Commit Graph

23005 Commits

Author SHA1 Message Date
rl1987
63c478c1c4 Call new SOCKS code from parse_socks, to parse multiple packets in row 2018-07-12 11:40:49 -04:00
rl1987
27333b2298 Reimplement phase 1 of SOCKS5 using trunnel
squash! Reimplement phase 1 of SOCKS5 using trunnel
2018-07-12 11:40:49 -04:00
rl1987
c6a0b04d33 Remove legacy SOCKS4 code 2018-07-12 11:40:49 -04:00
rl1987
b160929c22 Add RESOLVE (0xF0) command to socks4_client_request 2018-07-12 11:40:49 -04:00
rl1987
9155e08450 Parsing SOCKS4/4a request using trunnel impl 2018-07-12 11:40:49 -04:00
Roger Dingledine
0317eb143e Remove a redundant typedef in proto_ext_or.h 2018-07-12 11:02:22 -04:00
Nick Mathewson
4ac87a430f Remove a redundant typedef in addr_policy_st.h 2018-07-12 10:35:29 -04:00
Nick Mathewson
a7ec493d88 Merge remote-tracking branch 'imnotbad/bug26663' 2018-07-12 08:59:23 -04:00
Nick Mathewson
f45107e7de Rename crypto.c to crypto_cipher.c (since that's all it still has.) 2018-07-11 14:12:36 -04:00
Nick Mathewson
9010797e63 Remove most includes from crypto.c 2018-07-11 14:02:23 -04:00
Nick Mathewson
922208bd2d Extract and rename crypto_log_errors(). 2018-07-11 13:54:47 -04:00
Nick Mathewson
8e2df98860 Move crypto_add_spaces_to_fp() to crypto_rsa.c 2018-07-11 13:51:26 -04:00
Nick Mathewson
12a1ada158 Move the initialization and cleanup parts of crypto.c
These are now part of crypto_init.c.  The openssl-only parts now
live in crypto_openssl_mgt.c.

I recommend reviewing this patch with -b and --color-moved.
2018-07-11 13:45:49 -04:00
Nick Mathewson
79267bad65 Add a configure switch to build with NSS.
When it is set, include the NSS headers and libraries as
appropriate.  Doesn't actually use them yet, though.
2018-07-11 13:22:20 -04:00
Nick Mathewson
92db96d80f Make our crypto library symbolic in the makefiles. 2018-07-11 12:51:36 -04:00
Nick Mathewson
2b52360448 Only use OpenSSL kdf support if it is present.
We have to check for ERR_load_KDF_strings() here, since that's the
only one that's actually a function rather than a macro.

Fixes compilation with LibreSSL.  Fixes bug 26712; bug not in
any released Tor.
2018-07-11 10:19:06 -04:00
Nick Mathewson
5aee26ee46 Move all use cases of micro-revision.i to a single place
That place is git-revision.c; git-revision.c now lives in lib/log.

Also fix the compilation rules so that all object files that need
micro-revision.i depend on it.
2018-07-11 09:52:39 -04:00
Nick Mathewson
537092cdbb Merge branch 'ticket26223' 2018-07-10 20:18:28 -04:00
Nick Mathewson
c90961a923 Document compat_getdelim_. 2018-07-10 20:18:20 -04:00
Nick Mathewson
391ef5e42c Explain why we use raw_free with getdelim result. 2018-07-10 20:16:37 -04:00
Nick Mathewson
b6d0e7caa4 Rename tm_cvt to time_to_tm 2018-07-10 15:25:53 -04:00
Nick Mathewson
e7f5f48d68 Rename torlog.[ch] to log.[ch]
Fun fact: these files used to be called log.[ch] until we ran into
conflicts with systems having a log.h file.  But now that we always
include "lib/log/log.h", we should be fine.
2018-07-10 15:20:30 -04:00
Nick Mathewson
41640b6573 Rename util_malloc to malloc. 2018-07-10 15:16:57 -04:00
Nick Mathewson
6711a172c0 Merge remote-tracking branch 'neel/fbsd-cfix' 2018-07-10 14:50:49 -04:00
Nick Mathewson
a2c44a7a7e Isolate resolve.h usage in the modules that really need it.
(Almost none of Tor should actually need to touch the platform resolver.)
2018-07-10 13:36:45 -04:00
Nick Mathewson
8de48c111c Remove addr_port_lookup.
This lets us cut the dependency from address.c to resolve.c: the
address.c module now has no paths to the libc resolver in it.
2018-07-10 13:32:37 -04:00
Nick Mathewson
2f657a1416 Remove all users of addr_port_lookup outside of address.c
This function has a nasty API, since whether or not it invokes the
resolver depends on whether one of its arguments is NULL.  That's a
good way for accidents to happen.

This patch incidentally makes tor-resolve support socks hosts on
IPv6.
2018-07-10 13:23:37 -04:00
Nick Mathewson
c2ddb7b231 Move tor_addr_{,port_}lookup to resolve.c 2018-07-10 13:00:02 -04:00
Nick Mathewson
5d8336c182 Refactor ipv[46].[ch]
These are now combined into an inaddr.[ch], since their purpose is
to implement functions for struct in_addr and struct in6_addr.

The definitions for in6_addr and its allies are now in a separate
header, inaddr_st.h.

Closes ticket 26532.
2018-07-10 12:50:38 -04:00
Neel Chauhan
6d58c20d94 Fix build on FreeBSD post-refactor 2018-07-10 12:32:14 -04:00
Nick Mathewson
ef106ce788 Document the headers in src/app/config/ 2018-07-10 12:28:31 -04:00
Nick Mathewson
4f42c923d6 File-level summary documentation for src/lib/*/*.[ch] 2018-07-10 12:22:01 -04:00
Nick Mathewson
e3e6335a08 Add controller support for listing ExtORPort and HTTPTunnelPorts
Closes ticket 26647.
2018-07-10 10:50:43 -04:00
Nick Mathewson
951d59d706 Use tor_getline() in dirserv.c to remove its upper line limit.
Closes ticket 26223.
2018-07-10 10:36:49 -04:00
Nick Mathewson
6574d4bd27 Refactor dirserv_read_measured_bandwidths to have a single exit point 2018-07-10 10:36:49 -04:00
Nick Mathewson
b04d719c10 Integrate getdelim() and getline() support into Tor. 2018-07-10 10:36:49 -04:00
Nick Mathewson
1604c0fe0e Add the compatibility definition for getdelim.c from netbsd.
We shouldn't actually need this code nearly anywhere we build:
getdelim is POSIX, and mingw provides it.
2018-07-10 10:14:24 -04:00
Nick Mathewson
5ce348c4c7 Bump to 0.3.4.4-rc-dev 2018-07-09 15:17:38 -04:00
Nick Mathewson
f5e3bcb60b Bump to 0.3.3.8-dev. 2018-07-09 15:17:16 -04:00
Nick Mathewson
19f2057d49 Fix some lingering windows compilation issues from Jenkins.
These were caused by the recent refactoring.
2018-07-09 12:54:40 -04:00
Nick Mathewson
eb856a3e51 strcasecmp should not take a size_t argument 2018-07-09 11:17:23 -04:00
Matt Traudt
d20feddfcc Lower log level of "Scheduler of type KIST has been enabled" to INFO 2018-07-09 10:48:43 -04:00
Nick Mathewson
98dff5df3f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 10:17:20 -04:00
Nick Mathewson
250e0fc1c4 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-09 10:17:20 -04:00
Nick Mathewson
1b81c4b5f3 Merge branch 'maint-0.3.4' 2018-07-09 10:17:20 -04:00
Nick Mathewson
6ad2c2b92f Merge remote-tracking branch 'github/bug26269_031' into maint-0.3.2 2018-07-09 10:17:17 -04:00
Nick Mathewson
e7463be39b Merge branch 'maint-0.3.4' 2018-07-09 10:16:51 -04:00
Nick Mathewson
83de46eb25 Changes file and comment for 25928. 2018-07-09 10:16:48 -04:00
Nick Mathewson
529faef28e Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 10:15:16 -04:00
Nick Mathewson
69918629f5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-09 10:14:43 -04:00
Nick Mathewson
4a604d9938 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-09 10:14:43 -04:00
Nick Mathewson
8b53dfc362 Merge branch 'bug26269_029' into maint-0.2.9 2018-07-09 10:14:39 -04:00
Nick Mathewson
7746b071d8 Merge remote-tracking branch 'gsomlo/gls-single-da' 2018-07-09 09:59:46 -04:00
Nick Mathewson
a1a55a33c2 Merge branch 'bug26488' 2018-07-09 09:37:14 -04:00
rl1987
46998fc8fd Validate that DirAuthority address is IPv4 2018-07-09 09:37:09 -04:00
Nick Mathewson
03283c00d8 Merge remote-tracking branch 'rl1987/bug26525' 2018-07-09 09:31:12 -04:00
Nick Mathewson
532873a924 Bump to 0.3.3.8 2018-07-09 09:24:07 -04:00
Nick Mathewson
9320100d6e Bump to 0.3.3.4-rc 2018-07-09 09:23:39 -04:00
Nick Mathewson
a95cfb8a58 Clear all control.c flags on control_free_all()
Fixes bug 25512.

(Cherry-picked from 3519d0c808
2018-07-09 09:20:45 -04:00
Nick Mathewson
8e3a52e5c3 Merge branch 'maint-0.3.4' 2018-07-09 09:14:41 -04:00
Nick Mathewson
75d9db9e5b Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 09:14:37 -04:00
Nick Mathewson
f721a08220 Merge remote-tracking branch 'catalyst-github/bug26455_033' into maint-0.3.3 2018-07-09 09:13:58 -04:00
Nick Mathewson
75f7064a13 Merge branch 'maint-0.3.4' 2018-07-09 09:11:42 -04:00
Nick Mathewson
d3894dc34b Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-09 09:11:41 -04:00
Nick Mathewson
1af69c1812 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-09 09:11:41 -04:00
Nick Mathewson
451a84cecb Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-09 09:11:41 -04:00
Nick Mathewson
fead22fb2a Merge remote-tracking branch 'mikeperry/bug25705_v3_033' into maint-0.3.3 2018-07-09 09:08:58 -04:00
Nick Mathewson
b8554dd880 Make Tor compile with --disable-memory-sentinels again 2018-07-09 08:44:16 -04:00
rl1987
2558634f0c Tool to print expiration date of ed25519_signing_cert 2018-07-08 15:13:33 +02:00
Kaidan
abeb07a1bf Made 'auto' keyword in torrc case insensitive 2018-07-08 00:15:16 +10:00
Karsten Loesing
9faa28b60e Update geoip and geoip6 to the July 3 2018 database. 2018-07-06 20:54:03 +02:00
Nick Mathewson
10c782d7fa Move ntmain.c into libtor-app again
It's needed by main.c

Fixes bug 26662; bug not in any released Tor.
2018-07-06 13:59:40 -04:00
Nick Mathewson
50963f36d7 Actually sort the lines in src/core/include.am 2018-07-05 17:15:50 -04:00
Nick Mathewson
667a6e8fe9 Whoops. Protover.[ch] belong in src/core/or 2018-07-05 17:15:50 -04:00
Nick Mathewson
f720a5a439 Fix everything that previously referred to src/or 2018-07-05 17:15:50 -04:00
Nick Mathewson
5f51c2de8b Fix our build system to know the new locations of the src/or stuff 2018-07-05 17:15:50 -04:00
Nick Mathewson
ef486e3c02 Fix every include path changed in the previous commit (automated)
I am very glad to have written this script.
2018-07-05 17:15:50 -04:00
Nick Mathewson
63b4ea22af Move literally everything out of src/or
This commit won't build yet -- it just puts everything in a slightly
more logical place.

The reasoning here is that "src/core" will hold the stuff that every (or
nearly every) tor instance will need in order to do onion routing.
Other features (including some necessary ones) will live in
"src/feature".  The "src/app" directory will hold the stuff needed
to have Tor be an application you can actually run.

This commit DOES NOT refactor the former contents of src/or into a
logical set of acyclic libraries, or change any code at all.  That
will have to come in the future.

We will continue to move things around and split them in the future,
but I hope this lays a reasonable groundwork for doing so.
2018-07-05 17:15:50 -04:00
Nick Mathewson
81cb0afb2b Start splitting src/or
This is a very gentle commit that just lays the groundwork in the
build system: it puts the include files to build libtor-app.a into
src/core, and to build the tor executable into src/app.  The
executable is now "src/app/tor".
2018-07-05 17:15:50 -04:00
Nick Mathewson
4eac5c6ce6 And tell build.rs to stop looking in src/common 2018-07-05 17:15:24 -04:00
Nick Mathewson
c73bb9937d Fix build.rs to handle removed common. 2018-07-05 17:14:55 -04:00
Nick Mathewson
753b797ca4 Fix up .may_includes for evloop. 2018-07-05 15:50:20 -04:00
Nick Mathewson
1dd5b5f441 Add a missing include. 2018-07-05 15:44:33 -04:00
Nick Mathewson
2d69c32bb6 Clean up include paths for libtor-evloop (automated) 2018-07-05 15:22:17 -04:00
Nick Mathewson
1e417b7275 All remaining files in src/common belong to the event loop. 2018-07-05 15:22:17 -04:00
Nick Mathewson
947de40d19 Move openbsd-malloc responsibility to lib/malloc
(Note that this is not believed to work, but we may as well have it
in the right place till we remove it)
2018-07-05 15:07:08 -04:00
Nick Mathewson
4593829861 Remove util.h
Inline its contents (which were all includes) into or.h, and some of
its contents into other places that didn't include or.h at all.
2018-07-05 15:04:18 -04:00
Nick Mathewson
0adcfbc7c8 Move address_set to src/or
This is temporary, until src/or is split.

Putting this in containers would be another logical alternative,
except that addresses depend on containers, and we don't like
cycles.
2018-07-05 14:51:07 -04:00
Nick Mathewson
24c0f83185 Move socks5_status.h to src/lib/net
There might be a better place for it in the long run, but this is
the best I can think of for now.
2018-07-05 14:48:29 -04:00
Nick Mathewson
0e4b1781f4 Move handles.h to src/lib/container
There might be a better place for it in the long run, but this is
the best we can think of for now.
2018-07-05 14:45:34 -04:00
Nick Mathewson
3d610363ef Include compat_string.h in smartlist.c
We need this for strcasecmp on (some) Windows build environments.

Fix from Gisle Vanem.
2018-07-05 13:53:17 -04:00
Nick Mathewson
fecb8214d5 Try to use stricmp variants that MSDN actually recommends
Per recommendation by Gisle Vanem
2018-07-05 13:51:50 -04:00
Gabriel L. Somlo
97fad99483 Allow single DA if explicitly configured
When on a private network a single directory authority is explicitly
configured, allow that DA's instace of tor to pick itself as its own
DA, by having router_pick_dirserver_generic() set the PDS_ALLOW_SELF
flag when the list of potential sources contains only one element.
This would subsequently allow router_pick_trusteddirserver_impl() to
calculate is 'requreother' condition as 'false', enabling it to pick
itself as a valid DA candidate.

Fixes #25928

Signed-off-by: Gabriel Somlo <gsomlo@gmail.com>
2018-07-03 14:58:47 -04:00
Nick Mathewson
2878dad9db Merge branch 'maint-0.3.4' 2018-07-03 13:31:26 -04:00
Nick Mathewson
32d9d69350 Merge remote-tracking branch 'github/bug26568_034' into maint-0.3.4 2018-07-03 13:16:37 -04:00
Nick Mathewson
df98582851 Merge remote-tracking branch 'github/ticket26626' 2018-07-03 12:52:43 -04:00
Nick Mathewson
fe8f774820 Merge branch 'bug26522' 2018-07-03 11:34:36 -04:00
rl1987
d0525c38d6 Refrain from potentially insecure usage of strncat() 2018-07-03 11:34:14 -04:00
Nick Mathewson
77e678c20d Merge remote-tracking branch 'github/shrink_or_h_more' 2018-07-03 11:09:54 -04:00
Nick Mathewson
02a4442524 Fix up some windows compilation issues.
These were mostly cases where our previous macros had been casting,
and the values that we were trying to printf were not in fact
uint64_t.
2018-07-03 11:00:18 -04:00
Nick Mathewson
d5a3bb960d Retire U64_TO_DBL and DBL_TO_U64
These were necessary long ago to work around a bug in VC6.
2018-07-03 10:45:43 -04:00
Nick Mathewson
9568c0ce3d Return U64_PRINTF_ARG and U64_FORMAT
The standard is printf("%"PRIu64, x);
2018-07-03 10:40:59 -04:00
Nick Mathewson
52884f56d4 Replace U64_LITERAL with the standard UINT64_C 2018-07-03 10:33:50 -04:00
Nick Mathewson
cf0b07c2e5 Retire some unused (or nearly unused) macros. 2018-07-03 10:31:19 -04:00
Nick Mathewson
4638be5312 Use the standard SHRT_MAX name. 2018-07-03 10:28:10 -04:00
Nick Mathewson
c75215c23a Clean up various things that broke with our stdint.h changes
Casting before printf was necessary; now it's not so smart.

We don't have SIZEOF_UINT8_T any more.
2018-07-03 10:26:06 -04:00
Nick Mathewson
e2a94dc481 Require stdint.h and inttypes.h
We've been silently requiring stdint.h for a while now, and nobody
has complained.  Closes ticket 26626.
2018-07-03 10:25:31 -04:00
Nick Mathewson
a01b4d7f87 Merge remote-tracking branch 'rl1987/ticket26527' 2018-07-03 09:53:46 -04:00
Nick Mathewson
a4e8f94507 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-07-03 09:48:03 -04:00
Nick Mathewson
4c094436c5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-07-03 09:48:03 -04:00
Nick Mathewson
d38e474950 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-03 09:48:03 -04:00
Nick Mathewson
228d25ddf6 Merge branch 'maint-0.3.4' 2018-07-03 09:48:03 -04:00
rl1987
439b528f25 Rename sandbox_getaddrinfo() et. al. 2018-07-03 15:53:39 +03:00
rl1987
fedb3e46ec Remove ATTR_NONNULL macro 2018-07-03 12:33:09 +03:00
Nick Mathewson
dfdf32404c Partially revert "Use tor_addr_from_getsockname() in several places"
This reverts part of commit 6ed384b827, in order to
fix bug 26568.  Bugfix on 0.3.4.1-alpha.
2018-07-02 16:11:02 -04:00
Nick Mathewson
3baf3d01cb hs_ntor_ref.py: pass only strings to subprocess.Popen
Recent Python3 versions seem to require this on Windows.

Fixes bug 26535; bug copied from ntor_ref.py on 0.3.1.1-alpha.
2018-07-02 14:23:26 -04:00
Nick Mathewson
fc5f8b6931 ntor_ref.py: pass only strings to subprocess.Popen
Recent Python3 versions seem to require this on Windows.

Fixes bug 26535; bug introduced in f4be34f70d, which
was apparently intended itself as a Python3 workaround.
2018-07-02 14:18:41 -04:00
Nick Mathewson
bfcfeaed07 Merge branch 'mikeperry_bug26214-rebased_squashed' into maint-0.3.4 2018-07-02 13:22:07 -04:00
Nick Mathewson
c8ccd028a7 Don't redefine str(n)casecmp on windows unless they're missing
When we do redefine them, use inline functions instead of #define.

This fixes a latent code problem in our redefinition of these
functions, which was exposed by our refactoring: Previously, we
would #define strcasecmp after string.h was included, so nothing bad
would happen.  But when we refactored, we would sometimes #define it
first, which was a problem on mingw, whose headers contain
(approximately):

inline int strcasecmp (const char *a, const char *b)
   { return _stricmp(a,b); }

Our define turned this into:
  inline int _stricmp(const char *a, const char *b)
    { return _stricmp(a,b); }

And GCC would correctly infer that this function would loop forever,
rather than actually comparing anything.  This caused bug 26594.

Fixes bug 26594; bug not in any released version of Tor.
2018-07-02 11:50:17 -04:00
Nick Mathewson
cb1a3674eb File-level documentation for some of src/lib. 2018-07-01 20:22:55 -04:00
Nick Mathewson
83a4946e7b Prune the .may_include files a bit; detect unused lines in them 2018-07-01 18:14:28 -04:00
Nick Mathewson
518ebe14dc fixup! Extract or_options_t from or.h 2018-07-01 16:02:33 -04:00
Nick Mathewson
8d562c040f fixup! Remove system headers from or.h 2018-07-01 15:31:18 -04:00
Nick Mathewson
6c440da926 Remove system headers from or.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
13116378b1 Extract or_options_t from or.h
I decided to have this file included from config.h, though, since it
is used nearly everywhere.
2018-07-01 15:20:37 -04:00
Nick Mathewson
986d761510 Extract or_state_t to its own header.
Fewer modules needed this than I had expected.
2018-07-01 15:20:37 -04:00
Nick Mathewson
f75357ec35 Pull a couple more enums from or.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
6ccd98f93e Move ext_or_cmd_t to proto_ext_or 2018-07-01 15:20:37 -04:00
Nick Mathewson
49f88e77e5 Extract more constants from or.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
f54a5cbfb6 Extract addr_policy_t into a new header. 2018-07-01 15:20:37 -04:00
Nick Mathewson
6da0311d2c Extract various enums and tiny structs from or.h
These all have a logical header to go in.
2018-07-01 15:20:37 -04:00
Nick Mathewson
1743dac078 Minimize headers that include crypto_formats and x25519 stuff 2018-07-01 15:20:37 -04:00
Nick Mathewson
500826479a Remove other needless includes include from or/*.h 2018-07-01 15:20:37 -04:00
Nick Mathewson
471104eaa5 Remove needless includes from or.h
or.h should really include only the minimum of stuff from or/*,
common/*, and lib/*.
2018-07-01 15:20:37 -04:00
Nick Mathewson
7a61a92870 Combine DH_BYTES and DH_KEY_LEN; put them in a lib/defs header. 2018-07-01 11:25:29 -04:00
Nick Mathewson
cf8c3abff1 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-07-01 10:22:21 -04:00
Nick Mathewson
adcd1d8b9a Merge branch 'maint-0.3.4' 2018-07-01 10:22:21 -04:00
Nick Mathewson
9aeef05f8f Merge remote-tracking branch 'dgoulet/bug26523_033_01' into maint-0.3.3 2018-07-01 10:22:18 -04:00
Nick Mathewson
43dc92441d Tabify all of the .am files. 2018-07-01 09:37:28 -04:00
Nick Mathewson
028523c801 Merge branch 'maint-0.3.4' 2018-06-30 09:15:39 -04:00
Nick Mathewson
e042727cf0 Merge remote-tracking branch 'catalyst-github/bug25895_034-squashed' into maint-0.3.4 2018-06-30 09:15:34 -04:00
Nick Mathewson
57155d38a3 Merge branch 'maint-0.3.4' 2018-06-29 23:12:03 -04:00
Nick Mathewson
8093a63f95 Restor EOL@EOF in routerlist.c 2018-06-29 23:08:45 -04:00
Nick Mathewson
ce940c8c09 Add another winsock2 include, for timeval in procmon. 2018-06-29 19:17:24 -04:00
Nick Mathewson
5921b23e15 add an include to fix macos, and probably bsd too 2018-06-29 14:03:13 -04:00
Nick Mathewson
ed84dab8b4 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-29 13:49:43 -04:00
Nick Mathewson
36c372581f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:49:43 -04:00
Nick Mathewson
75a6e7e256 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:49:43 -04:00
Nick Mathewson
cd3f957219 Merge branch 'maint-0.3.4' 2018-06-29 13:49:43 -04:00
Nick Mathewson
a3ec89a4f8 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-29 13:49:43 -04:00
Nick Mathewson
3c0a63c40f Fix a memory error in test_shared_random
Bug not in any released Tor.
2018-06-29 13:49:02 -04:00
Nick Mathewson
d583459d58 Fix some memory errors in the recent coverity fixes.
Found by asan on travis :/
2018-06-29 13:48:36 -04:00
Nick Mathewson
92b4996b23 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:07:13 -04:00
Nick Mathewson
d3ecb3a8d6 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:07:13 -04:00
Nick Mathewson
1f389dadd0 Merge branch 'maint-0.3.4' 2018-06-29 13:07:13 -04:00
Nick Mathewson
6e9d5fc4ec Merge remote-tracking branch 'ahf-github/maint-0.3.2' into maint-0.3.2 2018-06-29 13:07:07 -04:00
Nick Mathewson
7a47379f25 Merge branch 'maint-0.3.4' 2018-06-29 13:06:16 -04:00
Nick Mathewson
f82f8179e6 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:06:15 -04:00
Nick Mathewson
f6b30a97a9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:06:15 -04:00
Nick Mathewson
68dfbd5ef4 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-29 13:06:15 -04:00
Nick Mathewson
b89a66e997 Merge remote-tracking branch 'ahf-github/maint-0.3.0' into maint-0.3.1 2018-06-29 13:06:11 -04:00
Nick Mathewson
419077c26d Merge remote-tracking branch 'ahf-github/maint-0.3.1' into maint-0.3.1 2018-06-29 13:06:08 -04:00
Nick Mathewson
1a5be3c5e7 Merge branch 'maint-0.3.4' 2018-06-29 13:03:00 -04:00
Nick Mathewson
5ab23e03fa Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-29 13:02:56 -04:00
Nick Mathewson
df896ed632 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-29 13:00:56 -04:00
Nick Mathewson
fe2588a5a8 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-29 13:00:56 -04:00
Nick Mathewson
1385a5118d Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-29 13:00:56 -04:00
Nick Mathewson
9d5b815dca Add a missing include to timers, to make windows happier 2018-06-29 12:59:43 -04:00
Nick Mathewson
6ac64e16ed Eliminate compat.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
077176a34c Stop using util.h and compat.h in src/trunnel/ 2018-06-29 12:21:52 -04:00
Nick Mathewson
666e3e5ec6 Stop using util.h and compat.h in src/tools 2018-06-29 12:21:52 -04:00
Nick Mathewson
4212a135e1 Remove util.h and compat.h includes from src/common 2018-06-29 12:21:52 -04:00
Nick Mathewson
35e1c497aa Combine compat.h into util.h
This is now just a collection of frequently-used headers.
2018-06-29 12:21:52 -04:00
Nick Mathewson
714788b195 Remove non-windows system includes from compat.h and util.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
71e56c70e9 Remove windows libraries from util.h and compat.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
31897a256c Extract socks5_status_t
I'm not sure of the best place to put this header long-term, since
both or/*.c and tools/tor-resolve.c use it.
2018-06-29 12:21:52 -04:00
Nick Mathewson
080069c7b3 Move SIO_IDEAL_SEND_BACKLOG_QUERY into socket.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
b21108f839 Remove an errant (and unused) include permission in lib/tls 2018-06-29 12:21:52 -04:00
Nick Mathewson
e269044ce0 Remove compat.c and util.c 2018-06-29 12:21:52 -04:00
Nick Mathewson
4e11c2ca6c Extract getpass to a new lib/term library
(Term is short for terminal)
2018-06-29 12:21:52 -04:00
Nick Mathewson
e0957022bd Extract get_uname to lib/osinfo. 2018-06-29 12:21:52 -04:00
Nick Mathewson
207fc4cffe Move SUBTYPE_P into compat_compiler.h 2018-06-29 12:21:52 -04:00
Nick Mathewson
77bc65bbc4 Move bool_eq and bool_neq to lib/intmath 2018-06-29 12:21:52 -04:00
Nick Mathewson
40199b180e Remove read_all and write_all
These had become wrappers around their fd and socket variants; there
were only a few users of the original functions still remaining.
2018-06-29 12:21:52 -04:00
Nick Mathewson
0362cdc169 Move fd and memory-info functions. 2018-06-29 12:21:52 -04:00
Nick Mathewson
973afcc40b Move tor_get_avail_disk_space() to lib/fs 2018-06-29 09:43:00 -04:00
Nick Mathewson
f0319fcbde Merge remote-tracking branch 'catalyst-github/fix-macos-includes' 2018-06-28 18:19:53 -04:00
Taylor Yu
f9e22c68a0 Fix macOS includes
Recent code movement from refactoring missed some includes that seem
to be necessary on macOS.
2018-06-28 17:15:53 -05:00
Nick Mathewson
365179cd16 Fix a bogus n in a comment 2018-06-28 17:21:15 -04:00
Nick Mathewson
c84ab36eff A couple of includes to make windows compile again 2018-06-28 16:37:59 -04:00
Nick Mathewson
935ba02565 Fix paths for buffers.h; automated. 2018-06-28 16:29:35 -04:00
Nick Mathewson
d8b34e0886 Move buffers into container
Split the network-only and compression-only parts of buffers into
the appropriate modules.
2018-06-28 16:28:08 -04:00
Nick Mathewson
be40ad51b6 Add sys/capability.h and sys/prctl.h includes in setuid.c 2018-06-28 15:34:51 -04:00
Nick Mathewson
b67754cd64 compat_threads.c needs string.h for memset. 2018-06-28 15:20:26 -04:00
Nick Mathewson
a742a826f6 Remove all include common/ uses in crypto_ops and tls. 2018-06-28 14:40:25 -04:00
Nick Mathewson
0f02d2c041 Fix windows compilation in compat_time
We need to use lib/fs/winlib.h here so that we can use
GetTickCount64.

I would love to declare that XP is dead, and everybody has
GetTickCount64.
2018-06-28 13:40:21 -04:00
Nick Mathewson
7d7af19f1b Use tor_ntohs in compress.c; avoid a winsocks dependency 2018-06-28 13:39:49 -04:00
Nick Mathewson
326c473b79 fixup! Extract time functionality into lib/wallclock and lib/time 2018-06-28 13:39:09 -04:00
Nick Mathewson
02bb701bba Move DLL support to lib/fs 2018-06-28 13:37:51 -04:00
Nick Mathewson
8fc15e4861 Add ntohs and htons to lib/arch/bytes.h 2018-06-28 13:26:27 -04:00
Nick Mathewson
4dda026f0d Update lib/compress to not require common/*.h 2018-06-28 13:19:58 -04:00
Nick Mathewson
3d1e99d01b Move MIN and MAX into lib/intmath/cmp.h 2018-06-28 13:19:42 -04:00
Nick Mathewson
8736892679 Remove a pair of windows flags used nowhere in our code 2018-06-28 13:02:33 -04:00
Nick Mathewson
57f4b83852 Fix up the include path of compat_time.h (automated) 2018-06-28 13:01:54 -04:00
Nick Mathewson
a097ddb4f5 Extract time functionality into lib/wallclock and lib/time 2018-06-28 13:01:54 -04:00
Nick Mathewson
bdea94a665 Move floating-point math functions into a new lib/math 2018-06-28 12:24:45 -04:00
Nick Mathewson
6178a9f758 Move compute_num_cpus to lib/thread 2018-06-28 12:08:18 -04:00
Nick Mathewson
042df08693 Move network_init to lib/net 2018-06-28 11:59:16 -04:00
Nick Mathewson
db1a420c4e Move tor_gethostname to lib/net 2018-06-28 11:57:01 -04:00
Nick Mathewson
8c6ff9fec2 Move tor_escape_str_for_pt_args into or/transports.c 2018-06-28 11:49:27 -04:00
Nick Mathewson
30166261bb Move string_is_key_value to lib/encoding 2018-06-28 11:46:32 -04:00
Nick Mathewson
48ebd9bf76 Move weakrng into lib/intmath 2018-06-28 11:39:49 -04:00
Nick Mathewson
aa3edfd205 Move lockfile code into lib/fs 2018-06-28 11:33:50 -04:00
Nick Mathewson
84b8dfe635 Move socket-errno code into lib/net 2018-06-28 11:20:31 -04:00
Nick Mathewson
315e6b59dd Extract process-management functionality into a new lib/process
Note that procmon does *not* go here, since procmon needs to
integrate with the event loop.
2018-06-28 11:18:13 -04:00
Nick Mathewson
ec4eee6356 Fix the include paths for storagedir,conffile (automated) 2018-06-28 09:42:33 -04:00
Nick Mathewson
a1f3ece16d Move conffile and storagedir to lib/fs 2018-06-28 09:38:17 -04:00
Nick Mathewson
38fd3e0df0 Fix up the modules that include memarea.h (automated) 2018-06-28 09:25:58 -04:00
Nick Mathewson
eee86e627b Extract memarea into its own library 2018-06-28 09:25:18 -04:00
Nick Mathewson
9cf335c9a5 Extract threading code into a new library.
Note that the workqueue code does *not* go here: it is logically at
a higher level, since it needs to use libevent and the networking
stack.
2018-06-28 09:14:42 -04:00
Nick Mathewson
544ab27a94 Extract the alert-socket code into lib/net.
This code was in compat_threads, since it was _used_ for efficiently
notifying the main libevent thread from another thread.  But in
spite of its usage, it's fundamentally a part of the network code.
2018-06-28 08:49:07 -04:00
Nick Mathewson
0b7452eeb2 rectify include paths (automatic) for confline.h 2018-06-27 16:59:56 -04:00
Nick Mathewson
b9b44bf000 Move confline.c to lib/encoding: it is about encoding key-value pairs
Also, move "unescape_string()" to encoding too, since it's about
encoding data as C strings.
2018-06-27 16:59:56 -04:00
Nick Mathewson
696f6f1569 Split confline into confline and conffile.
The "conffile" module knows about includes and filesystem access,
whereas confline doesn't.  This will make it possible to put these
functions into libraries without introducing a cycle.
2018-06-27 16:59:56 -04:00
Nick Mathewson
0a9d8dcf2b Move hex_str to binascii.c 2018-06-27 16:59:56 -04:00
Nick Mathewson
194a34cdc2 Extract time encoding functions into lib/encoding 2018-06-27 16:59:56 -04:00
Nick Mathewson
235ddb15a0 Move util_format into a new libtor-encoding library
libtor-encoding is about various ways to transform data to and from
character sequences.
2018-06-27 16:18:42 -04:00
Nick Mathewson
3cff3e825a Move several address-string-testing functions to address.c 2018-06-27 16:18:42 -04:00
Nick Mathewson
e165c9c304 Move various mem* functions to lib/string 2018-06-27 16:18:42 -04:00
Alex Xu (Hello71)
614a78ddaa Fix Rust cross compilation. 2018-06-27 14:42:06 -05:00
Nick Mathewson
9e592d1dec Move tor_strtok_r to libtor-string 2018-06-27 15:28:55 -04:00
Nick Mathewson
4d81f5211b Move set/get_uint*() to inline functions in arch/bytes.h
Also move our ntohll/htonll functions.
2018-06-27 15:28:44 -04:00
Nick Mathewson
000de2f2ac Merge branch 'fs_refactor' 2018-06-27 14:45:17 -04:00
Nick Mathewson
2113603718 Merge branch 'sandbox_refactor' 2018-06-27 14:45:14 -04:00
Nick Mathewson
b9b05e437d Merge branch 'net_refactor' 2018-06-27 12:52:31 -04:00
Nick Mathewson
300e3bebd1 Merge branch 'ticket26494' 2018-06-27 12:47:08 -04:00
Nick Mathewson
3d606dddb9 fixup! Move format_win32_error into lib/log/ 2018-06-27 12:35:48 -04:00
Nick Mathewson
1e2e0f7e46 Extract functions from compat.c and util.h into a new fs library 2018-06-27 12:30:11 -04:00
Nick Mathewson
3246c114a2 Move format_win32_error into lib/log/ 2018-06-27 12:30:11 -04:00
David Goulet
3f8a12a63a control: Make HSPOST properly parse HSADDRESS= param
For HSv3, the HSADDRESS= wasn't properly parsed for the HSPOST command. It now
correctly use it and furthermore sends back a "200 OK" in case the command is
successful for a v3 descriptor.

Fixes #26523

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-06-27 12:25:24 -04:00
Nick Mathewson
356f59b1bd Move read/write_all_to_socket into lib/net. 2018-06-27 12:01:11 -04:00
Nick Mathewson
67135ca8e0 Split read_all and write_all into separate functions 2018-06-27 10:47:42 -04:00
Nick Mathewson
05040a9e84 Minimize and permit sandbox includes from crypto_ops. 2018-06-27 10:12:39 -04:00
Nick Mathewson
ad24ccd472 Minimize includes from sandbox.c 2018-06-27 10:11:27 -04:00
Nick Mathewson
55b7939367 Fix up include paths for sandbox.h (automated) 2018-06-27 10:04:41 -04:00
Nick Mathewson
bee580ddba Move sandbox code into a new library. 2018-06-27 10:04:17 -04:00
Nick Mathewson
0742b38725 Revert "Use the "commands" argument of AC_CONFIG_FILES to make scripts +x"
This reverts commit 56c1fbf33f.
2018-06-27 09:53:46 -04:00
Nick Mathewson
d893be190f rectify include paths (automatic) for address.h 2018-06-27 09:13:04 -04:00
Nick Mathewson
3930416dec Link GetAdaptersAddresses, rather than loading it on-demand.
This function has been present since Windows XP.
2018-06-27 09:12:57 -04:00
Nick Mathewson
42b3caa6ad Move network code to libtor-net.
There are some additional changes to come: those points are marked
by XXXX.
2018-06-27 09:08:35 -04:00
Nick Mathewson
80730c45e0 Move tor_parse_long and friends into parse_int.h in libtor-string 2018-06-26 21:02:29 -04:00
Nick Mathewson
7159edf909 Move the escape-for-log code into src/lib/log
It doesn't need anything higher-level, and everything that needs the
logs potentially needs this.
2018-06-26 20:51:17 -04:00
Nick Mathewson
5f41bc91c6 Merge branch 'ticket26439' 2018-06-26 17:02:06 -04:00
Nick Mathewson
ebbb0348dc Finish renaming digestset_contains to digestset_probably_contains
Since bloom filters are probabilistic, it's nice to make it clear
that the "contains" operation can have false positives.
2018-06-26 13:27:50 -04:00
Nick Mathewson
bf89278c79 Refactor bloom filter logic not to be digest-specific.
Now the address-set code and the digest-set code share the same
backend.

Closes ticket 26510
2018-06-26 13:27:23 -04:00
Nick Mathewson
82a7343b06 fixup! Extract core part of smartlist code into its own library. 2018-06-26 12:21:35 -04:00
Nick Mathewson
6e2b6a6685 fixup! Extract core part of smartlist code into its own library. 2018-06-26 12:18:49 -04:00
Nick Mathewson
d7bd8cf3b6 Use raw_assert directly in smartlist_core
I had previously added a "#define tor_assert raw_assert" here, to
make code movement in the previous commit more clear.
2018-06-26 12:16:04 -04:00
Nick Mathewson
b1de1e7a77 Extract core part of smartlist code into its own library.
The smartlist_core library now contains only the parts of smartlists
that are needed for the logging library.  This resolves the
circularity between "container" and "log".

The "containers" library still uses the logging code, and has the
higher-level smartlist functions.
2018-06-26 12:13:23 -04:00
Nick Mathewson
58fc42fdce Fix comments in lib/container/*.c 2018-06-26 11:33:53 -04:00
Nick Mathewson
92d8284a97 Merge branch 'log_dependencies' 2018-06-26 11:27:33 -04:00
Nick Mathewson
cf0597c3b2 Bump version to 0.3.4.3-alpha-dev 2018-06-26 09:12:23 -04:00
rl1987
240f33e327 Generate trunnel impls and include into build 2018-06-26 12:37:33 +03:00
rl1987
adbe6a2521 Copy socks5.trunnel from trunnel examples dir 2018-06-26 12:37:33 +03:00
Nick Mathewson
b556894ef2 Include stdio.h in torerr.c. 2018-06-25 16:52:14 -04:00
Nick Mathewson
6c836b9e8c Bump to 0.3.4.3-alpha. 2018-06-25 14:07:23 -04:00
Nick Mathewson
b059c38d8a Merge branch 'maint-0.3.4' 2018-06-25 13:50:37 -04:00
Corey Farwell
e62582e9fe Run rustfmt on 'src/rust/protover/ffi.rs'. 2018-06-25 08:03:04 -04:00
Corey Farwell
6d2e4dea10 Utilize type param in method invocation. 2018-06-24 22:45:07 -04:00
Corey Farwell
59d4505749 Utilize if..else for switching on boolean values. 2018-06-24 22:44:36 -04:00
Roger Dingledine
04b350b476 better log line for debugging #26485 2018-06-24 18:14:24 -04:00
Roger Dingledine
73ae92dc52 we've never been good at using "directory" well as a noun 2018-06-24 18:08:24 -04:00
Nick Mathewson
d85fbc9a58 Add some casts to get test_dir.c compiling on windows.
Fixed bug 26479.  Bug introduced by 0a6f4627a4292e4; bug not in any
released version.
2018-06-24 14:06:39 -04:00
Nick Mathewson
3cc0a145bd Fix test_geoip failures on windows by writing file in binary mode.
Fixes bug 26480; bug appeared when we re-enabled the geoip tests on
windows.  Bug originally introduced by our fix to 25787; bug not in
any released Tor.
2018-06-24 14:06:05 -04:00
Corey Farwell
94880b2db7 Utilize if let construct instead of explicit unwrapping. 2018-06-24 10:16:11 -04:00
Corey Farwell
7e9c37f9cb Change allocate_and_copy_string to take a &str instead of &String. 2018-06-24 08:58:26 -04:00
Alexander Færøy
8ec6b36dca Fix memory leak in test_sr_setup_commits().
This patch fixes a memory leak in test_sr_setup_commits() where the
place_holder is allocated, but never freed again.

See: Coverity CID 1437440.
2018-06-23 13:11:03 +02:00
Alexander Færøy
3395de51a0 Fix memory leak in disk_state_parse_commits().
This patch fixes a memory leak in disk_state_parse_commits() where if
commit is NULL, we continue the internal loop, but without ever freeing
the args variable.

See: Coverity CID 1437441.
2018-06-23 13:10:57 +02:00
Alexander Færøy
dcbfee246f Fix memory leak in frac_nodes_with_descriptors().
This patch fixes a memory leak in frac_nodes_with_descriptors() where
we might return without free'ing the bandwidths variable.

See: Coverity CID 1437451.
2018-06-23 13:10:29 +02:00
Alexander Færøy
a2e623f631 Fix memory leak in helper_add_hsdir_to_networkstatus().
This patch fixes a memory leak in helper_add_hsdir_to_networkstatus()
where the rs object might not get properly freed.

See: Coverity CID 1437427.
2018-06-23 13:07:56 +02:00
Alexander Færøy
8e805bf0f6 Fix memory leak in new_establish_intro_cell().
This patch fixes a memory leak in new_establish_intro_cell() that could
happen if a test assertion fails and the *cell_out value isn't properly
free'd.

See: Coverity CID 1437445
2018-06-23 13:07:56 +02:00
Alexander Færøy
8550016e6f Fix memory leak in test_channelpadding_consensus().
The relay variable is always allocated, but might not be freed before we
return from this function.

See: Coverity CID 1437431
2018-06-23 12:52:04 +02:00
Alexander Færøy
c997d49ad6 Fix memory link in test_link_specifier().
This patch fixes a memory leak in test_link_specifier() where ls might
not get freed in case one of the test macros fails.

See: Coverity CID 1437434.
2018-06-23 12:39:20 +02:00
Alexander Færøy
3d80c086be Fix memory leak in decode_link_specifiers().
This patch fixes a memory leak in decode_link_specifiers() where the
hs_spec variable might leak if the default label is taken in the
switch/case expression.

See: Coverity CID 1437437.
2018-06-23 11:54:36 +02:00
Alexander Færøy
d86c45bf5c Fix memory leak in client_likes_consensus().
This patches fixes a memory leak in client_likes_consensus() where if
consensus_cache_entry_get_voter_id_digests() would fail we would return
without having free'd the voters list.

See: Coverity CID 1437447
2018-06-23 10:33:40 +02:00
Alexander Færøy
dc2384da30 Fix potential memory leak in hs_helper_build_hs_desc_impl().
This patch fixes a memory leak in hs_helper_build_hs_desc_impl() where
if a test assertion would fail we would leak the storage that `desc`
points to.

See: Coverity CID 1437448
2018-06-23 10:27:10 +02:00
Alexander Færøy
ce5d055ed7 Fix memory leak in pick_hsdir_v3().
This patch fixes a memory leak in pick_hsdir_v3() where we might return
early, but forgot to free the responsible_hsdirs variable. We solve this
by not allocating storage for responsible_hsdirs until it's actually
needed.

See: Coverity CID 1437449
2018-06-23 03:40:32 +02:00
Alexander Færøy
1724f995c7 Fix potential memory leak in test_hs_auth_cookies().
This patch fixes a potential memory leak in test_hs_auth_cookies() if a
test-case fails and we goto the done label where no memory clean up is
done.

See: Coverity CID 1437453
2018-06-23 03:17:09 +02:00
Alexander Færøy
8c8941eb29 Fix potential memory leak in hs_helper_build_intro_point().
This patch fixes a potential memory leak in
hs_helper_build_intro_point() where a `goto done` is called before the
`intro_point` variable have been assigned to the value of the `ip`
variable.

See: Coverity CID 1437460
See: Coverity CID 1437456
2018-06-23 02:29:54 +02:00
Nick Mathewson
1b93b065fc Make an inline static so we can build with coverage enabled. 2018-06-22 14:11:37 -04:00
Nick Mathewson
405fa42e8a Another windows include 2018-06-22 13:52:30 -04:00
Nick Mathewson
4b32446a4c We also need torerr in tm_cvt. 2018-06-22 13:34:35 -04:00
Nick Mathewson
145665abcb Add another include for windows, and change a log to a raw_assert 2018-06-22 13:33:48 -04:00
Nick Mathewson
76a717890e Remove an "m" that did not belong. 2018-06-22 13:32:47 -04:00
Nick Mathewson
4118ba67db Update the micro-revision.i dependencies, and add a stdlib.h 2018-06-22 13:25:58 -04:00
Nick Mathewson
cf66544941 Two more small changes for CI. 2018-06-22 13:10:52 -04:00
Nick Mathewson
7aecea79cb A pair of missing includes. 2018-06-22 12:53:57 -04:00
Nick Mathewson
b0adf2fc9b Fix up the rust build script library list. 2018-06-22 12:04:11 -04:00
Nick Mathewson
bcf3e546d1 Move util_bug into libtor-log 2018-06-22 11:54:38 -04:00
Nick Mathewson
6fc2d53227 Remove util_bug dependency on compat.h 2018-06-22 11:51:58 -04:00
Nick Mathewson
7a93ce8f63 Update .gitignore and .may_include files 2018-06-22 11:46:44 -04:00
Nick Mathewson
79f73ab330 Finally extract the log library and make it build.
This patch:
  - introduces an fdio module for low-level fd functions that don't
    need to log.
  - moves the responsibility for opening files outside of torlog.c,
    so it won't need to call tor_open_cloexec.
2018-06-22 11:40:20 -04:00
Nick Mathewson
90a09df5ba Extract strlcpy and strlcmp to libtor-string 2018-06-22 11:18:19 -04:00
Nick Mathewson
bfb39164ce Extract core part of gmtime_r, localtime_r (without logging) 2018-06-22 11:17:11 -04:00
Nick Mathewson
b2d4e786b7 Remove the util_bug.h include from smartlist.h.
This change makes a whole bunch of things in torlog.c break, since
apparently I did not find all the fd dependencies.
2018-06-22 10:50:14 -04:00
Nick Mathewson
da4ae8a6b6 Automated fixup of include paths after torlog.h movement. 2018-06-22 10:32:10 -04:00
Nick Mathewson
97b15a1d7c Extract the locking and logging code
The locking code gets its own module, since it's more fundamental
than the higher-level locking code.

Extracting the logging code was the whole point here. :)
2018-06-22 10:31:51 -04:00
Nick Mathewson
2cf033f238 Extract simple integer math into its own module 2018-06-22 09:49:13 -04:00
Nick Mathewson
3883338c81 Move smartlist_add_{v,}asprintf into smartlist.[ch]
Now that I know that "strings" nests below "container", I know this
is safe.
2018-06-22 09:49:13 -04:00
Nick Mathewson
1abadee3fd Extract key string manipulation functions into a new library. 2018-06-22 09:49:13 -04:00
Nick Mathewson
1e07b4031e Move ARRAY_LENGTH to compiler_compat.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
0932f32291 Remove compat.h as unneeded from log.c and torlog.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
9426751b72 Extract our code for answering "what time is it right now".
The other time stuff is higher-level
2018-06-22 09:49:13 -04:00
Nick Mathewson
d1cada5a8a Update permissible includes 2018-06-22 09:49:13 -04:00
Nick Mathewson
c2a558a346 Expunge container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
de508c5f50 Extract smartlist.h from container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
9cf6fc91b1 Remove map from container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
50a5954003 Remove bloom filters, order statistics, and bitarrays from container.h 2018-06-22 09:49:13 -04:00
Nick Mathewson
932b4d0a43 Remove container->crypto dependency
Containers were using crypto_digest.h, just to see the value of
DIGEST_LEN.  Moved those constants into a new defs module.
2018-06-22 09:49:13 -04:00
Nick Mathewson
479c2ab503 Move STRUCT_VAR_P to compat_compiler. 2018-06-22 09:49:13 -04:00
Nick Mathewson
657ff55408 Split container.c based on container types, and minimize includes
Minimizing includes revealed other places includes were necessary.
2018-06-22 09:49:13 -04:00
Nick Mathewson
b8be8265b6 Rectify include paths after container split (automatic) 2018-06-22 09:49:13 -04:00
Nick Mathewson
77dff00b18 Refactor container into a library. 2018-06-22 09:49:13 -04:00
Taylor Yu
d935aceb2b Use correct CARGO_HOME in test_rust.sh
Out-of-tree builds could fail to run the rust tests if built in
offline mode.  cargo expects CARGO_HOME to point to the .cargo
directory, not the directory containing .cargo.

Fixes bug 26455; bug not in any released tor.
2018-06-21 18:20:03 -05:00
Nick Mathewson
f95e3bf5fc Simplify include structure of container.[ch] 2018-06-21 15:33:25 -04:00
Nick Mathewson
e066966bf4 Extract tor_malloc and friends to a new module. 2018-06-21 15:20:01 -04:00
Nick Mathewson
56c1fbf33f Use the "commands" argument of AC_CONFIG_FILES to make scripts +x
Closes ticket 26439.
2018-06-21 14:26:47 -04:00
Nick Mathewson
8dcc015975 Fix wide lines in dirauth/dirvote.* 2018-06-21 14:23:32 -04:00
Nick Mathewson
999f7984e1 New script to check includes for modularity violations
Includes configuration files to enforce these rules on lib and
common.  Of course, "common" *is* a modularity violation right now,
so these rules aren't as strict as I would like them to be.
2018-06-21 14:05:33 -04:00
Nick Mathewson
8918bd90e9 Merge branch 'extract_easy_common_libs' 2018-06-21 13:57:13 -04:00
Nick Mathewson
3305ae5044 Rectify include paths (automated).
You have no idea how glad I am that this is automated.
2018-06-21 13:20:07 -04:00
Nick Mathewson
5b8f4769dc Move testsupport.h to its own directory 2018-06-21 13:20:07 -04:00
Nick Mathewson
e9943d5459 Move responsibility for libdonna out of src/common 2018-06-21 13:19:00 -04:00
Nick Mathewson
71571e3428 Additional non-automated change to trunnel-local.h 2018-06-21 13:19:00 -04:00
Nick Mathewson
accf239fa3 Rectify include paths (automated) 2018-06-21 13:19:00 -04:00
Nick Mathewson
25ccfff86a Split crypto and tls libraries into directories
I am calling the crypto library "crypt_ops", since I want
higher-level crypto things to be separated from lower-level ones.
This library will hold only the low-level ones, once we have it
refactored.
2018-06-21 13:14:14 -04:00
Nick Mathewson
49d7c9ce53 Move more compiler-compatibility stuff into compat_compiler.h 2018-06-21 13:14:14 -04:00
Nick Mathewson
68bbe915d9 di_ops.c does not actually log anything. 2018-06-21 13:14:14 -04:00
Nick Mathewson
fa5fda5bbf Rectify include paths (automated) 2018-06-21 13:14:14 -04:00
Nick Mathewson
cd8f919553 Move compiler-compatibility headers into their own module
This one has no generated code.
2018-06-21 13:14:14 -04:00
Nick Mathewson
d2f4a716e8 Remove unused pubsub module. 2018-06-21 13:14:14 -04:00
Nick Mathewson
209a285166 Rectify include paths (automated) 2018-06-21 13:14:14 -04:00
Nick Mathewson
4bdda6d05f Move trace into its own library in libs.
Apparently it has no testing variant.
2018-06-21 13:14:14 -04:00
Nick Mathewson
03d7812615 Make sure liberr-testing is build with testing flags. 2018-06-21 13:14:14 -04:00
Nick Mathewson
b420da4cf8 Rectify include paths (automated) 2018-06-21 13:14:14 -04:00
Nick Mathewson
2d20cbf837 Extract compression functions into a new library. 2018-06-21 13:08:25 -04:00
Roger Dingledine
471418befb tiny comment and whitespace fixes 2018-06-21 13:07:51 -04:00
Nick Mathewson
ad7776f66d Rename libtor.a to libtor-app.a 2018-06-21 11:03:39 -04:00
Nick Mathewson
727db7aeb9 Rectify include paths (automated) 2018-06-21 11:03:39 -04:00
Nick Mathewson
a403ee6bb3 Move consttime library code into its own directory. 2018-06-21 11:03:39 -04:00
Nick Mathewson
275aff6917 Rectify include paths (automated) 2018-06-21 10:47:11 -04:00
Nick Mathewson
2cfcb7b364 Extract error functionality into a new lowest-level library. 2018-06-21 10:47:11 -04:00
Nick Mathewson
b2346b1201 Refactor makefiles to keep list of internal libraries in one place.
This change makes it possible for us to change the list of libraries
more easily, without changing every single linker line.
2018-06-21 10:35:30 -04:00
Nick Mathewson
da728e36f4 Rectify include paths (automated) 2018-06-21 09:55:16 -04:00
Nick Mathewson
874ba6861a Fix distcheck by naming header properly. 2018-06-21 09:37:32 -04:00
Nick Mathewson
2ad062ee60 Merge branch 'mikeperry_bug26214-rebased_squashed' 2018-06-21 09:20:03 -04:00
Mike Perry
46b06cd699 Bug 26214: Test updates. 2018-06-21 09:18:51 -04:00
Mike Perry
dc397f9a61 Bug 26214: Check stream SENDME against max. 2018-06-21 09:18:51 -04:00
Nick Mathewson
92ae9bb95b Hang on; this branch is supposed to be 0.3.4.2-alpha-dev. 2018-06-21 09:01:00 -04:00
Nick Mathewson
c42071f750 Merge branch 'maint-0.3.4' 2018-06-21 08:59:58 -04:00
Nick Mathewson
e845bd17f8 Merge branch 'bug25787_squashed' into maint-0.3.4 2018-06-21 08:56:27 -04:00
Nick Mathewson
cacf326e78 Revise geoip tests to not require paths of actual geoip config
When I wrote the first one of these, it needed the path of the geoip
file.  But that doesn't translate well in at least two cases:

   - Mingw, where the compile-time path is /c/foo/bar and the
     run-time path is c:\foo\bar.

   - Various CI weirdnesses, where we cross-compile a test binary,
     then copy it into limbo and expect it to work.

Together, these problems precluded these tests running on windows.

So, instead let's just generate some minimal files ourselves, and
test against them.

Fixes bug 25787
2018-06-21 08:56:20 -04:00
Nick Mathewson
27e456cd72 Merge remote-tracking branch 'rl1987/ticket19979_2' 2018-06-21 08:53:48 -04:00
Nick Mathewson
72a5ae8c66 Merge branch 'maint-0.3.4' 2018-06-21 08:38:21 -04:00
Nick Mathewson
73bc863822 Merge branch 'additional_rust_test_fixes' into maint-0.3.4 2018-06-21 08:38:17 -04:00
Nick Mathewson
683776bfab Merge branch 'maint-0.3.4' 2018-06-21 08:36:48 -04:00
Nick Mathewson
c389c41292 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-21 08:36:48 -04:00
Nick Mathewson
599b53f046 add a bn.h include to crypto_dh.c 2018-06-21 08:34:27 -04:00
Roger Dingledine
7b1a3c5164 fix memory leak in protover.c
Fix a memory leak where directory authorities would leak a chunk of
memory for every router descriptor every time they considered voting.

This bug was taking down directory authorities in the live network due
to out-of-memory issues.

Fixes bug 26435; bugfix on 0.3.3.6.
2018-06-20 19:43:58 -04:00
Nick Mathewson
01d0bf1803 add build.rs to EXTRA_DIST 2018-06-20 19:32:01 -04:00
Nick Mathewson
8f3712cf6e eol@eof is still the law in 0.3.4 :( 2018-06-20 19:05:11 -04:00
Nick Mathewson
d110f9c9a6 Add a leak suppression for backtrace_alloc
This appears to be an internal rust thing: I don't know why it's
leaking.  We should investigate further.
2018-06-20 18:02:49 -04:00
Nick Mathewson
3b606ff787 Merge branch 'maint-0.3.4' into additional_rust_test_fixes 2018-06-20 17:53:51 -04:00
Nick Mathewson
f24797a587 Merge branch 'maint-0.3.4' 2018-06-20 17:49:56 -04:00
Nick Mathewson
f91ea506f0 Fix clang warnings introduced by 9f2b887c5d 2018-06-20 17:49:06 -04:00
Nick Mathewson
3a64052099 Fix memory leak in CryptoDigest type
If you're owning a C pointer, you need to implement Drop.
2018-06-20 17:28:28 -04:00
Nick Mathewson
592e8ac395 Disable doctests in src/rust/crypto module.
These all need C linking to work, and so far, rustdoc does not seem
to respect cargo setting about build scripts or RUSTOPTIONS.
2018-06-20 17:16:44 -04:00
Nick Mathewson
901ada7e5f Fix bugs in rust digest tests 2018-06-20 17:08:00 -04:00
Nick Mathewson
e99ecf9399 Merge branch 'rust_build_script_v3' into additional_rust_test_fixes 2018-06-20 17:07:47 -04:00
Nick Mathewson
398f15bdf1 Merge branch 'maint-0.3.4' 2018-06-20 16:37:39 -04:00
Isis Lovecruft
7589fd6d40 rust: Remove --all-features flag from cargo test call in test_rust.sh.
We'd like to feature gate code that calls C from Rust, as a workaround
to several linker issues when running `cargo test` (#25386), and we
can't feature gate anything out of test code if `cargo test` is called
with `--all-features`.

 * FIXES #26400: https://bugs.torproject.org/26400
2018-06-20 16:37:33 -04:00
Nick Mathewson
c86850c4c9 Don't use any asserts(), even raw, in format_number_sigsafe().
Also explain why.
2018-06-20 16:16:45 -04:00
Nick Mathewson
057d838409 Use raw_assert() in write_all().
This makes tor_log() finally non-circular.
2018-06-20 16:16:45 -04:00
Nick Mathewson
7a2dce9006 Use raw_assert() in central allocation functions.
This is, again, to avoid circularity in the log code.
2018-06-20 16:16:45 -04:00
Nick Mathewson
17ba51a30a Use raw_assert in mutex functions to avoid circularity in logs. 2018-06-20 16:16:45 -04:00
Nick Mathewson
bb15dc1ebd Allow raw_assert() to dump stack traces.
It doesn't do this as beautifully as tor_assert(), but it doesn't
depend on any higher-level code.
2018-06-20 16:16:45 -04:00
Nick Mathewson
a969ce464d Remove log dependency from backtrace.[ch] 2018-06-20 16:16:45 -04:00
Nick Mathewson
3246c9648c Use compat_compiler to restore macros in torerr.h 2018-06-20 15:08:06 -04:00
Nick Mathewson
aa490e971b Split compiler-compatibility parts of compat.h 2018-06-20 15:08:06 -04:00
Nick Mathewson
5ecd1fec15 Move horrible-emergency handling into torerr.[ch]
Previously we had code like this for bad things happening from
signal handlers, but it makes sense to use the same logic to handle
cases when something is happening at a level too low for log.c to be
involved.

My raw_assert*() stuff now uses this code.
2018-06-20 15:08:06 -04:00
Nick Mathewson
8865972a0b Use raw_assert in tor_gettimeofday
We don't want to actually be calling logs when gettimeofday() fails,
since we need gettimeofday() to log.
2018-06-20 10:42:06 -04:00
Nick Mathewson
90aeaa53cd Remove all use of the assert.h header
Nothing in Tor has actually called assert() for some while.
2018-06-20 10:39:07 -04:00
Nick Mathewson
ae01864b5d Add raw_assert() variants for cases where we cannot log.
Remove a different raw_assert() macro declared in log.c
2018-06-20 10:36:14 -04:00
Nick Mathewson
9fa73003fc Remove dmalloc support; closes #26426
Dmalloc hasn't seen a release in over a decade, and there are much
better tools to use these days.
2018-06-20 10:21:34 -04:00
Nick Mathewson
0dab29ce10 Run rectify_include_paths.py 2018-06-20 09:35:05 -04:00
Nick Mathewson
257b280776 Simplify AM_CPPFLAGS include setup
We had accumulated a bunch of cruft here.  Now let's only include
src and src/ext.  (exception: src/trunnel is autogenerated code, and
need to include src/trunnel.)

This commit will break the build hard.  The next commit will fix it.
2018-06-20 09:27:04 -04:00
Nick Mathewson
d7301a456a Merge remote-tracking branch 'neel/b25886c' 2018-06-20 08:32:34 -04:00
Nick Mathewson
e9c93a3415 Merge branch 'maint-0.3.4' 2018-06-20 08:29:52 -04:00
Nick Mathewson
0a6f4627a4 eol@eof in test-dir.c 2018-06-20 08:29:38 -04:00
Nick Mathewson
fb0019daf9 Update copyrights to 2018. 2018-06-20 08:13:28 -04:00
Nick Mathewson
11a76b903b Merge branch 'maint-0.3.4' 2018-06-20 08:05:07 -04:00
Nick Mathewson
7b9cd5cca5 Merge branch 'asn_bug24977_final_squashed' into maint-0.3.4 2018-06-20 08:02:27 -04:00
George Kadianakis
b7b7dab00d Recreate nodelist before use if it's outdated.
We currently only do the check when we are about to use the HSDir indices.
2018-06-20 08:01:02 -04:00
George Kadianakis
a686464420 Recreate voting schedule before use if it's outdated. 2018-06-20 08:01:02 -04:00
Nick Mathewson
334edc22d1 Merge branch 'maint-0.3.4' 2018-06-20 07:55:15 -04:00
Isis Lovecruft
4971d7afa6 rust: Remove redundant "testing" feature from tor_log crate.
It was synonymous with the builtin "test" feature.

 * FIXES #26399: https://bugs.torproject.org/26399
2018-06-20 07:55:12 -04:00
Nick Mathewson
5acbcf150e Merge branch 'maint-0.3.4' 2018-06-20 07:53:22 -04:00
rl1987
9054ccb36b Enable DEBUG_SMARTLIST in unit tests 2018-06-20 07:49:41 -04:00
rl1987
7bb3777dfb Refrain from accessing empty smartlist in test_bridges_clear_bridge_list
Just check that smartlist length is zero instead
2018-06-20 07:49:41 -04:00
Nick Mathewson
152e4a1e50 Merge branch 'maint-0.3.4' 2018-06-20 07:35:17 -04:00
Nick Mathewson
ac1747e47f Merge remote-tracking branch 'catalyst-github/bug26415_034' into maint-0.3.4 2018-06-20 07:35:13 -04:00
Nick Mathewson
b63d6984a6 Merge branch 'maint-0.3.4' 2018-06-19 19:10:28 -04:00
Alexander Færøy
e309aa4c8c Fix linker errors when building Tor.
This patch fixes linking errors when compiling Tor with the dirauth
module disabled.

See: https://bugs.torproject.org/26418
2018-06-19 23:10:12 +02:00
Taylor Yu
bfd36177c4 Fix compilation of Rust crypto doctests
The doctests for src/rust/crypto don't compile for multiple reasons,
including some missing exports and incorrect identifier paths.  Fixes
bug 26415; bugfix on 0.3.4.1-alpha.
2018-06-19 13:53:26 -05:00
rl1987
5af29fbb63 When possible, use RFC5869 HKDF implementation from OpenSSL
Also, stop supporting empty HKDF input key material
2018-06-19 19:26:31 +03:00
Nick Mathewson
bd9ebb3763 Use a rust build script to set linker options correctly for tests.
We need this trick because some of our Rust tests depend on our C
code, which in turn depend on other native libraries, which thereby
pulls a whole mess of our build system into "cargo test".

To solve this, we add a build script (build.rs) to set most of the
options that we want based on the contents of config.rust.  Some
options can't be set, and need to go to the linker directly: we use
a linker replacement (link_rust.sh) for these.  Both config.rust and
link_rust.sh are generated by autoconf for us.

This patch on its own should enough to make the crypto test build,
but not necessarily enough to make it pass.
2018-06-19 12:01:13 -04:00
Nick Mathewson
f3267741e4 Merge branch 'maint-0.3.4' 2018-06-18 17:09:03 -04:00
Nick Mathewson
d27745d81d Remove duplicate MODULE_DIRAUTH_SOURCES from libtor_testing.a
This was already added to LIBTOR_A_SOURCES; it doesn't need to get
added again.

Fixes bug 26402. Bugfix on 0.3.4.1-alpha.
2018-06-18 17:07:27 -04:00
Nick Mathewson
5879909826 Revert "Remove duplicate MODULE_DIRAUTH_SOURCES from libtor_testing.a"
This reverts commit 70d91bd059.
2018-06-18 17:06:18 -04:00
Nick Mathewson
70d91bd059 Remove duplicate MODULE_DIRAUTH_SOURCES from libtor_testing.a
This was already added to LIBTOR_A_SOURCES; it doesn't need to get
added again.

Fixes bug 26402. Bugfix on 0.3.4.1-alpha.
2018-06-18 17:03:52 -04:00
Nick Mathewson
29982e5190 Remove redundant typedefs from _st.h files
The typedefs are already in or.h
2018-06-18 16:05:36 -04:00
David Goulet
a8e76f3824 test: Add missing headers in test_controller.c
After the big or.h refactoring, one single unit test file was missing two
headers for node_t and microdesc_t.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-06-18 15:07:30 -04:00
Isis Lovecruft
508332feaf
rust: Add "test-c-from-rust" feature-gate.
Due to linker issues (#25386) when testing Rust code which calls C,
all tests which touch FFI code should now be feature-gated behind the
"test-c-from-rust" flag.  To run this test code, cargo must be called
with `cargo test --features="test-c-from-rust"`.

 * FIXES #26398: https://bugs.torproject.org/26398
2018-06-18 18:57:38 +00:00
Nick Mathewson
104c2e9e7e Merge branch 'split_or_h' 2018-06-18 14:18:34 -04:00
Nick Mathewson
bcc1368c77 Merge branch 'maint-0.3.4' 2018-06-18 13:10:47 -04:00
Nick Mathewson
3640c63498 Merge remote-tracking branch 'ffmancera-1/bug24658-dh_stream' 2018-06-17 20:39:13 -04:00
Nick Mathewson
16dd2f7bb0 Merge remote-tracking branch 'rl1987/bug25477' 2018-06-17 20:25:40 -04:00
Nick Mathewson
5746e210b8 Merge remote-tracking branch 'rl1987/feature8323_squashed2' 2018-06-17 20:20:15 -04:00
Nick Mathewson
d5e4b6983f Merge remote-tracking branch 'rl1987/bug26282' 2018-06-17 19:32:08 -04:00
Nick Mathewson
987174cc6f Merge remote-tracking branch 'github/bug26152_035' 2018-06-17 19:28:59 -04:00
Nick Mathewson
e6aa2d526e Changes to make the rust crypto::mod tests compile
The digest tests don't link yet, though.
2018-06-16 13:22:44 -04:00
Nick Mathewson
8184f45ad9 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-06-16 13:10:19 -04:00
Nick Mathewson
ccf1eb3164 Fix a bug in my fix for #26258
The fix here is use a different bourne shell subsitution for
CARGO_ONLINE, so that an empty string counts as set.
2018-06-16 13:08:40 -04:00
Nick Mathewson
71ddfbaadd Merge remote-tracking branch 'isis/bug26267' into maint-0.3.4 2018-06-16 12:43:28 -04:00
Neel Chauhan
9d7f148885 Make frac_nodes_with_descriptors() take and use for_direct_connect 2018-06-16 11:27:28 -04:00
Nick Mathewson
97cc61e947 Merge branch 'maint-0.3.4' 2018-06-16 10:20:27 -04:00
Nick Mathewson
530d67410f Merge remote-tracking branch 'isis/bug26245' into maint-0.3.4 2018-06-16 10:19:26 -04:00
Nick Mathewson
8c1e2d7557 Merge branch 'maint-0.3.4' 2018-06-16 10:15:39 -04:00
Isis Lovecruft
748a0c7d0b
rust: Remove unused N_DIGEST_ALGORITHMS constant from crypto_digest.rs.
In the C code, this constant is only ever used in src/test/bench.c.

 * FIXES part of #26245: https://bugs.torproject.org/26245
2018-06-15 23:22:43 +00:00
Isis Lovecruft
d5a9b77a28
rust: Add comment and pragma on "unused" smartlist_t type.
* FIXES part of #26245: https://bugs.torproject.org/26245
2018-06-15 22:49:39 +00:00
Taylor Yu
468bf58fa2 Make Rust warnings conditionally fatal
Set rustc flags to treat warnings as fatal if configured with
--enable-warnings.
2018-06-15 17:27:19 -05:00
Isis Lovecruft
ac5b1428ea
rust: Expose rand module from crypto crate. 2018-06-15 21:44:22 +00:00
Nick Mathewson
e22822e4ae Bump master to 0.3.5.0-alpha-dev 2018-06-15 17:19:49 -04:00
Taylor Yu
9dd45456fe Set default-features = false for rand_core
Apparently rand and rand_core need to be built with the "std" feature
set consistently, or there will be a compile error in rngs/jitter.rs.
2018-06-15 15:19:16 -05:00
Nick Mathewson
7dbe504f3e Move hsdir_index_t into its own header. 2018-06-15 15:41:27 -04:00
Nick Mathewson
3191ba389d Move extend_info_t into its own header. 2018-06-15 15:37:05 -04:00
Nick Mathewson
fde868ffe3 Extract cell type and their queues into new headers
Since packed_cell and destroy_cell exist only to be queued, they go
in the same headers as the queues.
2018-06-15 15:27:46 -04:00
Nick Mathewson
958df2829a Extract cached_dir_t into a new header. 2018-06-15 15:06:00 -04:00
Nick Mathewson
f85d731e3a Extract download_status_t into its own header. 2018-06-15 14:58:43 -04:00
Nick Mathewson
03fc83ab6d Extract signed_descriptor_t into its own header. 2018-06-15 14:53:07 -04:00
Nick Mathewson
ed0731c7de Extract routerinfo_t into its own header.
I was expecting this to be much worse.
2018-06-15 14:49:46 -04:00
Nick Mathewson
9d6276bca8 Extract microdesc_t into its own header. 2018-06-15 14:38:30 -04:00
Nick Mathewson
def1f20e1f Extract routerstatus_t into its own header. 2018-06-15 14:33:03 -04:00
Nick Mathewson
00f1d1653e Extract extrainfo_t into its own header 2018-06-15 14:21:25 -04:00
Nick Mathewson
1e4e9db815 Extract authority_cert_t into its own header 2018-06-15 14:14:11 -04:00
Nick Mathewson
b8ae4111e3 Extract desc_store_t and routerlist_t into their own headers. 2018-06-15 14:07:17 -04:00
Nick Mathewson
62315dab84 Extract ns_detached_signatures_st into its own header. 2018-06-15 13:49:30 -04:00
Nick Mathewson
50369f8981 Extract networkstatus_t and ..sr_info_t into their own headers 2018-06-15 13:45:15 -04:00
Nick Mathewson
89aefb0319 Extract networkstatus_vote_info_t into its own header. 2018-06-15 13:31:47 -04:00
Nick Mathewson
80c9e1e585 Move document_signature_t into its own header. 2018-06-15 13:27:11 -04:00
Nick Mathewson
f901ca958a fixup! Extract node_t into its own header. 2018-06-15 13:23:44 -04:00
Nick Mathewson
72d2fd83d8 Split vote_{microdesc_hash,routerstatus}_t into their own headers 2018-06-15 13:23:02 -04:00
Nick Mathewson
d2942d127d Extract node_t into its own header. 2018-06-15 13:13:33 -04:00
Nick Mathewson
8b7df72359 Split socks_request_t into its own header. 2018-06-15 13:01:50 -04:00
Nick Mathewson
ad52fe7e88 Move network_liveness_t into circuitstats.h and make it private
This type is only used in one place and never exposed.
2018-06-15 12:56:54 -04:00
Nick Mathewson
e13f59416c Move measured_bw_line_t into dirserv.h 2018-06-15 12:54:55 -04:00
Nick Mathewson
c9e4ebf96a Move fp_pair_t declaration to fp_pair.h. 2018-06-15 12:52:22 -04:00
Nick Mathewson
f8794b0b36 Move vote_schedule into its own header. 2018-06-15 12:50:07 -04:00
Nick Mathewson
5cdc234330 Split rend_authorized_client_t and encoded_.._t into their own headers 2018-06-15 12:36:59 -04:00
Nick Mathewson
990184da49 Extract rend_intro_point_t into its own header. 2018-06-15 12:23:06 -04:00
Nick Mathewson
22e9c64738 Extract rend_service_descriptor_t into its own header. 2018-06-15 12:18:17 -04:00
Nick Mathewson
7d2d131afa Extract tor_version_t into its own header. 2018-06-15 12:12:15 -04:00
Nick Mathewson
d51de77311 Extract cpath_build_state into its own header.
More modules use this than I had expected!
2018-06-15 12:07:20 -04:00
Nick Mathewson
c846b0e486 Extract crypt_path_reference_t into its own header. 2018-06-15 11:57:48 -04:00
Nick Mathewson
b3f2c682b7 Extract crypt_path_t and relay_crypto_t into their own headers 2018-06-15 11:52:32 -04:00
Nick Mathewson
e0830ff7bf Extract circuit_t into its own header 2018-06-15 11:38:36 -04:00
Nick Mathewson
a0bc164af5 Extract {or,origin}_circuit_t into their own headers 2018-06-15 11:34:33 -04:00
Nick Mathewson
bba998af65 Extract connection_t into its own header.
Now the entire connection_t hierarchy is extracted from or.h
2018-06-15 11:05:56 -04:00
Nick Mathewson
bcc283bcc9 Split or_handshake_{certs,state}_t into their own headers. 2018-06-15 10:56:15 -04:00
Nick Mathewson
19c34b4658 Move or_connection_t to its own header. 2018-06-15 10:48:50 -04:00
Nick Mathewson
6c0fe9d07c Split listener_connection_t into its own header
For once, it's a type that is used almost nowhere else besides the
logical place.
2018-06-15 10:37:33 -04:00
Nick Mathewson
1416f54d1e Split dir_connection_t into its own header 2018-06-15 10:31:21 -04:00
Nick Mathewson
3b917b2408 Split control_connection_t into its own header.
This one was actually fairly simple.
2018-06-15 10:17:27 -04:00
Nick Mathewson
5d5c442e6a Split entry and edge_connection_t into their own headers. 2018-06-15 10:10:24 -04:00
Nick Mathewson
2a574d11ac Move dir_server_t into its own header. 2018-06-14 16:58:01 -04:00
Nick Mathewson
df9a3fe86f Make server_port_cfg_t and port_cfg_t into separate headers. 2018-06-14 16:48:15 -04:00
Nick Mathewson
6896ab28b2 Move entry_port_cfg_t into its own header. 2018-06-14 16:19:11 -04:00
Nick Mathewson
945d871da5 Merge branch 'maint-0.3.3' 2018-06-14 12:50:26 -04:00
Nick Mathewson
71065201dd Merge remote-tracking branch 'public/bug26258_033' into maint-0.3.3 2018-06-14 12:47:09 -04:00
Nick Mathewson
ee860b8f37 squash! Make sure that the test_rust.sh script fails when a test fails
Also make sure that we're actually running the test from within the right
cwd, like we do when we're building.  This seems necessary to avoid
an error when running offline.

Amusingly, it appears that we had this bug before: we just weren't
noticing it, because of bug 26258.
2018-06-13 12:21:25 -04:00
Nick Mathewson
ce692332b8 test_entrynodes: fix a GCC warning
Some versions of GCC complain that the bfn_mock_node_get_by_id
function might return NULL, but we're assuming that it won't.
(We're assuming it won't return NULL because we know in the tests
that we're passing it valid IDs.)

To make GCC happy, tt_assert() that each node_t is set before using
it.

Fixes a second case of bug26269; bugfix on 0.3.0.1-alpha.
2018-06-13 10:45:15 -04:00
Nick Mathewson
015fcd0e11 Fix a GCC "potential null dereference" warning.
Fixes bug 26269; bugfix on c30be5a82d in 0.2.8.2-alpha
2018-06-13 10:34:53 -04:00
Nick Mathewson
ed7b135812 Merge remote-tracking branch 'asn-github/bug26358' 2018-06-13 10:00:37 -04:00
Nick Mathewson
049ba66746 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-13 09:58:05 -04:00
Nick Mathewson
286d02995f Merge branch 'maint-0.3.3' 2018-06-13 09:58:05 -04:00
Nick Mathewson
6017447e3a Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-13 09:58:04 -04:00
Nick Mathewson
94f3007627 Merge branch 'bug26158_031' into maint-0.3.1 2018-06-13 09:58:01 -04:00
Nick Mathewson
1c80eb92fa Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-13 09:57:10 -04:00
Nick Mathewson
76e9de7c6d Merge branch 'maint-0.3.3' 2018-06-13 09:57:10 -04:00
Nick Mathewson
ff70cc84f8 Merge branch 'bug25686_diagnostic_032' into maint-0.3.2 2018-06-13 09:56:17 -04:00
Nick Mathewson
8c8ed91aae Merge remote-tracking branch 'rl1987/bug24891' 2018-06-13 09:46:50 -04:00
George Kadianakis
99974d4c1e Silence warning of relaycell/circbw tst.
Shouldn't send RELAY_COMMAND_DATA cell with 0 stream id.
2018-06-13 14:14:17 +03:00
George Kadianakis
2520ee34c6 Require live consensus to compute responsible HSDirs.
Here is how this changes the HSv3 client-side and service-side:

For service side we already required live consensus to upload descriptors (see
9e900d1db7) so we should never get there without
a live consensus.

For the client-side we now require a live consensus to attempt to connect to
HS.  While this changes the client behavior in principle, it doesn't really
change it, because we always required live consensus to set HSDir indices, so
before this patch a client with no live consensus would try to compute
responsible HSDirs without any HSDir indices and bug out. This makes the client
behavior more consistent, by requiring a live consensus (and hence a
semi-synced clock) for the client to connect to an HS entirely.

The alternative would have been to allow setting HSDir indices with a non-live
consensus, but this would cause the various problems outlined by commit
b89d2fa1db.
2018-06-13 13:42:34 +03:00
Nick Mathewson
bbbb5f39be bump to 0.3.3.7-dev 2018-06-12 12:05:09 -04:00
Nick Mathewson
ccf2d65610 bump to 0.3.4.2-alpha-dev 2018-06-12 12:04:58 -04:00
Nick Mathewson
16381b579e Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-12 09:44:17 -04:00
Nick Mathewson
53513e4bfe Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-12 09:44:17 -04:00
Nick Mathewson
eaa359650c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-12 09:44:17 -04:00
Nick Mathewson
03f3ee6d74 Merge branch 'maint-0.3.3' 2018-06-12 09:44:17 -04:00
Linus Nordberg
6cf9288518 Add IPv6 orport address for dannenberg. 2018-06-12 09:44:01 -04:00
Nick Mathewson
f2e7570c75 Bump to 0.3.3.7 2018-06-12 08:57:09 -04:00
Nick Mathewson
6230dfaf14 Merge branch 'maint-0.3.3' 2018-06-12 08:18:57 -04:00
Nick Mathewson
5d8a927aa3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-12 08:18:56 -04:00
Nick Mathewson
7fff99110b Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-12 08:18:56 -04:00
Nick Mathewson
d84581a3e6 Merge remote-tracking branch 'teor/bug26272-031' into maint-0.3.1 2018-06-12 08:18:53 -04:00
Nick Mathewson
f4e51990b9 Merge remote-tracking branch 'rl1987/bug26283' 2018-06-12 08:17:48 -04:00
Nick Mathewson
74ac463e7f Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-12 08:11:20 -04:00
Nick Mathewson
6dca180ae9 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-12 08:11:20 -04:00
Nick Mathewson
b2470f5140 Merge branch 'maint-0.3.3' 2018-06-12 08:11:20 -04:00
Nick Mathewson
19f3868523 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-12 08:11:19 -04:00
Nick Mathewson
fa195626bd bump to 0.3.4.2-alpha 2018-06-11 16:49:17 -04:00
Nick Mathewson
faf4580061 Several attempts to diagnose ticket 25686
There are a few reasons that relays might be uploading desciptors
without saying X-Desc-Gen-Reason:
  1. They are running an old version of our software, before 0.3.2.stable.
  2. They are not running our software, but they are claiming they
     are.
  3. They are uploading through a proxy that strips X-Desc-Gen-Reason.
  4. They somehow had a bug in their software.

According to the 25686 data, 1 is the most common reason.  This
ticket is an attempt to diagnose case 4, or prove that case 4
doesn't actually happen.
2018-06-11 16:24:00 -04:00
Karsten Loesing
ae540569ce Update geoip and geoip6 to the June 7 2018 database. 2018-06-11 21:58:55 +02:00
Nick Mathewson
f399887cfe Merge remote-tracking branch 'mikeperry-github/bug26259' 2018-06-08 10:17:00 -04:00
Nick Mathewson
a141127435 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-08 10:12:57 -04:00
Nick Mathewson
dd63033fcb Merge branch 'maint-0.3.1' into maint-0.3.2 2018-06-08 10:11:57 -04:00
Nick Mathewson
1ef8023e00 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-06-08 10:11:57 -04:00
Nick Mathewson
aef0607f38 Merge branch 'maint-0.3.3' 2018-06-08 10:11:57 -04:00
Nick Mathewson
c27bb4072c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-06-08 10:11:57 -04:00
rl1987
719b5c1d27 Avoid out-of-bounds smartlist access in protover_compute_vote()
and contract_protocol_list()
2018-06-08 10:11:32 -04:00
rl1987
25341245ae Implement GETINFO md/all 2018-06-08 13:25:25 +03:00
rl1987
39bbb8d9cf Avoid casting smartlist index implicitly 2018-06-04 11:56:37 +03:00
juga0
7d70f67dea Check bandwidth changes only if small uptime
to upload a new descriptor.
2018-06-03 18:24:27 +00:00
rl1987
9876575d2c Silence -Wbad-function-cast warning (when DEBUG_SMARTLIST is on) 2018-06-03 16:45:09 +03:00
teor
8366be3b51
Silence unused-const-variable warnings in zstd.h on some gcc versions
Fixes bug 26272; bugfix on 0.3.1.1-alpha.
2018-06-02 14:11:04 -07:00
Nick Mathewson
3716ddf1b4 Merge remote-tracking branch 'rl1987/doc25237' 2018-06-02 11:35:06 -07:00
Nick Mathewson
9f884a38e3 Merge branch 'maint-0.3.3' 2018-06-02 10:36:49 -07:00
Nick Mathewson
f15f90e2ca Merge branch 'bug26121-033-squashed' into maint-0.3.3 2018-06-02 10:36:44 -07:00
Mike Perry
fe5764012a Bug 26121: Improve BUILDTIMEOUT_SET accuracy.
We were miscounting the total number of circuits for the TIMEOUT_RATE and
CLOSE_RATE fields of this event.
2018-06-02 10:36:36 -07:00
Nick Mathewson
00e150a0e4 Merge branch 'bug25939_034_01_squashed' 2018-06-02 10:33:33 -07:00
David Goulet
66e76066e0 hs-v3: Build onion address before registering ephemeral service
With the work on #25500 (reducing CPU client usage), the HS service main loop
callback is enabled as soon as the HS service map changes which happens when
registering a new service.

Unfortunately, for an ephemeral service, we were building the onion address
*after* the registration leading to the "service->onion_address` to be an
empty string.

This broke the "HS_DESC CREATED" event which had no onion address in it. And
also, we were logging an empty onion address for that service.

Fixes #25939

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-06-02 10:33:20 -07:00
rl1987
b7fae0f48c Heed --disable-unittests properly 2018-06-02 12:53:04 +03:00
rl1987
f8d549db7b Point reader to a section in tor-spec.txt 2018-06-02 11:15:10 +03:00
Mike Perry
93ee227e18 Bug 26259: Don't count 0-length RELAY_COMMAND_DATA in CIRC_BW OVERHEAD
This cell should be treated as invalid for purposes of CIRC_BW.
2018-06-01 00:23:08 +00:00
Nick Mathewson
9d06c41c6e Make sure that the test_rust.sh script fails when a test fails
Exit codes from find(1) seem not to be so reliable as we had hoped.

Closes ticket 26258; bugfix on 0.3.3.4-alpha when we fixed #25560
2018-05-31 17:15:57 -07:00
rl1987
eb7a3fae08 Refrain from mentioning old bug in a warning 2018-05-30 19:44:20 +02:00
Nick Mathewson
d7bbfd0f62 Fix various typos 2018-05-30 07:57:22 -07:00
Nick Mathewson
fa1890e97f Merge remote-tracking branch 'public/bug25691_033_again_squashed' into maint-0.3.3 2018-05-27 10:03:11 -04:00
Nick Mathewson
3f3739c6e0 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-24 09:40:06 -04:00
Nick Mathewson
f48fb8a720 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-24 09:40:06 -04:00
Nick Mathewson
f42739e746 Merge branch 'maint-0.3.3' 2018-05-24 09:40:06 -04:00
Nick Mathewson
0ef432d457 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-24 09:40:06 -04:00
Nick Mathewson
c000763f1e Merge branch 'bug26116_033' into maint-0.3.3 2018-05-24 09:40:00 -04:00
Nick Mathewson
c380562aed Merge branch 'bug26116_029' into maint-0.2.9 2018-05-24 09:39:46 -04:00
Nick Mathewson
aeb4be1d5a Add a unit test for PEM-encrypted documents. 2018-05-24 09:36:33 -04:00
Nick Mathewson
36a107855b Merge branch 'bug26156_034' 2018-05-23 09:08:57 -04:00
Nick Mathewson
ff27b7ce60 Update version to 0.3.3.6-dev 2018-05-22 18:05:28 -04:00
Nick Mathewson
38f8b3c63d Merge branch 'maint-0.3.3' 2018-05-22 14:13:28 -04:00
Nick Mathewson
80d673ccea Merge branch 'trove-2018-005_032' into maint-0.3.3 2018-05-22 14:13:23 -04:00
Nick Mathewson
7483aef896 avoid a signed/unsigned comparison. 2018-05-22 14:12:44 -04:00
Nick Mathewson
cde5c9d0c3 Merge branch 'maint-0.3.3' 2018-05-22 13:35:33 -04:00
Nick Mathewson
a5d4ce2b39 Make the TROVE-2018-005 fix work with rust. 2018-05-22 13:35:20 -04:00
Nick Mathewson
b858f576c3 Merge branch 'maint-0.3.3' 2018-05-22 12:54:31 -04:00
Nick Mathewson
6e8e005b53 Merge branch 'trove-2018-005_032' into maint-0.3.3 2018-05-22 12:54:26 -04:00
Nick Mathewson
240bb17714 uint breaks compilation on windows 2018-05-22 12:54:05 -04:00
Nick Mathewson
074b182baa version bump to 0.3.3.6 2018-05-22 12:40:18 -04:00
Nick Mathewson
6442417fde fix wide lines 2018-05-22 12:32:00 -04:00
Isis Lovecruft
3283619acf vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. 2018-05-22 12:28:33 -04:00
Isis Lovecruft
701c2b69f5 rust: Mirror TROVE-2018-005 fix in Rust protover implementation.
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the
   splitting/parsing logic in to a new
   `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that
   both `from_str()` and `from_str_any_len()` can call it.)
 * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to
   maintain compatibility with consensus methods older than 29.
 * ADD a limit on the number of characters in a protocol name.
 * FIXES part of #25517: https://bugs.torproject.org/25517
2018-05-22 12:28:33 -04:00
Isis Lovecruft
056be68b1b protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing.
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of
`proto_entry_t`s to their protocol name concatenated with each version number.
For example, given a `proto_entry_t` like so:

    proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t));
    proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t));

    proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa");
    proto->ranges = smartlist_new();

    range->low = 1;
    range->high = 65536;

    smartlist_add(proto->ranges, range);

(Where `[19KB]` is roughly 19KB of `"a"` bytes.)  This would expand in
`expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the
string, e.g.:

    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1"
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2"
    […]
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535"

Thus constituting a potential resource exhaustion attack.

The Rust implementation is not subject to this attack, because it instead
expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031,
and a `HashMap<UnvalidatedProtocol, ProtoSet>` after).  Neither Rust version is
subject to this attack, because it only stores the `String` once per protocol.
(Although a related, but apparently of too minor impact to be usable, DoS bug
has been fixed in #24031. [0])

[0]: https://bugs.torproject.org/24031

 * ADDS hard limit on protocol name lengths in protover.c and checks in
   parse_single_entry() and expand_protocol_list().
 * ADDS tests to ensure the bug is caught.
 * FIXES #25517: https://bugs.torproject.org/25517
2018-05-22 12:28:33 -04:00
Isis Lovecruft
569b4e57e2 rust: Mirror TROVE-2018-005 fix in Rust protover implementation.
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the
   splitting/parsing logic in to a new
   `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that
   both `from_str()` and `from_str_any_len()` can call it.)
 * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to
   maintain compatibility with consensus methods older than 29.
 * ADD a limit on the number of characters in a protocol name.
 * FIXES part of #25517: https://bugs.torproject.org/25517
2018-05-22 12:27:25 -04:00
Nick Mathewson
a3a8d80beb Merge branch 'trove-2018-005_032' into trove-2018-005_033 2018-05-22 12:27:15 -04:00
Nick Mathewson
bc2d6876b3 Add stdbool to protover.h. Only needed for the 032 backport 2018-05-22 12:15:52 -04:00
Isis Lovecruft
b681438daf vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. 2018-05-22 12:13:41 -04:00
Isis Lovecruft
eb96692842 protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing.
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of
`proto_entry_t`s to their protocol name concatenated with each version number.
For example, given a `proto_entry_t` like so:

    proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t));
    proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t));

    proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa");
    proto->ranges = smartlist_new();

    range->low = 1;
    range->high = 65536;

    smartlist_add(proto->ranges, range);

(Where `[19KB]` is roughly 19KB of `"a"` bytes.)  This would expand in
`expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the
string, e.g.:

    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1"
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2"
    […]
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535"

Thus constituting a potential resource exhaustion attack.

The Rust implementation is not subject to this attack, because it instead
expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031,
and a `HashMap<UnvalidatedProtocol, ProtoSet>` after).  Neither Rust version is
subject to this attack, because it only stores the `String` once per protocol.
(Although a related, but apparently of too minor impact to be usable, DoS bug
has been fixed in #24031. [0])

[0]: https://bugs.torproject.org/24031

 * ADDS hard limit on protocol name lengths in protover.c and checks in
   parse_single_entry() and expand_protocol_list().
 * ADDS tests to ensure the bug is caught.
 * FIXES #25517: https://bugs.torproject.org/25517
2018-05-22 12:12:01 -04:00
Nick Mathewson
48d752407b Add a missing include to get the declaration of OPENSSL_1_1_API
Apparently, even though I had tested on OpenSSL 1.1.1 with
no-deprecated, OpenSSL 1.1.0 is different enough that I should have
tested with that as well.

Fixes bug 26156; bugfix on 0.3.4.1-alpha where we first declared
support for this configuration.
2018-05-22 10:05:27 -04:00
Nick Mathewson
6c35ad08cf Add a missing "return -1" when checking for Ed25519 ID loops
Fixes bug 26158; bugfix on 0.3.0.1-alpha.
2018-05-22 08:54:17 -04:00
Nick Mathewson
3d12663243 Fix a crash bug when testing reachability
Fixes bug 25415; bugfix on 0.3.3.2-alpha.
2018-05-22 08:35:37 -04:00
Nick Mathewson
8483241b4e Improve openssl_version tests with better messages
These tests would report errors, but wouldn't report the offending
strings.
2018-05-21 15:16:07 -04:00
Fernando Fernandez Mancera
d38e7ddf5b Refactor crypto.[ch] into smaller HKDF module.
Add two new files (crypto_hkdf.c, crypto_hkdf.h) as new module of crypto.[ch].
This new module includes all functions and dependencies related to HKDF
operations.  Those have been removed from crypto.[ch].

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-05-18 11:04:31 +02:00
Nick Mathewson
3b42b14979 bump to 0.3.4.1-alpha-dev 2018-05-17 09:44:31 -04:00
Nick Mathewson
5dbf70f903 Bump version to 0.3.4.1-alpha; contemplate a release 2018-05-16 14:40:28 -04:00
Nick Mathewson
2b0aab7a6e Add comments explaining when a connected cell has an UNSPEC addr
Should prevent other bugs like 26117.
2018-05-16 14:12:50 -04:00
Nick Mathewson
3c4353179f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-16 12:11:45 -04:00
Nick Mathewson
8340f641c3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-16 12:11:45 -04:00
Nick Mathewson
d3a972561a Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-16 12:11:45 -04:00
Nick Mathewson
d1e4ffc710 Merge branch 'bug26072_029' into maint-0.2.9 2018-05-16 12:11:40 -04:00
Nick Mathewson
ddc3eb20b7 Merge branch 'bug26116_029' into bug26116_033 2018-05-16 11:43:53 -04:00
Nick Mathewson
881f7157f6 Return -1 from our PEM password callback
Apparently, contrary to its documentation, this is how OpenSSL now
wants us to report an error.

Fixes bug 26116; bugfix on 0.2.5.16.
2018-05-16 11:39:42 -04:00
Mike Perry
d0b1157fc1 Bug 26117: Move CIRC_BW field accounting.
Previously, we used the AF_UNSPEC check to represent valid connected cell
data as a result of the lack of return. This was incorrect.
2018-05-15 18:58:24 +00:00
Nick Mathewson
fcfa22d80a Merge branch 'maint-0.3.3' 2018-05-16 12:11:46 -04:00
Nick Mathewson
4a5c1584fe update tor-rust-dependencies submodule 2018-05-16 09:16:47 -04:00
Nick Mathewson
1442e818b6 Merge remote-tracking branch 'isis-github/bug26106' 2018-05-16 09:16:04 -04:00
Nick Mathewson
e5974e5158 Merge remote-tracking branch 'isis-github/bug26108' 2018-05-16 09:14:13 -04:00
Nick Mathewson
2d2cfbcd81 Merge remote-tracking branch 'isis-github/bug26109' 2018-05-16 09:13:27 -04:00
Isis Lovecruft
4d349c6a61
rust: Update rand_core dependency to 0.2.0-pre.0. 2018-05-15 19:33:20 +00:00
Isis Lovecruft
760cf8e28f
rust: Update rand dev-dependency to 0.5.0-pre.2. 2018-05-15 19:31:29 +00:00
Isis Lovecruft
4c21d41407
rust: Export digests subcrate from our crypto crate. 2018-05-15 18:05:52 +00:00
Isis Lovecruft
d9c877a6e5
rust: Export crypto_rand::* functions from our external crate. 2018-05-15 18:03:18 +00:00
Isis Lovecruft
9988882c63
rust: Move rand crate into crypto parent crate. 2018-05-15 17:48:57 +00:00
Isis Lovecruft
2ac849da36
rust: Make Rng::new() methods public. 2018-05-15 17:45:09 +00:00
Nick Mathewson
98aff146d3 Merge branch 'maint-0.3.3' 2018-05-15 09:32:45 -04:00
Nick Mathewson
6acbd4c112 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-15 09:32:44 -04:00
Nick Mathewson
4aa3d511b2 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-15 09:32:44 -04:00
Nick Mathewson
502d2c0062 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-15 09:32:44 -04:00
Karsten Loesing
033e4723f3 Update geoip and geoip6 to the May 1 2018 database. 2018-05-15 15:20:09 +02:00
Nick Mathewson
5eb2d58880 Add a missing return after marking a stream for bad connected cell
Fixes bug 26072; bugfix on 0.2.4.7-alpha.
2018-05-14 15:54:48 -04:00
Nick Mathewson
a394a2dd86 Merge branch 'bug25903_v5_squashed' 2018-05-14 14:25:07 -04:00
Mike Perry
fd504587d5 Bug 25903: Tests 2018-05-14 14:24:58 -04:00
Nick Mathewson
a9ef335c1b Use router_get_my_routerinfo_with_err to implement the old version
Having one function implemented in terms of the other should keep
them from diverging.

follow-up on #25852
2018-05-14 14:12:36 -04:00
Nick Mathewson
d27fd7ff6b Merge remote-tracking branch 'rl1987/bug25852_take2' 2018-05-14 14:05:50 -04:00
Nick Mathewson
aab626405c Merge remote-tracking branch 'catalyst-github/bug25756' 2018-05-11 18:15:43 -04:00
Nick Mathewson
f6c96fd0ca Merge remote-tracking branch 'public/bug25994' 2018-05-11 17:57:59 -04:00
Roger Dingledine
962c2f8776 get rid of whitespace before #ifdef's
i don't know if whitespace is ok to have before preprocessing
directives on all platforms, but anyway we almost never have it,
so now things are more uniform.
2018-05-11 16:27:55 -04:00
David Goulet
51f65c185e control: Mask the event(s) before using ANY_EVENT_IS_INTERESTING()
Before this commit, the control events were never triggered. It was introduced
with commit 0c19ce7bde.

Fixes #26082

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-11 08:58:11 -04:00
Nick Mathewson
9800f4769f Merge remote-tracking branch 'asn-github/bug26078' 2018-05-11 08:20:49 -04:00
George Kadianakis
efe8f17a4d Properly ignore retval of event_del().
Fixes #26078: CID 1435546.
2018-05-11 15:17:52 +03:00
Nick Mathewson
3799f3116b Merge remote-tracking branch 'saper-github/x509_cert_free_crash' 2018-05-11 08:09:26 -04:00
Marcin Cieślak
308eec7532 testing: X509 certificate structure needs to be initialized
We alloc/free X.509 structures in three ways:

1) X509 structure allocated with X509_new() and X509_free()

2) Fake X509 structure allocated with fake_x509_malloc() and fake_x509_free()
   May contain valid pointers inside.

3) Empty X509 structure shell allocated with tor_malloc_zero() and
   freed with tor_free()
2018-05-11 01:44:09 +00:00
Nick Mathewson
75e5b778e1 Merge remote-tracking branch 'public/bug25981' 2018-05-10 19:31:11 -04:00
rl1987
036df13a03 Tweak error handling for #25852 2018-05-10 16:45:57 +03:00
rl1987
8ad97b7dcf Avoid confusion with errno from libc 2018-05-10 16:33:08 +03:00
Nick Mathewson
b343ba9060 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-10 09:22:32 -04:00
Nick Mathewson
7ee67c47fa Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-10 09:22:32 -04:00
Nick Mathewson
382beb93cb Merge branch 'maint-0.3.3' 2018-05-10 09:22:32 -04:00
Nick Mathewson
2d61a83513 Merge remote-tracking branch 'dgoulet/bug26069_031_01' into maint-0.3.1 2018-05-10 09:22:14 -04:00
Nick Mathewson
f64fa6b19e Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-10 09:19:28 -04:00
Nick Mathewson
15b8c860d3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-10 09:19:28 -04:00
Nick Mathewson
2eff709edb Merge branch 'maint-0.3.3' 2018-05-10 09:19:28 -04:00
Nick Mathewson
ba70439210 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-10 09:19:28 -04:00
Nick Mathewson
edb6acf9ce Merge remote-tracking branch 'juga/ticket26007_029_02' into maint-0.2.9 2018-05-10 09:19:09 -04:00
David Goulet
6e99286d45 hs-v3: Add an extra white-space when parsing descriptor
The specification describes the signature token to be right after a newline
(\n) then the token "signature" and then a white-space followed by the encoded
signature.

This commit makes sure that when we parse the signature from the descriptor,
we are always looking for that extra white-space at the end of the token.

It will allow us also to support future fields that might start with
"signature".

Fixes #26069

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-10 09:16:50 -04:00
Nick Mathewson
1eede00a4b Merge branch 'ticket26063_squashed' 2018-05-10 09:13:28 -04:00
rl1987
36f7d0a940 Make _with_err return routerinfo, like old function does 2018-05-10 16:13:16 +03:00
Nick Mathewson
beca6a585c Merge branch 'ticket26064' 2018-05-10 09:05:15 -04:00
Nick Mathewson
8b4cf7771e Enable/disable per-second callback as needed.
There are three cases where this can happen: changes in our
controller events, changes in our DisableNetwork setting, and
changes in our hibernation state.

Closes ticket 26063.
2018-05-10 09:02:44 -04:00
Nick Mathewson
e722bba263 Add a new function to enable/disable the per-second timer as needed
We're about to use this to turn off the per-second timer when the
network is disabled and there aren't any per-second controller
events enabled.
2018-05-10 09:01:56 -04:00
Nick Mathewson
4218511ecd Remove a workaround for ancient libevent versions.
Libevent has accepted a const timeval argument to event_add() for a
very long time now.
2018-05-10 09:01:50 -04:00
Nick Mathewson
80f582ae18 Add functions to enable/disable periodic_event_t objects. 2018-05-10 09:01:27 -04:00
Nick Mathewson
a4a7939ae1 Merge remote-tracking branch 'dgoulet/ticket26062_034_01' 2018-05-10 08:04:03 -04:00
Nick Mathewson
59812789f7 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-10 08:03:04 -04:00
Nick Mathewson
e5acbbd16d Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-10 08:02:10 -04:00
Nick Mathewson
aa08c19703 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-10 08:00:35 -04:00
Mike Perry
1268baee9e Bug 25903: Report new CIRC_BW fields to control port. 2018-05-09 21:23:11 +00:00
Mike Perry
e07e95edd3 Bug 25903: Perform accounting for new CIRC_BW fields.
Two new values in each direction. DELIVERED counts valid end-to-end circuit
data that is accepted by our end and OVERHEAD counts the slack unused data in
each of the relay command cells for those accepted cells.

Control port changes are in the next commit.
2018-05-09 21:23:06 +00:00
Nick Mathewson
d972a8a944 Merge branch 'ticket26016' 2018-05-09 14:04:30 -04:00
Nick Mathewson
f684b48b5b Merge branch 'ticket26009' 2018-05-09 14:01:08 -04:00
Nick Mathewson
0abf09b2ce spelling fix 2018-05-09 14:01:00 -04:00
Nick Mathewson
15ce5a3e5a Fix some clang warnings 2018-05-09 14:01:00 -04:00
Nick Mathewson
c9f07f36bf Mark the 1-per-sec update_current_time() call as redundant.
We still do this time update here, since we do it from all
callbacks, but it is no longer a reason to keep the once-per-second
callback enabled.

Closes ticket 26009.
2018-05-09 14:01:00 -04:00
Nick Mathewson
285e7c98fd Distinguish true clock jumps from idleness
Since we're going to be disabling the second-elapsed callback, we're
going to sometimes have long periods when no events file, and so the
current second is not updated.  Handle that by having a better means
to detect "clock jumps" as opposed to "being idle for a while".
Tolerate far more of the latter.

Part of #26009.
2018-05-09 14:01:00 -04:00
Nick Mathewson
a1a7ebfb8d Give responsibility for waking up from DORMANT to a mainloop event
Closes ticket 26064.
2018-05-09 13:57:00 -04:00
David Goulet
bca8a104b2 Having a ControlPort open doesn't mean we are a client
The any_client_port_set() returns true if the ControlPort is set which is
wrong because we can have that port open but still not behave as a tor client
(like many relays for instance).

Fixes #26062

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-09 12:50:53 -04:00
David Goulet
67a41b6306 Having a ControlPort open doesn't mean we are a client
The options_any_client_port_set() returns true if the ControlPort is set which
is wrong because we can have that port open but still not behave as a tor
client (like many relays for instance).

Fixes #26062

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-09 12:49:34 -04:00
David Goulet
01ffe8e2f4 config: Move any_client_port_set() to config.c
This functions is now used outside of networkstatus.c and makes more sense to
be in config.c.

It is also renamed to options_any_client_port_set() for the config.c
namespace.

No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-09 12:36:39 -04:00
Nick Mathewson
fa7847e450 Use net_is_completely_disabled() in connection.c
This fixes the XXXX case that we had before, and also enforces the
rule that we won't open connections when we're in hard hibernation.
2018-05-09 12:26:50 -04:00
Nick Mathewson
7595eae52a Add a new net_is_completely_disabled() function 2018-05-09 12:21:08 -04:00
Nick Mathewson
c0feb698a0 Comment-only fix: annotate we_are_hibernating() usage
Everywhere we use we_are_hibernating(), remind the reader what it
means.

(Also, add an XXXX to note a DisableNetwork usage to change later.)
2018-05-09 12:18:39 -04:00
Nick Mathewson
50328533e3 Add we_are_fully_hibernating() to distinguish hibernation states
We want to tell "shut down" from "shutting down".
2018-05-09 12:11:14 -04:00
Nick Mathewson
0c19ce7bde Give control.c responsibility for its own once-a-second events
Now it has a function that can tell the rest of Tor whether any
once-a-second controller item should fire, and a function to fire
all the once-a-second events.
2018-05-09 12:06:52 -04:00
Nick Mathewson
79b38081e9 Add a macro to simplify control_update_global_event_mask(). 2018-05-09 12:02:19 -04:00
juga0
dbdde76f56 Test read bandwidth measurements with empty file 2018-05-09 15:58:25 +00:00
Nick Mathewson
abde29824c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-09 11:53:18 -04:00
Nick Mathewson
61d5ce83a1 Merge branch 'maint-0.3.3' 2018-05-09 11:53:18 -04:00
Nick Mathewson
394f102ea6 Merge remote-tracking branch 'asn-github/bug25761_032' into maint-0.3.2 2018-05-09 11:53:15 -04:00
teor
867fe40f91 Stop logging stack contents when reading a zero-length bandwidth file
When directory authorities read a zero-byte bandwidth file, they log
a warning with the contents of an uninitialised buffer. Log a warning
about the empty file instead.

Fixes bug 26007; bugfix on 0.2.2.1-alpha.
2018-05-09 15:19:28 +00:00
Nick Mathewson
9df20f6076 Merge branch 'maint-0.3.3' 2018-05-09 08:25:52 -04:00
Nick Mathewson
a639a67844 Merge branch 'libressl_201805_033' into maint-0.3.3 2018-05-09 08:25:32 -04:00
Nick Mathewson
e6d6347690 Merge remote-tracking branch 'public/bug26005_034' 2018-05-09 08:23:27 -04:00
George Kadianakis
7e8c5e3662 Detect when v3 services get disabled after HUP.
Remove v3 optimization which made Tor not detect disabling services.

This optimization is not so needed because we only call that function after HUP
anyway.

Fixes bug #25761.
2018-05-09 11:25:00 +03:00
George Kadianakis
5dc00c0661 Detect when v2 services get disabled after HUP.
During service configuration, rend_service_prune_list_impl_() sets
rend_service_staging_list to NULL, which blocked pruning after a HUP.

This patch initializes rend_service_staging_list when needed, so that HUP can
detect disabled onion services.

Fixes bug #25761.
2018-05-09 11:25:00 +03:00
Nick Mathewson
01d729cbfe Fix compilation of test_addr.c
This needs to include crypto_rand.h (which it didn't before it was
merged).
2018-05-08 20:20:54 -04:00
Nick Mathewson
a0f051137d Merge branch 'ticket25993_squashed' 2018-05-08 20:09:42 -04:00
Nick Mathewson
24ba5fd748 More unit tests for addressmap_get_virtual_address().
Previously the coverage on this function was mostly accidental,
coming as it did from test_entryconn.c.  These new tests use mocking
to ensure that we actually hit the different failure and retry cases
of addressmap_get_virtual_address(), and make our test coverage a
bit more deterministic.

Closes ticket 25993.
2018-05-08 20:09:33 -04:00
Taylor Yu
de343b4e42 Improve tolerance for dirauths with skewed clocks
Previously, an authority with a clock more than 60 seconds ahead could
cause a client with a correct clock to warn that the client's clock
was behind.  Now the clocks of a majority of directory authorities
have to be ahead of the client before this warning will occur.

Relax the early-consensus check so that a client's clock must be 60
seconds behind the earliest time that a given sufficiently-signed
consensus could possibly be available.

Add a new unit test that calls warn_early_consensus() directly.

Fixes bug 25756; bugfix on 0.2.2.25-alpha.
2018-05-08 17:59:03 -05:00
Taylor Yu
d6948bc776 Deindent warn_early_consensus()
Remove one level of indentation by returning early from the function.
2018-05-08 17:59:03 -05:00
Taylor Yu
0b80a0e500 Factor out warn_early_consensus()
Factor out the early consensus warning code from
networkstatus_set_current_consensus() into a new function
warn_early_consensus().
2018-05-08 17:59:03 -05:00
Taylor Yu
4921670a8c Test early-consensus clock skew warnings 2018-05-08 17:59:03 -05:00
Taylor Yu
be8306c1fb Add expect_no_log_msg_containing() 2018-05-08 17:59:03 -05:00
Taylor Yu
c223377ce6 Make clock_skew_warning() mockable 2018-05-08 17:59:03 -05:00
Taylor Yu
5bd2060054 tests: Add "now" param to construct_consensus()
construct_consensus() in test_routerlist.c created votes using a
timestamp from time().  Tests that called construct_consensus() might
have nondeterministic results if they rely on time() not changing too
much on two successive calls.

Neither existing of the two existing tests that calls
construct_consensus is likely to have a failure due to this problem.
2018-05-08 17:59:03 -05:00
Nick Mathewson
6bfa87d3aa Update rust submodule. 2018-05-08 18:51:31 -04:00
Isis Lovecruft
af182d4ab5
rust: Add crypto crate and implement Rust wrappers for SHA2 code.
* FIXES #24659: https://bugs.torproject.org/24659
2018-05-08 21:03:37 +00:00
Nick Mathewson
3df37d7b6b Merge branch 'bug26004_029_squashed' 2018-05-08 14:26:05 -04:00
Nick Mathewson
a17dc0875a Avoid unsigned integer underflow on empty input. 2018-05-08 14:24:29 -04:00
juga0
dbc80ad19b Allow bandwidth-file lines to have node_id in the last position
Closes ticket 26004.
2018-05-08 14:24:29 -04:00
Nick Mathewson
5edc72a45b Merge remote-tracking branch 'mikeperry/bug25870_rebase' 2018-05-08 14:12:29 -04:00
Nick Mathewson
2a4439adf3 Merge branch 'ticket26008' 2018-05-08 14:09:38 -04:00
Roger Dingledine
c3ae14549d minor cleanups on commit 17daab76
better punctuation and clearer wording
2018-05-08 12:21:24 -04:00
Fernando Fernandez Mancera
827b85e907 Make dh_param_* stuff static again.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-05-08 16:25:40 +02:00
Fernando Fernandez Mancera
ffbf8673b5 Include crypto_dh.h in order to solve dependency issues.
Included crypto_dh.h in some files in order to solve DH module dependency
issues.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-05-08 15:57:31 +02:00
Fernando Fernandez Mancera
f91469c165 Refactor crypto.[ch] into smaller DH module.
Add two new files (crypto_dh.c, crypto_dh.h) as new module of crypto.[ch]. This
new module includes all functions and dependencies related to DH operations.
Those have been removed from crypto.[ch].

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-05-08 15:51:39 +02:00
Fernando Fernandez Mancera
5b7a12d58a Add crypto_log_errors() to crypto_util.[ch]
crypto_log_errors() has been moved to crypto_util.[ch]. It was duplicated in
some files so they have been removed too.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-05-08 15:40:11 +02:00
Nick Mathewson
5ad72bc1f5 Merge remote-tracking branch 'catalyst-github/bug26036' 2018-05-07 14:38:26 -04:00
Nick Mathewson
8b1380cbd0 Don't crash when closing a connection before initializing libevent
Fixes bug 25981; bugfix on 96c5ac338a.  Bug not in any released
version of Tor.
2018-05-07 14:30:30 -04:00
Taylor Yu
9326abe16a Restore sys/random.h inclusion for getentropy()
Code movement for the refactoring for ticket 24658 didn't copy the
inclusion of sys/random.h, which is needed to get a prototype for
getentropy() on macOS 10.12 Sierra.  It also didn't copy the inclusion
of sys/syscall.h, which might prevent the getrandom() syscall from
being properly detected.  Move these inclusions.  Bug not in any
released Tor.
2018-05-07 12:56:12 -05:00
Nick Mathewson
17236a5842 Merge branch 'maint-0.3.3' 2018-05-07 13:33:19 -04:00
Nick Mathewson
46002aa691 Merge remote-tracking branch 'mikeperry/bug25733_029' into maint-0.3.3 2018-05-07 13:33:12 -04:00
Nick Mathewson
2c5841a8b8 Merge remote-tracking branch 'saper/default_nickname' 2018-05-07 13:31:03 -04:00
Nick Mathewson
a1a32b4834 Merge branch 'ticket26014' 2018-05-07 12:07:53 -04:00
Nick Mathewson
fd1d0a7d2e Merge remote-tracking branch 'mikeperry/bug25705_v3_033' 2018-05-07 11:09:25 -04:00
Nick Mathewson
6e3e96d2ff Fix the selection of events to cancel in test_workqueue.c
Our previous algorithm had a nonzero probability of picking no
events to cancel, which is of course incorrect.  The new code uses
Vitter's good old reservoir sampling "algorithm R" from 1985.

Fixes bug 26008; bugfix on 0.2.6.3-alpha.
2018-05-06 21:03:26 -04:00
Nick Mathewson
d14c245a0f Add unit test for ..get_start_of_next_voting_interval().
This functionality was covered only accidentally by our voting-test
code, and as such wasn't actually tested at all.  The tests that
called it made its coverage nondeterministic, depending on what time
of day you ran the tests.

Closes ticket 26014.
2018-05-06 20:42:18 -04:00
rl1987
b00d17aa9e Improve GETCONF exit-policy/* error handling
This will yield different error codes for transient and permament
errors. Furthermore, Tor will give human readable error
messages to controller.
2018-05-05 16:12:00 +02:00
Isis Lovecruft
f36656cada
build: Fix missing include for src/rust/external/crypto_rand.rs file.
* FIXES #26025: https://bugs.torproject.org/26025
2018-05-04 22:23:17 +00:00
Isis Lovecruft
f1864ff4a1
rust: Update Cargo.lock file with changes from #26024. 2018-05-04 20:41:25 +00:00
Isis Lovecruft
36dd2a467f
rust: Update submodule commit for src/ext/rust directory.
* FIXES part of #26024: https://bugs.torproject.org/26024
2018-05-04 20:37:16 +00:00
Isis Lovecruft
b5bd19ea05
Update rand dependency from 0.5.0-pre.0 to 0.5.0-pre.1. 2018-05-04 19:16:42 +00:00
Nick Mathewson
6f8b961a65 I should have tested before I pushed. 2018-05-03 20:16:53 -04:00
Nick Mathewson
08e525c198 Merge remote-tracking branch 'github/ticket25995' 2018-05-03 16:52:09 -04:00
Nick Mathewson
80b9a589bb Merge remote-tracking branch 'dgoulet/ticket25914_034_01' 2018-05-03 16:48:03 -04:00
Nick Mathewson
2f269bfaf1 Add src/rust/rand to include.am 2018-05-03 16:16:09 -04:00
Nick Mathewson
2d07aef3cc Move some includes around to try to fix windows builds 2018-05-03 16:14:38 -04:00
Nick Mathewson
bd153e4640 Update rust dependencies to latest version. 2018-05-03 13:55:55 -04:00
Nick Mathewson
c3b7258370 Merge remote-tracking branch 'isis/bug24660_r1' 2018-05-03 13:50:18 -04:00
Nick Mathewson
48d8fe533e Merge remote-tracking branch 'dgoulet/ticket25990_034_01' 2018-05-03 13:40:10 -04:00
Nick Mathewson
89cafc4afa Use OPENSSL_1_1_API in place of raw OPENSSL_VERSION_NUMBER checks
This is needed for libressl-2.6.4 compatibility, which we broke when
we merged a15b2c57e1 to fix bug 19981.  Fixes bug 26005; bug
not in any released Tor.
2018-05-03 13:33:14 -04:00
Nick Mathewson
b0e5757710 Refactor to remove n_libevent_errors
We cleared this value in second_elapsed_callback.  But what were we
using it for?  For detecting if Libevent returned EINVAL too often!
We already have a way to detect too-frequent events, and that's with
a ratelim_t.  Refactor the code to use that instead.  Closes ticket
26016.
2018-05-03 12:44:00 -04:00
Nick Mathewson
83137275a7 Add update_current_time() calls to periodic and event-driven callbacks
This is part of 26009, where we're going to keep track of the
current time and its jumps without having to do so in
second_elapsed_callback.
2018-05-03 12:02:10 -04:00
Nick Mathewson
1d16b7124f Basic unit tests for update_current_time().
This function is about to get more complicated, so we should track
how it's working.
2018-05-03 12:02:10 -04:00
Nick Mathewson
b0598f2a12 Move the "update the current second" code from second_elapsed_callback
This now happens in a new function, with the intent of having it
invoked from our callbacks.  This is one step on the way to 26009.
2018-05-03 12:02:10 -04:00
Nick Mathewson
5e0316142f Merge remote-tracking branch 'github/ticket25952' 2018-05-03 11:59:53 -04:00
Nick Mathewson
ed636de4cc Merge remote-tracking branch 'github/ticket25951' 2018-05-03 11:59:31 -04:00
Nick Mathewson
be9f0e5f20 Merge remote-tracking branch 'github/ticket25949' 2018-05-03 11:57:09 -04:00
David Goulet
319505d38c hs-v3: Remove extra white-space and clarify comment
From Neel's latest patch on optimizing the hs_circ_service_get_intro_circ()
digest calculation, remove an extra white-space and clarify a comment of the
legacy key digest to inform when to use it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-03 09:34:50 -04:00
David Goulet
2e8eb1d5e3 Merge remote-tracking branch 'asn/bug23107' 2018-05-03 09:33:42 -04:00
Isis Lovecruft
94dcd38a14
rust: Expose crypto_rand() as an impl of rand_core::RngCore. 2018-05-02 22:12:38 +00:00
Nick Mathewson
eb00eff09d Merge branch 'ticket25997' 2018-05-02 16:03:57 -04:00
David Goulet
1f739e9b06 dirauth: Move authdir_mode_v3() to module
This function must return false if the module is not compiled in. In order to
do that, we move the authdir_mode_v3() function out of router.c and into the
dirauth module new header file named mode.h.

It is always returning false if we don't have the module.

Closes #25990

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-02 13:42:24 -04:00
Nick Mathewson
e386d61c9b Make hs_get_responsible_hsdirs() deterministic.
This test was using the current time to pick the time period number,
and a randomly generated hs key.  Therefore, it sometimes picked an
index that would wrap around the example dht, and sometimes would
not.

The fix here is just to fix the time period and the public key.

Fixes bug 25997; bugfix on 0.3.2.1-alpha.
2018-05-02 10:17:46 -04:00
David Goulet
1ef1ed76d8 dirvote: Fix typo in comment
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-02 09:06:40 -04:00
Nick Mathewson
246765342e Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-02 08:46:28 -04:00
Nick Mathewson
993e314c6f Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-02 08:46:28 -04:00
Nick Mathewson
c66b512671 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-02 08:46:28 -04:00
Nick Mathewson
8625f36de1 Merge branch 'maint-0.3.3' 2018-05-02 08:46:28 -04:00
Nick Mathewson
f26d6ead21 Merge branch 'ticket25996' 2018-05-02 08:45:35 -04:00
teor
d465bd27ed
Stop logging stack contents when reading a zero-length bandwidth file
When directory authorities read a zero-byte bandwidth file, they log
a warning with the contents of an uninitialised buffer. Log a warning
about the empty file instead.

Fixes bug 26007; bugfix on 0.2.2.1-alpha.
2018-05-02 22:36:23 +10:00
Nick Mathewson
bf3e899dce Merge branch 'libressl_201805_029' into maint-0.3.3 2018-05-02 08:26:49 -04:00
Nick Mathewson
75f3fbaa3c LibreSSL compatibility fixes.
LibreSSL, despite not having the OpenSSL 1.1 API, does define
OPENSSL_VERSION in crypto.h.  Additionally, it apparently annotates
some functions as returning NULL, so that our unit tests need to be
more careful about checking for NULL so they don't get compilation
warnings.

Closes ticket 26006.
2018-05-02 08:22:05 -04:00
Georg Koppen
da8996d611 Bug 26000: Fix missing ";" 2018-05-02 07:46:05 -04:00
Neel Chauhan
af70d3c459 Optimize legacy intro point digest calculation. 2018-05-02 14:08:28 +03:00
Nick Mathewson
a2b53c1d0b coverage: Repeat the test for avoiding failed intro points
This test, in test_client_pick_intro(), will have different coverage
depending on whether it selects a good intro point the first time or
whether it has to try a few times.  Since it produces the shorter
coverage with P=1/4, repeat this test 64 times so that it only
provides reduced coverage with P=1/2^128.  The performance cost is
negligible.

Closes ticket 25996.  This test was introduced in 0.3.2.1-alpha.
2018-05-01 19:58:39 -04:00
Nick Mathewson
19b53e2645 Use a deterministic PRNG in test_circuit_timeout()
I'd prefer not to do this for randomized tests, but as things stand
with this test, it produces nondeterministic test coverage.

Closes ticket 25995; bugfix on 0.2.2.2-alpha when this test was
introduced.
2018-05-01 19:34:21 -04:00
Nick Mathewson
24299d385d Hold monotonic time constant during channel/outbound_cell test
This change should make it impossible for the monotonic time to roll
over from one EWMA tick to the next during this test, and make it so
that this test never invokes scale_active_circuits() (which it
doesn't test).

(Earlier changes during the 0.3.4 series should make this call even
rarer than it was before, since we fixed #25927 and removed
cached_gettimeofday.  Because this test didn't update
cached_gettimeofday, the chance of rolling over a 10-second interval
was much higher.)

Closes ticket 25994; bugfix on 0.3.3.1-alpha when this test was
introduced.
2018-05-01 18:44:11 -04:00
Nick Mathewson
60fad8d41f Stop using approx_time() in circuitmux_ewma.
It doesn't match with the tick-count code any longer.

Bug not in any released Tor.
2018-05-01 18:28:01 -04:00
Mike Perry
937260af6a Bug 25705: Don't count circuit path failures as build failures.
Also emit a rate limited log message when they happen, since they are likely
correlated with other issues.
2018-05-01 19:47:07 +00:00
Nick Mathewson
5162cf5021 Mark bug cases of addressmap_get_virtual_address as non-covered 2018-05-01 15:28:40 -04:00
Nick Mathewson
5c5392fea7 Merge remote-tracking branch 'github/eliminate_gettimeofday_cached' 2018-05-01 13:27:02 -04:00
Nick Mathewson
b396e4e429 Move unreachable port warnings to a periodic event.
Arguably, the conditions under which these events happen should be a
bit different, but the rules are complex enough here that I've tried
to have this commit be pure refactoring.

Closes ticket 25952.

Finally, before this code goes away, take a moment to look at the
amazing way that we used to try to have an event happen
every N seconds:

      get_uptime() / N != (get_uptime()+seconds_elapsed) / N

Truly, it is a thing of wonder.  I'm glad we didn't start using this
pattern everywhere else.
2018-05-01 13:14:18 -04:00
David Goulet
2b6c13267f dirvote: Make tokens a const in dirvote_parse_sr_commits()
Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:45:34 -04:00
David Goulet
5db331e8fc Make find_opt_by_keyword() take a const smartlist
Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:45:34 -04:00
David Goulet
70c92c3366 sr: Rename shared_random_common.{c|h} to shared_random_client.{c|h}
No code behavior change.

Pars of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:45:34 -04:00
David Goulet
2d79d0155e vote: Move dirvote_recalculate_timing() to voting_schedule.c
By doing so, it is renamed to voting_schedule_recalculate_timing(). This
required a lot of changes to include voting_schedule.h everywhere that this
function was used.

This effectively now makes voting_schedule.{c|h} not include dirauth/dirvote.h
for that symbol and thus no dependency on the dirauth module anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:45:34 -04:00
David Goulet
e504b1b358 vote: Namespace functions in voting_schedule.c
Rename them from dirvote_* to voting_schedule_*.

No code behavior change.

Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:43:23 -04:00
David Goulet
711ff6cdf7 Rename dirvote_common.{c|h} to voting_schedule.{c|h}
No code behavior change.

Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:43:23 -04:00
David Goulet
6452fe78c2 dirvote: Make dirvote_get_preferred_voting_intervals() static
This function doesn't need to be public from the dirvote common file (which
will get renamed in future commit) so move it to dirauth/dirvote.c and make it
static.

Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:43:23 -04:00
David Goulet
098b7fe25b ns: Move dirvote_get_voter_sig_by_alg() to networkstatus.c
It makes more sense to be in networkstatus.c so move it there and rename it
with the "networkstatus_" prefix.

Part of #25988

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 11:43:23 -04:00
Nick Mathewson
4a559e9960 Refactor to use safe_timer_diff. 2018-05-01 10:56:56 -04:00
Nick Mathewson
a73603653a Reschedule voting callback when any cfg option affecting it changes. 2018-05-01 10:54:54 -04:00
Nick Mathewson
234e317ef1 Ensure that voting is rescheduled whenever the schedule changes. 2018-05-01 10:54:54 -04:00
Nick Mathewson
6868398b69 Move responsibility for voting into a separate periodic callback.
Closes ticket25937.
2018-05-01 10:54:54 -04:00
Nick Mathewson
9870497f9d Update dirvote_act() to return the time of its next action.
This is remarkably simple, given the macros in the last commit.
2018-05-01 10:52:16 -04:00
Nick Mathewson
4f184415cc Start refactoring dirvote_act() towards self-scheduling
This change should have no behavioral effect: it just uses macros to
describe the current control flow.
2018-05-01 10:51:08 -04:00
Nick Mathewson
bbf0b92b1c Fix an assertion failure introduced by #25948
Apparently, we can decide our state is dirty before we create the
event to tell the mainloop that we should save it.  That's not a
problem, except for the assertion failure.
2018-05-01 10:47:44 -04:00
Nick Mathewson
9ece027d60 Merge remote-tracking branch 'ffmancera-1/bug20522' 2018-05-01 10:43:40 -04:00
Nick Mathewson
77b7eb2795 Remove responsibility for flushing log cbs from mainloop
This is now handled as-needed as the control module is flushing its
own callbacks.  Closes ticket 25951.
2018-05-01 10:38:46 -04:00
Nick Mathewson
d018bf199c Merge remote-tracking branch 'dgoulet/ticket25610_034_01-squashed' 2018-05-01 10:29:05 -04:00
Nick Mathewson
0d8604c763 Give queued_events_flush_all() responsibility for flushing log cbs
This requires that when a log cb happens, the event for flushing
queued events is scheduled, so we also add the necessary machinery
to have that happen.

Note that this doesn't actually help with logs from outside the main
thread, but those were already suppressed: see #25987 for a ticket
tracking that issue.
2018-05-01 10:26:04 -04:00
Nick Mathewson
b0224bf728 Add a mechanism for the logging system to report queued callbacks
Sometimes the logging system will queue a log message for later.
When it does this, the callback will either get flushed at the next
safe time, or from the second-elapsed callback.

But we're trying to eliminate the second-elapsed callback, so let's
make a way for the log system to tell its users about this.
2018-05-01 10:18:49 -04:00
David Goulet
d8509b450a vote: Return error when adding vote/signature if no dirauth module
Commit 0f3b765b3c added
tor_assert_nonfatal_unreached() to dirvote_add_vote() and
dirvote_add_signatures() when the dirauth module is disabled.

However, they need to return a value. Furthermore, the dirvote_add_vote()
needs to set the msg_out and status_out so it can be sent back. Else,
uninitialized values would be used.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:15:28 -04:00
David Goulet
15e8ce3937 Move back dirvote_authority_cert_dup to dirvote.c
Originally, it was made public outside of the dirauth module but it is no
longer needed. In doing so, we put it back in dirvote.c and reverted its name
to the original one:

dirvote_authority_cert_dup() --> authority_cert_dup()

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
43bba89656 build: Always compile module support for tests
The --disable-module-* configure option removes code from the final binary but
we still build the unit tests with the disable module(s) so we can actually
test that code path all the time and not forget about it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
a2ff4975f3 dirvote: Move the vote creation code into dirvote.c
This code is only for dirauth so this commit moves it into the module in
dirvote.c.

No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
0f3b765b3c dirvote: Handling adding vote and signature if module is disabled
Both functions are used for directory request but they can only be used if the
running tor instance is a directory authority.

For this reason, make those symbols visible but hard assert() if they are
called when the module is disabled. This would mean we failed to safeguard the
entry point into the module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
fdc01cb40e dirvote: Move the handling of GET /tor/status-vote to dirauth module
In order to further isolate the dirauth code into its module, this moves the
handling of the directory request GET /tor/status-vote/* into the module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:08 -04:00
David Goulet
6ee6533fd8 dirvote: Free vote commits in the dirauth module
In order to make sr_commit_free() only used by the dirauth module, this
commits moves the commits free from a vote object into the dirvote.c file
which is now only for the module.

The function does nothing if the module is disabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:06:13 -04:00
Nick Mathewson
4cf6b67f5e Merge remote-tracking branch 'neel/b23094' 2018-05-01 08:56:23 -04:00
Nick Mathewson
07b486c17a Merge branch 'bug24734_squashed' 2018-05-01 08:51:32 -04:00
Neel Chauhan
5458ff20a5 Remove the return value from the fascist_firewall_choose_address_* family of functions 2018-05-01 08:51:16 -04:00
Neel Chauhan
ddb2b965de Initialize ap in the fascist_firewall_choose_address_* family of functions to 0 2018-05-01 08:51:15 -04:00
George Kadianakis
e17f436fff Fix memleak found by unittests. 2018-05-01 00:59:27 +00:00
George Kadianakis
627d2fdbf0 Write unittests to check basic vanguard path selection.
Adds two unittests:
- First checks the path selection of basic Tor circs.
- Second checks the path selection of vanguard circs.

There is a TODO on the second unittest that we might want to test sooner than
later, but it's not trivial to do it right now.

To do these unittests we needed the following mods:
- Make some functions STATIC.
- Add some more fields to the big fake network nodes of test_entrynodes.c
- Switch fake node nicknames to base32 (because base64 does not produce valid nicknames).
2018-05-01 00:59:27 +00:00
Mike Perry
289c04b065 Bug 25870: Allow 4th hop of vanguard circuits to be the guard.
This prevents a malicious RP/IP from learning the guard node in the case that
we are using only one (because we aren't using two guards, or because one of
those two guards is temporarily down).

This ensures the "strong" version of Property #6 from
https://lists.torproject.org/pipermail/tor-dev/2018-April/013098.html
(Information about the guard(s) does not leak to the website/RP at all).
2018-05-01 00:59:21 +00:00
Mike Perry
e34bf50604 Bug 25870: Prevent the creation of A - B - A vanguard sub-paths.
These paths are illegal in Tor and relays will reject them.

We do this by using specific nodes in the exclude list (but ignore /16 and
family).
2018-05-01 00:59:10 +00:00
Nick Mathewson
3a2470762d Add a cast to make clang happy. 2018-04-30 17:14:40 -04:00
Nick Mathewson
72124dc1ef Merge branch 'ticket25948_squashed' 2018-04-30 16:46:59 -04:00
Nick Mathewson
987a7f6676 Move responsibility for or_state_save() to a scheduled callback
Closes ticket 25948.
2018-04-30 16:46:52 -04:00
Nick Mathewson
d1a0534649 Make unit tests pass with new dirserver role. 2018-04-30 10:36:00 -04:00
Nick Mathewson
3800d5916f Merge remote-tracking branch 'dgoulet/ticket25900_034_01' 2018-04-30 10:27:22 -04:00
Nick Mathewson
b205061eb1 Describe schedules as TimeInterval, not TimeIntervalCommaList. 2018-04-30 09:47:35 -04:00
Nick Mathewson
6cb467b462 Merge remote-tracking branch 'github/ticket23354' 2018-04-30 09:45:28 -04:00
Nick Mathewson
a9736f1f38 Merge remote-tracking branch 'github/ticket19429_034' 2018-04-30 09:41:33 -04:00
Marcin Cieślak
0c7740b7de Document default value for Nickname 2018-04-29 13:54:56 +00:00
Neel Chauhan
bfe5a739b7 Make hsdir_index in node_t a hsdir_index_t rather than a pointer. 2018-04-28 20:35:30 -04:00
Mike Perry
d634c1ba6b Bug 25870: Allow the last hop in a vanguard circuit to be our guard.
The last hop in vanguard circuits can be an RP/IP/HSDir.

Since vanguard circuits are at least 3 hops (sometimes 4) before this node,
this change will not cause A - B - A paths.
2018-04-28 01:26:50 +03:00
Nick Mathewson
cb0af6157c Move stdbool include to torint.h
It's friday, and this seems like a good idea, and they're egging me
on in IRC.
2018-04-27 15:08:27 -04:00
Nick Mathewson
d6a773f57d Only define X509_get_not{BeforeAfter} if they are not defined
(The originally submitted version of a15b2c57e1 broke
with OpenSSL 1.1.0.)
2018-04-27 12:55:52 -04:00
Nick Mathewson
346c2eb4e6 Merge branch 'bug25843_v2_squashed' 2018-04-27 12:45:07 -04:00
George Kadianakis
d00ed406e0 Introduce torrc option NumPrimaryGuards 2018-04-27 12:44:54 -04:00
David Goulet
2963e65c30 dirvote: Move SR commit parsing into dirauth module
When parsing a vote in routerparse.c, only dirauth extract the commits from
the vote so move all this code into dirvote.c so we can make it specific to
the dirauth module.

If the dirauth module is disabled, the commit parsing does nothing.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
d7e4706f22 ns: Move ns_detached_signatures_free() to networkstatus.c
From dirvote.c to networkstatus.c where it makes more sense both in terms of
namespace and subsystem responsability.

This removes one less dependency on the dirauth module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
35ff2a3b86 dirvote: Rename authority_cert_dup()
Renamed to follow the file namespace.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
43bee06dd0 dirvote: Rename voter_get_sig_by_algorithm()
In order to follow the public namespace of dirvote.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
26817d9d22 dirvote: Extract shared functions to common file
No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
79a1112a49 sr: Static inline functions if no dirauth module
Add static inline dirauth public functions used outside of the dirauth module
so they can be seen by the tor code but simply do nothing.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
bdcf3a3839 sr: Extract shared SR functions
Move most of the shared random functions that are needed outside of the
dirauth module.

At this commit, because dirvote.c hasn't been refactor, it doesn't compile
because some SR functions need a dirvote function.

Furthermore, 5 functions haven't been touched yet because they are dirauth
only but are in used in other C files than the dirauth module ones.

No code behavior change. Only moving code around.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
2115a54b4a mod: Move dirauth specific files to its own module
This is a pretty big commit but it only moves these files to src/or/dirauth:

  dircollate.c dirvote.c shared_random.c shared_random_state.c
  dircollate.h dirvote.h shared_random.h shared_random_state.h

Then many files are modified to change the include line for those header files
that have moved into a new directory.

Without using --disable-module-dirauth, everything builds fine. When using the
flag to disable the module, tor doesn't build due to linking errors. This will
be addressed in the next commit(s).

No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
35d86b088d dirvote: Reorganize the dirvote.h file
Remove useless include.

Clearly identify functions that are used by other part of Tor, functions that
are only used by the dirauth subsystem and functions that are exposed for unit
tests.

This will help us in the dirauth modularization effort.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
5e1e906a5c dirvote: Move voting_schedule_t to dirvote.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
d177067860 dirvote: Trim down the public API
Many functions become static to the C file or exposed to the tests within the
PRIVATE define of dirvote.h.

This commit moves a function to the top. No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
f0838e7257 config: Make circuit_build_times_disabled() use authdir_mode()
Don't access the AuthoritativeDir options directly. We do this so we can move
authdir_mode() to the dirauth module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
b27dc1cfb5 mod: Build system changes for dirauth module
Make our build system support a disable dirauth module option. It can only be
disabled explicitly with:

  $ ./configure --disable-module-dirauth

If *not* specified that is enabled, an automake conditional variable is set to
true and a defined value for the C code:

  AM_CONDITIONAL: BUILD_MODULE_DIRAUTH
  AC_DEFINE: HAVE_MODULE_DIRAUTH=1

This introduces the dirauth/ module directory in src/or/ for which .c files
are only compiled if the BUILD_MODULE_DIRAUTH is set.

All the header files are compiled in regardless of the support so we can use
the alternative entry point functions of the dirauth subsystem.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
8b58e1e323 test: Unit test for the HS service event rescan
Because we rescan the main loop event list if the global map of services has
changed, this makes sure it does work.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:16:57 -04:00
David Goulet
f7633c1fca hs: Rescan the main loop event list if the service map changes
Because ADD_ONION/DEL_ONION can modify the global service map (both for v2 and
v3), we need to rescan the event list so we either enable or disable the HS
service main loop event.

Fixees #25939

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:16:57 -04:00
David Goulet
3ab017b10c main: Don't rescan main loop events if not initialized
This is done because it makes our life easier with unit tests. Also, a rescan
on an uninitialized event list will result in a stacktrace.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:16:57 -04:00
Nick Mathewson
57f557747d Move responsibility for deferred SIGNEWNYM into a mainloop event
Closes ticket 25949.
2018-04-27 10:45:12 -04:00
Nick Mathewson
9f8b60d74c Move or_state_mark_dirty into statefile.c
Previously it was an inline function in or.h
2018-04-27 10:09:16 -04:00
Nick Mathewson
3a47dfed34 Merge branch 'ticket25376_034_031_squashed' 2018-04-27 09:28:43 -04:00
David Goulet
d6903e9e87 hibernation: Rescan the event list on state change
When we change the hibernation state, rescan the main loop event list because
the new state might affect the events.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 09:28:00 -04:00
David Goulet
05d314f888 main: Add mainloop callback event flags
Implement the ability to set flags per events which influences the set up of
the event.

This commit only adds one flag which is "need network" meaning that the event
is not enabled if tor has disabled the network or if hibernation mode.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 09:28:00 -04:00
Nick Mathewson
cc74dc0066 Merge branch 'ticket25933' 2018-04-26 18:40:27 -04:00
Mike Perry
35e7902116 Bug 25733: Avoid assert failure if all circuits time out.
Prior to #23100, we were not counting HS circuit build times in our
calculation of the timeout. This could lead to a condition where our timeout
was set too low, based on non HS circuit build times, and then we would
abandon all HS circuits, storing no valid timeouts in the histogram.

This commit avoids the assert.
2018-04-26 21:28:28 +00:00
Nick Mathewson
302908657f Fix a test assertion failure due to uninitialized mainloop events
Bug not in any released Tor.
2018-04-26 14:39:26 -04:00
David Goulet
9fd319168b test: Add missing geoip_dummy file to EXTRA_DIST
Needed to run tests from the tarball else the geoip unit test would fail by
not finding that file.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-26 14:15:24 -04:00
Nick Mathewson
857e210b7d Merge branch 'ticket25931' 2018-04-26 13:52:16 -04:00
Nick Mathewson
ff796ad087 Remove connection_ap_attach_pending() from per-second callback.
In 25374, we created the necessary post-loop event for scheduling
connection_ap_attach_pending as needed.  Before that, we were
already running this event once per mainloop.  There's no reason to
also run it once per second.

Closes ticket 25933.  No changes file, since the relevant change is
already in 25374.  Or possibly in 17590, depending on how you look
at it.
2018-04-26 13:37:13 -04:00
Nick Mathewson
96c5ac338a Move close-and-cleanup functions to a postloop event.
Implements ticket 25932.
2018-04-26 13:15:38 -04:00
Nick Mathewson
8a81a70878 Move consdiffmgr_rescan() into a mainloop event.
The change here was very simple, since there is a flag set whenever
we want to schedule this event.

Closes ticket 25391.
m
2018-04-26 12:20:01 -04:00
Nick Mathewson
9abf541f7f Add a function to compute millisecond time difference quickly.
Our main function, though accurate on all platforms, can be very
slow on 32-bit hosts.  This one is faster on all 32-bit hosts, and
accurate everywhere except apple, where it will typically be off by
1%.  But since 32-bit apple is a relic anyway, I think we should be
fine.
2018-04-26 12:01:48 -04:00
Nick Mathewson
7cbc44eeb1 Remove the "cached gettimeofday" logic.
Previously were using this value to have a cheap highish-resolution
timer.  But we were only using it in one place, and current dogma is
to use monotime_coarse_t for this kind of thing.
2018-04-26 12:01:48 -04:00
Nick Mathewson
5e395ba2c2 Rewrite time-handling in circuitmux_ewma to use monotime_coarse
This part of the code was the only part that used "cached
getttimeofday" feature, which wasn't monotonic, which we updated at
slight expense, and which I'd rather not maintain.
2018-04-26 11:50:58 -04:00
David Goulet
7b09282dc7 Merge remote-tracking branch 'dgoulet/ticket25515_034_01-squashed' 2018-04-26 11:38:15 -04:00
juga0
f4ad30448a Recover newline at the EOF, removed by mistake
in 071236e3e2.
2018-04-26 11:33:22 -04:00
juga0
3d4bbf94c6 tests: Add forgotten empty file required for geoip 2018-04-26 11:33:22 -04:00
juga0
d0ad74e0f6 Add clarification about type of file expected 2018-04-26 11:33:22 -04:00
juga0
96469b82f8 Remove FIXME about comparing num countries,
* remove the fixme since clearing the countries should be other issue
* remove unused variables related to it since that cause travis to fail
2018-04-26 11:33:22 -04:00
Isis Lovecruft
6a28a82998 tests: Fix a couple typos and remove unnecessary inline comments. 2018-04-26 11:33:22 -04:00
Isis Lovecruft
3f967bfbd1 tests: Skip two more geoip_load_file tests on Windows.
* FIXES part of #25515: https://bugs.torproject.org/25515
2018-04-26 11:33:22 -04:00
Nick Mathewson
33cba1195b Remove a blank line that was bothering me. 2018-04-26 09:10:58 -04:00
David Goulet
868e348570 callbacks: Add a DirServer role
The clean_consdiffmgr() callback is only for relays acting as a directory
server, not all relays.

This commit adds a role for only directory server and sets the
clean_consdiffmgr() callback to use it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-25 14:21:19 -04:00
David Goulet
b6f7e23bbd clean_consdiffmgr() callback is only for directories
Only relevant for directory servers.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-25 14:12:38 -04:00
David Goulet
1a181a476e Remove dead code in networkstatus.c
We can't end up in the removed else {} condition since we first validate the
flavor we get and then we validate the flavor we parse from the given
consensus which means we can only handle the two flavors of the if/elseif
conditions.

Fixes #25914

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-25 09:35:32 -04:00
Nick Mathewson
2748dd0f1c Ignore CircuitPriorityHalflife values under -EPSILON.
Previously, we were ignoring values _over_ EPSILON.  This bug was
also causing a warning at startup because the default value is set
to -1.0.

Fixes bug 25577; bugfix on 6b1dba214d.  Bug not in any released tor.
2018-04-25 09:15:47 -04:00
Nick Mathewson
58f54a3588 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-25 08:01:54 -04:00
Nick Mathewson
a052eea480 Merge branch 'maint-0.3.3' 2018-04-25 08:01:54 -04:00
Nick Mathewson
7c3f87eb4b Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-25 08:01:53 -04:00
Nick Mathewson
bb35405d2a Fix a copy-paste error in the fix for #23693.
Found by coverity; CID 25912; bug not in any released Tor.
2018-04-25 08:00:55 -04:00
Nick Mathewson
ea3c3a10a2 Merge branch 'maint-0.3.3' 2018-04-24 10:37:36 -04:00
Nick Mathewson
7e7b052b2a Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-24 10:37:36 -04:00
Nick Mathewson
9187cdb1cd Merge remote-tracking branch 'dgoulet/bug25901_032_01' into maint-0.3.2 2018-04-24 10:36:17 -04:00
Nick Mathewson
9be7608fda Merge branch 'maint-0.3.3' 2018-04-24 08:51:58 -04:00
Nick Mathewson
6182f60f75 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-24 08:51:55 -04:00
Nick Mathewson
d2951b381b Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-24 08:49:24 -04:00
Nick Mathewson
e888634076 Merge remote-tracking branch 'public/bug23693_031_redux' into maint-0.3.1 2018-04-24 08:49:20 -04:00
David Goulet
b259008c56 hs: Fix memleak in v3 on SIGHUP
Fixes #25901

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 11:09:57 -04:00
Nick Mathewson
192c7c8bf9 Merge remote-tracking branch 'dgoulet/ticket25762_034_05' 2018-04-23 11:02:05 -04:00
David Goulet
665e23c59a test: Add periodic events unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:57:28 -04:00
David Goulet
87cb9ce900 main: Update periodic events comment based on latest code
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:57:28 -04:00
Nick Mathewson
f70fa67da6 main: Use rescan_periodic_events in initialize_periodic_events_cb 2018-04-23 10:57:28 -04:00
David Goulet
4e85f17eec periodic: Add an enable and disable function
Two helper functions to enable an event and disable an event which wraps the
launch and destroy of an event but takes care of the enabled flag.

They are also idempotent that is can be called multiple time on the same event
without effect if the event was already enabled or disabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:57:28 -04:00
David Goulet
1d864987cb config: Set up periodic events when options changes
In case we transitionned to a new role in Tor, we need to launch and/or
destroy some periodic events.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:57:28 -04:00
David Goulet
a4fcdc5dec main: Launch periodic events by roles
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:57:28 -04:00
David Goulet
ed89bb3253 main: Specialize the periodic events on a per-role basis
In tor, we have a series of possible "roles" that the tor daemon can be
enabled for. They are:

  Client, Bridge, Relay, Authority (directory or bridge) and Onion service.

They can be combined sometimes. For instance, a Directory Authority is also a
Relay. This adds a "roles" field to a periodic event item object which is used
to know for which roles the event is for.

The next step is to enable the event only if the roles apply. No behavior
change at this commit.

Pars of #25762

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:21:59 -04:00
David Goulet
269cd5dba7 main: Sort alphabetically periodic event callbacks
No behavior change, just to make it easier to find callbacks and for the sake
of our human brain to parse the list properly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-23 10:21:59 -04:00
Nick Mathewson
3527f4b8a4 Merge remote-tracking branch 'github/lazy_bucket_refill' 2018-04-23 09:47:05 -04:00
Nick Mathewson
e8683bcbb1 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-23 09:24:33 -04:00
Nick Mathewson
1438c6c713 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-23 09:23:31 -04:00
Nick Mathewson
5c3639923f Merge branch 'maint-0.2.9' into maint-0.3.1 2018-04-23 09:23:31 -04:00
Nick Mathewson
c5ffcbb43f Merge branch 'maint-0.3.3' 2018-04-23 09:23:31 -04:00
Nick Mathewson
beb321d8cd Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-23 09:23:31 -04:00
Nick Mathewson
c4be6dfeab Permit the nanosleep system call in the seccomp2 callbox
Fixes bug 24969; bugfix on 0.2.5.1-alpha when the sandbox was introduced.
2018-04-23 09:15:40 -04:00
Nick Mathewson
cd3fc2aa48 Merge remote-tracking branch 'neel/b25511-r4' 2018-04-23 09:13:24 -04:00
Nick Mathewson
915791bc48 Merge branch 'ticket25024_squashed' 2018-04-22 20:53:04 -04:00
Deepesh Pathak
72bfcb37f1 add changes file and update check-typos in makefile 2018-04-22 20:48:48 -04:00
Nick Mathewson
1ba9b7e013 Merge remote-tracking branch 'mikeperry/bug25400_squashed' 2018-04-22 20:39:35 -04:00
Nick Mathewson
0e8ae82a87 Merge branch 'remove_old_consensus_methods_2018_squashed' 2018-04-22 20:01:09 -04:00
Nick Mathewson
2609a8be81 Require MIN_METHOD_FOR_RECOMMENDED_PROTOCOLS
(Remove support for running without this method.)
2018-04-22 20:00:47 -04:00
Nick Mathewson
5f90d28c01 Remove MIN_METHOD_FOR_{SHARED_RANDOM,EXCLUDING_INVALID_NODES}
Also remove client detection for pre-EXCLUDING_INVALID_NODES
consensuses, and a test for that detection.
2018-04-22 20:00:47 -04:00
Nick Mathewson
73c9c16faa Remove MIN_METHOD_FOR_ED25519_ID_VOTING
This also lets us remove the old rsa-based routerstatus collator.
2018-04-22 20:00:47 -04:00
Nick Mathewson
4d6f21bb6b Remove MIN_METHOD_FOR_{PACKAGE_LINES,GUARDFRACTION,ED25519_ID_IN_MD}
Also remove a rest for pre-19 microdesc versions.
2018-04-22 20:00:47 -04:00
Nick Mathewson
caf766991d Remove MIN_METHOD_FOR_ID_HASH_IN_MD and a test for running without it. 2018-04-22 20:00:47 -04:00
Nick Mathewson
93380db833 Remove MIN_METHOD_{FOR_P6_LINES,FOR_NTOR_KEY,TO_CLIP_UNMEASURED_BW}
Also remove a unit test for pre-MIN_METHOD_FOR_NTOR_KEY consensuses.
2018-04-22 20:00:47 -04:00
Nick Mathewson
08373467b1 Remove MIN_METHOD_FOR and MIN_METHOD_FOR_A_LINES
Also, in networkstatus.c, remove client code for recognizing pre-
MIN_METHOD_FOR_A_LINES consensuses, and corresponding unit tests in
test_dir.c.
2018-04-22 20:00:47 -04:00
Nick Mathewson
69347f48e0 Disable consensus methods before 25.
Consensus method 25 is the oldest one supported by any stable
version of 0.2.9, which is our current most-recent LTS.  Thus, by
proposal 290, they should be removed.

This commit does not actually remove the code to implement these
methods: it only makes it so authorities will no longer support
them.  I'll remove the backend code for them in later commits.
2018-04-22 20:00:47 -04:00
Nick Mathewson
6773102c92 Merge branch 'bug25691_033_again_squashed' 2018-04-22 19:44:27 -04:00
Nick Mathewson
0941c8bfe6 control EXTENDCIRCUIT: check node_has_preferred_descriptor().
Suggested by teor during code review for 25691.
2018-04-22 19:43:27 -04:00
Nick Mathewson
f1c1328f85 Repair the legacy_hs/pick_tor2web_rendezvous_node unit test
It tried to pick nodes for which only routerinfo_t items are set,
but without setting UseMicroDescriptors to 0.  This won't work any
more, now that we're strict about using the right descriptor types
due to 25691/25692/25213.
2018-04-22 19:43:07 -04:00
Nick Mathewson
47163780c3 Rename node_has_descriptor() to node_has_any_descriptor()
Changing the name of this function should help keep us from misusing
it when node_has_preferred_descriptor() would be more appropriate.
2018-04-22 19:43:07 -04:00
Nick Mathewson
7915efd1b8 Use router_crn_flags in more places, to pass direct-connect flag
In order to fix 25691 and 25692, we need to pass the "direct_conn"
flag to more places -- particularly when choosing single-hop
tunnels.  The right way to do this involves having a couple more
functions accept router_crn_flags_t, rather than a big list of
boolean arguments.

This commit also makes sure that choose_good_exit_server_general()
honors the direct_conn flag, to fix 25691 and 25692.
2018-04-22 19:42:28 -04:00
Nick Mathewson
388d217c40 Use node_has_preferred_descriptor() in another case
In router_add_running_nodes_to_smartlist(), we had an inline
implementation of the logic from node_has_descriptor(), which should
be changed to node_has_preferred_descriptor().
2018-04-22 19:42:28 -04:00
Nick Mathewson
948dd2c79e Check for "the right descriptor", not just "any descriptor".
This patch adds a new node_has_preferred_descriptor() function, and
replaces most users of node_has_descriptor() with it.  That's an
important change, since as of d1874b4339 (our fix for #25213),
we are willing to say that a node has _some_ descriptor, but not the
_right_ descriptor for a particular use case.

Part of a fix for 25691 and 25692.
2018-04-22 19:42:26 -04:00
Nick Mathewson
c3e40a8361 Allow cpuworkers to exist without onion keys
Now that we allow cpuworkers for dirport-only hosts (to fix 23693),
we need to allow dup_onion_keys() to succeed for them.

The change to construct_ntor_key_map() is for correctness,
but is not strictly necessary.
2018-04-22 17:17:07 -04:00
Nick Mathewson
5102208447 Improve documentation for CONFIG_TYPE_CSV_INTERVAL. 2018-04-22 15:55:09 -04:00
Nick Mathewson
8b6fc47cc3 Fix an absurdly wide line. 2018-04-22 15:55:09 -04:00
Nick Mathewson
ff6f49f033 Rename find_dl_schedule to find_dl_min_delay.
(We no longer need two separate functions here.)
2018-04-22 15:55:09 -04:00
Nick Mathewson
82d1d8b071 Remove extra values from InitialDelay defaults
These options are now ignored.
2018-04-22 15:55:09 -04:00
Nick Mathewson
2f792c041a Add aliases for the old DownloadSchedule options
These will produce a warning, but still work fine.
2018-04-22 15:55:09 -04:00
Nick Mathewson
2d7b5c6fe5 Change the type of "download schedule" from smartlist to int.
This is done as follows:
  * Only one function (find_dl_schedule()) actually returned a
    smartlist. Now it returns an int.

  * The CSV_INTERVAL type has been altered to ignore everything
    after the first comma, and to store the value before the first
    comma in an int.
2018-04-22 15:55:09 -04:00
Nick Mathewson
9aaed729c1 Rename *DownloadSchedule to *DownloadInitialDelay; make them ints
This commit won't compile. It was made with the following perl
scripts:

s/smartlist_t \*(.*)DownloadSchedule;/int $1DownloadInitialDelay;/;
s/\b(\w*)DownloadSchedule\b/$1DownloadInitialDelay/;
2018-04-22 15:55:09 -04:00
Isis Lovecruft
b5013e841c
rust: Remove mirrored PRNG implementation.
Once we need a PRNG, we'll likely want to change the dev-dependency on the rand
crate to be a real dependency, and use rand::SmallRng as our PRNG.
2018-04-20 23:54:48 +00:00
Isis Lovecruft
49639b2826
rust: Expose our (P)RNGs in Rust and provide safe wrappers.
* FIXES #24660: https://bugs.torproject.org/24660
2018-04-20 23:54:47 +00:00
Isis Lovecruft
f17ace1460
crypto: Move declaration of crypto_init_siphash_key() into crypto.h.
On second thought, this is a global initialisation function and
doesn't conceptually have much to do with getting/using randomnesses.
2018-04-18 19:16:35 +00:00
Nick Mathewson
9d27e3f014 Make test_tortls.c build with openssl no_deprecated.
Also for 19981.
2018-04-18 12:32:39 -04:00
Nick Mathewson
a15b2c57e1 Add support for openssl built with "no-deprecated".
Patch from Andrew John Hughes; partial fix for 19981.
2018-04-18 12:31:24 -04:00
Nick Mathewson
bd3f8260a3 Rename some functions to start with a uniform prefix 2018-04-18 11:45:44 -04:00
Nick Mathewson
3bf9974b6c Fix a pointer size error in test_bridges.c
sizeof(ret) is the size of the pointer, not the size of what it
points to.  Fortunately, we already have a function to compare
tor_addr_port_t values for equality.

Bugfix on c2c5b13e5d8a77e; bug not in any released Tor. Found by
clang's scan-build.
2018-04-17 19:45:59 -04:00
Nick Mathewson
1abe0a5769 Add an initialization case to node_get_prim_dirport
Fixes a bug found by scan-build; bugfix on c2fa743806. Bug not in
any released Tor.
2018-04-17 19:43:14 -04:00
Nick Mathewson
31a450a5b6 Add a redundant memset to node_get_pref_ipv6_orport()
For whatever reason, clang's scan-build isn't sure that this
function actually initializes its output.
2018-04-17 19:41:10 -04:00
Nick Mathewson
d67d3dd145 Fix a copy-and-paste error from 6be994fa71
Found by clang's scan-build too.  Bug not in any released Tor.
2018-04-17 19:39:50 -04:00
Nick Mathewson
087ace7009 Fix a compilation warning on clang 2018-04-17 18:41:39 -04:00
Nick Mathewson
47df912f1c Remove the periodic refill event entirely.
Now that we update our buckets on demand before reading or writing,
we no longer need to update them all every TokenBucketRefillInterval
msec.

When a connection runs out of bandwidth, we do need a way to
reenable it, however.  We do this by scheduling a timer to reenable
all blocked connections for TokenBucketRefillInterval msec after a
connection becomes blocked.

(If we were using PerConnBWRate more, it might make sense to have a
per-connection timer, rather than a single timeout. But since
PerConnBWRate is currently (mostly) unused, I'm going to go for the
simpler approach here, since usually whenever one connection has
become blocked on bandwidth, most connections are blocked on
bandwidth.)

Implements ticket 25373.
2018-04-17 18:20:03 -04:00
Nick Mathewson
780d1b44cf Move responsibility for recording read/written bytes
Previously this was done as part of the refill callback, but there's
no real reason to do it like that.  Since we're trying to remove the
refill callback completely, we can do this work as part of
record_num_bytes_transferred_impl(), which already does quite a lot
of this.
2018-04-17 18:06:46 -04:00
Nick Mathewson
31fbbf2377 Fixup timing wheel warnings related to recent WHEEL_BIT change. 2018-04-17 12:45:53 -04:00
Nick Mathewson
a2acb9b9e9 Refill each token bucket at the last instant before reading/writing.
(This patch does not yet eliminate the global refill callback;
fortunately, bucket refilling is idempotent.)
2018-04-17 12:20:06 -04:00
Nick Mathewson
9af4cd6f31 Refactor responsibility for checking global write bucket emptiness
We used to do this 10x per second in connection_buckets_refill();
instead, we now do it when the bucket becomes empty. This change is
part of the work of making connection_buckets_refill() obsolete.

Closes ticket 25828; bugfix on 0.2.3.5-alpha.
2018-04-17 12:12:07 -04:00
Nick Mathewson
b36c450b57 Amend token_bucket_rw_dec to indicate which buckets became empty. 2018-04-17 12:02:49 -04:00
Nick Mathewson
1356d51af6 Rename connection_bucket_refill to connection_bucket_refill_all
Also document its actual behavior
2018-04-17 11:47:31 -04:00
Nick Mathewson
993f5d284d Rename connection_bucket_round_robin -> get_share
There was nothing round_robinish about this function.
2018-04-17 11:42:14 -04:00
Nick Mathewson
488e2b00bf Refactor the "block the connection on bandwidth" logic
Right now, this patch just introduces and exposes some new
functions. Later, these functions will get a little more complexity.
2018-04-17 11:39:16 -04:00
Nick Mathewson
2bf6f1cd39 token bucket: Add parens to rate_per_sec_to_rate_per_step()
Typecasts bind more tightly than division, so we need to do the
division first.
2018-04-17 11:09:55 -04:00
Nick Mathewson
c5bbf72fb8 Merge branch 'maint-0.3.3' 2018-04-17 10:45:58 -04:00
David Goulet
93ff1870ba heartbeat: Log the number of circuits killed because too many cells
We recently merged a circuit cell queue size safeguard. This commit adds the
number of killed circuits that have reached the limit to the DoS heartbeat. It
now looks like this:

  [notice] DoS mitigation since startup: 0 circuits killed with too many
  cells. 0 circuits rejected, 0 marked addresses. 0 connections closed. 0
  single hop clients refused.

Second thing that this patch does. It makes tor always print the DoS
mitigation heartbeat line (for a relay) even though no DoS mitigation have
been enabled. The reason is because we now kill circuits that have too many
cells regardless on if it is enabled or not but also it will give the operator
a chance to learn what is enabled with the heartbeat instead of suddenly
appearing when it is enabled by let say the consensus.

Fixes #25824

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-17 10:44:43 -04:00
Nick Mathewson
c32108ee0f Merge remote-tracking branch 'public/bug24688' 2018-04-17 09:14:44 -04:00
Neel Chauhan
3a6e37f57f Add GETINFO current-time/{local,utc} regression test 2018-04-16 20:37:50 -04:00
Neel Chauhan
ce84de39ef Make tor_gettimeofday() mockable 2018-04-16 20:37:50 -04:00
Neel Chauhan
e72742d693 Add GETINFO current-time/{local,utc} command to ControlPort 2018-04-16 20:37:50 -04:00
Neel Chauhan
9e3e1b8bfb Add format_local_iso_time_nospace() 2018-04-16 20:37:50 -04:00
Mike Perry
f921fd771a Use u32 add helper for CIRC_BW accounting.
There are quite a few other places this could be used, but keeping it simple
for now.
2018-04-16 21:46:31 +00:00
Mike Perry
0e06a9c3e7 Helper function to add u32 without overflow. 2018-04-16 21:46:31 +00:00
Mike Perry
dfa6808f57 Bug 25400: Make CIRC_BW event properly total everything on a circ. 2018-04-16 21:46:12 +00:00
David Goulet
ae4e5b9824 token: Fix uint32_t to uint64_t conversion
Unfortunately, the units passed to
monotime_coarse_stamp_units_to_approx_msec() was always 0 due to a type
conversion.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-16 15:05:41 -04:00
juga0
8be1ac8abe
Add test to check that loading a 2nd file replaces the 1st
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2018-04-16 19:02:57 +00:00
juga0
071236e3e2
Add a test for geoip_load_file() using geoip6
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2018-04-16 19:01:30 +00:00
Nick Mathewson
c7d3de216c Merge branch 'maint-0.3.3' 2018-04-16 13:48:39 -04:00
Nick Mathewson
c5899d5cf3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-16 13:48:23 -04:00
Nick Mathewson
5e0fbd7006 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-04-16 13:48:23 -04:00
Nick Mathewson
9ef4c05df8 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-16 13:48:23 -04:00
Nick Mathewson
0e13ff4815 Fix an LCOV exclusion pattern in address.c 2018-04-16 13:48:21 -04:00
Nick Mathewson
3463b4e065 Merge branch 'maint-0.3.3' 2018-04-16 10:06:21 -04:00
Nick Mathewson
22845df2a7 Merge remote-tracking branch 'dgoulet/bug25226_033_02' into maint-0.3.3 2018-04-16 10:04:36 -04:00
David Goulet
d064122e70 relay: Implement a circuit cell queue maximum size
This commit introduces the consensus parameter "circ_max_cell_queue_size"
which controls the maximum number of cells a circuit queue should have.

The default value is currently 50000 cells which is above what should be
expected but keeps us a margin of error for padding cells.

Related to this is #9072. Back in 0.2.4.14-alpha, we've removed that limit due
to a Guard discovery attack. Ticket #25226 details why we are putting back the
limit due to the memory pressure issue on relays.

Fixes #25226

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-16 09:59:12 -04:00
Nick Mathewson
197d1992db Remove old tor-fw-helper README from EXTRA_DIST
We removed this file, but didn't take it out of EXTRA_DIST -- thus
breaking "make dist".
2018-04-16 09:52:15 -04:00
Nick Mathewson
3ee4c9b1fa bump to 0.3.3.5-rc-dev 2018-04-15 15:41:03 -04:00
Nick Mathewson
b65024f57d bump to 0.3.3.5-rc 2018-04-14 12:21:36 -04:00
Nick Mathewson
4b58b97c68 32-bit compilation warnings 2018-04-13 17:01:03 -04:00
David Goulet
c2f83746f4 token_bucket: Fix indentation
Both header and code file had some indentation issues after mass renaming.

No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-13 16:58:49 -04:00
Nick Mathewson
34c2574aa9 Merge branch 'token_bucket_once_again_squashed' 2018-04-13 16:31:58 -04:00
Nick Mathewson
1b31195b4f Fix "make check-spaces" 2018-04-13 16:31:47 -04:00
Nick Mathewson
003e6595bf Refactor "timestamp" not to be its own type coupled to token buffers
Really, the uint32_t is only an optimization; any kind of unit
should work fine.  Some users might want to use time_t or
monotime_coarse_t or something like that.
2018-04-13 16:31:47 -04:00
Nick Mathewson
2307bef7a2 Move token_bucket_raw_* functions to the start of the module.
(These functions were previously helper functions for
token_bucket_rw_t).
2018-04-13 16:31:47 -04:00
Nick Mathewson
9c405ba595 Never pick a rate of 0.
(The tests caught this one.)
2018-04-13 16:31:47 -04:00
Nick Mathewson
0b40ed5e70 Start re-refactoring the token bucket interface.
Begin by creating a lowest-level triple of the types needed to
implement a token bucket: a configuration, a timestamp, and the raw
bucket itself.

Note that for low-level buckets, the units of the timestamp and the
bucket itself are unspecified: each user can use a different type.

(This patch breaks check-spaces; a later patch will fix it)
2018-04-13 16:31:47 -04:00
Nick Mathewson
c9de30c590 Merge branch 'maint-0.3.3' 2018-04-13 13:05:53 -04:00
Nick Mathewson
61d87dfa15 Merge branch 'postloop_callbacks_2' 2018-04-13 12:12:46 -04:00
Nick Mathewson
4c03af4880 Remove tell_event_loop_to_run_external_code() per review
(This function is no longer used.)
2018-04-13 12:11:22 -04:00
Nick Mathewson
03b96882de Rename token_bucket_t to token_bucket_rw_t.
This is a simple search-and-replace to rename the token bucket type
to indicate that it contains both a read and a write bucket, bundled
with their configuration.  It's preliminary to refactoring the
bucket type.
2018-04-13 10:54:26 -04:00
Nick Mathewson
b152d62cee Merge branch 'token_bucket_refactor_squashed' 2018-04-13 10:47:24 -04:00
Nick Mathewson
62f4d5a265 Add a unit test for post-loop events
This test works by having two post-loop events activate one another
in a tight loop.  If the "post-loop" mechanism didn't work, this
would be enough to starve all other events.
2018-04-13 10:44:15 -04:00
Nick Mathewson
320bd2b3a5 Move connection_ap_attach_pending(0) into a postloop event
This is a second motivating case for our postloop event logic.
2018-04-13 10:44:15 -04:00
Nick Mathewson
5719dfb48f Move the "activate linked connections" logic to a postloop event.
A linked connection_t is one that gets its I/O, not from the
network, but from another connection_t.  When such a connection has
something to write, we want the corresponding connection to run its
read callback ... but not immediately, to avoid infinite recursion
and/or event loop starvation.

Previously we handled this case by activating the read events
outside the event loop.  Now we use the "postloop event" logic.
This lets us simplify do_main_loop_once() a little.
2018-04-13 10:44:15 -04:00
Nick Mathewson
c5a3e2ca44 Generic mechaism for "post-loop" callbacks
We've been labeling some events as happening "outside the event
loop", to avoid Libevent starvation.  This patch provides a cleaner
mechanism to avoid that starvation.

For background, the problem here is that Libevent only scans for new
events once it has run all its active callbacks.  So if the
callbacks keep activating new callbacks, they could potentially
starve Libevent indefinitely and keep it from ever checking for
timed, socket, or signal events.

To solve this, we add the ability to label some events as
"post-loop".  The rule for a "post-loop" event is that any events
_it_ activates can only be run after libevent has re-scanned for new
events at least once.
2018-04-13 10:44:15 -04:00
Nick Mathewson
ad57b1279a Disable load_geoip_file() tests on windows
See bug #25787 for discussion; we should have a better fix here.
2018-04-13 10:42:19 -04:00
Nick Mathewson
787bafc0f9 Increase tolerances for imprecise time. 2018-04-13 10:41:15 -04:00
Nick Mathewson
3f514fe3b1 Accept small hops backward in the monotonic timer. 2018-04-13 10:41:15 -04:00
Nick Mathewson
12f58f2f87 Remove a bunch of int casts; make clang happier. 2018-04-13 10:41:14 -04:00
Nick Mathewson
6be994fa71 Ensure that global buckets are updated on configuration change 2018-04-13 10:41:14 -04:00
Nick Mathewson
a38fd9bc5b Replace the global buckets with token_bucket_t 2018-04-13 10:41:14 -04:00
Nick Mathewson
9fced56ef1 Refactor or_connection token buckets to use token_bucket_t 2018-04-13 10:41:14 -04:00
Nick Mathewson
8a85239746 Add a helper function to decrement read and write at the same time 2018-04-13 10:41:14 -04:00
Nick Mathewson
c376200f6a Add a new token-bucket backend abstraction, with tests
This differs from our previous token bucket abstraction in a few
ways:

  1) It is an abstraction, and not a collection of fields.
  2) It is meant to be used with monotonic timestamps, which should
     produce better results than calling gettimeofday over and over.
2018-04-13 10:41:14 -04:00
Nick Mathewson
d8ef9a2d1e Expose a function that computes stamp units from msec.
(It turns out we can't just expose STAMP_TICKS_PER_SECOND, since
Apple doesn't have that.)
2018-04-13 10:41:08 -04:00
Nick Mathewson
2d6914e391 Refine extend_info_for_node's "enough info" check once again.
In d1874b4339, we adjusted this check so that we insist on
using routerinfos for bridges.  That's almost correct... but if we
have a bridge that is also a regular relay, then we should use
insist on its routerinfo when connecting to it as a bridge
(directly), and be willing to use its microdescriptor when
connecting to it elsewhere in our circuits.

This bug is a likely cause of some (all?) of the (exit_ei == NULL)
failures we've been seeing.

Fixes bug 25691; bugfix on 0.3.3.4-alpha
2018-04-12 16:56:29 -04:00
Nick Mathewson
d3b9b5a3dd Remove windows log_from_handle as unused.
This function was only used by PortForwardingHelper, which was
removed in 9df110cd72.  Its presence caused warnings on windows.
2018-04-12 12:38:46 -04:00
Nick Mathewson
f0887e30dd Merge branch 'maint-0.3.3' 2018-04-12 12:31:41 -04:00
Nick Mathewson
46795a7be6 Attempt to fix 32-bit clang builds, which broke with 31508a0abc
When size_t is 32 bits, the unit tests can't fit anything more than
4GB-1 into a size_t.

Additionally, tt_int_op() uses "long" -- we need tt_u64_op() to
safely test uint64_t values for equality.

Bug caused by tests for #24782 fix; not in any released Tor.
2018-04-12 12:30:36 -04:00
Nick Mathewson
467c882baa Merge branch 'maint-0.3.3' 2018-04-12 12:25:51 -04:00
Nick Mathewson
4aaa4215e7 Attempt to fix 32-bit builds, which broke with 31508a0abc
When size_t is 32 bits, doing "size_t ram; if (ram > 8GB) { ... }"
produces a compile-time warning.

Bug caused by #24782 fix; not in any released Tor.
2018-04-12 12:25:09 -04:00
Nick Mathewson
037fb0c804 Merge branch 'maint-0.3.3' 2018-04-12 11:14:42 -04:00
Alexander Færøy
31508a0abc Use less memory for MaxMemInQueues for machines with more than 8 GB of RAM.
This patch changes the algorithm of compute_real_max_mem_in_queues() to
use 0.4 * RAM iff the system has more than or equal to 8 GB of RAM, but
will continue to use the old value of 0.75 * RAM if the system have less
than * GB of RAM available.

This patch also adds tests for compute_real_max_mem_in_queues().

See: https://bugs.torproject.org/24782
2018-04-12 11:14:16 -04:00
Alexander Færøy
5633a63379 Use STATIC for compute_real_max_mem_in_queues
This patch makes compute_real_max_mem_in_queues use the STATIC macro,
which allows us to test the function.

See: https://bugs.torproject.org/24782
2018-04-12 10:51:48 -04:00
Alexander Færøy
bd42367a1e Make get_total_system_memory mockable.
This patch makes get_total_system_memory mockable, which allows us to
alter the return value of the function in tests.

See: https://bugs.torproject.org/24782
2018-04-12 10:51:45 -04:00
Nick Mathewson
a51630cc9a Merge branch 'maint-0.3.3' 2018-04-11 15:38:00 -04:00
Nick Mathewson
0803d79f55 Merge branch 'bug25581_033_v2_asn_squashed' into maint-0.3.3 2018-04-11 15:37:56 -04:00
Nick Mathewson
8b8630a501 Rename HSLayer{2,3}Nodes to start without an underscore.
The old single-underscore names remain as a deprecated synonym.

Fixes bug 25581; bugfix on 0.3.3.1-alpha.
2018-04-11 15:37:49 -04:00
Nick Mathewson
0c8f901ee7 Merge branch 'maint-0.3.3' 2018-04-11 10:48:46 -04:00
Mike Perry
f9ba0c6546 Bug 24989: Count client hsdir gets towards MaxClientCircuitsPending.
We removed this by breaking them out from general in #13837.
2018-04-11 10:47:06 -04:00
Nick Mathewson
6bdfaa8b24 Merge remote-tracking branch 'isis-github/bug25425_squashed2' 2018-04-10 15:32:26 -04:00
Nick Mathewson
6e467a7a34 Merge remote-tracking branch 'isis-github/bug25409' 2018-04-10 15:27:09 -04:00
Isis Lovecruft
65d6b66e99
config: Obsolete PortForwarding and PortForwardingHelper options.
* FIXES part of #25409: https://bugs.torproject.org/25409
2018-04-10 19:08:59 +00:00
Nick Mathewson
386f8016b7 Fix another crash-on-no-threadpool bug.
This one happens if for some reason you start with DirPort enabled
but server mode turned off entirely.

Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
2018-04-10 14:44:38 -04:00
Nick Mathewson
d3ac47b415 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-10 14:26:32 -04:00
Nick Mathewson
0b1a054d68 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-10 14:26:32 -04:00
Nick Mathewson
ef16a11b90 Merge branch 'maint-0.3.3' 2018-04-10 14:26:32 -04:00
Nick Mathewson
db6902c235 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-04-10 14:26:29 -04:00
Nick Mathewson
10a1969ca3 Merge remote-tracking branch 'ahf-github/bugs/24854_029_2' into maint-0.2.9 2018-04-10 14:25:57 -04:00
Nick Mathewson
16f08de0fd Remove TestingEnableTbEmptyEvent
This option was used for shadow testing previously, but is no longer
used for anything.  It interferes with refactoring our token buckets.
2018-04-10 12:16:21 -04:00
Isis Lovecruft
3ee7a8d3a5
tests: Make tt_finished() macro for tests without tt_*_op() calls. 2018-04-09 19:32:47 +00:00
Isis Lovecruft
c2c5b13e5d
test: Add testing module and some unittests for bridges.c.
This roughly doubles our test coverage of the bridges.c module.

 * ADD new testing module, .../src/test/test_bridges.c.
 * CHANGE a few function declarations from `static` to `STATIC`.
 * CHANGE one function in transports.c, transport_get_by_name(), to be
   mockable.
 * CLOSES #25425: https://bugs.torproject.org/25425
2018-04-09 19:32:46 +00:00
Nick Mathewson
e0809ec5f5 Prefer 32-bit implementation for timing wheels on 32-bit systems.
This might make our timing-wheel code a tiny bit faster there.

Closes ticket 24688.
2018-04-09 15:21:10 -04:00
David Goulet
395fa0258d compat: Fix unchecked return value from event_del()
Explicitly tell the compiler we don't care about it.

Coverity CID 1434156

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-09 14:12:45 -04:00
Nick Mathewson
e58555135a Add a comment explaining why we do a certain redundant check
Closes ticket 25291.
2018-04-09 12:58:17 -04:00
Alexander Færøy
1295044dc8 Lift the list of default directory servers into their own file.
This patch lifts the list of default directory authorities from config.c
into their own auth_dirs.inc file, which is then included in config.c
using the C preprocessor.

Patch by beastr0.

See: https://bugs.torproject.org/24854
2018-04-09 16:00:26 +02:00
Isis Lovecruft
809f6fae84
refactor: Remove unnecessary #include "crypto.h" throughout codebase.
* FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06 22:49:18 +00:00
Isis Lovecruft
e32fc0806d
refactor: Alphabetise some includes in /src/or/*. 2018-04-06 22:49:17 +00:00
Isis Lovecruft
88190026b3
crypto: Alphabetise some #includes in /src/common/crypto*.
* FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06 22:49:15 +00:00
Isis Lovecruft
64e6551b8b
crypto: Remove unnecessary includes from src/common/crypto.[ch]
* FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06 22:49:13 +00:00
Isis Lovecruft
fe3aca1491
crypto: Refactor (P)RNG functionality into new crypto_rand module.
* ADD new /src/common/crypto_rand.[ch] module.
 * ADD new /src/common/crypto_util.[ch] module (contains the memwipe()
   function, since all crypto_* modules need this).
 * FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06 21:45:28 +00:00
Nick Mathewson
2fac948158 Include tor_log rust files in source distribution.
Fixes another case of #25732; bug not in any released Tor.
2018-04-06 16:19:14 -04:00
Nick Mathewson
fb2fe41f6f Merge branch 'maint-0.3.3' 2018-04-06 16:18:47 -04:00
Nick Mathewson
306563ac68 Ship all files needed to build Tor with rust
Fixes bug 25732; bugfix on 0.3.3.2-alpha when strings.rs was
introduced.
2018-04-06 16:18:11 -04:00
Nick Mathewson
98b694bfd5 Merge branch 'isolate_libevent_2_squashed' 2018-04-06 08:50:35 -04:00
Roger Dingledine
0b0e4886cf fix confusing comment
presumably introduced by copy-and-paste mistake
2018-04-05 15:59:37 -04:00
Nick Mathewson
245fdf8ca0 Remove needless event2/thread.h include from test_compat_libevent.c 2018-04-05 12:36:28 -04:00
Nick Mathewson
4225300648 Remove redundant event2/event.h usage from test_scheduler.c
This module doesn't actually need to mock the libevent mainloop at
all: it can just use the regular mainloop that the test environment
sets up.

Part of ticket 23750.
2018-04-05 12:36:28 -04:00
Nick Mathewson
6a5f62f68f Move responsibility for threadpool reply-handler events to workqueue
This change makes cpuworker and test_workqueue no longer need to
include event2/event.h.  Now workqueue.c needs to include it, but
that is at least somewhat logical here.
2018-04-05 12:36:28 -04:00
Nick Mathewson
b3586629c9 Wrap the function we use to run the event loop.
Doing this lets us remove the event2/event.h header from a few more
modules, particularly in the tests.

Part of work on 23750.
2018-04-05 12:36:27 -04:00
Nick Mathewson
39cb04335f Add wrappers for event_base_loopexit and event_base_loopbreak. 2018-04-05 12:36:05 -04:00
Nick Mathewson
f0d2733b46 Revise procmon.c to use periodic_timer_t
This removes its need to use event2/event.h, and thereby fixes
another instance of 23750.
2018-04-05 12:35:11 -04:00
Nick Mathewson
871ff0006d Add an API for a scheduled/manually activated event in the mainloop
Using this API lets us remove event2/event.h usage from half a dozen
modules, to better isolate libevent.  Implements part of ticket
23750.
2018-04-05 12:35:11 -04:00
Nick Mathewson
c6d7e0becf Merge remote-tracking branch 'public/split_relay_crypto' 2018-04-05 12:12:18 -04:00
Fernando Fernandez Mancera
9504fabb02 Enable DISABLE_DISABLING_ED25519.
We are going to stop recommending 0.2.5 so there is no reason to keep the
undef statement anymore.

Fixes #20522.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-04-05 16:19:40 +02:00
Neel Chauhan
f5f9c25546 Switch to use should_record_bridge_info()
Both in geoip_note_client_seen() and options_need_geoip_info(), switch from
accessing the options directly to using the should_record_bridge_info() helper
function.

Fixes #25290

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-05 08:37:39 -04:00
Nick Mathewson
ad8347418f Merge branch 'maint-0.3.3' 2018-04-05 08:22:35 -04:00
Nick Mathewson
78bf564168 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-04-05 08:22:34 -04:00
Nick Mathewson
9b10eb2d7a Merge branch 'maint-0.3.1' into maint-0.3.2 2018-04-05 08:22:34 -04:00
Nick Mathewson
834eef2452 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-04-05 08:22:34 -04:00
Nick Mathewson
b68e636b33 Merge branch 'maint-0.2.5' into maint-0.2.9 2018-04-05 08:22:33 -04:00
Karsten Loesing
1fa396b0a4 Update geoip and geoip6 to the April 3 2018 database. 2018-04-05 10:42:25 +02:00
David Goulet
3d5bf12ac2 relay: Remove max middle cells dead code
Next commit is addressing the circuit queue cell limit so cleanup before doing
anything else.

Part of #25226

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-04 11:03:50 -04:00
Nick Mathewson
52846f728d Merge branch 'maint-0.3.3' 2018-04-04 08:57:24 -04:00
Nick Mathewson
ec8ee54129 Merge branch 'bug21394_029_redux' into maint-0.3.3 2018-04-04 08:55:37 -04:00
Dhalgren
06484eb5e1 Bug 21394 touchup: Increase DNS attempts to 3
Also don't give up on a resolver as quickly if multiple are configured.
2018-04-04 08:54:25 -04:00
Neel Chauhan
9df110cd72
Remove PortForwarding options
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2018-04-04 00:19:33 +00:00
Nick Mathewson
218b1746ba Merge remote-tracking branch 'fristonio/ticket-25645' 2018-04-03 19:19:02 -04:00
Deepesh Pathak
2680a8b5b1
ticket(25645): remove unused variable n_possible from channel_get_for_extend() 2018-04-03 09:17:23 +05:30
Isis Lovecruft
c65088cb19
rust: Fix ProtoSet and ProtoEntry to use the same DoS limits as C.
Previously, the limit for MAX_PROTOCOLS_TO_EXPAND was actually being applied
in Rust to the maximum number of version (total, for all subprotocols).
Whereas in C, it was being applied to the number of subprotocols that were
allowed.  This changes the Rust to match C's behaviour.
2018-04-02 19:59:16 +00:00
Isis Lovecruft
4b4e36a413
rust: Port all C protover_all_supported tests to Rust.
The behaviours still do not match, unsurprisingly, but now we know where a
primary difference is: the Rust is validating version ranges more than the C,
so in the C it's possible to call protover_all_supported on a ridiculous
version range like "Sleen=0-4294967294" because the C uses
MAX_PROTOCOLS_TO_EXPAND to count the number of *subprotocols* whereas the Rust
uses it to count the total number of *versions* of all subprotocols.
2018-04-02 19:59:15 +00:00
Isis Lovecruft
6739a69c59
tests: Run all existing protover tests in both languages.
There's now no difference in these tests w.r.t. the C or Rust: both
fail miserably (well, Rust fails with nice descriptive errors, and C
gives you a traceback, because, well, C).
2018-04-02 19:59:14 +00:00
Isis Lovecruft
f769edd148
tests: Make inline comments in test_protover.c more accurate.
The DoS potential is slightly higher in C now due to some differences to the
Rust code, see the C_RUST_DIFFERS tags in src/rust/protover/tests/protover.rs.

Also, the comment about "failing at the splitting stage" in Rust wasn't true,
since when we split, we ignore empty chunks (e.g. "1--1" parses into
"(1,None),(None,1)" and "None" can't be parsed into an integer).

Finally, the comment about "Rust seems to experience an internal error" is only
true in debug mode, where u32s are bounds-checked at runtime.  In release mode,
code expressing the equivalent of this test will error with
`Err(ProtoverError::Unparseable)` because 4294967295 is too large.
2018-04-02 19:59:13 +00:00
Isis Lovecruft
ad369313f8
protover: Change protover_all_supported() to return only unsupported.
Previously, if "Link=1-5" was supported, and you asked protover_all_supported()
(or protover::all_supported() in Rust) if it supported "Link=3-999", the C
version would return "Link=3-999" and the Rust would return "Link=6-999".  These
both behave the same now, i.e. both return "Link=6-999".
2018-04-02 19:59:12 +00:00
Isis Lovecruft
cd28b4c7f5
rust: Refactor protover::compute_for_old_tor().
During code review and discussion with Chelsea Komlo, she pointed out
that protover::compute_for_old_tor() was a public function whose
return type was `&'static CStr`.  We both agree that C-like parts of
APIs should:

1. not be exposed publicly (to other Rust crates),
2. only be called in the appropriate FFI code,
3. not expose types which are meant for FFI code (e.g. `*mut char`,
   `CString`, `*const c_int`, etc.) to the pure-Rust code of other
   crates.
4. FFI code (e.g. things in `ffi.rs` modules) should _never_ be called
   from pure-Rust, not even from other modules in its own crate
   (i.e. do not call `protover::ffi::*` from anywhere in
   `protover::protoset::*`, etc).

With that in mind, this commit makes the following changes:

 * CHANGE `protover::compute_for_old_tor()` to be
   visible only at the `pub(crate)` level.
 * RENAME `protover::compute_for_old_tor()` to
   `protover::compute_for_old_tor_cstr()` to reflect the last change.
 * ADD a new `protover::compute_for_old_tor()` function wrapper which
   is public and intended for other Rust code to use, which returns a
   `&str`.
2018-04-02 19:59:12 +00:00
Isis Lovecruft
fd127bfbfa
rust: Refactor Rust implementation of protover_is_supported_here().
It was changed to take borrows instead of taking ownership.

 * REFACTOR `protover::ffi::protover_is_supported_here()` to use changed method
   signature on `protover::is_supported_here()`.
2018-04-02 19:36:26 +00:00
Isis Lovecruft
32638ed4a6
rust: Refactor Rust impl of protover_compute_vote().
This includes a subtle difference in behaviour to the previous Rust
implementation, where, for each vote that we're computing over, if a single one
fails to parse, we skip it.  This now matches the current behaviour in the C
implementation.

 * REFACTOR `protover::ffi::protover_compute_vote()` to use
   new types and methods.
2018-04-02 19:36:25 +00:00
Isis Lovecruft
269053a380
rust: Refactor Rust impl of protover_list_supports_protocol_or_later().
This includes a subtle difference in behaviour, as in 4258f1e18, where we return
(matching the C impl's return behaviour) earlier than before if parsing failed,
saving us computation in parsing the versions into a
protover::protoset::ProtoSet.

 * REFACTOR `protover::ffi::protover_list_supports_protocol_or_later()` to use
   new types and methods.
2018-04-02 19:36:25 +00:00
Isis Lovecruft
63eeda89ea
rust: Refactor Rust impl of protover_list_supports_protocol().
This includes a subtle difference in behaviour, as in 4258f1e18, where we return
(matching the C impl's return behaviour) earlier than before if parsing failed,
saving us computation in parsing the versions into a
protover::protoset::ProtoSet.

 * REFACTOR `protover::ffi::protover_list_supports_protocol()` to use new types
   and methods.
2018-04-02 19:34:26 +00:00
Isis Lovecruft
c7bcca0233
rust: Refactor Rust impl of protover_all_supported().
This includes differences in behaviour to before, which should now more closely
match the C version:

 - If parsing a protover `char*` from C, and the string is not parseable, this
   function will return 1 early, which matches the C behaviour when protocols
   are unparseable.  Previously, we would parse it and its version numbers
   simultaneously, i.e. there was no fail early option, causing us to spend more
   time unnecessarily parsing versions.

 * REFACTOR `protover::ffi::protover_all_supported()` to use new types and
   methods.
2018-04-02 19:34:26 +00:00
Isis Lovecruft
493e565226
rust: Refactor protover tests with new methods; note altered behaviours.
Previously, the rust implementation of protover considered an empty string to be
a valid ProtoEntry, while the C version did not (it must have a "=" character).
Other differences include that unknown protocols must now be parsed as
`protover::UnknownProtocol`s, and hence their entries as
`protover::UnvalidatedProtoEntry`s, whereas before (nearly) all protoentries
could be parsed regardless of how erroneous they might be considered by the C
version.

My apologies for this somewhat messy and difficult to read commit, if any part
is frustrating to the reviewer, please feel free to ask me to split this into
smaller changes (possibly hard to do, since so much changed), or ask me to
comment on a specific line/change and clarify how/when the behaviours differ.

The tests here should more closely match the behaviours exhibited by the C
implementation, but I do not yet personally guarantee they match precisely.

 * REFACTOR unittests in protover::protover.
 * ADD new integration tests for previously untested behaviour.
 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 19:34:25 +00:00
Isis Lovecruft
35b86a12e6
rust: Refactor protover::is_supported_here().
This changes `protover::is_supported_here()` to be aware of new datatypes
(e.g. don't call `.0` on things which are no longer tuple structs) and also
changes the method signature to take borrows, making it faster, threadable, and
easier to read (i.e. the caller can know from reading the function signature
that the function won't mutate values passed into it).

 * CHANGE the `protover::is_supported_here()` function to take borrows.
 * REFACTOR the `protover::is_supported_here()` function to be aware of new
   datatypes.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:34:25 +00:00
Isis Lovecruft
2eb1b7f2fd
rust: Add new ProtoverVote type and refactor functions to methods.
This adds a new type for votes upon `protover::ProtoEntry`s (technically, on
`protover::UnvalidatedProtoEntry`s, because the C code does not validate based
upon currently known protocols when voting, in order to maintain
future-compatibility), and converts several functions which would have operated
on this datatype into methods for ease-of-use and readability.

This also fixes a behavioural differentce to the C version of
protover_compute_vote().  The C version of protover_compute_vote() calls
expand_protocol_list() which checks if there would be too many subprotocols *or*
expanded individual version numbers, i.e. more than MAX_PROTOCOLS_TO_EXPAND, and
does this *per vote* (but only in compute_vote(), everywhere else in the C seems
to only care about the number of subprotocols, not the number of individual
versions).  We need to match its behaviour in Rust and ensure we're not allowing
more than it would to get the votes to match.

 * ADD new `protover::ProtoverVote` datatype.
 * REMOVE the `protover::compute_vote()` function and refactor it into an
   equivalent-in-behaviour albeit more memory-efficient voting algorithm based
   on the new underlying `protover::protoset::ProtoSet` datatype, as
   `ProtoverVote::compute()`.
 * REMOVE the `protover::write_vote_to_string()` function, since this
   functionality is now generated by the impl_to_string_for_proto_entry!() macro
   for both `ProtoEntry` and `UnvalidatedProtoEntry` (the latter of which is the
   correct type to return from a voting protocol instance, since the entity
   voting may not know of all protocols being voted upon or known about by other
   voting parties).
 * FIXES part of #24031: https://bugs.torproject.org/24031

rust: Fix a difference in compute_vote() behaviour to C version.
2018-04-02 19:34:24 +00:00
Isis Lovecruft
fa15ea104d
rust: Add macro for impl ToString for {Unvalidated}ProtoEntry.
This implements conversions from either a ProtoEntry or an UnvalidatedProtoEntry
into a String, for use in replacing such functions as
`protover::write_vote_to_string()`.

 * ADD macro for implementing ToString trait for ProtoEntry and
   UnvalidatedProtoEntry.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:34:24 +00:00
Isis Lovecruft
3c47d31e1f
rust: Add new protover::UnvalidatedProtoEntry type.
This adds a new protover::UnvalidatedProtoEntry type, which is the
UnknownProtocol variant of a ProtoEntry, and refactors several functions which
should operate on this type into methods.

This also fixes what was previously another difference to the C implementation:
if you asked the C version of protovet_compute_vote() to compute a single vote
containing "Fribble=", it would return NULL.  However, the Rust version would
return "Fribble=" since it didn't check if the versions were empty before
constructing the string of differences.  ("Fribble=" is technically a valid
protover string.)  This is now fixed, and the Rust version in that case will,
analogous to (although safer than) C returning a NULL, return None.

 * REMOVE internal `contains_only_supported_protocols()` function.
 * REMOVE `all_supported()` function and refactor it into
   `UnvalidatedProtoEntry::all_supported()`.
 * REMOVE `parse_protocols_from_string_with_no_validation()` and
   refactor it into the more rusty implementation of
   `impl FromStr for UnvalidatedProtoEntry`.
 * REMOVE `protover_string_supports_protocol()` and refactor it into
   `UnvalidatedProtoEntry::supports_protocol()`.
 * REMOVE `protover_string_supports_protocol_or_later()` and refactor
   it into `UnvalidatedProtoEntry::supports_protocol_or_later()`.
 * FIXES part of #24031: https://bugs.torproject.org/24031

rust: Fix another C/Rust different in compute_vote().

This fixes the unittest from the prior commit by checking if the versions are
empty before adding a protocol to a vote.
2018-04-02 19:34:23 +00:00
Isis Lovecruft
54c964332b
rust: Add new protover::ProtoEntry type which uses new datatypes.
This replaces the `protover::SupportedProtocols` (why would you have a type just
for things which are supported?) with a new, more generic type,
`protover::ProtoEntry`, which utilises the new, more memory-efficient datatype
in protover::protoset.

 * REMOVE `get_supported_protocols()` and `SupportedProtocols::tor_supported()`
   (since they were never used separately) and collapse their functionality into
   a single `ProtoEntry::supported()` method.
 * REMOVE `SupportedProtocols::from_proto_entries()` and reimplement its
   functionality as the more rusty `impl FromStr for ProtoEntry`.
 * REMOVE `get_proto_and_vers()` function and refactor it into the more rusty
   `impl FromStr for ProtoEntry`.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:32:36 +00:00
Isis Lovecruft
60daaa68b1
rust: Add new protover::UnknownProtocol type.
* ADD new type, protover::UnknownProtocol, so that we have greater type safety
   and our protover functionality which works with unsanitised protocol names is
   more clearly demarcated.
 * REFACTOR protover::Proto, renaming it protover::Protocol to mirror the new
   protover::UnknownProtocol type name.
 * ADD a utility conversion of `impl From<Protocol> for UnknownProtocol` so that
   we can easily with known protocols and unknown protocols simultaneously
   (e.g. doing comparisons, checking their version numbers), while not allowing
   UnknownProtocols to be accidentally used in functions which should only take
   Protocols.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:27:51 +00:00
Isis Lovecruft
e6625113c9
rust: Implement more memory-efficient protover datatype.
* ADD new protover::protoset module.
 * ADD new protover::protoset::ProtoSet class for holding protover versions.
 * REMOVE protover::Versions type implementation and its method
   `from_version_string()`, and instead implement this behaviour in a more
   rust-like manner as `impl FromStr for ProtoSet`.
 * MOVE the `find_range()` utility function from protover::protover to
   protover::protoset since it's only used internally in the
   implementation of ProtoSet.
 * REMOVE the `contract_protocol_list()` function from protover::protover and
   instead refactor it (reusing nearly the entire thing, with minor superficial,
   i.e. non-behavioural, changes) into a more rusty
   `impl ToString for ProtoSet`.
 * REMOVE the `expand_version_range()` function from protover::protover and
   instead refactor it into a more rusty implementation of
   `impl Into<Vec<Version>> for ProtoSet` using the new error types in
   protover::errors.
 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 19:26:26 +00:00
Isis Lovecruft
88204f91df
rust: Implement error types for Rust protover implementation.
This will allow us to do actual error handling intra-crate in a more
rusty manner, e.g. propogating errors in match statements, conversion
between error types, logging messages, etc.

 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 19:24:32 +00:00
Isis Lovecruft
f2daf82794
rust: Fix ProtoSet and ProtoEntry to use the same DoS limits as C.
Previously, the limit for MAX_PROTOCOLS_TO_EXPAND was actually being applied
in Rust to the maximum number of version (total, for all subprotocols).
Whereas in C, it was being applied to the number of subprotocols that were
allowed.  This changes the Rust to match C's behaviour.
2018-04-02 19:20:40 +00:00
Isis Lovecruft
6eea0dc5f1
rust: Port all C protover_all_supported tests to Rust.
The behaviours still do not match, unsurprisingly, but now we know where a
primary difference is: the Rust is validating version ranges more than the C,
so in the C it's possible to call protover_all_supported on a ridiculous
version range like "Sleen=0-4294967294" because the C uses
MAX_PROTOCOLS_TO_EXPAND to count the number of *subprotocols* whereas the Rust
uses it to count the total number of *versions* of all subprotocols.
2018-04-02 19:20:39 +00:00
Isis Lovecruft
527a239863
tests: Run all existing protover tests in both languages.
There's now no difference in these tests w.r.t. the C or Rust: both
fail miserably (well, Rust fails with nice descriptive errors, and C
gives you a traceback, because, well, C).
2018-04-02 19:20:38 +00:00
Isis Lovecruft
22c65a0e4b
tests: Make inline comments in test_protover.c more accurate.
The DoS potential is slightly higher in C now due to some differences to the
Rust code, see the C_RUST_DIFFERS tags in src/rust/protover/tests/protover.rs.

Also, the comment about "failing at the splitting stage" in Rust wasn't true,
since when we split, we ignore empty chunks (e.g. "1--1" parses into
"(1,None),(None,1)" and "None" can't be parsed into an integer).

Finally, the comment about "Rust seems to experience an internal error" is only
true in debug mode, where u32s are bounds-checked at runtime.  In release mode,
code expressing the equivalent of this test will error with
`Err(ProtoverError::Unparseable)` because 4294967295 is too large.
2018-04-02 19:20:37 +00:00
Isis Lovecruft
6e353664dd
protover: Change protover_all_supported() to return only unsupported.
Previously, if "Link=1-5" was supported, and you asked protover_all_supported()
(or protover::all_supported() in Rust) if it supported "Link=3-999", the C
version would return "Link=3-999" and the Rust would return "Link=6-999".  These
both behave the same now, i.e. both return "Link=6-999".
2018-04-02 19:20:36 +00:00
Isis Lovecruft
fc2a42cc49
rust: Refactor protover::compute_for_old_tor().
During code review and discussion with Chelsea Komlo, she pointed out
that protover::compute_for_old_tor() was a public function whose
return type was `&'static CStr`.  We both agree that C-like parts of
APIs should:

1. not be exposed publicly (to other Rust crates),
2. only be called in the appropriate FFI code,
3. not expose types which are meant for FFI code (e.g. `*mut char`,
   `CString`, `*const c_int`, etc.) to the pure-Rust code of other
   crates.
4. FFI code (e.g. things in `ffi.rs` modules) should _never_ be called
   from pure-Rust, not even from other modules in its own crate
   (i.e. do not call `protover::ffi::*` from anywhere in
   `protover::protoset::*`, etc).

With that in mind, this commit makes the following changes:

 * CHANGE `protover::compute_for_old_tor()` to be
   visible only at the `pub(crate)` level.
 * RENAME `protover::compute_for_old_tor()` to
   `protover::compute_for_old_tor_cstr()` to reflect the last change.
 * ADD a new `protover::compute_for_old_tor()` function wrapper which
   is public and intended for other Rust code to use, which returns a
   `&str`.
2018-04-02 19:20:36 +00:00
Isis Lovecruft
9766d53cf9
rust: Refactor Rust implementation of protover_is_supported_here().
It was changed to take borrows instead of taking ownership.

 * REFACTOR `protover::ffi::protover_is_supported_here()` to use changed method
   signature on `protover::is_supported_here()`.
2018-04-02 19:20:35 +00:00
Isis Lovecruft
6f252e0986
rust: Refactor Rust impl of protover_compute_vote().
This includes a subtle difference in behaviour to the previous Rust
implementation, where, for each vote that we're computing over, if a single one
fails to parse, we skip it.  This now matches the current behaviour in the C
implementation.

 * REFACTOR `protover::ffi::protover_compute_vote()` to use
   new types and methods.
2018-04-02 19:20:34 +00:00
Isis Lovecruft
0a5494b81d
rust: Refactor Rust impl of protover_list_supports_protocol_or_later().
This includes a subtle difference in behaviour, as in 4258f1e18, where we return
(matching the C impl's return behaviour) earlier than before if parsing failed,
saving us computation in parsing the versions into a
protover::protoset::ProtoSet.

 * REFACTOR `protover::ffi::protover_list_supports_protocol_or_later()` to use
   new types and methods.
2018-04-02 19:20:33 +00:00
Isis Lovecruft
52c3ea5045
rust: Refactor Rust impl of protover_list_supports_protocol().
This includes a subtle difference in behaviour, as in 4258f1e18, where we return
(matching the C impl's return behaviour) earlier than before if parsing failed,
saving us computation in parsing the versions into a
protover::protoset::ProtoSet.

 * REFACTOR `protover::ffi::protover_list_supports_protocol()` to use new types
   and methods.
2018-04-02 19:20:32 +00:00
Isis Lovecruft
2f3a7376c0
rust: Refactor Rust impl of protover_all_supported().
This includes differences in behaviour to before, which should now more closely
match the C version:

 - If parsing a protover `char*` from C, and the string is not parseable, this
   function will return 1 early, which matches the C behaviour when protocols
   are unparseable.  Previously, we would parse it and its version numbers
   simultaneously, i.e. there was no fail early option, causing us to spend more
   time unnecessarily parsing versions.

 * REFACTOR `protover::ffi::protover_all_supported()` to use new types and
   methods.
2018-04-02 19:20:31 +00:00
Isis Lovecruft
15e59a1fed
rust: Refactor protover tests with new methods; note altered behaviours.
Previously, the rust implementation of protover considered an empty string to be
a valid ProtoEntry, while the C version did not (it must have a "=" character).
Other differences include that unknown protocols must now be parsed as
`protover::UnknownProtocol`s, and hence their entries as
`protover::UnvalidatedProtoEntry`s, whereas before (nearly) all protoentries
could be parsed regardless of how erroneous they might be considered by the C
version.

My apologies for this somewhat messy and difficult to read commit, if any part
is frustrating to the reviewer, please feel free to ask me to split this into
smaller changes (possibly hard to do, since so much changed), or ask me to
comment on a specific line/change and clarify how/when the behaviours differ.

The tests here should more closely match the behaviours exhibited by the C
implementation, but I do not yet personally guarantee they match precisely.

 * REFACTOR unittests in protover::protover.
 * ADD new integration tests for previously untested behaviour.
 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 19:20:31 +00:00
Isis Lovecruft
aa241e99de
rust: Refactor protover::is_supported_here().
This changes `protover::is_supported_here()` to be aware of new datatypes
(e.g. don't call `.0` on things which are no longer tuple structs) and also
changes the method signature to take borrows, making it faster, threadable, and
easier to read (i.e. the caller can know from reading the function signature
that the function won't mutate values passed into it).

 * CHANGE the `protover::is_supported_here()` function to take borrows.
 * REFACTOR the `protover::is_supported_here()` function to be aware of new
   datatypes.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:20:30 +00:00
Isis Lovecruft
9abbd23df7
rust: Add new ProtoverVote type and refactor functions to methods.
This adds a new type for votes upon `protover::ProtoEntry`s (technically, on
`protover::UnvalidatedProtoEntry`s, because the C code does not validate based
upon currently known protocols when voting, in order to maintain
future-compatibility), and converts several functions which would have operated
on this datatype into methods for ease-of-use and readability.

This also fixes a behavioural differentce to the C version of
protover_compute_vote().  The C version of protover_compute_vote() calls
expand_protocol_list() which checks if there would be too many subprotocols *or*
expanded individual version numbers, i.e. more than MAX_PROTOCOLS_TO_EXPAND, and
does this *per vote* (but only in compute_vote(), everywhere else in the C seems
to only care about the number of subprotocols, not the number of individual
versions).  We need to match its behaviour in Rust and ensure we're not allowing
more than it would to get the votes to match.

 * ADD new `protover::ProtoverVote` datatype.
 * REMOVE the `protover::compute_vote()` function and refactor it into an
   equivalent-in-behaviour albeit more memory-efficient voting algorithm based
   on the new underlying `protover::protoset::ProtoSet` datatype, as
   `ProtoverVote::compute()`.
 * REMOVE the `protover::write_vote_to_string()` function, since this
   functionality is now generated by the impl_to_string_for_proto_entry!() macro
   for both `ProtoEntry` and `UnvalidatedProtoEntry` (the latter of which is the
   correct type to return from a voting protocol instance, since the entity
   voting may not know of all protocols being voted upon or known about by other
   voting parties).
 * FIXES part of #24031: https://bugs.torproject.org/24031

rust: Fix a difference in compute_vote() behaviour to C version.
2018-04-02 19:20:29 +00:00
Isis Lovecruft
26bafb3c33
rust: Add macro for impl ToString for {Unvalidated}ProtoEntry.
This implements conversions from either a ProtoEntry or an UnvalidatedProtoEntry
into a String, for use in replacing such functions as
`protover::write_vote_to_string()`.

 * ADD macro for implementing ToString trait for ProtoEntry and
   UnvalidatedProtoEntry.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:20:28 +00:00
Isis Lovecruft
b786b146ed
rust: Add new protover::UnvalidatedProtoEntry type.
This adds a new protover::UnvalidatedProtoEntry type, which is the
UnknownProtocol variant of a ProtoEntry, and refactors several functions which
should operate on this type into methods.

This also fixes what was previously another difference to the C implementation:
if you asked the C version of protovet_compute_vote() to compute a single vote
containing "Fribble=", it would return NULL.  However, the Rust version would
return "Fribble=" since it didn't check if the versions were empty before
constructing the string of differences.  ("Fribble=" is technically a valid
protover string.)  This is now fixed, and the Rust version in that case will,
analogous to (although safer than) C returning a NULL, return None.

 * REMOVE internal `contains_only_supported_protocols()` function.
 * REMOVE `all_supported()` function and refactor it into
   `UnvalidatedProtoEntry::all_supported()`.
 * REMOVE `parse_protocols_from_string_with_no_validation()` and
   refactor it into the more rusty implementation of
   `impl FromStr for UnvalidatedProtoEntry`.
 * REMOVE `protover_string_supports_protocol()` and refactor it into
   `UnvalidatedProtoEntry::supports_protocol()`.
 * REMOVE `protover_string_supports_protocol_or_later()` and refactor
   it into `UnvalidatedProtoEntry::supports_protocol_or_later()`.
 * FIXES part of #24031: https://bugs.torproject.org/24031

rust: Fix another C/Rust different in compute_vote().

This fixes the unittest from the prior commit by checking if the versions are
empty before adding a protocol to a vote.
2018-04-02 19:20:27 +00:00
Isis Lovecruft
88b2f170e4
rust: Add new protover::ProtoEntry type which uses new datatypes.
This replaces the `protover::SupportedProtocols` (why would you have a type just
for things which are supported?) with a new, more generic type,
`protover::ProtoEntry`, which utilises the new, more memory-efficient datatype
in protover::protoset.

 * REMOVE `get_supported_protocols()` and `SupportedProtocols::tor_supported()`
   (since they were never used separately) and collapse their functionality into
   a single `ProtoEntry::supported()` method.
 * REMOVE `SupportedProtocols::from_proto_entries()` and reimplement its
   functionality as the more rusty `impl FromStr for ProtoEntry`.
 * REMOVE `get_proto_and_vers()` function and refactor it into the more rusty
   `impl FromStr for ProtoEntry`.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:20:26 +00:00
Isis Lovecruft
811178434e
rust: Add new protover::UnknownProtocol type.
* ADD new type, protover::UnknownProtocol, so that we have greater type safety
   and our protover functionality which works with unsanitised protocol names is
   more clearly demarcated.
 * REFACTOR protover::Proto, renaming it protover::Protocol to mirror the new
   protover::UnknownProtocol type name.
 * ADD a utility conversion of `impl From<Protocol> for UnknownProtocol` so that
   we can easily with known protocols and unknown protocols simultaneously
   (e.g. doing comparisons, checking their version numbers), while not allowing
   UnknownProtocols to be accidentally used in functions which should only take
   Protocols.
 * FIXES part of #24031: https://bugs.torproject.org/24031
2018-04-02 19:20:12 +00:00
Isis Lovecruft
9925d2e687
rust: Implement more memory-efficient protover datatype.
* ADD new protover::protoset module.
 * ADD new protover::protoset::ProtoSet class for holding protover versions.
 * REMOVE protover::Versions type implementation and its method
   `from_version_string()`, and instead implement this behaviour in a more
   rust-like manner as `impl FromStr for ProtoSet`.
 * MOVE the `find_range()` utility function from protover::protover to
   protover::protoset since it's only used internally in the
   implementation of ProtoSet.
 * REMOVE the `contract_protocol_list()` function from protover::protover and
   instead refactor it (reusing nearly the entire thing, with minor superficial,
   i.e. non-behavioural, changes) into a more rusty
   `impl ToString for ProtoSet`.
 * REMOVE the `expand_version_range()` function from protover::protover and
   instead refactor it into a more rusty implementation of
   `impl Into<Vec<Version>> for ProtoSet` using the new error types in
   protover::errors.
 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 19:04:19 +00:00
Isis Lovecruft
b6059297d7
rust: Implement error types for Rust protover implementation.
This will allow us to do actual error handling intra-crate in a more
rusty manner, e.g. propogating errors in match statements, conversion
between error types, logging messages, etc.

 * FIXES part of #24031: https://bugs.torproject.org/24031.
2018-04-02 18:27:39 +00:00
Nick Mathewson
f9e32a2084 Remove an unnecessary event2 include.
The rest, are, unfortunately, necessary for now.
2018-04-02 11:11:34 -04:00
Nick Mathewson
f4bcf3f34c Remove event2/event.h include from compat_libevent.h
Only one module was depending on this include (test_helpers.c), and
it was doing so incorrectly.
2018-04-02 11:11:31 -04:00
Nick Mathewson
3df9545492 Merge branch 'maint-0.3.3' 2018-04-02 08:51:47 -04:00
Roger Dingledine
6190593256 use channel_is_client for create cell counts
When a relay is collecting internal statistics about how many
create cell requests it has seen of each type, accurately count the
requests from relays that temporarily fall out of the consensus.

(To be extra conservative, we were already ignoring requests from clients
in our counts, and we continue ignoring them here.)

Fixes bug 24910; bugfix on 0.2.4.17-rc.
2018-04-02 01:00:31 -04:00
Roger Dingledine
961d2ad597 dir auths no longer vote Guard if they're not voting V2Dir
Directory authorities no longer vote in favor of the Guard flag
for relays that don't advertise directory support.

Starting in Tor 0.3.0.1-alpha, Tor clients have been avoiding using
such relays in the Guard position, leading to increasingly broken load
balancing for the 5%-or-so of Guards that don't advertise directory
support.

Fixes bug 22310; bugfix on 0.3.0.6.
2018-04-02 00:20:01 -04:00
Roger Dingledine
0983c203e5 misc tiny fixes 2018-04-01 23:47:44 -04:00
Taylor Yu
596eed3715 Fix CID 1433643
Add a missing lock acquisition around access to queued_control_events
in control_free_all().  Use the reassign-and-unlock strategy as in
queued_events_flush_all().  Fixes bug 25675.  Coverity found this bug,
but only after we recently added an access to
flush_queued_event_pending.
2018-03-29 17:21:33 -05:00
Nick Mathewson
2c1afc2def Merge branch 'maint-0.3.3' 2018-03-29 14:59:01 -04:00
Nick Mathewson
4f473fadbd Merge branch 'bug25617_029' into maint-0.3.3 2018-03-29 14:58:58 -04:00
Nick Mathewson
2e9e91ebbf bump version to 0.3.3.4-alpha-dev 2018-03-29 11:24:02 -04:00
Nick Mathewson
e35eb9baaa Mark controller-initiated DNS lookups as permitted to do DNS.
Fixes bug 25617; bugfix on 0.2.9.3-alpha.
2018-03-29 09:27:28 -04:00
Nick Mathewson
3fa66f9799 Bump version to 0.3.3.4-alpha 2018-03-29 08:01:37 -04:00
Nick Mathewson
2f872f9762 Merge remote-tracking branch 'hello71/bug25398' 2018-03-28 14:47:05 -04:00
Nick Mathewson
4c0e434f33 Merge remote-tracking branch 'public/bug25512' 2018-03-28 14:45:47 -04:00
Nick Mathewson
cb083b5d3e Merge remote-tracking branch 'asn-github/t-25432' 2018-03-28 14:43:33 -04:00
Nick Mathewson
794a25f8c1 Merge branch 'maint-0.3.3' 2018-03-28 14:23:06 -04:00
Nick Mathewson
e0bbef48bf Merge remote-tracking branch 'dgoulet/bug24767_033_03' into maint-0.3.3 2018-03-28 14:21:04 -04:00
Nick Mathewson
6317aa2cc0 Merge branch 'maint-0.3.3' 2018-03-28 07:50:47 -04:00
Nick Mathewson
d4bf1f6c8e Add a paranoia check in string_is_valid_nonrfc_hostname()
The earlier checks in this function should ensure that components is
always nonempty.  But in case somebody messes with them in the
future, let's add an extra check to make sure we aren't crashing.
2018-03-28 07:48:18 -04:00
Nick Mathewson
b504c854d3 Rename string_is_valid_hostname -> string_is_valid_nonrfc_hostname
Per discussion on 25055.
2018-03-28 07:42:27 -04:00
rl1987
09351c34e9 Don't strlen before checking for NULL 2018-03-28 07:39:03 -04:00
rl1987
a28e350cff Tweak loop condition 2018-03-28 07:39:03 -04:00
rl1987
6b6d003f43 Don't explode on NULL or empty string 2018-03-28 07:39:03 -04:00
rl1987
d891010fdd Allow alphanumeric TLDs in test for now 2018-03-28 07:39:03 -04:00
rl1987
ee1fca727c Simplify hostname validation code 2018-03-28 07:39:03 -04:00
rl1987
dbb7c8e6fd Validate hostnames with punycode TLDs correctly 2018-03-28 07:39:03 -04:00
rl1987
4413e52f9e Improve handling of trailing dot 2018-03-28 07:39:03 -04:00
rl1987
db850fec3a Test TLD validation 2018-03-28 07:39:03 -04:00
rl1987
6335db9fce Refrain from including <ctype.h> 2018-03-28 07:39:03 -04:00
rl1987
12afd8bfed Also test bracket-less IPv6 string validation 2018-03-28 07:39:03 -04:00
rl1987
5986589b48 Call strlen() once 2018-03-28 07:39:03 -04:00
rl1987
b0ba4aa7e9 Fix bracketed IPv6 string validation 2018-03-28 07:39:03 -04:00
rl1987
1af016e96e Do not consider IP strings valid DNS names. Fixes #25055 2018-03-28 07:39:03 -04:00
rl1987
0e453929d2 Allow IPv6 address strings to be used as hostnames in SOCKS5 requests 2018-03-28 07:39:03 -04:00
Nick Mathewson
fa6eaab83e Merge branch 'maint-0.3.3' 2018-03-27 18:25:52 -04:00
Nick Mathewson
5acfc30876 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-03-27 18:23:53 -04:00
Taylor Yu
471f28a2a8 Fix CID 1430932
Coverity found a null pointer reference in nodelist_add_microdesc().
This is almost certainly impossible assuming that the routerstatus_t
returned by router_get_consensus_status_by_descriptor_digest() always
corresponds to an entry in the nodelist.  Fixes bug 25629.
2018-03-27 16:11:29 -05:00
Taylor Yu
0c13a84c0d Fix CID 1430932
Coverity found a null pointer reference in nodelist_add_microdesc().
This is almost certainly impossible assuming that the routerstatus_t
returned by router_get_consensus_status_by_descriptor_digest() always
corresponds to an entry in the nodelist.  Fixes bug 25629.
2018-03-27 16:08:39 -05:00
Taylor Yu
4bb7d9fd12 Fix CID 1430932
Coverity found a null pointer reference in nodelist_add_microdesc().
This is almost certainly impossible assuming that the routerstatus_t
returned by router_get_consensus_status_by_descriptor_digest() always
corresponds to an entry in the nodelist.  Fixes bug 25629.
2018-03-27 15:29:00 -05:00
George Kadianakis
ab16f1e2a1 test: Add unittest for the OR connection failure cache
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-03-27 12:43:39 -04:00
David Goulet
f29d158330 relay: Avoid connecting to down relays
If we failed to connect at the TCP level to a relay, note it down and refuse
to connect again for another 60 seconds.

Fixes #24767

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-03-27 12:42:31 -04:00
Nick Mathewson
979c7e5c83 Merge branch 'maint-0.3.3' 2018-03-27 07:05:15 -04:00
Nick Mathewson
46c2b0ca22 Merge branch 'bug25213_033' into maint-0.3.3 2018-03-27 07:04:33 -04:00
Nick Mathewson
0eed0899cd Merge branch 'bug24658-rm-curve25519-header' into bug24658-merge 2018-03-26 20:12:59 -04:00
Nick Mathewson
d96dc2060a Merge branch 'maint-0.3.3' 2018-03-26 19:47:48 -04:00
Nick Mathewson
841ed9dbb9 Merge remote-tracking branch 'dgoulet/bug24904_033_01' into maint-0.3.3 2018-03-26 19:47:44 -04:00
Nick Mathewson
5278d72f97 Merge branch 'maint-0.3.3' 2018-03-26 10:32:53 -04:00
Nick Mathewson
ca2d9cbb93 Merge branch 'bug24903_029' into maint-0.3.3 2018-03-26 10:32:49 -04:00
Nick Mathewson
068d092749 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-03-26 10:29:29 -04:00
Nick Mathewson
b5a6c03998 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-03-26 10:29:29 -04:00
Nick Mathewson
c68bfc556c Merge branch 'maint-0.3.3' 2018-03-26 10:29:29 -04:00
Nick Mathewson
33606405e3 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-03-26 10:29:29 -04:00
Nick Mathewson
969a38a375 Fix a unit test which was broken by the previous commit
This test was expecting Tor to find and use routerinfos, but hadn't
cleared the UseMicrodescriptors flag.  Part of the fix for 25213.
2018-03-26 09:57:39 -04:00
Nick Mathewson
d1874b4339 Make extend_info_from_node() more picky about node contents
This update is needed to make it consistent with the behavior of
node_awaiting_ipv6(), which doesn't believe in the addresses from
routerinfos unless it actually plans to use those routerinfos.

Fixes bug 25213; bugfix on b66b62fb75 in 0.3.3.1-alpha,
which tightened up the definition of node_awaiting_ipv6().
2018-03-26 09:56:12 -04:00
Nick Mathewson
33a80921a2 When extending a circuit's path length, clear onehop_tunnel.
There was a nonfatal assertion in pathbias_should_count that would
trigger if onehop_tunnel was set, but the desired_path_length was
greater than 1.  This patch fixes that.  Fixes bug 24903; bugfix on
0.2.5.2-alpha.
2018-03-26 09:17:50 -04:00
Nick Mathewson
a9fa483004 Document a requirement for cells to be encrypted. 2018-03-24 13:49:44 -04:00
Nick Mathewson
7db4d0c55f Basic unit tests for relay_crypto.c
These tests handle incoming and outgoing cells on a three-hop
circuit, and make sure that the crypto works end-to-end.  They don't
yet test spec conformance, leaky-pipe, or various error cases.
2018-03-24 13:49:08 -04:00
Nick Mathewson
d749f6b5f6 Merge branch 'maint-0.3.3' 2018-03-23 17:49:29 -04:00
Nick Mathewson
eacfd29112 Fix windows compilation warnings in hs_service.c
These were breaking jenkins builds.  Bugfix on 5804ccc9070dc54;
bug not in any released Tor.
2018-03-23 17:47:56 -04:00
Nick Mathewson
bb9012c818 test: more data on geoip load failure. 2018-03-23 11:48:15 -04:00
Nick Mathewson
3519d0c808 Clear all control.c flags on control_free_all()
Fixes bug 25512.
2018-03-23 11:31:56 -04:00
Nick Mathewson
e263317e07 Merge remote-tracking branch 'fristonio/ticket-24740' 2018-03-23 11:22:58 -04:00
Nick Mathewson
11114c7e83 Merge branch 'maint-0.3.3' 2018-03-23 11:19:19 -04:00
Isis Lovecruft
657d5cbbbc tests: Automatically detect Rust crates to test and also pass --verbose.
* FIXES #25560: https://bugs.torproject.org/25560.
2018-03-23 11:13:04 -04:00
David Goulet
236c92a0a7 chan: Use channel_is_client() in channel_do_open_actions()
Make sure we actually only report client channel to the geoip cache instead of
looking if it is a known relay. Looking if it is a known relay can be
unreliable because they come and go from the consensus.

Fixes #24904

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-03-23 10:11:37 -04:00
Isis Lovecruft
fae5254783
hs: Fix two typos in an inline comment.
* FIXES #25602: https://bugs.torproject.org/25602
2018-03-22 22:33:34 +00:00
Nick Mathewson
24abcf9771 Merge branch 'bug25399_squashed' 2018-03-22 08:49:43 -04:00
Alex Xu (Hello71)
946ed24ca5 Do not page-align mmap length. #25399 2018-03-22 08:47:37 -04:00
Nick Mathewson
d9ba7db38b Merge remote-tracking branch 'public/geoip_testing' 2018-03-22 08:43:28 -04:00
Nick Mathewson
f8e53a545a Update tor_log to libc 0.2.39 as well. 2018-03-21 17:14:15 -04:00
Nick Mathewson
4e82441e4c Merge branch 'maint-0.3.3' 2018-03-21 17:10:10 -04:00
Nick Mathewson
2b31387410 Update src/ext/rust to latest master for libc update. 2018-03-21 17:09:59 -04:00
Nick Mathewson
03e787e220 Merge branch 'maint-0.3.3' 2018-03-21 17:05:42 -04:00
Isis Lovecruft
00a473733d maint: Update Rust libc dependency from 0.2.22 to 0.2.39.
Requires the update/libc-0.2.39 branch from
https://github.com/isislovecruft/tor-rust-dependencies to be merged
first.
2018-03-21 17:04:28 -04:00
Nick Mathewson
2c36a02bb1 Merge branch 'maint-0.3.3' 2018-03-20 12:55:46 -04:00
Nick Mathewson
b069979142 Merge branch 'bug25306_032_01_squashed_v2' into maint-0.3.3 2018-03-20 12:54:51 -04:00
David Goulet
5804ccc907 hs-v3: BUG() on missing descriptors during rotation
Because of #25306 for which we are unable to reproduce nor understand how it
is possible, this commit removes the asserts() and BUG() on the missing
descriptors instead when rotating them.

This allows us to log more data on error but also to let tor recover
gracefully instead of dying.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-03-20 12:54:05 -04:00
Nick Mathewson
9f93bcd16d Remove sb_poll check: all poll() calls are ok. 2018-03-20 08:30:21 -04:00
Nick Mathewson
070eda5a21 Add the poll() syscall as permitted by the sandbox
Apparently, sometimes getpwnam will call this.

Fixes bug 25513.
2018-03-20 08:23:44 -04:00
Nick Mathewson
56ae6d8766 Merge branch 'maint-0.3.3' 2018-03-20 07:50:46 -04:00
Alexander Færøy
fd36bd8971 Log information on specific compression backends in the OOM handler.
This patch adds some additional logging to circuits_handle_oom() to give
us more information about which specific compression backend that is
using a certain amount of memory.

See: https://bugs.torproject.org/25372
2018-03-20 07:47:19 -04:00
Nick Mathewson
228b655935 Move rust-specific declarations outside of #else block
These declarations need to exist unconditionally, but they were
trapped inside an "#else /* !(defined(HAVE_SYSLOG_H)) */" block.

Fixes a travis regression caused by 23881; bug not in any released tor.
2018-03-19 19:18:23 -04:00
Nick Mathewson
d8893bc93c Merge remote-tracking branch 'isis/bug23881_r1' 2018-03-19 17:20:37 -04:00
Nick Mathewson
910422e8fa Merge branch 'maint-0.3.2' into maint-0.3.3 2018-03-19 16:59:49 -04:00
Nick Mathewson
3716611fea Merge branch 'maint-0.3.3' 2018-03-19 16:59:49 -04:00
Isis Lovecruft
66d3120634 tests: Fix HS test against max IP lifetime.
* FIXES part of #25450: https://bugs.torproject.org/25450
2018-03-19 16:59:07 -04:00
Isis Lovecruft
1f8bd93ecb
rust: Fix typo in name of logged function. 2018-03-19 19:23:35 +00:00
Isis Lovecruft
547c62840e
rust: Remove #[no_mangle]s on two constants.
These won't/shouldn't ever be called from C, so there's no reason to
preserve naming.
2018-03-19 19:23:34 +00:00
Neel Chauhan
bc5f79b95c Use tor_asprintf for in have_enough_mem_for_dircache()
(Fixes bug 20887)
2018-03-19 12:38:28 -04:00
Nick Mathewson
b0f0c0f550 Merge remote-tracking branch 'fristonio/ticket-6236' 2018-03-19 06:42:10 -04:00
Nick Mathewson
a324cd9020 Merge branch 'ticket25268_034_01' 2018-03-19 06:01:02 -04:00
Nick Mathewson
92c60b572c Merge branch 'maint-0.3.3' 2018-03-19 05:39:56 -04:00
Gisle Vanem
53914f7dae tests: Fix crash on win32 due to uninitialised mutex in bench.c.
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2018-03-19 05:38:19 -04:00
Nick Mathewson
bcea98a4b4 Merge branch 'maint-0.3.3' 2018-03-19 05:36:06 -04:00
Nick Mathewson
296e429ebc Merge branch 'maint-0.3.2' into maint-0.3.3 2018-03-19 05:36:06 -04:00
Nick Mathewson
a0cc7e9492 Merge remote-tracking branch 'isis/bug25450_032' into maint-0.3.2 2018-03-19 05:35:39 -04:00
Nick Mathewson
5ecad6c95d Extract the cryptographic parts of crypt_path_t and or_circuit_t.
Additionally, this change extracts the functions that created and
freed these elements.

These structures had common "forward&reverse stream&digest"
elements, but they were initialized and freed through cpath objects,
and different parts of the code depended on them.  Now all that code
is extacted, and kept in relay_crypto.c
2018-03-17 10:59:15 -04:00
Nick Mathewson
80955be6ec Move relay-crypto functions from relay.[ch] to relay_crypto.[ch]
This should help us improve modularity, and should also make it
easier for people to experiment with other relay crypto strategies
down the road.

This commit is pure function movement.
2018-03-17 10:23:44 -04:00
Nick Mathewson
320dcf65b7 Extract the crypto parts of circuit_package_relay_cell. 2018-03-17 10:16:41 -04:00
Nick Mathewson
2989326054 Rename 'relay_crypt' to 'relay_decrypt_cell'
This function is used upon receiving a cell, and only handles the
decrypting part.  The encryption part is currently handled inside
circuit_package_relay_cell.
2018-03-17 10:05:25 -04:00
Nick Mathewson
becae4c943 Add a test for geoip_load_file(). 2018-03-15 15:21:34 +01:00
Nick Mathewson
1debe57563 On geoip_free_all, reset geoip[6]_digest. 2018-03-15 15:21:23 +01:00
Nick Mathewson
ffb00404b1 Split geoip tests into a separate module. 2018-03-15 15:12:54 +01:00
Nick Mathewson
4e5e973421 Merge remote-tracking branch 'public/restart_reset_bootstrap' 2018-03-14 12:12:37 +01:00
Nick Mathewson
c6d364e8ae Merge branch 'maint-0.3.3' 2018-03-13 10:59:56 -04:00
Nick Mathewson
d60dc27555 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-03-13 10:59:30 -04:00
Nick Mathewson
950606dcc9 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-03-13 10:58:03 -04:00
Nick Mathewson
38b7885c90 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-03-13 10:58:03 -04:00
Nick Mathewson
0e7f15fdb6 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-03-13 10:58:02 -04:00
Nick Mathewson
67a313f0ec Merge branch 'maint-0.2.5' into maint-0.2.9 2018-03-13 10:58:02 -04:00
Karsten Loesing
3418a3a7f0 Update geoip and geoip6 to the March 8 2018 database. 2018-03-13 10:57:49 -04:00
Mike Perry
578aaa7f12 Bug 25505: Check circuitmux queues before padding. 2018-03-13 13:50:35 +00:00
Nick Mathewson
40154c1f9e Merge branch 'maint-0.3.3' 2018-03-13 10:00:58 +01:00
Nick Mathewson
e9dbd6dd8f Update the documentation in tor_api.h 2018-03-13 10:00:41 +01:00
Isis Lovecruft
0545f64d24
test: Increase time limit for IP creation in an HS test.
This should avoid most intermittent test failures on developer and CI machines,
but there could (and probably should) be a more elegant solution.

Also, this test was testing that the IP was created and its expiration time was
set to a time greater than or equal to `now+INTRO_POINT_LIFETIME_MIN_SECONDS+5`:

    /* Time to expire MUST also be in that range. We add 5 seconds because
     * there could be a gap between setting now and the time taken in
     * service_intro_point_new. On ARM, it can be surprisingly slow... */
    tt_u64_op(ip->time_to_expire, OP_GE,
              now + INTRO_POINT_LIFETIME_MIN_SECONDS + 5);

However, this appears to be a typo, since, according to the comment above it,
adding five seconds was done because the IP creation can be slow on some
systems.  But the five seconds is added to the *minimum* time we're comparing
against, and so it actually functions to make this test *more* likely to fail on
slower systems.  (It should either subtract five seconds, or instead add it to
time_to_expire.)

 * FIXES #25450: https://bugs.torproject.org/25450
2018-03-08 20:50:50 +00:00
Caio Valente
8775c93a99 Refactor: suppress duplicated functions from router.c and encapsulate NODE_DESC_BUF_LEN constant.
Also encapsulates format_node_description().

Closes ticket 25432.
2018-03-06 20:42:32 +01:00
Deepesh Pathak
930b985581
Fix redundant authority certificate fetch
- Fixes #24740
- Fetch certificates only in those cases when consensus are waiting for certs.
2018-03-04 21:13:58 +05:30
Nick Mathewson
699bb803ba Fix a crash bug when testing reachability
Fixes bug 25415; bugfix on 0.3.3.2-alpha.
2018-03-04 10:31:17 -05:00
Nick Mathewson
df9d2de441 Merge remote-tracking branch 'fristonio/ticket4187' 2018-03-03 12:02:30 -05:00
Nick Mathewson
338dbdab93 Merge branch 'maint-0.3.3' 2018-03-03 11:59:27 -05:00
Alexander Færøy
59a7b00384 Update tor.1.txt with the currently available log domains.
See: https://bugs.torproject.org/25378
2018-03-03 11:58:14 -05:00
Nick Mathewson
62482ea279 Merge branch 'maint-0.3.3' 2018-03-03 11:53:05 -05:00
Nick Mathewson
cc7de9ce1d Merge branch 'ticket23814' into maint-0.3.3 2018-03-03 11:53:01 -05:00
Nick Mathewson
aec505a310 bump to 0.3.3.3-alpha-dev 2018-03-03 11:33:56 -05:00
Nick Mathewson
0026d1a673 bump version to 0.3.2.10-dev 2018-03-03 11:33:27 -05:00
Nick Mathewson
0aa794d309 version bump to 0.3.1.10-dev 2018-03-03 11:32:51 -05:00
Nick Mathewson
9eb6f9d3c8 Bump version to 0.2.9.15-dev 2018-03-03 11:32:16 -05:00
Alex Xu (Hello71)
45d3b5fa4c Remove uncompilable tor_mmap_file fallback. #25398 2018-03-02 09:51:53 -05:00
Nick Mathewson
15f6201a5b increment to 0.3.3.3-alpha 2018-03-01 16:44:07 -05:00
Nick Mathewson
1ec386561e version bump to 0.3.2.10 2018-03-01 16:43:35 -05:00
Nick Mathewson
c527a8a9c9 Update to 0.3.1.10 2018-03-01 16:43:01 -05:00
Nick Mathewson
35753c0774 version bump to 0.2.9.15 2018-03-01 16:42:17 -05:00
Nick Mathewson
d22963938f Merge branch 'maint-0.3.3' 2018-03-01 16:10:47 -05:00
Nick Mathewson
f7eff2f8c5 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-03-01 16:10:43 -05:00
Nick Mathewson
d01abb9346 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-03-01 16:07:59 -05:00
Nick Mathewson
d4a758e083 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-03-01 16:07:59 -05:00
Nick Mathewson
c1bb8836ff Protover tests: disable some obsoleted tests
These were meant to demonstrate old behavior, or old rust behavior.

One of them _should_ work in Rust, but won't because of
implementation details.  We'll fix that up later.
2018-03-01 16:05:17 -05:00
Nick Mathewson
c5295cc1be Spec conformance on protover: always reject ranges where lo>hi 2018-03-01 16:05:17 -05:00
Nick Mathewson
1fe0bae508 Forbid UINT32_MAX as a protocol version
The C code and the rust code had different separate integer overflow
bugs here.  That suggests that we're better off just forbidding this
pathological case.

Also, add tests for expected behavior on receiving a bad protocol
list in a consensus.

Fixes another part of 25249.
2018-03-01 16:05:17 -05:00
Nick Mathewson
8b405c609e Forbid "-0" as a protocol version.
Fixes part of 24249; bugfix on 0.2.9.4-alpha.
2018-03-01 16:05:17 -05:00
Nick Mathewson
0953c43c95 Add more of Teor's protover tests.
These are as Teor wrote them; I've disabled the ones that don't pass
yet, with XXXX comments.
2018-03-01 16:05:17 -05:00
Nick Mathewson
d3a1bdbf56 Add some protover vote round-trip tests from Teor.
I've refactored these to be a separate function, to avoid tricky
merge conflicts.

Some of these are disabled with "XXXX" comments; they should get
fixed moving forward.
2018-03-01 16:05:17 -05:00
Nick Mathewson
a83650852d Add another NULL-pointer fix for protover.c.
This one can only be exploited if you can generate a correctly
signed consensus, so it's not as bad as 25074.

Fixes bug 25251; also tracked as TROVE-2018-004.
2018-03-01 16:05:17 -05:00
Nick Mathewson
65f2eec694 Correctly handle NULL returns from parse_protocol_list when voting.
In some cases we had checked for it, but in others we had not.  One
of these cases could have been used to remotely cause
denial-of-service against directory authorities while they attempted
to vote.

Fixes TROVE-2018-001.
2018-03-01 16:05:17 -05:00
Isis Lovecruft
167da4bc81
rust: Remove extra whitespace from a static log/error message. 2018-02-27 20:43:54 +00:00
Deepesh Pathak
130e2ffad7
Remove duplicate code between parse_{c,s}method in transport.c
- Merged common code in function parse_{c,s}method to a single function
- Removed duplicate code in transport.c
- Fixes #6236
2018-02-24 20:27:08 +05:30
Nick Mathewson
fc22bcadb5 Revert 4438ef32's changes to test_address.c
Apparently some versions of the mac sdk care about the ordering of
net/if.h wrt other headers.

Fixes bug 25319; bug not in any released tor.
2018-02-21 09:36:37 -05:00
Isis Lovecruft
7759ac8df2
crypto: Remove crypto_rsa.h from crypto_digest.c.
* ADD include for "crypto_openssl_mgt.h" so that we have OpenSSL
   defined SHA* types and functions.
 * FIXES part of #24658: https://bugs.torproject.org/24658#comment:30
2018-02-20 20:29:54 +00:00
Isis Lovecruft
3e9140e79a
crypto: Remove unnecessary curve25519 header from crypto_digest.h.
* ADD includes for "torint.h" and "container.h" to crypto_digest.h.
 * ADD includes for "crypto_digest.h" to a couple places in which
   crypto_digest_t was then missing.
 * FIXES part of #24658: https://bugs.torproject.org/24658#comment:30
2018-02-20 20:29:54 +00:00
Nick Mathewson
4438ef3288 Remove a bunch of other redundant #includes
Folks have found two in the past week or so; we may as well fix the
others.

Found with:

\#!/usr/bin/python3
import re

def findMulti(fname):
    includes = set()
    with open(fname) as f:
        for line in f:
            m = re.match(r'^\s*#\s*include\s+["<](\S+)[>"]', line)
            if m:
                inc = m.group(1)
                if inc in includes:
                    print("{}: {}".format(fname, inc))
                includes.add(m.group(1))

import sys
for fname in sys.argv[1:]:
    findMulti(fname)
2018-02-20 10:14:15 -05:00
Nick Mathewson
a4ab273a0d Merge remote-tracking branch 'fristonio/ticket-25261' 2018-02-20 10:03:52 -05:00
Nick Mathewson
5199b9b337 Use autoconf to check for optional zstd functionality.
Fixes a bug in our zstd-static code.  Bug not in any released
version of Tor.
2018-02-18 16:19:43 -05:00
Fernando Fernandez Mancera
0fad49e1c4 Move crypto_pk_obsolete_* functions into RSA module.
We moved the crypto_pk_obselete_* functions into crypto_rsa.[ch] because they fit
better with the RSA module.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-16 18:23:21 +01:00
Fernando Fernandez Mancera
541b6b2433 Remove useless included files in crypto_rsa.[ch].
Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-16 17:49:58 +01:00
Nick Mathewson
bd71e0a0c8 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-02-16 09:54:13 -05:00
Nick Mathewson
2bcd264a28 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-02-16 09:48:11 -05:00
Nick Mathewson
cb92d47dec Merge remote-tracking branch 'dgoulet/ticket24902_029_05' into maint-0.2.9 2018-02-16 09:41:06 -05:00
Nick Mathewson
bbc73c5d1c Whoops. 256 was not big enough. 2018-02-16 09:40:29 -05:00
Nick Mathewson
a34fc1dad2 Allow checkpointing of non-sha1 digests.
This is necessary because apparently v3 rendezvous cpath hops use
sha3, which I had forgotten.

Bugfix on master; bug not in any released Tor.
2018-02-16 09:25:50 -05:00
Roger Dingledine
d21e5cfc24 stop calling channel_mark_client in response to a create_fast
since all it does is produce false positives

this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.

[Cherry-picked]
2018-02-16 08:46:57 -05:00
Roger Dingledine
2b99350ca4 stop calling channel_mark_client in response to a create_fast
since all it does is produce false positives

this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.
2018-02-16 08:46:31 -05:00
Roger Dingledine
8d5dcdbda2 backport to make channel_is_client() accurate
This commit takes a piece of commit af8cadf3a9 and a piece of commit
46fe353f25, with the goal of making channel_is_client() be based on what
sort of connection handshake the other side used, rather than seeing
whether the other side ever sent a create_fast cell to us.
2018-02-16 08:39:10 -05:00
Neel Chauhan
c2fa743806 Remove the return value of node_get_prim_orport() and node_get_prim_dirport() 2018-02-16 08:20:33 -05:00
Nick Mathewson
200fc8c640 Compilation workaround for windows, which lacks O_SYNC
Bug not in any released Tor.
2018-02-16 08:16:12 -05:00
Nick Mathewson
5a9ada342f tor_zstd_format_version shouldn't be built when !HAVE_ZSTD
Fixes bug 25276; bugfix not in any released Tor.
2018-02-16 08:06:01 -05:00
Fernando Fernandez Mancera
f9f0dd5b9a Move the pk-digest functions into crypto_rsa.[ch].
We moved the crypto_pk_* digest functions into crypto_rsa.[ch] because they fit
better with the RSA module.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2018-02-16 12:04:22 +01:00
Nick Mathewson
b56fd17d00 Merge branch 'maint-0.3.3' 2018-02-15 21:05:12 -05:00
Nick Mathewson
d662d4470a Merge remote-tracking branch 'dgoulet/ticket24343_033_01' into maint-0.3.3 2018-02-15 21:05:08 -05:00
Nick Mathewson
d9804691df Merge remote-tracking branch 'ffmancera-1/bug18918' 2018-02-15 21:00:10 -05:00
Nick Mathewson
92a42f795c Merge branch 'bug23909' 2018-02-15 20:56:23 -05:00
Nick Mathewson
8da6bfa5de Merge branch 'bug24914' 2018-02-15 20:53:50 -05:00
Nick Mathewson
4d994e7a9c Fix a stack-protector warning: don't use a variable-length buffer
Instead, define a maximum size, and enforce it with an assertion.
2018-02-15 20:52:01 -05:00
Nick Mathewson
ed1d630f0e Merge branch 'onion_ntor_malloc_less' 2018-02-15 20:40:03 -05:00
Nick Mathewson
28c3f538e5 Documentation fixes suggested by catalyst. 2018-02-15 20:38:08 -05:00
Nick Mathewson
bda1dfb9e0 Merge remote-tracking branch 'isis/bug25185' 2018-02-15 20:35:30 -05:00