diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/compat.c | 2 | ||||
| -rw-r--r-- | src/or/config.c | 1 | ||||
| -rw-r--r-- | src/or/connection_or.c | 1 | ||||
| -rw-r--r-- | src/or/consdiffmgr.c | 13 | ||||
| -rw-r--r-- | src/or/dirserv.c | 56 | ||||
| -rw-r--r-- | src/or/dirvote.c | 1 | ||||
| -rw-r--r-- | src/or/main.c | 1 | ||||
| -rw-r--r-- | src/or/onion_tap.c | 3 | ||||
| -rw-r--r-- | src/or/or.h | 5 | ||||
| -rw-r--r-- | src/or/rendclient.c | 1 | ||||
| -rw-r--r-- | src/or/rendmid.c | 1 | ||||
| -rw-r--r-- | src/or/rendservice.c | 3 | ||||
| -rw-r--r-- | src/or/rephist.c | 99 | ||||
| -rw-r--r-- | src/or/rephist.h | 3 | ||||
| -rw-r--r-- | src/or/router.c | 1 | ||||
| -rw-r--r-- | src/or/routerparse.c | 3 | ||||
| -rw-r--r-- | src/rust/tor_util/include.am | 2 | ||||
| -rw-r--r-- | src/test/test_crypto_slow.c | 3 | ||||
| -rwxr-xr-x | src/test/test_rust.sh | 2 |
19 files changed, 68 insertions, 133 deletions
diff --git a/src/common/compat.c b/src/common/compat.c index 3bea626903..4d110aba35 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -3261,7 +3261,7 @@ format_win32_error(DWORD err) FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, err, - MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), + MAKELANGID(LANG_ENGLISH, SUBLANG_DEFAULT), (LPVOID)&str, 0, NULL); diff --git a/src/or/config.c b/src/or/config.c index 5da871d1e2..5e7fb18deb 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -393,6 +393,7 @@ static config_var_t option_vars_[] = { V(MaxAdvertisedBandwidth, MEMUNIT, "1 GB"), V(MaxCircuitDirtiness, INTERVAL, "10 minutes"), V(MaxClientCircuitsPending, UINT, "32"), + V(MaxConsensusAgeForDiffs, INTERVAL, "0 seconds"), VAR("MaxMemInQueues", MEMUNIT, MaxMemInQueues_raw, "0"), OBSOLETE("MaxOnionsPending"), V(MaxOnionQueueDelay, MSEC_INTERVAL, "1750 msec"), diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 753148291c..051bf9a176 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1369,7 +1369,6 @@ connection_tls_start_handshake,(or_connection_t *conn, int receiving)) connection_start_reading(TO_CONN(conn)); log_debug(LD_HANDSHAKE,"starting TLS handshake on fd "TOR_SOCKET_T_FORMAT, conn->base_.s); - note_crypto_pk_op(receiving ? TLS_HANDSHAKE_S : TLS_HANDSHAKE_C); if (connection_tls_continue_handshake(conn) < 0) return -1; diff --git a/src/or/consdiffmgr.c b/src/or/consdiffmgr.c index 638fcd6794..a3ffed10db 100644 --- a/src/or/consdiffmgr.c +++ b/src/or/consdiffmgr.c @@ -14,6 +14,7 @@ #define CONSDIFFMGR_PRIVATE #include "or.h" +#include "config.h" #include "conscache.h" #include "consdiff.h" #include "consdiffmgr.h" @@ -462,12 +463,22 @@ cdm_cache_lookup_consensus(consensus_flavor_t flavor, time_t valid_after) static int32_t get_max_age_to_cache(void) { - /* The parameter is in hours. */ const int32_t DEFAULT_MAX_AGE_TO_CACHE = 8192; const int32_t MIN_MAX_AGE_TO_CACHE = 0; const int32_t MAX_MAX_AGE_TO_CACHE = 8192; const char MAX_AGE_TO_CACHE_NAME[] = "max-consensus-age-to-cache-for-diff"; + const or_options_t *options = get_options(); + + if (options->MaxConsensusAgeForDiffs) { + const int v = options->MaxConsensusAgeForDiffs; + if (v >= MAX_MAX_AGE_TO_CACHE * 3600) + return MAX_MAX_AGE_TO_CACHE; + else + return v; + } + + /* The parameter is in hours, so we multiply */ return 3600 * networkstatus_get_param(NULL, MAX_AGE_TO_CACHE_NAME, DEFAULT_MAX_AGE_TO_CACHE, diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 75a245e07a..e5654e3b90 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -676,8 +676,8 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source) control_event_or_authdir_new_descriptor("REJECTED", ri->cache_info.signed_descriptor_body, desclen, *msg); - routerinfo_free(ri); - return ROUTER_AUTHDIR_REJECTS; + r = ROUTER_AUTHDIR_REJECTS; + goto fail; } /* Check whether this descriptor is semantically identical to the last one @@ -697,8 +697,8 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source) control_event_or_authdir_new_descriptor("DROPPED", ri->cache_info.signed_descriptor_body, desclen, *msg); - routerinfo_free(ri); - return ROUTER_IS_ALREADY_KNOWN; + r = ROUTER_IS_ALREADY_KNOWN; + goto fail; } /* Do keypinning again ... this time, to add the pin if appropriate */ @@ -733,8 +733,8 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source) "its key did not match an older RSA/Ed25519 keypair", router_describe(ri), source); *msg = "Looks like your keypair does not match its older value."; - routerinfo_free(ri); - return ROUTER_AUTHDIR_REJECTS; + r = ROUTER_AUTHDIR_REJECTS; + goto fail; } /* Make a copy of desc, since router_add_to_routerlist might free @@ -772,6 +772,20 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source) tor_free(desc); tor_free(nickname); return r; + fail: + { + const char *desc_digest = ri->cache_info.signed_descriptor_digest; + download_status_t *dls = + router_get_dl_status_by_descriptor_digest(desc_digest); + if (dls) { + log_info(LD_GENERAL, "Marking router with descriptor %s as rejected, " + "and therefore undownloadable", + hex_str(desc_digest, DIGEST_LEN)); + download_status_mark_impossible(dls); + } + routerinfo_free(ri); + } + return r; } /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */ @@ -780,6 +794,7 @@ dirserv_add_extrainfo(extrainfo_t *ei, const char **msg) { routerinfo_t *ri; int r; + was_router_added_t rv; tor_assert(msg); *msg = NULL; @@ -788,8 +803,8 @@ dirserv_add_extrainfo(extrainfo_t *ei, const char **msg) ri = router_get_mutable_by_digest(ei->cache_info.identity_digest); if (!ri) { *msg = "No corresponding router descriptor for extra-info descriptor"; - extrainfo_free(ei); - return ROUTER_BAD_EI; + rv = ROUTER_BAD_EI; + goto fail; } /* If it's too big, refuse it now. Otherwise we'll cache it all over the @@ -801,17 +816,34 @@ dirserv_add_extrainfo(extrainfo_t *ei, const char **msg) (int)ei->cache_info.signed_descriptor_len, MAX_EXTRAINFO_UPLOAD_SIZE); *msg = "Extrainfo document was too large"; - extrainfo_free(ei); - return ROUTER_BAD_EI; + rv = ROUTER_BAD_EI; + goto fail; } if ((r = routerinfo_incompatible_with_extrainfo(ri->identity_pkey, ei, &ri->cache_info, msg))) { - extrainfo_free(ei); - return r < 0 ? ROUTER_IS_ALREADY_KNOWN : ROUTER_BAD_EI; + if (r<0) { + extrainfo_free(ei); + return ROUTER_IS_ALREADY_KNOWN; + } + rv = ROUTER_BAD_EI; + goto fail; } router_add_extrainfo_to_routerlist(ei, msg, 0, 0); return ROUTER_ADDED_SUCCESSFULLY; + fail: + { + const char *d = ei->cache_info.signed_descriptor_digest; + signed_descriptor_t *sd = router_get_by_extrainfo_digest((char*)d); + if (sd) { + log_info(LD_GENERAL, "Marking extrainfo with descriptor %s as " + "rejected, and therefore undownloadable", + hex_str((char*)d,DIGEST_LEN)); + download_status_mark_impossible(&sd->ei_dl_status); + } + extrainfo_free(ei); + } + return rv; } /** Remove all descriptors whose nicknames or fingerprints no longer diff --git a/src/or/dirvote.c b/src/or/dirvote.c index 11cd020d88..c65945fea7 100644 --- a/src/or/dirvote.c +++ b/src/or/dirvote.c @@ -306,7 +306,6 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, signing_key_fingerprint); } - note_crypto_pk_op(SIGN_DIR); { char *sig = router_get_dirobj_signature(digest, DIGEST_LEN, private_signing_key); diff --git a/src/or/main.c b/src/or/main.c index f7b9cc8a1c..0a0943d344 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2886,7 +2886,6 @@ dumpstats(int severity) rep_hist_dump_stats(now,severity); rend_service_dump_stats(severity); - dump_pk_ops(severity); dump_distinct_digest_count(severity); } diff --git a/src/or/onion_tap.c b/src/or/onion_tap.c index 294fc0df6d..928fcaabfb 100644 --- a/src/or/onion_tap.c +++ b/src/or/onion_tap.c @@ -72,8 +72,6 @@ onion_skin_TAP_create(crypto_pk_t *dest_router_key, if (crypto_dh_get_public(dh, challenge, dhbytes)) goto err; - note_crypto_pk_op(ENC_ONIONSKIN); - /* set meeting point, meeting cookie, etc here. Leave zero for now. */ if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out, TAP_ONIONSKIN_CHALLENGE_LEN, @@ -124,7 +122,6 @@ onion_skin_TAP_server_handshake( k = i==0?private_key:prev_private_key; if (!k) break; - note_crypto_pk_op(DEC_ONIONSKIN); len = crypto_pk_private_hybrid_decrypt(k, challenge, TAP_ONIONSKIN_CHALLENGE_LEN, onion_skin, diff --git a/src/or/or.h b/src/or/or.h index 996a7700b5..f6c42b7a99 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4579,6 +4579,11 @@ typedef struct { /** Bool (default: 0): Tells if a %include was used on torrc */ int IncludeUsed; + + /** The seconds after expiration which we as a relay should keep old + * consensuses around so that we can generate diffs from them. If 0, + * use the default. */ + int MaxConsensusAgeForDiffs; } or_options_t; /** Persistent state for an onion router, as saved to disk. */ diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 3d160bdc35..441c371bac 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -286,7 +286,6 @@ rend_client_send_introduction(origin_circuit_t *introcirc, goto perm_err; } - note_crypto_pk_op(REND_CLIENT); /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg, * to avoid buffer overflows? */ r = crypto_pk_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN, diff --git a/src/or/rendmid.c b/src/or/rendmid.c index 23c3deddaa..66d2f93113 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -71,7 +71,6 @@ rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request, goto err; } /* Rest of body: signature of previous data */ - note_crypto_pk_op(REND_MID); if (crypto_pk_public_checksig_digest(pk, (char*)request, 2+asn1len+DIGEST_LEN, (char*)(request+2+DIGEST_LEN+asn1len), diff --git a/src/or/rendservice.c b/src/or/rendservice.c index b8e704e54b..4eef72c32c 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -2845,8 +2845,6 @@ rend_service_decrypt_intro( } /* Decrypt the encrypted part */ - - note_crypto_pk_op(REND_SERVER); result = crypto_pk_private_hybrid_decrypt( key, (char *)buf, sizeof(buf), @@ -3260,7 +3258,6 @@ encode_establish_intro_cell_legacy(char *cell_body_out, if (crypto_digest(cell_body_out+len, auth, DIGEST_LEN+9)) goto err; len += 20; - note_crypto_pk_op(REND_SERVER); r = crypto_pk_private_sign_digest(intro_key, cell_body_out+len, cell_body_out_len - len, cell_body_out, len); diff --git a/src/or/rephist.c b/src/or/rephist.c index 72a5cc5a9b..e65b93fa76 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -2064,105 +2064,6 @@ rep_hist_circbuilding_dormant(time_t now) return 1; } -/** Structure to track how many times we've done each public key operation. */ -static struct { - /** How many directory objects have we signed? */ - unsigned long n_signed_dir_objs; - /** How many routerdescs have we signed? */ - unsigned long n_signed_routerdescs; - /** How many directory objects have we verified? */ - unsigned long n_verified_dir_objs; - /** How many routerdescs have we verified */ - unsigned long n_verified_routerdescs; - /** How many onionskins have we encrypted to build circuits? */ - unsigned long n_onionskins_encrypted; - /** How many onionskins have we decrypted to do circuit build requests? */ - unsigned long n_onionskins_decrypted; - /** How many times have we done the TLS handshake as a client? */ - unsigned long n_tls_client_handshakes; - /** How many times have we done the TLS handshake as a server? */ - unsigned long n_tls_server_handshakes; - /** How many PK operations have we done as a hidden service client? */ - unsigned long n_rend_client_ops; - /** How many PK operations have we done as a hidden service midpoint? */ - unsigned long n_rend_mid_ops; - /** How many PK operations have we done as a hidden service provider? */ - unsigned long n_rend_server_ops; -} pk_op_counts = {0,0,0,0,0,0,0,0,0,0,0}; - -/** Increment the count of the number of times we've done <b>operation</b>. */ -void -note_crypto_pk_op(pk_op_t operation) -{ - switch (operation) - { - case SIGN_DIR: - pk_op_counts.n_signed_dir_objs++; - break; - case SIGN_RTR: - pk_op_counts.n_signed_routerdescs++; - break; - case VERIFY_DIR: - pk_op_counts.n_verified_dir_objs++; - break; - case VERIFY_RTR: - pk_op_counts.n_verified_routerdescs++; - break; - case ENC_ONIONSKIN: - pk_op_counts.n_onionskins_encrypted++; - break; - case DEC_ONIONSKIN: - pk_op_counts.n_onionskins_decrypted++; - break; - case TLS_HANDSHAKE_C: - pk_op_counts.n_tls_client_handshakes++; - break; - case TLS_HANDSHAKE_S: - pk_op_counts.n_tls_server_handshakes++; - break; - case REND_CLIENT: - pk_op_counts.n_rend_client_ops++; - break; - case REND_MID: - pk_op_counts.n_rend_mid_ops++; - break; - case REND_SERVER: - pk_op_counts.n_rend_server_ops++; - break; - default: - log_warn(LD_BUG, "Unknown pk operation %d", operation); - } -} - -/** Log the number of times we've done each public/private-key operation. */ -void -dump_pk_ops(int severity) -{ - tor_log(severity, LD_HIST, - "PK operations: %lu directory objects signed, " - "%lu directory objects verified, " - "%lu routerdescs signed, " - "%lu routerdescs verified, " - "%lu onionskins encrypted, " - "%lu onionskins decrypted, " - "%lu client-side TLS handshakes, " - "%lu server-side TLS handshakes, " - "%lu rendezvous client operations, " - "%lu rendezvous middle operations, " - "%lu rendezvous server operations.", - pk_op_counts.n_signed_dir_objs, - pk_op_counts.n_verified_dir_objs, - pk_op_counts.n_signed_routerdescs, - pk_op_counts.n_verified_routerdescs, - pk_op_counts.n_onionskins_encrypted, - pk_op_counts.n_onionskins_decrypted, - pk_op_counts.n_tls_client_handshakes, - pk_op_counts.n_tls_server_handshakes, - pk_op_counts.n_rend_client_ops, - pk_op_counts.n_rend_mid_ops, - pk_op_counts.n_rend_server_ops); -} - /*** Exit port statistics ***/ /* Some constants */ diff --git a/src/or/rephist.h b/src/or/rephist.h index 2b1c2e7ec7..8f6d46616d 100644 --- a/src/or/rephist.h +++ b/src/or/rephist.h @@ -62,9 +62,6 @@ int any_predicted_circuits(time_t now); int rep_hist_circbuilding_dormant(time_t now); int predicted_ports_prediction_time_remaining(time_t now); -void note_crypto_pk_op(pk_op_t operation); -void dump_pk_ops(int severity); - void rep_hist_exit_stats_init(time_t now); void rep_hist_reset_exit_stats(time_t now); void rep_hist_exit_stats_term(void); diff --git a/src/or/router.c b/src/or/router.c index 100c4cc949..1b81a228af 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -3009,7 +3009,6 @@ router_dump_router_to_string(routerinfo_t *router, crypto_digest_smartlist(digest, DIGEST_LEN, chunks, "", DIGEST_SHA1); - note_crypto_pk_op(SIGN_RTR); { char *sig; if (!(sig = router_get_dirobj_signature(digest, DIGEST_LEN, ident_key))) { diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 6a03194472..f4e87a00d8 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1996,7 +1996,6 @@ router_parse_entry_from_string(const char *s, const char *end, } tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE); - note_crypto_pk_op(VERIFY_RTR); #ifdef COUNT_DISTINCT_DIGESTS if (!verified_digests) verified_digests = digestmap_new(); @@ -2231,7 +2230,6 @@ extrainfo_parse_entry_from_string(const char *s, const char *end, } if (key) { - note_crypto_pk_op(VERIFY_RTR); if (check_signature_token(digest, DIGEST_LEN, tok, key, 0, "extra-info") < 0) goto err; @@ -5288,7 +5286,6 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out, } /* Parse and verify signature. */ tok = find_by_keyword(tokens, R_SIGNATURE); - note_crypto_pk_op(VERIFY_RTR); if (check_signature_token(desc_hash, DIGEST_LEN, tok, result->pk, 0, "v2 rendezvous service descriptor") < 0) goto err; diff --git a/src/rust/tor_util/include.am b/src/rust/tor_util/include.am index 17a755fe09..f0cd63920c 100644 --- a/src/rust/tor_util/include.am +++ b/src/rust/tor_util/include.am @@ -7,7 +7,7 @@ EXTRA_DIST +=\ src/rust/target/release/libtor_util.a: FORCE ( cd "$(abs_top_srcdir)/src/rust/tor_util" ; \ CARGO_TARGET_DIR="$(abs_top_builddir)/src/rust/target" \ - HOME="$(abs_top_builddir)/src/rust" \ + CARGO_HOME="$(abs_top_builddir)/src/rust" \ $(CARGO) build --release --quiet $(CARGO_ONLINE) ) FORCE: diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c index d6b0a43dd5..6d676ff9b9 100644 --- a/src/test/test_crypto_slow.c +++ b/src/test/test_crypto_slow.c @@ -12,8 +12,11 @@ #if defined(HAVE_LIBSCRYPT_H) && defined(HAVE_LIBSCRYPT_SCRYPT) #define HAVE_LIBSCRYPT +#include <libscrypt.h> #endif +#include <openssl/evp.h> + /** Run unit tests for our secret-to-key passphrase hashing functionality. */ static void test_crypto_s2k_rfc2440(void *arg) diff --git a/src/test/test_rust.sh b/src/test/test_rust.sh index 4427c70f13..d559f94ce0 100755 --- a/src/test/test_rust.sh +++ b/src/test/test_rust.sh @@ -7,7 +7,7 @@ exitcode=0 for crate in $crates; do cd "${abs_top_srcdir:-.}/src/rust/${crate}" - CARGO_TARGET_DIR="${abs_top_builddir}/src/rust/target" HOME="${abs_top_builddir}/src/rust" "${CARGO:-cargo}" test ${CARGO_ONLINE-"--frozen"} || exitcode=1 + CARGO_TARGET_DIR="${abs_top_builddir}/src/rust/target" CARGO_HOME="${abs_top_builddir}/src/rust" "${CARGO:-cargo}" test ${CARGO_ONLINE-"--frozen"} || exitcode=1 done exit $exitcode |