Commit Graph

423 Commits

Author SHA1 Message Date
Nick Mathewson
17fdde3d92 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/common/tortls.c
2010-10-21 16:23:01 -04:00
Sebastian Hahn
9bed40eb10 Make check-spaces happy 2010-10-14 17:54:45 +02:00
Nick Mathewson
fbacbf9fd9 Set OpenSSL 0.9.8l renegotiation flag early enough for bufferevents
This seems to fix another case of bug2001.
2010-10-12 14:52:33 -04:00
Nick Mathewson
a9172c87be Actually call connection_tls_finish_handshake() with bufferevents
First start of a fix for bug2001, but my test network still isn't
working: the client and the server send each other VERSIONS cells,
but never notice that they got them.
2010-10-12 14:52:33 -04:00
Nick Mathewson
4cfa6fbaca Log OpenSSL errors coming from bufferevent_openssl 2010-10-11 13:25:41 -04:00
Robert Ransom
17efbe031d Maintain separate server and client TLS contexts.
Fixes bug #988.
2010-10-04 21:51:47 -07:00
Robert Ransom
d3879dbd16 Refactor tor_tls_context_new:
* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.
2010-10-04 17:57:29 -07:00
Nick Mathewson
4c71be65d8 Merge remote branch 'origin/maint-0.2.2' 2010-10-04 13:56:17 -04:00
Robert Ransom
1b8c8059c7 Correct a bogus comment.
Whether or not OpenSSL reference-counts SSL_CTX objects is irrelevant;
what matters is that Tor reference-counts its wrapper objects for
SSL_CTXs.
2010-10-04 13:53:54 -04:00
Robert Ransom
c70d9d77ab Correct a couple of log messages in tortls.c 2010-10-04 13:53:48 -04:00
Robert Ransom
068185eca2 Fix several comments in tortls.c 2010-10-04 13:47:57 -04:00
Nick Mathewson
6950749c0a Make the bufferevent code use the renegotiation-reenabling hack 2010-09-27 16:07:14 -04:00
Nick Mathewson
b7ae108e18 Always defer bufferevent_openssl callbacks to avoid reentrant invocations 2010-09-27 14:29:42 -04:00
Nick Mathewson
b49cf6a77a Fix whitespace in bufferevents branch 2010-09-27 14:22:18 -04:00
Nick Mathewson
a16ed90ec8 Document and/or fix stuff found by Sebastian in code review
Thanks to Sebastian for his code-review of the bufferevents patch series.x
2010-09-27 14:22:18 -04:00
Sebastian Hahn
865bea3b89 Some bufferevents related fixes and pointers for nickm 2010-09-27 14:22:18 -04:00
Nick Mathewson
ffd5070b04 Convert bufferevents to use rate-limiting.
This requires the latest Git version of Libevent as of 24 March 2010.
In the future, we'll just say it requires Libevent 2.0.5-alpha or
later.

Since Libevent doesn't yet support hierarchical rate limit groups,
there isn't yet support for tracking relayed-bytes separately when
using the bufferevent system.  If a future version does add support
for hierarchical buckets, we can add that back in.
2010-09-27 14:22:18 -04:00
Nick Mathewson
c74a4ab515 Documentation for a few bufferevent functions. 2010-09-27 12:31:14 -04:00
Nick Mathewson
bd3612cd2b Get SSL connections and linked connections working with bufferevents.
Clients are now verified to work and build circuits correctly.  There
are still a few warnings given here and there that I need to look into.
2010-09-27 12:31:14 -04:00
mingw-san
856a36c434 Fix compilation with mingw and OpenSSL 0.9.8m+ 2010-07-26 15:05:11 -04:00
Nick Mathewson
14bc4dcc22 Rename log.h to torlog.h
This should make us conflict less with system files named "log.h".
Yes, we shouldn't have been conflicting with those anyway, but some
people's compilers act very oddly.

The actual change was done with one "git mv", by editing
Makefile.am, and running
   find . -name '*.[ch]' | xargs perl -i -pe 'if (/^#include.*\Wlog.h/) {s/log.h/torlog.h/; }'
2010-07-09 22:05:38 -04:00
valerino
076063ca90 moved wince related includes and defs to compat.h where possible, removed unused/redundant wince includes 2010-05-24 11:46:54 -04:00
Sebastian Hahn
0b82ce3eb6 Demote a warning about missing client ciphers 2010-04-20 03:57:33 -04:00
Roger Dingledine
77babb832a minor cleanups 2010-04-20 02:48:35 -04:00
Nick Mathewson
c38fa93ad1 Merge commit 'origin/maint-0.2.1' 2010-04-15 10:35:09 -04:00
Nick Mathewson
6ad09cc6af Fix renegotiation on OpenSSL versions that backport RFC5746.
Our code assumed that any version of OpenSSL before 0.9.8l could not
possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.  This is
so... except that many vendors have backported the flag from later
versions of openssl when they backported the RFC5476 renegotiation
feature.

The new behavior is particularly annoying to detect.  Previously,
leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that
clients would fail to renegotiate.  People noticed that one fast!
Now, OpenSSL's RFC5476 support means that clients will happily talk to
any servers there are, but servers won't accept renegotiation requests
from unpatched clients unless SSL_OP_ALLOW_etc is set.  More fun:
servers send back a "no renegotiation for you!" error, which unpatched
clients respond to by stalling, and generally producing no useful
error message.

This might not be _the_ cause of bug 1346, but it is quite likely _a_
cause for bug 1346.
2010-04-13 15:05:03 -04:00
Nick Mathewson
b006e3279f Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	src/common/test.h
	src/or/test.c
2010-02-27 17:16:31 -05:00
Nick Mathewson
c3e63483b2 Update Tor Project copyright years 2010-02-27 17:14:21 -05:00
Roger Dingledine
603432090d fix typo and garbage grammar 2010-02-21 17:18:42 -05:00
Nick Mathewson
715f104eeb Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-02-18 12:01:56 -05:00
Sebastian Hahn
c2c3a5a3f5 Fix compile 2010-02-18 13:08:57 +01:00
Nick Mathewson
e861b3be88 Even more conservative option-setting for SSL renegotiation.
This time, set the SSL3_FLAGS_ALLOW_UNSAFE_RENEGOTIATION flag on every
version before OpenSSL 0.9.8l.  I can confirm that the option value (0x0010)
wasn't reused until OpenSSL 1.0.0beta3.
2010-02-17 23:55:03 -05:00
Nick Mathewson
5314438799 Merge remote branch 'origin/maint-0.2.1' 2010-01-31 22:53:19 -05:00
Nick Mathewson
abd447f876 Revise OpenSSL fix to work with OpenSSL 1.0.0beta*
In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
they use it for something different.

For the ugly version, see my long comment in tortls.c
2010-01-31 22:48:29 -05:00
Nick Mathewson
1744e447a1 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.

[backported]
2010-01-29 17:17:47 -05:00
Nick Mathewson
4905eaa38c Detect the correct versions of openssl for tls negotiation fix
Since it doesn't seem to hurt, we should use _both_ fixes whenever
we see OpenSSL 0.9.7L .. 0.9.8, or OpenSSL 0.9.8L..
2010-01-29 17:11:20 -05:00
Nick Mathewson
8d68e5c748 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.
2010-01-29 17:02:17 -05:00
Nick Mathewson
3b4b6009a0 Merge remote branch 'origin/maint-0.2.1' 2010-01-23 20:46:57 -05:00
Nick Mathewson
4ad5094c90 Avoid a possible crash in tls_log_errors.
We were checking for msg==NULL, but not lib or proc.  This case can
only occur if we have an error whose string we somehow haven't loaded,
but it's worth coding defensively here.

Spotted by rieo on IRC.
2010-01-22 16:32:15 -05:00
Nick Mathewson
0c1b3070cf Now that FOO_free(NULL) always works, remove checks before calling it. 2009-12-12 02:07:59 -05:00
Sebastian Hahn
3807db001d *_free functions now accept NULL
Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.

This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
2009-12-12 03:29:44 +01:00
Nick Mathewson
b51a33e527 Merge commit 'origin/maint-0.2.1' 2009-12-04 14:31:17 -05:00
Martin Peck
3a2d677fa7 Improved workaround for disabled OpenSSL renegotiation.
It turns out that OpenSSL 0.9.8m is likely to take a completely
different approach for reenabling renegotiation than OpenSSL 0.9.8l
did, so we need to work with both. :p   Fixes bug 1158.

(patch by coderman; commit message by nickm)
2009-12-04 14:25:08 -05:00
Nick Mathewson
0a58567ce3 Merge commit 'origin/maint-0.2.1'
Conflicts:
	src/common/tortls.c
2009-11-06 15:24:52 -05:00
Nick Mathewson
ce0a89e262 Make Tor work with OpenSSL 0.9.8l
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default.  We are not affected by this security problem, however,
since we do renegotiation right.  (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.

Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.

For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done.  There's no way to exploit a second handshake
either, but we might as well not allow it.
2009-11-05 18:13:08 -05:00
Nick Mathewson
a3f1da2ec0 Fix compilation on OpenSSLs with unusual state lists.
"Unusual" in this context means "not the same as nickm's."  We should grow a
better list later.

(Also, move TLS state table to a separate header.)
2009-09-24 13:00:28 -04:00
Nick Mathewson
b8b2935367 Debugging logs for TLS handshake
The big change is to add a function to display the current SSL handshake
state, and to log it everywhere reasonable.  (A failure in
SSL23_ST_CR_SRVR_HELLO_A is different from one in
SSL3_ST_CR_SESSION_TICKET_A.)

This patch also adds a new log domain for OR handshaking, so you can pull out
all the handshake log messages without having to run at debug for everything.
For example, you'd just say "log notice-err [handshake]debug-err file
tor.log".
2009-09-24 12:31:22 -04:00
Nick Mathewson
4b10ba484b Merge commit 'origin/maint-0.2.1' 2009-09-17 00:42:41 -04:00
Nick Mathewson
9c38941195 Work around a memory leak in openssl 0.9.8g (and maybe others) 2009-09-17 00:01:20 -04:00
Nick Mathewson
1cda6f3e75 Merge commit 'origin/maint-0.2.1' 2009-09-01 15:59:40 -04:00
Sebastian Hahn
aea9cf1011 Fix compile warnings on Snow Leopard
Big thanks to nickm and arma for helping me with this!
2009-09-01 18:36:27 +02:00
Nick Mathewson
e84ddead34 Merge branch 'hardware_accel_improvements' 2009-05-31 13:36:50 -04:00
Nick Mathewson
f0453c45c8 Spelling fixes in comments and strings 2009-05-27 16:36:13 -04:00
Martin Peck
7703b887f5 Add support for dynamic OpenSSL hardware crypto acceleration engines. 2009-05-23 16:42:44 -07:00
Karsten Loesing
9b32e8c141 Update copyright to 2009. 2009-05-04 11:28:27 -04:00
Karsten Loesing
4ebcc4da34 Update copyright to 2009. 2009-05-02 22:00:54 +02:00
Roger Dingledine
2f69c67957 doxygen tweak
svn:r18818
2009-03-09 06:20:15 +00:00
Nick Mathewson
c4b8fef362 Remove svn $Id$s from our source, and remove tor --version --version.
The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed.  They were not actually useful for
telling the version of Tor files in the wild.

svn:r17867
2009-01-04 00:35:51 +00:00
Nick Mathewson
52932d6f1a Remove some code that is #ifdefed out, and that we no longer seem to use, if we ever did.
svn:r17827
2008-12-30 04:16:49 +00:00
Nick Mathewson
9c3d17ebb5 Fix a small memory leak of around 32 bytes per TLS connection opened. Bugfix on 0.2.1.1-alpha.
svn:r17678
2008-12-18 15:00:09 +00:00
Nick Mathewson
6693f32530 Resolve many DOCDOCs.
svn:r17662
2008-12-17 22:58:20 +00:00
Nick Mathewson
339f094056 Refactor some code and add some asserts based on scanner results.
svn:r16783
2008-09-05 21:19:53 +00:00
Karsten Loesing
9231858ff5 Fix bug 763. When a hidden service is giving up on an introduction point candidate that was not included in the last published rendezvous descriptor, don't reschedule publication of the next descriptor.
svn:r15825
2008-07-10 21:02:01 +00:00
Nick Mathewson
cb7cc9e12d r16882@tombo: nickm | 2008-07-10 14:31:25 -0400
Fix for session-related bug found by Geoff Goodell. backport candidate, once tested.


svn:r15821
2008-07-10 18:31:33 +00:00
Roger Dingledine
d395135e2f fix a few typos, and give the bootstrap phase stuff a changelog entry.
svn:r15183
2008-06-13 04:26:05 +00:00
Nick Mathewson
22080354ed r16217@tombo: nickm | 2008-06-12 21:13:09 -0400
Remove spurious debugging message.


svn:r15176
2008-06-13 01:13:12 +00:00
Nick Mathewson
617843988c r16215@tombo: nickm | 2008-06-12 18:39:03 -0400
Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, *even if* we do not know all those ciphers.  This is a bit of a kludge, but it is at least decently well commented.


svn:r15173
2008-06-12 22:39:13 +00:00
Nick Mathewson
61ac80a914 Ouch. We were sometimes getting openssl compression by default. This is pointless for us, since the overwhelming majority of our cells are encrypted, full of compressed data, or both. This is also harmful, since doing piles of compression is not cheap. Backport candidate once more tested.
svn:r14830
2008-05-29 14:39:56 +00:00
Nick Mathewson
da67500336 If the user has an openssl that supports my "release buffer ram" patch, use it.
svn:r14671
2008-05-19 18:13:00 +00:00
Nick Mathewson
1823c45a71 r19613@catbus: nickm | 2008-05-05 19:57:06 -0400
Log correct openssl buf capacity when using my sooper sekrit buffer hack.  This will help test the aforementioned ssbh.


svn:r14567
2008-05-05 23:57:17 +00:00
Roger Dingledine
a364592ca0 make check-spaces wants a newline at the end of tortls
svn:r14508
2008-04-29 19:51:38 +00:00
Nick Mathewson
b927ede48c r15161@31-33-107: nickm | 2008-04-10 11:11:58 -0400
Make dumpstats() log the size and fullness of openssl-internal buffers, so I can test my hypothesis that many of them are empty, and my alternative hypothesis that many of them are mostly empty, against the null hypothesis that we really need to be burning 32K per open OR connection on this.


svn:r14350
2008-04-10 15:12:24 +00:00
Nick Mathewson
02acee891c r19089@catbus: nickm | 2008-03-27 11:05:23 -0400
Free some static hashtables and the log mutex on exit. Backport candidate.


svn:r14212
2008-03-27 15:05:28 +00:00
Roger Dingledine
901e2ad04b correct a confusing log message
svn:r14165
2008-03-24 18:37:52 +00:00
Nick Mathewson
05f5d778a2 r18919@catbus: nickm | 2008-03-18 10:53:38 -0400
Forward-port bug 622 fix as diagnosed by lodger.


svn:r14096
2008-03-18 14:53:41 +00:00
Nick Mathewson
0b941640df r18852@catbus: nickm | 2008-03-16 22:47:19 -0400
Downgrade "sslv3 alert handshake failure" message to info.


svn:r14057
2008-03-17 02:47:49 +00:00
Nick Mathewson
4d32c2e81f r18751@catbus: nickm | 2008-03-11 14:22:43 -0400
Fix for bug 614: always look at the network BIO for the SSL object, not at the buffering BIO (if one exists because we are renegotiating or something).  Bugfix on 0.1.2.x, oddly enough, though it should be impossible to trigger the problem there.  Backport candidate.  See comments in tortls.c for detailed implementation note.


svn:r13975
2008-03-11 18:22:49 +00:00
Nick Mathewson
24f91d2876 r18747@catbus: nickm | 2008-03-11 13:21:25 -0400
Request client certs when renegotiating on server-side. Spotted by lodger.  Bugfix on 0.2.0.x.


svn:r13973
2008-03-11 17:21:44 +00:00
Nick Mathewson
2675276618 r18638@catbus: nickm | 2008-03-07 20:11:15 -0500
Fix typo in tortls.c comment.


svn:r13887
2008-03-08 01:11:52 +00:00
Nick Mathewson
77d1654c50 r18535@catbus: nickm | 2008-03-01 09:58:33 -0500
Whoo.  People diagnosed and fixed bug 616. See changelog for details.  Bugfix on 0.2.0.20-rc.


svn:r13793
2008-03-01 14:59:03 +00:00
Roger Dingledine
e7f3d6f76c fix most of pnx's warnings on irix64
svn:r13706
2008-02-24 23:39:53 +00:00
Roger Dingledine
a0bc80bbf8 <weasel> tortls.c: In function `tor_tls_client_is_using_v2_ciphers':
<weasel> tortls.c:634: warning: passing arg 1 of `SSL_get_session' discards
qualifiers from pointer target type

Nick, see if you like this patch.


svn:r13690
2008-02-24 00:35:20 +00:00
Nick Mathewson
b21a122ef6 r14379@tombo: nickm | 2008-02-21 17:14:24 -0500
Enable v2 handshakes.


svn:r13666
2008-02-21 22:14:32 +00:00
Nick Mathewson
69300eb606 r14374@tombo: nickm | 2008-02-21 16:57:39 -0500
Fix all remaining shorten-64-to-32 errors in src/common.  Some were genuine problems.  Many were compatibility errors with libraries (openssl, zlib) that like predate size_t.  Partial backport candidate.


svn:r13665
2008-02-21 21:57:47 +00:00
Nick Mathewson
e2f25558b9 r14362@31-33-219: nickm | 2008-02-21 11:01:10 -0500
Change some of our log messages related to closed TLS connections in order to better reflect reality.


svn:r13657
2008-02-21 16:11:58 +00:00
Roger Dingledine
b3c0d066e5 other cleanups that have been sitting in my sandbox
svn:r13649
2008-02-21 09:01:32 +00:00
Roger Dingledine
b28a342e35 resolve one more, and leave two for nick.
svn:r13644
2008-02-21 05:53:50 +00:00
Nick Mathewson
063ced8903 r18296@catbus: nickm | 2008-02-20 23:30:11 -0500
Answer one xxx020 item; move 7 other ones to a new "XXX020rc" category: they should get fixed before we cut a release candidate. arma: please review these to see whether you have fixes/answers for any. Please check out the other 14 XXX020s to see if any look critical for the release candidate.


svn:r13640
2008-02-21 04:30:14 +00:00
Nick Mathewson
4ccffd7aea r18218@catbus: nickm | 2008-02-19 17:27:40 -0500
When SafeLogging is off, have TLS errors and messages logged with their associated addresses.


svn:r13591
2008-02-19 22:27:44 +00:00
Nick Mathewson
ca4eb987c8 r14182@tombo: nickm | 2008-02-15 17:20:51 -0500
Defer, downgrade, or address more XXX020s.  The remaining ones are all ones we should deal with before release.


svn:r13530
2008-02-15 23:39:08 +00:00
Nick Mathewson
f3eaeb99a3 r18051@catbus: nickm | 2008-02-12 15:20:43 -0500
Re-tune mempool parametes based on testing on peacetime: use smaller chuncks, free them a little more aggressively, and try very hard to concentrate allocations on fuller chunks.  Also, lots of new documentation.


svn:r13484
2008-02-12 20:20:52 +00:00
Roger Dingledine
587a57fdef fix the compile
svn:r13480
2008-02-12 04:50:53 +00:00
Nick Mathewson
a9f1fb20d7 r18045@catbus: nickm | 2008-02-11 23:48:54 -0500
oops.  Not *quite* ready, just yet, maybe.  Do not turn the TLS client handshake on by mistake _again_.


svn:r13479
2008-02-12 04:48:59 +00:00
Nick Mathewson
aace52320c r18041@catbus: nickm | 2008-02-11 23:43:18 -0500
Make version negotiation and handshaking messages more useful and accurate.


svn:r13477
2008-02-12 04:43:25 +00:00
Nick Mathewson
5ced3fd790 r18036@catbus: nickm | 2008-02-11 23:36:38 -0500
Make a couple of messages less noisy


svn:r13476
2008-02-12 04:37:13 +00:00
Roger Dingledine
509d2912dc doxygen and other cleanups
svn:r13440
2008-02-09 03:11:10 +00:00
Nick Mathewson
f27a368265 r17987@catbus: nickm | 2008-02-08 17:01:56 -0500
Remove spurious log stmt


svn:r13432
2008-02-08 22:01:59 +00:00
Nick Mathewson
de827f89df r14062@tombo: nickm | 2008-02-08 15:17:07 -0500
Change DNs in x509 certificates to be harder to fingerprint.  Raise common code.  Refactor random hostname generation into crypto.c


svn:r13429
2008-02-08 21:13:12 +00:00
Nick Mathewson
842a33ff20 Update some copyright notices: it is now 2008.
svn:r13412
2008-02-07 05:31:47 +00:00
Nick Mathewson
46b1a21dc4 r17955@catbus: nickm | 2008-02-06 16:53:07 -0500
The SSL portion of the revised handshake now seems to work: I just finally got a client and a server to negotiate versions.  Now to make sure certificate verification is really happening, connections are getting opened, etc.


svn:r13409
2008-02-06 21:53:13 +00:00
Nick Mathewson
46532d8111 r17953@catbus: nickm | 2008-02-06 15:00:44 -0500
Implement a better means for testing for renegotiation.


svn:r13408
2008-02-06 20:00:47 +00:00
Nick Mathewson
a869574c56 r17947@catbus: nickm | 2008-02-06 11:57:53 -0500
Fix a bunch of DOCDOC items; document the --quiet flag; refactor a couple of XXXX020 items.


svn:r13405
2008-02-06 16:58:05 +00:00
Nick Mathewson
a51deb9a9c r17903@catbus: nickm | 2008-02-05 14:40:03 -0500
Remove some dead code; fix some XXX020s; turn some XXX020s into XXXX_IP6s (i.e., "needs to be fixed when we add ipv6 support").


svn:r13382
2008-02-05 19:40:26 +00:00
Roger Dingledine
750ed3d015 We accidentally enabled the under-development v2 TLS handshake
code, which is causing log entries like "TLS error while
renegotiating handshake". Disable it again. Resolves bug 590.


svn:r13219
2008-01-21 22:33:01 +00:00
Nick Mathewson
ddb753f87a r17717@catbus: nickm | 2008-01-21 17:09:23 -0500
Fix certificate leak.


svn:r13218
2008-01-21 22:09:42 +00:00
Nick Mathewson
4a3b7496f0 r17639@catbus: nickm | 2008-01-15 19:09:21 -0500
Fix some hard to trigger but nonetheless real memory leaks spotted by an anonymous contributor.  Needs review.  Partial backport candidate.


svn:r13147
2008-01-16 05:27:19 +00:00
Roger Dingledine
2ac1e36248 minor cleanups
svn:r13095
2008-01-10 17:54:24 +00:00
Nick Mathewson
491298a067 r17490@catbus: nickm | 2008-01-07 11:48:02 -0500
Fix bug 582: decref the idcert when we add it to the store.


svn:r13052
2008-01-07 16:50:31 +00:00
Nick Mathewson
d73b791969 r17473@catbus: nickm | 2008-01-05 22:15:05 -0500
Add a reverse mapping from SSL to tor_tls_t*: we need this in order to do a couple of things the sensible way from inside callbacks.  Also, add a couple of missing cases in connection_or.c


svn:r13040
2008-01-06 03:16:11 +00:00
Nick Mathewson
71e117e444 r15767@tombo: nickm | 2007-12-31 16:06:27 -0500
Note an unfreed cert


svn:r13008
2007-12-31 21:12:14 +00:00
Roger Dingledine
1d8a8063b9 clean up copyrights, and assign 2007 copyrights to The Tor Project, Inc
svn:r12786
2007-12-12 21:09:01 +00:00
Nick Mathewson
25a8744d9c r15223@tombo: nickm | 2007-12-07 23:41:21 -0500
Aaand, do the code to enable the client side of the new TLS handshake.  There are some loose ends that need tying up in connection_or, and a lot of half-baked code to remove, and some special cases to test for, and lots and lots of testing to do, but that is what weekends are for.


svn:r12721
2007-12-08 04:41:34 +00:00
Nick Mathewson
f4e228f849 r16919@catbus: nickm | 2007-12-03 12:59:02 -0500
Add DHE-RSA-AES256-SHA to the list of ciphers encountered from v1 connections.


svn:r12652
2007-12-03 17:59:32 +00:00
Nick Mathewson
d8ad247dfd r15088@tombo: nickm | 2007-11-30 23:47:29 -0500
Add support to get a callback invoked when the client renegotiate a connection.  Also, make clients renegotiate.  (not enabled yet, until they detect that the server acted like a v2 server)


svn:r12623
2007-12-01 08:09:48 +00:00
Nick Mathewson
1789f94668 r15087@tombo: nickm | 2007-11-30 22:32:26 -0500
Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation.  None of this is enabled unless you define V2_HANDSHAKE_SERVER.


svn:r12622
2007-12-01 08:09:46 +00:00
Nick Mathewson
d483d3144a r16669@catbus: nickm | 2007-11-14 14:50:03 -0500
When we complete an OR handshake, set up all the internal fields and mark the connection as open.


svn:r12495
2007-11-14 20:01:12 +00:00
Nick Mathewson
0e993e6008 r16523@catbus: nickm | 2007-11-07 11:35:49 -0500
Improve "tls error. breaking" message a little.


svn:r12411
2007-11-07 16:37:08 +00:00
Roger Dingledine
7b826f8fe4 a note from steven about how to set up a private test network
without link encryption.


svn:r12410
2007-11-07 15:33:14 +00:00
Nick Mathewson
e047f7f865 r16455@catbus: nickm | 2007-11-06 12:48:00 -0500
Parse CERT cells and act correctly when we get them.


svn:r12396
2007-11-06 18:00:07 +00:00
Nick Mathewson
85654f4ab9 r16432@catbus: nickm | 2007-11-05 14:18:57 -0500
Send and parse link_auth cells properly.


svn:r12386
2007-11-05 19:19:46 +00:00
Nick Mathewson
12afd4777c r16413@catbus: nickm | 2007-11-05 13:14:18 -0500
Add functions to encode certificates


svn:r12384
2007-11-05 18:15:54 +00:00
Nick Mathewson
323490303e r16412@catbus: nickm | 2007-11-05 11:45:17 -0500
Make TLS contexts reference-counted, and add a reference from TLS objects to their corresponding context.  This lets us reliably get the certificates for a given TLS connection, even if we have rotated TLS contexts.


svn:r12383
2007-11-05 18:15:52 +00:00
Nick Mathewson
ea1bea5830 r16411@catbus: nickm | 2007-11-05 11:27:37 -0500
Remember X509 certificates in the context.  Store peer/self certificate digests in handshake state.


svn:r12382
2007-11-05 18:15:50 +00:00
Nick Mathewson
22c31d91ab r16410@catbus: nickm | 2007-11-05 10:54:29 -0500
Code to remember client_random and server_random values, and to compute hmac using TLS master secret.


svn:r12381
2007-11-05 18:15:47 +00:00
Nick Mathewson
5da5d2bd79 r16302@catbus: nickm | 2007-10-31 16:45:16 -0400
Clean spaces.


svn:r12301
2007-10-31 20:48:10 +00:00
Nick Mathewson
7e80640b97 r16285@catbus: nickm | 2007-10-30 17:43:25 -0400
Implement (but do not enable) link connection version negotiation


svn:r12286
2007-10-30 21:46:02 +00:00
Nick Mathewson
7da93b80ca r16159@catbus: nickm | 2007-10-25 12:53:38 -0400
Drop support for OpenSSL 0.9.6.


svn:r12191
2007-10-25 16:54:56 +00:00
Nick Mathewson
722c7bdff4 r15997@catbus: nickm | 2007-10-21 20:25:40 -0400
New code (disabled for now) to use the SSL context's cert store instead of using its "extra chain cert" list to get our identity certificate sent.  This is a little close to what OpenSSL expects people to do, and it has the advantage that we should be able to keep the id cert from being sent by setting the NO_CHAIN_CERT bit.  I have tried turning new code on, and it seemed to work fine.


svn:r12086
2007-10-22 00:26:02 +00:00
Nick Mathewson
759ed3ce3f r13988@catbus: nickm | 2007-07-29 16:32:36 -0400
Cheesy attempt to break some censorware.  Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them.


svn:r10975
2007-07-29 23:11:42 +00:00
Nick Mathewson
a312afd67e r12936@catbus: nickm | 2007-05-24 14:12:34 -0400
Review XXXX comments without a version; upgrade some to XXXX020.


svn:r10315
2007-05-24 18:12:52 +00:00
Roger Dingledine
d112e7b1ad fix some code comments, a wrapper, and add a todo item
svn:r10111
2007-05-04 07:24:01 +00:00
Nick Mathewson
6a27dd8284 r12595@catbus: nickm | 2007-04-30 18:32:34 -0400
Move private function declarations from crypto.c into a new #ifdef CRYPTO_PRIVATE block in crypto.h


svn:r10074
2007-04-30 22:42:50 +00:00
Nick Mathewson
d2893398f6 r11832@catbus: nickm | 2007-02-16 15:31:59 -0500
Fix 35 remaining DOCDOC comments. Yowza.


svn:r9596
2007-02-16 20:39:37 +00:00
Nick Mathewson
759c58151e r11775@catbus: nickm | 2007-02-12 16:39:09 -0500
Update copyright dates.


svn:r9570
2007-02-12 21:39:53 +00:00
Nick Mathewson
0c40a080a4 r11773@catbus: nickm | 2007-02-12 15:18:48 -0500
Implement proposal 106: stop requiring clients to have certificates, and stop checking for nicknames in certificates.  [See proposal 106 for rationale.]  Also improve messages when checking TLS handshake, to re-resolve bug 382.


svn:r9568
2007-02-12 21:39:33 +00:00
Nick Mathewson
fefba95363 r11629@catbus: nickm | 2007-02-02 15:06:17 -0500
Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were.  Oops.  Hey, kids!  Fixing some of these could be your first Tor patch!


svn:r9477
2007-02-02 20:06:43 +00:00
Nick Mathewson
76f896e714 r11607@catbus: nickm | 2007-01-30 17:19:27 -0500
Audit non-const char arguments; make a lot more of them const.


svn:r9466
2007-01-30 22:19:41 +00:00
Nick Mathewson
380f8983c7 r11966@Kushana: nickm | 2007-01-15 16:12:17 -0500
Tidy up ORCONN reason patch from Mike Perry.  Changes: make some of the handling of TLS error codes less error prone.  Enforce house style wrt spaces.  Make it compile with --enable-gcc-warnings.  Only set or_conn->tls_error in the case of an actual error.  Add a changelog entry.


svn:r9355
2007-01-15 21:21:05 +00:00
Nick Mathewson
ead35ef944 r11957@Kushana: nickm | 2007-01-15 15:25:57 -0500
Patch from Mike Perry: Track reasons for OR connection failure; display them in control events. Needs review and revision.


svn:r9354
2007-01-15 21:13:37 +00:00
Roger Dingledine
254005fc1b apparently i think of comments with no whitespace around them as
"read this if you don't understand the code and want some help."
which is not the same as "hey, you think you understand this code,
but you don't."


svn:r9307
2007-01-09 00:57:36 +00:00
Roger Dingledine
1d8a4cb989 Fix an assert error introduced in 0.1.2.5-alpha: if a single TLS
connection handles more than 4 gigs in either direction, we assert.


svn:r9306
2007-01-09 00:50:50 +00:00
Roger Dingledine
658c09c06f more progress and cleanups
svn:r9269
2007-01-05 06:03:10 +00:00
Nick Mathewson
361998d0f3 r11741@Kushana: nickm | 2006-12-28 22:41:29 -0500
Count TLS bytes accurately: previously, we counted only the number of bytes read or transmitted via tls, not the number of extra bytes used to do so.  This has been a lonstanding wart.  The fix "Works for me".


svn:r9207
2006-12-29 03:42:46 +00:00
Nick Mathewson
43e06eba8b r11566@Kushana: nickm | 2006-12-13 17:46:24 -0500
Try to fix an assert failure in new write limiting code: make buffers.c aware of previous "forced" write sizes from tortls.


svn:r9105
2006-12-13 22:46:42 +00:00
Nick Mathewson
f07f7a7a12 r8923@totoro: nickm | 2006-10-07 11:44:33 -0400
More doxygen comments


svn:r8637
2006-10-07 16:25:28 +00:00
Nick Mathewson
93beeac01d Merge in some bsockets calls, all wrapped inside #if defined(USE_BSOCKETS)
svn:r8427
2006-09-19 20:41:31 +00:00
Nick Mathewson
c4ac4bcba3 r8696@Kushana: nickm | 2006-08-31 14:43:44 -0400
Try to appease some warnings with newer gccs that believe that ignoring a return value is okay, but casting a return value and then ignoring it is a sign of madness.


svn:r8312
2006-08-31 18:47:54 +00:00
Roger Dingledine
12cc290a7d ok, i'm not allowed to say that there. oh well.
svn:r6720
2006-07-04 16:11:35 +00:00
Roger Dingledine
579849f600 fix a misleading function comment
svn:r6717
2006-07-04 15:52:22 +00:00
Roger Dingledine
5dc1e6f788 if we're the server-side of the tls and there are problems,
don't yell as loudly.


svn:r6716
2006-07-04 15:51:59 +00:00
Roger Dingledine
8cf45df230 and now the exciting part: there is now no such thing as doing
a client-only tls, that is, one with no certs.


svn:r6558
2006-06-07 06:21:11 +00:00
Roger Dingledine
0bfef523df simplify the tortls api: we only support being a "server", that
is, even tor clients do the same sort of handshake.

this has been true for years, so it's best to get rid of the
stale code.


svn:r6557
2006-06-07 06:10:54 +00:00
Roger Dingledine
7512be0b65 looks like we missed a piece of the 0.1.1.9 paranoia code.
hopefully this change is a no-op.


svn:r6556
2006-06-07 02:57:23 +00:00
Roger Dingledine
7f611f4732 if we're a server and some peer has a broken tls certificate, don't
shout about it unless we want to hear about protocol violations.


svn:r6507
2006-05-26 16:32:16 +00:00
Roger Dingledine
67a885ecac Claim a commonname of Tor, rather than TOR, in tls handshakes.
Maybe this will help us win the war of names.


svn:r6489
2006-05-24 00:21:55 +00:00
Nick Mathewson
5777ee0e1a Add some functions to escape values from the network before sending them to the log. Use them everywhere except for routerinfo->plaftorm, routerinfo->contact_info, and rend*.c. (need sleep now)
svn:r6087
2006-03-05 09:50:26 +00:00
Roger Dingledine
6ce36ead42 Start the process of converting warn to log_warn and so on.
This is needed because Windows already has an err() that we
can't clobber. And we need to be able to make the log functions
a macro so we can print the function's name in the log entry.


svn:r6000
2006-02-13 08:01:59 +00:00
Roger Dingledine
5f051574d5 Happy new year!
svn:r5949
2006-02-09 05:46:49 +00:00
Nick Mathewson
241310bbac Split 0119_PARANOIA into 0119_PARANOIA_[ABC]. A is "this is suspicious, and we have not tried running without this yet". B is "this is suspicious, but the last time we tested, it was okay." C is "How could this possibly be the cause?"
svn:r5840
2006-01-17 23:08:38 +00:00
Nick Mathewson
55ac4f032c Add a (diabled by default) option in crypto.h to disable most of the interesting crypto-related changes made on 0.1.1.9. This will help hunt bug 234.
svn:r5777
2006-01-10 21:12:06 +00:00
Nick Mathewson
1af630d32c Bite the bullet and limit all our source lines to 80 characters, the way IBM intended.
svn:r5582
2005-12-14 20:40:40 +00:00
Nick Mathewson
e022aa73e6 Hm; looks like the callback business was unnecessary, since DHparams_dup() copies dh->length.
svn:r5372
2005-11-14 21:17:38 +00:00
Nick Mathewson
027d0ef18c Use a callback to set our DH parameters; set SSL_OP_SINGLE_DH_USE.
svn:r5371
2005-11-14 19:20:47 +00:00
Nick Mathewson
932106f54c Efficiency hack: call tor_fix_source_file late, not early. Add "BUG" domain. Domains are now bitmasks... just in case. Make some err msgs non-general.
svn:r5309
2005-10-25 07:05:03 +00:00
Nick Mathewson
a20835ac92 Check for even more windows version flags, and note any we do not recognize.
svn:r5297
2005-10-24 18:37:09 +00:00
Nick Mathewson
edf5698474 Start dividing log messages into logging domains. No, LD_ is not the best of identifiers. src/or has not been converted yet. Domains dont do anything yet.
svn:r5284
2005-10-18 21:58:19 +00:00
Peter Palfrader
0d9aedfcea Downgrade a few INFO level logs to DEBUG again. Also add two or three new
logs in cases where a calling function's log was downgraded and we wouldn't
get any log message otherwise.


svn:r5263
2005-10-17 16:21:42 +00:00
Roger Dingledine
03dcef4c78 start the process of reducing clutter in server logs
svn:r5253
2005-10-17 00:35:53 +00:00
Nick Mathewson
ba24193ab5 Make doxygen marginally happier
svn:r5208
2005-10-06 04:33:40 +00:00
Nick Mathewson
de198d800b Never call free() on tor_malloc()d memory. This is unlikely to be our current leak, but it may help dmalloc work.
svn:r5168
2005-09-30 20:47:58 +00:00
Nick Mathewson
92451f74a8 Reformat inconsistent function declarations.
svn:r5160
2005-09-30 01:09:52 +00:00
Nick Mathewson
5c53545d81 Add a bunch more warnings to out warning suite; resolve them; pack structs a little better.
svn:r5150
2005-09-29 22:59:17 +00:00
Roger Dingledine
fa507c63e8 put quotes around user-supplied strings so they are more likely to
realize if they add bad characters (like quotes) to the torrc


svn:r4844
2005-08-26 18:40:44 +00:00
Nick Mathewson
d1c094637d Try to resolve another reported solaris x86 warning
svn:r4771
2005-08-12 17:26:43 +00:00
Nick Mathewson
a37db0da26 Appease the hungry God of GCC: it hates K&R style unspecified args!
svn:r4470
2005-06-21 01:07:32 +00:00
Nick Mathewson
2aff87caae Load hardware acceleration options when/where available. Can anybody test this?
svn:r4467
2005-06-20 18:56:35 +00:00
Roger Dingledine
fcd0fc3364 flesh out the source file descriptions for doxygen
svn:r4404
2005-06-11 05:31:17 +00:00
Nick Mathewson
0831823763 Change end-of-file NLNL convention. It turns out arma I and I agree.
svn:r4382
2005-06-09 19:03:31 +00:00
Nick Mathewson
a6f51001a5 New whitespace normalization rule: no blank line at EOF.
svn:r4378
2005-06-09 16:46:51 +00:00
Nick Mathewson
10b2208d93 Make Tor compile with no warnings with gcc4.0 on OSX
svn:r4184
2005-05-07 05:55:06 +00:00
Nick Mathewson
4fb95f166e Apparently, ASN1 failures are not treated as SSL connection errors, but are just general OpenSSL errors. Or something. Anyway, bulletproof tor_tls_handshake.
svn:r4098
2005-04-23 20:35:38 +00:00
Roger Dingledine
54fd9df23f LOG_ERR is for when you're planning to die.
svn:r4087
2005-04-23 14:35:13 +00:00
Nick Mathewson
5827e2e216 Fix "JAP-client" hideous ASN1 bug, twice. (Fix1: check more thoroughly for TLS errors when handling certs. Fix2: stop assert(0)ing on uncaught TLS errors.)
svn:r4085
2005-04-23 14:26:02 +00:00
Nick Mathewson
0e81265359 update copyright notices.
svn:r3982
2005-04-01 20:15:56 +00:00
Roger Dingledine
4a82ac12b8 add a tor_tls_is_server method to remember if conn->tls
was an initiator or a receiver


svn:r3931
2005-03-31 07:46:38 +00:00
Nick Mathewson
97bc49bd72 Try a little harder to avoid openssl SSL* double-free reports.
svn:r3710
2005-02-28 02:52:51 +00:00
Nick Mathewson
bed6c05453 give a better warning when tor points at an https server.
svn:r3706
2005-02-28 01:55:09 +00:00
Nick Mathewson
2be0508f0d Be specific about which "illegal character" we just saw in the cert.
svn:r3699
2005-02-25 21:05:42 +00:00
Nick Mathewson
70c3580f81 Patch to localtime/gmtime handling: use the _r variants where available. Use mutexes to fake _r where necessary. Make mutexes no-ops where no threading is enabled.
svn:r3653
2005-02-22 07:03:03 +00:00
Nick Mathewson
5d836c8140 Free tls resources on exit too
svn:r3615
2005-02-11 01:41:19 +00:00
Nick Mathewson
fca7ba9777 Resolve task 42: find where 19-char nicknames were getting truncated when read from certs, and fix it. Also audit use of MAX_NICKNAME_LEN; no other badness found, but some docs/code cleaned up a touch.
svn:r3244
2005-01-03 17:53:20 +00:00
Nick Mathewson
a6aa5eebd6 Fix some memory leaks and unlikely segfaults
svn:r3103
2004-12-07 07:48:16 +00:00
Nick Mathewson
0f49fd3bcd Fix leakable rsa key
svn:r3099
2004-12-07 06:48:02 +00:00
Nick Mathewson
7fbd297532 Suggestion from weasel: Make tor --version --version dump the cvs Id of every file.
svn:r3019
2004-11-29 22:25:31 +00:00
Nick Mathewson
6f5dbefa7e Normalize space: add one between every control keyword and control clause.
svn:r3003
2004-11-28 09:05:49 +00:00
Roger Dingledine
7c9a707900 remove emacs droppings, since nick says he doesn't need them anymore
svn:r2989
2004-11-26 04:00:55 +00:00
Nick Mathewson
cd70264377 Clean up some logging and interfaces
svn:r2945
2004-11-23 00:08:26 +00:00
Nick Mathewson
d63d5cb139 Whitespace normalization
svn:r2895
2004-11-15 23:29:24 +00:00
Nick Mathewson
ffe9b01ad7 Split X509 certificate liveness checks into a separate function
svn:r2873
2004-11-14 22:07:48 +00:00
Nick Mathewson
5a5be93f80 Normalize whitespace; add a "tell me about all the unnormalized whitespace" target; fix a braino in dirserv.c
svn:r2758
2004-11-09 20:04:00 +00:00