
79f9e63ebf Merge branch 'maint-0.2.8' 2016-05-11 12:30:18 -04:00
Nick Mathewson
50d777dcf4 Split directory_handle_command_get into subfunctions.
This was one of our longest functions, at 600 lines.  It makes a nice
table-driven URL-based function instead.

The code is a bit ugly, it leave the indentation as it is in hopes of
making pending directory.c changes easier to merge.  Later we can
clean up the indentation.

Also, remove unused mallinfo export code from directory.c

Closes ticket 16698
2016-05-10 14:19:03 -04:00
teor (Tim Wilson-Brown)
92d7ee08b8
Switch between fallback and authority when auth cert fetch fails 2016-05-10 11:25:55 -04:00
teor (Tim Wilson-Brown)
64b948f5fa
Use the consensus download schedule for authority certificates
Previously, we were using the generic schedule for some downloads,
and the consensus schedule for others.

Resolves ticket 18816; fix on fddb814fe in 0.2.4.13-alpha.
2016-05-10 11:25:50 -04:00
Roger Dingledine
53aaed81dd get rid of another no-longer-used function 2016-05-10 11:16:30 -04:00
Roger Dingledine
be0e1e9e2f Stop being so strict about the payload length of "rendezvous1" cells
We used to be locked in to the "tap" handshake length, and now we can
handle better handshakes like "ntor".

Resolves ticket 18998.

I checked that relay_send_command_from_edge() behaves fine when you
hand it a payload with length 0. Clients behave fine too, since current
clients remain strict about the required length in the rendezvous2 cells.
(Clients will want to become less strict once they have an alternate
format that they're willing to receive.)
2016-05-09 20:34:27 -04:00
Nick Mathewson
7fa11a92d5 Merge branch 'maint-0.2.8' 2016-05-09 14:59:47 -04:00
Nick Mathewson
55cf1970bc Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-09 14:59:18 -04:00
Nick Mathewson
7fe80c2905 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-05-09 14:56:56 -04:00
Nick Mathewson
0b477bfd55 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-05-09 14:55:45 -04:00
Nick Mathewson
368146370b Merge branch 'maint-0.2.4' into maint-0.2.5 2016-05-09 14:55:22 -04:00
Roger Dingledine
aa6341d4b9 stop looping once we know what the answer will be
suggested during code review by dgoulet
2016-05-09 14:42:42 -04:00
Roger Dingledine
1f72653544 fix a bug where relays would use the aggressive client bootstrapping retry number 2016-05-09 14:42:32 -04:00
Roger Dingledine
d5a96286c2 simplify more -- we only call these funcs when bootstrapping 2016-05-09 14:42:21 -04:00
Roger Dingledine
c98fbd4169 remove some more unused code 2016-05-09 14:42:09 -04:00
Roger Dingledine
bcae392e0e avoid another redundant check
we should avoid launching a consensus fetch if we don't want one,
but if we do end up with an extra one, we should let the other checks
take care of it.
2016-05-09 14:41:54 -04:00
Nick Mathewson
33d3572a1d Merge branch 'feature15588_squashed' 2016-05-09 14:41:36 -04:00
Roger Dingledine
e230e80ab3 get rid of the scattered checks to cancel a consensus fetch
We'll back off from the request in connection_ap_handshake_attach_circuit,
or cancel it in connection_dir_close_consensus_fetches, and those are the
only places we need to check.
2016-05-09 14:41:32 -04:00
Roger Dingledine
a7665df2f8 close other consensus fetches when we get a consensus
not once per second, and only do it when a consensus arrives
2016-05-09 14:41:14 -04:00
Roger Dingledine
59da060f10 use the new function here too 2016-05-09 14:40:54 -04:00
Roger Dingledine
91c58013be avoid following through on a consensus fetch if we have one already arriving 2016-05-09 14:40:42 -04:00
Roger Dingledine
ce8266d52d fix typos/etc before i go nuts on #18809 2016-05-09 14:40:21 -04:00
John Brooks
162aa14eef Move rend client name checks to one function 2016-05-09 14:30:34 -04:00
teor (Tim Wilson-Brown)
c2817774c2
Allow directories in small networks to bootstrap
Skip DirPort checks when the consensus has no exits.

Resolves #19003, bugfix on #18050 in 0.2.8.1-alpha.
2016-05-09 14:29:07 -04:00
John Brooks
dcc11674db Add client auth for ADD_ONION services 2016-05-09 14:28:58 -04:00
John Brooks
d15354c73b Add client auth to rend_service_add_ephemeral 2016-05-09 14:28:08 -04:00
John Brooks
d5a23ce115 Move rend auth cookie en-/decoding to a function
Tor stores client authorization cookies in two slightly different forms.
The service's client_keys file has the standard base64-encoded cookie,
including two chars of padding. The hostname file and the client remove
the two padding chars, and store an auth type flag in the unused bits.

The distinction makes no sense. Refactor all decoding to use the same
function, which will accept either form, and use a helper function for
encoding the truncated format.
2016-05-09 14:28:08 -04:00
teor (Tim Wilson-Brown)
0c41ae1832
Add a comment to have_enough_path_info()
Comment only change
2016-05-09 14:26:13 -04:00
Nick Mathewson
69380033d6 Merge branch 'timeouts_v2_squashed' 2016-05-09 14:06:10 -04:00
Nick Mathewson
af132fc299 timer tests: differences in timing accuracy can be negative.
Also, use symbolic names for good-enough thresholds for timer accuracy.
2016-05-09 14:04:54 -04:00
Nick Mathewson
11a09778d6 Test coverage for timers. 2016-05-09 14:04:54 -04:00
Nick Mathewson
10fd4535c2 Fix an OSX/clang compilation warning 2016-05-09 14:04:54 -04:00
Nick Mathewson
118556e4b3 Quick-and-dirty test for timers code. 2016-05-09 14:04:53 -04:00
Nick Mathewson
dcf948da06 Add wrappers to tie the new timeouts into libevent. 2016-05-09 14:04:06 -04:00
John Brooks
e7ff23beea Make rend_authorized_client_free public
This is needed by control.c.

Also, check whether client_name is set before doing memwipe.
2016-05-09 13:53:24 -04:00
John Brooks
896271d525 Use uint8_t for rend descriptor_cookie fields 2016-05-09 13:53:09 -04:00
Karsten Loesing
3c2d4611ce Update geoip and geoip6 to the May 4 2016 database. 2016-05-09 17:51:15 +02:00
teor (Tim Wilson-Brown)
c75bf388b5
Warn users when addresses in ports and descriptor are inconsistent
This mitigates bug 13953.
2016-05-07 10:22:02 -07:00
teor (Tim Wilson-Brown)
faec7956a9
Refactor duplicate code in config.c into port_binds_ipv4/6
No behavioural change

Preserves and documents behaviour when passed AF_UNSPEC.
2016-05-07 10:17:46 -07:00
Nick Mathewson
641cdc345c Merge branch 'maint-0.2.8' 2016-05-05 08:25:27 -04:00
teor (Tim Wilson-Brown)
03fc4cf04c Refactor router_pick_directory_server_impl to use node functions
No behavioural change

This makes the use of the node explicit in the function, rather
than hiding the node lookup in fascist_firewall_allows_rs.
2016-05-05 08:24:17 -04:00
teor (Tim Wilson-Brown)
225448ad34 Comment-only change to clarify routerstatus_t IPv4 byte order 2016-05-05 08:24:17 -04:00
teor (Tim Wilson-Brown)
7ec273bd4a Rename skip_or and skip_dir to avoid confusion
Variable rename only
2016-05-05 08:24:17 -04:00
Nick Mathewson
68d913c49c Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8 2016-05-05 08:16:36 -04:00
teor (Tim Wilson-Brown)
9aa280cc0c Only choose directory DirPorts on relays 2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
88deb52d55 Make clients only select directories with reachable ORPorts
This makes sure clients will only select relays which support
begindir over ORPort.
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
833b5f71a7 Make clients always use begindir for directory requests
This improves client anonymity and avoids directory header tampering.
The extra load on the authorities should be offset by the fallback
directories feature.

This also simplifies the fixes to #18809.
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
2e5b35db81
Make directory node selection more reliable
Delete an unnecessary check for non-preferred IP versions.

Allows clients which can't reach any directories of their
preferred IP address version to get directory documents.

Patch on #17840 in 0.2.8.1-alpha.
2016-05-05 11:54:53 +10:00
Nick Mathewson
2da2718609 Merge branch 'maint-0.2.8' 2016-05-04 15:23:38 -04:00
Nick Mathewson
01e7f42a09 Merge branch 'bug18921_squashed' into maint-0.2.8 2016-05-04 15:23:26 -04:00
teor (Tim Wilson-Brown)
0cf90bac2a Choose the correct address for one-hop connections
After #17840 in 0.2.8.1-alpha, we incorrectly chose an IPv4
address for all DIRIND_ONEHOP directory connections,
even if the routerstatus didn't have an IPv4 address.

This likely affected bridge clients with IPv6 bridges.

Resolves #18921.
2016-05-04 15:23:14 -04:00
Nick Mathewson
2384256a37 Merge branch 'maint-0.2.8' 2016-05-04 15:12:20 -04:00
Nick Mathewson
b8e8910d60 Merge branch 'bug18686_025' into maint-0.2.8 2016-05-04 15:12:11 -04:00
Nick Mathewson
c7b9e0b8ed Report success when not terminating an already terminated process.
Also, document the actual behavior and return values of
tor_terminate_process.

Fixes bug18686; bugfix on 0.2.3.9-alpha.
2016-05-04 15:10:36 -04:00
Nick Mathewson
e24c902272 Merge branch 'maint-0.2.8' 2016-05-04 14:47:13 -04:00
Nick Mathewson
31332a878d Merge branch 'bug18710_025' into maint-0.2.8 2016-05-04 14:47:04 -04:00
Scott Dial
0ca3f495c6 Fix dnsserv.c assertion when no supported questions are requested.
The problem is that "q" is always set on the first iteration even
if the question is not a supported question. This set of "q" is
not necessary, and will be handled after exiting the loop if there
if a supported q->type was found.

    [Changes file by nickm]

lease enter the commit message for your changes. Lines starting
2016-05-04 14:45:09 -04:00
Nick Mathewson
230a3d1400 Merge branch 'maint-0.2.8' 2016-05-03 16:12:29 -04:00
Yawning Angel
8f292f1c33 Fix keccak-tiny portability on exotic platforms.
* SHA-3/SHAKE use little endian for certain things, so byteswap as
   needed.

 * The code was written under the assumption that unaligned access to
   quadwords is allowed, which isn't true particularly on non-Intel.
2016-05-03 16:12:07 -04:00
Nick Mathewson
5845c22822 Ed25519 test vectors from draft-irtf-cfrg-eddsa-05 2016-05-03 09:54:26 -04:00
Nick Mathewson
54697fa40b Add test vector for AES_CTR from NIST SP800-38a sec F.5 2016-05-03 09:40:47 -04:00
Nick Mathewson
44a3248197 Add test vector for Curve25519 from RFC7748 2016-05-03 09:31:34 -04:00
Nick Mathewson
405b637598 tests for some of the simpler functions in crypto.c 2016-05-03 09:21:08 -04:00
Nick Mathewson
d1f2af57df White-box tests for crypto_rand_*_range(), rand_hostname().
Coverage-driven; part of ticket 16794.
2016-05-03 09:21:07 -04:00
Nick Mathewson
8340becd39 Merge branch 'maint-0.2.8' 2016-05-02 14:02:15 -04:00
s0rlxmh0
054d939853 (cherry-picked by nickm, with changes file from isis.) 2016-05-02 14:01:36 -04:00
Nick Mathewson
b2083cba9e Merge remote-tracking branch 'dgoulet/bug13239_029_01' 2016-05-02 13:55:00 -04:00
Nick Mathewson
b72aa18d73 test_bt.sh: Check stderr for backtrace as well as stdout.
addresssanitizer likes to put backtraces on stderr.
2016-05-02 12:58:58 -04:00
teor (Tim Wilson-Brown)
b6ba6afa37 Refactor DirPort & begindir descriptor checks
No actual behaviour changes
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
211e56ad87 Remove redundant descriptor checks for OR/Dir reachability
The ORPort and DirPort must be reachable, or we won't publish a
descriptor.
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
b51316c0e7 Refactor common code out of reachability checks
No actual changes in behavior
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
d3c60f2bd7 Avoid checking ORPort reachability when the network is disabled
This is consistent with existing DirPort reachability checks.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
05cf286713 Make mock function static to prevent future clashes 2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
75dd2a285b Descriptors depend on more config options now they list begindir support
Bugfix on #12538 in 0.2.8.1-alpha.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
692828bea5 Decide to advertise begindir support like we decide to advertise DirPort
Decide to advertise begindir support in a similar way to how
we decide to advertise DirPort.

Fix up the associated descriptor-building unit tests.

Resolves #18616, bugfix on 0c8e042c30 in #12538 in 0.2.8.1-alpha.
2016-04-28 12:26:38 +10:00
Nick Mathewson
fb9c9e04f0 Merge branch 'maint-0.2.8' 2016-04-26 19:27:39 -04:00
teor (Tim Wilson-Brown)
1fd4340f82 April 2016 fallbacks for 0.2.8-rc 2016-04-26 19:26:22 -04:00
Nick Mathewson
4a44e2d6f1 Merge remote-tracking branch 'yawning-schwanenleid/feature18685' 2016-04-26 13:39:50 -04:00
Nick Mathewson
bff53aabce Remove redundant declarations of MIN
Apparently somewhere along the line we decided that MIN might be
missing.

But we already defined it (if it was missing) in compat.h, which
everybody includes.

Closes ticket 18889.
2016-04-25 15:28:58 -04:00
Nick Mathewson
26db1b65b9 Remove trunnel files from libor/libcrypto, since they are in libtrunnel. Found with modularity tool. 2016-04-20 13:39:07 -04:00
David Goulet
1e553b6c68 Increase number of preemptive internal circuits
When we connect to a hidden service as a client we may need three internal
circuits, one for the descriptor retrieval, introduction, and rendezvous.
Let's try to make sure we have them. Closes #13239.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-04-19 14:24:20 -04:00
Nick Mathewson
520799f084 Merge branch 'handles_squashed' 2016-04-19 14:08:05 -04:00
Nick Mathewson
e015f7c9cc Basic 'handle' implementation and tests.
This abstraction covers the case where one part of the program needs
to refer to another object that is allowed to disappear.
2016-04-19 14:07:43 -04:00
Nick Mathewson
94e3555187 Merge remote-tracking branch 'public/lcov_excl' 2016-04-19 14:05:51 -04:00
Nick Mathewson
4f37919fa1 Change UseOptimisticData default to 1.
This lets us use optimistic data for downloading our initial
consensus.

Closes ticket 18815.
2016-04-18 13:55:23 -04:00
Nick Mathewson
12e26a6e76 Disambiguate: Avoid defining two static functions called chunk_free_unchecked 2016-04-15 12:20:14 -04:00
Nick Mathewson
8c6b528b00 Disambiguate: Avoid defining two static functions both called gettweak() 2016-04-15 12:19:51 -04:00
Nick Mathewson
381dae43b6 Add branch prediction to util_bug.h, and fix a bug. 2016-04-15 09:12:03 -04:00
Nick Mathewson
c77cf8825a Quick function to find out the timeout object's view of "now" 2016-04-15 09:03:22 -04:00
Nick Mathewson
9d6c530015 Fix compilation of timeout.c with our flags and warnings. 2016-04-15 09:03:22 -04:00
Nick Mathewson
05499b6ded Add timeouts to libor-event.a 2016-04-15 09:03:22 -04:00
Nick Mathewson
32e80ea3d3 Import timeouts.c directly from William Ahern's git.
Imported from here: https://github.com/wahern/timeout

Imported as of upstream e5a9e8bfaa9c631bdc54002181795931b65bdc1a.

All sources unmodified.
2016-04-15 09:03:22 -04:00
Nick Mathewson
0e354ad459 Merge branch 'assert_nonfatal_squashed' 2016-04-14 16:25:21 -04:00
Nick Mathewson
a86ed1d717 Add an IF_BUG_ONCE macro, since that's a pretty common pattern too. 2016-04-14 16:25:07 -04:00
Nick Mathewson
532820b11c Add a BUG macro for usage in if checks. 2016-04-14 16:25:06 -04:00
Nick Mathewson
a885271c08 Add new tor_assert_nonfatal*() macros.
Unlike tor_assert(), these macros don't abort the process.  They're
good for checking conditions we want to warn about, but which don't
warrant a full crash.

This commit also changes the default implementation for
tor_fragile_assert() to tor_assert_nonfatal_unreached_once().

Closes ticket 18613.
2016-04-14 16:24:28 -04:00
Roger Dingledine
525307c0ea fix typos/etc before i go nuts on #18809 2016-04-13 00:06:30 -04:00
Nick Mathewson
0630f1982d Add LCOV_EXCL* markers to crypto.c and crypto_s2k.c
This marks some lines as unreachable by the unit tests, and as
therefore excluded from test coverage.

(Note: This convention is only for lines that are absolutely
unreachable.  Don't use it anywhere you wouldn't add a
tor_fragile_assert().)
2016-04-12 21:13:33 -04:00
Roger Dingledine
0aacc07036 encourage rejected relays to contact us
When the directory authorities refuse a bad relay's descriptor,
encourage the relay operator to contact us. Many relay operators
won't notice this line in their logs, but it's a win if even a
few learn why we don't like what their relay was doing.

Resolves ticket 18760.

I didn't specify a contact mechanism (e.g. an email address), because
every time we've done that in the past, a few years later we noticed
that the code was pointing people to an obsolete contact address.
2016-04-12 19:54:04 -04:00
Nick Mathewson
eafcd7b0fc Merge branch 'maint-0.2.8' 2016-04-12 13:02:37 -04:00
Nick Mathewson
7babf33239 Merge remote-tracking branch 'public/bug18716_027' into maint-0.2.8 2016-04-12 13:02:02 -04:00
Nick Mathewson
1a065cea46 Do not link tests against both libor.a and libor-testing.a
Also, put libor-testing.a at a better position in the list of
libraries, to avoid linker errors.

This is a fix, or part of a fix, for 18490.

Conflicts:
	src/test/include.am
2016-04-12 02:48:46 +00:00
Nick Mathewson
39c057d45a memarea: Don't assume that sizeof(ulong) >= sizeof(void*).
Fixes bug 18716; bugfix on 0.2.1.1-alpha where memarea.c was
introduced.  Found by wbenny.
2016-04-07 11:10:14 -04:00
Nick Mathewson
591029253f Merge branch 'bug14334_squashed' 2016-04-07 10:59:55 -04:00
George Kadianakis
d5acb633ae Don't mark guards as unreachable if connection_connect() fails. 2016-04-07 10:59:46 -04:00
David Goulet
40827da3bf Turn TestingClientBootstrap* into non-testing options
This changes simply renames them by removing "Testing" in front of them and
they do not require TestingTorNetwork to be enabled anymore.

Fixes #18481

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-04-07 10:57:59 -04:00
Nick Mathewson
7532cd439b When we get a bad nickname, explain what a good one is.
Closes #18300; patch from "icanhasaccount".
2016-04-07 10:54:53 -04:00
Nick Mathewson
e703484722 Merge branch 'maint-0.2.8' 2016-04-07 10:46:15 -04:00
Nick Mathewson
d8a056daed Merge branch 'maint-0.2.7' into maint-0.2.8 2016-04-07 10:46:07 -04:00
Nick Mathewson
ad4ff7a5b9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-04-07 10:45:46 -04:00
Nick Mathewson
2ce99b9f48 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-04-07 10:45:38 -04:00
Nick Mathewson
34a51d1621 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-04-07 10:45:32 -04:00
Karsten Loesing
97c6e717b9 Update geoip and geoip6 to the April 5 2016 database. 2016-04-07 11:10:09 +02:00
Nick Mathewson
d5b3679392 Merge branch 'maint-0.2.8' 2016-04-05 23:56:21 -04:00
Nick Mathewson
d7a0382ba3 Don't call the system toupper or tolower.
Yes, we could cast to unsigned char first, but it's probably safest
to just use our own (in test_util), or remove bad-idea features that
we don't use (in readpassphrase.c).

Fixes 18728.
2016-04-05 23:22:28 -04:00
Nick Mathewson
20d39e86af Merge branch 'maint-0.2.8' 2016-04-05 23:18:48 -04:00
Roger Dingledine
d037369e56 quiet debug logs from periodic_event_dispatch()
Stop blasting twelve lines per second from periodic_event_dispatch()
at loglevel debug.

Resolves ticket 18729; fix on 0.2.8.1-alpha.
2016-04-05 23:13:55 -04:00
Nick Mathewson
b46d126e64 Merge branch 'maint-0.2.8' 2016-04-05 10:38:53 -04:00
Nick Mathewson
967491f156 Only define NEW_THREAD_API when not building with LibreSSL. 2016-04-05 10:38:15 -04:00
Nick Mathewson
16f7851807 Merge remote-tracking branch 'teor/bug18720' 2016-04-05 10:08:11 -04:00
Nick Mathewson
6720628c97 Merge branch 'maint-0.2.8' 2016-04-05 10:06:18 -04:00
Yawning Angel
5db21f8f81 OpenSSL 1.1.0-pre5-dev and later made BIO opaque.
Detect newer versions and fix our TLS code to use the new API.
2016-04-05 10:03:24 -04:00
Yawning Angel
6729d7328c OpenSSL 1.1.0-pre4 and later(?) have a new "thread API".
It appears that setting the various callbacks is no longer required, so
don't.
2016-04-05 10:03:24 -04:00
teor (Tim Wilson-Brown)
6a2b4db4f9 Fix a comment typo in compat.h 2016-04-05 13:45:37 +10:00
teor (Tim Wilson-Brown)
5d2b1c784b Clarify comments on connection_t's address fields 2016-04-05 13:45:09 +10:00
Nick Mathewson
7865402106 Move tor_assert implementation into its own header/module. 2016-04-04 11:06:04 -04:00
Nick Mathewson
705d3b221e Merge branch 'incoming_queue_symbol_fix' 2016-04-01 14:16:49 -04:00
Nick Mathewson
4b3e6c4d43 Merge branch 'maint-0.2.8' 2016-04-01 08:18:03 -04:00
Nick Mathewson
fdb57db581 Merge branch 'bug18133_027' into maint-0.2.8 2016-04-01 08:17:56 -04:00
Nick Mathewson
4093f343ca fix indentation 2016-04-01 08:16:21 -04:00
Nick Mathewson
9e57ffa520 Merge branch 'maint-0.2.8' 2016-04-01 08:15:05 -04:00
Nick Mathewson
e247093e0e Merge remote-tracking branch 'karsten/task-18460-2' into maint-0.2.8 2016-04-01 08:10:58 -04:00
Yawning Angel
a19f4192da Issue a STATUS_SERVER event on meaningful hibernation state changes.
Implements feature #18685.
2016-03-30 20:19:11 +00:00
Andrea Shepard
183d465f0e Merge branch 'bug15221_027' into maint-0.2.7 2016-03-30 12:23:42 +00:00
Nick Mathewson
beba70ec77 Don't declare "incoming_queue" in every file including channel.h
Found with my wacky symbol-usage-enforcer.
2016-03-29 13:55:14 -04:00
Andrea Shepard
0b45cab147 Merge branch 'bug18570_027' into maint-0.2.7 2016-03-29 15:01:36 +00:00
Roger Dingledine
1103d82492 fix typo in comment 2016-03-29 10:56:26 -04:00
Andrea Shepard
1218d731d1 Merge branch 'bug16248_027' into maint-0.2.7 2016-03-29 14:33:45 +00:00
Nick Mathewson
4e76b206b5 Merge remote-tracking branch 'arma/feature18624' 2016-03-29 08:06:21 -04:00
Nick Mathewson
90c24c0ced Merge branch 'maint-0.2.8' 2016-03-28 20:09:22 -04:00
Nick Mathewson
ba87f5bb25 Fix my dumb unreleased bug in 18673 2016-03-28 20:09:09 -04:00
Nick Mathewson
055a7a198a Rename tor_dup_addr to tor_addr_to_str_dup.
Patch from icanhasaccount; closes 18462.
2016-03-28 16:36:51 -04:00
Nick Mathewson
3220bd816b Merge branch 'maint-0.2.8' 2016-03-28 16:14:21 -04:00
Nick Mathewson
447b1c6b1d Begin an 0.2.9 branch 2016-03-28 15:54:59 -04:00
Nick Mathewson
a3f36bfd81 and NOW the version is 0.2.8.2-alpha-dev 2016-03-28 15:53:17 -04:00
Nick Mathewson
5b12642d09 Bump version correctly this time 2016-03-28 11:22:20 -04:00
Nick Mathewson
addd181721 Fix memory leak in TestingEnableCellStatsEvent
Only when we were actually flushing the cell stats to a controller
would we free them.  Thus, they could stay in RAM even after the
circuit was freed (eg if we didn't have any controllers).

Fixes bug 18673; bugfix on 0.2.5.1-alpha.
2016-03-28 11:12:15 -04:00
Nick Mathewson
68e663f777 Fix memory leaks that stopped chutney working with asan 2016-03-28 10:24:28 -04:00
Nick Mathewson
1d315b28a2 Fix a memory leak in tor-gencert.
This way I can run chutney under asan.

Fixes part of 18672.
2016-03-28 10:21:41 -04:00
Nick Mathewson
fc877b3c9e Bump the version number 2016-03-28 09:32:14 -04:00
Nick Mathewson
32e8886314 One more test that didnt pass on windows. See #18665. 2016-03-28 08:57:29 -04:00
Nick Mathewson
9604a5ba91 Fix memory-counting error in rephist.c. Bug 18651. (Now with actual patch) 2016-03-28 07:40:20 -04:00
Nick Mathewson
4895d8288c Do not treat "DOCDOC" as doxygen. 2016-03-26 10:11:45 -04:00
Nick Mathewson
cc90b57b04 add a little documentation to memarea. (I have been testing a tool.) 2016-03-26 10:09:19 -04:00
Nick Mathewson
c0568a89d9 Whitespace fixes 2016-03-26 09:54:31 -04:00
Nick Mathewson
dd572dac34 Fix all doxygen warnings (other than missing docs) 2016-03-26 09:53:12 -04:00
Nick Mathewson
c81b1358e7 Merge branch 'bug18649_squashed' 2016-03-26 08:17:19 -04:00
teor (Tim Wilson-Brown)
6057fb2f5b Clarify excess consensus connection cleanup by adding comments
Comment-only change
2016-03-26 08:16:33 -04:00
Nick Mathewson
24c0c5ef19 Disable failing broken time format case for windows. 2016-03-25 22:00:20 -04:00
Nick Mathewson
8d16c2f30e Merge remote-tracking branch 'arma/bug18625' 2016-03-25 17:19:59 -04:00
Nick Mathewson
4bb44f2c15 Only check in-boundsness of seconds when time_t is smaller than i64
Otherwise coverity complains that we're checking an whether an int64 is
less than INT64_MIN, which of course it isn't.

Fixes CID 1357176. Not in any released Tor.
2016-03-25 16:46:02 -04:00
Karsten Loesing
b79d8590c9 Include IPv6 consensus downloads in dirreq stats.
Fixes #18460.
2016-03-25 20:56:29 +01:00
Roger Dingledine
8251fe5150 use a clearer argument for connection_ap_make_link()
that function calls it argument "want_onehop", so it makes more
sense to pass that boolean into it.
2016-03-24 19:57:39 -04:00
Roger Dingledine
98abd49f6f remove the extraneous dir_port variable
we already are using "port" to describe the place we're going to
ask to connect to.
2016-03-24 19:14:32 -04:00
Roger Dingledine
fbd79f38c2 remove a redundant check about whether dirport is 0 2016-03-24 19:14:31 -04:00
Roger Dingledine
f590a303db revert the or_connection and dir_connection flags
They incorrectly summarized what the function was planning to do,
leading to wrong behavior like making an http request to an orport,
or making a begindir request to a dirport.

This change backs out some of the changes made in commit e72cbf7a, and
most of the changes made in commit ba6509e9.

This patch resolves bug 18625. There more changes I want to make
after this one, for code clarity.
2016-03-24 19:14:21 -04:00
Nick Mathewson
d5f50cb052 Merge remote-tracking branch 'dgoulet/bug18623_028_01' 2016-03-24 15:03:50 -04:00
Roger Dingledine
c4208ef65f dir auths only give Guard if they're giving Stable
This change allows us to simplify path selection for clients, and it
should have minimal effect in practice since >99% of Guards already have
the Stable flag. Implements ticket 18624.
2016-03-24 15:00:01 -04:00
David Goulet
ba6509e9e1 Fix broken directory request to the DirPort
Commit e72cbf7a4 introduced a change to directory_initiate_command_rend()
that made tor use the ORPort when making a directory request to the DirPort.
The primary consequence was that a relay couldn't selftest its DirPort thus
failing to work and join the network properly.

The main issue was we were always considering an anonymized connection to be
an OR connection which is not true.

Fixes #18623

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-03-24 13:57:53 -04:00
Nick Mathewson
4f86d75a4b try to fix a test failure for sizeof(time_t)==4. 2016-03-24 12:26:46 -04:00
Nick Mathewson
6256c61d95 Merge branch 'timegm_overflow_squashed' 2016-03-24 10:18:00 -04:00
teor (Tim Wilson-Brown)
19fb86a2dc Add a missing UL on a long in a unit test 2016-03-24 10:17:48 -04:00
teor (Tim Wilson-Brown)
b99bd3e7ff Add unit tests with dates from 2035 to 2039
Platforms with 32-bit time_t sometimes give different results.
They don't always indicate failure on overflow, #18480 should
fix these.
2016-03-24 10:17:48 -04:00
teor (Tim Wilson-Brown)
e71e8e005a Avoid overflow in tor_timegm on 32 bit platforms due to year 2038 2016-03-24 10:17:48 -04:00
Nick Mathewson
424af93ded Merge branch 'bug18517_squashed' 2016-03-24 10:14:05 -04:00
teor (Tim Wilson-Brown)
f2153f9716 Always allow OR connections to bridges on private addresses
Regardless of the setting of ExtendAllowPrivateAddresses.

This fixes a bug with pluggable transports that ignore the
(potentially private) address in their bridge line.

Fixes bug 18517; bugfix on 23b088907f in tor-0.2.8.1-alpha.
2016-03-24 10:13:58 -04:00
Nick Mathewson
54559e5845 Merge remote-tracking branch 'teor/bug18351' 2016-03-24 09:33:58 -04:00
Nick Mathewson
ea9472d085 Merge remote-tracking branch 'teor/bug18489' 2016-03-24 09:01:28 -04:00
teor (Tim Wilson-Brown)
b1569e39c8 Check if fallbacks support extrainfo descriptors before requesting them
When requesting extrainfo descriptors from a trusted directory
server, check whether it is an authority or a fallback directory
which supports extrainfo descriptors.

Fixes bug 18489; bugfix on 90f6071d8d in tor-0.2.4.7-alpha.

Reported by "atagar", patch by "teor".
2016-03-24 22:03:58 +11:00
teor (Tim Wilson-Brown)
eb5a262a15 Code indentation whitespace-only fix 2016-03-24 21:56:37 +11:00
teor (Tim Wilson-Brown)
355f78364a Clarify ReachableAddress log messages
Make it clearer that they are about outgoing connection attempts.
Specify the options involved where they were missing from one log
message.
Clarify a comment.
2016-03-24 20:59:49 +11:00
teor (Tim Wilson-Brown)
f2a344e397 Downgrade IP version warnings to avoid filling logs
Downgrade logs and backtraces about IP versions to
info-level. Only log backtraces once each time tor runs.

Assists in diagnosing bug 18351; bugfix on c3cc8e16e in
tor-0.2.8.1-alpha.

Reported by "sysrqb" and "Christian", patch by "teor".
2016-03-24 10:39:23 +11:00
Nick Mathewson
7123e9706e Repair build when no sandbox support is enabled. 2016-03-22 13:18:18 -04:00
Nick Mathewson
ca8423a703 Merge remote-tracking branch 'public/bug18253' 2016-03-22 10:08:50 -04:00
Nick Mathewson
dae8484107 Try to fix an intermittent test failure on openbsd. 2016-03-22 09:12:59 -04:00
Nick Mathewson
9dff41694a Never use sprintf. tor_snprintf instead. Bug in tests, not in any released tor. 2016-03-22 08:52:17 -04:00
Nick Mathewson
a17537a238 Fix an fd leak in check_private_dir().
The fd would leak when the User wasn't recogniezed by
getpwnam(). Since we'd then go on to exit, this wasn't a terribad
leak, but it's still not as nice as no leak at all.

CID 1355640; bugfix on no released Tor.
2016-03-22 08:29:51 -04:00
Roger Dingledine
580e549f75 remove extraneous breaks
commit edeba3d4 removed a switch, but left the "break" lines in
from that switch. fortunately the resulting behavior was not wrong,
since there was an outer switch that it was ok to break from.
2016-03-21 17:11:18 -04:00
Roger Dingledine
4861e24552 fix indentation after #18332 patches
no actual changes here -- but the new indenting makes it clear
that the fixes in #18332 were not as good as they should have been.
the next commit will deal with that.
2016-03-21 17:08:02 -04:00
Nick Mathewson
6a91cab79c Merge branch 'maint-0.2.7' 2016-03-21 13:26:04 -04:00
Nick Mathewson
e1e62f9d57 Merge branch 'ed25519_voting_fixes_squashed' into maint-0.2.7 2016-03-21 13:25:12 -04:00
Nick Mathewson
2f2fba8a91 Use nth consistently in dircollate.h.
Documentation-only patch. Issue 17668.T6.
2016-03-21 13:24:09 -04:00
Nick Mathewson
b24f15a9a1 In routers_make_ed_keys_unique, break ties for published_on
This ensures that if we can't use published_on to decide an ed,rsa
mapping, we at least decide deterministically.

Resolves 17668.T3
2016-03-21 13:24:09 -04:00
Nick Mathewson
beef6ed451 Assert that dircollator is collated when we're reading its output.
Fix for 17668.S2.
2016-03-21 13:24:09 -04:00
Nick Mathewson
48f8229504 After we strip out duplicate entries from 'routers', don't use 'rl'.
We've got to make sure that every single subsequent calculation in
dirserv_generate_networkstatus_vote_obj() are based on the list of
routerinfo_t *after* we've removed possible duplicates, not before.
Fortunately, none of the functions that were taking a routerlist_t
as an argument were actually using any fields other than this list
of routers.

Resolves issue 18318.DG3.
2016-03-21 13:24:09 -04:00
Nick Mathewson
fa07c60c67 Fix another case of 17668: Add NoEdConsensus
I had a half-built mechanism to track, during the voting process,
whether the Ed25519 value (or lack thereof) reflected a true
consensus among the authorities.  But we never actually inserted this
field in the consensus.

The key idea here is that we first attempt to match up votes by pairs
of <Ed,RSA>, where <Ed> can be NULL if we're told that there is no
Ed key.  If this succeeds, then we can treat all those votes as 'a
consensus for Ed'.  And we can include all other votes with a
matching RSA key and no statement about Ed keys as being "also about
the same relay."

After that, we look for RSA keys we haven't actually found an entry
for yet, and see if there are enough votes for them, NOT considering
Ed keys.  If there are, we match them as before, but we treat them
as "not a consensus about ed".

When we include an entry in a consensus, if it does not reflect a
consensus about ed keys, then we include a new NoEdConsensus flag on
it.

This is all only for consensus method 22 or later.

Also see corresponding dir-spec patch.
2016-03-21 13:24:09 -04:00
Nick Mathewson
60ca3f358f Document has_ed25519_listing 2016-03-21 13:23:32 -04:00
Nick Mathewson
13a31e72db Never vote for an ed key twice.
When generating a vote, and we have two routerinfos with the same ed
key, omit the one published earlier.

This was supposed to have been solved by key pinning, but when I
made key pinning optional, I didn't realize that this would jump up
and bite us.  It is part of bug 18318, and the root cause of 17668.
2016-03-21 13:23:32 -04:00
Nick Mathewson
c20e34e189 Fix log message subjects in networkstatus_parse_vote_from_string()
Some of these messages called the thing being parsed a "vote" whether
it is a vote or a consensus.

Fixes bug 18368.
2016-03-21 13:23:32 -04:00
Nick Mathewson
6182e34628 Document dircollate.c (and remove an unused global) 2016-03-21 13:23:32 -04:00
Nick Mathewson
233180a9ab Merge remote-tracking branch 'public/bug18548' 2016-03-21 12:36:41 -04:00
Nick Mathewson
005a20ec85 Log a better message when OfflineMasterKey is set.
Fixes bug 18133; bugfix on 0.2.7.2-alpha.
2016-03-21 11:57:23 -04:00
Nick Mathewson
d567796946 Merge remote-tracking branch 'public/bug17443_v2' 2016-03-21 11:21:31 -04:00
Nick Mathewson
ddd30f966a Merge remote-tracking branch 'arma/ticket18332-try3' 2016-03-21 10:41:23 -04:00
Nick Mathewson
13eb120bea Merge remote-tracking branch 'special/bug18600' 2016-03-21 10:32:39 -04:00
Nick Mathewson
cb3f9bc2d4 Merge branch 'bug18570_027' 2016-03-21 10:20:16 -04:00
Andrea Shepard
bd87d37a86 Make sure channel_t queues its own copy of incoming cells 2016-03-21 10:14:47 -04:00
Andrea Shepard
1cdc7fddb2 Add new channel/queue_incoming unit tests; modify channel unit tests for new clarified handling of alloc/free responsibility for queued incoming cells 2016-03-21 10:14:47 -04:00
Steven Chamberlain
a42938c076 test_options.c: assert that TransProxyType is tested
If a new platform defines USE_TRANSPARENT, ensure that a test runs for
its TransProxyType.
2016-03-21 09:51:35 -04:00
John Brooks
2c057c2833 Scrub service name in introduction circuit warning
Fixes bug 18600.
2016-03-21 19:23:28 +07:00
Steven Chamberlain
45681f695c test_options.c: NULL a pointer after free #18447
tdata will be double-freed if none of linux, __FreeBSD__, DARWIN or
__OpenBSD__ are defined.  (For example, FreeBSD derivatives).
2016-03-17 19:20:36 -04:00
Roger Dingledine
e28448a23e Bridges now refuse "rendezvous2" publish attempts
Suggested during review of ticket 18332.
2016-03-16 16:46:14 -04:00
Nick Mathewson
368825ff45 Sandbox: Don't preseed getaddrinfo(gethostname()) in client mode.
If we're a server with no address configured, resolve_my_hostname
will need this.  But not otherwise.  And the preseeding itself can
consume a few seconds if like tails we have no resolvers.

Fixes bug 18548.
2016-03-15 11:19:59 -04:00
Nick Mathewson
b48f8a8114 Fix whitespace. 2016-03-15 09:21:29 -04:00
Nick Mathewson
c9899ee640 Merge remote-tracking branch 'weasel/bug18458' 2016-03-15 09:18:24 -04:00
Peter Palfrader
d8626d34e5 Fix log message: say RelaxDirModeCheck instead of StrictDirModes 2016-03-14 20:27:53 +01:00
Nick Mathewson
4b02af452d Merge branch 'bug15221_027' 2016-03-14 14:10:47 -04:00
Nick Mathewson
dd7c999617 Make unix sockets work with the linux seccomp2 sandbox again
I didn't want to grant blanket permissions for chmod() and chown(),
so here's what I had to do:
   * Grant open() on all parent directories of a unix socket
   * Write code to allow chmod() and chown() on a given file only.
   * Grant chmod() and chown() on the unix socket.
2016-03-14 14:07:02 -04:00
Nick Mathewson
0cdeac77e0 Don't chmod/chown unix sockets if their permissions are already ok
This is a part of a fix for 18253; bugfix on 0.2.8.1-alpha.

Alternatively, we could permit chmod/chown in the sandbox, but I
really don't like giving the sandbox permission to alter
permissions.
2016-03-14 13:40:44 -04:00
Nick Mathewson
725e0c76e3 Permit setrlimit, prlimit, prlimit64 calls.
We call setrlimit under some circumstances, and it can call prlimit
and prlimit64 under the hood.

Fixes bug 15221.
2016-03-14 13:21:16 -04:00
Nick Mathewson
36ad65a7d1 When using open() to make sure we created a dir, close the fd afterwards
Found by coverity. Not in any released Tor. Fixes CID 1355640.

Also, don't check for fd correctness with assert(fd).  You need to
assert (fd >= 0).
2016-03-14 13:03:44 -04:00
Nick Mathewson
a64be7eaa9 Merge remote-tracking branch 'public/bug16248_027' 2016-03-14 12:53:57 -04:00
Nick Mathewson
307b863556 Add comments to connection_check_event(). 2016-03-14 12:53:21 -04:00
David Goulet
d8b93b31a0 hs: Do not close desc fetch conn. if we can't pick an HSDir
Launching 7 descriptor fetches makes a connection to each HSDir that is 6
and the seventh one fails to pick an HSDir because they are all being used
already so it was killing all pending connections at once.

Fixes #15937

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-03-14 11:00:46 -04:00
Nick Mathewson
a86f78a9f2 Merge remote-tracking branch 'teor/bug17153' 2016-03-11 11:23:58 -05:00
Nick Mathewson
fe0d346a6d Merge remote-tracking branch 'teor/bug8976_01_028' 2016-03-11 11:11:38 -05:00
Nick Mathewson
91d7cf50c6 Change behavior on missing/present event to warn instead of asserting.
Add a changes file.
2016-03-11 10:50:36 -05:00
Roger Dingledine
edeba3d472 simplify rend_cache_store_status_t back to a boolean
it used to be a tri-state, but now it's just a bi-state, so we can
take out all the machinery like the enum.
2016-03-11 10:49:57 -05:00
Roger Dingledine
dc500c8cb4 rip out rend_id_is_in_interval()
it was used by hid_serv_responsible_for_desc_id(), which we no
longer use.
2016-03-11 10:46:21 -05:00
Roger Dingledine
5390296338 rip out hid_serv_acting_as_directory()
When we made HidServDirectoryV2 always 1, we removed the situation
where a relay could choose not to be an HSDir. Now simplify the
rest of the code to reflect this decision.

(We have to remove two apparently unrelated free() calls in the unit
tests, since they used to free stuff that we created as a side effect
of calling router_get_my_routerinfo(), and now we no longer call that.)
2016-03-11 10:45:03 -05:00
Roger Dingledine
e167910fce rip out hid_serv_responsible_for_desc_id()
This simplifies relay behavior, because the relay offers the hsdir
functionality independent of whether the directory authorities have
decided this relay is suitable for clients to use yet.

Implements ticket 18332.
2016-03-11 10:40:31 -05:00
Nick Mathewson
e79da62645 If we start/stop reading on a dnsserv connection, don't assert.
Fixes bug 16248. Patch from cypherpunks.  Bugfix on 0.2.0.1-alpha.
2016-03-11 10:33:19 -05:00
Nick Mathewson
656e23171d Merge remote-tracking branch 'teor/bug18454' 2016-03-11 10:22:41 -05:00
Nick Mathewson
36ac47bd85 Merge remote-tracking branch 'public/bug18204_028' 2016-03-11 10:10:15 -05:00
Nick Mathewson
ef31c8862f Add changes file for 18448; refactor
(I've made it so FreeBSD || FreeBSD_kernel is enough to ensure that
we think you might have ipfw, and so that the logic is all in one
place.)
2016-03-11 10:05:28 -05:00
Steven Chamberlain
db263442af enable and test transproxy on FreeBSD derivatives #18448
The transproxy feature is only enabled when __FreeBSD__ is defined, and
only regular FreeBSD does that.  Change this to __FreeBSD_kernel__ which
is defined on derivatives as well.

This enables the relevant options/validate__transproxy test on FreeBSD
derivatives.
2016-03-11 10:01:25 -05:00
Nick Mathewson
82df3e70ac Do not link tests against both libor.a and libor-testing.a
Also, put libor-testing.a at a better position in the list of
libraries, to avoid linker errors.

This is a fix, or part of a fix, for 18490.
2016-03-11 09:53:25 -05:00
Hassan Alsibyani
b1917a0614 moving hid_serv_get_responsible_directories and hid_serv_acting_as_directory from routerlist.c to rendcommon.c 2016-03-11 09:15:48 -05:00
Nick Mathewson
58bcae37a2 Merge branch 'maint-0.2.7' 2016-03-09 10:37:00 -05:00
Nick Mathewson
17cfdb358c Merge branch 'maint-0.2.6' into maint-0.2.7 2016-03-09 10:36:50 -05:00
Nick Mathewson
443dddb749 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-03-09 10:36:35 -05:00
Nick Mathewson
21f9829e79 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-03-09 10:36:20 -05:00
teor (Tim Wilson-Brown)
9f98e6535a Correctly duplicate addresses in get_interface_address6_list 2016-03-04 18:42:27 +01:00
teor (Tim Wilson-Brown)
2627299ef0 Avoid freeing an uninitialised pointer in get_interface_addresses_ioctl 2016-03-04 18:41:49 +01:00
teor (Tim Wilson-Brown)
b0ca80c23f Reject multicast rendezvous point addresses
Unless ExtendAllowPrivateAddresses is 1.
2016-03-04 18:21:13 +01:00
Karsten Loesing
8e2640b15a Update geoip and geoip6 to the March 3 2016 database. 2016-03-04 10:56:51 +01:00
teor (Tim Wilson-Brown)
10330c1234 Remove an extraneous space in a log message 2016-03-01 19:08:02 +01:00
Peter Palfrader
1ef7df551d First RelaxDirModeCheck implementation 2016-03-01 17:08:14 +01:00
teor (Tim Wilson-Brown)
2120e14009 Allow internal IPv6 addresses in descriptors in private networks 2016-03-01 16:48:16 +01:00
Nick Mathewson
9fc472e1a8 clean/extend some module docs, including fix from #18403 2016-02-28 17:57:47 +01:00
Nick Mathewson
69fc025e95 Merge remote-tracking branch 'teor/fallbacks-201602-v2' 2016-02-28 15:51:22 +01:00
Nick Mathewson
88ad2f5fb2 Merge remote-tracking branch 'teor/bug18123' 2016-02-28 15:40:35 +01:00
Alexander Færøy
d4c5ccf79c Use the kdf_rfc5869() function instead of kdf().
This patch fixes an issue in "ntor_ref.py gen_kdf_vectors" where the
script tries to call the undefined function kdf().
2016-02-28 15:24:59 +01:00
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00
Nick Mathewson
f4864d37ec It appears I added an empty file by mistake. 2016-02-27 18:25:51 +01:00
Nick Mathewson
23f8c9b32f Add a brief file-level description for everything in src/common 2016-02-27 18:19:57 +01:00
Nick Mathewson
fe6ca826df Make sure that every module in src/or has a brief description. 2016-02-27 18:08:24 +01:00
Nick Mathewson
d5cbc21ad1 Fix an unused-variable warning 2016-02-27 10:20:15 +01:00
Nick Mathewson
0a276947ba Merge branch 'bug18392' 2016-02-27 10:17:51 +01:00
teor (Tim Wilson-Brown)
e2202146d1 Update default fallback directories for 0.2.8.2-alpha (Feb 2016)
Allow fallback directories which have been stable for 7 days
to work around #18050, which causes relays to submit descriptors
with 0 DirPorts when restarted. (Particularly during Tor version
upgrades.)

Ignore low fallback directory count in alpha builds.
Set the target count to 50.
2016-02-27 10:04:00 +01:00
teor (Tim Wilson-Brown)
8e103cb2d0 Set EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing attack 2016-02-26 10:53:57 +01:00
Nick Mathewson
3687526c66 Merge remote-tracking branch 'teor/bug18384' 2016-02-25 13:46:34 -05:00
Nick Mathewson
7255b1121d Fix check_private_dir() to work on Windows again.
On windows, you cannot open() a directory.  So for Windows we should
just take our previous stat-based approach.

Closes bug 18392; bug not in any released Tor.
2016-02-25 13:34:12 -05:00
Nick Mathewson
7a782820e9 Make the sandbox work again with chutney.
Previously, we had a problem due to the check_private_dir() rewrite.

Bug not in any released Tor.
2016-02-24 16:01:24 -05:00
Nick Mathewson
f2e23d5ad6 Fix a huge number of leaks in test_config.c
I no longer see asan reporting memory leaks in the unit tests.
2016-02-24 15:44:40 -05:00
Nick Mathewson
a3f764ea69 Fix memory leaks in routerlist/pick_directory_server_impl test 2016-02-24 15:13:29 -05:00
Nick Mathewson
ba0ddd7467 Fix a leak in test_have_enough_mem_for_dircache 2016-02-24 15:06:12 -05:00
Nick Mathewson
73c433a48a Remove the freelist from memarea.c
This is in accordance with our usual policy against freelists,
now that working allocators are everywhere.

It should also make memarea.c's coverage higher.

I also doubt that this code ever helped performance.
2016-02-24 14:32:09 -05:00
teor (Tim Wilson-Brown)
9ab1037de1 Silence clang-scan warnings in ed25519_donna 2016-02-24 23:24:01 +08:00
Nick Mathewson
1318c1611f Another clang+_FORTIFY_SOURCE issue
There was a parenthesis issue in test_util that clang found
confusing.  This part was only in master.

Closes issue 14821.
2016-02-23 14:06:45 -05:00
Nick Mathewson
a7f303a481 Merge branch 'maint-0.2.7' 2016-02-23 14:05:54 -05:00
Nick Mathewson
67e5d49d8a Make clang asan work with FORTIFIED_SOURCE again.
Short version: clang asan hates the glibc strcmp macro in
bits/string2.h if you are passing it a constant string argument of
length two or less.  (I could be off by one here, but that's the
basic idea.)

Closes issue 14821.
2016-02-23 14:05:34 -05:00
Nick Mathewson
94c8f3605f Replace two instances of N_DIGEST_ALGORITHMS.
These should have been N_COMMON_DIGEST_ALGORITHMS.

Fixes bug 18380; bug not in any released Tor.
2016-02-23 12:42:10 -05:00
Nick Mathewson
d3af4f4e43 Merge remote-tracking branch 'arma/bug16825' 2016-02-23 10:45:39 -05:00
Nick Mathewson
e88686cb2c Merge remote-tracking branch 'teor/bug18348-v2' 2016-02-23 07:36:56 -05:00
Nick Mathewson
48c1c028ca Merge branch 'bug18296_squashed' 2016-02-23 07:32:18 -05:00
Nick Mathewson
21f72990db Simple fix for integer overflow in smartlist_heapify. 2016-02-23 07:31:58 -05:00
Nick Mathewson
882e0fbd76 Merge branch 'bug17795' 2016-02-23 07:25:12 -05:00
Nick Mathewson
e202f3a1ca Fix an erroneous renaming
Did you know that crypto_digest_all is a substring of
crypto_digest_alloc_bytes()?  Hence the mysterious emergence of
"crypto_common_digestsoc_bytes".

Next time I should use the \b assertion in my regexen.

Spotted by Mike.
2016-02-23 07:22:53 -05:00
Nick Mathewson
b3534dfc5e Add missing check to test_address_get_if_addrs_ifaddrs. Bug 18378 2016-02-23 07:17:00 -05:00
Andrea Shepard
cda2381789 Appease make check-spaces 2016-02-23 05:07:29 +00:00
Nick Mathewson
e019e11e61 Another memory leak in the tests 2016-02-22 16:20:11 -05:00
Nick Mathewson
4cc50ee805 Small fixup on last fix to test leaks 2016-02-22 16:16:56 -05:00
Nick Mathewson
041d6482db Fix a bunch of memory leaks in the unit tests 2016-02-22 16:14:03 -05:00
Nick Mathewson
bb431ad3df Add a missing free in parsing an :auto port
Fixes bug 18374; bugfix on 0.2.3.3-alpha.
2016-02-22 15:51:43 -05:00
Nick Mathewson
ef42c00cf0 asan does not like TO_CONN(NULL) 2016-02-22 15:45:37 -05:00
cypherpunks
1e9950847c Define O_NOFOLLOW on platforms that do not have it
Fixes #18339
2016-02-22 15:28:24 -05:00
Nick Mathewson
a508119169 Update to trunnel 1.4.4 to fix 18373 2016-02-22 14:19:29 -05:00
Nick Mathewson
2240aa1269 Merge branch 'bug16023_028_01_squashed' 2016-02-22 13:17:58 -05:00
Nick Mathewson
60efce445b Enable ed25519 collator in voting.
Previously, I had left in some debugging code with /*XXX*/ after it,
which nobody noticed.  Live and learn!  Next time I will use /*XXX
DO NOT COMMIT*/ or something.

We need to define a new consensus method for this; consensus method
21 shouldn't actually be used.

Fixes bug 17702; bugfix on 0.2.7.2-alpha.
2016-02-22 10:07:42 -05:00
Roger Dingledine
e3eaee1d2c avoid redundant bootstrap events if the number of descs we just fetched is 0 2016-02-22 03:02:01 -05:00
Roger Dingledine
56c5e282a7 avoid extra LOG_NOTICE for every new microdesc batch
We already write out bootstrapping progress (see bug 9927) per new
microdesc batch. There's no need to do a full "I learned some more
directory information, but not enough to..." line each time too.
2016-02-22 02:55:42 -05:00
Roger Dingledine
43193ec888 refactor directory_info_has_arrived so we can quiet the logs
no actual behavior changes
2016-02-22 02:54:32 -05:00
Roger Dingledine
c6952f65ef new microdescs mean progress towards bootstrapping
Now, when a user who has set EntryNodes finishes bootstrapping, Tor
automatically repopulates the guard set based on this new directory
information. Fixes bug 16825; bugfix on 0.2.3.1-alpha.
2016-02-22 02:47:57 -05:00
Roger Dingledine
a9993a92fb fix two typos in comments 2016-02-22 02:34:50 -05:00
teor (Tim Wilson-Brown)
d359cfab13 Update unit tests for fascist_firewall_choose_address*
Check that clients, bridge clients, and relays choose addresses
as expected.
2016-02-21 00:00:40 +11:00
teor (Tim Wilson-Brown)
be16c16bda Downgrade directory preference warning to info level 2016-02-20 23:42:08 +11:00
teor (Tim Wilson-Brown)
c281c03654 If both IPv4 and IPv6 addresses could be used, choose one correctly
If there is a node, use node_ipv6_or/dir_preferred().
If there is no node, use fascist_firewall_prefer_ipv6_or/dirport().
2016-02-20 23:40:37 +11:00
teor (Tim Wilson-Brown)
4afb107278 Refactor IPV6_OR_LOOKUP into fascist_firewall_choose_address_rs
It's only used once now, so having it as a macro is unhelpful.
2016-02-20 23:30:23 +11:00
teor (Tim Wilson-Brown)
a4853f1bc1 Make some fascist_firewall_choose_address* functions static 2016-02-20 23:30:17 +11:00
teor (Tim Wilson-Brown)
a4eddfff66 Refactor fascist_firewall_allows_address without changing behaviour 2016-02-20 20:01:51 +11:00
teor (Tim Wilson-Brown)
25543387ed Ensure relays must use IPv4, and can use IPv6
A mistake in previous refactoring had relays using IPv4 and IPv6.
2016-02-20 19:28:51 +11:00
David Goulet
13a8571834 Add onion address to the HS_DESC UPLOADED event
Fixes #16023

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-02-17 15:30:46 -05:00
Nick Mathewson
5494938467 Set or_ap/dir_ap.port on the invalid addr case. Bug in no released Tor. CID 1353178 and 1353179. 2016-02-16 12:58:02 -05:00
Nick Mathewson
31c96a3699 Fix a NULL dereference on unit test failure. CID 1353177. 2016-02-16 12:55:41 -05:00
Nick Mathewson
5cd6c577df Merge branch 'bug17852_revised' 2016-02-16 11:34:06 -05:00
Jeremy
f48c607fd9 Harden check_private_dir() to remove any potential race.
Remove any potential race between stat() and chmod().
Replace stat() with fstat().
Replace chmod() with fchmod()
2016-02-16 11:21:46 -05:00
Jeremy
4e19133dcc src/common/util.c:expand_filename() - Perhaps use GetFullPathName() as a form of input validation on the filename argument. 2016-02-16 11:21:45 -05:00
Nick Mathewson
a874d66ea9 Handle the case where tor-gencert gets a passphrase with no NL
Closes ticket 17443.
2016-02-12 08:54:09 -05:00
Nick Mathewson
1f679d4ae1 Fix all doxygen warnings other than "X is not documented" 2016-02-11 22:06:44 -05:00
Nick Mathewson
fed8c5199a Merge branch 'check_log_mutex_uncherrypicked' 2016-02-11 13:41:31 -05:00
teor (Tim Wilson-Brown)
a7a98e27ea Initialise logging before trying to use it in unit tests 2016-02-11 13:41:25 -05:00
Nick Mathewson
7788ee43e5 Merge branch 'maint-0.2.7' 2016-02-11 13:04:43 -05:00
Nick Mathewson
be6174f8f6 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-02-11 13:01:46 -05:00
Nick Mathewson
740421af19 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-02-11 13:00:25 -05:00
Nick Mathewson
ce289e2cb5 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-02-11 12:55:40 -05:00
Nick Mathewson
ad95d64fec Merge branch 'bug18162_024' into maint-0.2.4 2016-02-11 12:55:25 -05:00
Nick Mathewson
c2fd648469 Make ensure_capacity a bit more pedantically correct
Issues noted by cypherpunks on #18162
2016-02-11 12:54:52 -05:00
Nick Mathewson
838d4dee12 make check-spaces 2016-02-11 12:50:55 -05:00
Nick Mathewson
2b5ff52594 Merge branch 'feature17840-v11-tests_truncated' 2016-02-11 12:45:51 -05:00
Nick Mathewson
ba2be81fc3 Merge remote-tracking branch 'teor/feature17840-v11-merged-v2' 2016-02-11 12:20:20 -05:00
Nick Mathewson
cae59b913f Rename circuit_about_to_free_{terminal -> atexit} 2016-02-11 12:15:12 -05:00
Nick Mathewson
7f9ac4957c Split a long line 2016-02-11 12:13:02 -05:00
Nick Mathewson
bc7a5eeeda Merge remote-tracking branch 'weasel/bug18261' 2016-02-11 12:12:02 -05:00
Nick Mathewson
c0a6c34652 Merge remote-tracking branch 'teor/bug18208' 2016-02-10 16:32:05 -05:00
Nick Mathewson
162d2022e1 Merge branch 'bug17682_squashed' 2016-02-10 15:50:28 -05:00
Nick Mathewson
601b41084a Bulletproof the safe_timer_diff function
Originally it can overflow in some weird cases.  Now it should no longer
be able to do so.

Additionally, limit main's timers to 30 days rather than to 38 years;
we don't actually want any 38-year timers.

Closes bug 17682.
2016-02-10 15:49:11 -05:00
Nick Mathewson
ee75c02691 Merge remote-tracking branch 'andrea/bug18116' 2016-02-10 15:42:11 -05:00
Nick Mathewson
69c47ab5fd Merge remote-tracking branch 'sebastian/bug18242' 2016-02-10 15:38:52 -05:00
Nick Mathewson
4dc8dc4b89 Merge remote-tracking branch 'public/bug18184' 2016-02-10 15:36:48 -05:00
Nick Mathewson
a8d6989589 Whitespace fixes 2016-02-10 15:35:46 -05:00
Nick Mathewson
9746aed2ba Another automated rename.
Also simplify crypto_common_digests() to have no loop.
2016-02-10 15:32:12 -05:00
Nick Mathewson
8a4bba06d2 Rename crypto_digest_all, and digests_t.
They are no longer "all" digests, but only the "common" digests.

Part of 17795.

This is an automated patch I made with a couple of perl one-liners:

  perl -i -pe 's/crypto_digest_all/crypto_common_digests/g;' src/*/*.[ch]
  perl -i -pe 's/\bdigests_t\b/common_digests_t/g;' src/*/*.[ch]
2016-02-10 15:28:19 -05:00
Andrea Shepard
ae0f858602 Properly detach circuits from cmuxes when calling circuit_free_all() on shutdown again 2016-02-10 05:35:03 +00:00
Andrea Shepard
3014bfb61b Appease make check-spaces 2016-02-10 02:20:59 +00:00
Nick Mathewson
92048a1b43 Add missing consts; my fault. 2016-02-08 08:34:18 -05:00
Nick Mathewson
9f6589d65a Merge branch 'decorated_ipv6_directory_send_command_squashed' 2016-02-08 08:33:28 -05:00
Malek
061586e36c decorated ipv6 address for directory send command 2016-02-08 08:33:18 -05:00
Nick Mathewson
d004f06830 fix wide lines, use more locals. 2016-02-08 08:31:31 -05:00
Harini Kannan
c30be5a82d Using router_get_my_routerinfo() 2016-02-07 16:07:35 -05:00
Peter Palfrader
42e131e9ac Fix a segfault during startup
If unix socket was configured as listener (such as a ControlSocket or a
SocksPort unix socket), and tor was started as root but not configured
to switch to another user, tor would segfault while trying to string
compare a NULL value.  Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch
by weasel.
2016-02-06 22:17:02 +01:00
Nick Mathewson
2d879bd39f Document port_out argument to tor_addr_from_sockaddr 2016-02-06 15:34:47 -05:00
Nick Mathewson
0f5f6b8a41 Merge remote-tracking branch 'yawning/bug18221' 2016-02-06 15:30:22 -05:00
Nick Mathewson
b645e2f2b0 Merge remote-tracking branch 'alec/dead_code_removal' 2016-02-06 15:08:49 -05:00
Alec Heifetz
6852868b4a Removed dead code in main.c 2016-02-06 14:41:31 -05:00
Nick Mathewson
31a27729b9 Fix spaces. 2016-02-06 14:00:24 -05:00
Nick Mathewson
03371e3d3c Merge branch 'cleaned_aes_crypt' 2016-02-06 13:54:09 -05:00
Malek
a9cd291753 Removed aes_crypt, left only aes_crypt_inplace. Removed should_use_openssl_CTR, was used for openssl 1.0.0 bug. 2016-02-06 13:38:11 -05:00
Hassan Alsibyani
edd93f9de8 changing output of crypto_cipher_crypt_inplace from int to void 2016-02-06 12:14:39 -05:00
Sebastian Hahn
55d6fd27cb Fix the --disable-asserts-in-tests configure option 2016-02-05 14:40:07 +01:00
Nick Mathewson
1f5cdf2b6c Merge branch 'maint-0.2.7' 2016-02-05 08:13:47 -05:00
Nick Mathewson
d920cbb82c Merge branch 'maint-0.2.6' into maint-0.2.7 2016-02-05 08:13:35 -05:00
Nick Mathewson
44ad3be221 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-02-05 08:13:24 -05:00
Nick Mathewson
f06d9a9cef Merge branch 'maint-0.2.4' into maint-0.2.5 2016-02-05 08:13:13 -05:00
teor (Tim Wilson-Brown)
add8acf428 Avoid calling log functions in logv when SMARTLIST_DEBUG is defined 2016-02-05 14:14:17 +11:00
teor (Tim Wilson-Brown)
db72b509d1 Check that the log mutex is initialised before trying to lock or unlock it 2016-02-05 14:08:58 +11:00
Nick Mathewson
6149703089 Bump to 0.2.8.1-alpha-dev 2016-02-04 18:24:20 -05:00
Nick Mathewson
af116081f9 Make the no-assertions-during-coverage check into a configure option
Closes ticket 18242.

The rationale here is that I like having coverage on by default in my
own working directory, but I always want assertions turned on unless
I'm doing branch coverage specifically.
2016-02-04 12:51:52 -05:00
Nick Mathewson
c595f6d25e Add an assertion to tor_libevent_get_base()
Closes ticket 18241.
2016-02-04 12:37:00 -05:00
Nick Mathewson
1bac468882 Fix two problems in the 0.2.8.x unit tests
1. We were sometimes using libevent uninitialized, which is Not Allowed.

2. The malformed-PTR dns test was supposed to get a -1 output... but
   the test was wrong, since it forgot that in-addr.arpa addresses
   are in reverse order.

Bugs not in any released tor.
2016-02-04 12:30:48 -05:00
Nick Mathewson
5da517e689 Bump version. (This is not yet the release.) 2016-02-04 10:07:06 -05:00
Karsten Loesing
d5ac79e056 Update geoip and geoip6 to the February 2 2016 database. 2016-02-04 08:53:24 +01:00
Nick Mathewson
fa52b6f075 Make tortls unit tests pass with LibreSSL.
Part of the fix for 17921.
2016-02-03 11:31:57 -05:00
Nick Mathewson
c1c3e45eab Make crypto/rng_engine test pass on libressl. Bug not in any released tor. 2016-02-03 11:18:16 -05:00
Nick Mathewson
27582325dc Make Tor build happily with OpenSSL master and libressl.
Also tested with 1.0.0t and 1.0.2f.

Closes ticket 19784.

Closes most of 17921. (Still need to make some tests pass.)
2016-02-03 11:13:12 -05:00
teor (Tim Wilson-Brown)
c213f277cd Make bridge clients prefer the configured bridge address
When ClientPreferIPv6ORPort is auto, bridges prefer the configured
bridge ORPort address. Otherwise, they use the value of the option.
Other clients prefer IPv4 ORPorts if ClientPreferIPv6ORPort is auto.

When ClientPreferIPv6DirPort is auto, all clients prefer IPv4 DirPorts.
2016-02-03 23:56:19 +11:00
teor (Tim Wilson-Brown)
b316c87bc9 Make bridge clients prefer the configured bridge address
When ClientPreferIPv6ORPort is auto, bridges prefer the configured
bridge ORPort address. Otherwise, they use the value of the option.
Other clients prefer IPv4 ORPorts if ClientPreferIPv6ORPort is auto.

When ClientPreferIPv6DirPort is auto, all clients prefer IPv4 DirPorts.
2016-02-03 23:52:39 +11:00
Yawning Angel
c625ab9f5a Validate the DH parameters for correctness.
We use sensible parameters taken from common sources, and no longer
have dynamic DH groups as an option, but it feels prudent to have
OpenSSL validate p and g at initialization time.
2016-02-02 22:03:48 +00:00
teor (Tim Wilson-Brown)
92b1c3b604 Update ExitPolicy when interface addresses change
Tor exit relays reject local interface addresses in their exit policy.

Make sure those policies are updated when interface addresses change.
2016-02-02 15:05:59 +11:00
Nick Mathewson
b860f82d56 Treat bt_test.py failures as "SKIP" on freebsd.
Closes #18204.
2016-02-01 14:11:45 -05:00
Nick Mathewson
c6fa55d2da Bitwise negate is ~, not !.
Spotted by coverity; bug in tests only, not in any released Tor.

This is CID 1351128
2016-02-01 13:12:58 -05:00
Nick Mathewson
7631cffbcc Fix warnings from check-spaces 2016-02-01 10:24:13 -05:00
Nick Mathewson
ac7e43d30a Redux: don't expect unix sockets to be accepted on windows 2016-02-01 10:21:11 -05:00
Nick Mathewson
49442b5e67 Don't expect unix sockets to be accepted on Windows
Fixes failures in test_config.c; bug not in any released tor.
2016-02-01 09:57:54 -05:00
Nick Mathewson
f4ac44c9f2 Merge branch 'options_validate_second_round_cleaned' 2016-02-01 09:52:11 -05:00
teor (Tim Wilson-Brown)
e3da5ad6e3 Replace incorrect use of snprintf in unit tests with tor_snprintf
This avoids a potential out of bounds write.
2016-02-01 09:50:43 -05:00
teor (Tim Wilson-Brown)
f7b2ae91e9 Make all unit tests independent of log message order and count 2016-02-01 09:50:43 -05:00
teor (Tim Wilson-Brown)
dbb5819e96 Report malformed options in options_validate unit tests 2016-02-01 09:50:42 -05:00
Ola Bini
fe92e9bb96 Add a helper to search for strings in the log, and change option tests to use this helper instead of looking at specific indices in the log list 2016-02-01 09:50:42 -05:00
Nick Mathewson
4cd93a6a59 Merge branch 'maint-0.2.7'
(We already had a fix for the address test freebsd issues)
2016-02-01 09:41:45 -05:00
Nick Mathewson
7d1fe7c9e7 Try to fix address tests on FreeBSD
In jails, there is not always a localhost.

Bugfix not on any released Tor.
2016-02-01 09:38:31 -05:00
teor (Tim Wilson-Brown)
1dae4dac12 Add unit tests for ClientUseIPv[4,6] and ClientPreferIPv6[OR,Dir]Port 2016-02-01 09:15:07 +11:00
teor (Tim Wilson-Brown)
26f68a771c Report malformed options in options_validate unit tests 2016-02-01 09:11:16 +11:00
teor (Tim Wilson-Brown)
13db39b856 Fix existing options_validate unit tests for ClientUseIPv4 2016-02-01 09:10:52 +11:00
Ola Bini
8627a40fba Add a helper to search for strings in the log, and change option tests to use this helper instead of looking at specific indices in the log list 2016-02-01 09:09:44 +11:00
Nick Mathewson
5f7df92571 Remove support for unsigned time_t
We've never actually tested this support, and we should probably assume
it's broken.

To the best of my knowledge, only OpenVMS has this, and even on
OpenVMS it's a compile-time option to disable it.  And I don't think
we build on openvms anyway.  (Everybody else seems to be working
around the 2038 problem by using a 64-bit time_t, which won't expire
for roughly 292 billion years.)

Closes ticket 18184.
2016-01-29 09:18:59 -05:00
teor (Tim Wilson-Brown)
c4cb4706c9 Merge branch 'feature17840-v11-squashed' into feature17840-v11-merged
Conflicts:
	src/or/directory.c
	src/test/test_routerlist.c

Fix minor conflicts.
2016-01-29 07:37:06 +11:00
teor (Tim Wilson-Brown)
73fc67bc89 Tor2Web: tell extend_info_from_node intro point connections are direct 2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
1401117ff2 Return NULL from extend_info_from_node if the node has no allowed address
Modify callers to correctly handle these new NULL returns:
* fix assert in onion_extend_cpath
* warn and discard circuit in circuit_get_open_circ_or_launch
* warn, discard circuit, and tell controller in handle_control_extendcircuit
2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
77a9de0d48 Automatically use IPv6 when ClientUseIPv4 is 0
Consequential changes to log messages:
  * it's no longer possible to disable both IPv4 and IPv6,
  * refactor common string out of remaining log messages
2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
3a00215c35 Minor whitespace-only fix 2016-01-29 07:16:05 +11:00
teor (Tim Wilson-Brown)
4db5a35e66 Consistently format addresses in node_get_address_string
Also, don't write to a buffer with length zero.
2016-01-29 07:16:05 +11:00
teor (Tim Wilson-Brown)
772577b547 Optimise reachability checks when iterating through relay lists
Skip address checks on servers.

Skip allowed-only address checks on non-bridge clients with IPv4.
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
e991d642ec Add firewall_is_fascist_dir()
Refactor common parts of firewall_is_fascist_or().
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
3b8216f215 Use fascist firewall and ClientUseIPv4 for bridge clients
Bridge clients ignore ClientUseIPv6, acting as if it is always 1.
This preserves existing behaviour.

Make ClientPreferIPv6OR/DirPort auto by default:
 * Bridge clients prefer IPv6 by default.
 * Other clients prefer IPv4 by default.
This preserves existing behaviour.
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
4528f89316 Make entry_guard_set_status consistent with entry_is_live
Check fascist_firewall_allows_node in entry_guard_set_status and
return the same message as entry_is_live.
2016-01-29 07:15:53 +11:00
teor (Tim Wilson-Brown)
1648666203 Choose bridge addresses by IPv4/IPv6 preferences 2016-01-29 07:15:53 +11:00
teor (Tim Wilson-Brown)
c3cc8e16e9 Log when IPv4/IPv6 restrictions or preferences weren't met 2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
e72cbf7a4e Choose directory servers by IPv4/IPv6 preferences
Add unit tests, refactor pick_directory functions.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
268608c0a0 Choose OR Entry Guards using IPv4/IPv6 preferences
Update unit tests.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
2d33d192fc Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options
ClientUseIPv4 0 tells tor to avoid IPv4 client connections.
ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections.

Refactor policy for IPv4/IPv6 preferences.

Fix a bug where node->ipv6_preferred could become stale if
ClientPreferIPv6ORPort was changed after the consensus was loaded.

Update documentation, existing code, add unit tests.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
4460feaf28 Fix *_get_all_orports to use ipv6_orport
node_get_all_orports and router_get_all_orports incorrectly used or_port
with IPv6 addresses. They now use ipv6_orport.

Also refactor and remove duplicated code.
2016-01-29 07:13:56 +11:00
Nick Mathewson
39b597c2fd Restrict the meaning of digests_t to sha1+sha256.
This saves CPU and RAM when handling consensuses and x509 certs.

Closes ticket 17795; bug not in any released tor.
2016-01-27 13:10:17 -05:00
Nick Mathewson
bca7083e82 avoid integer overflow in and around smartlist_ensure_capacity.
This closes bug 18162; bugfix on a45b131590, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
2016-01-27 12:32:41 -05:00
Nick Mathewson
1a022525f7 attempt to fix crashes in unit tests 2016-01-27 09:42:08 -05:00
Nick Mathewson
39a86185c8 Correct further grammatical errors in tor comments
Avoid using a pronoun where it makes comments unclear.
Avoid using gender for things that don't have it.
Avoid assigning gender to people unnecessarily.
2016-01-27 08:51:28 -05:00
Nick Mathewson
42dea56363 Merge remote-tracking branch 'teor/bug18145' 2016-01-26 10:01:34 -05:00
teor (Tim Wilson-Brown)
4339fa5609 Replace "Alice" with "the client" in a hidden service log message 2016-01-26 13:49:16 +11:00
teor (Tim Wilson-Brown)
fb939ed82e Replace Alice/Bob with client/service in hidden service comments 2016-01-26 13:48:31 +11:00
teor (Tim Wilson-Brown)
7a4b4f0c3a Correct grammatical errors in tor log messages
Avoid using gender for things that don't have it.
2016-01-26 13:47:23 +11:00
teor (Tim Wilson-Brown)
c927b6cb1a Correct grammatical errors in tor comments
Avoid using gender for things that don't have it.

Avoid assigning a gender to tor users.
2016-01-26 13:46:54 +11:00
Nick Mathewson
0010b8064e Fix redundant-declaration warning 2016-01-22 09:53:42 -05:00
Nick Mathewson
cbed61d128 Merge remote-tracking branch 'twstrike/parse_port_config_tests' 2016-01-21 12:15:39 -05:00
Nick Mathewson
ae3d2a93f0 Merge remote-tracking branch 'twstrike/options_test' 2016-01-19 20:14:18 -05:00
Ola Bini
32946e2c96
Make sure that tests for domain sockets only run on OSes with domain sockets 2016-01-19 11:14:41 -05:00
Ola Bini
3e738211d4
Use correct u64 int ops instead of regular int ops, in order to avoid warnings on 32bit clang 2016-01-19 11:11:01 -05:00
Nick Mathewson
f557a7f327 Merge branch 'maint-0.2.7' 2016-01-19 08:30:48 -05:00
Nick Mathewson
534a0ba59b Merge branch 'maint-0.2.6' into maint-0.2.7 2016-01-19 08:30:39 -05:00
Nick Mathewson
e2efa9e321 Refine the memwipe() arguments check for 18089 a little more.
We still silently ignore
     memwipe(NULL, ch, 0);
and
     memwipe(ptr, ch, 0);  /* for ptr != NULL */

But we now assert on:
     memwipe(NULL, ch, 30);
2016-01-19 08:28:58 -05:00
Nick Mathewson
7b6d7aae09 Merge branch 'fallbacks-0281-squashed' 2016-01-18 20:16:05 -05:00
teor (Tim Wilson-Brown)
ab3c86479a Add default fallback directories for the 0.2.8 alpha releases
Allow fallback directories which have been stable for 30 days
to work around #18050, which causes relays to submit descriptors
with 0 DirPorts when restarted. (Particularly during Tor version
upgrades.)

Ignore low fallback directory count in alpha builds.
2016-01-18 20:15:59 -05:00
Nick Mathewson
ab58f60321 Merge branch 'maint-0.2.7' 2016-01-18 20:03:28 -05:00
Nick Mathewson
8335b1f9a9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-01-18 20:00:16 -05:00
teor (Tim Wilson-Brown)
db81565331 Make memwipe() do nothing when passed a NULL pointer or zero size
Check size argument to memwipe() for underflow.

Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
2016-01-18 19:58:07 -05:00
Nick Mathewson
0ace22ef6d Merge remote-tracking branch 'origin/maint-0.2.7' 2016-01-18 19:52:34 -05:00
Nick Mathewson
83dfcfbc4a Merge remote-tracking branch 'teor/bug18050' into maint-0.2.7 2016-01-18 19:51:57 -05:00
teor (Tim Wilson-Brown)
6094a886cf Check ORPort and DirPort reachability before publishing a relay descriptor
Otherwise, relays publish a descriptor with DirPort 0 when the DirPort
reachability test takes longer than the ORPort reachability test.

Closes bug #18050. Reported by "starlight", patch by "teor".
Bugfix on 0.1.0.1-rc, commit a1f1fa6ab on 27 Feb 2005.
2016-01-18 14:00:29 +11:00
Nick Mathewson
da4dbb29b7 Fix some leaks in the unit tests. 2016-01-15 11:45:19 -05:00
Nick Mathewson
f6ea7a6258 Make the new directory tests build and run again.
Had to disable a couple.

Also add changes file for 17003.
2016-01-15 11:20:14 -05:00
Nick Mathewson
537214d10e Merge remote-tracking branch 'twstrike/directory-tests' 2016-01-15 11:08:22 -05:00
Nick Mathewson
f47d4af04c Whitespace cleanup 2016-01-15 10:57:03 -05:00
Nick Mathewson
00b13cb091 Merge remote-tracking branch 'twstrike/options_test' 2016-01-15 10:52:27 -05:00
Ola Bini
1722232d78
Update tests to match current changes to options_validate 2016-01-13 10:54:08 -05:00
Ola Bini
6d5215fd19
Move clearing of log messages on advice from @cypherpunks, in order to minimize risk of race conditions leading to another memory leak 2016-01-13 10:35:49 -05:00
Ola Bini
5c1c117b8e
Revert my addition of callback cleaner and instead use existing functionality for temporary log files 2016-01-13 10:35:06 -05:00
Ola Bini
0bfa616e2e
Remove a small memory leak in log callback setup 2016-01-13 10:35:05 -05:00
Ola Bini
ce953b864b
Fix memory leaks 2016-01-13 10:35:05 -05:00
Ola Bini
f2a7a83626
Fix all white space issues 2016-01-13 10:34:24 -05:00
Ola Bini
1a3fcda0a3
Fix some issues in gcc warnings 2016-01-13 10:32:09 -05:00
Ola Bini
5edd431d92
Add tests for options_act 2016-01-13 10:31:13 -05:00
Fergus Dall
d748c193e1 Include square brackets and port number in calcs for max_dl_per_request 2016-01-13 18:05:52 +10:30
Fergus Dall
91077d3aca Update the limits in max_dl_per_request for IPv6 address length 2016-01-13 06:57:24 +10:30
Ola Bini
fcd7923a96
Fix remaining memory leaks 2016-01-12 12:33:05 -05:00
Ola Bini
ee39869f67
Fix some memory leaks 2016-01-12 12:14:34 -05:00
Ola Bini
b24a16e56e
Make it compile with gcc-warnings turned on 2016-01-12 11:53:07 -05:00
Nick Mathewson
3074b8365f Add another safe_str_client to fix bug 17419 2016-01-12 10:42:01 -05:00
Fergus Dall
9e5a6f0293 Stop log_heartbeat test from failing in timezones with non-integer offsets
Instead of comparing the end of the time string against a constant,
compare it to the output of format_local_iso_time when given the
correct input.
2016-01-12 22:01:46 +10:30
Nick Mathewson
16840e52e5 Make the touch_file unit test work around FS/system time sync issues
Sometimes you can call time() and then touch a file, and have the
second come out a little before the first.  See #18025 for way more
information than you necessarily wanted.
2016-01-11 10:03:00 -05:00
Nick Mathewson
1d6dd288e1 Try a little harder to only use SecureZeroMemory when it's present
We could be using AC_CHECK_FUNC_DECL too, but it shouldn't be needed.
2016-01-11 09:02:42 -05:00
Nick Mathewson
d10ea49588 Merge remote-tracking branch 'rl1987/feature17950' 2016-01-11 08:54:51 -05:00
rl1987
fd26c1d994 Re-add the removed address family check. 2016-01-09 15:03:54 +01:00
Nick Mathewson
95f5910810 Merge branch 'unixninja_ticket15989_squashed' 2016-01-08 15:52:22 -08:00
unixninja92
4f0e28977d Added AccountRule in and AccountingRule out options 2016-01-08 15:52:10 -08:00