Commit Graph

21326 Commits

Author SHA1 Message Date
Nick Mathewson
0c7bfb206e improve log messages to try to track down #17659 2015-11-26 12:44:12 -05:00
teor (Tim Wilson-Brown)
fc264975b1 Unit test the full length of SHA256 and SHA512 digests
Bugfix on a tor version before the refactoring in git commit
cea1225199 (23 Sep 2009). Patch by "teor".
2015-11-27 02:25:31 +11:00
Nick Mathewson
09e0ae0588 Merge remote-tracking branch 'teor/rand-failure-modes-v2' 2015-11-26 10:05:38 -05:00
Nick Mathewson
0285054189 Fix buffer size in sha512 unit test
Nobody likes a stack overflow, even in unit tests.

Closes 17699; but not in any released tor.
2015-11-26 10:00:12 -05:00
Nick Mathewson
fe46fffd98 Fix test_tortls.c to no longer test failing crypto_rand.
(crypto_rand is no longer allowed to fail.)

Closes bug 17686; bug not in any released tor.  (No backport, since
the tortls tests aren't in 0.2.7)
2015-11-26 09:34:44 -05:00
teor (Tim Wilson-Brown)
b0e6010861 Correctly free a smartlist in getinfo_helper_policies 2015-11-26 09:32:33 -05:00
cypherpunks
4e3e526493 Quote variables in case they contain spaces 2015-11-26 09:30:50 -05:00
teor (Tim Wilson-Brown)
155fa2dbdb Add unit tests that check for common RNG failure modes
Check that crypto_rand doesn't return all zeroes, identical values,
or incrementing values (OpenSSL's rand_predictable feature).
2015-11-26 21:27:05 +11:00
Nick Mathewson
e5754c42d1 Merge branch 'bug17686_v2_027' 2015-11-25 22:33:49 -05:00
Nick Mathewson
943369f927 Add a changes file for bug 17686 2015-11-25 22:29:59 -05:00
Nick Mathewson
1cfa2bc859 Fix documentation for crypto_rand* 2015-11-25 22:29:59 -05:00
Nick Mathewson
ddcbe26474 Now that crypto_rand() cannot fail, it should return void. 2015-11-25 22:29:59 -05:00
Nick Mathewson
10fdee6285 Add crypto-initializer functions to those whose return values must be checked 2015-11-25 22:29:59 -05:00
Nick Mathewson
dedea28c2e Make crypto_seed_rng() and crypto_rand() less scary.
These functions must really never fail; so have crypto_rand() assert
that it's working okay, and have crypto_seed_rng() demand that
callers check its return value.  Also have crypto_seed_rng() check
RAND_status() before returning.
2015-11-25 22:29:59 -05:00
Nick Mathewson
c875265bbb Merge remote-tracking branch 'teor/check-crypto-errors-v2' 2015-11-25 22:28:12 -05:00
teor (Tim Wilson-Brown)
e14f9dd44f fixup! Add controller getinfo exit-policy/reject-private
Stop ignoring ExitPolicyRejectPrivate in getinfo
exit-policy/reject-private. Fix a memory leak.

Set ExitPolicyRejectPrivate in the unit tests, and make a mock
function declaration static.
2015-11-25 22:26:10 -05:00
teor (Tim Wilson-Brown)
b1b8f7982e Check the return value of HMAC in crypto.c and assert on error
Fixes bug #17658; bugfix on commit in fdbb9cdf74 (11 Oct 2011)
in tor version 0.2.3.5-alpha-dev.
2015-11-26 10:46:36 +11:00
Nick Mathewson
289b184e11 Merge branch 'bug17654_try1' 2015-11-25 12:25:44 -05:00
Nick Mathewson
5dff4ae0ad Attempt to make openbsd compilation happier with libevent2 installed
Fix for bug 16651; patch from "rubiate".
2015-11-25 09:43:12 -05:00
cypherpunks
c59c622d85 Initialize libevent before periodic events
The initialization of libevent interferes with other tests so we also
fork the circuit_timeout test.
2015-11-25 09:38:46 -05:00
teor (Tim Wilson-Brown)
a09e7cd31a fixup! Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relays
Fix unit tests for get_interface_address6_list to assume less
about the interface addresses on the system.

Instead, mock get_interface_address6_list and use the mocked
function to provide a range of address combinations.
2015-11-25 09:31:27 -05:00
Nick Mathewson
62aad9c0b6 Merge branch 'maint-0.2.7' 2015-11-25 09:28:44 -05:00
Nick Mathewson
232ccc18c4 Include netinet/in.h (if detected) in check for net/pfvar.h
Patch from rubiate; fixes bug 17551.
2015-11-25 09:27:52 -05:00
Nick Mathewson
fe8eb9b366 Merge remote-tracking branch 'public/decouple_dir_request_failed' 2015-11-25 09:21:25 -05:00
Nick Mathewson
dce708d11c Fix a logic error in connection_tls_continue_handshake().
(If we take the branch above this assertion, than we *didn't* have a
v1 handshake.  So if we don't take the branch, we did.  So if we
reach this assertion, we must be running as a server, since clients
no longer attempt v1 handshakes.)

Fix for bug 17654; bugfix on 9d019a7db7.

Bug not in any released Tor.
2015-11-25 09:17:44 -05:00
Nick Mathewson
45caeec9a0 Merge remote-tracking branch 'teor/comments-20151123' 2015-11-25 09:08:15 -05:00
Nick Mathewson
ab1bc38d5a Merge remote-tracking branch 'atagar/man_page_fixes' 2015-11-25 09:07:02 -05:00
Nick Mathewson
7194d3d957 Tweak gtank's sha512 patch a little 2015-11-25 09:04:17 -05:00
Nick Mathewson
74e5385da7 Merge remote-tracking branch 'gtank/feature17663' 2015-11-25 09:00:01 -05:00
Nick Mathewson
2079ec9ee6 Merge remote-tracking branch 'teor/feature8961-replaycache-sha256' 2015-11-25 08:55:18 -05:00
Nick Mathewson
be30c61ac1 Merge branch 'maint-0.2.7' 2015-11-25 08:53:46 -05:00
teor (Tim Wilson-Brown)
45f2e7ec04 fixup! Refuse to make direct connections to private OR addresses
Add changes file.
2015-11-25 07:55:39 +11:00
teor (Tim Wilson-Brown)
23b088907f Refuse to make direct connections to private OR addresses
Refuse connection requests to private OR addresses unless
ExtendAllowPrivateAddresses is set. Previously, tor would
connect, then refuse to send any cells to a private address.

Fixes bugs 17674 and 8976; bugfix on b7c172c9ec (28 Aug 2012)
Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint
release.

Patch by "teor".
2015-11-25 03:11:15 +11:00
Damian Johnson
dd63a6a736 Fixes for tor's man page
I'm adding Stem test coverage for tor's man page and in doing so ran into quite
a few issues. All of them are pretty minor (worst was misnaming a couple config
options), but still good things to fix. :P
2015-11-23 18:29:26 -08:00
Damian Johnson
8661b4b5a2 Drop HidServDirectoryV2 and VoteOnHidServDirectoriesV2
These options were removed from tor in July. Time to axe them from our man
page. :P

  https://gitweb.torproject.org/tor.git/commit/?id=2f8cf524ba4e565ab613504a4c41fd724d32facc
2015-11-23 18:27:17 -08:00
George Tankersley
1a7f6df688 add changes for feature17663 2015-11-24 02:24:22 +00:00
Damian Johnson
feeb3e761c Split 'slop' man page options to their own lines
The slop testing options are the only spot where we try to enumerate multiple
options on the same line. Changing them to each be on their own line as we do
elsewhere.
2015-11-23 18:21:38 -08:00
George Tankersley
695412302b implement teor's comments 2015-11-24 02:17:37 +00:00
Damian Johnson
91b0ba1d19 TestingLinkCertLifetime was misnamed as 'TestingLinkCertifetime'
Simple typo - we were missing a letter.
2015-11-23 17:51:30 -08:00
Damian Johnson
961db64d3c Rename RecommendedPackageVersions to RecommendedPackages
A 'RecommendedPackageVersions' option doesn't exist in tor. However, it *does*
have RecommendedPackages...

  feature: https://gitweb.torproject.org/tor.git/commit/?id=c83d8381
  man addition: https://gitweb.torproject.org/tor.git/commit/?id=ddfdeb56
2015-11-23 17:47:00 -08:00
George Tankersley
ff54cc8481 add SHA512 support to crypto 2015-11-24 01:34:28 +00:00
Damian Johnson
1193647ac8 Replace 'SOCKSPort' with 'SocksPort'
When applying changes from proposal 171 Nick renamed SocksPort to SOCKSPort,
and SocksListenAddress to SOCKSListenAddress...

  https://gitweb.torproject.org/tor.git/commit/?id=891ccd3cd0690e83f1dc4dde7698c3bd9d7fe98d

However, this didn't change the option itself in tor (it's still SocksPort),
and wasn't even uniform in the man page. Functionally this doesn't matter
(tor's config options are case insensitive) but this is a pretty clear
regression.
2015-11-23 17:32:49 -08:00
Damian Johnson
5812930dc1 Note in man page where users can file bugs
In addition to inviting users to tell us about bugs, lets say where.
2015-11-23 17:26:46 -08:00
Damian Johnson
690b66ce48 ControlPort's section on flags wasn't indented
Minor formatting issue with our ControlPort entry. The part about flags wasn't
indented with the rest of its description.
2015-11-23 17:25:26 -08:00
Damian Johnson
4417effa52 Malformed ExtORPort entry in man page
Minor formatting issue with our ExtORPort that caused its description to be on
the same line as the option (munging the two together).
2015-11-23 17:23:14 -08:00
teor (Tim Wilson-Brown)
2e9779e5d8 Use SHA256 in the replaycache, rather than SHA1
This migrates away from SHA1, and provides further hash flooding
protection on top of the randomised siphash implementation.

Add unit tests to make sure that different inputs don't have the
same hash.
2015-11-24 09:08:53 +11:00
David Goulet
273b267fa2 Fix: use the right list in find_expiring_intro_point()
The wrong list was used when looking up expired intro points in a rend
service object causing what we think could be reachability issues and
triggering a BUG log.

Fixes #16702

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-11-23 09:02:54 -05:00
Roger Dingledine
6cdd024c94 fix two typos in comments 2015-11-23 07:40:13 -05:00
teor (Tim Wilson-Brown)
5b2adfb3d4 Fix comments to describe actual return values (crypto.c) 2015-11-23 20:31:57 +11:00
teor (Tim Wilson-Brown)
84d1373ba0 Fix typo in comment on crypto_add_spaces_to_fp 2015-11-23 18:59:11 +11:00