Commit Graph

3355 Commits

Author SHA1 Message Date
Nick Mathewson
39a86185c8 Correct further grammatical errors in tor comments
Avoid using a pronoun where it makes comments unclear.
Avoid using gender for things that don't have it.
Avoid assigning gender to people unnecessarily.
2016-01-27 08:51:28 -05:00
Nick Mathewson
f557a7f327 Merge branch 'maint-0.2.7' 2016-01-19 08:30:48 -05:00
Nick Mathewson
534a0ba59b Merge branch 'maint-0.2.6' into maint-0.2.7 2016-01-19 08:30:39 -05:00
Nick Mathewson
e2efa9e321 Refine the memwipe() arguments check for 18089 a little more.
We still silently ignore
     memwipe(NULL, ch, 0);
and
     memwipe(ptr, ch, 0);  /* for ptr != NULL */

But we now assert on:
     memwipe(NULL, ch, 30);
2016-01-19 08:28:58 -05:00
Nick Mathewson
ab58f60321 Merge branch 'maint-0.2.7' 2016-01-18 20:03:28 -05:00
Nick Mathewson
8335b1f9a9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-01-18 20:00:16 -05:00
teor (Tim Wilson-Brown)
db81565331 Make memwipe() do nothing when passed a NULL pointer or zero size
Check size argument to memwipe() for underflow.

Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
2016-01-18 19:58:07 -05:00
Nick Mathewson
f47d4af04c Whitespace cleanup 2016-01-15 10:57:03 -05:00
Ola Bini
5c1c117b8e
Revert my addition of callback cleaner and instead use existing functionality for temporary log files 2016-01-13 10:35:06 -05:00
Ola Bini
0bfa616e2e
Remove a small memory leak in log callback setup 2016-01-13 10:35:05 -05:00
Ola Bini
5edd431d92
Add tests for options_act 2016-01-13 10:31:13 -05:00
Nick Mathewson
1d6dd288e1 Try a little harder to only use SecureZeroMemory when it's present
We could be using AC_CHECK_FUNC_DECL too, but it shouldn't be needed.
2016-01-11 09:02:42 -05:00
Nick Mathewson
d10ea49588 Merge remote-tracking branch 'rl1987/feature17950' 2016-01-11 08:54:51 -05:00
rl1987
fd26c1d994 Re-add the removed address family check. 2016-01-09 15:03:54 +01:00
Nick Mathewson
5b5abd8c03 Merge commit '110765f5564a588c5f019d32b5e6f66cc7806c41' 2016-01-08 15:08:28 -08:00
Nick Mathewson
a1019b82c1 Merge remote-tracking branch 'public/feature16794_more' 2016-01-08 14:54:51 -08:00
cypherpunks
4c10a9c445 Simplify micro-revision dependency rules
The Automake variable OBJEXT is automatically adjusted to the correct
object file extension for the target platform.
2016-01-08 13:27:36 -08:00
rl1987
fb373a9ef6 On win32, use SecureZeroMemory() to securely wipe buffers.
{Also tweak the comments. -nickm)
2016-01-07 14:25:31 -08:00
Nick Mathewson
3783046f3b Use memset_s or explicit_bzero when available. 2016-01-07 12:53:24 -08:00
Nick Mathewson
8d6aafbb4a Merge remote-tracking branch 'teor/comments-20151213' 2016-01-07 12:50:10 -08:00
dana koch
be841f77aa Compatibility defines should be used for LibreSSL.
LibreSSL doesn't use OpenSSL_version (it uses the older SSLeay_version
API), but it reports a major version number as 2 in
OPENSSL_VERSION_NUMBER. Instead of fudging the version check, for now,
let's just check if we're using LibreSSL by checking the version number
macro exists, and use compatibility defines unconditionally when we
detect LibreSSL.
2016-01-07 12:48:59 -08:00
Nick Mathewson
77bc95cb5e Merge remote-tracking branch 'public/17826_redux' 2016-01-07 09:52:09 -08:00
rl1987
110765f556 Use get_interface6_via_udp_socket_hack() properly in _list().
When _list() is called with AF_UNSPEC family and fails to enumerate
network interfaces using platform specific API, have it call
_hack() twice to find out IPv4 and/or IPv6 address of a machine Tor
instance is running on. This is correct way to handle this case
because _hack() can only be called with AF_INET and AF_INET6 and
does not support any other address family.
2016-01-06 14:47:35 +01:00
rl1987
680d0701e5 Tweak ioctl case. 2016-01-06 11:47:31 +01:00
rl1987
44497e9ebc Add family argument to get_interface_addresses_raw (and subfunctions). 2016-01-03 15:35:45 +01:00
teor (Tim Wilson-Brown)
1949908d13 Fix a typo in the comment for tor_addr_port_split 2016-01-03 17:34:41 +11:00
Nick Mathewson
603110aa1d Merge branch 'feature17796_squashed' 2015-12-29 09:48:39 -05:00
Nick Mathewson
a12c5f462f Remove the (now-unused) digest_algorithm_bitfield_t 2015-12-29 09:47:04 -05:00
Nick Mathewson
488cdee5e7 When allocating a crypto_digest_t, allocate no more bytes than needed
Previously we would allocate as many bytes as we'd need for a
keccak--even when we were only calculating SHA1.

Closes ticket 17796.
2015-12-29 09:47:04 -05:00
Nick Mathewson
bc2cd0ff2b Use timingsafe_memcmp() where available.
See ticket 17944; patch from "logan".
2015-12-29 09:43:01 -05:00
Nick Mathewson
263f6d11fd Mark all object files built based on micro-revision.i as depending on it
Fixes make -j for some users; fixes bug 17826.

Bugfix on 0.2.5.1, when we started building testing versions of all
the object files.
2015-12-26 13:43:13 -05:00
Nick Mathewson
6365859825 Disable the dynlock functions we were giving openssl.
OpenSSL doesn't use them, and fwict they were never called. If some
version of openssl *does* start using them, we should test them before
we turn them back on.

See ticket 17926
2015-12-23 09:58:36 -05:00
Nick Mathewson
d7c841f467 Unit tests for crypto_force_rand_ssleay().
Part of 16794.
2015-12-23 09:58:08 -05:00
Nick Mathewson
b18f533cf0 Always test both ed25519 backends.
Part of #16794
2015-12-23 09:16:26 -05:00
Nick Mathewson
4ec0f8531e Add an unreachable line to make the compiler happy 2015-12-22 10:27:04 -05:00
Nick Mathewson
bb19799a49 Appease "make check-spaces" 2015-12-20 15:00:20 -05:00
Nick Mathewson
7b0cbf22c0 Merge remote-tracking branch 'yawning/feature17783_take2' 2015-12-20 14:10:52 -05:00
Yawning Angel
9467485517 Add crypto_xof_t and assorted routines, backed by SHAKE256.
This is an eXtendable-Output Function with the following claimed
security strengths against *all* adversaries:

 Collision: min(d/2, 256)
 Preimage: >= min(d, 256)
 2nd Preimage: min(d, 256)

 where d is the amount of output used, in bits.
2015-12-19 22:45:21 +00:00
Yawning Angel
687f9b3bd7 Add the SHA-3 hash functions to common/crypto.h.
* DIGEST_SHA3_[256,512] added as supported algorithms, which do
   exactly what is said on the tin.
 * test/bench now benchmarks all of the supported digest algorithms,
   so it's possible to see just how slow SHA-3 is, though the message
   sizes could probably use tweaking since this is very dependent on
   the message size vs the SHA-3 rate.
2015-12-19 22:44:05 +00:00
Nick Mathewson
14c9b99051 mark a variable unused to fix a warning. 2015-12-18 13:16:40 -05:00
cypherpunks
59e5bf7e2a Remove an extra space in backtrace version string 2015-12-18 13:09:05 -05:00
Nick Mathewson
0c5d8d9a4f Move some more code inside a tortls.c ifdef to fix deadcode warning. 2015-12-18 11:11:42 -05:00
Nick Mathewson
6b5b1a02d4 Fix a coverity NULL-pointer deref warning in the tortls tests.
Also, make our cert validation code more NULL-resistant.

This is CID 1327891.
2015-12-18 10:25:15 -05:00
Nick Mathewson
9e2c4ee557 Fix some dead code in tortls.c
If SSL_CIPHER_find exists, then we won't use either of the two
kludges that would replace it.

Found by Coverity; fixes CID 1340256.
2015-12-18 10:04:01 -05:00
cypherpunks
759e6f8afb Improve warning message
The user parameter is not checked so we do not know the user has been
specified.
2015-12-17 08:34:27 -05:00
Nick Mathewson
3317cd3a1f Merge branch 'maint-0.2.7' 2015-12-16 09:24:40 -05:00
Nick Mathewson
33b5bfb948 Don't call pthread_condattr_setclock() unless it exists
Fixes bug 17819; bugfix on 0.2.6.3-alpha (specifically, d684dbb0).
2015-12-16 09:23:44 -05:00
Nick Mathewson
a5da27cb35 Merge branch 'maint-0.2.7' 2015-12-16 09:07:11 -05:00
Nick Mathewson
784e9fff9b ... and fix another backtrace_symbols_fd call in sandbox.c 2015-12-16 09:05:49 -05:00
Nick Mathewson
e0aa4f837c ... and fix the linux backtrace_symbols{,_fd} calls 2015-12-16 09:05:18 -05:00
Nick Mathewson
bb23ad3e47 Merge remote-tracking branch 'teor/feature17863' 2015-12-16 08:48:28 -05:00
Nick Mathewson
c4df0c9f52 ... and fix the linux backtrace_symbols{,_fd} calls 2015-12-16 08:20:53 -05:00
teor (Tim Wilson-Brown)
e54e71fb6b Limit IPv6 mask bits to 128 2015-12-16 08:51:34 +11:00
Nick Mathewson
aba39ea390 Merge branch 'feature8195_small_squashed' 2015-12-15 13:11:06 -05:00
Nick Mathewson
405a8d3fb4 Update KeepCapabilities based on comments from asn
* The option is now KeepBindCapabilities
* We now warn if the user specifically asked for KeepBindCapabilities
  and we can't deliver.
* The unit tests are willing to start.
* Fewer unused-variable warnings.
* More documentation, fewer misspellings.
2015-12-15 13:10:57 -05:00
Nick Mathewson
e8cc839e41 Add ability to keep the CAP_NET_BIND_SERVICE capability on Linux
This feature allows us to bind low ports when starting as root and
switching UIDs.

Based on code by David Goulet.

Implement feature 8195
2015-12-15 13:10:57 -05:00
Nick Mathewson
a7d44731d9 Merge remote-tracking branch 'teor/feature4483-v10-squashed' 2015-12-15 12:57:57 -05:00
teor (Tim Wilson-Brown)
35bbf2e4a4 Prop210: Add schedules for simultaneous client consensus downloads
Prop210: Add attempt-based connection schedules

Existing tor schedules increment the schedule position on failure,
then retry the connection after the scheduled time.

To make multiple simultaneous connections, we need to increment the
schedule position when making each attempt, then retry a (potentially
simultaneous) connection after the scheduled time.

(Also change find_dl_schedule_and_len to find_dl_schedule, as it no
longer takes or returns len.)

Prop210: Add multiple simultaneous consensus downloads for clients

Make connections on TestingClientBootstrapConsensus*DownloadSchedule,
incrementing the schedule each time the client attempts to connect.

Check if the number of downloads is less than
TestingClientBootstrapConsensusMaxInProgressTries before trying any
more connections.
2015-12-16 04:37:49 +11:00
Nick Mathewson
fec5aa75f4 Merge branch 'maint-0.2.7' 2015-12-15 11:55:46 -05:00
cypherpunks
07cca627ea Fix backtrace compilation on FreeBSD
On FreeBSD backtrace(3) uses size_t instead of int (as glibc does). This
causes integer precision loss errors when we used int to store its
results.

The issue is fixed by using size_t to store the results of backtrace(3).

The manual page of glibc does not mention that backtrace(3) returns
negative values. Therefore, no unsigned integer wrapping occurs when its
result is stored in an unsigned data type.
2015-12-15 11:52:00 -05:00
cypherpunks
e91ccbb4f6 Remove obsolete INLINE preprocessor definition
The INLINE keyword is not used anymore in favor of inline.

Windows only supports __inline so an inline preprocessor definition is
still needed.
2015-12-15 11:34:00 -05:00
cypherpunks
824a6a2a90 Replace usage of INLINE with inline
This patch was generated using;

  sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
2015-12-15 11:34:00 -05:00
Nick Mathewson
f3ed5ec0ca Fix a pair of dead assignments 2015-12-11 09:35:43 -05:00
Jamie Nguyen
08c7ceb5df Permit filesystem group to be root 2015-12-10 20:00:06 -05:00
Nick Mathewson
4d13cc69ce make stack-protector happy 2015-12-10 11:50:02 -05:00
Nick Mathewson
390d3fa3af add a static 2015-12-10 09:43:55 -05:00
Nick Mathewson
ce3b7ddb54 improve a comment in memwipe 2015-12-10 09:03:47 -05:00
Nick Mathewson
7186e2a943 Merge remote-tracking branch 'public/feature17694_strongest_027' 2015-12-10 09:02:10 -05:00
Nick Mathewson
631e3517e3 Mark a couple more arguments as unused. 2015-12-09 11:58:32 -05:00
Nick Mathewson
3843c6615c Small cleanups and comment fixes to rng functions. 2015-12-09 09:15:57 -05:00
Nick Mathewson
3a69fcb01f try a little harder with getrandom types to avoid warnings 2015-12-09 08:31:29 -05:00
Nick Mathewson
0df014edad mark a variable unused. 2015-12-08 17:17:17 -05:00
Nick Mathewson
b701b7962b Fix comment switcheroo. Spotted by skruffy 2015-12-08 12:53:51 -05:00
Nick Mathewson
7f074e08d8 Merge branch 'feature13696_squashed' 2015-12-08 12:35:26 -05:00
Yawning Angel
353c71516e Add support for getrandom() and getentropy() when available
Implements feature #13696.
2015-12-08 12:34:53 -05:00
Nick Mathewson
2259de0de7 Always hash crypto_strongest_rand() along with some prng
(before using it for anything besides feeding the PRNG)

Part of #17694
2015-12-08 10:54:42 -05:00
teor (Tim Wilson-Brown)
021958934f Consistently ignore multicast in internal reject private exit policies
Consistently ignore multicast addresses when automatically
generating reject private exit policies.

Closes ticket 17763. Bug fix on 10a6390deb,
not in any released version of Tor. Patch by "teor".
2015-12-07 14:46:19 +11:00
Jeremy
b3639c8291 src/common/compat.c:tor_vasprintf() - vsnprintf() was properly checked but tor_vsnprintf() available so why not use it? 2015-12-01 13:00:58 -05:00
Jeremy
fcc6541fde src/common/compat.c:tor_vasprintf() - changed vsnprintf() to tor_vsnprintf() which ensures string is null terminated. 2015-12-01 12:27:29 -05:00
Nick Mathewson
eedef41944 use sockaddr_storage for stack-allocated sockets in ersatz socketpair 2015-11-27 11:52:59 -05:00
Nick Mathewson
f108be7c25 Make SIZEOF_SOCKADDR return socklen_t to avoid bad compares. 2015-11-27 11:48:54 -05:00
Nick Mathewson
a45aacd2e2 Use uint16_t, not in_port_t (which does not exist on Windows). See #17638. 2015-11-27 11:39:03 -05:00
Nick Mathewson
e5754c42d1 Merge branch 'bug17686_v2_027' 2015-11-25 22:33:49 -05:00
Nick Mathewson
1cfa2bc859 Fix documentation for crypto_rand* 2015-11-25 22:29:59 -05:00
Nick Mathewson
ddcbe26474 Now that crypto_rand() cannot fail, it should return void. 2015-11-25 22:29:59 -05:00
Nick Mathewson
10fdee6285 Add crypto-initializer functions to those whose return values must be checked 2015-11-25 22:29:59 -05:00
Nick Mathewson
dedea28c2e Make crypto_seed_rng() and crypto_rand() less scary.
These functions must really never fail; so have crypto_rand() assert
that it's working okay, and have crypto_seed_rng() demand that
callers check its return value.  Also have crypto_seed_rng() check
RAND_status() before returning.
2015-11-25 22:29:59 -05:00
teor (Tim Wilson-Brown)
b1b8f7982e Check the return value of HMAC in crypto.c and assert on error
Fixes bug #17658; bugfix on commit in fdbb9cdf74 (11 Oct 2011)
in tor version 0.2.3.5-alpha-dev.
2015-11-26 10:46:36 +11:00
Nick Mathewson
45caeec9a0 Merge remote-tracking branch 'teor/comments-20151123' 2015-11-25 09:08:15 -05:00
Nick Mathewson
7194d3d957 Tweak gtank's sha512 patch a little 2015-11-25 09:04:17 -05:00
George Tankersley
695412302b implement teor's comments 2015-11-24 02:17:37 +00:00
George Tankersley
ff54cc8481 add SHA512 support to crypto 2015-11-24 01:34:28 +00:00
teor (Tim Wilson-Brown)
5b2adfb3d4 Fix comments to describe actual return values (crypto.c) 2015-11-23 20:31:57 +11:00
teor (Tim Wilson-Brown)
84d1373ba0 Fix typo in comment on crypto_add_spaces_to_fp 2015-11-23 18:59:11 +11:00
teor (Tim Wilson-Brown)
604d3ee48d Comment only: crypto_seed_rng no longer has a "startup" parameter 2015-11-23 10:26:07 +11:00
Nick Mathewson
cbc1b8a4f7 fix "make check-spaces" 2015-11-20 10:52:56 -05:00
teor (Tim Wilson-Brown)
53ec840bdf Make tor_ersatz_socketpair work on IPv6-only systems
(But it won't work on some systems without IPv4/IPv6 localhost
(some BSD jails) by design, to avoid creating sockets on routable
IP addresses. However, those systems likely have the AF_UNIX socketpair,
which tor prefers.)

Fixes bug #17638; bugfix on a very early tor version,
earlier than 22dba27d8d (23 Nov 2004) / svn:r2943.

Patch by "teor".
2015-11-19 19:08:22 +11:00
teor (Tim Wilson-Brown)
878b5738c2 Update comments in get_interface_addresses_ioctl
Comment-only change noting platforms that can return IPv6
addresses from SIOCGIFCONF (or SIOCGLIFCONF).
2015-11-18 23:30:25 +11:00
Nick Mathewson
7a940fac1c appease check-spaces 2015-11-13 13:46:47 -05:00
Nick Mathewson
d467227323 Merge remote-tracking branch 'public/ticket11150_client_only' 2015-11-13 09:58:16 -05:00