Commit Graph

637 Commits

Author SHA1 Message Date
George Kadianakis
6a179b1072 Merge branch 'tor-github/pr/891' into maint-0.4.0 2019-04-18 13:21:59 +03:00
Bernhard M. Wiedemann
8c4e68438d Do not warn about compatible OpenSSL upgrades
When releasing OpenSSL patch-level maintenance updates,
we do not want to rebuild binaries using it.
And since they guarantee ABI stability, we do not have to.

Without this patch, warning messages were produced
that confused users:
https://bugzilla.opensuse.org/show_bug.cgi?id=1129411

Fixes bug 30190; bugfix on 0.2.4.2-alpha commit 7607ad2bec

Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
2019-04-17 01:55:04 +02:00
Tobias Stoeckmann
670d0f9f5b Clear memory in smartlist_remove_keeporder.
The smartlist functions take great care to reset unused pointers inside
the smartlist memory to NULL.

The function smartlist_remove_keeporder does not clear memory in such
way when elements have been removed. Therefore call memset after the
for-loop that removes elements. If no element is removed, it is
effectively a no-op.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2019-04-15 14:51:36 -04:00
Nick Mathewson
3105081c2f Fix assertf() issues when ALL_BUGS_ARE_FATAL is defined.
Fix from Gisle Vanem; fixes bug 30179.  Bug not in any released
version of Tor.
2019-04-15 14:37:46 -04:00
Nick Mathewson
358df18064 Merge branch 'bug30189_035' into bug30189_041 2019-04-15 14:27:32 -04:00
Nick Mathewson
802ac8ad61 Use a tor_abort_() wrapper in our util_bug.h macros
Previously, our use of abort() would break anywhere that we didn't
include stdlib.h.  This was especially troublesome in case where
tor_assert_nonfatal() was used with ALL_BUGS_ARE_FATAL, since that
one seldom gets tested.

As an alternative, we could have just made this header include
stdlib.h.  But that seems bloaty.

Fixes bug 30189; bugfix on 0.3.4.1-alpha.
2019-04-15 14:16:23 -04:00
George Kadianakis
7b386f2356 Merge branch 'tor-github/pr/908' 2019-04-12 13:47:08 +03:00
George Kadianakis
86aa141572 Merge branch 'tor-github/pr/754' 2019-04-12 13:45:53 +03:00
teor
ebbc2c3d8f
crypt_ops: Stop using a separate buffer in ed25519_signature_from_base64()
Part of 29960.
2019-04-12 13:00:02 +10:00
Nick Mathewson
48a574604b Remove an extraneous _ from __COVERITY__
We had a typo in this check, so that coverity wasn't taking the
right path.

Bug not in any released Tor.
2019-04-11 18:56:02 -04:00
Nick Mathewson
4e3d144fb0 Don't leak on logic error in string_is_valid_nonrfc_hostname()
This is CID 1437438.  No backport needed: this is unreachable, and
guarded with a BUG() check.
2019-04-11 17:40:05 -04:00
teor
a1d9f44971
Merge branch 'maint-0.4.0' 2019-04-10 18:27:11 +10:00
teor
454bdb22ee
Merge remote-tracking branch 'tor-github/pr/920' into maint-0.4.0 2019-04-10 18:26:49 +10:00
teor
4cffc7fe9c
Merge branch 'maint-0.4.0' 2019-04-06 12:23:25 +10:00
teor
b100c9e980
Merge remote-tracking branch 'tor-github/pr/911' into maint-0.4.0 2019-04-06 12:15:41 +10:00
Nick Mathewson
5cb94cbf9d
NSS: disable TLS1.2 SHA-384 ciphersuites.
In current NSS versions, these ciphersuites don't work with
SSL_ExportKeyingMaterial(), which was causing relays to fail when
they tried to negotiate the v3 link protocol authentication.

Fixes bug 29241; bugfix on 0.4.0.1-alpha.
2019-04-06 11:06:34 +10:00
Nick Mathewson
680fd3f8fb
NSS: Log an error message when SSL_ExportKeyingMaterial() fails
Diagnostic for 29241.
2019-04-06 11:06:22 +10:00
George Kadianakis
3393c8d510 Merge branch 'maint-0.4.0' 2019-04-05 14:53:39 +03:00
George Kadianakis
217db9efe1 Merge branch 'tor-github/pr/902' into maint-0.4.0 2019-04-05 14:53:33 +03:00
George Kadianakis
b371ea5b0e Merge branch 'tor-github/pr/761' 2019-04-05 14:52:36 +03:00
teor
c616f45776 binascii: Fix the base64_encode_nopad() buffer length requirement
Comment-only change.

Part of 29660.
2019-04-05 15:17:19 +10:00
teor
5e2cba8eb4 crypto_format: Stop adding padding in ed25519_signature_from_base64()
base64_decode() does not require padding.

Part of 29660.
2019-04-05 15:17:19 +10:00
teor
ce5e38642d crypto_format: Remove the return value from ed25519_signature_to_base64()
Also remove all checks for the return value, which were redundant anyway,
because the function never failed.

Part of 29660.
2019-04-05 15:17:19 +10:00
teor
e3124fef54 crypto_format: Remove the return value from curve25519_public_to_base64()
And fix the documentation on the function: it does produce trailing
"="s as padding.

Also remove all checks for the return value, which were redundant anyway,
because the function never failed.

Part of 29660.
2019-04-05 15:17:19 +10:00
teor
7d513a5d55 crypto_format: Remove the return values from digest256_to_base64()
... and ed25519_public_to_base64(). Also remove all checks for the return
values, which were redundant anyway, because the functions never failed.

Part of 29960.
2019-04-05 15:17:19 +10:00
teor
abaed046a6 crypto_format: Remove unused return value from digest_to_base64()
Part of 29660.
2019-04-05 15:17:19 +10:00
teor
0d136a12bb crypto_format: Remove outdated comments
(These functions look pretty unified to me.)

Part of 29660.
2019-04-05 15:17:08 +10:00
Nick Mathewson
1779878f9e Merge remote-tracking branch 'tor-github/pr/752' 2019-04-04 20:39:36 -04:00
Nick Mathewson
76912bf140 Use an enum for inherit_result_out. 2019-04-04 12:56:52 -04:00
Nick Mathewson
027c536598 rename inherit values to avoid conflict with system defines 2019-04-04 12:56:52 -04:00
Nick Mathewson
785c3f84de fast_rng: if noinherit has failed, then check getpid() for bad forks
getpid() can be really expensive sometimes, and it can fail to
detect some kind of fork+prng mistakes, so we need to avoid it if
it's safe to do so.

This patch might slow down fast_prng a lot on any old operating
system that lacks a way to prevent ram from being inherited, AND
requires a syscall for any getpid() calls.  But it should make sure
that we either crash or continue safely on incorrect fork+prng usage
elsewhere in the future.
2019-04-04 12:56:52 -04:00
Nick Mathewson
361e955cf3 map_anon: define a macro if it is possible for noinherit to fail. 2019-04-04 12:56:52 -04:00
Nick Mathewson
12205c3cbe Make map_anon expose the result of a noinherit attempt
Previously we did this for tests only, but it's valuable for getting
proper fork behavior in rand_fast.
2019-04-04 12:56:52 -04:00
Nick Mathewson
ab6ad3c040 Drop thread-local fast_rng on fork.
This will cause the child process to construct a new one in a nice
safe way.

Closes ticket 29668; bug not in any released Tor.
2019-04-04 12:56:52 -04:00
Nick Mathewson
db1c1dba34 Merge branch 'bug30021_029' into bug30021_035 2019-04-04 11:26:33 -04:00
Nick Mathewson
821d29e420 fdio.c: add more includes.
This is just in case there is some rogue platform that uses a
nonstandard value for SEEK_*, and does not define that macro in
unistd.h.  I think that's unlikely, but it's conceivable.
2019-04-03 13:53:36 -04:00
teor
fdee4dd501
Merge remote-tracking branch 'tor-github/pr/863' 2019-04-03 13:12:17 +10:00
Nick Mathewson
809a3a748d bug_occurred: a place where we assumed that "buf" was still a buffer
In 9c132a5f9e we replaced "buf" with a pointer and replaced
one instance of snprintf with asprintf -- but there was still one
snprintf left over, being crashy.

Fixes bug 29967; bug not in any released Tor. This is CID 1444262.
2019-03-30 21:07:15 -04:00
Nick Mathewson
9ed02ec282 Merge branch 'ticket29662_squashed' into ticket29662_squashed_merged 2019-03-29 14:28:48 -04:00
rl1987
537ad0bca3 Check for NULL in tor_assertf_nonfatal() 2019-03-29 14:26:13 -04:00
rl1987
9c132a5f9e Refrain from using static buffer for assert failure message; call tor_asprintf() instead 2019-03-29 14:26:03 -04:00
rl1987
f66a17444e Silence compiler warnings 2019-03-29 14:25:59 -04:00
Nick Mathewson
f58587a68d Don't unconditionally deref pub and sub in lint_message_consistency
This can't actually result in a null pointer dereference, since
pub_excl and sub_excl are only set when the corresponding smartlists
are nonempty.  But coverity isn't smart enough to figure that out,
and we shouldn't really be depending on it.

Bug 29938; CID 1444257.  Bug not in any released Tor.
2019-03-28 09:19:23 -04:00
George Kadianakis
00ca3d04cf Merge branch 'tor-github/pr/859' 2019-03-27 14:30:53 +02:00
teor
8991280f89
Merge branch 'maint-0.4.0' 2019-03-27 12:31:37 +10:00
Nick Mathewson
a47b61f329 Merge branch 'messaging_v3' into messaging_v3_merged 2019-03-26 20:13:49 -04:00
Nick Mathewson
203e9138d1 Remove message/subsystem numbers from log messages
Having the numbers in those messages makes some of the unit test
unstable, by causing them to depend on the initialization order of
the naming objects.
2019-03-26 19:56:39 -04:00
Nick Mathewson
f32d890531 Merge branch 'bug29805_rebased_squashed' 2019-03-26 09:39:46 -04:00
George Kadianakis
27f24484d4 prob-distr: Some more comments about the initializers.
Based on patches and review comments by Riastradh and Catalyst.

Co-authored-by: Taylor R Campbell <campbell+tor@mumble.net>
Co-authored-by: Taylor Yu <catalyst@torproject.org>
2019-03-26 09:39:40 -04:00
George Kadianakis
08176c2396 prob-distr: Silence some coverity warnings. 2019-03-26 09:39:37 -04:00
teor
613c5ff357
Merge remote-tracking branch 'tor-github/pr/724' 2019-03-26 19:31:17 +10:00
Nick Mathewson
ddb31dd583 Rename one case of c_type to c_ptr_type. 2019-03-25 16:35:34 -04:00
Nick Mathewson
3f0bfe1d29 Rename DISPATCH_DEFINE_TYPE() to DISPATCH_REGISTER_TYPE()
Also fix a grammar error in a comment.
2019-03-25 16:35:34 -04:00
Nick Mathewson
28fd4996ac Various documentation notes and tweaks for pubsub 2019-03-25 16:35:34 -04:00
Nick Mathewson
a8ca464cee Log warning messages _before_ exiting because of earlier dcfg failure
This helps diagnostics.
2019-03-25 16:35:34 -04:00
Nick Mathewson
47de9c7b0a Use actual pointers in dispatch_cfg.c.
Previously, I had used integers encoded as pointers.  This
introduced a flaw: NULL represented both the integer zero, and the
absence of a setting.  This in turn made the checks in
cfg_msg_set_{type,chan}() not actually check for an altered value if
the previous value had been set to zero.

Also, I had previously kept a pointer to a dispatch_fypefns_t rather
than making a copy of it.  This meant that if the dispatch_typefns_t
were changed between defining the typefns and creating the
dispatcher, we'd get the modified version.

Found while investigating coverage in pubsub_add_{pub,sub}_()
2019-03-25 16:35:34 -04:00
Nick Mathewson
4bdff5e3e9 practracker compliance: split lint_message into more logical parts 2019-03-25 16:35:34 -04:00
Nick Mathewson
3552cd69bd coverage: Exclude lines in pubsub_pub that can only be reached on bug 2019-03-25 16:35:34 -04:00
Nick Mathewson
2e7f80d5f4 pubsub_check.c: Stop accepting NULL prefix, which we never send.
(Our code to handle it was broken, too)
2019-03-25 16:35:34 -04:00
Nick Mathewson
beedadbeac Try a different approach to making publish function seem used.
We want the DISPATCH_ADD_PUB() macro to count as making a
DECLARE_PUBLISH() invocation "used", so let's try a new approach
that preserves that idea.  The old one apparently did not work for
some versions of osx clang.
2019-03-25 16:35:34 -04:00
Nick Mathewson
94feec59cf move pubsub_connector_t typedef to pubsub_connect.h 2019-03-25 16:35:34 -04:00
Nick Mathewson
22ad8658cd Correct doxygen @file directives 2019-03-25 16:35:34 -04:00
Nick Mathewson
3d6bf7b36e Document several issues found by Taylor 2019-03-25 16:35:34 -04:00
Nick Mathewson
02e0a39d39 Add msgtypes.h include to pubsub_build.h
(The header won't compile without it.)
2019-03-25 16:35:33 -04:00
Nick Mathewson
bdeaf7d4b2 Code to manage publish/subscribe setup via subsystem interface.
This commit has the necessary logic to run the publish/subscribe
system from the mainloop, and to initialize it on startup and tear
it down later.
2019-03-25 16:35:33 -04:00
Nick Mathewson
24df14eb09 Pubsub: macros for ease-of-use and typesafety. 2019-03-25 16:35:33 -04:00
Nick Mathewson
a7681525ab Add function to clear publish bindings.
When we clean up, we'd like to clear all the bindings that refer to
a dispatch_t, so that they don't have dangling pointers to it.
2019-03-25 16:35:33 -04:00
Nick Mathewson
271a671822 pubsub: relationship checking functionality
This code tries to prevent a large number of possible errors by
enforcing different restrictions on the messages that different
modules publish and subscribe to.

Some of these rules are probably too strict, and some too lax: we
should feel free to change them as needed as we move forward and
learn more.
2019-03-25 16:35:33 -04:00
Nick Mathewson
9e60482b80 Pubsub: an OO layer on top of lib/dispatch
This "publish/subscribe" layer sits on top of lib/dispatch, and
tries to provide more type-safety and cross-checking for the
lower-level layer.

Even with this commit, we're still not done: more checking will come
in the next commit, and a set of usability/typesafety macros will
come after.
2019-03-25 16:35:33 -04:00
Nick Mathewson
24b945f713 Debug logs to record all messages sent and delivered. 2019-03-25 16:35:33 -04:00
Nick Mathewson
f5683d90be Add a naming system for IDs in dispatch. 2019-03-25 16:35:33 -04:00
Nick Mathewson
e4d3098d4d Low-level dispatch module for publish-subscribe mechanism
This module implements a way to send messages from one module to
another, with associated data types.  It does not yet do anything to
ensure that messages are correct, that types match, or that other
forms of consistency are preserved.
2019-03-25 16:35:33 -04:00
Nick Mathewson
a62ac17198 Add a new inline function to check whether debug logging is on
We already do this in our log_debug() macro, but there are times
when we'd like to avoid allocating or precomputing something that we
are only going to log if debugging is on.
2019-03-25 16:35:33 -04:00
Nick Mathewson
253fea84cf Add a smartlist_grow() function to expand a smartlist
Tests included.
2019-03-25 16:35:33 -04:00
Nick Mathewson
56bda7464f Add a macro for the fairly common "eat next semicolon" syntax trick
You use this when you're defining a macro to be used at file scope,
and you want to require a semicolon afterwards.
2019-03-25 16:35:33 -04:00
Nick Mathewson
0944500a8e Add MESG as a new log domain. 2019-03-25 16:35:33 -04:00
Nick Mathewson
dfd7a7f5b6 Add a type to map names to short identifiers
We'll be using this for four kinds of identifier in dispatch.c
2019-03-25 16:35:33 -04:00
rl1987
68260e85b5 Move sizeof check to torint.h 2019-03-25 10:17:30 +02:00
teor
d4d541c53c
Merge remote-tracking branch 'tor-github/pr/785' 2019-03-25 14:01:20 +10:00
Alexander Færøy
4be522b2e6 Pass NULL to lpApplicationName in CreateProcessA().
When NULL is given to lpApplicationName we enable Windows' "magical"
path interpretation logic, which makes Tor 0.4.x behave in the same way
as previous Tor versions did when it comes to executing binaries in
different system paths.

For more information about this have a look at the CreateProcessA()
documentation on MSDN -- especially the string interpretation example is
useful to understand this issue.

This bug was introduced in commit bfb94dd2ca.

See: https://bugs.torproject.org/29874
2019-03-25 03:10:37 +01:00
George Kadianakis
846d379b50
circpad/prob_distr: Use crypto_fast_rng() instead of the old RNG. 2019-03-22 09:22:54 +10:00
George Kadianakis
fe78ba855a prob_distr: Better document our public API. 2019-03-13 17:51:19 +02:00
George Kadianakis
8d9f81bc9c prob_distr: Implement type-safe downcasting functions. 2019-03-13 17:51:19 +02:00
Nick Mathewson
065b74fa36 Fix all nonconformant headers' guard macros. 2019-03-12 15:20:22 -04:00
George Kadianakis
18a4f535d3 Merge branch 'maint-0.4.0' 2019-03-12 18:11:53 +02:00
George Kadianakis
0ce32affc2 Merge branch 'tor-github/pr/763' into maint-0.4.0 2019-03-12 18:11:35 +02:00
Nick Mathewson
733afb52a8 Merge branch 'maint-0.4.0' 2019-03-11 09:45:48 -04:00
teor
08ddf1f62b
Merge remote-tracking branch 'bug28525_029' into maint-0.3.5 2019-03-08 12:33:00 +10:00
rl1987
b6813845cf Also add tor_assertf_nonfatal() 2019-03-05 16:46:40 +02:00
rl1987
f236c9e7f9 Introduce tor_assertf() to allow logging extra error message on assert failure
With format string support!
2019-03-05 16:46:40 +02:00
George Kadianakis
c5da1f1cd5 Merge branch 'tor-github/pr/723' 2019-03-04 18:55:28 +02:00
teor
f186f21a4e
doc: Fix an incorrect comment about calling FreeLibrary() on Windows
There's an incorrect comment in compat_time.c that suggests we call
FreeLibrary() before we're done using the library's functions.
See 29642 for background.

Closes ticket 29643.
2019-03-04 11:29:15 +10:00
teor
e52d725977
doc: Improve the monotonic time module and function documentation
Explain what "monotonic" actually means, and document some results that
have surprised people.

Fixes bug 29640; bugfix on 0.2.9.1-alpha.
2019-03-04 11:25:14 +10:00
rl1987
5d53862139 Split crypto_digest.c
* Move out code that depends on NSS to crypto_digest_nss.c
* Move out code that depends on OpenSSL to crypto_digest_openssl.c
* Keep the general code that is not specific to any of the above in
  crypto_digest.c
2019-03-02 20:07:05 +02:00
David Goulet
13e93bdfd5 Merge branch 'tor-github/pr/718' 2019-03-01 09:36:23 -05:00
Nick Mathewson
64f594499a Document crypto_fast_rng_one_in_n. 2019-03-01 08:20:54 -05:00
David Goulet
b402a0887f Merge branch 'tor-github/pr/655' 2019-02-26 11:30:44 -05:00
George Kadianakis
7fbfdf2af7 Merge branch 'tor-github/pr/611' 2019-02-26 12:33:23 +02:00
Nick Mathewson
065e7da8e6 Re-enable and fix unit test for nofork mappings
This test was previously written to use the contents of the system
headers to decide whether INHERIT_NONE or INHERIT_ZERO was going to
work.  But that won't work across different environments, such as
(for example) when the kernel doesn't match the headers.  Instead,
we add a testing-only feature to the code to track which of these
options actually worked, and verify that it behaved as we expected.

Closes ticket 29541; bugfix not on any released version of Tor.
2019-02-25 08:55:25 -05:00
Nick Mathewson
b3416476b4 Remove all uses of weak_rng.
I'm not removing the weak_rng code itself yet, since it is possible
that we will want to revert one of these.
2019-02-20 12:24:34 -05:00