diff options
-rw-r--r-- | .gitignore | 7 | ||||
-rw-r--r-- | Makefile.am | 14 | ||||
-rw-r--r-- | changes/40241_v2 | 4 | ||||
-rw-r--r-- | changes/bug40113 | 3 | ||||
-rw-r--r-- | changes/bug40117 | 5 | ||||
-rw-r--r-- | changes/ticket40165 | 5 | ||||
-rw-r--r-- | changes/ticket40170 | 3 | ||||
-rw-r--r-- | changes/ticket40227 | 4 | ||||
-rw-r--r-- | configure.ac | 23 | ||||
-rw-r--r-- | contrib/win32build/tor-mingw.nsi.in | 2 | ||||
-rwxr-xr-x | scripts/maint/gen_ccls_file.sh | 20 | ||||
-rw-r--r-- | src/core/or/channeltls.c | 4 | ||||
-rw-r--r-- | src/core/or/circuitlist.c | 4 | ||||
-rw-r--r-- | src/feature/client/entrynodes.c | 4 | ||||
-rw-r--r-- | src/feature/rend/rendclient.c | 4 | ||||
-rw-r--r-- | src/feature/rend/rendmid.c | 6 | ||||
-rw-r--r-- | src/lib/crypt_ops/compat_openssl.h | 5 | ||||
-rw-r--r-- | src/lib/crypt_ops/crypto_openssl_mgt.c | 13 | ||||
-rw-r--r-- | src/lib/crypt_ops/crypto_openssl_mgt.h | 3 | ||||
-rw-r--r-- | src/lib/log/util_bug.h | 11 | ||||
-rw-r--r-- | src/test/test_connection.c | 13 | ||||
-rw-r--r-- | src/test/test_tortls_openssl.c | 3 | ||||
-rw-r--r-- | src/win32/orconfig.h | 2 |
23 files changed, 126 insertions, 36 deletions
diff --git a/.gitignore b/.gitignore index 77610b3193..c7ad64d387 100644 --- a/.gitignore +++ b/.gitignore @@ -36,6 +36,12 @@ details-*.json uptime-*.json *.full_url *.last_modified +# Core files +core +core.* +!core/ +# ccls file that can be per directory. +*.ccls # / /Makefile @@ -73,6 +79,7 @@ uptime-*.json /Tor*Bundle.dmg /tor-*-win32.exe /warning_flags +/compile_commands.json /coverage_html/ /callgraph/ diff --git a/Makefile.am b/Makefile.am index 1041494da7..117c6a5a70 100644 --- a/Makefile.am +++ b/Makefile.am @@ -577,3 +577,17 @@ show-libs: show-testing-libs: @echo $(TOR_INTERNAL_TESTING_LIBS) + +# Note here that we hardcode this -j2 because if the user would pass too many +# cores, bear actually chockes and dies :S. For this to work, a make clean +# needs to be done else bear will miss some compile flags. +lsp: + @if test -x "`which bear 2>&1;true`"; then \ + echo "Generating LSP compile_commands.json. Might take few minutes..."; \ + $(MAKE) clean 2>&1 >/dev/null; \ + bear >/dev/null 2>&1 -- $(MAKE) -j2 2>&1 >/dev/null; \ + echo "Generating .ccls file..."; \ + ./scripts/maint/gen_ccls_file.sh \ + else \ + echo "No bear command found. On debian, apt install bear"; \ + fi diff --git a/changes/40241_v2 b/changes/40241_v2 new file mode 100644 index 0000000000..85038297f7 --- /dev/null +++ b/changes/40241_v2 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): + - Fix another warning about unreachable fallthrough annotations + when building with "--enable-all-bugs-are-fatal" on some compilers. + Fixes bug 40241; bugfix on 0.4.5.3-rc. diff --git a/changes/bug40113 b/changes/bug40113 new file mode 100644 index 0000000000..adf4634097 --- /dev/null +++ b/changes/bug40113 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Resolve a compilation warning that could occur in test_connection.c. + Fixes bug 40113; bugfix on 0.2.9.3-alpha. diff --git a/changes/bug40117 b/changes/bug40117 new file mode 100644 index 0000000000..77646edf9c --- /dev/null +++ b/changes/bug40117 @@ -0,0 +1,5 @@ + o Major bugfixes (stats, onion services): + - Fix a bug where we were undercounting the Tor network's total onion + service traffic, by only counting rendezvous traffic originating from + services and ignoring any traffic originating from clients. Fixes bug + 40117; bugfix on 0.2.6.2-alpha. diff --git a/changes/ticket40165 b/changes/ticket40165 new file mode 100644 index 0000000000..a8dd0a339b --- /dev/null +++ b/changes/ticket40165 @@ -0,0 +1,5 @@ + o Minor features (compilation): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. + There are a number of newly deprecated APIs in OpenSSL 3.0.0 that Tor + still requires. (A later version of Tor will try to stop depending on + these.) Closes ticket 40165. diff --git a/changes/ticket40170 b/changes/ticket40170 new file mode 100644 index 0000000000..cc1c8dbad1 --- /dev/null +++ b/changes/ticket40170 @@ -0,0 +1,3 @@ + o Minor bugfixes (tests): + - Fix the "tortls/openssl/log_one_error" test to work with OpenSSL 3.0.0. + Fixes bug 40170; bugfix on 0.2.8.1-alpha. diff --git a/changes/ticket40227 b/changes/ticket40227 new file mode 100644 index 0000000000..e5efad0f95 --- /dev/null +++ b/changes/ticket40227 @@ -0,0 +1,4 @@ + o Minor feature (build system): + - New "make lsp" command to auto generate the compile_commands.json file + used by the ccls server. The "bear" program is needed for this. Closes + ticket 40227. diff --git a/configure.ac b/configure.ac index 921e2f197e..eb5a038541 100644 --- a/configure.ac +++ b/configure.ac @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc. dnl See LICENSE for licensing information AC_PREREQ([2.63]) -AC_INIT([tor],[0.4.3.7-dev]) +AC_INIT([tor],[0.4.3.8]) AC_CONFIG_SRCDIR([src/app/main/tor_main.c]) AC_CONFIG_MACRO_DIR([m4]) @@ -16,7 +16,7 @@ configure_flags="$*" # version number changes. Tor uses it to make sure that it # only shuts down for missing "required protocols" when those protocols # are listed as required by a consensus after this date. -AC_DEFINE(APPROX_RELEASE_DATE, ["2020-11-12"], # for 0.4.3.7-dev +AC_DEFINE(APPROX_RELEASE_DATE, ["2021-01-28"], # for 0.4.3.8 [Approximate date when this software was released. (Updated when the version changes.)]) # "foreign" means we don't follow GNU package layout standards @@ -1002,13 +1002,30 @@ LIBS="$TOR_OPENSSL_LIBS $LIBS" LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS" CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS" +dnl Tor currently uses a number of APIs that are deprecated in OpenSSL 3.0.0 +dnl and later. We want to migrate away from them, but that will be a lot of +dnl work. (See ticket tor#40166.) For now, we disable the deprecation +dnl warnings. + +AC_MSG_CHECKING([for OpenSSL >= 3.0.0]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include <openssl/opensslv.h> +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L +#error "you_have_version_3" +#endif + ]], [[]])], + [ AC_MSG_RESULT([no]) ], + [ AC_MSG_RESULT([yes]); + AC_DEFINE(OPENSSL_SUPPRESS_DEPRECATED, 1, [disable openssl deprecated-function warnings]) ]) + +AC_MSG_CHECKING([for OpenSSL < 1.0.1]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL #error "too old" #endif ]], [[]])], - [ : ], + [ AC_MSG_RESULT([no]) ], [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index e3f8be0b86..347b781116 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.4.3.7-dev" +!define VERSION "0.4.3.8" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/scripts/maint/gen_ccls_file.sh b/scripts/maint/gen_ccls_file.sh new file mode 100755 index 0000000000..899e4e9603 --- /dev/null +++ b/scripts/maint/gen_ccls_file.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +############################################################################## +# THIS MUST BE CALLED FROM THE ROOT DIRECTORY. IT IS USED BY THE MAKEFILE SO # +# IN THEORY, YOU SHOULD NEVER CALL THIS. # +############################################################################## + +set -e + +CCLS_FILE=".ccls" + +# Get all #define *_PRIVATE from our source. We need to list them in our .ccls +# file and enable them otherwise ccls will not find their definition thinking +# that they are dead code. +PRIVATE_DEFS=$(grep -r --include \*.h "_PRIVATE" | grep "#ifdef" | cut -d' ' -f2 | sort | uniq) + +echo "clang" > "$CCLS_FILE" +for p in $PRIVATE_DEFS; do + echo "-D$p" >> "$CCLS_FILE" +done diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c index 1ef9746313..8a087298de 100644 --- a/src/core/or/channeltls.c +++ b/src/core/or/channeltls.c @@ -1225,9 +1225,7 @@ channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn) * the v2 and v3 handshakes. */ /* But that should be happening any longer've disabled bufferevents. */ tor_assert_nonfatal_unreached_once(); -#ifndef ALL_BUGS_ARE_FATAL - FALLTHROUGH; -#endif + FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL; case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING: if (!(command_allowed_before_handshake(var_cell->command))) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, diff --git a/src/core/or/circuitlist.c b/src/core/or/circuitlist.c index b60741245d..6f07132e22 100644 --- a/src/core/or/circuitlist.c +++ b/src/core/or/circuitlist.c @@ -846,9 +846,7 @@ circuit_purpose_to_controller_hs_state_string(uint8_t purpose) "Unrecognized circuit purpose: %d", (int)purpose); tor_fragile_assert(); -#ifndef ALL_BUGS_ARE_FATAL - FALLTHROUGH; -#endif + FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL; case CIRCUIT_PURPOSE_OR: case CIRCUIT_PURPOSE_C_GENERAL: diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index 887af312d3..c4d3d17c62 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -2263,9 +2263,7 @@ entry_guards_note_guard_success(guard_selection_t *gs, break; default: tor_assert_nonfatal_unreached(); -#ifndef ALL_BUGS_ARE_FATAL - FALLTHROUGH; -#endif + FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL; case GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD: if (guard->is_primary) { /* XXXX #20832 -- I don't actually like this logic. It seems to make diff --git a/src/feature/rend/rendclient.c b/src/feature/rend/rendclient.c index 20b8bacb12..427491e3a8 100644 --- a/src/feature/rend/rendclient.c +++ b/src/feature/rend/rendclient.c @@ -831,9 +831,7 @@ rend_client_report_intro_point_failure(extend_info_t *failed_intro, log_warn(LD_BUG, "Unknown failure type %u. Removing intro point.", failure_type); tor_fragile_assert(); -#ifndef ALL_BUGS_ARE_FATAL - FALLTHROUGH; -#endif + FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL; case INTRO_POINT_FAILURE_GENERIC: rend_cache_intro_failure_note(failure_type, (uint8_t *)failed_intro->identity_digest, diff --git a/src/feature/rend/rendmid.c b/src/feature/rend/rendmid.c index a473f0c7e1..b497362857 100644 --- a/src/feature/rend/rendmid.c +++ b/src/feature/rend/rendmid.c @@ -343,10 +343,12 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request, goto err; } - /* Statistics: Mark this circuit as an RP circuit so that we collect - stats from it. */ + /* Statistics: Mark circuits as RP circuits */ if (options->HiddenServiceStatistics) { + /* `circ` is the RP <-> service circuit */ circ->circuit_carries_hs_traffic_stats = 1; + /* `rend_circ` is the client <-> RP circuit */ + rend_circ->circuit_carries_hs_traffic_stats = 1; } /* Send the RENDEZVOUS2 cell to the client. */ diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h index 5fd073bea1..c2e1459078 100644 --- a/src/lib/crypt_ops/compat_openssl.h +++ b/src/lib/crypt_ops/compat_openssl.h @@ -32,10 +32,6 @@ #define OPENSSL_1_1_API #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */ -#ifndef OPENSSL_VERSION -#define OPENSSL_VERSION SSLEAY_VERSION -#endif - #ifndef OPENSSL_1_1_API #define OpenSSL_version(v) SSLeay_version(v) #define OpenSSL_version_num() SSLeay() @@ -54,4 +50,3 @@ #endif /* defined(ENABLE_OPENSSL) */ #endif /* !defined(TOR_COMPAT_OPENSSL_H) */ - diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c index f2f5a55d05..065cbca1cc 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.c +++ b/src/lib/crypt_ops/crypto_openssl_mgt.c @@ -101,13 +101,22 @@ static char *crypto_openssl_version_str = NULL; const char * crypto_openssl_get_version_str(void) { +#ifdef OPENSSL_VERSION + const int query = OPENSSL_VERSION; +#else + /* This old name was changed around OpenSSL 1.1.0 */ + const int query = SSLEAY_VERSION; +#endif + if (crypto_openssl_version_str == NULL) { - const char *raw_version = OpenSSL_version(OPENSSL_VERSION); + const char *raw_version = OpenSSL_version(query); crypto_openssl_version_str = parse_openssl_version_str(raw_version); } return crypto_openssl_version_str; } +#undef QUERY_OPENSSL_VERSION + static char *crypto_openssl_header_version_str = NULL; /* Return a human-readable version of the compile-time openssl version * number. */ @@ -214,7 +223,7 @@ crypto_openssl_early_init(void) setup_openssl_threading(); unsigned long version_num = OpenSSL_version_num(); - const char *version_str = OpenSSL_version(OPENSSL_VERSION); + const char *version_str = crypto_openssl_get_version_str(); if (version_num == OPENSSL_VERSION_NUMBER && !strcmp(version_str, OPENSSL_VERSION_TEXT)) { log_info(LD_CRYPTO, "OpenSSL version matches version from headers " diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h index 083df00033..c67ab6467c 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.h +++ b/src/lib/crypt_ops/crypto_openssl_mgt.h @@ -16,8 +16,7 @@ #include "orconfig.h" #ifdef ENABLE_OPENSSL -#include <openssl/engine.h> - +#include <openssl/opensslv.h> /* Macro to create an arbitrary OpenSSL version number as used by OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard diff --git a/src/lib/log/util_bug.h b/src/lib/log/util_bug.h index ae3d125a08..d9dbc7ee09 100644 --- a/src/lib/log/util_bug.h +++ b/src/lib/log/util_bug.h @@ -240,6 +240,17 @@ IF_BUG_ONCE__(ASSERT_PREDICT_UNLIKELY_(cond), \ IF_BUG_ONCE_VARNAME__(__LINE__)) +/** + * Use this macro after a nonfatal assertion, and before a case statement + * where you would want to fall through. + */ +#ifdef ALL_BUGS_ARE_FATAL +#define FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL \ + abort() +#else +#define FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL FALLTHROUGH +#endif + /** Define this if you want Tor to crash when any problem comes up, * so you can get a coredump and track things down. */ // #define tor_fragile_assert() tor_assert_unreached(0) diff --git a/src/test/test_connection.c b/src/test/test_connection.c index 7ed831f7d8..05f7009bf4 100644 --- a/src/test/test_connection.c +++ b/src/test/test_connection.c @@ -616,7 +616,8 @@ test_conn_download_status(void *arg) connection_t *ap_conn = NULL; const struct testcase_t *tc = arg; - consensus_flavor_t usable_flavor = (consensus_flavor_t)tc->setup_data; + consensus_flavor_t usable_flavor = + networkstatus_parse_flavor_name((const char*) tc->setup_data); /* The "other flavor" trick only works if there are two flavors */ tor_assert(N_CONSENSUS_FLAVORS == 2); @@ -980,17 +981,17 @@ struct testcase_t connection_tests[] = { CONNECTION_TESTCASE(get_rend, TT_FORK, test_conn_get_rend_st), CONNECTION_TESTCASE(get_rsrc, TT_FORK, test_conn_get_rsrc_st), - CONNECTION_TESTCASE_ARG(download_status, TT_FORK, - test_conn_download_status_st, FLAV_MICRODESC), - CONNECTION_TESTCASE_ARG(download_status, TT_FORK, - test_conn_download_status_st, FLAV_NS), + CONNECTION_TESTCASE_ARG(download_status, TT_FORK, + test_conn_download_status_st, "microdesc"), + CONNECTION_TESTCASE_ARG(download_status, TT_FORK, + test_conn_download_status_st, "ns"), CONNECTION_TESTCASE_ARG(https_proxy_connect, TT_FORK, test_conn_proxy_connect_st, &PROXY_CONNECT_ARG), CONNECTION_TESTCASE_ARG(haproxy_proxy_connect, TT_FORK, test_conn_proxy_connect_st, &PROXY_HAPROXY_ARG), -//CONNECTION_TESTCASE(func_suffix, TT_FORK, setup_func_pair), + //CONNECTION_TESTCASE(func_suffix, TT_FORK, setup_func_pair), { "failed_orconn_tracker", test_failed_orconn_tracker, TT_FORK, NULL, NULL }, END_OF_TESTCASES }; diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c index e20b0d1ede..42a901fe77 100644 --- a/src/test/test_tortls_openssl.c +++ b/src/test/test_tortls_openssl.c @@ -279,8 +279,7 @@ test_tortls_log_one_error(void *ignored) mock_clean_saved_logs(); tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL); - expect_log_msg("TLS error with 127.hello: " - "BN lib (in unknown library:(null):---)\n"); + expect_log_msg_containing("TLS error with 127.hello"); mock_clean_saved_logs(); tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST), diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index cfeffe581c..ed85c09a71 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -217,7 +217,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.4.3.7-dev" +#define VERSION "0.4.3.8" #define HAVE_STRUCT_SOCKADDR_IN6 #define HAVE_STRUCT_IN6_ADDR |