diff options
Diffstat (limited to 'src/common')
58 files changed, 3042 insertions, 1225 deletions
diff --git a/src/common/address.c b/src/common/address.c index dd336257ef..a6e0f3f491 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -148,7 +148,9 @@ tor_addr_make_af_unix(tor_addr_t *a) } /** Set the tor_addr_t in <b>a</b> to contain the socket address contained in - * <b>sa</b>. Return 0 on success and -1 on failure. */ + * <b>sa</b>. IF <b>port_out</b> is non-NULL and <b>sa</b> contains a port, + * set *<b>port_out</b> to that port. Return 0 on success and -1 on + * failure. */ int tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa, uint16_t *port_out) @@ -620,13 +622,20 @@ tor_addr_to_PTR_name(char *out, size_t outlen, * yield an IPv4 wildcard. * * If 'flags & TAPMP_EXTENDED_STAR' is true, then the wildcard address '*' - * yields an AF_UNSPEC wildcard address, and the following change is made + * yields an AF_UNSPEC wildcard address, which expands to corresponding + * wildcard IPv4 and IPv6 rules, and the following change is made * in the grammar above: * Address ::= IPv4Address / "[" IPv6Address "]" / "*" / "*4" / "*6" * with the new "*4" and "*6" productions creating a wildcard to match * IPv4 or IPv6 addresses. * - */ + * If 'flags & TAPMP_EXTENDED_STAR' and 'flags & TAPMP_STAR_IPV4_ONLY' are + * both true, then the wildcard address '*' yields an IPv4 wildcard. + * + * If 'flags & TAPMP_EXTENDED_STAR' and 'flags & TAPMP_STAR_IPV6_ONLY' are + * both true, then the wildcard address '*' yields an IPv6 wildcard. + * + * TAPMP_STAR_IPV4_ONLY and TAPMP_STAR_IPV6_ONLY are mutually exclusive. */ int tor_addr_parse_mask_ports(const char *s, unsigned flags, @@ -643,6 +652,10 @@ tor_addr_parse_mask_ports(const char *s, tor_assert(s); tor_assert(addr_out); + /* We can either only want an IPv4 address or only want an IPv6 address, + * but we can't only want IPv4 & IPv6 at the same time. */ + tor_assert(!((flags & TAPMP_STAR_IPV4_ONLY) + && (flags & TAPMP_STAR_IPV6_ONLY))); /** Longest possible length for an address, mask, and port-range combination. * Includes IP, [], /mask, :, ports */ @@ -688,8 +701,21 @@ tor_addr_parse_mask_ports(const char *s, if (!strcmp(address, "*")) { if (flags & TAPMP_EXTENDED_STAR) { - family = AF_UNSPEC; - tor_addr_make_unspec(addr_out); + if (flags & TAPMP_STAR_IPV4_ONLY) { + family = AF_INET; + tor_addr_from_ipv4h(addr_out, 0); + } else if (flags & TAPMP_STAR_IPV6_ONLY) { + static char nil_bytes[16] = { [0]=0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 }; + family = AF_INET6; + tor_addr_from_ipv6_bytes(addr_out, nil_bytes); + } else { + family = AF_UNSPEC; + tor_addr_make_unspec(addr_out); + log_info(LD_GENERAL, + "'%s' expands into rules which apply to all IPv4 and IPv6 " + "addresses. (Use accept/reject *4:* for IPv4 or " + "accept[6]/reject[6] *6:* for IPv6.)", s); + } } else { family = AF_INET; tor_addr_from_ipv4h(addr_out, 0); @@ -884,6 +910,59 @@ tor_addr_is_loopback(const tor_addr_t *addr) } } +/* Is addr valid? + * Checks that addr is non-NULL and not tor_addr_is_null(). + * If for_listening is true, IPv4 addr 0.0.0.0 is allowed. + * It means "bind to all addresses on the local machine". */ +int +tor_addr_is_valid(const tor_addr_t *addr, int for_listening) +{ + /* NULL addresses are invalid regardless of for_listening */ + if (addr == NULL) { + return 0; + } + + /* Only allow IPv4 0.0.0.0 for_listening. */ + if (for_listening && addr->family == AF_INET + && tor_addr_to_ipv4h(addr) == 0) { + return 1; + } + + /* Otherwise, the address is valid if it's not tor_addr_is_null() */ + return !tor_addr_is_null(addr); +} + +/* Is the network-order IPv4 address v4n_addr valid? + * Checks that addr is not zero. + * Except if for_listening is true, where IPv4 addr 0.0.0.0 is allowed. */ +int +tor_addr_is_valid_ipv4n(uint32_t v4n_addr, int for_listening) +{ + /* Any IPv4 address is valid with for_listening. */ + if (for_listening) { + return 1; + } + + /* Otherwise, zero addresses are invalid. */ + return v4n_addr != 0; +} + +/* Is port valid? + * Checks that port is not 0. + * Except if for_listening is true, where port 0 is allowed. + * It means "OS chooses a port". */ +int +tor_port_is_valid(uint16_t port, int for_listening) +{ + /* Any port value is valid with for_listening. */ + if (for_listening) { + return 1; + } + + /* Otherwise, zero ports are invalid. */ + return port != 0; +} + /** Set <b>dest</b> to equal the IPv4 address in <b>v4addr</b> (given in * network order). */ void @@ -1015,6 +1094,8 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2, return r; } case AF_INET6: { + if (mbits > 128) + mbits = 128; const uint8_t *a1 = tor_addr_to_in6_addr8(addr1); const uint8_t *a2 = tor_addr_to_in6_addr8(addr2); const int bytes = mbits >> 3; @@ -1091,7 +1172,7 @@ tor_addr_hash(const tor_addr_t *addr) /** Return a newly allocated string with a representation of <b>addr</b>. */ char * -tor_dup_addr(const tor_addr_t *addr) +tor_addr_to_str_dup(const tor_addr_t *addr) { char buf[TOR_ADDR_BUF_LEN]; if (tor_addr_to_str(buf, addr, sizeof(buf), 0)) { @@ -1248,7 +1329,7 @@ typedef ULONG (WINAPI *GetAdaptersAddresses_fn_t)( * into smartlist of <b>tor_addr_t</b> structures. */ STATIC smartlist_t * -ifaddrs_to_smartlist(const struct ifaddrs *ifa) +ifaddrs_to_smartlist(const struct ifaddrs *ifa, sa_family_t family) { smartlist_t *result = smartlist_new(); const struct ifaddrs *i; @@ -1262,6 +1343,8 @@ ifaddrs_to_smartlist(const struct ifaddrs *ifa) if (i->ifa_addr->sa_family != AF_INET && i->ifa_addr->sa_family != AF_INET6) continue; + if (family != AF_UNSPEC && i->ifa_addr->sa_family != family) + continue; if (tor_addr_from_sockaddr(&tmp, i->ifa_addr, NULL) < 0) continue; smartlist_add(result, tor_memdup(&tmp, sizeof(tmp))); @@ -1275,7 +1358,7 @@ ifaddrs_to_smartlist(const struct ifaddrs *ifa) * <b>tor_addr_t</b> structures. */ STATIC smartlist_t * -get_interface_addresses_ifaddrs(int severity) +get_interface_addresses_ifaddrs(int severity, sa_family_t family) { /* Most free Unixy systems provide getifaddrs, which gives us a linked list @@ -1288,7 +1371,7 @@ get_interface_addresses_ifaddrs(int severity) return NULL; } - result = ifaddrs_to_smartlist(ifa); + result = ifaddrs_to_smartlist(ifa, family); freeifaddrs(ifa); @@ -1330,7 +1413,7 @@ ip_adapter_addresses_to_smartlist(const IP_ADAPTER_ADDRESSES *addresses) * <b>tor_addr_t</b> structures. */ STATIC smartlist_t * -get_interface_addresses_win32(int severity) +get_interface_addresses_win32(int severity, sa_family_t family) { /* Windows XP began to provide GetAdaptersAddresses. Windows 2000 had a @@ -1364,7 +1447,7 @@ get_interface_addresses_win32(int severity) /* Guess how much space we need. */ size = 15*1024; addresses = tor_malloc(size); - res = fn(AF_UNSPEC, FLAGS, NULL, addresses, &size); + res = fn(family, FLAGS, NULL, addresses, &size); if (res == ERROR_BUFFER_OVERFLOW) { /* we didn't guess that we needed enough space; try again */ tor_free(addresses); @@ -1438,22 +1521,33 @@ ifreq_to_smartlist(char *buf, size_t buflen) * <b>tor_addr_t</b> structures. */ STATIC smartlist_t * -get_interface_addresses_ioctl(int severity) +get_interface_addresses_ioctl(int severity, sa_family_t family) { /* Some older unixy systems make us use ioctl(SIOCGIFCONF) */ struct ifconf ifc; + ifc.ifc_buf = NULL; int fd; smartlist_t *result = NULL; - /* This interface, AFAICT, only supports AF_INET addresses */ - fd = socket(AF_INET, SOCK_DGRAM, 0); + /* This interface, AFAICT, only supports AF_INET addresses, + * except on AIX. For Solaris, we could use SIOCGLIFCONF. */ + + /* Bail out if family is neither AF_INET nor AF_UNSPEC since + * ioctl() technique supports non-IPv4 interface addresses on + * a small number of niche systems only. If family is AF_UNSPEC, + * fall back to getting AF_INET addresses only. */ + if (family == AF_UNSPEC) + family = AF_INET; + else if (family != AF_INET) + return NULL; + + fd = socket(family, SOCK_DGRAM, 0); if (fd < 0) { tor_log(severity, LD_NET, "socket failed: %s", strerror(errno)); goto done; } int mult = 1; - ifc.ifc_buf = NULL; do { mult *= 2; ifc.ifc_len = mult * IFREQ_SIZE; @@ -1481,21 +1575,23 @@ get_interface_addresses_ioctl(int severity) /** Try to ask our network interfaces what addresses they are bound to. * Return a new smartlist of tor_addr_t on success, and NULL on failure. * (An empty smartlist indicates that we successfully learned that we have no - * addresses.) Log failure messages at <b>severity</b>. */ -STATIC smartlist_t * -get_interface_addresses_raw(int severity) + * addresses.) Log failure messages at <b>severity</b>. Only return the + * interface addresses of requested <b>family</b> and ignore the addresses + * of other address families. */ +MOCK_IMPL(smartlist_t *, +get_interface_addresses_raw,(int severity, sa_family_t family)) { smartlist_t *result = NULL; #if defined(HAVE_IFADDRS_TO_SMARTLIST) - if ((result = get_interface_addresses_ifaddrs(severity))) + if ((result = get_interface_addresses_ifaddrs(severity, family))) return result; #endif #if defined(HAVE_IP_ADAPTER_TO_SMARTLIST) - if ((result = get_interface_addresses_win32(severity))) + if ((result = get_interface_addresses_win32(severity, family))) return result; #endif #if defined(HAVE_IFCONF_TO_SMARTLIST) - if ((result = get_interface_addresses_ioctl(severity))) + if ((result = get_interface_addresses_ioctl(severity, family))) return result; #endif (void) severity; @@ -1503,7 +1599,7 @@ get_interface_addresses_raw(int severity) } /** Return true iff <b>a</b> is a multicast address. */ -static int +int tor_addr_is_multicast(const tor_addr_t *a) { sa_family_t family = tor_addr_family(a); @@ -1520,13 +1616,14 @@ tor_addr_is_multicast(const tor_addr_t *a) } /** Attempt to retrieve IP address of current host by utilizing some - * UDP socket trickery. Only look for address of given <b>family</b>. - * Set result to *<b>addr</b>. Return 0 on success, -1 on failure. + * UDP socket trickery. Only look for address of given <b>family</b> + * (only AF_INET and AF_INET6 are supported). Set result to *<b>addr</b>. + * Return 0 on success, -1 on failure. */ -STATIC int -get_interface_address6_via_udp_socket_hack(int severity, - sa_family_t family, - tor_addr_t *addr) +MOCK_IMPL(int, +get_interface_address6_via_udp_socket_hack,(int severity, + sa_family_t family, + tor_addr_t *addr)) { struct sockaddr_storage my_addr, target_addr; int sock=-1, r=-1; @@ -1590,46 +1687,124 @@ get_interface_address6_via_udp_socket_hack(int severity, err: if (sock >= 0) tor_close_socket(sock); + if (r == -1) + memset(addr, 0, sizeof(tor_addr_t)); return r; } -/** Set *<b>addr</b> to the IP address (if any) of whatever interface - * connects to the Internet. This address should only be used in checking - * whether our address has changed. Return 0 on success, -1 on failure. +/** Set *<b>addr</b> to an arbitrary IP address (if any) of an interface that + * connects to the Internet. Prefer public IP addresses to internal IP + * addresses. This address should only be used in checking whether our + * address has changed, as it may be an internal IP address. Return 0 on + * success, -1 on failure. + * Prefer get_interface_address6_list for a list of all addresses on all + * interfaces which connect to the Internet. */ MOCK_IMPL(int, get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr)) { - /* XXX really, this function should yield a smartlist of addresses. */ smartlist_t *addrs; + int rv = -1; tor_assert(addr); + memset(addr, 0, sizeof(tor_addr_t)); + + /* Get a list of public or internal IPs in arbitrary order */ + addrs = get_interface_address6_list(severity, family, 1); + + /* Find the first non-internal address, or the last internal address + * Ideally, we want the default route, see #12377 for details */ + SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) { + tor_addr_copy(addr, a); + rv = 0; + + /* If we found a non-internal address, declare success. Otherwise, + * keep looking. */ + if (!tor_addr_is_internal(a, 0)) + break; + } SMARTLIST_FOREACH_END(a); + + free_interface_address6_list(addrs); + return rv; +} + +/** Free a smartlist of IP addresses returned by get_interface_address6_list. + */ +void +free_interface_address6_list(smartlist_t *addrs) +{ + if (addrs != NULL) { + SMARTLIST_FOREACH(addrs, tor_addr_t *, a, tor_free(a)); + smartlist_free(addrs); + } +} + +/** Return a smartlist of the IP addresses of type family from all interfaces + * on the server. Excludes loopback and multicast addresses. Only includes + * internal addresses if include_internal is true. (Note that a relay behind + * NAT may use an internal address to connect to the Internet.) + * An empty smartlist means that there are no addresses of the selected type + * matching these criteria. + * Returns NULL on failure. + * Use free_interface_address6_list to free the returned list. + */ +MOCK_IMPL(smartlist_t *,get_interface_address6_list,(int severity, + sa_family_t family, + int include_internal)) +{ + smartlist_t *addrs; + tor_addr_t addr; + /* Try to do this the smart way if possible. */ - if ((addrs = get_interface_addresses_raw(severity))) { - int rv = -1; - SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) { - if (family != AF_UNSPEC && family != tor_addr_family(a)) - continue; + if ((addrs = get_interface_addresses_raw(severity, family))) { + SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) + { if (tor_addr_is_loopback(a) || - tor_addr_is_multicast(a)) + tor_addr_is_multicast(a)) { + SMARTLIST_DEL_CURRENT(addrs, a); + tor_free(a); continue; + } - tor_addr_copy(addr, a); - rv = 0; - - /* If we found a non-internal address, declare success. Otherwise, - * keep looking. */ - if (!tor_addr_is_internal(a, 0)) - break; + if (!include_internal && tor_addr_is_internal(a, 0)) { + SMARTLIST_DEL_CURRENT(addrs, a); + tor_free(a); + continue; + } } SMARTLIST_FOREACH_END(a); + } - SMARTLIST_FOREACH(addrs, tor_addr_t *, a, tor_free(a)); + if (addrs && smartlist_len(addrs) > 0) { + return addrs; + } + + /* if we removed all entries as unsuitable */ + if (addrs) { smartlist_free(addrs); - return rv; } /* Okay, the smart way is out. */ - return get_interface_address6_via_udp_socket_hack(severity,family,addr); + addrs = smartlist_new(); + + if (family == AF_INET || family == AF_UNSPEC) { + if (get_interface_address6_via_udp_socket_hack(severity,AF_INET, + &addr) == 0) { + if (include_internal || !tor_addr_is_internal(&addr, 0)) { + smartlist_add(addrs, tor_memdup(&addr, sizeof(addr))); + } + } + } + + if (family == AF_INET6 || family == AF_UNSPEC) { + if (get_interface_address6_via_udp_socket_hack(severity,AF_INET6, + &addr) == 0) { + if (include_internal || !tor_addr_is_internal(&addr, 0)) { + smartlist_add(addrs, tor_memdup(&addr, sizeof(addr))); + } + } + } + + return addrs; } /* ====== @@ -1685,7 +1860,7 @@ tor_addr_port_parse(int severity, const char *addrport, } /** Given an address of the form "host[:port]", try to divide it into its host - * ane port portions, setting *<b>address_out</b> to a newly allocated string + * and port portions, setting *<b>address_out</b> to a newly allocated string * holding the address portion and *<b>port_out</b> to the port (or 0 if no * port is given). Return 0 on success, -1 on failure. */ int @@ -1871,10 +2046,13 @@ tor_dup_ip(uint32_t addr) } /** - * Set *<b>addr</b> to the host-order IPv4 address (if any) of whatever - * interface connects to the Internet. This address should only be used in - * checking whether our address has changed. Return 0 on success, -1 on - * failure. + * Set *<b>addr</b> to a host-order IPv4 address (if any) of an + * interface that connects to the Internet. Prefer public IP addresses to + * internal IP addresses. This address should only be used in checking + * whether our address has changed, as it may be an internal IPv4 address. + * Return 0 on success, -1 on failure. + * Prefer get_interface_address_list6 for a list of all IPv4 and IPv6 + * addresses on all interfaces which connect to the Internet. */ MOCK_IMPL(int, get_interface_address,(int severity, uint32_t *addr)) @@ -1882,6 +2060,8 @@ get_interface_address,(int severity, uint32_t *addr)) tor_addr_t local_addr; int r; + memset(addr, 0, sizeof(uint32_t)); + r = get_interface_address6(severity, AF_INET, &local_addr); if (r>=0) *addr = tor_addr_to_ipv4h(&local_addr); diff --git a/src/common/address.h b/src/common/address.h index cd80615f93..3de67e1c74 100644 --- a/src/common/address.h +++ b/src/common/address.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -15,6 +15,7 @@ #include "orconfig.h" #include "torint.h" #include "compat.h" +#include "container.h" #ifdef ADDRESS_PRIVATE @@ -43,7 +44,6 @@ #endif // TODO win32 specific includes -#include "container.h" #endif // ADDRESS_PRIVATE /** The number of bits from an address to consider while doing a masked @@ -73,13 +73,13 @@ typedef struct tor_addr_port_t #define TOR_ADDR_NULL {AF_UNSPEC, {0}} -static INLINE const struct in6_addr *tor_addr_to_in6(const tor_addr_t *a); -static INLINE uint32_t tor_addr_to_ipv4n(const tor_addr_t *a); -static INLINE uint32_t tor_addr_to_ipv4h(const tor_addr_t *a); -static INLINE uint32_t tor_addr_to_mapped_ipv4h(const tor_addr_t *a); -static INLINE sa_family_t tor_addr_family(const tor_addr_t *a); -static INLINE const struct in_addr *tor_addr_to_in(const tor_addr_t *a); -static INLINE int tor_addr_eq_ipv4h(const tor_addr_t *a, uint32_t u); +static inline const struct in6_addr *tor_addr_to_in6(const tor_addr_t *a); +static inline uint32_t tor_addr_to_ipv4n(const tor_addr_t *a); +static inline uint32_t tor_addr_to_ipv4h(const tor_addr_t *a); +static inline uint32_t tor_addr_to_mapped_ipv4h(const tor_addr_t *a); +static inline sa_family_t tor_addr_family(const tor_addr_t *a); +static inline const struct in_addr *tor_addr_to_in(const tor_addr_t *a); +static inline int tor_addr_eq_ipv4h(const tor_addr_t *a, uint32_t u); socklen_t tor_addr_to_sockaddr(const tor_addr_t *a, uint16_t port, struct sockaddr *sa_out, socklen_t len); @@ -91,7 +91,7 @@ char *tor_sockaddr_to_str(const struct sockaddr *sa); /** Return an in6_addr* equivalent to <b>a</b>, or NULL if <b>a</b> is not * an IPv6 address. */ -static INLINE const struct in6_addr * +static inline const struct in6_addr * tor_addr_to_in6(const tor_addr_t *a) { return a->family == AF_INET6 ? &a->addr.in6_addr : NULL; @@ -115,14 +115,14 @@ tor_addr_to_in6(const tor_addr_t *a) /** Return an IPv4 address in network order for <b>a</b>, or 0 if * <b>a</b> is not an IPv4 address. */ -static INLINE uint32_t +static inline uint32_t tor_addr_to_ipv4n(const tor_addr_t *a) { return a->family == AF_INET ? a->addr.in_addr.s_addr : 0; } /** Return an IPv4 address in host order for <b>a</b>, or 0 if * <b>a</b> is not an IPv4 address. */ -static INLINE uint32_t +static inline uint32_t tor_addr_to_ipv4h(const tor_addr_t *a) { return ntohl(tor_addr_to_ipv4n(a)); @@ -131,7 +131,7 @@ tor_addr_to_ipv4h(const tor_addr_t *a) * 0 if <b>a</b> is not an IPv6 address. * * (Does not check whether the address is really a mapped address */ -static INLINE uint32_t +static inline uint32_t tor_addr_to_mapped_ipv4h(const tor_addr_t *a) { if (a->family == AF_INET6) { @@ -149,21 +149,21 @@ tor_addr_to_mapped_ipv4h(const tor_addr_t *a) } /** Return the address family of <b>a</b>. Possible values are: * AF_INET6, AF_INET, AF_UNSPEC. */ -static INLINE sa_family_t +static inline sa_family_t tor_addr_family(const tor_addr_t *a) { return a->family; } /** Return an in_addr* equivalent to <b>a</b>, or NULL if <b>a</b> is not * an IPv4 address. */ -static INLINE const struct in_addr * +static inline const struct in_addr * tor_addr_to_in(const tor_addr_t *a) { return a->family == AF_INET ? &a->addr.in_addr : NULL; } /** Return true iff <b>a</b> is an IPv4 address equal to the host-ordered * address in <b>u</b>. */ -static INLINE int +static inline int tor_addr_eq_ipv4h(const tor_addr_t *a, uint32_t u) { return a->family == AF_INET ? (tor_addr_to_ipv4h(a) == u) : 0; @@ -179,7 +179,7 @@ tor_addr_eq_ipv4h(const tor_addr_t *a, uint32_t u) #define TOR_ADDR_BUF_LEN 48 int tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr_out); -char *tor_dup_addr(const tor_addr_t *addr) ATTR_MALLOC; +char *tor_addr_to_str_dup(const tor_addr_t *addr) ATTR_MALLOC; /** Wrapper function of fmt_addr_impl(). It does not decorate IPv6 * addresses. */ @@ -190,8 +190,13 @@ char *tor_dup_addr(const tor_addr_t *addr) ATTR_MALLOC; const char *fmt_addr_impl(const tor_addr_t *addr, int decorate); const char *fmt_addrport(const tor_addr_t *addr, uint16_t port); const char * fmt_addr32(uint32_t addr); + MOCK_DECL(int,get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr)); +void free_interface_address6_list(smartlist_t * addrs); +MOCK_DECL(smartlist_t *,get_interface_address6_list,(int severity, + sa_family_t family, + int include_internal)); /** Flag to specify how to do a comparison between addresses. In an "exact" * comparison, addresses are equivalent only if they are in the same family @@ -216,6 +221,7 @@ int tor_addr_is_internal_(const tor_addr_t *ip, int for_listening, const char *filename, int lineno); #define tor_addr_is_internal(addr, for_listening) \ tor_addr_is_internal_((addr), (for_listening), SHORT_FILE__, __LINE__) +int tor_addr_is_multicast(const tor_addr_t *a); /** Longest length that can be required for a reverse lookup name. */ /* 32 nybbles, 32 dots, 8 characters of "ip6.arpa", 1 NUL: 73 characters. */ @@ -227,7 +233,19 @@ int tor_addr_parse_PTR_name(tor_addr_t *result, const char *address, int tor_addr_port_lookup(const char *s, tor_addr_t *addr_out, uint16_t *port_out); + +/* Does the address * yield an AF_UNSPEC wildcard address (1), + * which expands to corresponding wildcard IPv4 and IPv6 rules, and do we + * allow *4 and *6 for IPv4 and IPv6 wildcards, respectively; + * or does the address * yield IPv4 wildcard address (0). */ #define TAPMP_EXTENDED_STAR 1 +/* Does the address * yield an IPv4 wildcard address rule (1); + * or does it yield wildcard IPv4 and IPv6 rules (0) */ +#define TAPMP_STAR_IPV4_ONLY (1 << 1) +/* Does the address * yield an IPv6 wildcard address rule (1); + * or does it yield wildcard IPv4 and IPv6 rules (0) */ +#define TAPMP_STAR_IPV6_ONLY (1 << 2) +/* TAPMP_STAR_IPV4_ONLY and TAPMP_STAR_IPV6_ONLY are mutually exclusive. */ int tor_addr_parse_mask_ports(const char *s, unsigned flags, tor_addr_t *addr_out, maskbits_t *mask_out, uint16_t *port_min_out, uint16_t *port_max_out); @@ -249,6 +267,27 @@ void tor_addr_from_in6(tor_addr_t *dest, const struct in6_addr *in6); int tor_addr_is_null(const tor_addr_t *addr); int tor_addr_is_loopback(const tor_addr_t *addr); +int tor_addr_is_valid(const tor_addr_t *addr, int for_listening); +int tor_addr_is_valid_ipv4n(uint32_t v4n_addr, int for_listening); +#define tor_addr_is_valid_ipv4h(v4h_addr, for_listening) \ + tor_addr_is_valid_ipv4n(htonl(v4h_addr), (for_listening)) +int tor_port_is_valid(uint16_t port, int for_listening); +/* Are addr and port both valid? */ +#define tor_addr_port_is_valid(addr, port, for_listening) \ + (tor_addr_is_valid((addr), (for_listening)) && \ + tor_port_is_valid((port), (for_listening))) +/* Are ap->addr and ap->port both valid? */ +#define tor_addr_port_is_valid_ap(ap, for_listening) \ + tor_addr_port_is_valid(&(ap)->addr, (ap)->port, (for_listening)) +/* Are the network-order v4addr and port both valid? */ +#define tor_addr_port_is_valid_ipv4n(v4n_addr, port, for_listening) \ + (tor_addr_is_valid_ipv4n((v4n_addr), (for_listening)) && \ + tor_port_is_valid((port), (for_listening))) +/* Are the host-order v4addr and port both valid? */ +#define tor_addr_port_is_valid_ipv4h(v4h_addr, port, for_listening) \ + (tor_addr_is_valid_ipv4h((v4h_addr), (for_listening)) && \ + tor_port_is_valid((port), (for_listening))) + int tor_addr_port_split(int severity, const char *addrport, char **address_out, uint16_t *port_out); @@ -269,30 +308,55 @@ int addr_mask_get_bits(uint32_t mask); int tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len); char *tor_dup_ip(uint32_t addr) ATTR_MALLOC; MOCK_DECL(int,get_interface_address,(int severity, uint32_t *addr)); +/** Free a smartlist of IP addresses returned by get_interface_address_list. + */ +static inline void +free_interface_address_list(smartlist_t *addrs) +{ + free_interface_address6_list(addrs); +} +/** Return a smartlist of the IPv4 addresses of all interfaces on the server. + * Excludes loopback and multicast addresses. Only includes internal addresses + * if include_internal is true. (Note that a relay behind NAT may use an + * internal address to connect to the Internet.) + * An empty smartlist means that there are no IPv4 addresses. + * Returns NULL on failure. + * Use free_interface_address_list to free the returned list. + */ +static inline smartlist_t * +get_interface_address_list(int severity, int include_internal) +{ + return get_interface_address6_list(severity, AF_INET, include_internal); +} tor_addr_port_t *tor_addr_port_new(const tor_addr_t *addr, uint16_t port); #ifdef ADDRESS_PRIVATE -STATIC smartlist_t *get_interface_addresses_raw(int severity); -STATIC int get_interface_address6_via_udp_socket_hack(int severity, - sa_family_t family, - tor_addr_t *addr); +MOCK_DECL(smartlist_t *,get_interface_addresses_raw,(int severity, + sa_family_t family)); +MOCK_DECL(int,get_interface_address6_via_udp_socket_hack,(int severity, + sa_family_t family, + tor_addr_t *addr)); #ifdef HAVE_IFADDRS_TO_SMARTLIST -STATIC smartlist_t *ifaddrs_to_smartlist(const struct ifaddrs *ifa); -STATIC smartlist_t *get_interface_addresses_ifaddrs(int severity); +STATIC smartlist_t *ifaddrs_to_smartlist(const struct ifaddrs *ifa, + sa_family_t family); +STATIC smartlist_t *get_interface_addresses_ifaddrs(int severity, + sa_family_t family); #endif #ifdef HAVE_IP_ADAPTER_TO_SMARTLIST STATIC smartlist_t *ip_adapter_addresses_to_smartlist( const IP_ADAPTER_ADDRESSES *addresses); -STATIC smartlist_t *get_interface_addresses_win32(int severity); +STATIC smartlist_t *get_interface_addresses_win32(int severity, + sa_family_t family); #endif #ifdef HAVE_IFCONF_TO_SMARTLIST STATIC smartlist_t *ifreq_to_smartlist(char *ifr, size_t buflen); -STATIC smartlist_t *get_interface_addresses_ioctl(int severity); +STATIC smartlist_t *get_interface_addresses_ioctl(int severity, + sa_family_t family); #endif #endif // ADDRESS_PRIVATE diff --git a/src/common/aes.c b/src/common/aes.c index 5f2c3f2f03..c8a17c837f 100644 --- a/src/common/aes.c +++ b/src/common/aes.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -81,47 +81,34 @@ #ifdef USE_EVP_AES_CTR -struct aes_cnt_cipher { - EVP_CIPHER_CTX evp; -}; +/* We don't actually define the struct here. */ aes_cnt_cipher_t * aes_new_cipher(const char *key, const char *iv) { - aes_cnt_cipher_t *cipher; - cipher = tor_malloc_zero(sizeof(aes_cnt_cipher_t)); - EVP_EncryptInit(&cipher->evp, EVP_aes_128_ctr(), + EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); + EVP_EncryptInit(cipher, EVP_aes_128_ctr(), (const unsigned char*)key, (const unsigned char *)iv); - return cipher; + return (aes_cnt_cipher_t *) cipher; } void -aes_cipher_free(aes_cnt_cipher_t *cipher) +aes_cipher_free(aes_cnt_cipher_t *cipher_) { - if (!cipher) + if (!cipher_) return; - EVP_CIPHER_CTX_cleanup(&cipher->evp); - memwipe(cipher, 0, sizeof(aes_cnt_cipher_t)); - tor_free(cipher); -} -void -aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len, - char *output) -{ - int outl; - - tor_assert(len < INT_MAX); - - EVP_EncryptUpdate(&cipher->evp, (unsigned char*)output, - &outl, (const unsigned char *)input, (int)len); + EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_; + EVP_CIPHER_CTX_cleanup(cipher); + EVP_CIPHER_CTX_free(cipher); } void -aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len) +aes_crypt_inplace(aes_cnt_cipher_t *cipher_, char *data, size_t len) { int outl; + EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_; tor_assert(len < INT_MAX); - EVP_EncryptUpdate(&cipher->evp, (unsigned char*)data, + EVP_EncryptUpdate(cipher, (unsigned char*)data, &outl, (unsigned char*)data, (int)len); } int @@ -182,10 +169,6 @@ struct aes_cnt_cipher { * we're testing it or because we have hardware acceleration configured */ static int should_use_EVP = 0; -/** True iff we have tested the counter-mode implementation and found that it - * doesn't have the counter-mode bug from OpenSSL 1.0.0. */ -static int should_use_openssl_CTR = 0; - /** Check whether we should use the EVP interface for AES. If <b>force_val</b> * is nonnegative, we use use EVP iff it is true. Otherwise, we use EVP * if there is an engine enabled for aes-ecb. */ @@ -250,13 +233,9 @@ evaluate_ctr_for_aes(void) if (fast_memneq(output, encrypt_zero, 16)) { /* Counter mode is buggy */ - log_notice(LD_CRYPTO, "This OpenSSL has a buggy version of counter mode; " - "not using it."); - } else { - /* Counter mode is okay */ - log_info(LD_CRYPTO, "This OpenSSL has a good implementation of counter " - "mode; using it."); - should_use_openssl_CTR = 1; + log_err(LD_CRYPTO, "This OpenSSL has a buggy version of counter mode; " + "quitting tor."); + exit(1); } return 0; } @@ -267,29 +246,6 @@ evaluate_ctr_for_aes(void) #define COUNTER(c, n) ((c)->counter ## n) #endif -/** - * Helper function: set <b>cipher</b>'s internal buffer to the encrypted - * value of the current counter. - */ -static INLINE void -aes_fill_buf_(aes_cnt_cipher_t *cipher) -{ - /* We don't currently use OpenSSL's counter mode implementation because: - * 1) some versions have known bugs - * 2) its attitude towards IVs is not our own - * 3) changing the counter position was not trivial, last time I looked. - * None of these issues are insurmountable in principle. - */ - - if (cipher->using_evp) { - int outl=16, inl=16; - EVP_EncryptUpdate(&cipher->key.evp, cipher->buf, &outl, - cipher->ctr_buf.buf, inl); - } else { - AES_encrypt(cipher->ctr_buf.buf, cipher->buf, &cipher->key.aes); - } -} - static void aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits); static void aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv); @@ -342,10 +298,7 @@ aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits) cipher->pos = 0; - if (should_use_openssl_CTR) - memset(cipher->buf, 0, sizeof(cipher->buf)); - else - aes_fill_buf_(cipher); + memset(cipher->buf, 0, sizeof(cipher->buf)); } /** Release storage held by <b>cipher</b> @@ -381,63 +334,6 @@ evp_block128_fn(const uint8_t in[16], EVP_EncryptUpdate(ctx, out, &outl, in, inl); } -/** Encrypt <b>len</b> bytes from <b>input</b>, storing the result in - * <b>output</b>. Uses the key in <b>cipher</b>, and advances the counter - * by <b>len</b> bytes as it encrypts. - */ -void -aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len, - char *output) -{ - if (should_use_openssl_CTR) { - if (cipher->using_evp) { - /* In openssl 1.0.0, there's an if'd out EVP_aes_128_ctr in evp.h. If - * it weren't disabled, it might be better just to use that. - */ - CRYPTO_ctr128_encrypt((const unsigned char *)input, - (unsigned char *)output, - len, - &cipher->key.evp, - cipher->ctr_buf.buf, - cipher->buf, - &cipher->pos, - evp_block128_fn); - } else { - AES_ctr128_encrypt((const unsigned char *)input, - (unsigned char *)output, - len, - &cipher->key.aes, - cipher->ctr_buf.buf, - cipher->buf, - &cipher->pos); - } - return; - } else { - int c = cipher->pos; - if (PREDICT_UNLIKELY(!len)) return; - - while (1) { - do { - if (len-- == 0) { cipher->pos = c; return; } - *(output++) = *(input++) ^ cipher->buf[c]; - } while (++c != 16); - cipher->pos = c = 0; - if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 0))) { - if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 1))) { - if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 2))) { - ++COUNTER(cipher, 3); - UPDATE_CTR_BUF(cipher, 3); - } - UPDATE_CTR_BUF(cipher, 2); - } - UPDATE_CTR_BUF(cipher, 1); - } - UPDATE_CTR_BUF(cipher, 0); - aes_fill_buf_(cipher); - } - } -} - /** Encrypt <b>len</b> bytes from <b>input</b>, storing the results in place. * Uses the key in <b>cipher</b>, and advances the counter by <b>len</b> bytes * as it encrypts. @@ -445,32 +341,26 @@ aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len, void aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len) { - if (should_use_openssl_CTR) { - aes_crypt(cipher, data, len, data); - return; + if (cipher->using_evp) { + /* In openssl 1.0.0, there's an if'd out EVP_aes_128_ctr in evp.h. If + * it weren't disabled, it might be better just to use that. + */ + CRYPTO_ctr128_encrypt((const unsigned char *)data, + (unsigned char *)data, + len, + &cipher->key.evp, + cipher->ctr_buf.buf, + cipher->buf, + &cipher->pos, + evp_block128_fn); } else { - int c = cipher->pos; - if (PREDICT_UNLIKELY(!len)) return; - - while (1) { - do { - if (len-- == 0) { cipher->pos = c; return; } - *(data++) ^= cipher->buf[c]; - } while (++c != 16); - cipher->pos = c = 0; - if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 0))) { - if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 1))) { - if (PREDICT_UNLIKELY(! ++COUNTER(cipher, 2))) { - ++COUNTER(cipher, 3); - UPDATE_CTR_BUF(cipher, 3); - } - UPDATE_CTR_BUF(cipher, 2); - } - UPDATE_CTR_BUF(cipher, 1); - } - UPDATE_CTR_BUF(cipher, 0); - aes_fill_buf_(cipher); - } + AES_ctr128_encrypt((const unsigned char *)data, + (unsigned char *)data, + len, + &cipher->key.aes, + cipher->ctr_buf.buf, + cipher->buf, + &cipher->pos); } } @@ -487,9 +377,6 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv) #endif cipher->pos = 0; memcpy(cipher->ctr_buf.buf, iv, 16); - - if (!should_use_openssl_CTR) - aes_fill_buf_(cipher); } #endif diff --git a/src/common/aes.h b/src/common/aes.h index df2f3aa65d..821fb742be 100644 --- a/src/common/aes.h +++ b/src/common/aes.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* Implements a minimal interface to counter-mode AES. */ @@ -13,13 +13,10 @@ * \brief Headers for aes.c */ -struct aes_cnt_cipher; typedef struct aes_cnt_cipher aes_cnt_cipher_t; aes_cnt_cipher_t* aes_new_cipher(const char *key, const char *iv); void aes_cipher_free(aes_cnt_cipher_t *cipher); -void aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len, - char *output); void aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len); int evaluate_evp_for_aes(int force_value); diff --git a/src/common/backtrace.c b/src/common/backtrace.c index a2d5378b20..3b762b68e3 100644 --- a/src/common/backtrace.c +++ b/src/common/backtrace.c @@ -1,6 +1,18 @@ -/* Copyright (c) 2013-2015, The Tor Project, Inc. */ +/* Copyright (c) 2013-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ +/** + * \file backtrace.c + * + * \brief Functions to produce backtraces on bugs, crashes, or assertion + * failures. + * + * Currently, we've only got an implementation here using the backtrace() + * family of functions, which are sometimes provided by libc and sometimes + * provided by libexecinfo. We tie into the sigaction() backend in order to + * detect crashes. + */ + #define __USE_GNU #define _GNU_SOURCE 1 @@ -62,16 +74,16 @@ static tor_mutex_t cb_buf_mutex; * ucontext_t structure. */ void -clean_backtrace(void **stack, int depth, const ucontext_t *ctx) +clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx) { #ifdef PC_FROM_UCONTEXT #if defined(__linux__) - const int n = 1; + const size_t n = 1; #elif defined(__darwin__) || defined(__APPLE__) || defined(__OpenBSD__) \ || defined(__FreeBSD__) - const int n = 2; + const size_t n = 2; #else - const int n = 1; + const size_t n = 1; #endif if (depth <= n) return; @@ -89,14 +101,14 @@ clean_backtrace(void **stack, int depth, const ucontext_t *ctx) void log_backtrace(int severity, int domain, const char *msg) { - int depth; + size_t depth; char **symbols; - int i; + size_t i; tor_mutex_acquire(&cb_buf_mutex); depth = backtrace(cb_buf, MAX_DEPTH); - symbols = backtrace_symbols(cb_buf, depth); + symbols = backtrace_symbols(cb_buf, (int)depth); tor_log(severity, domain, "%s. Stack trace:", msg); if (!symbols) { @@ -120,7 +132,7 @@ static void crash_handler(int sig, siginfo_t *si, void *ctx_) { char buf[40]; - int depth; + size_t depth; ucontext_t *ctx = (ucontext_t *) ctx_; int n_fds, i; const int *fds = NULL; @@ -139,7 +151,7 @@ crash_handler(int sig, siginfo_t *si, void *ctx_) n_fds = tor_log_get_sigsafe_err_fds(&fds); for (i=0; i < n_fds; ++i) - backtrace_symbols_fd(cb_buf, depth, fds[i]); + backtrace_symbols_fd(cb_buf, (int)depth, fds[i]); abort(); } @@ -174,8 +186,8 @@ install_bt_handler(void) * libc has pre-loaded the symbols we need to dump things, so that later * reads won't be denied by the sandbox code */ char **symbols; - int depth = backtrace(cb_buf, MAX_DEPTH); - symbols = backtrace_symbols(cb_buf, depth); + size_t depth = backtrace(cb_buf, MAX_DEPTH); + symbols = backtrace_symbols(cb_buf, (int) depth); if (symbols) free(symbols); } @@ -215,9 +227,10 @@ int configure_backtrace_handler(const char *tor_version) { tor_free(bt_version); - if (!tor_version) - tor_version = ""; - tor_asprintf(&bt_version, "Tor %s", tor_version); + if (tor_version) + tor_asprintf(&bt_version, "Tor %s", tor_version); + else + tor_asprintf(&bt_version, "Tor"); return install_bt_handler(); } diff --git a/src/common/backtrace.h b/src/common/backtrace.h index a9151d7956..b53fd2c668 100644 --- a/src/common/backtrace.h +++ b/src/common/backtrace.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2015, The Tor Project, Inc. */ +/* Copyright (c) 2013-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_BACKTRACE_H @@ -13,7 +13,7 @@ void clean_up_backtrace_handler(void); #ifdef EXPOSE_CLEAN_BACKTRACE #if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \ defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION) -void clean_backtrace(void **stack, int depth, const ucontext_t *ctx); +void clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx); #endif #endif diff --git a/src/common/compat.c b/src/common/compat.c index 7d72b4b7fd..af61f024ef 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1,12 +1,12 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file compat.c * \brief Wrappers to make calls more portable. This code defines - * functions such as tor_malloc, tor_snprintf, get/set various data types, + * functions such as tor_snprintf, get/set various data types, * renaming, setting socket options, switching user IDs. It is basically * where the non-portable items are conditionally included depending on * the platform. @@ -71,6 +71,9 @@ #ifdef HAVE_SYS_STATVFS_H #include <sys/statvfs.h> #endif +#ifdef HAVE_SYS_CAPABILITY_H +#include <sys/capability.h> +#endif #ifdef _WIN32 #include <conio.h> @@ -573,14 +576,17 @@ tor_vasprintf(char **strp, const char *fmt, va_list args) int len, r; va_list tmp_args; va_copy(tmp_args, args); - len = vsnprintf(buf, sizeof(buf), fmt, tmp_args); + /* vsnprintf() was properly checked but tor_vsnprintf() available so + * why not use it? */ + len = tor_vsnprintf(buf, sizeof(buf), fmt, tmp_args); va_end(tmp_args); if (len < (int)sizeof(buf)) { *strp = tor_strdup(buf); return len; } strp_tmp = tor_malloc(len+1); - r = vsnprintf(strp_tmp, len+1, fmt, args); + /* use of tor_vsnprintf() will ensure string is null terminated */ + r = tor_vsnprintf(strp_tmp, len+1, fmt, args); if (r != len) { tor_free(strp_tmp); *strp = NULL; @@ -714,7 +720,8 @@ strtok_helper(char *cp, const char *sep) } /** Implementation of strtok_r for platforms whose coders haven't figured out - * how to write one. Hey guys! You can use this code here for free! */ + * how to write one. Hey, retrograde libc developers! You can use this code + * here for free! */ char * tor_strtok_r_impl(char *str, const char *sep, char **lasts) { @@ -1078,7 +1085,7 @@ static int n_sockets_open = 0; static tor_mutex_t *socket_accounting_mutex = NULL; /** Helper: acquire the socket accounting lock. */ -static INLINE void +static inline void socket_accounting_lock(void) { if (PREDICT_UNLIKELY(!socket_accounting_mutex)) @@ -1087,7 +1094,7 @@ socket_accounting_lock(void) } /** Helper: release the socket accounting lock. */ -static INLINE void +static inline void socket_accounting_unlock(void) { tor_mutex_release(socket_accounting_mutex); @@ -1163,7 +1170,7 @@ tor_close_socket(tor_socket_t s) #ifdef DEBUG_SOCKET_COUNTING /** Helper: if DEBUG_SOCKET_COUNTING is enabled, remember that <b>s</b> is * now an open socket. */ -static INLINE void +static inline void mark_socket_open(tor_socket_t s) { /* XXXX This bitarray business will NOT work on windows: sockets aren't @@ -1486,6 +1493,20 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2]) } #ifdef NEED_ERSATZ_SOCKETPAIR + +static inline socklen_t +SIZEOF_SOCKADDR(int domain) +{ + switch (domain) { + case AF_INET: + return sizeof(struct sockaddr_in); + case AF_INET6: + return sizeof(struct sockaddr_in6); + default: + return 0; + } +} + /** * Helper used to implement socketpair on systems that lack it, by * making a direct connection to localhost. @@ -1501,13 +1522,21 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2]) tor_socket_t listener = TOR_INVALID_SOCKET; tor_socket_t connector = TOR_INVALID_SOCKET; tor_socket_t acceptor = TOR_INVALID_SOCKET; - struct sockaddr_in listen_addr; - struct sockaddr_in connect_addr; + tor_addr_t listen_tor_addr; + struct sockaddr_storage connect_addr_ss, listen_addr_ss; + struct sockaddr *listen_addr = (struct sockaddr *) &listen_addr_ss; + uint16_t listen_port = 0; + tor_addr_t connect_tor_addr; + uint16_t connect_port = 0; + struct sockaddr *connect_addr = (struct sockaddr *) &connect_addr_ss; socklen_t size; int saved_errno = -1; + int ersatz_domain = AF_INET; - memset(&connect_addr, 0, sizeof(connect_addr)); - memset(&listen_addr, 0, sizeof(listen_addr)); + memset(&connect_tor_addr, 0, sizeof(connect_tor_addr)); + memset(&connect_addr_ss, 0, sizeof(connect_addr_ss)); + memset(&listen_tor_addr, 0, sizeof(listen_tor_addr)); + memset(&listen_addr_ss, 0, sizeof(listen_addr_ss)); if (protocol #ifdef AF_UNIX @@ -1524,47 +1553,71 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2]) return -EINVAL; } - listener = tor_open_socket(AF_INET, type, 0); - if (!SOCKET_OK(listener)) - return -tor_socket_errno(-1); - memset(&listen_addr, 0, sizeof(listen_addr)); - listen_addr.sin_family = AF_INET; - listen_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); - listen_addr.sin_port = 0; /* kernel chooses port. */ - if (bind(listener, (struct sockaddr *) &listen_addr, sizeof (listen_addr)) - == -1) + listener = tor_open_socket(ersatz_domain, type, 0); + if (!SOCKET_OK(listener)) { + int first_errno = tor_socket_errno(-1); + if (first_errno == SOCK_ERRNO(EPROTONOSUPPORT) + && ersatz_domain == AF_INET) { + /* Assume we're on an IPv6-only system */ + ersatz_domain = AF_INET6; + listener = tor_open_socket(ersatz_domain, type, 0); + if (!SOCKET_OK(listener)) { + /* Keep the previous behaviour, which was to return the IPv4 error. + * (This may be less informative on IPv6-only systems.) + * XX/teor - is there a better way to decide which errno to return? + * (I doubt we care much either way, once there is an error.) + */ + return -first_errno; + } + } + } + /* If there is no 127.0.0.1 or ::1, this will and must fail. Otherwise, we + * risk exposing a socketpair on a routable IP address. (Some BSD jails + * use a routable address for localhost. Fortunately, they have the real + * AF_UNIX socketpair.) */ + if (ersatz_domain == AF_INET) { + tor_addr_from_ipv4h(&listen_tor_addr, INADDR_LOOPBACK); + } else { + tor_addr_parse(&listen_tor_addr, "[::1]"); + } + tor_assert(tor_addr_is_loopback(&listen_tor_addr)); + size = tor_addr_to_sockaddr(&listen_tor_addr, + 0 /* kernel chooses port. */, + listen_addr, + sizeof(listen_addr_ss)); + if (bind(listener, listen_addr, size) == -1) goto tidy_up_and_fail; if (listen(listener, 1) == -1) goto tidy_up_and_fail; - connector = tor_open_socket(AF_INET, type, 0); + connector = tor_open_socket(ersatz_domain, type, 0); if (!SOCKET_OK(connector)) goto tidy_up_and_fail; /* We want to find out the port number to connect to. */ - size = sizeof(connect_addr); - if (getsockname(listener, (struct sockaddr *) &connect_addr, &size) == -1) + size = sizeof(connect_addr_ss); + if (getsockname(listener, connect_addr, &size) == -1) goto tidy_up_and_fail; - if (size != sizeof (connect_addr)) + if (size != SIZEOF_SOCKADDR (connect_addr->sa_family)) goto abort_tidy_up_and_fail; - if (connect(connector, (struct sockaddr *) &connect_addr, - sizeof(connect_addr)) == -1) + if (connect(connector, connect_addr, size) == -1) goto tidy_up_and_fail; - size = sizeof(listen_addr); - acceptor = tor_accept_socket(listener, - (struct sockaddr *) &listen_addr, &size); + size = sizeof(listen_addr_ss); + acceptor = tor_accept_socket(listener, listen_addr, &size); if (!SOCKET_OK(acceptor)) goto tidy_up_and_fail; - if (size != sizeof(listen_addr)) + if (size != SIZEOF_SOCKADDR(listen_addr->sa_family)) goto abort_tidy_up_and_fail; /* Now check we are talking to ourself by matching port and host on the two sockets. */ - if (getsockname(connector, (struct sockaddr *) &connect_addr, &size) == -1) + if (getsockname(connector, connect_addr, &size) == -1) goto tidy_up_and_fail; - if (size != sizeof (connect_addr) - || listen_addr.sin_family != connect_addr.sin_family - || listen_addr.sin_addr.s_addr != connect_addr.sin_addr.s_addr - || listen_addr.sin_port != connect_addr.sin_port) { + /* Set *_tor_addr and *_port to the address and port that was used */ + tor_addr_from_sockaddr(&listen_tor_addr, listen_addr, &listen_port); + tor_addr_from_sockaddr(&connect_tor_addr, connect_addr, &connect_port); + if (size != SIZEOF_SOCKADDR (connect_addr->sa_family) + || tor_addr_compare(&listen_tor_addr, &connect_tor_addr, CMP_SEMANTIC) + || listen_port != connect_port) { goto abort_tidy_up_and_fail; } tor_close_socket(listener); @@ -1590,6 +1643,9 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2]) tor_close_socket(acceptor); return -saved_errno; } + +#undef SIZEOF_SOCKADDR + #endif /* Return the maximum number of allowed sockets. */ @@ -1917,17 +1973,99 @@ tor_getpwuid(uid_t uid) } #endif +/** Return true iff we were compiled with capability support, and capabilities + * seem to work. **/ +int +have_capability_support(void) +{ +#ifdef HAVE_LINUX_CAPABILITIES + cap_t caps = cap_get_proc(); + if (caps == NULL) + return 0; + cap_free(caps); + return 1; +#else + return 0; +#endif +} + +#ifdef HAVE_LINUX_CAPABILITIES +/** Helper. Drop all capabilities but a small set, and set PR_KEEPCAPS as + * appropriate. + * + * If pre_setuid, retain only CAP_NET_BIND_SERVICE, CAP_SETUID, and + * CAP_SETGID, and use PR_KEEPCAPS to ensure that capabilities persist across + * setuid(). + * + * If not pre_setuid, retain only CAP_NET_BIND_SERVICE, and disable + * PR_KEEPCAPS. + * + * Return 0 on success, and -1 on failure. + */ +static int +drop_capabilities(int pre_setuid) +{ + /* We keep these three capabilities, and these only, as we setuid. + * After we setuid, we drop all but the first. */ + const cap_value_t caplist[] = { + CAP_NET_BIND_SERVICE, CAP_SETUID, CAP_SETGID + }; + const char *where = pre_setuid ? "pre-setuid" : "post-setuid"; + const int n_effective = pre_setuid ? 3 : 1; + const int n_permitted = pre_setuid ? 3 : 1; + const int n_inheritable = 1; + const int keepcaps = pre_setuid ? 1 : 0; + + /* Sets whether we keep capabilities across a setuid. */ + if (prctl(PR_SET_KEEPCAPS, keepcaps) < 0) { + log_warn(LD_CONFIG, "Unable to call prctl() %s: %s", + where, strerror(errno)); + return -1; + } + + cap_t caps = cap_get_proc(); + if (!caps) { + log_warn(LD_CONFIG, "Unable to call cap_get_proc() %s: %s", + where, strerror(errno)); + return -1; + } + cap_clear(caps); + + cap_set_flag(caps, CAP_EFFECTIVE, n_effective, caplist, CAP_SET); + cap_set_flag(caps, CAP_PERMITTED, n_permitted, caplist, CAP_SET); + cap_set_flag(caps, CAP_INHERITABLE, n_inheritable, caplist, CAP_SET); + + int r = cap_set_proc(caps); + cap_free(caps); + if (r < 0) { + log_warn(LD_CONFIG, "No permission to set capabilities %s: %s", + where, strerror(errno)); + return -1; + } + + return 0; +} +#endif + /** Call setuid and setgid to run as <b>user</b> and switch to their * primary group. Return 0 on success. On failure, log and return -1. + * + * If SWITCH_ID_KEEP_BINDLOW is set in 'flags', try to use the capability + * system to retain the abilitity to bind low ports. + * + * If SWITCH_ID_WARN_IF_NO_CAPS is set in flags, also warn if we have + * don't have capability support. */ int -switch_id(const char *user) +switch_id(const char *user, const unsigned flags) { #ifndef _WIN32 const struct passwd *pw = NULL; uid_t old_uid; gid_t old_gid; static int have_already_switched_id = 0; + const int keep_bindlow = !!(flags & SWITCH_ID_KEEP_BINDLOW); + const int warn_if_no_caps = !!(flags & SWITCH_ID_WARN_IF_NO_CAPS); tor_assert(user); @@ -1951,6 +2089,20 @@ switch_id(const char *user) return -1; } +#ifdef HAVE_LINUX_CAPABILITIES + (void) warn_if_no_caps; + if (keep_bindlow) { + if (drop_capabilities(1)) + return -1; + } +#else + (void) keep_bindlow; + if (warn_if_no_caps) { + log_warn(LD_CONFIG, "KeepBindCapabilities set, but no capability support " + "on this system."); + } +#endif + /* Properly switch egid,gid,euid,uid here or bail out */ if (setgroups(1, &pw->pw_gid)) { log_warn(LD_GENERAL, "Error setting groups to gid %d: \"%s\".", @@ -2004,6 +2156,12 @@ switch_id(const char *user) /* We've properly switched egid, gid, euid, uid, and supplementary groups if * we're here. */ +#ifdef HAVE_LINUX_CAPABILITIES + if (keep_bindlow) { + if (drop_capabilities(0)) + return -1; + } +#endif #if !defined(CYGWIN) && !defined(__CYGWIN__) /* If we tried to drop privilege to a group/user other than root, attempt to @@ -2051,9 +2209,9 @@ switch_id(const char *user) #else (void)user; + (void)flags; - log_warn(LD_CONFIG, - "User specified but switching users is unsupported on your OS."); + log_warn(LD_CONFIG, "Switching users is unsupported on your OS."); return -1; #endif } @@ -2537,8 +2695,7 @@ static int uname_result_is_set = 0; /** Return a pointer to a description of our platform. */ -const char * -get_uname(void) +MOCK_IMPL(const char *, get_uname, (void)) { #ifdef HAVE_UNAME struct utsname u; diff --git a/src/common/compat.h b/src/common/compat.h index c7c468c754..b6ee4106db 100644 --- a/src/common/compat.h +++ b/src/common/compat.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_COMPAT_H @@ -42,6 +42,15 @@ #include <netinet6/in6.h> #endif +#if defined(__has_feature) +# if __has_feature(address_sanitizer) +/* Some of the fancy glibc strcmp() macros include references to memory that + * clang rejects because it is off the end of a less-than-3. Clang hates this, + * even though those references never actually happen. */ +# undef strcmp +# endif +#endif + #include <stdio.h> #include <errno.h> @@ -75,9 +84,7 @@ /* inline is __inline on windows. */ #ifdef _WIN32 -#define INLINE __inline -#else -#define INLINE inline +#define inline __inline #endif /* Try to get a reasonable __func__ substitute in place. */ @@ -118,6 +125,7 @@ #define ATTR_CONST __attribute__((const)) #define ATTR_MALLOC __attribute__((malloc)) #define ATTR_NORETURN __attribute__((noreturn)) +#define ATTR_WUR __attribute__((warn_unused_result)) /* Alas, nonnull is not at present a good idea for us. We'd like to get * warnings when we pass NULL where we shouldn't (which nonnull does, albeit * spottily), but we don't want to tell the compiler to make optimizations @@ -153,6 +161,7 @@ #define ATTR_NORETURN #define ATTR_NONNULL(x) #define ATTR_UNUSED +#define ATTR_WUR #define PREDICT_LIKELY(exp) (exp) #define PREDICT_UNLIKELY(exp) (exp) #endif @@ -288,7 +297,7 @@ const void *tor_memmem(const void *haystack, size_t hlen, const void *needle, size_t nlen) ATTR_NONNULL((1,3)); static const void *tor_memstr(const void *haystack, size_t hlen, const char *needle) ATTR_NONNULL((1,3)); -static INLINE const void * +static inline const void * tor_memstr(const void *haystack, size_t hlen, const char *needle) { return tor_memmem(haystack, hlen, needle, strlen(needle)); @@ -299,7 +308,7 @@ tor_memstr(const void *haystack, size_t hlen, const char *needle) #define DECLARE_CTYPE_FN(name) \ static int TOR_##name(char c); \ extern const uint32_t TOR_##name##_TABLE[]; \ - static INLINE int TOR_##name(char c) { \ + static inline int TOR_##name(char c) { \ uint8_t u = c; \ return !!(TOR_##name##_TABLE[(u >> 5) & 7] & (1u << (u & 31))); \ } @@ -421,7 +430,7 @@ typedef int socklen_t; #ifdef _WIN32 /* XXX Actually, this should arguably be SOCKET; we use intptr_t here so that - * any inadvertant checks for the socket being <= 0 or > 0 will probably + * any inadvertent checks for the socket being <= 0 or > 0 will probably * still work. */ #define tor_socket_t intptr_t #define TOR_SOCKET_T_FORMAT INTPTR_T_FORMAT @@ -601,7 +610,7 @@ typedef enum { } socks5_reply_status_t; /* ===== OS compatibility */ -const char *get_uname(void); +MOCK_DECL(const char *, get_uname, (void)); uint16_t get_uint16(const void *cp) ATTR_NONNULL((1)); uint32_t get_uint32(const void *cp) ATTR_NONNULL((1)); @@ -613,7 +622,7 @@ void set_uint64(void *cp, uint64_t v) ATTR_NONNULL((1)); /* These uint8 variants are defined to make the code more uniform. */ #define get_uint8(cp) (*(const uint8_t*)(cp)) static void set_uint8(void *cp, uint8_t v); -static INLINE void +static inline void set_uint8(void *cp, uint8_t v) { *(uint8_t*)cp = v; @@ -625,7 +634,18 @@ typedef unsigned long rlim_t; int get_max_sockets(void); int set_max_file_descriptors(rlim_t limit, int *max); int tor_disable_debugger_attach(void); -int switch_id(const char *user); + +#if defined(HAVE_SYS_CAPABILITY_H) && defined(HAVE_CAP_SET_PROC) +#define HAVE_LINUX_CAPABILITIES +#endif + +int have_capability_support(void); + +/** Flag for switch_id; see switch_id() for documentation */ +#define SWITCH_ID_KEEP_BINDLOW (1<<0) +/** Flag for switch_id; see switch_id() for documentation */ +#define SWITCH_ID_WARN_IF_NO_CAPS (1<<1) +int switch_id(const char *user, unsigned flags); #ifdef HAVE_PWD_H char *get_user_homedir(const char *username); #endif diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c index a366b6c9c6..cc58883750 100644 --- a/src/common/compat_libevent.c +++ b/src/common/compat_libevent.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2009-2015, The Tor Project, Inc. */ +/* Copyright (c) 2009-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -11,6 +11,7 @@ #include "orconfig.h" #include "compat.h" +#define COMPAT_LIBEVENT_PRIVATE #include "compat_libevent.h" #include "crypto.h" @@ -28,39 +29,11 @@ #include <event.h> #endif -/** A number representing a version of Libevent. - - This is a 4-byte number, with the first three bytes representing the - major, minor, and patchlevel respectively of the library. The fourth - byte is unused. - - This is equivalent to the format of LIBEVENT_VERSION_NUMBER on Libevent - 2.0.1 or later. For versions of Libevent before 1.4.0, which followed the - format of "1.0, 1.0a, 1.0b", we define 1.0 to be equivalent to 1.0.0, 1.0a - to be equivalent to 1.0.1, and so on. -*/ -typedef uint32_t le_version_t; - -/** @{ */ -/** Macros: returns the number of a libevent version as a le_version_t */ -#define V(major, minor, patch) \ - (((major) << 24) | ((minor) << 16) | ((patch) << 8)) -#define V_OLD(major, minor, patch) \ - V((major), (minor), (patch)-'a'+1) -/** @} */ - -/** Represetns a version of libevent so old we can't figure out what version - * it is. */ -#define LE_OLD V(0,0,0) -/** Represents a version of libevent so weird we can't figure out what version - * it is. */ -#define LE_OTHER V(0,0,99) - /** A string which, if it appears in a libevent log, should be ignored. */ static const char *suppress_msg = NULL; /** Callback function passed to event_set_log() so we can intercept * log messages from libevent. */ -static void +STATIC void libevent_logging_callback(int severity, const char *msg) { char buf[1024]; @@ -274,6 +247,7 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg) MOCK_IMPL(struct event_base *, tor_libevent_get_base, (void)) { + tor_assert(the_event_base != NULL); return the_event_base; } @@ -291,7 +265,7 @@ tor_libevent_get_method(void) /** Return the le_version_t for the version of libevent specified in the * string <b>v</b>. If the version is very new or uses an unrecognized * version, format, return LE_OTHER. */ -static le_version_t +STATIC le_version_t tor_decode_libevent_version(const char *v) { unsigned major, minor, patchlevel; @@ -322,7 +296,7 @@ tor_decode_libevent_version(const char *v) * Two different versions with different numbers are sure not to be binary * compatible. Two different versions with the same numbers have a decent * chance of binary compatibility.*/ -static int +STATIC int le_versions_compatibility(le_version_t v) { if (v == LE_OTHER) diff --git a/src/common/compat_libevent.h b/src/common/compat_libevent.h index 39181efb7b..4b8b300112 100644 --- a/src/common/compat_libevent.h +++ b/src/common/compat_libevent.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2009-2015, The Tor Project, Inc. */ +/* Copyright (c) 2009-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_COMPAT_LIBEVENT_H @@ -91,5 +91,42 @@ void tor_gettimeofday_cache_set(const struct timeval *tv); #endif void tor_gettimeofday_cached_monotonic(struct timeval *tv); +#ifdef COMPAT_LIBEVENT_PRIVATE +/** A number representing a version of Libevent. + + This is a 4-byte number, with the first three bytes representing the + major, minor, and patchlevel respectively of the library. The fourth + byte is unused. + + This is equivalent to the format of LIBEVENT_VERSION_NUMBER on Libevent + 2.0.1 or later. For versions of Libevent before 1.4.0, which followed the + format of "1.0, 1.0a, 1.0b", we define 1.0 to be equivalent to 1.0.0, 1.0a + to be equivalent to 1.0.1, and so on. +*/ +typedef uint32_t le_version_t; + +/** @{ */ +/** Macros: returns the number of a libevent version as a le_version_t */ +#define V(major, minor, patch) \ + (((major) << 24) | ((minor) << 16) | ((patch) << 8)) +#define V_OLD(major, minor, patch) \ + V((major), (minor), (patch)-'a'+1) +/** @} */ + +/** Represetns a version of libevent so old we can't figure out what version + * it is. */ +#define LE_OLD V(0,0,0) +/** Represents a version of libevent so weird we can't figure out what version + * it is. */ +#define LE_OTHER V(0,0,99) + +STATIC void +libevent_logging_callback(int severity, const char *msg); +STATIC le_version_t +tor_decode_libevent_version(const char *v); +STATIC int +le_versions_compatibility(le_version_t v); +#endif + #endif diff --git a/src/common/compat_openssl.h b/src/common/compat_openssl.h new file mode 100644 index 0000000000..a7bdb0a224 --- /dev/null +++ b/src/common/compat_openssl.h @@ -0,0 +1,46 @@ +/* Copyright (c) 2001, Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2016, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef TOR_COMPAT_OPENSSL_H +#define TOR_COMPAT_OPENSSL_H + +#include <openssl/opensslv.h> + +/** + * \file compat_openssl.h + * + * \brief compatability definitions for working with different openssl forks + **/ + +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) +#error "We require OpenSSL >= 1.0.0" +#endif + +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \ + ! defined(LIBRESSL_VERSION_NUMBER) +/* We define this macro if we're trying to build with the majorly refactored + * API in OpenSSL 1.1 */ +#define OPENSSL_1_1_API +#endif + +#ifndef OPENSSL_1_1_API +#define OPENSSL_VERSION SSLEAY_VERSION +#define OpenSSL_version(v) SSLeay_version(v) +#define OpenSSL_version_num() SSLeay() +#define RAND_OpenSSL() RAND_SSLeay() +#define STATE_IS_SW_SERVER_HELLO(st) \ + (((st) == SSL3_ST_SW_SRVR_HELLO_A) || \ + ((st) == SSL3_ST_SW_SRVR_HELLO_B)) +#define OSSL_HANDSHAKE_STATE int +#define CONST_IF_OPENSSL_1_1_API +#else +#define STATE_IS_SW_SERVER_HELLO(st) \ + ((st) == TLS_ST_SW_SRVR_HELLO) +#define CONST_IF_OPENSSL_1_1_API const +#endif + +#endif + diff --git a/src/common/compat_pthreads.c b/src/common/compat_pthreads.c index 4b32fc93d2..1b24cc3c2a 100644 --- a/src/common/compat_pthreads.c +++ b/src/common/compat_pthreads.c @@ -1,8 +1,15 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ +/** + * \file compat_pthreads.c + * + * \brief Implementation for the pthreads-based multithreading backend + * functions. + */ + #define _GNU_SOURCE #include "orconfig.h" @@ -185,7 +192,8 @@ tor_cond_init(tor_cond_t *cond) return -1; } -#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) +#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) \ + && defined(HAVE_PTHREAD_CONDATTR_SETCLOCK) /* Use monotonic time so when we timedwait() on it, any clock adjustment * won't affect the timeout value. */ if (pthread_condattr_setclock(&condattr, CLOCK_MONOTONIC)) { diff --git a/src/common/compat_threads.c b/src/common/compat_threads.c index 85ad737574..8f9001258a 100644 --- a/src/common/compat_threads.c +++ b/src/common/compat_threads.c @@ -1,8 +1,16 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ +/** + * \file compat_threads.c + * + * \brief Cross-platform threading and inter-thread communication logic. + * (Platform-specific parts are written in the other compat_*threads + * modules.) + */ + #define _GNU_SOURCE #include "orconfig.h" diff --git a/src/common/compat_threads.h b/src/common/compat_threads.h index 71562ba3ef..171a9f93ff 100644 --- a/src/common/compat_threads.h +++ b/src/common/compat_threads.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_COMPAT_THREADS_H diff --git a/src/common/compat_winthreads.c b/src/common/compat_winthreads.c index 9a87daa871..735be4ad17 100644 --- a/src/common/compat_winthreads.c +++ b/src/common/compat_winthreads.c @@ -1,8 +1,15 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ +/** + * \file compat_winthreads.c + * + * \brief Implementation for the windows-based multithreading backend + * functions. + */ + #ifdef _WIN32 #include "compat.h" diff --git a/src/common/container.c b/src/common/container.c index 636dfb6c57..ddf3bafa91 100644 --- a/src/common/container.c +++ b/src/common/container.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -55,36 +55,40 @@ smartlist_free,(smartlist_t *sl)) void smartlist_clear(smartlist_t *sl) { + memset(sl->list, 0, sizeof(void *) * sl->num_used); sl->num_used = 0; } +#if SIZE_MAX < INT_MAX +#error "We don't support systems where size_t is smaller than int." +#endif + /** Make sure that <b>sl</b> can hold at least <b>size</b> entries. */ -static INLINE void -smartlist_ensure_capacity(smartlist_t *sl, int size) +static inline void +smartlist_ensure_capacity(smartlist_t *sl, size_t size) { -#if SIZEOF_SIZE_T > SIZEOF_INT + /* Set MAX_CAPACITY to MIN(INT_MAX, SIZE_MAX / sizeof(void*)) */ +#if (SIZE_MAX/SIZEOF_VOID_P) > INT_MAX #define MAX_CAPACITY (INT_MAX) #else #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*)))) -#define ASSERT_CAPACITY #endif - if (size > sl->capacity) { - int higher = sl->capacity; + + tor_assert(size <= MAX_CAPACITY); + + if (size > (size_t) sl->capacity) { + size_t higher = (size_t) sl->capacity; if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) { -#ifdef ASSERT_CAPACITY - /* We don't include this assertion when MAX_CAPACITY == INT_MAX, - * since int size; (size <= INT_MAX) makes analysis tools think we're - * doing something stupid. */ - tor_assert(size <= MAX_CAPACITY); -#endif higher = MAX_CAPACITY; } else { while (size > higher) higher *= 2; } - sl->capacity = higher; sl->list = tor_reallocarray(sl->list, sizeof(void *), - ((size_t)sl->capacity)); + ((size_t)higher)); + memset(sl->list + sl->capacity, 0, + sizeof(void *) * (higher - sl->capacity)); + sl->capacity = (int) higher; } #undef ASSERT_CAPACITY #undef MAX_CAPACITY @@ -94,7 +98,7 @@ smartlist_ensure_capacity(smartlist_t *sl, int size) void smartlist_add(smartlist_t *sl, void *element) { - smartlist_ensure_capacity(sl, sl->num_used+1); + smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1); sl->list[sl->num_used++] = element; } @@ -102,11 +106,12 @@ smartlist_add(smartlist_t *sl, void *element) void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2) { - int new_size = s1->num_used + s2->num_used; - tor_assert(new_size >= s1->num_used); /* check for overflow. */ + size_t new_size = (size_t)s1->num_used + (size_t)s2->num_used; + tor_assert(new_size >= (size_t) s1->num_used); /* check for overflow. */ smartlist_ensure_capacity(s1, new_size); memcpy(s1->list + s1->num_used, s2->list, s2->num_used*sizeof(void*)); - s1->num_used = new_size; + tor_assert(new_size <= INT_MAX); /* redundant. */ + s1->num_used = (int) new_size; } /** Remove all elements E from sl such that E==element. Preserve @@ -123,6 +128,7 @@ smartlist_remove(smartlist_t *sl, const void *element) if (sl->list[i] == element) { sl->list[i] = sl->list[--sl->num_used]; /* swap with the end */ i--; /* so we process the new i'th element */ + sl->list[sl->num_used] = NULL; } } @@ -132,9 +138,11 @@ void * smartlist_pop_last(smartlist_t *sl) { tor_assert(sl); - if (sl->num_used) - return sl->list[--sl->num_used]; - else + if (sl->num_used) { + void *tmp = sl->list[--sl->num_used]; + sl->list[sl->num_used] = NULL; + return tmp; + } else return NULL; } @@ -165,6 +173,7 @@ smartlist_string_remove(smartlist_t *sl, const char *element) tor_free(sl->list[i]); sl->list[i] = sl->list[--sl->num_used]; /* swap with the end */ i--; /* so we process the new i'th element */ + sl->list[sl->num_used] = NULL; } } } @@ -321,6 +330,7 @@ smartlist_intersect(smartlist_t *sl1, const smartlist_t *sl2) if (!smartlist_contains(sl2, sl1->list[i])) { sl1->list[i] = sl1->list[--sl1->num_used]; /* swap with the end */ i--; /* so we process the new i'th element */ + sl1->list[sl1->num_used] = NULL; } } @@ -345,6 +355,7 @@ smartlist_del(smartlist_t *sl, int idx) tor_assert(idx>=0); tor_assert(idx < sl->num_used); sl->list[idx] = sl->list[--sl->num_used]; + sl->list[sl->num_used] = NULL; } /** Remove the <b>idx</b>th element of sl; if idx is not the last element, @@ -360,6 +371,7 @@ smartlist_del_keeporder(smartlist_t *sl, int idx) --sl->num_used; if (idx < sl->num_used) memmove(sl->list+idx, sl->list+idx+1, sizeof(void*)*(sl->num_used-idx)); + sl->list[sl->num_used] = NULL; } /** Insert the value <b>val</b> as the new <b>idx</b>th element of @@ -375,7 +387,7 @@ smartlist_insert(smartlist_t *sl, int idx, void *val) if (idx == sl->num_used) { smartlist_add(sl, val); } else { - smartlist_ensure_capacity(sl, sl->num_used+1); + smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1); /* Move other elements away */ if (idx < sl->num_used) memmove(sl->list + idx + 1, sl->list + idx, @@ -828,9 +840,17 @@ smartlist_sort_pointers(smartlist_t *sl) * * For a 1-indexed array, we would use LEFT_CHILD[x] = 2*x and RIGHT_CHILD[x] * = 2*x + 1. But this is C, so we have to adjust a little. */ -//#define LEFT_CHILD(i) ( ((i)+1)*2 - 1) -//#define RIGHT_CHILD(i) ( ((i)+1)*2 ) -//#define PARENT(i) ( ((i)+1)/2 - 1) + +/* MAX_PARENT_IDX is the largest IDX in the smartlist which might have + * children whose indices fit inside an int. + * LEFT_CHILD(MAX_PARENT_IDX) == INT_MAX-2; + * RIGHT_CHILD(MAX_PARENT_IDX) == INT_MAX-1; + * LEFT_CHILD(MAX_PARENT_IDX + 1) == INT_MAX // impossible, see max list size. + */ +#define MAX_PARENT_IDX ((INT_MAX - 2) / 2) +/* If this is true, then i is small enough to potentially have children + * in the smartlist, and it is save to use LEFT_CHILD/RIGHT_CHILD on it. */ +#define IDX_MAY_HAVE_CHILDREN(i) ((i) <= MAX_PARENT_IDX) #define LEFT_CHILD(i) ( 2*(i) + 1 ) #define RIGHT_CHILD(i) ( 2*(i) + 2 ) #define PARENT(i) ( ((i)-1) / 2 ) @@ -857,13 +877,21 @@ smartlist_sort_pointers(smartlist_t *sl) /** Helper. <b>sl</b> may have at most one violation of the heap property: * the item at <b>idx</b> may be greater than one or both of its children. * Restore the heap property. */ -static INLINE void +static inline void smartlist_heapify(smartlist_t *sl, int (*compare)(const void *a, const void *b), int idx_field_offset, int idx) { while (1) { + if (! IDX_MAY_HAVE_CHILDREN(idx)) { + /* idx is so large that it cannot have any children, since doing so + * would mean the smartlist was over-capacity. Therefore it cannot + * violate the heap property by being greater than a child (since it + * doesn't have any). */ + return; + } + int left_idx = LEFT_CHILD(idx); int best_idx; @@ -937,9 +965,11 @@ smartlist_pqueue_pop(smartlist_t *sl, *IDXP(top)=-1; if (--sl->num_used) { sl->list[0] = sl->list[sl->num_used]; + sl->list[sl->num_used] = NULL; UPDATE_IDX(0); smartlist_heapify(sl, compare, idx_field_offset, 0); } + sl->list[sl->num_used] = NULL; return top; } @@ -959,9 +989,11 @@ smartlist_pqueue_remove(smartlist_t *sl, --sl->num_used; *IDXP(item) = -1; if (idx == sl->num_used) { + sl->list[sl->num_used] = NULL; return; } else { sl->list[idx] = sl->list[sl->num_used]; + sl->list[sl->num_used] = NULL; UPDATE_IDX(idx); smartlist_heapify(sl, compare, idx_field_offset, idx); } @@ -1054,35 +1086,35 @@ DEFINE_MAP_STRUCTS(digestmap_t, char key[DIGEST_LEN], digestmap_); DEFINE_MAP_STRUCTS(digest256map_t, uint8_t key[DIGEST256_LEN], digest256map_); /** Helper: compare strmap_entry_t objects by key value. */ -static INLINE int +static inline int strmap_entries_eq(const strmap_entry_t *a, const strmap_entry_t *b) { return !strcmp(a->key, b->key); } /** Helper: return a hash value for a strmap_entry_t. */ -static INLINE unsigned int +static inline unsigned int strmap_entry_hash(const strmap_entry_t *a) { return (unsigned) siphash24g(a->key, strlen(a->key)); } /** Helper: compare digestmap_entry_t objects by key value. */ -static INLINE int +static inline int digestmap_entries_eq(const digestmap_entry_t *a, const digestmap_entry_t *b) { return tor_memeq(a->key, b->key, DIGEST_LEN); } /** Helper: return a hash value for a digest_map_t. */ -static INLINE unsigned int +static inline unsigned int digestmap_entry_hash(const digestmap_entry_t *a) { return (unsigned) siphash24g(a->key, DIGEST_LEN); } /** Helper: compare digestmap_entry_t objects by key value. */ -static INLINE int +static inline int digest256map_entries_eq(const digest256map_entry_t *a, const digest256map_entry_t *b) { @@ -1090,7 +1122,7 @@ digest256map_entries_eq(const digest256map_entry_t *a, } /** Helper: return a hash value for a digest_map_t. */ -static INLINE unsigned int +static inline unsigned int digest256map_entry_hash(const digest256map_entry_t *a) { return (unsigned) siphash24g(a->key, DIGEST256_LEN); @@ -1113,49 +1145,49 @@ HT_GENERATE2(digest256map_impl, digest256map_entry_t, node, digest256map_entry_hash, digest256map_entries_eq, 0.6, tor_reallocarray_, tor_free_) -static INLINE void +static inline void strmap_entry_free(strmap_entry_t *ent) { tor_free(ent->key); tor_free(ent); } -static INLINE void +static inline void digestmap_entry_free(digestmap_entry_t *ent) { tor_free(ent); } -static INLINE void +static inline void digest256map_entry_free(digest256map_entry_t *ent) { tor_free(ent); } -static INLINE void +static inline void strmap_assign_tmp_key(strmap_entry_t *ent, const char *key) { ent->key = (char*)key; } -static INLINE void +static inline void digestmap_assign_tmp_key(digestmap_entry_t *ent, const char *key) { memcpy(ent->key, key, DIGEST_LEN); } -static INLINE void +static inline void digest256map_assign_tmp_key(digest256map_entry_t *ent, const uint8_t *key) { memcpy(ent->key, key, DIGEST256_LEN); } -static INLINE void +static inline void strmap_assign_key(strmap_entry_t *ent, const char *key) { ent->key = tor_strdup(key); } -static INLINE void +static inline void digestmap_assign_key(digestmap_entry_t *ent, const char *key) { memcpy(ent->key, key, DIGEST_LEN); } -static INLINE void +static inline void digest256map_assign_key(digest256map_entry_t *ent, const uint8_t *key) { memcpy(ent->key, key, DIGEST256_LEN); diff --git a/src/common/container.h b/src/common/container.h index bf4f04762c..92ad3f5ec7 100644 --- a/src/common/container.h +++ b/src/common/container.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_CONTAINER_H @@ -53,21 +53,21 @@ void smartlist_subtract(smartlist_t *sl1, const smartlist_t *sl2); #ifdef DEBUG_SMARTLIST /** Return the number of items in sl. */ -static INLINE int smartlist_len(const smartlist_t *sl); -static INLINE int smartlist_len(const smartlist_t *sl) { +static inline int smartlist_len(const smartlist_t *sl); +static inline int smartlist_len(const smartlist_t *sl) { tor_assert(sl); return (sl)->num_used; } /** Return the <b>idx</b>th element of sl. */ -static INLINE void *smartlist_get(const smartlist_t *sl, int idx); -static INLINE void *smartlist_get(const smartlist_t *sl, int idx) { +static inline void *smartlist_get(const smartlist_t *sl, int idx); +static inline void *smartlist_get(const smartlist_t *sl, int idx) { tor_assert(sl); tor_assert(idx>=0); tor_assert(sl->num_used > idx); return sl->list[idx]; } -static INLINE void smartlist_set(smartlist_t *sl, int idx, void *val) { +static inline void smartlist_set(smartlist_t *sl, int idx, void *val) { tor_assert(sl); tor_assert(idx>=0); tor_assert(sl->num_used > idx); @@ -81,7 +81,7 @@ static INLINE void smartlist_set(smartlist_t *sl, int idx, void *val) { /** Exchange the elements at indices <b>idx1</b> and <b>idx2</b> of the * smartlist <b>sl</b>. */ -static INLINE void smartlist_swap(smartlist_t *sl, int idx1, int idx2) +static inline void smartlist_swap(smartlist_t *sl, int idx1, int idx2) { if (idx1 != idx2) { void *elt = smartlist_get(sl, idx1); @@ -500,64 +500,64 @@ void* strmap_remove_lc(strmap_t *map, const char *key); #define DECLARE_TYPED_DIGESTMAP_FNS(prefix, maptype, valtype) \ typedef struct maptype maptype; \ typedef struct prefix##iter_t *prefix##iter_t; \ - ATTR_UNUSED static INLINE maptype* \ + ATTR_UNUSED static inline maptype* \ prefix##new(void) \ { \ return (maptype*)digestmap_new(); \ } \ - ATTR_UNUSED static INLINE digestmap_t* \ + ATTR_UNUSED static inline digestmap_t* \ prefix##to_digestmap(maptype *map) \ { \ return (digestmap_t*)map; \ } \ - ATTR_UNUSED static INLINE valtype* \ + ATTR_UNUSED static inline valtype* \ prefix##get(maptype *map, const char *key) \ { \ return (valtype*)digestmap_get((digestmap_t*)map, key); \ } \ - ATTR_UNUSED static INLINE valtype* \ + ATTR_UNUSED static inline valtype* \ prefix##set(maptype *map, const char *key, valtype *val) \ { \ return (valtype*)digestmap_set((digestmap_t*)map, key, val); \ } \ - ATTR_UNUSED static INLINE valtype* \ + ATTR_UNUSED static inline valtype* \ prefix##remove(maptype *map, const char *key) \ { \ return (valtype*)digestmap_remove((digestmap_t*)map, key); \ } \ - ATTR_UNUSED static INLINE void \ + ATTR_UNUSED static inline void \ prefix##free(maptype *map, void (*free_val)(void*)) \ { \ digestmap_free((digestmap_t*)map, free_val); \ } \ - ATTR_UNUSED static INLINE int \ + ATTR_UNUSED static inline int \ prefix##isempty(maptype *map) \ { \ return digestmap_isempty((digestmap_t*)map); \ } \ - ATTR_UNUSED static INLINE int \ + ATTR_UNUSED static inline int \ prefix##size(maptype *map) \ { \ return digestmap_size((digestmap_t*)map); \ } \ - ATTR_UNUSED static INLINE \ + ATTR_UNUSED static inline \ prefix##iter_t *prefix##iter_init(maptype *map) \ { \ return (prefix##iter_t*) digestmap_iter_init((digestmap_t*)map); \ } \ - ATTR_UNUSED static INLINE \ + ATTR_UNUSED static inline \ prefix##iter_t *prefix##iter_next(maptype *map, prefix##iter_t *iter) \ { \ return (prefix##iter_t*) digestmap_iter_next( \ (digestmap_t*)map, (digestmap_iter_t*)iter); \ } \ - ATTR_UNUSED static INLINE prefix##iter_t* \ + ATTR_UNUSED static inline prefix##iter_t* \ prefix##iter_next_rmv(maptype *map, prefix##iter_t *iter) \ { \ return (prefix##iter_t*) digestmap_iter_next_rmv( \ (digestmap_t*)map, (digestmap_iter_t*)iter); \ } \ - ATTR_UNUSED static INLINE void \ + ATTR_UNUSED static inline void \ prefix##iter_get(prefix##iter_t *iter, \ const char **keyp, \ valtype **valp) \ @@ -566,7 +566,7 @@ void* strmap_remove_lc(strmap_t *map, const char *key); digestmap_iter_get((digestmap_iter_t*) iter, keyp, &v); \ *valp = v; \ } \ - ATTR_UNUSED static INLINE int \ + ATTR_UNUSED static inline int \ prefix##iter_done(prefix##iter_t *iter) \ { \ return digestmap_iter_done((digestmap_iter_t*)iter); \ @@ -584,7 +584,7 @@ void* strmap_remove_lc(strmap_t *map, const char *key); /** A random-access array of one-bit-wide elements. */ typedef unsigned int bitarray_t; /** Create a new bit array that can hold <b>n_bits</b> bits. */ -static INLINE bitarray_t * +static inline bitarray_t * bitarray_init_zero(unsigned int n_bits) { /* round up to the next int. */ @@ -594,7 +594,7 @@ bitarray_init_zero(unsigned int n_bits) /** Expand <b>ba</b> from holding <b>n_bits_old</b> to <b>n_bits_new</b>, * clearing all new bits. Returns a possibly changed pointer to the * bitarray. */ -static INLINE bitarray_t * +static inline bitarray_t * bitarray_expand(bitarray_t *ba, unsigned int n_bits_old, unsigned int n_bits_new) { @@ -611,26 +611,26 @@ bitarray_expand(bitarray_t *ba, return (bitarray_t*) ptr; } /** Free the bit array <b>ba</b>. */ -static INLINE void +static inline void bitarray_free(bitarray_t *ba) { tor_free(ba); } /** Set the <b>bit</b>th bit in <b>b</b> to 1. */ -static INLINE void +static inline void bitarray_set(bitarray_t *b, int bit) { b[bit >> BITARRAY_SHIFT] |= (1u << (bit & BITARRAY_MASK)); } /** Set the <b>bit</b>th bit in <b>b</b> to 0. */ -static INLINE void +static inline void bitarray_clear(bitarray_t *b, int bit) { b[bit >> BITARRAY_SHIFT] &= ~ (1u << (bit & BITARRAY_MASK)); } /** Return true iff <b>bit</b>th bit in <b>b</b> is nonzero. NOTE: does * not necessarily return 1 on true. */ -static INLINE unsigned int +static inline unsigned int bitarray_is_set(bitarray_t *b, int bit) { return b[bit >> BITARRAY_SHIFT] & (1u << (bit & BITARRAY_MASK)); @@ -645,7 +645,7 @@ typedef struct { #define BIT(n) ((n) & set->mask) /** Add the digest <b>digest</b> to <b>set</b>. */ -static INLINE void +static inline void digestset_add(digestset_t *set, const char *digest) { const uint64_t x = siphash24g(digest, 20); @@ -661,7 +661,7 @@ digestset_add(digestset_t *set, const char *digest) /** If <b>digest</b> is in <b>set</b>, return nonzero. Otherwise, * <em>probably</em> return zero. */ -static INLINE int +static inline int digestset_contains(const digestset_t *set, const char *digest) { const uint64_t x = siphash24g(digest, 20); @@ -689,33 +689,33 @@ double find_nth_double(double *array, int n_elements, int nth); int32_t find_nth_int32(int32_t *array, int n_elements, int nth); uint32_t find_nth_uint32(uint32_t *array, int n_elements, int nth); long find_nth_long(long *array, int n_elements, int nth); -static INLINE int +static inline int median_int(int *array, int n_elements) { return find_nth_int(array, n_elements, (n_elements-1)/2); } -static INLINE time_t +static inline time_t median_time(time_t *array, int n_elements) { return find_nth_time(array, n_elements, (n_elements-1)/2); } -static INLINE double +static inline double median_double(double *array, int n_elements) { return find_nth_double(array, n_elements, (n_elements-1)/2); } -static INLINE uint32_t +static inline uint32_t median_uint32(uint32_t *array, int n_elements) { return find_nth_uint32(array, n_elements, (n_elements-1)/2); } -static INLINE int32_t +static inline int32_t median_int32(int32_t *array, int n_elements) { return find_nth_int32(array, n_elements, (n_elements-1)/2); } -static INLINE uint32_t +static inline uint32_t third_quartile_uint32(uint32_t *array, int n_elements) { return find_nth_uint32(array, n_elements, (n_elements*3)/4); diff --git a/src/common/crypto.c b/src/common/crypto.c index 6d4b0d7e16..65a575ebea 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1,13 +1,14 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file crypto.c * \brief Wrapper functions to present a consistent interface to - * public-key and symmetric cryptography operations from OpenSSL. + * public-key and symmetric cryptography operations from OpenSSL and + * other places. **/ #include "orconfig.h" @@ -21,18 +22,13 @@ #undef OCSP_RESPONSE #endif -#include <openssl/opensslv.h> - #define CRYPTO_PRIVATE #include "crypto.h" +#include "compat_openssl.h" #include "crypto_curve25519.h" #include "crypto_ed25519.h" #include "crypto_format.h" -#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) -#error "We require OpenSSL >= 1.0.0" -#endif - #include <openssl/err.h> #include <openssl/rsa.h> #include <openssl/pem.h> @@ -48,6 +44,7 @@ #include <ctype.h> #endif #ifdef HAVE_UNISTD_H +#define _GNU_SOURCE #include <unistd.h> #endif #ifdef HAVE_FCNTL_H @@ -56,6 +53,9 @@ #ifdef HAVE_SYS_FCNTL_H #include <sys/fcntl.h> #endif +#ifdef HAVE_SYS_SYSCALL_H +#include <sys/syscall.h> +#endif #include "torlog.h" #include "aes.h" @@ -65,23 +65,41 @@ #include "sandbox.h" #include "util_format.h" +#include "keccak-tiny/keccak-tiny.h" + #ifdef ANDROID /* Android's OpenSSL seems to have removed all of its Engine support. */ #define DISABLE_ENGINES #endif +#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,4) && \ + !defined(LIBRESSL_VERSION_NUMBER) +/* OpenSSL as of 1.1.0-pre4 has an "new" thread API, which doesn't require + * seting up various callbacks. + * + * Note: Yes, using OPENSSL_VER is naughty, but this was introduced in the + * pre-release series. + */ +#define NEW_THREAD_API +#endif + /** Longest recognized */ #define MAX_DNS_LABEL_SIZE 63 +/** Largest strong entropy request */ +#define MAX_STRONGEST_RAND_SIZE 256 + /** Macro: is k a valid RSA public or private key? */ #define PUBLIC_KEY_OK(k) ((k) && (k)->key && (k)->key->n) /** Macro: is k a valid RSA private key? */ #define PRIVATE_KEY_OK(k) ((k) && (k)->key && (k)->key->p) +#ifndef NEW_THREAD_API /** A number of preallocated mutexes for use by OpenSSL. */ static tor_mutex_t **openssl_mutexes_ = NULL; /** How many mutexes have we allocated for use by OpenSSL? */ static int n_openssl_mutexes_ = 0; +#endif /** A public key, or a public/private key-pair. */ struct crypto_pk_t @@ -110,25 +128,25 @@ static int tor_check_dh_key(int severity, BIGNUM *bn); /** Return the number of bytes added by padding method <b>padding</b>. */ -static INLINE int +static inline int crypto_get_rsa_padding_overhead(int padding) { switch (padding) { case RSA_PKCS1_OAEP_PADDING: return PKCS1_OAEP_PADDING_OVERHEAD; - default: tor_assert(0); return -1; + default: tor_assert(0); return -1; // LCOV_EXCL_LINE } } /** Given a padding method <b>padding</b>, return the correct OpenSSL constant. */ -static INLINE int +static inline int crypto_get_rsa_padding(int padding) { switch (padding) { case PK_PKCS1_OAEP_PADDING: return RSA_PKCS1_OAEP_PADDING; - default: tor_assert(0); return -1; + default: tor_assert(0); return -1; // LCOV_EXCL_LINE } } @@ -227,7 +245,7 @@ const char * crypto_openssl_get_version_str(void) { if (crypto_openssl_version_str == NULL) { - const char *raw_version = SSLeay_version(SSLEAY_VERSION); + const char *raw_version = OpenSSL_version(OPENSSL_VERSION); crypto_openssl_version_str = parse_openssl_version_str(raw_version); } return crypto_openssl_version_str; @@ -248,14 +266,16 @@ crypto_openssl_get_header_version_str(void) /** Make sure that openssl is using its default PRNG. Return 1 if we had to * adjust it; 0 otherwise. */ -static int +STATIC int crypto_force_rand_ssleay(void) { - if (RAND_get_rand_method() != RAND_SSLeay()) { + RAND_METHOD *default_method; + default_method = RAND_OpenSSL(); + if (RAND_get_rand_method() != default_method) { log_notice(LD_CRYPTO, "It appears that one of our engines has provided " "a replacement the OpenSSL RNG. Resetting it to the default " "implementation."); - RAND_set_rand_method(RAND_SSLeay()); + RAND_set_rand_method(default_method); return 1; } return 0; @@ -270,8 +290,7 @@ crypto_init_siphash_key(void) if (have_seeded_siphash) return 0; - if (crypto_rand((char*) &key, sizeof(key)) < 0) - return -1; + crypto_rand((char*) &key, sizeof(key)); siphash_set_global_key(&key); have_seeded_siphash = 1; return 0; @@ -291,16 +310,18 @@ crypto_early_init(void) setup_openssl_threading(); - if (SSLeay() == OPENSSL_VERSION_NUMBER && - !strcmp(SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_TEXT)) { + unsigned long version_num = OpenSSL_version_num(); + const char *version_str = OpenSSL_version(OPENSSL_VERSION); + if (version_num == OPENSSL_VERSION_NUMBER && + !strcmp(version_str, OPENSSL_VERSION_TEXT)) { log_info(LD_CRYPTO, "OpenSSL version matches version from headers " - "(%lx: %s).", SSLeay(), SSLeay_version(SSLEAY_VERSION)); + "(%lx: %s).", version_num, version_str); } else { log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the " "version we're running with. If you get weird crashes, that " "might be why. (Compiled with %lx: %s; running with %lx: %s).", (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, - SSLeay(), SSLeay_version(SSLEAY_VERSION)); + version_num, version_str); } crypto_force_rand_ssleay(); @@ -322,7 +343,8 @@ int crypto_global_init(int useAccel, const char *accelName, const char *accelDir) { if (!crypto_global_initialized_) { - crypto_early_init(); + if (crypto_early_init() < 0) + return -1; crypto_global_initialized_ = 1; @@ -365,8 +387,12 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) used by Tor and the set of algorithms available in the engine */ log_engine("RSA", ENGINE_get_default_RSA()); log_engine("DH", ENGINE_get_default_DH()); +#ifdef OPENSSL_1_1_API + log_engine("EC", ENGINE_get_default_EC()); +#else log_engine("ECDH", ENGINE_get_default_ECDH()); log_engine("ECDSA", ENGINE_get_default_ECDSA()); +#endif log_engine("RAND", ENGINE_get_default_RAND()); log_engine("RAND (which we will not use)", ENGINE_get_default_RAND()); log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1)); @@ -404,10 +430,10 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir) void crypto_thread_cleanup(void) { -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) - ERR_remove_thread_state(NULL); +#ifdef NEW_THREAD_API + ERR_remove_thread_state(); #else - ERR_remove_state(0); + ERR_remove_thread_state(NULL); #endif } @@ -432,9 +458,10 @@ crypto_pk_get_rsa_(crypto_pk_t *env) } /** used by tortls.c: get an equivalent EVP_PKEY* for a crypto_pk_t. Iff - * private is set, include the private-key portion of the key. */ -EVP_PKEY * -crypto_pk_get_evp_pkey_(crypto_pk_t *env, int private) + * private is set, include the private-key portion of the key. Return a valid + * pointer on success, and NULL on failure. */ +MOCK_IMPL(EVP_PKEY *, + crypto_pk_get_evp_pkey_,(crypto_pk_t *env, int private)) { RSA *key = NULL; EVP_PKEY *pkey = NULL; @@ -470,8 +497,8 @@ crypto_dh_get_dh_(crypto_dh_t *dh) /** Allocate and return storage for a public key. The key itself will not yet * be set. */ -crypto_pk_t * -crypto_pk_new(void) +MOCK_IMPL(crypto_pk_t *, + crypto_pk_new,(void)) { RSA *rsa; @@ -553,8 +580,8 @@ crypto_cipher_free(crypto_cipher_t *env) /** Generate a <b>bits</b>-bit new public/private keypair in <b>env</b>. * Return 0 on success, -1 on failure. */ -int -crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits) +MOCK_IMPL(int, + crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits)) { tor_assert(env); @@ -656,7 +683,8 @@ crypto_pk_read_private_key_from_filename(crypto_pk_t *env, return 0; } -/** Helper function to implement crypto_pk_write_*_key_to_string. */ +/** Helper function to implement crypto_pk_write_*_key_to_string. Return 0 on + * success, -1 on failure. */ static int crypto_pk_write_key_to_string_impl(crypto_pk_t *env, char **dest, size_t *len, int is_public) @@ -897,7 +925,8 @@ crypto_pk_dup_key(crypto_pk_t *env) return env; } -/** Make a real honest-to-goodness copy of <b>env</b>, and return it. */ +/** Make a real honest-to-goodness copy of <b>env</b>, and return it. + * Returns NULL on failure. */ crypto_pk_t * crypto_pk_copy_full(crypto_pk_t *env) { @@ -1189,7 +1218,8 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_t *env, return -1; } -/** Invert crypto_pk_public_hybrid_encrypt. */ +/** Invert crypto_pk_public_hybrid_encrypt. Returns the number of bytes + * written on success, -1 on failure. */ int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to, @@ -1315,7 +1345,7 @@ crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out) /** Compute all digests of the DER encoding of <b>pk</b>, and store them * in <b>digests_out</b>. Return 0 on success, -1 on failure. */ int -crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out) +crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out) { unsigned char *buf = NULL; int len; @@ -1323,7 +1353,7 @@ crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out) len = i2d_RSAPublicKey(pk->key, &buf); if (len < 0 || buf == NULL) return -1; - if (crypto_digest_all(digests_out, (char*)buf, len) < 0) { + if (crypto_common_digests(digests_out, (char*)buf, len) < 0) { OPENSSL_free(buf); return -1; } @@ -1332,7 +1362,7 @@ crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out) } /** Copy <b>in</b> to the <b>outlen</b>-byte buffer <b>out</b>, adding spaces - * every four spaces. */ + * every four characters. */ void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in) { @@ -1484,7 +1514,7 @@ crypto_cipher_get_key(crypto_cipher_t *env) /** Encrypt <b>fromlen</b> bytes from <b>from</b> using the cipher * <b>env</b>; on success, store the result to <b>to</b> and return 0. - * On failure, return -1. + * Does not check for failure. */ int crypto_cipher_encrypt(crypto_cipher_t *env, char *to, @@ -1497,13 +1527,14 @@ crypto_cipher_encrypt(crypto_cipher_t *env, char *to, tor_assert(to); tor_assert(fromlen < SIZE_T_CEILING); - aes_crypt(env->cipher, from, fromlen, to); + memcpy(to, from, fromlen); + aes_crypt_inplace(env->cipher, to, fromlen); return 0; } /** Decrypt <b>fromlen</b> bytes from <b>from</b> using the cipher * <b>env</b>; on success, store the result to <b>to</b> and return 0. - * On failure, return -1. + * Does not check for failure. */ int crypto_cipher_decrypt(crypto_cipher_t *env, char *to, @@ -1514,19 +1545,19 @@ crypto_cipher_decrypt(crypto_cipher_t *env, char *to, tor_assert(to); tor_assert(fromlen < SIZE_T_CEILING); - aes_crypt(env->cipher, from, fromlen, to); + memcpy(to, from, fromlen); + aes_crypt_inplace(env->cipher, to, fromlen); return 0; } /** Encrypt <b>len</b> bytes on <b>from</b> using the cipher in <b>env</b>; - * on success, return 0. On failure, return -1. + * on success. Does not check for failure. */ -int +void crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *buf, size_t len) { tor_assert(len < SIZE_T_CEILING); aes_crypt_inplace(env->cipher, buf, len); - return 0; } /** Encrypt <b>fromlen</b> bytes (at least 1) from <b>from</b> with the key in @@ -1591,7 +1622,7 @@ crypto_cipher_decrypt_with_iv(const char *key, /** Compute the SHA1 digest of the <b>len</b> bytes on data stored in * <b>m</b>. Write the DIGEST_LEN byte result into <b>digest</b>. - * Return 0 on success, -1 on failure. + * Return 0 on success, 1 on failure. */ int crypto_digest(char *digest, const char *m, size_t len) @@ -1603,32 +1634,52 @@ crypto_digest(char *digest, const char *m, size_t len) /** Compute a 256-bit digest of <b>len</b> bytes in data stored in <b>m</b>, * using the algorithm <b>algorithm</b>. Write the DIGEST_LEN256-byte result - * into <b>digest</b>. Return 0 on success, -1 on failure. */ + * into <b>digest</b>. Return 0 on success, 1 on failure. */ int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm) { tor_assert(m); tor_assert(digest); - tor_assert(algorithm == DIGEST_SHA256); - return (SHA256((const unsigned char*)m,len,(unsigned char*)digest) == NULL); + tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256); + if (algorithm == DIGEST_SHA256) + return (SHA256((const uint8_t*)m,len,(uint8_t*)digest) == NULL); + else + return (sha3_256((uint8_t *)digest, DIGEST256_LEN,(const uint8_t *)m, len) + == -1); } -/** Set the digests_t in <b>ds_out</b> to contain every digest on the +/** Compute a 512-bit digest of <b>len</b> bytes in data stored in <b>m</b>, + * using the algorithm <b>algorithm</b>. Write the DIGEST_LEN512-byte result + * into <b>digest</b>. Return 0 on success, 1 on failure. */ +int +crypto_digest512(char *digest, const char *m, size_t len, + digest_algorithm_t algorithm) +{ + tor_assert(m); + tor_assert(digest); + tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512); + if (algorithm == DIGEST_SHA512) + return (SHA512((const unsigned char*)m,len,(unsigned char*)digest) + == NULL); + else + return (sha3_512((uint8_t*)digest, DIGEST512_LEN, (const uint8_t*)m, len) + == -1); +} + +/** Set the common_digests_t in <b>ds_out</b> to contain every digest on the * <b>len</b> bytes in <b>m</b> that we know how to compute. Return 0 on * success, -1 on failure. */ int -crypto_digest_all(digests_t *ds_out, const char *m, size_t len) +crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len) { - int i; tor_assert(ds_out); memset(ds_out, 0, sizeof(*ds_out)); if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0) return -1; - for (i = DIGEST_SHA256; i < N_DIGEST_ALGORITHMS; ++i) { - if (crypto_digest256(ds_out->d[i], m, len, i) < 0) - return -1; - } + if (crypto_digest256(ds_out->d[DIGEST_SHA256], m, len, DIGEST_SHA256) < 0) + return -1; + return 0; } @@ -1641,6 +1692,12 @@ crypto_digest_algorithm_get_name(digest_algorithm_t alg) return "sha1"; case DIGEST_SHA256: return "sha256"; + case DIGEST_SHA512: + return "sha512"; + case DIGEST_SHA3_256: + return "sha3-256"; + case DIGEST_SHA3_512: + return "sha3-512"; default: tor_fragile_assert(); return "??unknown_digest??"; @@ -1656,27 +1713,90 @@ crypto_digest_algorithm_parse_name(const char *name) return DIGEST_SHA1; else if (!strcmp(name, "sha256")) return DIGEST_SHA256; + else if (!strcmp(name, "sha512")) + return DIGEST_SHA512; + else if (!strcmp(name, "sha3-256")) + return DIGEST_SHA3_256; + else if (!strcmp(name, "sha3-512")) + return DIGEST_SHA3_512; else return -1; } +/** Given an algorithm, return the digest length in bytes. */ +static inline size_t +crypto_digest_algorithm_get_length(digest_algorithm_t alg) +{ + switch (alg) { + case DIGEST_SHA1: + return DIGEST_LEN; + case DIGEST_SHA256: + return DIGEST256_LEN; + case DIGEST_SHA512: + return DIGEST512_LEN; + case DIGEST_SHA3_256: + return DIGEST256_LEN; + case DIGEST_SHA3_512: + return DIGEST512_LEN; + default: + tor_assert(0); // LCOV_EXCL_LINE + return 0; /* Unreachable */ // LCOV_EXCL_LINE + } +} + /** Intermediate information about the digest of a stream of data. */ struct crypto_digest_t { + digest_algorithm_t algorithm; /**< Which algorithm is in use? */ + /** State for the digest we're using. Only one member of the + * union is usable, depending on the value of <b>algorithm</b>. Note also + * that space for other members might not even be allocated! + */ union { SHA_CTX sha1; /**< state for SHA1 */ SHA256_CTX sha2; /**< state for SHA256 */ - } d; /**< State for the digest we're using. Only one member of the - * union is usable, depending on the value of <b>algorithm</b>. */ - digest_algorithm_bitfield_t algorithm : 8; /**< Which algorithm is in use? */ + SHA512_CTX sha512; /**< state for SHA512 */ + keccak_state sha3; /**< state for SHA3-[256,512] */ + } d; }; +/** + * Return the number of bytes we need to malloc in order to get a + * crypto_digest_t for <b>alg</b>, or the number of bytes we need to wipe + * when we free one. + */ +static size_t +crypto_digest_alloc_bytes(digest_algorithm_t alg) +{ + /* Helper: returns the number of bytes in the 'f' field of 'st' */ +#define STRUCT_FIELD_SIZE(st, f) (sizeof( ((st*)0)->f )) + /* Gives the length of crypto_digest_t through the end of the field 'd' */ +#define END_OF_FIELD(f) (STRUCT_OFFSET(crypto_digest_t, f) + \ + STRUCT_FIELD_SIZE(crypto_digest_t, f)) + switch (alg) { + case DIGEST_SHA1: + return END_OF_FIELD(d.sha1); + case DIGEST_SHA256: + return END_OF_FIELD(d.sha2); + case DIGEST_SHA512: + return END_OF_FIELD(d.sha512); + case DIGEST_SHA3_256: + case DIGEST_SHA3_512: + return END_OF_FIELD(d.sha3); + default: + tor_assert(0); // LCOV_EXCL_LINE + return 0; // LCOV_EXCL_LINE + } +#undef END_OF_FIELD +#undef STRUCT_FIELD_SIZE +} + /** Allocate and return a new digest object to compute SHA1 digests. */ crypto_digest_t * crypto_digest_new(void) { crypto_digest_t *r; - r = tor_malloc(sizeof(crypto_digest_t)); + r = tor_malloc(crypto_digest_alloc_bytes(DIGEST_SHA1)); SHA1_Init(&r->d.sha1); r->algorithm = DIGEST_SHA1; return r; @@ -1688,9 +1808,28 @@ crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm) { crypto_digest_t *r; - tor_assert(algorithm == DIGEST_SHA256); - r = tor_malloc(sizeof(crypto_digest_t)); - SHA256_Init(&r->d.sha2); + tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256); + r = tor_malloc(crypto_digest_alloc_bytes(algorithm)); + if (algorithm == DIGEST_SHA256) + SHA256_Init(&r->d.sha2); + else + keccak_digest_init(&r->d.sha3, 256); + r->algorithm = algorithm; + return r; +} + +/** Allocate and return a new digest object to compute 512-bit digests + * using <b>algorithm</b>. */ +crypto_digest_t * +crypto_digest512_new(digest_algorithm_t algorithm) +{ + crypto_digest_t *r; + tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512); + r = tor_malloc(crypto_digest_alloc_bytes(algorithm)); + if (algorithm == DIGEST_SHA512) + SHA512_Init(&r->d.sha512); + else + keccak_digest_init(&r->d.sha3, 512); r->algorithm = algorithm; return r; } @@ -1702,7 +1841,8 @@ crypto_digest_free(crypto_digest_t *digest) { if (!digest) return; - memwipe(digest, 0, sizeof(crypto_digest_t)); + size_t bytes = crypto_digest_alloc_bytes(digest->algorithm); + memwipe(digest, 0, bytes); tor_free(digest); } @@ -1726,6 +1866,13 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, case DIGEST_SHA256: SHA256_Update(&digest->d.sha2, (void*)data, len); break; + case DIGEST_SHA512: + SHA512_Update(&digest->d.sha512, (void*)data, len); + break; + case DIGEST_SHA3_256: /* FALLSTHROUGH */ + case DIGEST_SHA3_512: + keccak_digest_update(&digest->d.sha3, (const uint8_t *)data, len); + break; default: tor_fragile_assert(); break; @@ -1734,34 +1881,48 @@ crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, /** Compute the hash of the data that has been passed to the digest * object; write the first out_len bytes of the result to <b>out</b>. - * <b>out_len</b> must be \<= DIGEST256_LEN. + * <b>out_len</b> must be \<= DIGEST512_LEN. */ void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len) { - unsigned char r[DIGEST256_LEN]; + unsigned char r[DIGEST512_LEN]; crypto_digest_t tmpenv; tor_assert(digest); tor_assert(out); + tor_assert(out_len <= crypto_digest_algorithm_get_length(digest->algorithm)); + + /* The SHA-3 code handles copying into a temporary ctx, and also can handle + * short output buffers by truncating appropriately. */ + if (digest->algorithm == DIGEST_SHA3_256 || + digest->algorithm == DIGEST_SHA3_512) { + keccak_digest_sum(&digest->d.sha3, (uint8_t *)out, out_len); + return; + } + + const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm); /* memcpy into a temporary ctx, since SHA*_Final clears the context */ - memcpy(&tmpenv, digest, sizeof(crypto_digest_t)); + memcpy(&tmpenv, digest, alloc_bytes); switch (digest->algorithm) { case DIGEST_SHA1: - tor_assert(out_len <= DIGEST_LEN); SHA1_Final(r, &tmpenv.d.sha1); break; case DIGEST_SHA256: - tor_assert(out_len <= DIGEST256_LEN); SHA256_Final(r, &tmpenv.d.sha2); break; + case DIGEST_SHA512: + SHA512_Final(r, &tmpenv.d.sha512); + break; +//LCOV_EXCL_START + case DIGEST_SHA3_256: /* FALLSTHROUGH */ + case DIGEST_SHA3_512: + log_warn(LD_BUG, "Handling unexpected algorithm %d", digest->algorithm); + tor_assert(0); /* This is fatal, because it should never happen. */ default: - log_warn(LD_BUG, "Called with unknown algorithm %d", digest->algorithm); - /* If fragile_assert is not enabled, then we should at least not - * leak anything. */ - memwipe(r, 0xff, sizeof(r)); - tor_fragile_assert(); + tor_assert(0); /* Unreachable. */ break; +//LCOV_EXCL_STOP } memcpy(out, r, out_len); memwipe(r, 0, sizeof(r)); @@ -1773,15 +1934,14 @@ crypto_digest_get_digest(crypto_digest_t *digest, crypto_digest_t * crypto_digest_dup(const crypto_digest_t *digest) { - crypto_digest_t *r; tor_assert(digest); - r = tor_malloc(sizeof(crypto_digest_t)); - memcpy(r,digest,sizeof(crypto_digest_t)); - return r; + const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm); + return tor_memdup(digest, alloc_bytes); } /** Replace the state of the digest object <b>into</b> with the state - * of the digest object <b>from</b>. + * of the digest object <b>from</b>. Requires that 'into' and 'from' + * have the same digest type. */ void crypto_digest_assign(crypto_digest_t *into, @@ -1789,14 +1949,16 @@ crypto_digest_assign(crypto_digest_t *into, { tor_assert(into); tor_assert(from); - memcpy(into,from,sizeof(crypto_digest_t)); + tor_assert(into->algorithm == from->algorithm); + const size_t alloc_bytes = crypto_digest_alloc_bytes(from->algorithm); + memcpy(into,from,alloc_bytes); } /** Given a list of strings in <b>lst</b>, set the <b>len_out</b>-byte digest * at <b>digest_out</b> to the hash of the concatenation of those strings, * plus the optional string <b>append</b>, computed with the algorithm * <b>alg</b>. - * <b>out_len</b> must be \<= DIGEST256_LEN. */ + * <b>out_len</b> must be \<= DIGEST512_LEN. */ void crypto_digest_smartlist(char *digest_out, size_t len_out, const smartlist_t *lst, @@ -1811,7 +1973,7 @@ crypto_digest_smartlist(char *digest_out, size_t len_out, * optional string <b>prepend</b>, those strings, * and the optional string <b>append</b>, computed with the algorithm * <b>alg</b>. - * <b>out_len</b> must be \<= DIGEST256_LEN. */ + * <b>len_out</b> must be \<= DIGEST512_LEN. */ void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out, const char *prepend, @@ -1819,11 +1981,27 @@ crypto_digest_smartlist_prefix(char *digest_out, size_t len_out, const char *append, digest_algorithm_t alg) { - crypto_digest_t *d; - if (alg == DIGEST_SHA1) - d = crypto_digest_new(); - else - d = crypto_digest256_new(alg); + crypto_digest_t *d = NULL; + switch (alg) { + case DIGEST_SHA1: + d = crypto_digest_new(); + break; + case DIGEST_SHA256: /* FALLSTHROUGH */ + case DIGEST_SHA3_256: + d = crypto_digest256_new(alg); + break; + case DIGEST_SHA512: /* FALLSTHROUGH */ + case DIGEST_SHA3_512: + d = crypto_digest512_new(alg); + break; + default: + log_warn(LD_BUG, "Called with unknown algorithm %d", alg); + /* If fragile_assert is not enabled, wipe output and return + * without running any calculations */ + memwipe(digest_out, 0xff, len_out); + tor_fragile_assert(); + goto free; + } if (prepend) crypto_digest_add_bytes(d, prepend, strlen(prepend)); SMARTLIST_FOREACH(lst, const char *, cp, @@ -1831,23 +2009,78 @@ crypto_digest_smartlist_prefix(char *digest_out, size_t len_out, if (append) crypto_digest_add_bytes(d, append, strlen(append)); crypto_digest_get_digest(d, digest_out, len_out); + + free: crypto_digest_free(d); } /** Compute the HMAC-SHA-256 of the <b>msg_len</b> bytes in <b>msg</b>, using * the <b>key</b> of length <b>key_len</b>. Store the DIGEST256_LEN-byte - * result in <b>hmac_out</b>. + * result in <b>hmac_out</b>. Asserts on failure. */ void crypto_hmac_sha256(char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len) { + unsigned char *rv = NULL; /* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */ tor_assert(key_len < INT_MAX); tor_assert(msg_len < INT_MAX); - HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len, - (unsigned char*)hmac_out, NULL); + tor_assert(hmac_out); + rv = HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len, + (unsigned char*)hmac_out, NULL); + tor_assert(rv); +} + +/** Internal state for a eXtendable-Output Function (XOF). */ +struct crypto_xof_t { + keccak_state s; +}; + +/** Allocate a new XOF object backed by SHAKE-256. The security level + * provided is a function of the length of the output used. Read and + * understand FIPS-202 A.2 "Additional Consideration for Extendable-Output + * Functions" before using this construct. + */ +crypto_xof_t * +crypto_xof_new(void) +{ + crypto_xof_t *xof; + xof = tor_malloc(sizeof(crypto_xof_t)); + keccak_xof_init(&xof->s, 256); + return xof; +} + +/** Absorb bytes into a XOF object. Must not be called after a call to + * crypto_xof_squeeze_bytes() for the same instance, and will assert + * if attempted. + */ +void +crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len) +{ + int i = keccak_xof_absorb(&xof->s, data, len); + tor_assert(i == 0); +} + +/** Squeeze bytes out of a XOF object. Calling this routine will render + * the XOF instance ineligible to absorb further data. + */ +void +crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len) +{ + int i = keccak_xof_squeeze(&xof->s, out, len); + tor_assert(i == 0); +} + +/** Cleanse and deallocate a XOF object. */ +void +crypto_xof_free(crypto_xof_t *xof) +{ + if (!xof) + return; + memwipe(xof, 0, sizeof(crypto_xof_t)); + tor_free(xof); } /* DH */ @@ -1862,6 +2095,71 @@ static BIGNUM *dh_param_p_tls = NULL; /** Shared G parameter for our DH key exchanges. */ static BIGNUM *dh_param_g = NULL; +/** Validate a given set of Diffie-Hellman parameters. This is moderately + * computationally expensive (milliseconds), so should only be called when + * the DH parameters change. Returns 0 on success, * -1 on failure. + */ +static int +crypto_validate_dh_params(const BIGNUM *p, const BIGNUM *g) +{ + DH *dh = NULL; + int ret = -1; + + /* Copy into a temporary DH object. */ + if (!(dh = DH_new())) + goto out; + if (!(dh->p = BN_dup(p))) + goto out; + if (!(dh->g = BN_dup(g))) + goto out; + + /* Perform the validation. */ + int codes = 0; + if (!DH_check(dh, &codes)) + goto out; + if (BN_is_word(dh->g, DH_GENERATOR_2)) { + /* Per https://wiki.openssl.org/index.php/Diffie-Hellman_parameters + * + * OpenSSL checks the prime is congruent to 11 when g = 2; while the + * IETF's primes are congruent to 23 when g = 2. + */ + BN_ULONG residue = BN_mod_word(dh->p, 24); + if (residue == 11 || residue == 23) + codes &= ~DH_NOT_SUITABLE_GENERATOR; + } + if (codes != 0) /* Specifics on why the params suck is irrelevant. */ + goto out; + + /* Things are probably not evil. */ + ret = 0; + + out: + if (dh) + DH_free(dh); + return ret; +} + +/** Set the global Diffie-Hellman generator, used for both TLS and internal + * DH stuff. + */ +static void +crypto_set_dh_generator(void) +{ + BIGNUM *generator; + int r; + + if (dh_param_g) + return; + + generator = BN_new(); + tor_assert(generator); + + r = BN_set_word(generator, DH_GENERATOR); + tor_assert(r); + + dh_param_g = generator; +} + /** Set the global TLS Diffie-Hellman modulus. Use the Apache mod_ssl DH * modulus. */ void @@ -1894,6 +2192,8 @@ crypto_set_tls_dh_prime(void) tor_assert(tls_prime); dh_param_p_tls = tls_prime; + crypto_set_dh_generator(); + tor_assert(0 == crypto_validate_dh_params(dh_param_p_tls, dh_param_g)); } /** Initialize dh_param_p and dh_param_g if they are not already @@ -1901,18 +2201,13 @@ crypto_set_tls_dh_prime(void) static void init_dh_param(void) { - BIGNUM *circuit_dh_prime, *generator; + BIGNUM *circuit_dh_prime; int r; if (dh_param_p && dh_param_g) return; circuit_dh_prime = BN_new(); - generator = BN_new(); - tor_assert(circuit_dh_prime && generator); - - /* Set our generator for all DH parameters */ - r = BN_set_word(generator, DH_GENERATOR); - tor_assert(r); + tor_assert(circuit_dh_prime); /* This is from rfc2409, section 6.2. It's a safe prime, and supposedly it equals: @@ -1928,7 +2223,8 @@ init_dh_param(void) /* Set the new values as the global DH parameters. */ dh_param_p = circuit_dh_prime; - dh_param_g = generator; + crypto_set_dh_generator(); + tor_assert(0 == crypto_validate_dh_params(dh_param_p, dh_param_g)); if (!dh_param_p_tls) { crypto_set_tls_dh_prime(); @@ -1941,7 +2237,8 @@ init_dh_param(void) */ #define DH_PRIVATE_KEY_BITS 320 -/** Allocate and return a new DH object for a key exchange. +/** Allocate and return a new DH object for a key exchange. Returns NULL on + * failure. */ crypto_dh_t * crypto_dh_new(int dh_type) @@ -2087,8 +2384,6 @@ tor_check_dh_key(int severity, BIGNUM *bn) return -1; } -#undef MIN -#define MIN(a,b) ((a)<(b)?(a):(b)) /** Given a DH key exchange object, and our peer's value of g^y (as a * <b>pubkey_len</b>-byte value in <b>pubkey</b>) generate * <b>secret_bytes_out</b> bytes of shared key material and write them @@ -2164,7 +2459,7 @@ int crypto_expand_key_material_TAP(const uint8_t *key_in, size_t key_in_len, uint8_t *key_out, size_t key_out_len) { - int i; + int i, r = -1; uint8_t *cp, *tmp = tor_malloc(key_in_len+1); uint8_t digest[DIGEST_LEN]; @@ -2176,19 +2471,16 @@ crypto_expand_key_material_TAP(const uint8_t *key_in, size_t key_in_len, ++i, cp += DIGEST_LEN) { tmp[key_in_len] = i; if (crypto_digest((char*)digest, (const char *)tmp, key_in_len+1)) - goto err; + goto exit; memcpy(cp, digest, MIN(DIGEST_LEN, key_out_len-(cp-key_out))); } - memwipe(tmp, 0, key_in_len+1); - tor_free(tmp); - memwipe(digest, 0, sizeof(digest)); - return 0; - err: + r = 0; + exit: memwipe(tmp, 0, key_in_len+1); tor_free(tmp); memwipe(digest, 0, sizeof(digest)); - return -1; + return r; } /** Expand some secret key material according to RFC5869, using SHA256 as the @@ -2196,7 +2488,7 @@ crypto_expand_key_material_TAP(const uint8_t *key_in, size_t key_in_len, * secret key material; the <b>salt_in_len</b> bytes at <b>salt_in</b> and the * <b>info_in_len</b> bytes in <b>info_in_len</b> are the algorithm's "salt" * and "info" parameters respectively. On success, write <b>key_out_len</b> - * bytes to <b>key_out</b> and return 0. On failure, return -1. + * bytes to <b>key_out</b> and return 0. Assert on failure. */ int crypto_expand_key_material_rfc5869_sha256( @@ -2280,23 +2572,18 @@ crypto_seed_weak_rng(tor_weak_rng_t *rng) } /** Try to get <b>out_len</b> bytes of the strongest entropy we can generate, - * storing it into <b>out</b>. + * via system calls, storing it into <b>out</b>. Return 0 on success, -1 on + * failure. A maximum request size of 256 bytes is imposed. */ -int -crypto_strongest_rand(uint8_t *out, size_t out_len) +static int +crypto_strongest_rand_syscall(uint8_t *out, size_t out_len) { -#ifdef _WIN32 + tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE); + +#if defined(_WIN32) static int provider_set = 0; static HCRYPTPROV provider; -#else - static const char *filenames[] = { - "/dev/srandom", "/dev/urandom", "/dev/random", NULL - }; - int fd, i; - size_t n; -#endif -#ifdef _WIN32 if (!provider_set) { if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { @@ -2311,7 +2598,84 @@ crypto_strongest_rand(uint8_t *out, size_t out_len) } return 0; +#elif defined(__linux__) && defined(SYS_getrandom) + static int getrandom_works = 1; /* Be optimitic about our chances... */ + + /* getrandom() isn't as straight foward as getentropy(), and has + * no glibc wrapper. + * + * As far as I can tell from getrandom(2) and the source code, the + * requests we issue will always succeed (though it will block on the + * call if /dev/urandom isn't seeded yet), since we are NOT specifying + * GRND_NONBLOCK and the request is <= 256 bytes. + * + * The manpage is unclear on what happens if a signal interrupts the call + * while the request is blocked due to lack of entropy.... + * + * We optimistically assume that getrandom() is available and functional + * because it is the way of the future, and 2 branch mispredicts pale in + * comparision to the overheads involved with failing to open + * /dev/srandom followed by opening and reading from /dev/urandom. + */ + if (PREDICT_LIKELY(getrandom_works)) { + long ret; + /* A flag of '0' here means to read from '/dev/urandom', and to + * block if insufficient entropy is available to service the + * request. + */ + const unsigned int flags = 0; + do { + ret = syscall(SYS_getrandom, out, out_len, flags); + } while (ret == -1 && ((errno == EINTR) ||(errno == EAGAIN))); + + if (PREDICT_UNLIKELY(ret == -1)) { + tor_assert(errno != EAGAIN); + tor_assert(errno != EINTR); + + /* Probably ENOSYS. */ + log_warn(LD_CRYPTO, "Can't get entropy from getrandom()."); + getrandom_works = 0; /* Don't bother trying again. */ + return -1; + } + + tor_assert(ret == (long)out_len); + return 0; + } + + return -1; /* getrandom() previously failed unexpectedly. */ +#elif defined(HAVE_GETENTROPY) + /* getentropy() is what Linux's getrandom() wants to be when it grows up. + * the only gotcha is that requests are limited to 256 bytes. + */ + return getentropy(out, out_len); +#else + (void) out; +#endif + + /* This platform doesn't have a supported syscall based random. */ + return -1; +} + +/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate, + * via the per-platform fallback mechanism, storing it into <b>out</b>. + * Return 0 on success, -1 on failure. A maximum request size of 256 bytes + * is imposed. + */ +static int +crypto_strongest_rand_fallback(uint8_t *out, size_t out_len) +{ +#ifdef _WIN32 + /* Windows exclusively uses crypto_strongest_rand_syscall(). */ + (void)out; + (void)out_len; + return -1; #else + static const char *filenames[] = { + "/dev/srandom", "/dev/urandom", "/dev/random", NULL + }; + int fd, i; + size_t n; + for (i = 0; filenames[i]; ++i) { log_debug(LD_FS, "Opening %s for entropy", filenames[i]); fd = open(sandbox_intern_string(filenames[i]), O_RDONLY, 0); @@ -2329,14 +2693,97 @@ crypto_strongest_rand(uint8_t *out, size_t out_len) return 0; } - log_warn(LD_CRYPTO, "Cannot get strong entropy: no entropy source found."); return -1; #endif } +/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate, + * storing it into <b>out</b>. Return 0 on success, -1 on failure. A maximum + * request size of 256 bytes is imposed. + */ +static int +crypto_strongest_rand_raw(uint8_t *out, size_t out_len) +{ + static const size_t sanity_min_size = 16; + static const int max_attempts = 3; + tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE); + + /* For buffers >= 16 bytes (128 bits), we sanity check the output by + * zero filling the buffer and ensuring that it actually was at least + * partially modified. + * + * Checking that any individual byte is non-zero seems like it would + * fail too often (p = out_len * 1/256) for comfort, but this is an + * "adjust according to taste" sort of check. + */ + memwipe(out, 0, out_len); + for (int i = 0; i < max_attempts; i++) { + /* Try to use the syscall/OS favored mechanism to get strong entropy. */ + if (crypto_strongest_rand_syscall(out, out_len) != 0) { + /* Try to use the less-favored mechanism to get strong entropy. */ + if (crypto_strongest_rand_fallback(out, out_len) != 0) { + /* Welp, we tried. Hopefully the calling code terminates the process + * since we're basically boned without good entropy. + */ + log_warn(LD_CRYPTO, + "Cannot get strong entropy: no entropy source found."); + return -1; + } + } + + if ((out_len < sanity_min_size) || !tor_mem_is_zero((char*)out, out_len)) + return 0; + } + + /* We tried max_attempts times to fill a buffer >= 128 bits long, + * and each time it returned all '0's. Either the system entropy + * source is busted, or the user should go out and buy a ticket to + * every lottery on the planet. + */ + log_warn(LD_CRYPTO, "Strong OS entropy returned all zero buffer."); + return -1; +} + +/** Try to get <b>out_len</b> bytes of the strongest entropy we can generate, + * storing it into <b>out</b>. + */ +void +crypto_strongest_rand(uint8_t *out, size_t out_len) +{ +#define DLEN SHA512_DIGEST_LENGTH + /* We're going to hash DLEN bytes from the system RNG together with some + * bytes from the openssl PRNG, in order to yield DLEN bytes. + */ + uint8_t inp[DLEN*2]; + uint8_t tmp[DLEN]; + tor_assert(out); + while (out_len) { + crypto_rand((char*) inp, DLEN); + if (crypto_strongest_rand_raw(inp+DLEN, DLEN) < 0) { + // LCOV_EXCL_START + log_err(LD_CRYPTO, "Failed to load strong entropy when generating an " + "important key. Exiting."); + /* Die with an assertion so we get a stack trace. */ + tor_assert(0); + // LCOV_EXCL_STOP + } + if (out_len >= DLEN) { + SHA512(inp, sizeof(inp), out); + out += DLEN; + out_len -= DLEN; + } else { + SHA512(inp, sizeof(inp), tmp); + memcpy(out, tmp, out_len); + break; + } + } + memwipe(tmp, 0, sizeof(tmp)); + memwipe(inp, 0, sizeof(inp)); +#undef DLEN +} + /** Seed OpenSSL's random number generator with bytes from the operating - * system. <b>startup</b> should be true iff we have just started Tor and - * have not yet allocated a bunch of fds. Return 0 on success, -1 on failure. + * system. Return 0 on success, -1 on failure. */ int crypto_seed_rng(void) @@ -2351,41 +2798,51 @@ crypto_seed_rng(void) if (rand_poll_ok == 0) log_warn(LD_CRYPTO, "RAND_poll() failed."); - load_entropy_ok = !crypto_strongest_rand(buf, sizeof(buf)); + load_entropy_ok = !crypto_strongest_rand_raw(buf, sizeof(buf)); if (load_entropy_ok) { RAND_seed(buf, sizeof(buf)); } memwipe(buf, 0, sizeof(buf)); - if (rand_poll_ok || load_entropy_ok) + if ((rand_poll_ok || load_entropy_ok) && RAND_status() == 1) return 0; else return -1; } -/** Write <b>n</b> bytes of strong random data to <b>to</b>. Return 0 on - * success, -1 on failure, with support for mocking for unit tests. +/** Write <b>n</b> bytes of strong random data to <b>to</b>. Supports mocking + * for unit tests. + * + * This function is not allowed to fail; if it would fail to generate strong + * entropy, it must terminate the process instead. */ -MOCK_IMPL(int, +MOCK_IMPL(void, crypto_rand, (char *to, size_t n)) { - return crypto_rand_unmocked(to, n); + crypto_rand_unmocked(to, n); } -/** Write <b>n</b> bytes of strong random data to <b>to</b>. Return 0 on - * success, -1 on failure. Most callers will want crypto_rand instead. +/** Write <b>n</b> bytes of strong random data to <b>to</b>. Most callers + * will want crypto_rand instead. + * + * This function is not allowed to fail; if it would fail to generate strong + * entropy, it must terminate the process instead. */ -int +void crypto_rand_unmocked(char *to, size_t n) { int r; + if (n == 0) + return; + tor_assert(n < INT_MAX); tor_assert(to); r = RAND_bytes((unsigned char*)to, (int)n); - if (r == 0) - crypto_log_errors(LOG_WARN, "generating random data"); - return (r == 1) ? 0 : -1; + /* We consider a PRNG failure non-survivable. Let's assert so that we get a + * stack trace about where it happened. + */ + tor_assert(r >= 0); } /** Return a pseudorandom integer, chosen uniformly from the values @@ -2411,8 +2868,8 @@ crypto_rand_int(unsigned int max) } } -/** Return a pseudorandom integer, chosen uniformly from the values <i>i</i> - * such that <b>min</b> <= <i>i</i> < <b>max</b>. +/** Return a pseudorandom integer, chosen uniformly from the values i such + * that min <= i < max. * * <b>min</b> MUST be in range [0, <b>max</b>). * <b>max</b> MUST be in range (min, INT_MAX]. @@ -2440,7 +2897,8 @@ crypto_rand_uint64_range(uint64_t min, uint64_t max) time_t crypto_rand_time_range(time_t min, time_t max) { - return (time_t) crypto_rand_uint64_range(min, max); + tor_assert(min < max); + return min + (time_t)crypto_rand_uint64(max - min); } /** Return a pseudorandom 64-bit integer, chosen uniformly from the values @@ -2488,7 +2946,7 @@ crypto_rand_double(void) /** Generate and return a new random hostname starting with <b>prefix</b>, * ending with <b>suffix</b>, and containing no fewer than * <b>min_rand_len</b> and no more than <b>max_rand_len</b> random base32 - * characters between. + * characters. Does not check for failure. * * Clip <b>max_rand_len</b> to MAX_DNS_LABEL_SIZE. **/ @@ -2555,6 +3013,7 @@ smartlist_shuffle(smartlist_t *sl) /** * Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to * the value <b>byte</b>. + * If <b>mem</b> is NULL or <b>sz</b> is zero, nothing happens. * * This function is preferable to memset, since many compilers will happily * optimize out memset() when they can convince themselves that the data being @@ -2572,17 +3031,45 @@ smartlist_shuffle(smartlist_t *sl) void memwipe(void *mem, uint8_t byte, size_t sz) { + if (sz == 0) { + return; + } + /* If sz is nonzero, then mem must not be NULL. */ + tor_assert(mem != NULL); + + /* Data this large is likely to be an underflow. */ + tor_assert(sz < SIZE_T_CEILING); + /* Because whole-program-optimization exists, we may not be able to just * have this function call "memset". A smart compiler could inline it, then * eliminate dead memsets, and declare itself to be clever. */ +#if defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY) + /* Here's what you do on windows. */ + SecureZeroMemory(mem,sz); +#elif defined(HAVE_RTLSECUREZEROMEMORY) + RtlSecureZeroMemory(mem,sz); +#elif defined(HAVE_EXPLICIT_BZERO) + /* The BSDs provide this. */ + explicit_bzero(mem, sz); +#elif defined(HAVE_MEMSET_S) + /* This is in the C99 standard. */ + memset_s(mem, sz, 0, sz); +#else /* This is a slow and ugly function from OpenSSL that fills 'mem' with junk * based on the pointer value, then uses that junk to update a global * variable. It's an elaborate ruse to trick the compiler into not * optimizing out the "wipe this memory" code. Read it if you like zany * programming tricks! In later versions of Tor, we should look for better - * not-optimized-out memory wiping stuff. */ + * not-optimized-out memory wiping stuff... + * + * ...or maybe not. In practice, there are pure-asm implementations of + * OPENSSL_cleanse() on most platforms, which ought to do the job. + **/ + OPENSSL_cleanse(mem, sz); +#endif + /* Just in case some caller of memwipe() is relying on getting a buffer * filled with a particular value, fill the buffer. * @@ -2600,6 +3087,7 @@ memwipe(void *mem, uint8_t byte, size_t sz) OpenSSL library with thread support enabled. #endif +#ifndef NEW_THREAD_API /** Helper: OpenSSL uses this callback to manipulate mutexes. */ static void openssl_locking_cb_(int mode, int n, const char *file, int line) @@ -2617,6 +3105,17 @@ openssl_locking_cb_(int mode, int n, const char *file, int line) tor_mutex_release(openssl_mutexes_[n]); } +static void +tor_set_openssl_thread_id(CRYPTO_THREADID *threadid) +{ + CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id()); +} +#endif + +#if 0 +/* This code is disabled, because OpenSSL never actually uses these callbacks. + */ + /** OpenSSL helper type: wraps a Tor mutex so that OpenSSL can use it * as a lock. */ struct CRYPTO_dynlock_value { @@ -2661,19 +3160,15 @@ openssl_dynlock_destroy_cb_(struct CRYPTO_dynlock_value *v, tor_mutex_free(v->lock); tor_free(v); } - -static void -tor_set_openssl_thread_id(CRYPTO_THREADID *threadid) -{ - CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id()); -} +#endif /** @{ */ /** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being - * multithreaded. */ + * multithreaded. Returns 0. */ static int setup_openssl_threading(void) { +#ifndef NEW_THREAD_API int i; int n = CRYPTO_num_locks(); n_openssl_mutexes_ = n; @@ -2682,22 +3177,26 @@ setup_openssl_threading(void) openssl_mutexes_[i] = tor_mutex_new(); CRYPTO_set_locking_callback(openssl_locking_cb_); CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id); +#endif +#if 0 CRYPTO_set_dynlock_create_callback(openssl_dynlock_create_cb_); CRYPTO_set_dynlock_lock_callback(openssl_dynlock_lock_cb_); CRYPTO_set_dynlock_destroy_callback(openssl_dynlock_destroy_cb_); +#endif return 0; } -/** Uninitialize the crypto library. Return 0 on success, -1 on failure. +/** Uninitialize the crypto library. Return 0 on success. Does not detect + * failure. */ int crypto_global_cleanup(void) { EVP_cleanup(); -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) - ERR_remove_thread_state(NULL); +#ifdef NEW_THREAD_API + ERR_remove_thread_state(); #else - ERR_remove_state(0); + ERR_remove_thread_state(NULL); #endif ERR_free_strings(); @@ -2715,6 +3214,7 @@ crypto_global_cleanup(void) CONF_modules_unload(1); CRYPTO_cleanup_all_ex_data(); +#ifndef NEW_THREAD_API if (n_openssl_mutexes_) { int n = n_openssl_mutexes_; tor_mutex_t **ms = openssl_mutexes_; @@ -2726,6 +3226,7 @@ crypto_global_cleanup(void) } tor_free(ms); } +#endif tor_free(crypto_openssl_version_str); tor_free(crypto_openssl_header_version_str); diff --git a/src/common/crypto.h b/src/common/crypto.h index 6256f7346b..682c4e3253 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -16,6 +16,7 @@ #include <stdio.h> #include "torint.h" #include "testsupport.h" +#include "compat.h" /* Macro to create an arbitrary OpenSSL version number as used by @@ -54,6 +55,8 @@ /** Length of the output of our second (improved) message digests. (For now * this is just sha256, but it could be any other 256-bit digest.) */ #define DIGEST256_LEN 32 +/** Length of the output of our 64-bit optimized message digests (SHA512). */ +#define DIGEST512_LEN 64 /** Length of our symmetric cipher's keys. */ #define CIPHER_KEY_LEN 16 /** Length of our symmetric cipher's IV. */ @@ -69,6 +72,9 @@ /** Length of a sha256 message digest when encoded in base64 with trailing = * signs removed. */ #define BASE64_DIGEST256_LEN 43 +/** Length of a sha512 message digest when encoded in base64 with trailing = + * signs removed. */ +#define BASE64_DIGEST512_LEN 86 /** Constant used to indicate OAEP padding for public-key encryption */ #define PK_PKCS1_OAEP_PADDING 60002 @@ -83,43 +89,49 @@ #define HEX_DIGEST_LEN 40 /** Length of hex encoding of SHA256 digest, not including final NUL. */ #define HEX_DIGEST256_LEN 64 +/** Length of hex encoding of SHA512 digest, not including final NUL. */ +#define HEX_DIGEST512_LEN 128 typedef enum { DIGEST_SHA1 = 0, DIGEST_SHA256 = 1, + DIGEST_SHA512 = 2, + DIGEST_SHA3_256 = 3, + DIGEST_SHA3_512 = 4, } digest_algorithm_t; -#define N_DIGEST_ALGORITHMS (DIGEST_SHA256+1) -#define digest_algorithm_bitfield_t ENUM_BF(digest_algorithm_t) +#define N_DIGEST_ALGORITHMS (DIGEST_SHA3_512+1) +#define N_COMMON_DIGEST_ALGORITHMS (DIGEST_SHA256+1) -/** A set of all the digests we know how to compute, taken on a single - * string. Any digests that are shorter than 256 bits are right-padded +/** A set of all the digests we commonly compute, taken on a single + * string. Any digests that are shorter than 512 bits are right-padded * with 0 bits. * - * Note that this representation wastes 12 bytes for the SHA1 case, so + * Note that this representation wastes 44 bytes for the SHA1 case, so * don't use it for anything where we need to allocate a whole bunch at * once. **/ typedef struct { - char d[N_DIGEST_ALGORITHMS][DIGEST256_LEN]; -} digests_t; + char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]; +} common_digests_t; typedef struct crypto_pk_t crypto_pk_t; typedef struct crypto_cipher_t crypto_cipher_t; typedef struct crypto_digest_t crypto_digest_t; +typedef struct crypto_xof_t crypto_xof_t; typedef struct crypto_dh_t crypto_dh_t; /* global state */ const char * crypto_openssl_get_version_str(void); const char * crypto_openssl_get_header_version_str(void); -int crypto_early_init(void); +int crypto_early_init(void) ATTR_WUR; int crypto_global_init(int hardwareAccel, const char *accelName, - const char *accelPath); + const char *accelPath) ATTR_WUR; void crypto_thread_cleanup(void); int crypto_global_cleanup(void); /* environment setup */ -crypto_pk_t *crypto_pk_new(void); +MOCK_DECL(crypto_pk_t *,crypto_pk_new,(void)); void crypto_pk_free(crypto_pk_t *env); void crypto_set_tls_dh_prime(void); @@ -128,7 +140,7 @@ crypto_cipher_t *crypto_cipher_new_with_iv(const char *key, const char *iv); void crypto_cipher_free(crypto_cipher_t *env); /* public key crypto */ -int crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits); +MOCK_DECL(int, crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits)); #define crypto_pk_generate_key(env) \ crypto_pk_generate_key_with_bits((env), (PK_BYTES*8)) @@ -180,7 +192,8 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to, int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len); crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len); int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out); -int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out); +int crypto_pk_get_common_digests(crypto_pk_t *pk, + common_digests_t *digests_out); int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space); int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out); @@ -194,7 +207,7 @@ int crypto_cipher_encrypt(crypto_cipher_t *env, char *to, const char *from, size_t fromlen); int crypto_cipher_decrypt(crypto_cipher_t *env, char *to, const char *from, size_t fromlen); -int crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *d, size_t len); +void crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *d, size_t len); int crypto_cipher_encrypt_with_iv(const char *key, char *to, size_t tolen, @@ -207,7 +220,9 @@ int crypto_cipher_decrypt_with_iv(const char *key, int crypto_digest(char *digest, const char *m, size_t len); int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm); -int crypto_digest_all(digests_t *ds_out, const char *m, size_t len); +int crypto_digest512(char *digest, const char *m, size_t len, + digest_algorithm_t algorithm); +int crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len); struct smartlist_t; void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out, const char *prepend, @@ -221,6 +236,7 @@ const char *crypto_digest_algorithm_get_name(digest_algorithm_t alg); int crypto_digest_algorithm_parse_name(const char *name); crypto_digest_t *crypto_digest_new(void); crypto_digest_t *crypto_digest256_new(digest_algorithm_t algorithm); +crypto_digest_t *crypto_digest512_new(digest_algorithm_t algorithm); void crypto_digest_free(crypto_digest_t *digest); void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len); @@ -232,6 +248,10 @@ void crypto_digest_assign(crypto_digest_t *into, void crypto_hmac_sha256(char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len); +crypto_xof_t *crypto_xof_new(void); +void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len); +void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len); +void crypto_xof_free(crypto_xof_t *xof); /* Key negotiation */ #define DH_TYPE_CIRCUIT 1 @@ -258,10 +278,10 @@ int crypto_expand_key_material_rfc5869_sha256( uint8_t *key_out, size_t key_out_len); /* random numbers */ -int crypto_seed_rng(void); -MOCK_DECL(int,crypto_rand,(char *to, size_t n)); -int crypto_rand_unmocked(char *to, size_t n); -int crypto_strongest_rand(uint8_t *out, size_t out_len); +int crypto_seed_rng(void) ATTR_WUR; +MOCK_DECL(void,crypto_rand,(char *to, size_t n)); +void crypto_rand_unmocked(char *to, size_t n); +void crypto_strongest_rand(uint8_t *out, size_t out_len); int crypto_rand_int(unsigned int max); int crypto_rand_int_range(unsigned int min, unsigned int max); uint64_t crypto_rand_uint64_range(uint64_t min, uint64_t max); @@ -289,11 +309,15 @@ struct evp_pkey_st; struct dh_st; struct rsa_st *crypto_pk_get_rsa_(crypto_pk_t *env); crypto_pk_t *crypto_new_pk_from_rsa_(struct rsa_st *rsa); -struct evp_pkey_st *crypto_pk_get_evp_pkey_(crypto_pk_t *env, - int private); +MOCK_DECL(struct evp_pkey_st *, crypto_pk_get_evp_pkey_,(crypto_pk_t *env, + int private)); struct dh_st *crypto_dh_get_dh_(crypto_dh_t *dh); void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in); +#ifdef CRYPTO_PRIVATE +STATIC int crypto_force_rand_ssleay(void); +#endif + #endif diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c index ac0b08a552..57c878b79a 100644 --- a/src/common/crypto_curve25519.c +++ b/src/common/crypto_curve25519.c @@ -1,7 +1,11 @@ -/* Copyright (c) 2012-2015, The Tor Project, Inc. */ +/* Copyright (c) 2012-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ -/* Wrapper code for a curve25519 implementation. */ +/** + * \file crypto_curve25519.c + * + * \brief Wrapper code for a curve25519 implementation. + */ #define CRYPTO_CURVE25519_PRIVATE #include "orconfig.h" @@ -111,19 +115,11 @@ curve25519_public_key_is_ok(const curve25519_public_key_t *key) int curve25519_rand_seckey_bytes(uint8_t *out, int extra_strong) { - uint8_t k_tmp[CURVE25519_SECKEY_LEN]; + if (extra_strong) + crypto_strongest_rand(out, CURVE25519_SECKEY_LEN); + else + crypto_rand((char*)out, CURVE25519_SECKEY_LEN); - if (crypto_rand((char*)out, CURVE25519_SECKEY_LEN) < 0) - return -1; - if (extra_strong && !crypto_strongest_rand(k_tmp, CURVE25519_SECKEY_LEN)) { - /* If they asked for extra-strong entropy and we have some, use it as an - * HMAC key to improve not-so-good entropy rather than using it directly, - * just in case the extra-strong entropy is less amazing than we hoped. */ - crypto_hmac_sha256((char*) out, - (const char *)k_tmp, sizeof(k_tmp), - (const char *)out, CURVE25519_SECKEY_LEN); - } - memwipe(k_tmp, 0, sizeof(k_tmp)); return 0; } @@ -161,7 +157,7 @@ curve25519_keypair_generate(curve25519_keypair_t *keypair_out, return 0; } -/** DOCDOC */ +/* DOCDOC */ int curve25519_keypair_write_to_file(const curve25519_keypair_t *keypair, const char *fname, @@ -184,7 +180,7 @@ curve25519_keypair_write_to_file(const curve25519_keypair_t *keypair, return r; } -/** DOCDOC */ +/* DOCDOC */ int curve25519_keypair_read_from_file(curve25519_keypair_t *keypair_out, char **tag_out, diff --git a/src/common/crypto_curve25519.h b/src/common/crypto_curve25519.h index d868b3918b..547e393567 100644 --- a/src/common/crypto_curve25519.h +++ b/src/common/crypto_curve25519.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2015, The Tor Project, Inc. */ +/* Copyright (c) 2012-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_CRYPTO_CURVE25519_H diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c index 7e995f4616..ea2d8e3892 100644 --- a/src/common/crypto_ed25519.c +++ b/src/common/crypto_ed25519.c @@ -1,7 +1,11 @@ -/* Copyright (c) 2013-2015, The Tor Project, Inc. */ +/* Copyright (c) 2013-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ -/* Wrapper code for an ed25519 implementation. */ +/** + * \file crypto_ed25519.c + * + * \brief Wrapper code for an ed25519 implementation. + */ #include "orconfig.h" #ifdef HAVE_SYS_STAT_H @@ -96,6 +100,28 @@ get_ed_impl(void) return ed25519_impl; } +#ifdef TOR_UNIT_TESTS +static const ed25519_impl_t *saved_ed25519_impl = NULL; +void +crypto_ed25519_testing_force_impl(const char *name) +{ + tor_assert(saved_ed25519_impl == NULL); + saved_ed25519_impl = ed25519_impl; + if (! strcmp(name, "donna")) { + ed25519_impl = &impl_donna; + } else { + tor_assert(!strcmp(name, "ref10")); + ed25519_impl = &impl_ref10; + } +} +void +crypto_ed25519_testing_restore_impl(void) +{ + ed25519_impl = saved_ed25519_impl; + saved_ed25519_impl = NULL; +} +#endif + /** * Initialize a new ed25519 secret key in <b>seckey_out</b>. If * <b>extra_strong</b>, take the RNG inputs directly from the operating @@ -107,7 +133,9 @@ ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out, { int r; uint8_t seed[32]; - if (! extra_strong || crypto_strongest_rand(seed, sizeof(seed)) < 0) + if (extra_strong) + crypto_strongest_rand(seed, sizeof(seed)); + else crypto_rand((char*)seed, sizeof(seed)); r = get_ed_impl()->seckey_expand(seckey_out->seckey, seed); @@ -260,6 +288,7 @@ ed25519_checksig_batch(int *okay_out, tor_free(ms); tor_free(lens); tor_free(pks); + tor_free(sigs); if (! okay_out) tor_free(oks); } @@ -385,7 +414,7 @@ ed25519_seckey_write_to_file(const ed25519_secret_key_t *seckey, /** * Read seckey unencrypted from <b>filename</b>, storing it into - * <b>seckey_out</b>. Set *<b>tag_out</> to the tag it was marked with. + * <b>seckey_out</b>. Set *<b>tag_out</b> to the tag it was marked with. * Return 0 on success, -1 on failure. */ int diff --git a/src/common/crypto_ed25519.h b/src/common/crypto_ed25519.h index bdac12eb27..44c2ad9775 100644 --- a/src/common/crypto_ed25519.h +++ b/src/common/crypto_ed25519.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2015, The Tor Project, Inc. */ +/* Copyright (c) 2012-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_CRYPTO_ED25519_H @@ -111,5 +111,10 @@ int ed25519_pubkey_eq(const ed25519_public_key_t *key1, void ed25519_set_impl_params(int use_donna); void ed25519_init(void); +#ifdef TOR_UNIT_TESTS +void crypto_ed25519_testing_force_impl(const char *name); +void crypto_ed25519_testing_restore_impl(void); +#endif + #endif diff --git a/src/common/crypto_format.c b/src/common/crypto_format.c index d4ecd5b192..bdf9bfd613 100644 --- a/src/common/crypto_format.c +++ b/src/common/crypto_format.c @@ -1,10 +1,14 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ -/* Formatting and parsing code for crypto-related data structures. */ +/** + * \file crypto_format.c + * + * \brief Formatting and parsing code for crypto-related data structures. + */ #include "orconfig.h" #ifdef HAVE_SYS_STAT_H diff --git a/src/common/crypto_format.h b/src/common/crypto_format.h index b972d3f509..012e228cc4 100644 --- a/src/common/crypto_format.h +++ b/src/common/crypto_format.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_CRYPTO_FORMAT_H diff --git a/src/common/crypto_pwbox.c b/src/common/crypto_pwbox.c index b866c7ef39..819dc0c39d 100644 --- a/src/common/crypto_pwbox.c +++ b/src/common/crypto_pwbox.c @@ -1,3 +1,12 @@ +/* Copyright (c) 2014-2016, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file crypto_pwbox.c + * + * \brief Code for encrypting secrets in a password-protected form and saving + * them to disk. + */ #include "crypto.h" #include "crypto_s2k.h" diff --git a/src/common/crypto_s2k.c b/src/common/crypto_s2k.c index 99f3b2ebbc..149c39344c 100644 --- a/src/common/crypto_s2k.c +++ b/src/common/crypto_s2k.c @@ -1,9 +1,15 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ +/** + * \file crypto_s2k.c + * + * \brief Functions for deriving keys from human-readable passphrases. + */ + #define CRYPTO_S2K_PRIVATE #include "crypto.h" @@ -51,7 +57,8 @@ #define SCRYPT_KEY_LEN 32 /** Given an algorithm ID (one of S2K_TYPE_*), return the length of the - * specifier part of it, without the prefix type byte. */ + * specifier part of it, without the prefix type byte. Return -1 if it is not + * a valid algorithm ID. */ static int secret_to_key_spec_len(uint8_t type) { @@ -80,7 +87,8 @@ secret_to_key_key_len(uint8_t type) case S2K_TYPE_SCRYPT: return DIGEST256_LEN; default: - return -1; + tor_fragile_assert(); // LCOV_EXCL_LINE + return -1; // LCOV_EXCL_LINE } } diff --git a/src/common/crypto_s2k.h b/src/common/crypto_s2k.h index 66df24c3c4..9b186450b1 100644 --- a/src/common/crypto_s2k.h +++ b/src/common/crypto_s2k.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_CRYPTO_S2K_H_INCLUDED diff --git a/src/common/di_ops.c b/src/common/di_ops.c index c9d1350880..5dfe828066 100644 --- a/src/common/di_ops.c +++ b/src/common/di_ops.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2015, The Tor Project, Inc. */ +/* Copyright (c) 2011-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -25,6 +25,9 @@ int tor_memcmp(const void *a, const void *b, size_t len) { +#ifdef HAVE_TIMINGSAFE_MEMCMP + return timingsafe_memcmp(a, b, len); +#else const uint8_t *x = a; const uint8_t *y = b; size_t i = len; @@ -83,6 +86,7 @@ tor_memcmp(const void *a, const void *b, size_t len) } return retval; +#endif /* timingsafe_memcmp */ } /** diff --git a/src/common/di_ops.h b/src/common/di_ops.h index bbb1caa00c..6e77b5cfd7 100644 --- a/src/common/di_ops.h +++ b/src/common/di_ops.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/common/handles.h b/src/common/handles.h new file mode 100644 index 0000000000..1ee2322579 --- /dev/null +++ b/src/common/handles.h @@ -0,0 +1,153 @@ +/* Copyright (c) 2016, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file handles.h + * \brief Macros for C weak-handle implementation. + * + * A 'handle' is a pointer to an object that is allowed to go away while + * the handle stays alive. When you dereference the handle, you might get + * the object, or you might get "NULL". + * + * Use this pattern when an object has a single obvious lifespan, so you don't + * want to use reference counting, but when other objects might need to refer + * to the first object without caring about its lifetime. + * + * To enable a type to have handles, add a HANDLE_ENTRY() field in its + * definition, as in: + * + * struct walrus { + * HANDLE_ENTRY(wlr, walrus); + * // ... + * }; + * + * And invoke HANDLE_DECL(wlr, walrus, [static]) to declare the handle + * manipulation functions (typically in a header): + * + * // opaque handle to walrus. + * typedef struct wlr_handle_t wlr_handle_t; + * + * // make a new handle + * struct wlr_handle_t *wlr_handle_new(struct walrus *); + * + * // release a handle + * void wlr_handle_free(wlr_handle_t *); + * + * // return the pointed-to walrus, or NULL. + * struct walrus *wlr_handle_get(wlr_handle_t *). + * + * // call this function when you're about to free the walrus; + * // it invalidates all handles. (IF YOU DON'T, YOU WILL HAVE + * // DANGLING REFERENCES) + * void wlr_handles_clear(struct walrus *); + * + * Finally, use HANDLE_IMPL() to define the above functions in some + * appropriate C file: HANDLE_IMPL(wlr, walrus, [static]) + * + **/ + +#ifndef TOR_HANDLE_H +#define TOR_HANDLE_H + +#include "orconfig.h" +#include "tor_queue.h" +#include "util.h" + +#define HANDLE_ENTRY(name, structname) \ + struct name ## _handle_head_t *handle_head + +#define HANDLE_DECL(name, structname, linkage) \ + typedef struct name ## _handle_t name ## _handle_t; \ + linkage name ## _handle_t *name ## _handle_new(struct structname *object); \ + linkage void name ## _handle_free(name ## _handle_t *); \ + linkage struct structname *name ## _handle_get(name ## _handle_t *); \ + linkage void name ## _handles_clear(struct structname *object); + +/* + * Implementation notes: there are lots of possible implementations here. We + * could keep a linked list of handles, each with a backpointer to the object, + * and set all of their backpointers to NULL when the object is freed. Or we + * could have the clear function invalidate the object, but not actually let + * the object get freed until the all the handles went away. We could even + * have a hash-table mapping unique identifiers to objects, and have each + * handle be a copy of the unique identifier. (We'll want to build that last + * one eventually if we want cross-process handles.) + * + * But instead we're opting for a single independent 'head' that knows how + * many handles there are, and where the object is (or isn't). This makes + * all of our functions O(1), and most as fast as a single pointer access. + * + * The handles themselves are opaque structures holding a pointer to the head. + * We could instead have each foo_handle_t* be identical to foo_handle_head_t + * *, and save some allocations ... but doing so would make handle leaks + * harder to debug. As it stands, every handle leak is a memory leak, and + * existing memory debugging tools should help with those. We can revisit + * this decision if handles are too slow. + */ + +#define HANDLE_IMPL(name, structname, linkage) \ + /* The 'head' object for a handle-accessible type. This object */ \ + /* persists for as long as the object, or any handles, exist. */ \ + typedef struct name ## _handle_head_t { \ + struct structname *object; /* pointed-to object, or NULL */ \ + unsigned int references; /* number of existing handles */ \ + } name ## _handle_head_t; \ + \ + struct name ## _handle_t { \ + struct name ## _handle_head_t *head; /* reference to the 'head'. */ \ + }; \ + \ + linkage struct name ## _handle_t * \ + name ## _handle_new(struct structname *object) \ + { \ + tor_assert(object); \ + name ## _handle_head_t *head = object->handle_head; \ + if (PREDICT_UNLIKELY(head == NULL)) { \ + head = object->handle_head = tor_malloc_zero(sizeof(*head)); \ + head->object = object; \ + } \ + name ## _handle_t *new_ref = tor_malloc_zero(sizeof(*new_ref)); \ + new_ref->head = head; \ + ++head->references; \ + return new_ref; \ + } \ + \ + linkage void \ + name ## _handle_free(struct name ## _handle_t *ref) \ + { \ + if (! ref) return; \ + name ## _handle_head_t *head = ref->head; \ + tor_assert(head); \ + --head->references; \ + tor_free(ref); \ + if (head->object == NULL && head->references == 0) { \ + tor_free(head); \ + return; \ + } \ + } \ + \ + linkage struct structname * \ + name ## _handle_get(struct name ## _handle_t *ref) \ + { \ + tor_assert(ref); \ + name ## _handle_head_t *head = ref->head; \ + tor_assert(head); \ + return head->object; \ + } \ + \ + linkage void \ + name ## _handles_clear(struct structname *object) \ + { \ + tor_assert(object); \ + name ## _handle_head_t *head = object->handle_head; \ + if (! head) \ + return; \ + object->handle_head = NULL; \ + head->object = NULL; \ + if (head->references == 0) { \ + tor_free(head); \ + } \ + } + +#endif /* TOR_HANDLE_H */ + diff --git a/src/common/include.am b/src/common/include.am index 7de93ba2ac..bae90ad977 100644 --- a/src/common/include.am +++ b/src/common/include.am @@ -68,17 +68,18 @@ LIBOR_A_SOURCES = \ src/common/log.c \ src/common/memarea.c \ src/common/util.c \ + src/common/util_bug.c \ src/common/util_format.c \ src/common/util_process.c \ src/common/sandbox.c \ src/common/workqueue.c \ src/ext/csiphash.c \ - src/ext/trunnel/trunnel.c \ $(libor_extra_source) \ $(threads_impl_source) \ $(readpassphrase_source) -src/common/log.o: micro-revision.i +src/common/src_common_libor_testing_a-log.$(OBJEXT) \ + src/common/log.$(OBJEXT): micro-revision.i LIBOR_CRYPTO_A_SOURCES = \ src/common/aes.c \ @@ -88,13 +89,14 @@ LIBOR_CRYPTO_A_SOURCES = \ src/common/crypto_format.c \ src/common/torgzip.c \ src/common/tortls.c \ - src/trunnel/pwbox.c \ src/common/crypto_curve25519.c \ src/common/crypto_ed25519.c LIBOR_EVENT_A_SOURCES = \ src/common/compat_libevent.c \ - src/common/procmon.c + src/common/procmon.c \ + src/common/timers.c \ + src/ext/timeouts/timeout.c src_common_libor_a_SOURCES = $(LIBOR_A_SOURCES) src_common_libor_crypto_a_SOURCES = $(LIBOR_CRYPTO_A_SOURCES) @@ -118,6 +120,7 @@ COMMONHEADERS = \ src/common/ciphers.inc \ src/common/compat.h \ src/common/compat_libevent.h \ + src/common/compat_openssl.h \ src/common/compat_threads.h \ src/common/container.h \ src/common/crypto.h \ @@ -127,16 +130,19 @@ COMMONHEADERS = \ src/common/crypto_pwbox.h \ src/common/crypto_s2k.h \ src/common/di_ops.h \ + src/common/handles.h \ src/common/memarea.h \ src/common/linux_syscalls.inc \ src/common/procmon.h \ src/common/sandbox.h \ src/common/testsupport.h \ + src/common/timers.h \ src/common/torgzip.h \ src/common/torint.h \ src/common/torlog.h \ src/common/tortls.h \ src/common/util.h \ + src/common/util_bug.h \ src/common/util_format.h \ src/common/util_process.h \ src/common/workqueue.h diff --git a/src/common/log.c b/src/common/log.c index e23691b6ab..6c387c6244 100644 --- a/src/common/log.c +++ b/src/common/log.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -64,7 +64,7 @@ typedef struct logfile_t { static void log_free(logfile_t *victim); /** Helper: map a log severity to descriptive string. */ -static INLINE const char * +static inline const char * sev_to_string(int severity) { switch (severity) { @@ -80,7 +80,7 @@ sev_to_string(int severity) } /** Helper: decide whether to include the function name in the log message. */ -static INLINE int +static inline int should_log_function_name(log_domain_mask_t domain, int severity) { switch (severity) { @@ -149,10 +149,14 @@ static int pretty_fn_has_parens = 0; /** Lock the log_mutex to prevent others from changing the logfile_t list */ #define LOCK_LOGS() STMT_BEGIN \ + tor_assert(log_mutex_initialized); \ tor_mutex_acquire(&log_mutex); \ STMT_END /** Unlock the log_mutex */ -#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(&log_mutex); STMT_END +#define UNLOCK_LOGS() STMT_BEGIN \ + tor_assert(log_mutex_initialized); \ + tor_mutex_release(&log_mutex); \ + STMT_END /** What's the lowest log level anybody cares about? Checking this lets us * bail out early from log_debug if we aren't debugging. */ @@ -163,7 +167,7 @@ static void close_log(logfile_t *victim); static char *domain_to_string(log_domain_mask_t domain, char *buf, size_t buflen); -static INLINE char *format_msg(char *buf, size_t buf_len, +static inline char *format_msg(char *buf, size_t buf_len, log_domain_mask_t domain, int severity, const char *funcname, const char *suffix, const char *format, va_list ap, size_t *msg_len_out) @@ -199,7 +203,7 @@ set_log_time_granularity(int granularity_msec) /** Helper: Write the standard prefix for log lines to a * <b>buf_len</b> character buffer in <b>buf</b>. */ -static INLINE size_t +static inline size_t log_prefix_(char *buf, size_t buf_len, int severity) { time_t t; @@ -278,7 +282,7 @@ const char bug_suffix[] = " (on Tor " VERSION * than once.) Return a pointer to the first character of the message * portion of the formatted string. */ -static INLINE char * +static inline char * format_msg(char *buf, size_t buf_len, log_domain_mask_t domain, int severity, const char *funcname, const char *suffix, @@ -393,7 +397,7 @@ pending_log_message_free(pending_log_message_t *msg) /** Return true iff <b>lf</b> would like to receive a message with the * specified <b>severity</b> in the specified <b>domain</b>. */ -static INLINE int +static inline int logfile_wants_message(const logfile_t *lf, int severity, log_domain_mask_t domain) { @@ -416,7 +420,7 @@ logfile_wants_message(const logfile_t *lf, int severity, * we already deferred this message for pending callbacks and don't need to do * it again. Otherwise, if we need to do it, do it, and set * <b>callbacks_deferred</b> to 1. */ -static INLINE void +static inline void logfile_deliver(logfile_t *lf, const char *buf, size_t msg_len, const char *msg_after_prefix, log_domain_mask_t domain, int severity, int *callbacks_deferred) @@ -482,9 +486,12 @@ logv,(int severity, log_domain_mask_t domain, const char *funcname, /* check that severity is sane. Overrunning the masks array leads to * interesting and hard to diagnose effects */ assert(severity >= LOG_ERR && severity <= LOG_DEBUG); + /* check that we've initialised the log mutex before we try to lock it */ + assert(log_mutex_initialized); LOCK_LOGS(); - if ((! (domain & LD_NOCB)) && smartlist_len(pending_cb_messages)) + if ((! (domain & LD_NOCB)) && pending_cb_messages + && smartlist_len(pending_cb_messages)) flush_pending_log_callbacks(); if (queue_startup_messages && @@ -939,7 +946,7 @@ flush_pending_log_callbacks(void) smartlist_t *messages, *messages_tmp; LOCK_LOGS(); - if (0 == smartlist_len(pending_cb_messages)) { + if (!pending_cb_messages || 0 == smartlist_len(pending_cb_messages)) { UNLOCK_LOGS(); return; } @@ -1097,14 +1104,25 @@ add_file_log(const log_severity_list_t *severity, const char *filename, #ifdef HAVE_SYSLOG_H /** * Add a log handler to send messages to they system log facility. + * + * If this is the first log handler, opens syslog with ident Tor or + * Tor-<syslog_identity_tag> if that is not NULL. */ int -add_syslog_log(const log_severity_list_t *severity) +add_syslog_log(const log_severity_list_t *severity, + const char* syslog_identity_tag) { logfile_t *lf; - if (syslog_count++ == 0) + if (syslog_count++ == 0) { /* This is the first syslog. */ - openlog("Tor", LOG_PID | LOG_NDELAY, LOGFACILITY); + static char buf[256]; + if (syslog_identity_tag) { + tor_snprintf(buf, sizeof(buf), "Tor-%s", syslog_identity_tag); + } else { + tor_snprintf(buf, sizeof(buf), "Tor"); + } + openlog(buf, LOG_PID | LOG_NDELAY, LOGFACILITY); + } lf = tor_malloc_zero(sizeof(logfile_t)); lf->fd = -1; diff --git a/src/common/memarea.c b/src/common/memarea.c index 6841ba54e7..61117288c3 100644 --- a/src/common/memarea.c +++ b/src/common/memarea.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2008-2015, The Tor Project, Inc. */ +/* Copyright (c) 2008-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** \file memarea.c @@ -21,16 +21,19 @@ * value. */ #define MEMAREA_ALIGN SIZEOF_VOID_P +/** A value which, when masked out of a pointer, produces a maximally aligned + * pointer. */ #if MEMAREA_ALIGN == 4 -#define MEMAREA_ALIGN_MASK 3lu +#define MEMAREA_ALIGN_MASK ((uintptr_t)3) #elif MEMAREA_ALIGN == 8 -#define MEMAREA_ALIGN_MASK 7lu +#define MEMAREA_ALIGN_MASK ((uintptr_t)7) #else #error "void* is neither 4 nor 8 bytes long. I don't know how to align stuff." #endif #if defined(__GNUC__) && defined(FLEXIBLE_ARRAY_MEMBER) #define USE_ALIGNED_ATTRIBUTE +/** Name for the 'memory' member of a memory chunk. */ #define U_MEM mem #else #define U_MEM u.mem @@ -61,7 +64,7 @@ #endif /** Increment <b>ptr</b> until it is aligned to MEMAREA_ALIGN. */ -static INLINE void * +static inline void * realign_pointer(void *ptr) { uintptr_t x = (uintptr_t)ptr; @@ -83,12 +86,14 @@ typedef struct memarea_chunk_t { * greater than or equal to mem+mem_size, this chunk is * full. */ #ifdef USE_ALIGNED_ATTRIBUTE + /** Actual content of the memory chunk. */ char mem[FLEXIBLE_ARRAY_MEMBER] __attribute__((aligned(MEMAREA_ALIGN))); #else union { char mem[1]; /**< Memory space in this chunk. */ void *void_for_alignment_; /**< Dummy; used to make sure mem is aligned. */ - } u; + } u; /**< Union used to enforce alignment when we don't have support for + * doing it right. */ #endif } memarea_chunk_t; @@ -105,56 +110,32 @@ struct memarea_t { memarea_chunk_t *first; /**< Top of the chunk stack: never NULL. */ }; -/** How many chunks will we put into the freelist before freeing them? */ -#define MAX_FREELIST_LEN 4 -/** The number of memarea chunks currently in our freelist. */ -static int freelist_len=0; -/** A linked list of unused memory area chunks. Used to prevent us from - * spinning in malloc/free loops. */ -static memarea_chunk_t *freelist = NULL; - /** Helper: allocate a new memarea chunk of around <b>chunk_size</b> bytes. */ static memarea_chunk_t * -alloc_chunk(size_t sz, int freelist_ok) +alloc_chunk(size_t sz) { tor_assert(sz < SIZE_T_CEILING); - if (freelist && freelist_ok) { - memarea_chunk_t *res = freelist; - freelist = res->next_chunk; - res->next_chunk = NULL; - --freelist_len; - CHECK_SENTINEL(res); - return res; - } else { - size_t chunk_size = freelist_ok ? CHUNK_SIZE : sz; - memarea_chunk_t *res; - chunk_size += SENTINEL_LEN; - res = tor_malloc(chunk_size); - res->next_chunk = NULL; - res->mem_size = chunk_size - CHUNK_HEADER_SIZE - SENTINEL_LEN; - res->next_mem = res->U_MEM; - tor_assert(res->next_mem+res->mem_size+SENTINEL_LEN == - ((char*)res)+chunk_size); - tor_assert(realign_pointer(res->next_mem) == res->next_mem); - SET_SENTINEL(res); - return res; - } + + size_t chunk_size = sz < CHUNK_SIZE ? CHUNK_SIZE : sz; + memarea_chunk_t *res; + chunk_size += SENTINEL_LEN; + res = tor_malloc(chunk_size); + res->next_chunk = NULL; + res->mem_size = chunk_size - CHUNK_HEADER_SIZE - SENTINEL_LEN; + res->next_mem = res->U_MEM; + tor_assert(res->next_mem+res->mem_size+SENTINEL_LEN == + ((char*)res)+chunk_size); + tor_assert(realign_pointer(res->next_mem) == res->next_mem); + SET_SENTINEL(res); + return res; } -/** Release <b>chunk</b> from a memarea, either by adding it to the freelist - * or by freeing it if the freelist is already too big. */ +/** Release <b>chunk</b> from a memarea. */ static void -chunk_free_unchecked(memarea_chunk_t *chunk) +memarea_chunk_free_unchecked(memarea_chunk_t *chunk) { CHECK_SENTINEL(chunk); - if (freelist_len < MAX_FREELIST_LEN) { - ++freelist_len; - chunk->next_chunk = freelist; - freelist = chunk; - chunk->next_mem = chunk->U_MEM; - } else { - tor_free(chunk); - } + tor_free(chunk); } /** Allocate and return new memarea. */ @@ -162,7 +143,7 @@ memarea_t * memarea_new(void) { memarea_t *head = tor_malloc(sizeof(memarea_t)); - head->first = alloc_chunk(CHUNK_SIZE, 1); + head->first = alloc_chunk(CHUNK_SIZE); return head; } @@ -174,7 +155,7 @@ memarea_drop_all(memarea_t *area) memarea_chunk_t *chunk, *next; for (chunk = area->first; chunk; chunk = next) { next = chunk->next_chunk; - chunk_free_unchecked(chunk); + memarea_chunk_free_unchecked(chunk); } area->first = NULL; /*fail fast on */ tor_free(area); @@ -190,26 +171,13 @@ memarea_clear(memarea_t *area) if (area->first->next_chunk) { for (chunk = area->first->next_chunk; chunk; chunk = next) { next = chunk->next_chunk; - chunk_free_unchecked(chunk); + memarea_chunk_free_unchecked(chunk); } area->first->next_chunk = NULL; } area->first->next_mem = area->first->U_MEM; } -/** Remove all unused memarea chunks from the internal freelist. */ -void -memarea_clear_freelist(void) -{ - memarea_chunk_t *chunk, *next; - freelist_len = 0; - for (chunk = freelist; chunk; chunk = next) { - next = chunk->next_chunk; - tor_free(chunk); - } - freelist = NULL; -} - /** Return true iff <b>p</b> is in a range that has been returned by an * allocation from <b>area</b>. */ int @@ -241,12 +209,12 @@ memarea_alloc(memarea_t *area, size_t sz) if (sz+CHUNK_HEADER_SIZE >= CHUNK_SIZE) { /* This allocation is too big. Stick it in a special chunk, and put * that chunk second in the list. */ - memarea_chunk_t *new_chunk = alloc_chunk(sz+CHUNK_HEADER_SIZE, 0); + memarea_chunk_t *new_chunk = alloc_chunk(sz+CHUNK_HEADER_SIZE); new_chunk->next_chunk = chunk->next_chunk; chunk->next_chunk = new_chunk; chunk = new_chunk; } else { - memarea_chunk_t *new_chunk = alloc_chunk(CHUNK_SIZE, 1); + memarea_chunk_t *new_chunk = alloc_chunk(CHUNK_SIZE); new_chunk->next_chunk = chunk; area->first = chunk = new_chunk; } diff --git a/src/common/memarea.h b/src/common/memarea.h index d14f3a2bae..85bca51ad3 100644 --- a/src/common/memarea.h +++ b/src/common/memarea.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2008-2015, The Tor Project, Inc. */ +/* Copyright (c) 2008-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* Tor dependencies */ @@ -18,7 +18,6 @@ char *memarea_strdup(memarea_t *area, const char *s); char *memarea_strndup(memarea_t *area, const char *s, size_t n); void memarea_get_stats(memarea_t *area, size_t *allocated_out, size_t *used_out); -void memarea_clear_freelist(void); void memarea_assert_ok(memarea_t *area); #endif diff --git a/src/common/procmon.c b/src/common/procmon.c index 2d0f021724..12d53fcd41 100644 --- a/src/common/procmon.c +++ b/src/common/procmon.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2015, The Tor Project, Inc. */ +/* Copyright (c) 2011-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -192,7 +192,8 @@ tor_process_monitor_new(struct event_base *base, tor_procmon_callback_t cb, void *cb_arg, const char **msg) { - tor_process_monitor_t *procmon = tor_malloc(sizeof(tor_process_monitor_t)); + tor_process_monitor_t *procmon = tor_malloc_zero( + sizeof(tor_process_monitor_t)); struct parsed_process_specifier_t ppspec; tor_assert(msg != NULL); diff --git a/src/common/procmon.h b/src/common/procmon.h index ccee6bfac6..49ead24092 100644 --- a/src/common/procmon.h +++ b/src/common/procmon.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2015, The Tor Project, Inc. */ +/* Copyright (c) 2011-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 161eab7aad..70c5bbd07c 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -1,7 +1,7 @@ -/* Copyright (c) 2001 Matej Pfajfar. + /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -48,7 +48,7 @@ #include <sys/epoll.h> #include <sys/prctl.h> #include <linux/futex.h> -#include <bits/signum.h> +#include <sys/file.h> #include <stdarg.h> #include <seccomp.h> @@ -177,11 +177,20 @@ static int filter_nopar_gen[] = { SCMP_SYS(mmap), #endif SCMP_SYS(munmap), +#ifdef __NR_prlimit + SCMP_SYS(prlimit), +#endif +#ifdef __NR_prlimit64 + SCMP_SYS(prlimit64), +#endif SCMP_SYS(read), SCMP_SYS(rt_sigreturn), SCMP_SYS(sched_getaffinity), SCMP_SYS(sendmsg), SCMP_SYS(set_robust_list), +#ifdef __NR_setrlimit + SCMP_SYS(setrlimit), +#endif #ifdef __NR_sigreturn SCMP_SYS(sigreturn), #endif @@ -199,6 +208,10 @@ static int filter_nopar_gen[] = { SCMP_SYS(stat64), #endif +#ifdef __NR_getrandom + SCMP_SYS(getrandom), +#endif + /* * These socket syscalls are not required on x86_64 and not supported with * some libseccomp versions (eg: 1.0.1) @@ -423,7 +436,8 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open), - SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY, O_RDONLY)); + SCMP_CMP_MASKED(1, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, + O_RDONLY)); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp " "error %d", rc); @@ -434,6 +448,56 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } static int +sb_chmod(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + int rc; + sandbox_cfg_t *elem = NULL; + + // for each dynamic parameter filters + for (elem = filter; elem != NULL; elem = elem->next) { + smp_param_t *param = elem->param; + + if (param != NULL && param->prot == 1 && param->syscall + == SCMP_SYS(chmod)) { + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chmod), + SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value)); + if (rc != 0) { + log_err(LD_BUG,"(Sandbox) failed to add open syscall, received " + "libseccomp error %d", rc); + return rc; + } + } + } + + return 0; +} + +static int +sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + int rc; + sandbox_cfg_t *elem = NULL; + + // for each dynamic parameter filters + for (elem = filter; elem != NULL; elem = elem->next) { + smp_param_t *param = elem->param; + + if (param != NULL && param->prot == 1 && param->syscall + == SCMP_SYS(chown)) { + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chown), + SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value)); + if (rc != 0) { + log_err(LD_BUG,"(Sandbox) failed to add open syscall, received " + "libseccomp error %d", rc); + return rc; + } + } + } + + return 0; +} + +static int sb__sysctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter) { int rc; @@ -966,6 +1030,8 @@ static sandbox_filter_func_t filter_func[] = { #ifdef __NR_mmap2 sb_mmap2, #endif + sb_chown, + sb_chmod, sb_open, sb_openat, sb__sysctl, @@ -1016,7 +1082,7 @@ sandbox_intern_string(const char *str) return str; } -/** DOCDOC */ +/* DOCDOC */ static int prot_strings_helper(strmap_t *locations, char **pr_mem_next_p, @@ -1242,6 +1308,40 @@ sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file) } int +sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file) +{ + sandbox_cfg_t *elem = NULL; + + elem = new_element(SCMP_SYS(chmod), file); + if (!elem) { + log_err(LD_BUG,"(Sandbox) failed to register parameter!"); + return -1; + } + + elem->next = *cfg; + *cfg = elem; + + return 0; +} + +int +sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file) +{ + sandbox_cfg_t *elem = NULL; + + elem = new_element(SCMP_SYS(chown), file); + if (!elem) { + log_err(LD_BUG,"(Sandbox) failed to register parameter!"); + return -1; + } + + elem->next = *cfg; + *cfg = elem; + + return 0; +} + +int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2) { sandbox_cfg_t *elem = NULL; @@ -1598,7 +1698,7 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context) const char *syscall_name; int syscall; #ifdef USE_BACKTRACE - int depth; + size_t depth; int n_fds, i; const int *fds = NULL; #endif @@ -1630,7 +1730,7 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context) #ifdef USE_BACKTRACE n_fds = tor_log_get_sigsafe_err_fds(&fds); for (i=0; i < n_fds; ++i) - backtrace_symbols_fd(syscall_cb_buf, depth, fds[i]); + backtrace_symbols_fd(syscall_cb_buf, (int)depth, fds[i]); #endif #if defined(DEBUGGING_CLOSE) @@ -1785,6 +1885,20 @@ sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file) } int +sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file) +{ + (void)cfg; (void)file; + return 0; +} + +int +sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file) +{ + (void)cfg; (void)file; + return 0; +} + +int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2) { (void)cfg; (void)file1; (void)file2; diff --git a/src/common/sandbox.h b/src/common/sandbox.h index 36d25d6516..2defd8bbd4 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -42,6 +42,9 @@ typedef struct sandbox_cfg_elem sandbox_cfg_t; #ifndef __USE_GNU #define __USE_GNU #endif +#ifndef _GNU_SOURCE +#define _GNU_SOURCE +#endif #include <sys/ucontext.h> #include <seccomp.h> #include <netdb.h> @@ -146,7 +149,10 @@ sandbox_cfg_t * sandbox_cfg_new(void); */ int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file); -/**DOCDOC*/ +int sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file); +int sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file); + +/* DOCDOC */ int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2); /** diff --git a/src/common/testsupport.h b/src/common/testsupport.h index db7700aeb0..3bb11a7e41 100644 --- a/src/common/testsupport.h +++ b/src/common/testsupport.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2015, The Tor Project, Inc. */ +/* Copyright (c) 2013-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_TESTSUPPORT_H diff --git a/src/common/timers.c b/src/common/timers.c new file mode 100644 index 0000000000..5d8d1feafd --- /dev/null +++ b/src/common/timers.c @@ -0,0 +1,297 @@ +/* Copyright (c) 2016, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file timers.c + * \brief Wrapper around William Ahern's fast hierarchical timer wheel + * implementation, to tie it in with a libevent backend. + * + * Only use these functions from the main thread. + * + * The main advantage of tor_timer_t over using libevent's timers is that + * they're way more efficient if we need to have thousands or millions of + * them. For more information, see + * http://www.25thandclement.com/~william/projects/timeout.c.html + * + * Periodic timers are available in the backend, but I've turned them off. + * We can turn them back on if needed. + */ + +/* Notes: + * + * The use of tor_gettimeofday_cached_monotonic() is kind of ugly. It would + * be neat to fix it. + * + * Having a way to free all timers on shutdown would free people from the + * need to track them. Not sure if that's clever though. + * + * In an ideal world, Libevent would just switch to use this backend, and we + * could throw this file away. But even if Libevent does switch, we'll be + * stuck with legacy libevents for some time. + */ + +#include "orconfig.h" + +#include "compat.h" +#include "compat_libevent.h" +#include "timers.h" +#include "torlog.h" +#include "util.h" + +#ifdef HAVE_EVENT2_EVENT_H +#include <event2/event.h> +#else +#include <event.h> +#endif + +struct timeout_cb { + timer_cb_fn_t cb; + void *arg; +}; + +/* + * These definitions are for timeouts.c and timeouts.h. + */ +#ifdef __GNUC__ +/* We're not exposing any of the functions outside this file. */ +#define TIMEOUT_PUBLIC __attribute__((__unused__)) static +#else +/* We're not exposing any of the functions outside this file. */ +#define TIMEOUT_PUBLIC static +#endif +/* We're not using periodic events. */ +#define TIMEOUT_DISABLE_INTERVALS +/* We always know the global_timeouts object, so we don't need each timeout + * to keep a pointer to it. */ +#define TIMEOUT_DISABLE_RELATIVE_ACCESS +/* We're providing our own struct timeout_cb. */ +#define TIMEOUT_CB_OVERRIDE +/* We're going to support timers that are pretty far out in advance. Making + * this big can be inefficient, but having a significant number of timers + * above TIMEOUT_MAX can also be super-inefficent. Choosing 5 here sets + * timeout_max to 2^30 ticks, or 29 hours with our value for USEC_PER_TICK */ +#define WHEEL_NUM 5 +#include "src/ext/timeouts/timeout.c" + +static struct timeouts *global_timeouts = NULL; +static struct event *global_timer_event = NULL; + +/** We need to choose this value carefully. Because we're using timer wheels, + * it actually costs us to have extra resolution we don't use. So for now, + * I'm going to define our resolution as .1 msec, and hope that's good enough. + * + * Note that two of the most popular libevent backends (epoll without timerfd, + * and windows select), simply can't support sub-millisecond resolution, + * do this is optimistic for a lot of users. + */ +#define USEC_PER_TICK 100 + +/** One million microseconds in a second */ +#define USEC_PER_SEC 1000000 + +/** Check at least once every N seconds. */ +#define MIN_CHECK_SECONDS 3600 + +/** Check at least once every N ticks. */ +#define MIN_CHECK_TICKS \ + (((timeout_t)MIN_CHECK_SECONDS) * (1000000 / USEC_PER_TICK)) + +/** + * Convert the timeval in <b>tv</b> to a timeout_t, and return it. + * + * The output resolution is set by USEC_PER_TICK, and the time corresponding + * to 0 is the same as the time corresponding to 0 from + * tor_gettimeofday_cached_monotonic(). + */ +static timeout_t +tv_to_timeout(const struct timeval *tv) +{ + uint64_t usec = tv->tv_usec; + usec += ((uint64_t)USEC_PER_SEC) * tv->tv_sec; + return usec / USEC_PER_TICK; +} + +/** + * Convert the timeout in <b>t</b> to a timeval in <b>tv_out</b> + */ +static void +timeout_to_tv(timeout_t t, struct timeval *tv_out) +{ + t *= USEC_PER_TICK; + tv_out->tv_usec = (int)(t % USEC_PER_SEC); + tv_out->tv_sec = (time_t)(t / USEC_PER_SEC); +} + +/** + * Update the timer <b>tv</b> to the current time in <b>tv</b>. + */ +static void +timer_advance_to_cur_time(const struct timeval *tv) +{ + timeout_t cur_tick = tv_to_timeout(tv); + if (BUG(cur_tick < timeouts_get_curtime(global_timeouts))) { + cur_tick = timeouts_get_curtime(global_timeouts); // LCOV_EXCL_LINE + } + timeouts_update(global_timeouts, cur_tick); +} + +/** + * Adjust the time at which the libevent timer should fire based on + * the next-expiring time in <b>global_timeouts</b> + */ +static void +libevent_timer_reschedule(void) +{ + struct timeval now; + tor_gettimeofday_cached_monotonic(&now); + timer_advance_to_cur_time(&now); + + timeout_t delay = timeouts_timeout(global_timeouts); + struct timeval d; + if (delay > MIN_CHECK_TICKS) + delay = MIN_CHECK_TICKS; + timeout_to_tv(delay, &d); + event_add(global_timer_event, &d); +} + +/** + * Invoked when the libevent timer has expired: see which tor_timer_t events + * have fired, activate their callbacks, and reschedule the libevent timer. + */ +static void +libevent_timer_callback(evutil_socket_t fd, short what, void *arg) +{ + (void)fd; + (void)what; + (void)arg; + + struct timeval now; + tor_gettimeofday_cache_clear(); + tor_gettimeofday_cached_monotonic(&now); + timer_advance_to_cur_time(&now); + + tor_timer_t *t; + while ((t = timeouts_get(global_timeouts))) { + t->callback.cb(t, t->callback.arg, &now); + } + + tor_gettimeofday_cache_clear(); + libevent_timer_reschedule(); +} + +/** + * Initialize the timers subsystem. Requires that libevent has already been + * initialized. + */ +void +timers_initialize(void) +{ + if (BUG(global_timeouts)) + return; // LCOV_EXCL_LINE + + timeout_error_t err; + global_timeouts = timeouts_open(0, &err); + if (!global_timeouts) { + // LCOV_EXCL_START -- this can only fail on malloc failure. + log_err(LD_BUG, "Unable to open timer backend: %s", strerror(err)); + tor_assert(0); + // LCOV_EXCL_STOP + } + + struct event *timer_event; + timer_event = tor_event_new(tor_libevent_get_base(), + -1, 0, libevent_timer_callback, NULL); + tor_assert(timer_event); + global_timer_event = timer_event; + + libevent_timer_reschedule(); +} + +/** + * Release all storage held in the timers subsystem. Does not fire timers. + */ +void +timers_shutdown(void) +{ + if (global_timer_event) { + tor_event_free(global_timer_event); + global_timer_event = NULL; + } + if (global_timeouts) { + timeouts_close(global_timeouts); + global_timeouts = NULL; + } +} + +/** + * Allocate and return a new timer, with given callback and argument. + */ +tor_timer_t * +timer_new(timer_cb_fn_t cb, void *arg) +{ + tor_timer_t *t = tor_malloc(sizeof(tor_timer_t)); + timeout_init(t, 0); + timer_set_cb(t, cb, arg); + return t; +} + +/** + * Release all storage held by <b>t</b>, and unschedule it if was already + * scheduled. + */ +void +timer_free(tor_timer_t *t) +{ + if (! t) + return; + + timeouts_del(global_timeouts, t); + tor_free(t); +} + +/** + * Change the callback and argument associated with a timer <b>t</b>. + */ +void +timer_set_cb(tor_timer_t *t, timer_cb_fn_t cb, void *arg) +{ + t->callback.cb = cb; + t->callback.arg = arg; +} + +/** + * Schedule the timer t to fire at the current time plus a delay of <b>tv</b>. + * All times are relative to tor_gettimeofday_cached_monotonic. + */ +void +timer_schedule(tor_timer_t *t, const struct timeval *tv) +{ + const timeout_t when = tv_to_timeout(tv); + struct timeval now; + tor_gettimeofday_cached_monotonic(&now); + timer_advance_to_cur_time(&now); + + /* Take the old timeout value. */ + timeout_t to = timeouts_timeout(global_timeouts); + + timeouts_add(global_timeouts, t, when); + + /* Should we update the libevent timer? */ + if (to <= when) { + return; /* we're already going to fire before this timer would trigger. */ + } + libevent_timer_reschedule(); +} + +/** + * Cancel the timer <b>t</b> if it is currently scheduled. (It's okay to call + * this on an unscheduled timer. + */ +void +timer_disable(tor_timer_t *t) +{ + timeouts_del(global_timeouts, t); + /* We don't reschedule the libevent timer here, since it's okay if it fires + * early. */ +} + diff --git a/src/common/timers.h b/src/common/timers.h new file mode 100644 index 0000000000..594cf38a64 --- /dev/null +++ b/src/common/timers.h @@ -0,0 +1,22 @@ +/* Copyright (c) 2016, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef TOR_TIMERS_H +#define TOR_TIMERS_H + +#include "orconfig.h" +#include "testsupport.h" + +typedef struct timeout tor_timer_t; +typedef void (*timer_cb_fn_t)(tor_timer_t *, void *, const struct timeval *); +tor_timer_t *timer_new(timer_cb_fn_t cb, void *arg); +void timer_set_cb(tor_timer_t *t, timer_cb_fn_t cb, void *arg); +void timer_schedule(tor_timer_t *t, const struct timeval *delay); +void timer_disable(tor_timer_t *t); +void timer_free(tor_timer_t *t); + +void timers_initialize(void); +void timers_shutdown(void); + +#endif + diff --git a/src/common/torgzip.c b/src/common/torgzip.c index 4f23407e23..71e55f8723 100644 --- a/src/common/torgzip.c +++ b/src/common/torgzip.c @@ -1,6 +1,6 @@ /* Copyright (c) 2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -91,7 +91,7 @@ tor_zlib_get_header_version_str(void) } /** Return the 'bits' value to tell zlib to use <b>method</b>.*/ -static INLINE int +static inline int method_bits(compress_method_t method, zlib_compression_level_t level) { /* Bits+16 means "use gzip" in zlib >= 1.2 */ @@ -104,7 +104,7 @@ method_bits(compress_method_t method, zlib_compression_level_t level) } } -static INLINE int +static inline int get_memlevel(zlib_compression_level_t level) { switch (level) { diff --git a/src/common/torgzip.h b/src/common/torgzip.h index 0fc2deb6c4..00f62dcb45 100644 --- a/src/common/torgzip.h +++ b/src/common/torgzip.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/common/torint.h b/src/common/torint.h index 6171700898..58c30f41a8 100644 --- a/src/common/torint.h +++ b/src/common/torint.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -312,8 +312,6 @@ typedef uint32_t uintptr_t; #ifndef TIME_MAX -#ifdef TIME_T_IS_SIGNED - #if (SIZEOF_TIME_T == SIZEOF_INT) #define TIME_MAX ((time_t)INT_MAX) #elif (SIZEOF_TIME_T == SIZEOF_LONG) @@ -321,20 +319,24 @@ typedef uint32_t uintptr_t; #elif (SIZEOF_TIME_T == 8) #define TIME_MAX ((time_t)INT64_MAX) #else -#error "Can't define (signed) TIME_MAX" +#error "Can't define TIME_MAX" #endif -#else -/* Unsigned case */ -#if (SIZEOF_TIME_T == 4) -#define TIME_MAX ((time_t)UINT32_MAX) +#endif /* ifndef(TIME_MAX) */ + +#ifndef TIME_MIN + +#if (SIZEOF_TIME_T == SIZEOF_INT) +#define TIME_MIN ((time_t)INT_MIN) +#elif (SIZEOF_TIME_T == SIZEOF_LONG) +#define TIME_MIN ((time_t)LONG_MIN) #elif (SIZEOF_TIME_T == 8) -#define TIME_MAX ((time_t)UINT64_MAX) +#define TIME_MIN ((time_t)INT64_MIN) #else -#error "Can't define (unsigned) TIME_MAX" +#error "Can't define TIME_MIN" #endif -#endif /* time_t_is_signed */ -#endif /* ifndef(TIME_MAX) */ + +#endif /* ifndef(TIME_MIN) */ #ifndef SIZE_MAX #if (SIZEOF_SIZE_T == 4) diff --git a/src/common/torlog.h b/src/common/torlog.h index 67edf14c04..578af7caea 100644 --- a/src/common/torlog.h +++ b/src/common/torlog.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -135,7 +135,8 @@ void add_stream_log(const log_severity_list_t *severity, const char *name, int add_file_log(const log_severity_list_t *severity, const char *filename, const int truncate); #ifdef HAVE_SYSLOG_H -int add_syslog_log(const log_severity_list_t *severity); +int add_syslog_log(const log_severity_list_t *severity, + const char* syslog_identity_tag); #endif int add_callback_log(const log_severity_list_t *severity, log_callback cb); void logs_set_domain_logging(int enabled); @@ -183,25 +184,25 @@ void log_fn_ratelim_(struct ratelim_t *ratelim, int severity, /** Log a message at level <b>severity</b>, using a pretty-printed version * of the current function name. */ #define log_fn(severity, domain, args...) \ - log_fn_(severity, domain, __PRETTY_FUNCTION__, args) + log_fn_(severity, domain, __FUNCTION__, args) /** As log_fn, but use <b>ratelim</b> (an instance of ratelim_t) to control * the frequency at which messages can appear. */ #define log_fn_ratelim(ratelim, severity, domain, args...) \ - log_fn_ratelim_(ratelim, severity, domain, __PRETTY_FUNCTION__, args) + log_fn_ratelim_(ratelim, severity, domain, __FUNCTION__, args) #define log_debug(domain, args...) \ STMT_BEGIN \ if (PREDICT_UNLIKELY(log_global_min_severity_ == LOG_DEBUG)) \ - log_fn_(LOG_DEBUG, domain, __PRETTY_FUNCTION__, args); \ + log_fn_(LOG_DEBUG, domain, __FUNCTION__, args); \ STMT_END #define log_info(domain, args...) \ - log_fn_(LOG_INFO, domain, __PRETTY_FUNCTION__, args) + log_fn_(LOG_INFO, domain, __FUNCTION__, args) #define log_notice(domain, args...) \ - log_fn_(LOG_NOTICE, domain, __PRETTY_FUNCTION__, args) + log_fn_(LOG_NOTICE, domain, __FUNCTION__, args) #define log_warn(domain, args...) \ - log_fn_(LOG_WARN, domain, __PRETTY_FUNCTION__, args) + log_fn_(LOG_WARN, domain, __FUNCTION__, args) #define log_err(domain, args...) \ - log_fn_(LOG_ERR, domain, __PRETTY_FUNCTION__, args) + log_fn_(LOG_ERR, domain, __FUNCTION__, args) #else /* ! defined(__GNUC__) */ diff --git a/src/common/tortls.c b/src/common/tortls.c index 7447822d48..4ffc672546 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -16,6 +16,8 @@ #include "orconfig.h" +#define TORTLS_PRIVATE + #include <assert.h> #ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/ #include <winsock2.h> @@ -38,9 +40,6 @@ #include <openssl/opensslv.h> #include "crypto.h" -#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) -#error "We require OpenSSL >= 1.0.0" -#endif #ifdef OPENSSL_NO_EC #error "We require OpenSSL with ECC support" #endif @@ -69,16 +68,17 @@ #include "compat_libevent.h" #endif +#define TORTLS_PRIVATE #include "tortls.h" #include "util.h" #include "torlog.h" #include "container.h" #include <string.h> -/* Enable the "v2" TLS handshake. - */ -#define V2_HANDSHAKE_SERVER -#define V2_HANDSHAKE_CLIENT +#define X509_get_notBefore_const(cert) \ + ((const ASN1_TIME*) X509_get_notBefore((X509 *)cert)) +#define X509_get_notAfter_const(cert) \ + ((const ASN1_TIME*) X509_get_notAfter((X509 *)cert)) /* Copied from or.h */ #define LEGAL_NICKNAME_CHARACTERS \ @@ -108,29 +108,6 @@ #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 #endif -/** Structure that we use for a single certificate. */ -struct tor_x509_cert_t { - X509 *cert; - uint8_t *encoded; - size_t encoded_len; - unsigned pkey_digests_set : 1; - digests_t cert_digests; - digests_t pkey_digests; -}; - -/** Holds a SSL_CTX object and related state used to configure TLS - * connections. - */ -typedef struct tor_tls_context_t { - int refcnt; - SSL_CTX *ctx; - tor_x509_cert_t *my_link_cert; - tor_x509_cert_t *my_id_cert; - tor_x509_cert_t *my_auth_cert; - crypto_pk_t *link_key; - crypto_pk_t *auth_key; -} tor_tls_context_t; - /** Return values for tor_tls_classify_client_ciphers. * * @{ @@ -149,60 +126,12 @@ typedef struct tor_tls_context_t { #define CIPHERS_UNRESTRICTED 3 /** @} */ -#define TOR_TLS_MAGIC 0x71571571 - -typedef enum { - TOR_TLS_ST_HANDSHAKE, TOR_TLS_ST_OPEN, TOR_TLS_ST_GOTCLOSE, - TOR_TLS_ST_SENTCLOSE, TOR_TLS_ST_CLOSED, TOR_TLS_ST_RENEGOTIATE, - TOR_TLS_ST_BUFFEREVENT -} tor_tls_state_t; -#define tor_tls_state_bitfield_t ENUM_BF(tor_tls_state_t) - -/** Holds a SSL object and its associated data. Members are only - * accessed from within tortls.c. - */ -struct tor_tls_t { - uint32_t magic; - tor_tls_context_t *context; /** A link to the context object for this tls. */ - SSL *ssl; /**< An OpenSSL SSL object. */ - int socket; /**< The underlying file descriptor for this TLS connection. */ - char *address; /**< An address to log when describing this connection. */ - tor_tls_state_bitfield_t state : 3; /**< The current SSL state, - * depending on which operations - * have completed successfully. */ - unsigned int isServer:1; /**< True iff this is a server-side connection */ - unsigned int wasV2Handshake:1; /**< True iff the original handshake for - * this connection used the updated version - * of the connection protocol (client sends - * different cipher list, server sends only - * one certificate). */ - /** True iff we should call negotiated_callback when we're done reading. */ - unsigned int got_renegotiate:1; - /** Return value from tor_tls_classify_client_ciphers, or 0 if we haven't - * called that function yet. */ - int8_t client_cipher_list_type; - /** Incremented every time we start the server side of a handshake. */ - uint8_t server_handshake_count; - size_t wantwrite_n; /**< 0 normally, >0 if we returned wantwrite last - * time. */ - /** Last values retrieved from BIO_number_read()/write(); see - * tor_tls_get_n_raw_bytes() for usage. - */ - unsigned long last_write_count; - unsigned long last_read_count; - /** If set, a callback to invoke whenever the client tries to renegotiate - * the handshake. */ - void (*negotiated_callback)(tor_tls_t *tls, void *arg); - /** Argument to pass to negotiated_callback. */ - void *callback_arg; -}; - /** The ex_data index in which we store a pointer to an SSL object's * corresponding tor_tls_t object. */ -static int tor_tls_object_ex_data_index = -1; +STATIC int tor_tls_object_ex_data_index = -1; /** Helper: Allocate tor_tls_object_ex_data_index. */ -static void +STATIC void tor_tls_allocate_tor_tls_object_ex_data_index(void) { if (tor_tls_object_ex_data_index == -1) { @@ -214,7 +143,7 @@ tor_tls_allocate_tor_tls_object_ex_data_index(void) /** Helper: given a SSL* pointer, return the tor_tls_t object using that * pointer. */ -static INLINE tor_tls_t * +STATIC inline tor_tls_t * tor_tls_get_by_ssl(const SSL *ssl) { tor_tls_t *result = SSL_get_ex_data(ssl, tor_tls_object_ex_data_index); @@ -225,21 +154,7 @@ tor_tls_get_by_ssl(const SSL *ssl) static void tor_tls_context_decref(tor_tls_context_t *ctx); static void tor_tls_context_incref(tor_tls_context_t *ctx); -static X509* tor_tls_create_certificate(crypto_pk_t *rsa, - crypto_pk_t *rsa_sign, - const char *cname, - const char *cname_sign, - unsigned int cert_lifetime); - -static int tor_tls_context_init_one(tor_tls_context_t **ppcontext, - crypto_pk_t *identity, - unsigned int key_lifetime, - unsigned int flags, - int is_client); -static tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity, - unsigned int key_lifetime, - unsigned int flags, - int is_client); + static int check_cert_lifetime_internal(int severity, const X509 *cert, int past_tolerance, int future_tolerance); @@ -247,8 +162,8 @@ static int check_cert_lifetime_internal(int severity, const X509 *cert, * to touch them. * * @{ */ -static tor_tls_context_t *server_tls_context = NULL; -static tor_tls_context_t *client_tls_context = NULL; +STATIC tor_tls_context_t *server_tls_context = NULL; +STATIC tor_tls_context_t *client_tls_context = NULL; /**@}*/ /** True iff tor_tls_init() has been called. */ @@ -342,7 +257,7 @@ tor_tls_log_one_error(tor_tls_t *tls, unsigned long err, /** Log all pending tls errors at level <b>severity</b> in log domain * <b>domain</b>. Use <b>doing</b> to describe our current activities. */ -static void +STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing) { unsigned long err; @@ -354,7 +269,7 @@ tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing) /** Convert an errno (or a WSAerrno on windows) into a TOR_TLS_* error * code. */ -static int +STATIC int tor_errno_to_tls_error(int e) { switch (e) { @@ -405,7 +320,7 @@ tor_tls_err_to_string(int err) * If an error has occurred, log it at level <b>severity</b> and describe the * current action as <b>doing</b>. */ -static int +STATIC int tor_tls_get_error(tor_tls_t *tls, int r, int extra, const char *doing, int severity, int domain) { @@ -461,8 +376,9 @@ tor_tls_init(void) #if (SIZEOF_VOID_P >= 8 && \ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1)) - long version = SSLeay(); + long version = OpenSSL_version_num(); + /* LCOV_EXCL_START : we can't test these lines on the same machine */ if (version >= OPENSSL_V_SERIES(1,0,1)) { /* Warn if we could *almost* be running with much faster ECDH. If we're built for a 64-bit target, using OpenSSL 1.0.1, but we @@ -489,6 +405,7 @@ tor_tls_init(void) "support (using the enable-ec_nistp_64_gcc_128 option " "when configuring it) would make ECDH much faster."); } + /* LCOV_EXCL_STOP */ #endif tor_tls_allocate_tor_tls_object_ex_data_index(); @@ -519,7 +436,7 @@ tor_tls_free_all(void) * it: We always accept peer certs and complete the handshake. We * don't validate them until later. */ -static int +STATIC int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) { @@ -534,16 +451,20 @@ tor_x509_name_new(const char *cname) { int nid; X509_NAME *name; + /* LCOV_EXCL_BR_START : these branches will only fail on OOM errors */ if (!(name = X509_NAME_new())) return NULL; if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, (unsigned char*)cname, -1, -1, 0))) goto error; + /* LCOV_EXCL_BR_STOP */ return name; error: + /* LCOV_EXCL_START : these lines will only execute on out of memory errors*/ X509_NAME_free(name); return NULL; + /* LCOV_EXCL_STOP */ } /** Generate and sign an X509 certificate with the public key <b>rsa</b>, @@ -554,12 +475,12 @@ tor_x509_name_new(const char *cname) * * Return a certificate on success, NULL on failure. */ -static X509 * -tor_tls_create_certificate(crypto_pk_t *rsa, - crypto_pk_t *rsa_sign, - const char *cname, - const char *cname_sign, - unsigned int cert_lifetime) +MOCK_IMPL(STATIC X509 *, + tor_tls_create_certificate,(crypto_pk_t *rsa, + crypto_pk_t *rsa_sign, + const char *cname, + const char *cname_sign, + unsigned int cert_lifetime)) { /* OpenSSL generates self-signed certificates with random 64-bit serial * numbers, so let's do that too. */ @@ -596,8 +517,7 @@ tor_tls_create_certificate(crypto_pk_t *rsa, goto error; { /* our serial number is 8 random bytes. */ - if (crypto_rand((char *)serial_tmp, sizeof(serial_tmp)) < 0) - goto error; + crypto_rand((char *)serial_tmp, sizeof(serial_tmp)); if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL))) goto error; if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509)))) @@ -726,7 +646,9 @@ tor_x509_cert_free(tor_x509_cert_t *cert) X509_free(cert->cert); tor_free(cert->encoded); memwipe(cert, 0x03, sizeof(*cert)); + /* LCOV_EXCL_BR_START since cert will never be NULL here */ tor_free(cert); + /* LCOV_EXCL_BR_STOP */ } /** @@ -734,8 +656,8 @@ tor_x509_cert_free(tor_x509_cert_t *cert) * * Steals a reference to x509_cert. */ -static tor_x509_cert_t * -tor_x509_cert_new(X509 *x509_cert) +MOCK_IMPL(STATIC tor_x509_cert_t *, + tor_x509_cert_new,(X509 *x509_cert)) { tor_x509_cert_t *cert; EVP_PKEY *pkey; @@ -749,10 +671,12 @@ tor_x509_cert_new(X509 *x509_cert) length = i2d_X509(x509_cert, &buf); cert = tor_malloc_zero(sizeof(tor_x509_cert_t)); if (length <= 0 || buf == NULL) { + /* LCOV_EXCL_START for the same reason as the exclusion above */ tor_free(cert); log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate"); X509_free(x509_cert); return NULL; + /* LCOV_EXCL_STOP */ } cert->encoded_len = (size_t) length; cert->encoded = tor_malloc(length); @@ -761,13 +685,13 @@ tor_x509_cert_new(X509 *x509_cert) cert->cert = x509_cert; - crypto_digest_all(&cert->cert_digests, + crypto_common_digests(&cert->cert_digests, (char*)cert->encoded, cert->encoded_len); if ((pkey = X509_get_pubkey(x509_cert)) && (rsa = EVP_PKEY_get1_RSA(pkey))) { crypto_pk_t *pk = crypto_new_pk_from_rsa_(rsa); - crypto_pk_get_all_digests(pk, &cert->pkey_digests); + crypto_pk_get_common_digests(pk, &cert->pkey_digests); cert->pkey_digests_set = 1; crypto_pk_free(pk); EVP_PKEY_free(pkey); @@ -830,7 +754,7 @@ tor_x509_cert_get_der(const tor_x509_cert_t *cert, /** Return a set of digests for the public key in <b>cert</b>, or NULL if this * cert's public key is not one we know how to take the digest of. */ -const digests_t * +const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert) { if (cert->pkey_digests_set) @@ -840,7 +764,7 @@ tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert) } /** Return a set of digests for the public key in <b>cert</b>. */ -const digests_t * +const common_digests_t * tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert) { return &cert->cert_digests; @@ -859,7 +783,9 @@ tor_tls_context_decref(tor_tls_context_t *ctx) tor_x509_cert_free(ctx->my_auth_cert); crypto_pk_free(ctx->link_key); crypto_pk_free(ctx->auth_key); + /* LCOV_EXCL_BR_START since ctx will never be NULL here */ tor_free(ctx); + /* LCOV_EXCL_BR_STOP */ } } @@ -955,11 +881,13 @@ tor_tls_cert_is_valid(int severity, int check_rsa_1024) { check_no_tls_errors(); - EVP_PKEY *cert_key; - EVP_PKEY *signing_key = X509_get_pubkey(signing_cert->cert); int r, key_ok = 0; + if (!signing_cert || !cert) + goto bad; + + EVP_PKEY *signing_key = X509_get_pubkey(signing_cert->cert); if (!signing_key) goto bad; r = X509_verify(cert->cert, signing_key); @@ -983,7 +911,7 @@ tor_tls_cert_is_valid(int severity, } else if (cert_key) { int min_bits = 1024; #ifdef EVP_PKEY_EC - if (EVP_PKEY_type(cert_key->type) == EVP_PKEY_EC) + if (EVP_PKEY_base_id(cert_key) == EVP_PKEY_EC) min_bits = 128; #endif if (EVP_PKEY_bits(cert_key) >= min_bits) @@ -1080,7 +1008,7 @@ tor_tls_context_init(unsigned flags, * it generates new certificates; all new connections will use * the new SSL context. */ -static int +STATIC int tor_tls_context_init_one(tor_tls_context_t **ppcontext, crypto_pk_t *identity, unsigned int key_lifetime, @@ -1114,7 +1042,7 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext, * <b>identity</b> should be set to the identity key used to sign the * certificate. */ -static tor_tls_context_t * +STATIC tor_tls_context_t * tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client) { @@ -1195,23 +1123,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, * historically been chosen for fingerprinting resistance. */ SSL_CTX_set_options(result->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); - /* Disable TLS1.1 and TLS1.2 if they exist. We need to do this to - * workaround a bug present in all OpenSSL 1.0.1 versions (as of 1 - * June 2012), wherein renegotiating while using one of these TLS - * protocols will cause the client to send a TLS 1.0 ServerHello - * rather than a ServerHello written with the appropriate protocol - * version. Once some version of OpenSSL does TLS1.1 and TLS1.2 - * renegotiation properly, we can turn them back on when built with - * that version. */ -#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,1,'e') -#ifdef SSL_OP_NO_TLSv1_2 - SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_2); -#endif -#ifdef SSL_OP_NO_TLSv1_1 - SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1); -#endif -#endif - /* Disable TLS tickets if they're supported. We never want to use them; * using them can make our perfect forward secrecy a little worse, *and* * create an opportunity to fingerprint us (since it's unusual to use them @@ -1338,11 +1249,13 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, } /** Invoked when a TLS state changes: log the change at severity 'debug' */ -static void +STATIC void tor_tls_debug_state_callback(const SSL *ssl, int type, int val) { + /* LCOV_EXCL_START since this depends on whether debug is captured or not */ log_debug(LD_HANDSHAKE, "SSL %p is now in state %s [type=%d,val=%d].", ssl, SSL_state_string_long(ssl), type, val); + /* LCOV_EXCL_STOP */ } /* Return the name of the negotiated ciphersuite in use on <b>tls</b> */ @@ -1352,13 +1265,11 @@ tor_tls_get_ciphersuite_name(tor_tls_t *tls) return SSL_get_cipher(tls->ssl); } -#ifdef V2_HANDSHAKE_SERVER - /* Here's the old V2 cipher list we sent from 0.2.1.1-alpha up to * 0.2.3.17-beta. If a client is using this list, we can't believe the ciphers * that it claims to support. We'll prune this list to remove the ciphers * *we* don't recognize. */ -static uint16_t v2_cipher_list[] = { +STATIC uint16_t v2_cipher_list[] = { 0xc00a, /* TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ 0xc014, /* TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA */ 0x0039, /* TLS1_TXT_DHE_RSA_WITH_AES_256_SHA */ @@ -1394,11 +1305,12 @@ static int v2_cipher_list_pruned = 0; /** Return 0 if <b>m</b> does not support the cipher with ID <b>cipher</b>; * return 1 if it does support it, or if we have no way to tell. */ -static int +STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher) { const SSL_CIPHER *c; #ifdef HAVE_SSL_CIPHER_FIND + (void) m; { unsigned char cipherid[3]; tor_assert(ssl); @@ -1411,7 +1323,9 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher) tor_assert((SSL_CIPHER_get_id(c) & 0xffff) == cipher); return c != NULL; } -#elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR) +#else + +# if defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR) if (m && m->get_cipher_by_char) { unsigned char cipherid[3]; set_uint16(cipherid, htons(cipher)); @@ -1422,9 +1336,9 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher) if (c) tor_assert((c->id & 0xffff) == cipher); return c != NULL; - } else -#endif -#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) + } +# endif +# ifndef OPENSSL_1_1_API if (m && m->get_cipher && m->num_ciphers) { /* It would seem that some of the "let's-clean-up-openssl" forks have * removed the get_cipher_by_char function. Okay, so now you get a @@ -1439,11 +1353,12 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher) } return 0; } -#endif +# endif (void) ssl; (void) m; (void) cipher; return 1; /* No way to search */ +#endif } /** Remove from v2_cipher_list every cipher that we don't support, so that @@ -1476,7 +1391,7 @@ prune_v2_cipher_list(const SSL *ssl) * client it is. Return one of CIPHERS_ERR, CIPHERS_V1, CIPHERS_V2, * CIPHERS_UNRESTRICTED. **/ -static int +STATIC int tor_tls_classify_client_ciphers(const SSL *ssl, STACK_OF(SSL_CIPHER) *peer_ciphers) { @@ -1499,7 +1414,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl, /* Now we need to see if there are any ciphers whose presence means we're * dealing with an updated Tor. */ for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) { - SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); + const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); const char *ciphername = SSL_CIPHER_get_name(cipher); if (strcmp(ciphername, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA) && strcmp(ciphername, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) && @@ -1516,7 +1431,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl, { const uint16_t *v2_cipher = v2_cipher_list; for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) { - SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); + const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); uint16_t id = SSL_CIPHER_get_id(cipher) & 0xffff; if (id == 0x00ff) /* extended renegotiation indicator. */ continue; @@ -1538,7 +1453,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl, smartlist_t *elts = smartlist_new(); char *s; for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) { - SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); + const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); const char *ciphername = SSL_CIPHER_get_name(cipher); smartlist_add(elts, (char*)ciphername); } @@ -1558,12 +1473,12 @@ tor_tls_classify_client_ciphers(const SSL *ssl, /** Return true iff the cipher list suggested by the client for <b>ssl</b> is * a list that indicates that the client knows how to do the v2 TLS connection * handshake. */ -static int +STATIC int tor_tls_client_is_using_v2_ciphers(const SSL *ssl) { STACK_OF(SSL_CIPHER) *ciphers; #ifdef HAVE_SSL_GET_CLIENT_CIPHERS - ciphers = SSL_get_ciphers(ssl); + ciphers = SSL_get_client_ciphers(ssl); #else SSL_SESSION *session; if (!(session = SSL_get_session((SSL *)ssl))) { @@ -1582,11 +1497,10 @@ tor_tls_client_is_using_v2_ciphers(const SSL *ssl) * do not send or request extra certificates in v2 handshakes.</li> * <li>To detect renegotiation</li></ul> */ -static void +STATIC void tor_tls_server_info_callback(const SSL *ssl, int type, int val) { tor_tls_t *tls; - int ssl_state; (void) val; tor_tls_debug_state_callback(ssl, type, val); @@ -1594,11 +1508,9 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) if (type != SSL_CB_ACCEPT_LOOP) return; - ssl_state = SSL_state(ssl); - if ((ssl_state != SSL3_ST_SW_SRVR_HELLO_A) && - (ssl_state != SSL3_ST_SW_SRVR_HELLO_B)) + OSSL_HANDSHAKE_STATE ssl_state = SSL_get_state(ssl); + if (! STATE_IS_SW_SERVER_HELLO(ssl_state)) return; - tls = tor_tls_get_by_ssl(ssl); if (tls) { /* Check whether we're watching for renegotiates. If so, this is one! */ @@ -1628,11 +1540,12 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) if (tls) { tls->wasV2Handshake = 1; } else { + /* LCOV_EXCL_START this line is not reachable */ log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!"); + /* LCOV_EXCL_STOP */ } } } -#endif /** Callback to get invoked on a server after we've read the list of ciphers * the client supports, but before we pick our own ciphersuite. @@ -1646,10 +1559,11 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) * authentication on the fly. But as long as we return 0, we won't actually be * setting up a shared secret, and all will be fine. */ -static int +STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, - SSL_CIPHER **cipher, void *arg) + CONST_IF_OPENSSL_1_1_API SSL_CIPHER **cipher, + void *arg) { (void) secret; (void) secret_len; @@ -1742,12 +1656,9 @@ tor_tls_new(int sock, int isServer) log_warn(LD_NET, "Newly created BIO has read count %lu, write count %lu", result->last_read_count, result->last_write_count); } -#ifdef V2_HANDSHAKE_SERVER if (isServer) { SSL_set_info_callback(result->ssl, tor_tls_server_info_callback); - } else -#endif - { + } else { SSL_set_info_callback(result->ssl, tor_tls_debug_state_callback); } @@ -1786,13 +1697,11 @@ tor_tls_set_renegotiate_callback(tor_tls_t *tls, tls->negotiated_callback = cb; tls->callback_arg = arg; tls->got_renegotiate = 0; -#ifdef V2_HANDSHAKE_SERVER if (cb) { SSL_set_info_callback(tls->ssl, tor_tls_server_info_callback); } else { SSL_set_info_callback(tls->ssl, tor_tls_debug_state_callback); } -#endif } /** If this version of openssl requires it, turn on renegotiation on @@ -1825,8 +1734,13 @@ tor_tls_block_renegotiation(tor_tls_t *tls) void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls) { +#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && \ + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION != 0 long options = SSL_get_options(tls->ssl); tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)); +#else + (void) tls; +#endif } /** Return whether this tls initiated the connect (client) or @@ -1879,7 +1793,6 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len)) tor_assert(len<INT_MAX); r = SSL_read(tls->ssl, cp, (int)len); if (r > 0) { -#ifdef V2_HANDSHAKE_SERVER if (tls->got_renegotiate) { /* Renegotiation happened! */ log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls)); @@ -1887,7 +1800,6 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len)) tls->negotiated_callback(tls, tls->callback_arg); tls->got_renegotiate = 0; } -#endif return r; } err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG, LD_NET); @@ -1904,10 +1816,10 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len)) /** Total number of bytes that we've used TLS to send. Used to track TLS * overhead. */ -static uint64_t total_bytes_written_over_tls = 0; +STATIC uint64_t total_bytes_written_over_tls = 0; /** Total number of bytes that TLS has put on the network for us. Used to * track TLS overhead. */ -static uint64_t total_bytes_written_by_tls = 0; +STATIC uint64_t total_bytes_written_by_tls = 0; /** Underlying function for TLS writing. Write up to <b>n</b> * characters from <b>cp</b> onto <b>tls</b>. On success, returns the @@ -1952,12 +1864,14 @@ int tor_tls_handshake(tor_tls_t *tls) { int r; - int oldstate; tor_assert(tls); tor_assert(tls->ssl); tor_assert(tls->state == TOR_TLS_ST_HANDSHAKE); + check_no_tls_errors(); - oldstate = SSL_state(tls->ssl); + + OSSL_HANDSHAKE_STATE oldstate = SSL_get_state(tls->ssl); + if (tls->isServer) { log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls, SSL_state_string_long(tls->ssl)); @@ -1967,7 +1881,10 @@ tor_tls_handshake(tor_tls_t *tls) SSL_state_string_long(tls->ssl)); r = SSL_connect(tls->ssl); } - if (oldstate != SSL_state(tls->ssl)) + + OSSL_HANDSHAKE_STATE newstate = SSL_get_state(tls->ssl); + + if (oldstate != newstate) log_debug(LD_HANDSHAKE, "After call, %p was in state %s", tls, SSL_state_string_long(tls->ssl)); /* We need to call this here and not earlier, since OpenSSL has a penchant @@ -2003,7 +1920,6 @@ tor_tls_finish_handshake(tor_tls_t *tls) SSL_set_info_callback(tls->ssl, NULL); SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb); SSL_clear_mode(tls->ssl, SSL_MODE_NO_AUTO_CHAIN); -#ifdef V2_HANDSHAKE_SERVER if (tor_tls_client_is_using_v2_ciphers(tls->ssl)) { /* This check is redundant, but back when we did it in the callback, * we might have not been able to look up the tor_tls_t if the code @@ -2018,26 +1934,10 @@ tor_tls_finish_handshake(tor_tls_t *tls) } else { tls->wasV2Handshake = 0; } -#endif } else { -#ifdef V2_HANDSHAKE_CLIENT - /* If we got no ID cert, we're a v2 handshake. */ - X509 *cert = SSL_get_peer_certificate(tls->ssl); - STACK_OF(X509) *chain = SSL_get_peer_cert_chain(tls->ssl); - int n_certs = sk_X509_num(chain); - if (n_certs > 1 || (n_certs == 1 && cert != sk_X509_value(chain, 0))) { - log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it " - "looks like a v1 handshake on %p", tls); - tls->wasV2Handshake = 0; - } else { - log_debug(LD_HANDSHAKE, - "Server sent back a single certificate; looks like " - "a v2 handshake on %p.", tls); - tls->wasV2Handshake = 1; - } - if (cert) - X509_free(cert); -#endif + /* Client-side */ + tls->wasV2Handshake = 1; + /* XXXX this can move, probably? -NM */ if (SSL_set_cipher_list(tls->ssl, SERVER_CIPHER_LIST) == 0) { tls_log_errors(NULL, LOG_WARN, LD_HANDSHAKE, "re-setting ciphers"); r = TOR_TLS_ERROR_MISC; @@ -2047,52 +1947,6 @@ tor_tls_finish_handshake(tor_tls_t *tls) return r; } -#ifdef USE_BUFFEREVENTS -/** Put <b>tls</b>, which must be a client connection, into renegotiation - * mode. */ -int -tor_tls_start_renegotiating(tor_tls_t *tls) -{ - int r = SSL_renegotiate(tls->ssl); - if (r <= 0) { - return tor_tls_get_error(tls, r, 0, "renegotiating", LOG_WARN, - LD_HANDSHAKE); - } - return 0; -} -#endif - -/** Client only: Renegotiate a TLS session. When finished, returns - * TOR_TLS_DONE. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD, or - * TOR_TLS_WANTWRITE. - */ -int -tor_tls_renegotiate(tor_tls_t *tls) -{ - int r; - tor_assert(tls); - /* We could do server-initiated renegotiation too, but that would be tricky. - * Instead of "SSL_renegotiate, then SSL_do_handshake until done" */ - tor_assert(!tls->isServer); - - check_no_tls_errors(); - if (tls->state != TOR_TLS_ST_RENEGOTIATE) { - int r = SSL_renegotiate(tls->ssl); - if (r <= 0) { - return tor_tls_get_error(tls, r, 0, "renegotiating", LOG_WARN, - LD_HANDSHAKE); - } - tls->state = TOR_TLS_ST_RENEGOTIATE; - } - r = SSL_do_handshake(tls->ssl); - if (r == 1) { - tls->state = TOR_TLS_ST_OPEN; - return TOR_TLS_DONE; - } else - return tor_tls_get_error(tls, r, 0, "renegotiating handshake", LOG_INFO, - LD_HANDSHAKE); -} - /** Shut down an open tls connection <b>tls</b>. When finished, returns * TOR_TLS_DONE. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD, * or TOR_TLS_WANTWRITE. @@ -2203,7 +2057,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem) if (!(bio = BIO_new(BIO_s_mem()))) { log_warn(LD_GENERAL, "Couldn't allocate BIO!"); goto end; } - if (!(ASN1_TIME_print(bio, X509_get_notBefore(cert)))) { + if (!(ASN1_TIME_print(bio, X509_get_notBefore_const(cert)))) { tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime"); goto end; } @@ -2211,7 +2065,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem) s1 = tor_strndup(buf->data, buf->length); (void)BIO_reset(bio); - if (!(ASN1_TIME_print(bio, X509_get_notAfter(cert)))) { + if (!(ASN1_TIME_print(bio, X509_get_notAfter_const(cert)))) { tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime"); goto end; } @@ -2246,15 +2100,14 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem) * * Note that a reference is added to cert_out, so it needs to be * freed. id_cert_out doesn't. */ -static void -try_to_extract_certs_from_tls(int severity, tor_tls_t *tls, - X509 **cert_out, X509 **id_cert_out) +MOCK_IMPL(STATIC void, +try_to_extract_certs_from_tls,(int severity, tor_tls_t *tls, + X509 **cert_out, X509 **id_cert_out)) { X509 *cert = NULL, *id_cert = NULL; STACK_OF(X509) *chain = NULL; int num_in_chain, i; *cert_out = *id_cert_out = NULL; - if (!(cert = SSL_get_peer_certificate(tls->ssl))) return; *cert_out = cert; @@ -2374,12 +2227,12 @@ check_cert_lifetime_internal(int severity, const X509 *cert, now = time(NULL); t = now + future_tolerance; - if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) { + if (X509_cmp_time(X509_get_notBefore_const(cert), &t) > 0) { log_cert_lifetime(severity, cert, "not yet valid"); return -1; } t = now - past_tolerance; - if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) { + if (X509_cmp_time(X509_get_notAfter_const(cert), &t) < 0) { log_cert_lifetime(severity, cert, "already expired"); return -1; } @@ -2421,8 +2274,18 @@ tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written) * save the original BIO for tls->ssl in the tor_tls_t structure, but * that would be tempting fate. */ wbio = SSL_get_wbio(tls->ssl); +#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) + /* BIO structure is opaque as of OpenSSL 1.1.0-pre5-dev. Again, not + * supposed to use this form of the version macro, but the OpenSSL developers + * introduced major API changes in the pre-release stage. + */ + if (BIO_method_type(wbio) == BIO_TYPE_BUFFER && + (tmpbio = BIO_next(wbio)) != NULL) + wbio = tmpbio; +#else if (wbio->method == BIO_f_buffer() && (tmpbio = BIO_next(wbio)) != NULL) wbio = tmpbio; +#endif w = BIO_number_written(wbio); /* We are ok with letting these unsigned ints go "negative" here: @@ -2471,110 +2334,7 @@ check_no_tls_errors_(const char *fname, int line) int tor_tls_used_v1_handshake(tor_tls_t *tls) { -#if defined(V2_HANDSHAKE_SERVER) && defined(V2_HANDSHAKE_CLIENT) return ! tls->wasV2Handshake; -#else - if (tls->isServer) { -# ifdef V2_HANDSHAKE_SERVER - return ! tls->wasV2Handshake; -# endif - } else { -# ifdef V2_HANDSHAKE_CLIENT - return ! tls->wasV2Handshake; -# endif - } - return 1; -#endif -} - -/** Return true iff <b>name</b> is a DN of a kind that could only - * occur in a v3-handshake-indicating certificate */ -static int -dn_indicates_v3_cert(X509_NAME *name) -{ -#ifdef DISABLE_V3_LINKPROTO_CLIENTSIDE - (void)name; - return 0; -#else - X509_NAME_ENTRY *entry; - int n_entries; - ASN1_OBJECT *obj; - ASN1_STRING *str; - unsigned char *s; - int len, r; - - n_entries = X509_NAME_entry_count(name); - if (n_entries != 1) - return 1; /* More than one entry in the DN. */ - entry = X509_NAME_get_entry(name, 0); - - obj = X509_NAME_ENTRY_get_object(entry); - if (OBJ_obj2nid(obj) != OBJ_txt2nid("commonName")) - return 1; /* The entry isn't a commonName. */ - - str = X509_NAME_ENTRY_get_data(entry); - len = ASN1_STRING_to_UTF8(&s, str); - if (len < 0) - return 0; - r = fast_memneq(s + len - 4, ".net", 4); - OPENSSL_free(s); - return r; -#endif -} - -/** Return true iff the peer certificate we're received on <b>tls</b> - * indicates that this connection should use the v3 (in-protocol) - * authentication handshake. - * - * Only the connection initiator should use this, and only once the initial - * handshake is done; the responder detects a v1 handshake by cipher types, - * and a v3/v2 handshake by Versions cell vs renegotiation. - */ -int -tor_tls_received_v3_certificate(tor_tls_t *tls) -{ - check_no_tls_errors(); - - X509 *cert = SSL_get_peer_certificate(tls->ssl); - EVP_PKEY *key = NULL; - X509_NAME *issuer_name, *subject_name; - int is_v3 = 0; - - if (!cert) { - log_warn(LD_BUG, "Called on a connection with no peer certificate"); - goto done; - } - - subject_name = X509_get_subject_name(cert); - issuer_name = X509_get_issuer_name(cert); - - if (X509_name_cmp(subject_name, issuer_name) == 0) { - is_v3 = 1; /* purportedly self signed */ - goto done; - } - - if (dn_indicates_v3_cert(subject_name) || - dn_indicates_v3_cert(issuer_name)) { - is_v3 = 1; /* DN is fancy */ - goto done; - } - - key = X509_get_pubkey(cert); - if (EVP_PKEY_bits(key) != 1024 || - EVP_PKEY_type(key->type) != EVP_PKEY_RSA) { - is_v3 = 1; /* Key is fancy */ - goto done; - } - - done: - tls_log_errors(tls, LOG_WARN, LD_NET, "checking for a v3 cert"); - - if (key) - EVP_PKEY_free(key); - if (cert) - X509_free(cert); - - return is_v3; } /** Return the number of server handshakes that we've noticed doing on @@ -2620,7 +2380,7 @@ SSL_get_server_random(SSL *s, uint8_t *out, size_t len) #endif #ifndef HAVE_SSL_SESSION_GET_MASTER_KEY -static size_t +STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out, size_t len) { tor_assert(s); @@ -2643,7 +2403,6 @@ tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out)) #define TLSSECRET_MAGIC "Tor V3 handshake TLS cross-certification" uint8_t buf[128]; size_t len; - tor_assert(tls); SSL *const ssl = tls->ssl; @@ -2667,12 +2426,14 @@ tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out)) size_t r = SSL_get_client_random(ssl, buf, client_random_len); tor_assert(r == client_random_len); } + { size_t r = SSL_get_server_random(ssl, buf+client_random_len, server_random_len); tor_assert(r == server_random_len); } + uint8_t *master_key = tor_malloc_zero(master_key_len); { size_t r = SSL_SESSION_get_master_key(session, master_key, master_key_len); diff --git a/src/common/tortls.h b/src/common/tortls.h index 124b77160f..1a59c67df3 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_TORTLS_H @@ -12,6 +12,7 @@ **/ #include "crypto.h" +#include "compat_openssl.h" #include "compat.h" #include "testsupport.h" @@ -51,6 +52,120 @@ typedef struct tor_x509_cert_t tor_x509_cert_t; case TOR_TLS_ERROR_IO #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE) + +#ifdef TORTLS_PRIVATE +#define TOR_TLS_MAGIC 0x71571571 + +typedef enum { + TOR_TLS_ST_HANDSHAKE, TOR_TLS_ST_OPEN, TOR_TLS_ST_GOTCLOSE, + TOR_TLS_ST_SENTCLOSE, TOR_TLS_ST_CLOSED, TOR_TLS_ST_RENEGOTIATE, + TOR_TLS_ST_BUFFEREVENT +} tor_tls_state_t; +#define tor_tls_state_bitfield_t ENUM_BF(tor_tls_state_t) + +/** Holds a SSL_CTX object and related state used to configure TLS + * connections. + */ +typedef struct tor_tls_context_t { + int refcnt; + SSL_CTX *ctx; + tor_x509_cert_t *my_link_cert; + tor_x509_cert_t *my_id_cert; + tor_x509_cert_t *my_auth_cert; + crypto_pk_t *link_key; + crypto_pk_t *auth_key; +} tor_tls_context_t; + +/** Structure that we use for a single certificate. */ +struct tor_x509_cert_t { + X509 *cert; + uint8_t *encoded; + size_t encoded_len; + unsigned pkey_digests_set : 1; + common_digests_t cert_digests; + common_digests_t pkey_digests; +}; + +/** Holds a SSL object and its associated data. Members are only + * accessed from within tortls.c. + */ +struct tor_tls_t { + uint32_t magic; + tor_tls_context_t *context; /** A link to the context object for this tls. */ + SSL *ssl; /**< An OpenSSL SSL object. */ + int socket; /**< The underlying file descriptor for this TLS connection. */ + char *address; /**< An address to log when describing this connection. */ + tor_tls_state_bitfield_t state : 3; /**< The current SSL state, + * depending on which operations + * have completed successfully. */ + unsigned int isServer:1; /**< True iff this is a server-side connection */ + unsigned int wasV2Handshake:1; /**< True iff the original handshake for + * this connection used the updated version + * of the connection protocol (client sends + * different cipher list, server sends only + * one certificate). */ + /** True iff we should call negotiated_callback when we're done reading. */ + unsigned int got_renegotiate:1; + /** Return value from tor_tls_classify_client_ciphers, or 0 if we haven't + * called that function yet. */ + int8_t client_cipher_list_type; + /** Incremented every time we start the server side of a handshake. */ + uint8_t server_handshake_count; + size_t wantwrite_n; /**< 0 normally, >0 if we returned wantwrite last + * time. */ + /** Last values retrieved from BIO_number_read()/write(); see + * tor_tls_get_n_raw_bytes() for usage. + */ + unsigned long last_write_count; + unsigned long last_read_count; + /** If set, a callback to invoke whenever the client tries to renegotiate + * the handshake. */ + void (*negotiated_callback)(tor_tls_t *tls, void *arg); + /** Argument to pass to negotiated_callback. */ + void *callback_arg; +}; + +STATIC int tor_errno_to_tls_error(int e); +STATIC int tor_tls_get_error(tor_tls_t *tls, int r, int extra, + const char *doing, int severity, int domain); +STATIC tor_tls_t *tor_tls_get_by_ssl(const SSL *ssl); +STATIC void tor_tls_allocate_tor_tls_object_ex_data_index(void); +STATIC int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx); +STATIC int tor_tls_classify_client_ciphers(const SSL *ssl, + STACK_OF(SSL_CIPHER) *peer_ciphers); +STATIC int tor_tls_client_is_using_v2_ciphers(const SSL *ssl); +MOCK_DECL(STATIC void, try_to_extract_certs_from_tls, + (int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out)); +#ifndef HAVE_SSL_SESSION_GET_MASTER_KEY +STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out, + size_t len); +#endif +STATIC void tor_tls_debug_state_callback(const SSL *ssl, int type, int val); +STATIC void tor_tls_server_info_callback(const SSL *ssl, int type, int val); +STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret, + int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + CONST_IF_OPENSSL_1_1_API SSL_CIPHER **cipher, + void *arg); +STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, + uint16_t cipher); +MOCK_DECL(STATIC X509*, tor_tls_create_certificate,(crypto_pk_t *rsa, + crypto_pk_t *rsa_sign, + const char *cname, + const char *cname_sign, + unsigned int cert_lifetime)); +STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity, + unsigned int key_lifetime, unsigned flags, int is_client); +MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,(X509 *x509_cert)); +STATIC int tor_tls_context_init_one(tor_tls_context_t **ppcontext, + crypto_pk_t *identity, + unsigned int key_lifetime, + unsigned int flags, + int is_client); +STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain, + const char *doing); +#endif + const char *tor_tls_err_to_string(int err); void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz); @@ -81,7 +196,6 @@ MOCK_DECL(int, tor_tls_read, (tor_tls_t *tls, char *cp, size_t len)); int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n); int tor_tls_handshake(tor_tls_t *tls); int tor_tls_finish_handshake(tor_tls_t *tls); -int tor_tls_renegotiate(tor_tls_t *tls); void tor_tls_unblock_renegotiation(tor_tls_t *tls); void tor_tls_block_renegotiation(tor_tls_t *tls); void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls); @@ -99,7 +213,6 @@ int tor_tls_get_buffer_sizes(tor_tls_t *tls, MOCK_DECL(double, tls_get_write_overhead_ratio, (void)); int tor_tls_used_v1_handshake(tor_tls_t *tls); -int tor_tls_received_v3_certificate(tor_tls_t *tls); int tor_tls_get_num_server_handshakes(tor_tls_t *tls); int tor_tls_server_got_renegotiate(tor_tls_t *tls); MOCK_DECL(int,tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out)); @@ -125,8 +238,10 @@ tor_x509_cert_t *tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len); void tor_x509_cert_get_der(const tor_x509_cert_t *cert, const uint8_t **encoded_out, size_t *size_out); -const digests_t *tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert); -const digests_t *tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert); +const common_digests_t *tor_x509_cert_get_id_digests( + const tor_x509_cert_t *cert); +const common_digests_t *tor_x509_cert_get_cert_digests( + const tor_x509_cert_t *cert); int tor_tls_get_my_certs(int server, const tor_x509_cert_t **link_cert_out, const tor_x509_cert_t **id_cert_out); diff --git a/src/common/util.c b/src/common/util.c index b33c80fd45..fa2953cc30 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -105,23 +105,6 @@ #endif /* ===== - * Assertion helper. - * ===== */ -/** Helper for tor_assert: report the assertion failure. */ -void -tor_assertion_failed_(const char *fname, unsigned int line, - const char *func, const char *expr) -{ - char buf[256]; - log_err(LD_BUG, "%s:%u: %s: Assertion %s failed; aborting.", - fname, line, func, expr); - tor_snprintf(buf, sizeof(buf), - "Assertion %s failed in %s at %s:%u", - expr, func, fname, line); - log_backtrace(LOG_ERR, LD_BUG, buf); -} - -/* ===== * Memory management * ===== */ #ifdef USE_DMALLOC @@ -207,7 +190,7 @@ tor_malloc_zero_(size_t size DMALLOC_PARAMS) #define SQRT_SIZE_MAX_P1 (((size_t)1) << (sizeof(size_t)*4)) /** Return non-zero if and only if the product of the arguments is exact. */ -static INLINE int +static inline int size_mul_check(const size_t x, const size_t y) { /* This first check is equivalent to @@ -488,42 +471,58 @@ round_to_power_of_2(uint64_t u64) } /** Return the lowest x such that x is at least <b>number</b>, and x modulo - * <b>divisor</b> == 0. */ + * <b>divisor</b> == 0. If no such x can be expressed as an unsigned, return + * UINT_MAX */ unsigned round_to_next_multiple_of(unsigned number, unsigned divisor) { + tor_assert(divisor > 0); + if (UINT_MAX - divisor + 1 < number) + return UINT_MAX; number += divisor - 1; number -= number % divisor; return number; } /** Return the lowest x such that x is at least <b>number</b>, and x modulo - * <b>divisor</b> == 0. */ + * <b>divisor</b> == 0. If no such x can be expressed as a uint32_t, return + * UINT32_MAX */ uint32_t round_uint32_to_next_multiple_of(uint32_t number, uint32_t divisor) { + tor_assert(divisor > 0); + if (UINT32_MAX - divisor + 1 < number) + return UINT32_MAX; + number += divisor - 1; number -= number % divisor; return number; } /** Return the lowest x such that x is at least <b>number</b>, and x modulo - * <b>divisor</b> == 0. */ + * <b>divisor</b> == 0. If no such x can be expressed as a uint64_t, return + * UINT64_MAX */ uint64_t round_uint64_to_next_multiple_of(uint64_t number, uint64_t divisor) { + tor_assert(divisor > 0); + if (UINT64_MAX - divisor + 1 < number) + return UINT64_MAX; number += divisor - 1; number -= number % divisor; return number; } /** Return the lowest x in [INT64_MIN, INT64_MAX] such that x is at least - * <b>number</b>, and x modulo <b>divisor</b> == 0. */ + * <b>number</b>, and x modulo <b>divisor</b> == 0. If no such x can be + * expressed as an int64_t, return INT64_MAX */ int64_t round_int64_to_next_multiple_of(int64_t number, int64_t divisor) { tor_assert(divisor > 0); - if (number >= 0 && INT64_MAX - divisor + 1 >= number) + if (INT64_MAX - divisor + 1 < number) + return INT64_MAX; + if (number >= 0) number += divisor - 1; number -= number % divisor; return number; @@ -537,33 +536,44 @@ int64_t sample_laplace_distribution(double mu, double b, double p) { double result; - tor_assert(p >= 0.0 && p < 1.0); + /* This is the "inverse cumulative distribution function" from: * http://en.wikipedia.org/wiki/Laplace_distribution */ - result = mu - b * (p > 0.5 ? 1.0 : -1.0) - * tor_mathlog(1.0 - 2.0 * fabs(p - 0.5)); - - if (result >= INT64_MAX) - return INT64_MAX; - else if (result <= INT64_MIN) + if (p <= 0.0) { + /* Avoid taking log(0.0) == -INFINITY, as some processors or compiler + * options can cause the program to trap. */ return INT64_MIN; - else - return (int64_t) result; + } + + result = mu - b * (p > 0.5 ? 1.0 : -1.0) + * tor_mathlog(1.0 - 2.0 * fabs(p - 0.5)); + + return clamp_double_to_int64(result); } -/** Add random noise between INT64_MIN and INT64_MAX coming from a - * Laplace distribution with mu = 0 and b = <b>delta_f</b>/<b>epsilon</b> - * to <b>signal</b> based on the provided <b>random</b> value in - * [0.0, 1.0[. */ +/** Add random noise between INT64_MIN and INT64_MAX coming from a Laplace + * distribution with mu = 0 and b = <b>delta_f</b>/<b>epsilon</b> to + * <b>signal</b> based on the provided <b>random</b> value in [0.0, 1.0[. + * The epsilon value must be between ]0.0, 1.0]. delta_f must be greater + * than 0. */ int64_t add_laplace_noise(int64_t signal, double random, double delta_f, double epsilon) { - int64_t noise = sample_laplace_distribution( - 0.0, /* just add noise, no further signal */ - delta_f / epsilon, random); + int64_t noise; + + /* epsilon MUST be between ]0.0, 1.0] */ + tor_assert(epsilon > 0.0 && epsilon <= 1.0); + /* delta_f MUST be greater than 0. */ + tor_assert(delta_f > 0.0); + /* Just add noise, no further signal */ + noise = sample_laplace_distribution(0.0, + delta_f / epsilon, + random); + + /* Clip (signal + noise) to [INT64_MIN, INT64_MAX] */ if (noise > 0 && INT64_MAX - noise < signal) return INT64_MAX; else if (noise < 0 && INT64_MIN - noise > signal) @@ -1448,9 +1458,19 @@ tor_timegm(const struct tm *tm, time_t *time_out) { /* This is a pretty ironclad timegm implementation, snarfed from Python2.2. * It's way more brute-force than fiddling with tzset(). - */ - time_t year, days, hours, minutes, seconds; + * + * We use int64_t rather than time_t to avoid overflow on multiplication on + * platforms with 32-bit time_t. Since year is clipped to INT32_MAX, and + * since 365 * 24 * 60 * 60 is approximately 31 million, it's not possible + * for INT32_MAX years to overflow int64_t when converted to seconds. */ + int64_t year, days, hours, minutes, seconds; int i, invalid_year, dpm; + + /* Initialize time_out to 0 for now, to avoid bad usage in case this function + fails and the caller ignores the return value. */ + tor_assert(time_out); + *time_out = 0; + /* avoid int overflow on addition */ if (tm->tm_year < INT32_MAX-1900) { year = tm->tm_year + 1900; @@ -1489,7 +1509,17 @@ tor_timegm(const struct tm *tm, time_t *time_out) minutes = hours*60 + tm->tm_min; seconds = minutes*60 + tm->tm_sec; - *time_out = seconds; + /* Check that "seconds" will fit in a time_t. On platforms where time_t is + * 32-bit, this check will fail for dates in and after 2038. + * + * We already know that "seconds" can't be negative because "year" >= 1970 */ +#if SIZEOF_TIME_T < 8 + if (seconds < TIME_MIN || seconds > TIME_MAX) { + log_warn(LD_BUG, "Result does not fit in tor_timegm"); + return -1; + } +#endif + *time_out = (time_t)seconds; return 0; } @@ -2031,57 +2061,98 @@ check_private_dir(const char *dirname, cpd_check_t check, { int r; struct stat st; - char *f; + + tor_assert(dirname); + #ifndef _WIN32 - unsigned unwanted_bits = 0; + int fd; const struct passwd *pw = NULL; uid_t running_uid; gid_t running_gid; -#else - (void)effective_user; -#endif - tor_assert(dirname); - f = tor_strdup(dirname); - clean_name_for_stat(f); - log_debug(LD_FS, "stat()ing %s", f); - r = stat(sandbox_intern_string(f), &st); - tor_free(f); - if (r) { + /* + * Goal is to harden the implementation by removing any + * potential for race between stat() and chmod(). + * chmod() accepts filename as argument. If an attacker can move + * the file between stat() and chmod(), a potential race exists. + * + * Several suggestions taken from: + * https://developer.apple.com/library/mac/documentation/ + * Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html + */ + + /* Open directory. + * O_NOFOLLOW to ensure that it does not follow symbolic links */ + fd = open(sandbox_intern_string(dirname), O_NOFOLLOW); + + /* Was there an error? Maybe the directory does not exist? */ + if (fd == -1) { + if (errno != ENOENT) { + /* Other directory error */ log_warn(LD_FS, "Directory %s cannot be read: %s", dirname, strerror(errno)); return -1; } + + /* Received ENOENT: Directory does not exist */ + + /* Should we create the directory? */ if (check & CPD_CREATE) { log_info(LD_GENERAL, "Creating directory %s", dirname); -#if defined (_WIN32) - r = mkdir(dirname); -#else if (check & CPD_GROUP_READ) { r = mkdir(dirname, 0750); } else { r = mkdir(dirname, 0700); } -#endif + + /* check for mkdir() error */ if (r) { log_warn(LD_FS, "Error creating directory %s: %s", dirname, strerror(errno)); return -1; } + + /* we just created the directory. try to open it again. + * permissions on the directory will be checked again below.*/ + fd = open(sandbox_intern_string(dirname), O_NOFOLLOW); + + if (fd == -1) + return -1; + else + close(fd); + } else if (!(check & CPD_CHECK)) { log_warn(LD_FS, "Directory %s does not exist.", dirname); return -1; } + /* XXXX In the case where check==CPD_CHECK, we should look at the * parent directory a little harder. */ return 0; } + + tor_assert(fd >= 0); + + //f = tor_strdup(dirname); + //clean_name_for_stat(f); + log_debug(LD_FS, "stat()ing %s", dirname); + //r = stat(sandbox_intern_string(f), &st); + r = fstat(fd, &st); + if (r == -1) { + log_warn(LD_FS, "fstat() on directory %s failed.", dirname); + close(fd); + return -1; + } + //tor_free(f); + + /* check that dirname is a directory */ if (!(st.st_mode & S_IFDIR)) { log_warn(LD_FS, "%s is not a directory", dirname); + close(fd); return -1; } -#ifndef _WIN32 + if (effective_user) { /* Look up the user and group information. * If we have a problem, bail out. */ @@ -2089,6 +2160,7 @@ check_private_dir(const char *dirname, cpd_check_t check, if (pw == NULL) { log_warn(LD_CONFIG, "Error setting configured user: %s not found", effective_user); + close(fd); return -1; } running_uid = pw->pw_uid; @@ -2097,7 +2169,6 @@ check_private_dir(const char *dirname, cpd_check_t check, running_uid = getuid(); running_gid = getgid(); } - if (st.st_uid != running_uid) { const struct passwd *pw = NULL; char *process_ownername = NULL; @@ -2113,10 +2184,11 @@ check_private_dir(const char *dirname, cpd_check_t check, pw ? pw->pw_name : "<unknown>", (int)st.st_uid); tor_free(process_ownername); + close(fd); return -1; } if ( (check & (CPD_GROUP_OK|CPD_GROUP_READ)) - && (st.st_gid != running_gid) ) { + && (st.st_gid != running_gid) && (st.st_gid != 0)) { struct group *gr; char *process_groupname = NULL; gr = getgrgid(running_gid); @@ -2129,18 +2201,25 @@ check_private_dir(const char *dirname, cpd_check_t check, gr ? gr->gr_name : "<unknown>", (int)st.st_gid); tor_free(process_groupname); + close(fd); return -1; } + unsigned unwanted_bits = 0; if (check & (CPD_GROUP_OK|CPD_GROUP_READ)) { unwanted_bits = 0027; } else { unwanted_bits = 0077; } - if ((st.st_mode & unwanted_bits) != 0) { + unsigned check_bits_filter = ~0; + if (check & CPD_RELAX_DIRMODE_CHECK) { + check_bits_filter = 0022; + } + if ((st.st_mode & unwanted_bits & check_bits_filter) != 0) { unsigned new_mode; if (check & CPD_CHECK_MODE_ONLY) { log_warn(LD_FS, "Permissions on directory %s are too permissive.", dirname); + close(fd); return -1; } log_warn(LD_FS, "Fixing permissions on directory %s", dirname); @@ -2150,14 +2229,51 @@ check_private_dir(const char *dirname, cpd_check_t check, new_mode |= 0050; /* Group should have rx */ } new_mode &= ~unwanted_bits; /* Clear the bits that we didn't want set...*/ - if (chmod(dirname, new_mode)) { + if (fchmod(fd, new_mode)) { log_warn(LD_FS, "Could not chmod directory %s: %s", dirname, strerror(errno)); + close(fd); return -1; } else { + close(fd); return 0; } } + close(fd); +#else + /* Win32 case: we can't open() a directory. */ + (void)effective_user; + + char *f = tor_strdup(dirname); + clean_name_for_stat(f); + log_debug(LD_FS, "stat()ing %s", f); + r = stat(sandbox_intern_string(f), &st); + tor_free(f); + if (r) { + if (errno != ENOENT) { + log_warn(LD_FS, "Directory %s cannot be read: %s", dirname, + strerror(errno)); + return -1; + } + if (check & CPD_CREATE) { + log_info(LD_GENERAL, "Creating directory %s", dirname); + r = mkdir(dirname); + if (r) { + log_warn(LD_FS, "Error creating directory %s: %s", dirname, + strerror(errno)); + return -1; + } + } else if (!(check & CPD_CHECK)) { + log_warn(LD_FS, "Directory %s does not exist.", dirname); + return -1; + } + return 0; + } + if (!(st.st_mode & S_IFDIR)) { + log_warn(LD_FS, "%s is not a directory", dirname); + return -1; + } + #endif return 0; } @@ -2873,6 +2989,10 @@ expand_filename(const char *filename) { tor_assert(filename); #ifdef _WIN32 + /* Might consider using GetFullPathName() as described here: + * http://etutorials.org/Programming/secure+programming/ + * Chapter+3.+Input+Validation/3.7+Validating+Filenames+and+Paths/ + */ return tor_strdup(filename); #else if (*filename == '~') { @@ -3791,8 +3911,13 @@ format_helper_exit_status(unsigned char child_state, int saved_errno, /* Maximum number of file descriptors, if we cannot get it via sysconf() */ #define DEFAULT_MAX_FD 256 -/** Terminate the process of <b>process_handle</b>. - * Code borrowed from Python's os.kill. */ +/** Terminate the process of <b>process_handle</b>, if that process has not + * already exited. + * + * Return 0 if we succeeded in terminating the process (or if the process + * already exited), and -1 if we tried to kill the process but failed. + * + * Based on code originally borrowed from Python's os.kill. */ int tor_terminate_process(process_handle_t *process_handle) { @@ -3812,7 +3937,7 @@ tor_terminate_process(process_handle_t *process_handle) } #endif - return -1; + return 0; /* We didn't need to kill the process, so report success */ } /** Return the Process ID of <b>process_handle</b>. */ @@ -4424,7 +4549,7 @@ tor_get_exit_code(process_handle_t *process_handle, /** Helper: return the number of characters in <b>s</b> preceding the first * occurrence of <b>ch</b>. If <b>ch</b> does not occur in <b>s</b>, return * the length of <b>s</b>. Should be equivalent to strspn(s, "ch"). */ -static INLINE size_t +static inline size_t str_num_before(const char *s, char ch) { const char *cp = strchr(s, ch); @@ -5385,3 +5510,38 @@ tor_weak_random_range(tor_weak_rng_t *rng, int32_t top) return result; } +/** Cast a given double value to a int64_t. Return 0 if number is NaN. + * Returns either INT64_MIN or INT64_MAX if number is outside of the int64_t + * range. */ +int64_t +clamp_double_to_int64(double number) +{ + int exp; + + /* NaN is a special case that can't be used with the logic below. */ + if (isnan(number)) { + return 0; + } + + /* Time to validate if result can overflows a int64_t value. Fun with + * float! Find that exponent exp such that + * number == x * 2^exp + * for some x with abs(x) in [0.5, 1.0). Note that this implies that the + * magnitude of number is strictly less than 2^exp. + * + * If number is infinite, the call to frexp is legal but the contents of + * exp are unspecified. */ + frexp(number, &exp); + + /* If the magnitude of number is strictly less than 2^63, the truncated + * version of number is guaranteed to be representable. The only + * representable integer for which this is not the case is INT64_MIN, but + * it is covered by the logic below. */ + if (isfinite(number) && exp <= 63) { + return number; + } + + /* Handle infinities and finite numbers with magnitude >= 2^63. */ + return signbit(number) ? INT64_MIN : INT64_MAX; +} + diff --git a/src/common/util.h b/src/common/util.h index 8bb4505e86..814c8622a2 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -22,6 +22,7 @@ /* for the correct alias to struct stat */ #include <sys/stat.h> #endif +#include "util_bug.h" #ifndef O_BINARY #define O_BINARY 0 @@ -29,41 +30,10 @@ #ifndef O_TEXT #define O_TEXT 0 #endif - -/* Replace assert() with a variant that sends failures to the log before - * calling assert() normally. - */ -#ifdef NDEBUG -/* Nobody should ever want to build with NDEBUG set. 99% of our asserts will - * be outside the critical path anyway, so it's silly to disable bug-checking - * throughout the entire program just because a few asserts are slowing you - * down. Profile, optimize the critical path, and keep debugging on. - * - * And I'm not just saying that because some of our asserts check - * security-critical properties. - */ -#error "Sorry; we don't support building with NDEBUG." -#endif - -/* Don't use assertions during coverage. It leads to tons of unreached - * branches which in reality are only assertions we didn't hit. */ -#ifdef TOR_COVERAGE -#define tor_assert(a) STMT_BEGIN \ - (void)(a); \ - STMT_END -#else -/** Like assert(3), but send assertion failures to the log as well as to - * stderr. */ -#define tor_assert(expr) STMT_BEGIN \ - if (PREDICT_UNLIKELY(!(expr))) { \ - tor_assertion_failed_(SHORT_FILE__, __LINE__, __func__, #expr); \ - abort(); \ - } STMT_END +#ifndef O_NOFOLLOW +#define O_NOFOLLOW 0 #endif -void tor_assertion_failed_(const char *fname, unsigned int line, - const char *func, const char *expr); - /* If we're building with dmalloc, we want all of our memory allocation * functions to take an extra file/line pair of arguments. If not, not. * We define DMALLOC_PARAMS to the extra parameters to insert in the @@ -77,11 +47,6 @@ void tor_assertion_failed_(const char *fname, unsigned int line, #define DMALLOC_ARGS #endif -/** Define this if you want Tor to crash when any problem comes up, - * so you can get a coredump and track things down. */ -// #define tor_fragile_assert() tor_assert(0) -#define tor_fragile_assert() - /* Memory management */ void *tor_malloc_(size_t size DMALLOC_PARAMS) ATTR_MALLOC; void *tor_malloc_zero_(size_t size DMALLOC_PARAMS) ATTR_MALLOC; @@ -185,6 +150,7 @@ int64_t sample_laplace_distribution(double mu, double b, double p); int64_t add_laplace_noise(int64_t signal, double random, double delta_f, double epsilon); int n_bits_set_u8(uint8_t v); +int64_t clamp_double_to_int64(double number); /* Compute the CEIL of <b>a</b> divided by <b>b</b>, for nonnegative <b>a</b> * and positive <b>b</b>. Works on integer types only. Not defined if a+b can @@ -352,12 +318,13 @@ file_status_t file_status(const char *filename); /** Possible behaviors for check_private_dir() on encountering a nonexistent * directory; see that function's documentation for details. */ typedef unsigned int cpd_check_t; -#define CPD_NONE 0 -#define CPD_CREATE 1 -#define CPD_CHECK 2 -#define CPD_GROUP_OK 4 -#define CPD_GROUP_READ 8 -#define CPD_CHECK_MODE_ONLY 16 +#define CPD_NONE 0 +#define CPD_CREATE (1u << 0) +#define CPD_CHECK (1u << 1) +#define CPD_GROUP_OK (1u << 2) +#define CPD_GROUP_READ (1u << 3) +#define CPD_CHECK_MODE_ONLY (1u << 4) +#define CPD_RELAX_DIRMODE_CHECK (1u << 5) int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user); diff --git a/src/common/util_bug.c b/src/common/util_bug.c new file mode 100644 index 0000000000..e3e1d6df90 --- /dev/null +++ b/src/common/util_bug.c @@ -0,0 +1,53 @@ +/* Copyright (c) 2003, Roger Dingledine + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2016, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file util_bug.c + **/ + +#include "orconfig.h" +#include "util_bug.h" +#include "torlog.h" +#include "backtrace.h" + +/** Helper for tor_assert: report the assertion failure. */ +void +tor_assertion_failed_(const char *fname, unsigned int line, + const char *func, const char *expr) +{ + char buf[256]; + log_err(LD_BUG, "%s:%u: %s: Assertion %s failed; aborting.", + fname, line, func, expr); + tor_snprintf(buf, sizeof(buf), + "Assertion %s failed in %s at %s:%u", + expr, func, fname, line); + log_backtrace(LOG_ERR, LD_BUG, buf); +} + +/** Helper for tor_assert_nonfatal: report the assertion failure. */ +void +tor_bug_occurred_(const char *fname, unsigned int line, + const char *func, const char *expr, + int once) +{ + char buf[256]; + const char *once_str = once ? + " (Future instances of this warning will be silenced.)": ""; + if (! expr) { + log_warn(LD_BUG, "%s:%u: %s: This line should not have been reached.%s", + fname, line, func, once_str); + tor_snprintf(buf, sizeof(buf), + "Line unexpectedly reached at %s at %s:%u", + func, fname, line); + } else { + log_warn(LD_BUG, "%s:%u: %s: Non-fatal assertion %s failed.%s", + fname, line, func, expr, once_str); + tor_snprintf(buf, sizeof(buf), + "Non-fatal assertion %s failed in %s at %s:%u", + expr, func, fname, line); + } + log_backtrace(LOG_WARN, LD_BUG, buf); +} + diff --git a/src/common/util_bug.h b/src/common/util_bug.h new file mode 100644 index 0000000000..36056aa4bd --- /dev/null +++ b/src/common/util_bug.h @@ -0,0 +1,150 @@ +/* Copyright (c) 2003-2004, Roger Dingledine + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2016, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file util_bug.h + **/ + +#ifndef TOR_UTIL_BUG_H +#define TOR_UTIL_BUG_H + +#include "orconfig.h" +#include "compat.h" +#include "testsupport.h" + +/* Replace assert() with a variant that sends failures to the log before + * calling assert() normally. + */ +#ifdef NDEBUG +/* Nobody should ever want to build with NDEBUG set. 99% of our asserts will + * be outside the critical path anyway, so it's silly to disable bug-checking + * throughout the entire program just because a few asserts are slowing you + * down. Profile, optimize the critical path, and keep debugging on. + * + * And I'm not just saying that because some of our asserts check + * security-critical properties. + */ +#error "Sorry; we don't support building with NDEBUG." +#endif + +/* Sometimes we don't want to use assertions during branch coverage tests; it + * leads to tons of unreached branches which in reality are only assertions we + * didn't hit. */ +#if defined(TOR_UNIT_TESTS) && defined(DISABLE_ASSERTS_IN_UNIT_TESTS) +#define tor_assert(a) STMT_BEGIN \ + (void)(a); \ + STMT_END +#else +/** Like assert(3), but send assertion failures to the log as well as to + * stderr. */ +#define tor_assert(expr) STMT_BEGIN \ + if (PREDICT_UNLIKELY(!(expr))) { \ + tor_assertion_failed_(SHORT_FILE__, __LINE__, __func__, #expr); \ + abort(); \ + } STMT_END +#endif + +#define tor_assert_unreached() tor_assert(0) + +/* Non-fatal bug assertions. The "unreached" variants mean "this line should + * never be reached." The "once" variants mean "Don't log a warning more than + * once". + * + * The 'BUG' macro checks a boolean condition and logs an error message if it + * is true. Example usage: + * if (BUG(x == NULL)) + * return -1; + */ + +#ifdef ALL_BUGS_ARE_FATAL +#define tor_assert_nonfatal_unreached() tor_assert(0) +#define tor_assert_nonfatal(cond) tor_assert((cond)) +#define tor_assert_nonfatal_unreached_once() tor_assert(0) +#define tor_assert_nonfatal_once(cond) tor_assert((cond)) +#define BUG(cond) \ + (PREDICT_UNLIKELY(cond) ? \ + (tor_assertion_failed_(SHORT_FILE__,__LINE__,__func__,#cond), abort(), 1) \ + : 0) +#elif defined(TOR_UNIT_TESTS) && defined(DISABLE_ASSERTS_IN_UNIT_TESTS) +#define tor_assert_nonfatal_unreached() STMT_NIL +#define tor_assert_nonfatal(cond) ((void)(cond)) +#define tor_assert_nonfatal_unreached_once() STMT_NIL +#define tor_assert_nonfatal_once(cond) ((void)(cond)) +#define BUG(cond) (PREDICT_UNLIKELY(cond) ? 1 : 0) +#else /* Normal case, !ALL_BUGS_ARE_FATAL, !DISABLE_ASSERTS_IN_UNIT_TESTS */ +#define tor_assert_nonfatal_unreached() STMT_BEGIN \ + tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__, NULL, 0); \ + STMT_END +#define tor_assert_nonfatal(cond) STMT_BEGIN \ + if (PREDICT_UNLIKELY(!(cond))) { \ + tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__, #cond, 0); \ + } \ + STMT_END +#define tor_assert_nonfatal_unreached_once() STMT_BEGIN \ + static int warning_logged__ = 0; \ + if (!warning_logged__) { \ + warning_logged__ = 1; \ + tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__, NULL, 1); \ + } \ + STMT_END +#define tor_assert_nonfatal_once(cond) STMT_BEGIN \ + static int warning_logged__ = 0; \ + if (!warning_logged__ && PREDICT_UNLIKELY(!(cond))) { \ + warning_logged__ = 1; \ + tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__, #cond, 1); \ + } \ + STMT_END +#define BUG(cond) \ + (PREDICT_UNLIKELY(cond) ? \ + (tor_bug_occurred_(SHORT_FILE__,__LINE__,__func__,#cond,0), 1) \ + : 0) +#endif + +#ifdef __GNUC__ +#define IF_BUG_ONCE__(cond,var) \ + if (({ \ + static int var = 0; \ + int bool_result = (cond); \ + if (PREDICT_UNLIKELY(bool_result) && !var) { \ + var = 1; \ + tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__, #cond, 1); \ + } \ + PREDICT_UNLIKELY(bool_result); })) +#else +#define IF_BUG_ONCE__(cond,var) \ + static int var = 0; \ + if (PREDICT_UNLIKELY(cond)) ? \ + (var ? 1 : \ + (var=1, \ + tor_bug_occurred_(SHORT_FILE__, __LINE__, __func__, #cond, 1), \ + 1)) \ + : 0) +#endif +#define IF_BUG_ONCE_VARNAME_(a) \ + warning_logged_on_ ## a ## __ +#define IF_BUG_ONCE_VARNAME__(a) \ + IF_BUG_ONCE_VARNAME_(a) + +/** This macro behaves as 'if (bug(x))', except that it only logs its + * warning once, no matter how many times it triggers. + */ + +#define IF_BUG_ONCE(cond) \ + IF_BUG_ONCE__((cond), \ + IF_BUG_ONCE_VARNAME__(__LINE__)) + +/** Define this if you want Tor to crash when any problem comes up, + * so you can get a coredump and track things down. */ +// #define tor_fragile_assert() tor_assert_unreached(0) +#define tor_fragile_assert() tor_assert_nonfatal_unreached_once() + +void tor_assertion_failed_(const char *fname, unsigned int line, + const char *func, const char *expr); +void tor_bug_occurred_(const char *fname, unsigned int line, + const char *func, const char *expr, + int once); + +#endif + diff --git a/src/common/util_format.c b/src/common/util_format.c index dc544a6c2e..8aae9e8771 100644 --- a/src/common/util_format.c +++ b/src/common/util_format.c @@ -1,9 +1,16 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ +/** + * \file util_format.c + * + * \brief Miscellaneous functions for encoding and decoding various things + * in base{16,32,64}. + */ + #include "orconfig.h" #include "torlog.h" #include "util.h" @@ -465,7 +472,7 @@ base16_encode(char *dest, size_t destlen, const char *src, size_t srclen) } /** Helper: given a hex digit, return its value, or -1 if it isn't hex. */ -static INLINE int +static inline int hex_decode_digit_(char c) { switch (c) { diff --git a/src/common/util_format.h b/src/common/util_format.h index 3fb7e1ac16..a748a4f3cf 100644 --- a/src/common/util_format.h +++ b/src/common/util_format.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_UTIL_FORMAT_H diff --git a/src/common/util_process.c b/src/common/util_process.c index 849a5c0b63..848b238318 100644 --- a/src/common/util_process.c +++ b/src/common/util_process.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -45,13 +45,13 @@ struct waitpid_callback_t { unsigned running; }; -static INLINE unsigned int +static inline unsigned int process_map_entry_hash_(const waitpid_callback_t *ent) { return (unsigned) ent->pid; } -static INLINE unsigned int +static inline unsigned int process_map_entries_eq_(const waitpid_callback_t *a, const waitpid_callback_t *b) { diff --git a/src/common/util_process.h b/src/common/util_process.h index c55cd8c5fa..d38301a354 100644 --- a/src/common/util_process.h +++ b/src/common/util_process.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2015, The Tor Project, Inc. */ +/* Copyright (c) 2011-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/common/workqueue.c b/src/common/workqueue.c index c467bdf43b..0a38550de0 100644 --- a/src/common/workqueue.c +++ b/src/common/workqueue.c @@ -1,6 +1,13 @@ /* copyright (c) 2013-2015, The Tor Project, Inc. */ /* See LICENSE for licensing information */ +/** + * \file workqueue.c + * + * \brief Implements worker threads, queues of work for them, and mechanisms + * for them to send answers back to the main thread. + */ + #include "orconfig.h" #include "compat.h" #include "compat_threads.h" diff --git a/src/common/workqueue.h b/src/common/workqueue.h index 9ce1eadafc..89282e6f21 100644 --- a/src/common/workqueue.h +++ b/src/common/workqueue.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2013, The Tor Project, Inc. */ +/* Copyright (c) 2013-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_WORKQUEUE_H |