Nick Mathewson
c433736734
Add tests for failing cases of crypto_pwbox
2014-09-25 11:58:14 -04:00
Nick Mathewson
3b7d0ed08e
Use trunnel for crypto_pwbox encoding/decoding.
...
This reduces the likelihood that I have made any exploitable errors
in the encoding/decoding.
This commit also imports the trunnel runtime source into Tor.
2014-09-25 11:58:14 -04:00
Nick Mathewson
3011149401
Adjust pwbox format: use a random IV each time
...
Suggested by yawning
2014-09-25 11:58:14 -04:00
Nick Mathewson
d0f5d2b662
Test a full array of s2k flags with pwbox test.
...
Suggested by yawning.
2014-09-25 11:58:14 -04:00
Nick Mathewson
05a6439f1f
Use preferred key-expansion means for pbkdf2, scrypt.
...
Use HKDF for RFC2440 s2k only.
2014-09-25 11:58:13 -04:00
Nick Mathewson
8d84f3af7b
Test vectors for PBKDF2 from RFC6070
2014-09-25 11:58:13 -04:00
Nick Mathewson
b59d0dae14
Test vectors for scrypt from draft-josefsson-scrypt-kdf-00
2014-09-25 11:58:13 -04:00
Nick Mathewson
2b2cab4141
Tweak and expose secret_to_key_compute_key for testing
...
Doing this lets me pass in a salt of an unusual length.
2014-09-25 11:58:13 -04:00
Nick Mathewson
8184839a47
Rudimentary-but-sufficient passphrase-encrypted box code.
...
See crypto_pwbox.c for a description of the file format.
There are tests for successful operation, but it still needs
error-case tests.
2014-09-25 11:58:13 -04:00
Nick Mathewson
e84e1c9745
More generic passphrase hashing code, including scrypt support
...
Uses libscrypt when found; otherwise, we don't have scrypt and we
only support openpgp rfc2440 s2k hashing, or pbkdf2.
Includes documentation and unit tests; coverage around 95%. Remaining
uncovered code is sanity-checks that shouldn't be reachable fwict.
2014-09-25 11:58:13 -04:00
Nick Mathewson
e72a5b3c07
Move secret-to-key functionality into a separate module
...
I'm about to add more of these, so we might as well trudge forward.
2014-08-28 12:04:22 -04:00
Nick Mathewson
9b2d8c4e20
Rename secret_to_key to secret_to_key_rfc2440
2014-08-28 11:20:31 -04:00
Nick Mathewson
cc3b04a8c1
Merge remote-tracking branch 'origin/maint-0.2.5'
2014-08-28 08:36:00 -04:00
Roger Dingledine
37a76d75dd
Resume expanding abbreviations for command-line options
...
The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).
Fixes bug 12948; bugfix on 0.2.5.1-alpha.
2014-08-28 08:33:43 -04:00
Nick Mathewson
9f9b19ed7b
Initialize crash handler in unit tests
...
This way, we don't get locking failures when we hit an assertion in
the unit tests. Also, we might find out about unit test bugs from
folks who can't do gdb.
2014-08-27 20:03:00 -04:00
Nick Mathewson
fdb7fc70d0
Merge remote-tracking branch 'public/bug10163'
2014-08-26 09:44:16 -04:00
Nick Mathewson
051dd9c409
Remove the assigned-but-unused chosen_named_idx local variable
...
It had been used in consensus method 1. But now that 13 is the
minimum (see #10163 ), we don't need it around.
Found by sysrqb.
2014-08-25 11:26:08 -04:00
Nick Mathewson
72ba1739e2
Fix another memory leak case in sandbox.c:prot_strings()
...
This is related to the rest of 523587a5cf
2014-08-25 11:14:31 -04:00
Nick Mathewson
9222707e5c
Use the ARRAY_LENGTH macro more consistently.
2014-08-24 13:35:48 -04:00
Nick Mathewson
15be51b41d
Remove the non-implemented versions of the sandbox _array() functions
2014-08-24 13:35:30 -04:00
Nick Mathewson
991545acf1
Whitespace fixes
2014-08-24 13:32:39 -04:00
Nick Mathewson
7c1143e11f
Terser ways to sandbox-allow related filenames
...
Using the *_array() functions here confused coverity, and was actually
a bit longer than we needed. Now we just use macros for the repeated
bits, so that we can mention a file and a suffix-appended version in
one line.
2014-08-24 13:30:55 -04:00
Nick Mathewson
59e114832e
Merge branch 'bug11792_1_squashed'
...
Conflicts:
src/or/circuitlist.c
2014-08-24 13:09:08 -04:00
Nick Mathewson
d6033843a4
When looking for conns to close, count the age of linked queued data
...
Specifically, count the age of the data queued in a linked directory
connection's buffers when counting a stream's age.
2014-08-24 13:04:45 -04:00
Nick Mathewson
68e430a6fb
Kill non-tunneled directory connections when handling OOM.
...
Another part of 11792.
2014-08-24 13:04:38 -04:00
Nick Mathewson
8e55cafd67
Count zlib buffer memory towards OOM totals.
...
Part of 11792.
(Uses the zlib-endorsed formula for memory needs for inflate/deflate
from "zconf.h".)
2014-08-24 13:04:27 -04:00
Nick Mathewson
d31bcc4b23
Tidy status handling in rendservice.c
...
We had some code to fix up the 'status' return value to -1 on error
if it wasn't set, but it was unreachable because our code was
correct. Tweak this by initializing status to -1, and then only
setting it to 0 on success. Also add a goto which was missing: its
absence was harmless.
[CID 718614, 718616]
2014-08-22 12:23:01 -04:00
Nick Mathewson
a8cc41a230
Merge branch 'coverity_20140821'
2014-08-21 12:14:00 -04:00
Nick Mathewson
523587a5cf
fix memory leak on failure in sandbox.c:prot_strings()
...
[CID 1205014]
2014-08-21 11:40:48 -04:00
Nick Mathewson
35b2e11755
Store sandbox params as char *, since that's what they are.
...
This allows coverity to infer that we aren't leaking them.
[Fixes a lot of CIDs]
2014-08-21 11:22:42 -04:00
Nick Mathewson
446e481c90
Check for duplicate arguments to tor-gencert
...
Found by coverity, which noticed that if you said
tor-gencert -i identity1 -i identity2
we would leak "identity1".
[CID 1198201, 1198202, 1198203]
2014-08-21 11:22:42 -04:00
Nick Mathewson
a66fff6381
Mark one use of networkstatus_check_document_signature as (void)
...
Also explain why we aren't checking its return value.
[CID 1198197]
2014-08-21 11:22:42 -04:00
Nick Mathewson
059e33de59
remove meaningless checks for chunks==NULL in dirserv stuff
...
Also, make it clearer that chunks cannot be NULL
[CID 1031750, 1031751]
2014-08-21 11:22:42 -04:00
Nick Mathewson
917e1042f7
Suppress coverity warning about overflowing in safe_mem_is_zero
...
The unsigned underflow here is defined and intentional.
CID 202482
2014-08-21 11:22:42 -04:00
Nick Mathewson
7bc25b5a78
Avoid performing an assert on an always-true value
...
This was freaking out coverity.
[CID 743379]
2014-08-21 11:22:42 -04:00
Nick Mathewson
c43e45d0ea
Suppress coverity warning about overflowing in tor_memeq.
...
The unsigned underflow here is defined and intentional.
CID 202482
2014-08-21 10:44:13 -04:00
Nick Mathewson
0de7565dfd
Check return values for fcntl in tor_spawn_background.
...
[CID 718609]
2014-08-21 10:38:19 -04:00
Nick Mathewson
377b5c0510
Allow rend_service_intro_free to get called with NULL
...
(We allowed it previously, but produced an LD_BUG message when it
happened, which is not consistent
Also, remove inconsistent NULL checks before calling
rend_service_intro_free.
(Removing the check is for CID 718613)
2014-08-21 10:34:29 -04:00
Nick Mathewson
c9cac69ac6
Remove a dead check for errmsg in handle_control_authenticate
...
Coverity doesn't like doing NULL checks on things that can't be
NULL; I like checking things where the logic for their not being
NULL is nontrivial. Let's compromise, and make it obvious that this
field can't be NULL.
[Coverity CID 202004]
2014-08-21 10:27:43 -04:00
Nick Mathewson
e6a05c1c54
Add a missing goto to an unusable branch and make the branch LD_BUG.
...
(It's LD_BUG to reach this point because the hashed password values
were tested earlier from options_validate)
[Coverity CID 1232091]
2014-08-21 10:21:17 -04:00
Nick Mathewson
2a0a5fe612
Explicitly cast when dividing ints then implicitly casting to double.
...
Coverity thinks that when we do "double x = int1/int2;", we probably
meant "double x = ((double)int1) / int2;". In these cases, we
didn't.
[Coverity CID 1232089 and 1232090]
2014-08-21 10:19:26 -04:00
Nick Mathewson
b6a725c67e
Fix memory leaks in test_entrynodes.c
...
[Coverity CID 1232087 and 1232088]
2014-08-21 10:18:17 -04:00
Nick Mathewson
2cf229ab60
Make the two branches of tor_tls_used_v1_handshake into one.
...
(Coverity thinks that "if (a) X; else X;" is probably a bug.)
[Coverity CID 1232086]
2014-08-21 10:12:54 -04:00
Nick Mathewson
916fba2243
Merge branch 'bug12205_take2_squashed'
2014-08-20 15:32:48 -04:00
Nick Mathewson
2994f00199
Whitespace fixes
2014-08-20 15:32:35 -04:00
Nick Mathewson
a5fe84b5a6
Small cleanups to test_entry_is_time_to_retry
2014-08-20 15:31:25 -04:00
rl1987
8b539cc276
Unit testing entry_is_time_to_retry().
2014-08-20 15:29:56 -04:00
rl1987
c731a1c68f
Write comments for members of periods array.
2014-08-20 15:29:56 -04:00
rl1987
197d855009
Rewriting entry_is_time_to_retry() using table approach.
2014-08-20 15:29:55 -04:00
Nick Mathewson
01a0ab02a3
Merge branch 'bug10116_squashed'
2014-08-20 14:52:24 -04:00