Nick Mathewson
39a86185c8
Correct further grammatical errors in tor comments
...
Avoid using a pronoun where it makes comments unclear.
Avoid using gender for things that don't have it.
Avoid assigning gender to people unnecessarily.
2016-01-27 08:51:28 -05:00
Nick Mathewson
f557a7f327
Merge branch 'maint-0.2.7'
2016-01-19 08:30:48 -05:00
Nick Mathewson
534a0ba59b
Merge branch 'maint-0.2.6' into maint-0.2.7
2016-01-19 08:30:39 -05:00
Nick Mathewson
e2efa9e321
Refine the memwipe() arguments check for 18089 a little more.
...
We still silently ignore
memwipe(NULL, ch, 0);
and
memwipe(ptr, ch, 0); /* for ptr != NULL */
But we now assert on:
memwipe(NULL, ch, 30);
2016-01-19 08:28:58 -05:00
Nick Mathewson
ab58f60321
Merge branch 'maint-0.2.7'
2016-01-18 20:03:28 -05:00
Nick Mathewson
8335b1f9a9
Merge branch 'maint-0.2.6' into maint-0.2.7
2016-01-18 20:00:16 -05:00
teor (Tim Wilson-Brown)
db81565331
Make memwipe() do nothing when passed a NULL pointer or zero size
...
Check size argument to memwipe() for underflow.
Closes bug #18089 . Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352 ),
commit 49dd5ef3
on 7 Nov 2012.
2016-01-18 19:58:07 -05:00
Nick Mathewson
f47d4af04c
Whitespace cleanup
2016-01-15 10:57:03 -05:00
Ola Bini
5c1c117b8e
Revert my addition of callback cleaner and instead use existing functionality for temporary log files
2016-01-13 10:35:06 -05:00
Ola Bini
0bfa616e2e
Remove a small memory leak in log callback setup
2016-01-13 10:35:05 -05:00
Ola Bini
5edd431d92
Add tests for options_act
2016-01-13 10:31:13 -05:00
Nick Mathewson
1d6dd288e1
Try a little harder to only use SecureZeroMemory when it's present
...
We could be using AC_CHECK_FUNC_DECL too, but it shouldn't be needed.
2016-01-11 09:02:42 -05:00
Nick Mathewson
d10ea49588
Merge remote-tracking branch 'rl1987/feature17950'
2016-01-11 08:54:51 -05:00
rl1987
fd26c1d994
Re-add the removed address family check.
2016-01-09 15:03:54 +01:00
Nick Mathewson
5b5abd8c03
Merge commit '110765f5564a588c5f019d32b5e6f66cc7806c41'
2016-01-08 15:08:28 -08:00
Nick Mathewson
a1019b82c1
Merge remote-tracking branch 'public/feature16794_more'
2016-01-08 14:54:51 -08:00
cypherpunks
4c10a9c445
Simplify micro-revision dependency rules
...
The Automake variable OBJEXT is automatically adjusted to the correct
object file extension for the target platform.
2016-01-08 13:27:36 -08:00
rl1987
fb373a9ef6
On win32, use SecureZeroMemory() to securely wipe buffers.
...
{Also tweak the comments. -nickm)
2016-01-07 14:25:31 -08:00
Nick Mathewson
3783046f3b
Use memset_s or explicit_bzero when available.
2016-01-07 12:53:24 -08:00
Nick Mathewson
8d6aafbb4a
Merge remote-tracking branch 'teor/comments-20151213'
2016-01-07 12:50:10 -08:00
dana koch
be841f77aa
Compatibility defines should be used for LibreSSL.
...
LibreSSL doesn't use OpenSSL_version (it uses the older SSLeay_version
API), but it reports a major version number as 2 in
OPENSSL_VERSION_NUMBER. Instead of fudging the version check, for now,
let's just check if we're using LibreSSL by checking the version number
macro exists, and use compatibility defines unconditionally when we
detect LibreSSL.
2016-01-07 12:48:59 -08:00
Nick Mathewson
77bc95cb5e
Merge remote-tracking branch 'public/17826_redux'
2016-01-07 09:52:09 -08:00
rl1987
110765f556
Use get_interface6_via_udp_socket_hack() properly in _list().
...
When _list() is called with AF_UNSPEC family and fails to enumerate
network interfaces using platform specific API, have it call
_hack() twice to find out IPv4 and/or IPv6 address of a machine Tor
instance is running on. This is correct way to handle this case
because _hack() can only be called with AF_INET and AF_INET6 and
does not support any other address family.
2016-01-06 14:47:35 +01:00
rl1987
680d0701e5
Tweak ioctl case.
2016-01-06 11:47:31 +01:00
rl1987
44497e9ebc
Add family argument to get_interface_addresses_raw (and subfunctions).
2016-01-03 15:35:45 +01:00
teor (Tim Wilson-Brown)
1949908d13
Fix a typo in the comment for tor_addr_port_split
2016-01-03 17:34:41 +11:00
Nick Mathewson
603110aa1d
Merge branch 'feature17796_squashed'
2015-12-29 09:48:39 -05:00
Nick Mathewson
a12c5f462f
Remove the (now-unused) digest_algorithm_bitfield_t
2015-12-29 09:47:04 -05:00
Nick Mathewson
488cdee5e7
When allocating a crypto_digest_t, allocate no more bytes than needed
...
Previously we would allocate as many bytes as we'd need for a
keccak--even when we were only calculating SHA1.
Closes ticket 17796.
2015-12-29 09:47:04 -05:00
Nick Mathewson
bc2cd0ff2b
Use timingsafe_memcmp() where available.
...
See ticket 17944; patch from "logan".
2015-12-29 09:43:01 -05:00
Nick Mathewson
263f6d11fd
Mark all object files built based on micro-revision.i as depending on it
...
Fixes make -j for some users; fixes bug 17826.
Bugfix on 0.2.5.1, when we started building testing versions of all
the object files.
2015-12-26 13:43:13 -05:00
Nick Mathewson
6365859825
Disable the dynlock functions we were giving openssl.
...
OpenSSL doesn't use them, and fwict they were never called. If some
version of openssl *does* start using them, we should test them before
we turn them back on.
See ticket 17926
2015-12-23 09:58:36 -05:00
Nick Mathewson
d7c841f467
Unit tests for crypto_force_rand_ssleay().
...
Part of 16794.
2015-12-23 09:58:08 -05:00
Nick Mathewson
b18f533cf0
Always test both ed25519 backends.
...
Part of #16794
2015-12-23 09:16:26 -05:00
Nick Mathewson
4ec0f8531e
Add an unreachable line to make the compiler happy
2015-12-22 10:27:04 -05:00
Nick Mathewson
bb19799a49
Appease "make check-spaces"
2015-12-20 15:00:20 -05:00
Nick Mathewson
7b0cbf22c0
Merge remote-tracking branch 'yawning/feature17783_take2'
2015-12-20 14:10:52 -05:00
Yawning Angel
9467485517
Add crypto_xof_t
and assorted routines, backed by SHAKE256.
...
This is an eXtendable-Output Function with the following claimed
security strengths against *all* adversaries:
Collision: min(d/2, 256)
Preimage: >= min(d, 256)
2nd Preimage: min(d, 256)
where d is the amount of output used, in bits.
2015-12-19 22:45:21 +00:00
Yawning Angel
687f9b3bd7
Add the SHA-3 hash functions to common/crypto.h.
...
* DIGEST_SHA3_[256,512] added as supported algorithms, which do
exactly what is said on the tin.
* test/bench now benchmarks all of the supported digest algorithms,
so it's possible to see just how slow SHA-3 is, though the message
sizes could probably use tweaking since this is very dependent on
the message size vs the SHA-3 rate.
2015-12-19 22:44:05 +00:00
Nick Mathewson
14c9b99051
mark a variable unused to fix a warning.
2015-12-18 13:16:40 -05:00
cypherpunks
59e5bf7e2a
Remove an extra space in backtrace version string
2015-12-18 13:09:05 -05:00
Nick Mathewson
0c5d8d9a4f
Move some more code inside a tortls.c ifdef to fix deadcode warning.
2015-12-18 11:11:42 -05:00
Nick Mathewson
6b5b1a02d4
Fix a coverity NULL-pointer deref warning in the tortls tests.
...
Also, make our cert validation code more NULL-resistant.
This is CID 1327891.
2015-12-18 10:25:15 -05:00
Nick Mathewson
9e2c4ee557
Fix some dead code in tortls.c
...
If SSL_CIPHER_find exists, then we won't use either of the two
kludges that would replace it.
Found by Coverity; fixes CID 1340256.
2015-12-18 10:04:01 -05:00
cypherpunks
759e6f8afb
Improve warning message
...
The user parameter is not checked so we do not know the user has been
specified.
2015-12-17 08:34:27 -05:00
Nick Mathewson
3317cd3a1f
Merge branch 'maint-0.2.7'
2015-12-16 09:24:40 -05:00
Nick Mathewson
33b5bfb948
Don't call pthread_condattr_setclock() unless it exists
...
Fixes bug 17819; bugfix on 0.2.6.3-alpha (specifically, d684dbb0
).
2015-12-16 09:23:44 -05:00
Nick Mathewson
a5da27cb35
Merge branch 'maint-0.2.7'
2015-12-16 09:07:11 -05:00
Nick Mathewson
784e9fff9b
... and fix another backtrace_symbols_fd call in sandbox.c
2015-12-16 09:05:49 -05:00
Nick Mathewson
e0aa4f837c
... and fix the linux backtrace_symbols{,_fd} calls
2015-12-16 09:05:18 -05:00
Nick Mathewson
bb23ad3e47
Merge remote-tracking branch 'teor/feature17863'
2015-12-16 08:48:28 -05:00
Nick Mathewson
c4df0c9f52
... and fix the linux backtrace_symbols{,_fd} calls
2015-12-16 08:20:53 -05:00
teor (Tim Wilson-Brown)
e54e71fb6b
Limit IPv6 mask bits to 128
2015-12-16 08:51:34 +11:00
Nick Mathewson
aba39ea390
Merge branch 'feature8195_small_squashed'
2015-12-15 13:11:06 -05:00
Nick Mathewson
405a8d3fb4
Update KeepCapabilities based on comments from asn
...
* The option is now KeepBindCapabilities
* We now warn if the user specifically asked for KeepBindCapabilities
and we can't deliver.
* The unit tests are willing to start.
* Fewer unused-variable warnings.
* More documentation, fewer misspellings.
2015-12-15 13:10:57 -05:00
Nick Mathewson
e8cc839e41
Add ability to keep the CAP_NET_BIND_SERVICE capability on Linux
...
This feature allows us to bind low ports when starting as root and
switching UIDs.
Based on code by David Goulet.
Implement feature 8195
2015-12-15 13:10:57 -05:00
Nick Mathewson
a7d44731d9
Merge remote-tracking branch 'teor/feature4483-v10-squashed'
2015-12-15 12:57:57 -05:00
teor (Tim Wilson-Brown)
35bbf2e4a4
Prop210: Add schedules for simultaneous client consensus downloads
...
Prop210: Add attempt-based connection schedules
Existing tor schedules increment the schedule position on failure,
then retry the connection after the scheduled time.
To make multiple simultaneous connections, we need to increment the
schedule position when making each attempt, then retry a (potentially
simultaneous) connection after the scheduled time.
(Also change find_dl_schedule_and_len to find_dl_schedule, as it no
longer takes or returns len.)
Prop210: Add multiple simultaneous consensus downloads for clients
Make connections on TestingClientBootstrapConsensus*DownloadSchedule,
incrementing the schedule each time the client attempts to connect.
Check if the number of downloads is less than
TestingClientBootstrapConsensusMaxInProgressTries before trying any
more connections.
2015-12-16 04:37:49 +11:00
Nick Mathewson
fec5aa75f4
Merge branch 'maint-0.2.7'
2015-12-15 11:55:46 -05:00
cypherpunks
07cca627ea
Fix backtrace compilation on FreeBSD
...
On FreeBSD backtrace(3) uses size_t instead of int (as glibc does). This
causes integer precision loss errors when we used int to store its
results.
The issue is fixed by using size_t to store the results of backtrace(3).
The manual page of glibc does not mention that backtrace(3) returns
negative values. Therefore, no unsigned integer wrapping occurs when its
result is stored in an unsigned data type.
2015-12-15 11:52:00 -05:00
cypherpunks
e91ccbb4f6
Remove obsolete INLINE preprocessor definition
...
The INLINE keyword is not used anymore in favor of inline.
Windows only supports __inline so an inline preprocessor definition is
still needed.
2015-12-15 11:34:00 -05:00
cypherpunks
824a6a2a90
Replace usage of INLINE with inline
...
This patch was generated using;
sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
2015-12-15 11:34:00 -05:00
Nick Mathewson
f3ed5ec0ca
Fix a pair of dead assignments
2015-12-11 09:35:43 -05:00
Jamie Nguyen
08c7ceb5df
Permit filesystem group to be root
2015-12-10 20:00:06 -05:00
Nick Mathewson
4d13cc69ce
make stack-protector happy
2015-12-10 11:50:02 -05:00
Nick Mathewson
390d3fa3af
add a static
2015-12-10 09:43:55 -05:00
Nick Mathewson
ce3b7ddb54
improve a comment in memwipe
2015-12-10 09:03:47 -05:00
Nick Mathewson
7186e2a943
Merge remote-tracking branch 'public/feature17694_strongest_027'
2015-12-10 09:02:10 -05:00
Nick Mathewson
631e3517e3
Mark a couple more arguments as unused.
2015-12-09 11:58:32 -05:00
Nick Mathewson
3843c6615c
Small cleanups and comment fixes to rng functions.
2015-12-09 09:15:57 -05:00
Nick Mathewson
3a69fcb01f
try a little harder with getrandom types to avoid warnings
2015-12-09 08:31:29 -05:00
Nick Mathewson
0df014edad
mark a variable unused.
2015-12-08 17:17:17 -05:00
Nick Mathewson
b701b7962b
Fix comment switcheroo. Spotted by skruffy
2015-12-08 12:53:51 -05:00
Nick Mathewson
7f074e08d8
Merge branch 'feature13696_squashed'
2015-12-08 12:35:26 -05:00
Yawning Angel
353c71516e
Add support for getrandom() and getentropy() when available
...
Implements feature #13696 .
2015-12-08 12:34:53 -05:00
Nick Mathewson
2259de0de7
Always hash crypto_strongest_rand() along with some prng
...
(before using it for anything besides feeding the PRNG)
Part of #17694
2015-12-08 10:54:42 -05:00
teor (Tim Wilson-Brown)
021958934f
Consistently ignore multicast in internal reject private exit policies
...
Consistently ignore multicast addresses when automatically
generating reject private exit policies.
Closes ticket 17763. Bug fix on 10a6390deb
,
not in any released version of Tor. Patch by "teor".
2015-12-07 14:46:19 +11:00
Jeremy
b3639c8291
src/common/compat.c:tor_vasprintf() - vsnprintf() was properly checked but tor_vsnprintf() available so why not use it?
2015-12-01 13:00:58 -05:00
Jeremy
fcc6541fde
src/common/compat.c:tor_vasprintf() - changed vsnprintf() to tor_vsnprintf() which ensures string is null terminated.
2015-12-01 12:27:29 -05:00
Nick Mathewson
eedef41944
use sockaddr_storage for stack-allocated sockets in ersatz socketpair
2015-11-27 11:52:59 -05:00
Nick Mathewson
f108be7c25
Make SIZEOF_SOCKADDR return socklen_t to avoid bad compares.
2015-11-27 11:48:54 -05:00
Nick Mathewson
a45aacd2e2
Use uint16_t, not in_port_t (which does not exist on Windows). See #17638 .
2015-11-27 11:39:03 -05:00
Nick Mathewson
e5754c42d1
Merge branch 'bug17686_v2_027'
2015-11-25 22:33:49 -05:00
Nick Mathewson
1cfa2bc859
Fix documentation for crypto_rand*
2015-11-25 22:29:59 -05:00
Nick Mathewson
ddcbe26474
Now that crypto_rand() cannot fail, it should return void.
2015-11-25 22:29:59 -05:00
Nick Mathewson
10fdee6285
Add crypto-initializer functions to those whose return values must be checked
2015-11-25 22:29:59 -05:00
Nick Mathewson
dedea28c2e
Make crypto_seed_rng() and crypto_rand() less scary.
...
These functions must really never fail; so have crypto_rand() assert
that it's working okay, and have crypto_seed_rng() demand that
callers check its return value. Also have crypto_seed_rng() check
RAND_status() before returning.
2015-11-25 22:29:59 -05:00
teor (Tim Wilson-Brown)
b1b8f7982e
Check the return value of HMAC in crypto.c and assert on error
...
Fixes bug #17658 ; bugfix on commit in fdbb9cdf74
(11 Oct 2011)
in tor version 0.2.3.5-alpha-dev.
2015-11-26 10:46:36 +11:00
Nick Mathewson
45caeec9a0
Merge remote-tracking branch 'teor/comments-20151123'
2015-11-25 09:08:15 -05:00
Nick Mathewson
7194d3d957
Tweak gtank's sha512 patch a little
2015-11-25 09:04:17 -05:00
George Tankersley
695412302b
implement teor's comments
2015-11-24 02:17:37 +00:00
George Tankersley
ff54cc8481
add SHA512 support to crypto
2015-11-24 01:34:28 +00:00
teor (Tim Wilson-Brown)
5b2adfb3d4
Fix comments to describe actual return values (crypto.c)
2015-11-23 20:31:57 +11:00
teor (Tim Wilson-Brown)
84d1373ba0
Fix typo in comment on crypto_add_spaces_to_fp
2015-11-23 18:59:11 +11:00
teor (Tim Wilson-Brown)
604d3ee48d
Comment only: crypto_seed_rng no longer has a "startup" parameter
2015-11-23 10:26:07 +11:00
Nick Mathewson
cbc1b8a4f7
fix "make check-spaces"
2015-11-20 10:52:56 -05:00
teor (Tim Wilson-Brown)
53ec840bdf
Make tor_ersatz_socketpair work on IPv6-only systems
...
(But it won't work on some systems without IPv4/IPv6 localhost
(some BSD jails) by design, to avoid creating sockets on routable
IP addresses. However, those systems likely have the AF_UNIX socketpair,
which tor prefers.)
Fixes bug #17638 ; bugfix on a very early tor version,
earlier than 22dba27d8d
(23 Nov 2004) / svn:r2943.
Patch by "teor".
2015-11-19 19:08:22 +11:00
teor (Tim Wilson-Brown)
878b5738c2
Update comments in get_interface_addresses_ioctl
...
Comment-only change noting platforms that can return IPv6
addresses from SIOCGIFCONF (or SIOCGLIFCONF).
2015-11-18 23:30:25 +11:00
Nick Mathewson
7a940fac1c
appease check-spaces
2015-11-13 13:46:47 -05:00
Nick Mathewson
d467227323
Merge remote-tracking branch 'public/ticket11150_client_only'
2015-11-13 09:58:16 -05:00