Commit Graph

20033 Commits

Author SHA1 Message Date
Nick Mathewson
f8f407d66a Now that OpenSSL 0.9.8 is dead, crypto_seed_rng() needs no args
It needed an argument before because it wasn't safe to call
RAND_poll() on openssl 0.9.8c if you had already opened more fds
than would fit in fd_set.
2015-05-20 15:27:36 -04:00
Nick Mathewson
971f0f8e18 Remove code to support OpenSSL 0.9.8 2015-05-20 15:27:36 -04:00
Nick Mathewson
f0a0568e7f Stop poking SSL_CTX->comp_methods 2015-05-20 15:27:36 -04:00
Nick Mathewson
b7f3d52865 Use SSL_CIPHER accessor functions 2015-05-20 15:27:36 -04:00
Nick Mathewson
496df21c89 Use SSL_CIPHER_find where possible. 2015-05-20 15:27:36 -04:00
Nick Mathewson
67964cfa78 Try using SSL_get_ciphers in place of session->ciphers
This should help openssl 1.1.  On pre-1.1, we double-check that these
two methods give us the same list, since the underlying code is awfully
hairy.
2015-05-20 15:27:36 -04:00
Nick Mathewson
2f7c9b6ecb Tweak rectify_client_ciphers to work with openssl 1.1
The key here is to never touch ssl->cipher_list directly, but only
via SSL_get_ciphers().  But it's not so simple.

See, if there is no specialized cipher_list on the SSL object,
SSL_get_ciphers returns the cipher_list on the SSL_CTX.  But we sure
don't want to modify that one!  So we need to use
SSL_set_cipher_list first to make sure that we really have a cipher
list on the SSL object.
2015-05-20 15:27:36 -04:00
Nick Mathewson
d55db221e8 tor_tls_get_buffer_sizes() will not work on openssl 1.1. Patch from yawning 2015-05-13 12:12:53 -04:00
Nick Mathewson
34451c7a45 Use SSL_state() to inspect the state of SSL objects. 2015-05-13 11:34:10 -04:00
Nick Mathewson
22da5001b5 Use SSL_clear_mode where available. 2015-05-13 11:24:47 -04:00
Nick Mathewson
92b297bb58 SSL_clear_mode exists; we can use it. 2015-05-13 11:21:38 -04:00
Nick Mathewson
fa63f991c0 Stop accessing 'ssl->s3->flags' when we are using openssl 1.1
This field was only needed to work with the now-long-gone (I hope,
except for some horrible apples) openssl 0.9.8l; if your headers say
you have openssl 1.1, you won't even need it.
2015-05-13 11:19:19 -04:00
Yawning Angel
53a347592a ERR_remove_state() is deprecated since OpenSSL 1.0.0.
OpenSSL 1.1.0 must be built with "enable-deprecated", and compiled with
`OPENSSL_USE_DEPRECATED` for this to work, so instead, use the newer
routine as appropriate.
2015-05-13 11:13:07 -04:00
Nick Mathewson
614d9bc967 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-05-13 11:05:33 -04:00
Nick Mathewson
8aa04408fb Merge branch 'bug15823_025' into maint-0.2.5 2015-05-13 11:03:05 -04:00
John Brooks
2b27ce52d2 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2015-05-05 15:05:32 -04:00
David Goulet
26c344a563 Revert "Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()"
Fixes #15850, part of #15801. Change file is added by this commit. The
original comment in the reverted commit is removed because right now we
*need* a DirPort until #15849 is implemented so no doubt nor confusion there
anymore.

This reverts commit 80bed1ac96.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-28 14:30:07 -04:00
Nick Mathewson
0ac748353a Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-27 14:18:16 -04:00
Nick Mathewson
6c7720ed49 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-27 14:16:55 -04:00
Nick Mathewson
efae1bcef6 Merge remote-tracking branch 'karsten/geoip6-apr2015' into maint-0.2.4 2015-04-27 14:15:58 -04:00
Nick Mathewson
609cdec112 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-04-27 14:15:44 -04:00
Karsten Loesing
b5f6495876 Update geoip6 to the April 8 2015 database. 2015-04-24 17:51:36 +02:00
Karsten Loesing
bcc0a48cfe Update geoip to the April 8 2015 database. 2015-04-24 17:49:45 +02:00
Nick Mathewson
f620b8f032 bump version to 0.2.6.7-dev 2015-04-06 10:02:59 -04:00
Nick Mathewson
eb41214dba bump version to 0.2.6.7 2015-04-06 10:00:30 -04:00
Nick Mathewson
eab67b06cf Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-06 09:59:06 -04:00
Nick Mathewson
3a5d4d666e bump 0.2.5 version to 0.2.5.12 2015-04-06 09:56:37 -04:00
Nick Mathewson
5633261f2e Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-06 09:55:44 -04:00
Nick Mathewson
542100d3ca Bump 0.2.4 version more places 2015-04-06 09:48:53 -04:00
Nick Mathewson
442d577af5 Bump 0.2.4 version 2015-04-06 09:41:59 -04:00
Nick Mathewson
0475552140 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-06 09:26:16 -04:00
Nick Mathewson
fe69a7e1d7 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-06 09:25:37 -04:00
Nick Mathewson
7451b4cafe Changes file for bug15601 2015-04-06 09:24:16 -04:00
Yawning Angel
dc3cb00080 Handle empty/zero length encoded intro points more gracefully.
In theory these should never the triggered as the only caller now
validates the parameters before this routine gets called.
2015-04-06 09:21:43 -04:00
Yawning Angel
7b5f558da4 Treat empty introduction points sections as missing.
Found by DonnchaC.
2015-04-06 09:20:46 -04:00
Yawning Angel
49ddd92c11 Validate the RSA key size received when parsing INTRODUCE2 cells.
Fixes bug 15600; reported by skruffy
2015-04-06 09:18:17 -04:00
George Kadianakis
929a8f199b Decrease the amount of rend circ relaunches for hidden services. 2015-04-03 09:47:40 -04:00
Nick Mathewson
c1b36488e9 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-03 09:39:19 -04:00
Nick Mathewson
3781955f07 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-03 09:38:54 -04:00
Nick Mathewson
01e4bc80cd Merge branch 'bug15515_024' into maint-0.2.4 2015-04-03 09:36:59 -04:00
George Kadianakis
bcb839387e ... and if we do get multiple INTRODUCE1s on a circuit, kill the circuit
(Sending a nak would be pointless.)

See ticket 15515 for discussion.
2015-04-03 09:36:05 -04:00
George Kadianakis
8dba8a088d Block multiple introductions on the same intro circuit. 2015-04-03 09:35:47 -04:00
Nick Mathewson
b117a06784 Bump to 0.2.6.6-dev 2015-03-25 14:09:23 -04:00
Nick Mathewson
dfd6cf9ea2 bump to 0.2.6.6 2015-03-24 10:23:34 -04:00
Nick Mathewson
c113544a94 Merge remote-tracking branch 'public/bug15436_025' into maint-0.2.6 2015-03-23 09:25:15 -04:00
Yawning Angel
732f522a42 Fix unaligned access in SipHash-2-4.
The compiler is allowed to assume that a "uint64_t *" is aligned
correctly, and will inline a version of memcpy that acts as such.

Use "uint8_t *", so the compiler does the right thing.
2015-03-23 09:20:02 -04:00
Nick Mathewson
ca03b10b0c bump to 0.2.6.5-rc.dev 2015-03-18 16:32:13 -04:00
Nick Mathewson
77c671b7dd bump to 0.2.6.5-rc 2015-03-18 09:10:48 -04:00
Nick Mathewson
a0f892f190 Simplify the loop. 2015-03-14 14:31:26 -04:00
Nick Mathewson
ddb1889eb8 Add comments for new functions 2015-03-14 14:28:29 -04:00