aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-04-17prop224 tests: Remove useless NULL check before circuit_free().George Kadianakis
Addresses coverity issue CID 1405130.
2017-04-17prop224 tests: Don't use tt_size_op to compare ssize_t.George Kadianakis
Addresses coverity CID 1405129.
2017-04-13Merge branch 'ticket21891_031_01_squashed'Nick Mathewson
2017-04-13hs: Make the service list pruning function publicDavid Goulet
The reason for making the temporary list public is to keep it encapsulated in the rendservice subsystem so the prop224 code does not have direct access to it and can only affect it through the rendservice pruning function. It also has been modified to not take list as arguments but rather use the global lists (main and temporary ones) because prop224 code will call it to actually prune the rendservice's lists. The function does the needed rotation of pointers between those lists and then prune if needed. In order to make the unit test work and not completely horrible, there is a "impl_" version of the function that doesn't free memory, it simply moves pointers around. It is directly used in the unit test and two setter functions for those lists' pointer have been added only for unit test. Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-13fix wide linesNick Mathewson
2017-04-13Merge branch 'ticket21889_031_01_squashed'Nick Mathewson
2017-04-13hs: Add service-side circuitmap API.George Kadianakis
Now we have separate getters and setters for service-side and relay-side. I took this approach over adding arguments to the already existing methods to have more explicit type-checking, and also because some functions would grow too large and dirty. This commit also fixes every callsite to use the new function names which modifies the legacy HS (v2) and the prop224 (v3) code. Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-13Merge remote-tracking branch 'dgoulet/bug21155_031_02'Nick Mathewson
2017-04-13Merge remote-tracking branch 'dgoulet/ticket21919_031_01'Nick Mathewson
2017-04-13Merge branch 'asn/prop224-ntor-v2-squashed'Nick Mathewson
2017-04-13prop224: Add Python integration tests for HS ntor.George Kadianakis
This test is identical to the ./src/test/test_ntor.sh integration test.
2017-04-13prop224: Add basic HS ntor unittest.George Kadianakis
The test checks that introduce1/rendezvous1 key material is generated correctly both for client-side and service-side.
2017-04-13prop224: Add module that performs the HS ntor handshake.George Kadianakis
and also does the key expansion.
2017-04-12hs: Make check-spaces happy after renameDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-11hs: Change trunnel prop224 cell's namespaceDavid Goulet
One of the goals of this change is to have trunnel API/ABI being more explicit so we namespace them with "trn_*". Furthermore, we can now create hs_cells.[ch] without having to confuse it with trunnel which used to be "hs_cell_*" before that change. Here are the perl line that were used for this rename: perl -i -pe 's/cell_extension/trn_cell_extension/g;' src/*/*.[ch] perl -i -pe 's/cell_extension/trn_cell_extension/g;' src/trunnel/hs/*.trunnel perl -i -pe 's/hs_cell_/trn_cell_/g;' src/*/*.[ch] perl -i -pe 's/hs_cell_/trn_cell_/g;' src/trunnel/hs/*.trunnel And then "./scripts/codegen/run_trunnel.sh" with trunnel commit id 613fb1b98e58504e2b84ef56b1602b6380629043. Fixes #21919 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-10config: Warn if EntryNodes and HiddenService are used togetherDavid Goulet
Pinning EntryNodes along with hidden services can be possibly harmful (for instance #14917 and #21155) so at the very least warn the operator if this is the case. Fixes #21155 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-10Merge remote-tracking branch 'dgoulet/bug16706_031_01'Nick Mathewson
2017-04-10Fix some no-longer-reasonable unit tests for base64_decode()Nick Mathewson
These tests tried to use ridiculously large buffer sizes to check the sanity-checking in the code; but since the sanity-checking changed, these need to change too.
2017-04-10changes file for 17868Nick Mathewson
2017-04-07Remove SR_COMMIT_LEN workaroundTaylor Yu
Now that base64_decode() checks the destination buffer length against the actual number of bytes as they're produced, shared_random.c no longer needs the "SR_COMMIT_LEN+2" workaround.
2017-04-07Remove base64_decode_nopad()Taylor Yu
Remove base64_decode_nopad() because it is redundant now that base64_decode() correctly handles both padded and unpadded base64 encodings with "right-sized" output buffers.
2017-04-07Test odd-sized base64 decodesTaylor Yu
Test base64_decode() with odd sized decoded lengths, including unpadded encodings and padded encodings with "right-sized" output buffers. Convert calls to base64_decode_nopad() to base64_decode() because base64_decode_nopad() is redundant.
2017-04-07Make base64_decode() check actual decoded lengthTaylor Yu
base64_decode() was applying an overly conservative check on the output buffer length that could incorrectly produce an error if the input encoding contained padding or newlines. Fix this by checking the output buffer length against the actual decoded length produced during decoding.
2017-04-07Merge branch 'maint-0.3.0'Nick Mathewson
2017-04-07Merge remote-tracking branch 'public/bug21894_029' into maint-0.3.0Nick Mathewson
2017-04-07Merge branch 'ticket21842_squashed'Nick Mathewson
2017-04-07Remove tor-checkkey as obsoleteNick Mathewson
CVE-2008-0166 is long gone, and we no longer need a helper tool to dump out public key moduli so folks can detect it. Closes ticket 21842.
2017-04-07Merge remote-tracking branch 'dgoulet/ticket21893_031_01'Nick Mathewson
2017-04-07Never read off the end of a buffer in base32_encode()Nick Mathewson
When we "fixed" #18280 in 4e4a7d2b0c199227252a742541461ec4cc35d358 in 0291 it appears that we introduced a bug: The base32_encode function can read off the end of the input buffer, if the input buffer size modulo 5 is not equal to 0 or 3. This is not completely horrible, for two reasons: * The extra bits that are read are never actually used: so this is only a crash when asan is enabled, in the worst case. Not a data leak. * The input sizes passed to base32_encode are only ever multiples of 5. They are all either DIGEST_LEN (20), REND_SERVICE_ID_LEN (10), sizeof(rand_bytes) in addressmap.c (10), or an input in crypto.c that is forced to a multiple of 5. So this bug can't actually trigger in today's Tor. Closes bug 21894; bugfix on 0.2.9.1-alpha.
2017-04-07Comment fix. (Catalyst spotted this)Nick Mathewson
2017-04-07Merge branch 'isolate_openssl'Nick Mathewson
2017-04-07Use DIGEST512_LEN macro in crypto_hash_sha512.h in ref10Nick Mathewson
2017-04-07Make the warnings about terminating nuls a bit strongerNick Mathewson
It looks like 32_encoded_size/64_encode_size APIs are inconsistent not only in the number of "d"s they have, but also in whether they count the terminating NUL. Taylor noted this in 86477f4e3fedb316, but I think we should note the inconsistently more loudly in order to avoid trouble. (I ran into trouble with this when writing 30b13fd82e243713c6a0d.)
2017-04-07Merge remote-tracking branch 'argonblue/baseXXlen'Nick Mathewson
2017-04-07Add test for expected output from encode{,d}_length functionsNick Mathewson
2017-04-07prop224: Flag router with HSIntro/HSDir using protoverDavid Goulet
Note down in the routerstatus_t of a node if the router supports the HSIntro=4 version for the ed25519 authentication key and HSDir=2 version for the v3 descriptor supports. Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-07hs: Move common defines to hs_common.hDavid Goulet
Some of those defines will be used by the v3 HS protocol so move them to a common header out of rendservice.c. This is also ground work for prop224 service implementation. Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-07hs: Remove redundant define of ed25519 auth key typeDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-07hs: Move service check private dir to hs_common.cDavid Goulet
Another building blocks for prop224 service work. This also makes the function takes specific argument instead of the or_option_t object. Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-07hs: Refactor circuitmap to use circuit_t instead of or_circuit_t.George Kadianakis
2017-04-06Use macros for base64 lengths in shared_random.hTaylor Yu
Fixes #19564.
2017-04-06Use baseXX length macros in baseXX_encode()Taylor Yu
Use the new baseXX length macros to clean up the length checks in the baseXX_encode() functions.
2017-04-06Add macros for baseXX encoding lengthsTaylor Yu
2017-04-06Make CEIL_DIV() slightly more overflow-safeTaylor Yu
2017-04-06changes file for 21873Nick Mathewson
2017-04-06Merge remote-tracking branch 'arthuredelstein/21873'Nick Mathewson
2017-04-06Merge branch 'storage_labeled_squashed'Nick Mathewson
2017-04-06Explain config_line_find() behavior on duplicates.Nick Mathewson
2017-04-06Add an assertion to config_line_append().Nick Mathewson
2017-04-06Additional unit tests to improve conscache coverageNick Mathewson