Nick Mathewson
f8f407d66a
Now that OpenSSL 0.9.8 is dead, crypto_seed_rng() needs no args
...
It needed an argument before because it wasn't safe to call
RAND_poll() on openssl 0.9.8c if you had already opened more fds
than would fit in fd_set.
2015-05-20 15:27:36 -04:00
Nick Mathewson
971f0f8e18
Remove code to support OpenSSL 0.9.8
2015-05-20 15:27:36 -04:00
Nick Mathewson
f0a0568e7f
Stop poking SSL_CTX->comp_methods
2015-05-20 15:27:36 -04:00
Nick Mathewson
b7f3d52865
Use SSL_CIPHER accessor functions
2015-05-20 15:27:36 -04:00
Nick Mathewson
496df21c89
Use SSL_CIPHER_find where possible.
2015-05-20 15:27:36 -04:00
Nick Mathewson
67964cfa78
Try using SSL_get_ciphers in place of session->ciphers
...
This should help openssl 1.1. On pre-1.1, we double-check that these
two methods give us the same list, since the underlying code is awfully
hairy.
2015-05-20 15:27:36 -04:00
Nick Mathewson
2f7c9b6ecb
Tweak rectify_client_ciphers to work with openssl 1.1
...
The key here is to never touch ssl->cipher_list directly, but only
via SSL_get_ciphers(). But it's not so simple.
See, if there is no specialized cipher_list on the SSL object,
SSL_get_ciphers returns the cipher_list on the SSL_CTX. But we sure
don't want to modify that one! So we need to use
SSL_set_cipher_list first to make sure that we really have a cipher
list on the SSL object.
2015-05-20 15:27:36 -04:00
Nick Mathewson
d55db221e8
tor_tls_get_buffer_sizes() will not work on openssl 1.1. Patch from yawning
2015-05-13 12:12:53 -04:00
Nick Mathewson
34451c7a45
Use SSL_state() to inspect the state of SSL objects.
2015-05-13 11:34:10 -04:00
Nick Mathewson
22da5001b5
Use SSL_clear_mode where available.
2015-05-13 11:24:47 -04:00
Nick Mathewson
92b297bb58
SSL_clear_mode exists; we can use it.
2015-05-13 11:21:38 -04:00
Nick Mathewson
fa63f991c0
Stop accessing 'ssl->s3->flags' when we are using openssl 1.1
...
This field was only needed to work with the now-long-gone (I hope,
except for some horrible apples) openssl 0.9.8l; if your headers say
you have openssl 1.1, you won't even need it.
2015-05-13 11:19:19 -04:00
Yawning Angel
53a347592a
ERR_remove_state() is deprecated since OpenSSL 1.0.0.
...
OpenSSL 1.1.0 must be built with "enable-deprecated", and compiled with
`OPENSSL_USE_DEPRECATED` for this to work, so instead, use the newer
routine as appropriate.
2015-05-13 11:13:07 -04:00
Nick Mathewson
614d9bc967
Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6
2015-05-13 11:05:33 -04:00
Nick Mathewson
8aa04408fb
Merge branch 'bug15823_025' into maint-0.2.5
2015-05-13 11:03:05 -04:00
John Brooks
2b27ce52d2
Fix out-of-bounds read in INTRODUCE2 client auth
...
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.
Fixed by checking auth_len before comparing the descriptor cookie
against known clients.
Fixes #15823 ; bugfix on 0.2.1.6-alpha.
2015-05-05 15:05:32 -04:00
David Goulet
26c344a563
Revert "Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()"
...
Fixes #15850 , part of #15801 . Change file is added by this commit. The
original comment in the reverted commit is removed because right now we
*need* a DirPort until #15849 is implemented so no doubt nor confusion there
anymore.
This reverts commit 80bed1ac96
.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-28 14:30:07 -04:00
Nick Mathewson
0ac748353a
Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6
2015-04-27 14:18:16 -04:00
Nick Mathewson
6c7720ed49
Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
2015-04-27 14:16:55 -04:00
Nick Mathewson
efae1bcef6
Merge remote-tracking branch 'karsten/geoip6-apr2015' into maint-0.2.4
2015-04-27 14:15:58 -04:00
Nick Mathewson
609cdec112
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
2015-04-27 14:15:44 -04:00
Karsten Loesing
b5f6495876
Update geoip6 to the April 8 2015 database.
2015-04-24 17:51:36 +02:00
Karsten Loesing
bcc0a48cfe
Update geoip to the April 8 2015 database.
2015-04-24 17:49:45 +02:00
Nick Mathewson
f620b8f032
bump version to 0.2.6.7-dev
2015-04-06 10:02:59 -04:00
Nick Mathewson
eb41214dba
bump version to 0.2.6.7
2015-04-06 10:00:30 -04:00
Nick Mathewson
eab67b06cf
Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6
2015-04-06 09:59:06 -04:00
Nick Mathewson
3a5d4d666e
bump 0.2.5 version to 0.2.5.12
2015-04-06 09:56:37 -04:00
Nick Mathewson
5633261f2e
Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
2015-04-06 09:55:44 -04:00
Nick Mathewson
542100d3ca
Bump 0.2.4 version more places
2015-04-06 09:48:53 -04:00
Nick Mathewson
442d577af5
Bump 0.2.4 version
2015-04-06 09:41:59 -04:00
Nick Mathewson
0475552140
Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6
2015-04-06 09:26:16 -04:00
Nick Mathewson
fe69a7e1d7
Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
2015-04-06 09:25:37 -04:00
Nick Mathewson
7451b4cafe
Changes file for bug15601
2015-04-06 09:24:16 -04:00
Yawning Angel
dc3cb00080
Handle empty/zero length encoded intro points more gracefully.
...
In theory these should never the triggered as the only caller now
validates the parameters before this routine gets called.
2015-04-06 09:21:43 -04:00
Yawning Angel
7b5f558da4
Treat empty introduction points sections as missing.
...
Found by DonnchaC.
2015-04-06 09:20:46 -04:00
Yawning Angel
49ddd92c11
Validate the RSA key size received when parsing INTRODUCE2 cells.
...
Fixes bug 15600; reported by skruffy
2015-04-06 09:18:17 -04:00
George Kadianakis
929a8f199b
Decrease the amount of rend circ relaunches for hidden services.
2015-04-03 09:47:40 -04:00
Nick Mathewson
c1b36488e9
Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6
2015-04-03 09:39:19 -04:00
Nick Mathewson
3781955f07
Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
2015-04-03 09:38:54 -04:00
Nick Mathewson
01e4bc80cd
Merge branch 'bug15515_024' into maint-0.2.4
2015-04-03 09:36:59 -04:00
George Kadianakis
bcb839387e
... and if we do get multiple INTRODUCE1s on a circuit, kill the circuit
...
(Sending a nak would be pointless.)
See ticket 15515 for discussion.
2015-04-03 09:36:05 -04:00
George Kadianakis
8dba8a088d
Block multiple introductions on the same intro circuit.
2015-04-03 09:35:47 -04:00
Nick Mathewson
b117a06784
Bump to 0.2.6.6-dev
2015-03-25 14:09:23 -04:00
Nick Mathewson
dfd6cf9ea2
bump to 0.2.6.6
2015-03-24 10:23:34 -04:00
Nick Mathewson
c113544a94
Merge remote-tracking branch 'public/bug15436_025' into maint-0.2.6
2015-03-23 09:25:15 -04:00
Yawning Angel
732f522a42
Fix unaligned access in SipHash-2-4.
...
The compiler is allowed to assume that a "uint64_t *" is aligned
correctly, and will inline a version of memcpy that acts as such.
Use "uint8_t *", so the compiler does the right thing.
2015-03-23 09:20:02 -04:00
Nick Mathewson
ca03b10b0c
bump to 0.2.6.5-rc.dev
2015-03-18 16:32:13 -04:00
Nick Mathewson
77c671b7dd
bump to 0.2.6.5-rc
2015-03-18 09:10:48 -04:00
Nick Mathewson
a0f892f190
Simplify the loop.
2015-03-14 14:31:26 -04:00
Nick Mathewson
ddb1889eb8
Add comments for new functions
2015-03-14 14:28:29 -04:00