summaryrefslogtreecommitdiff
path: root/src/ext
AgeCommit message (Collapse)Author
2023-08-22Merge remote-tracking branch 'mbeth-private/ticket40833_mr'David Goulet
2023-08-15tor-c-equix: Fix clippy warningMicah Elizabeth Scott
Clippy found a transmute that could have been a reborrow.
2023-08-11hashx: Fix rare compiler output overflow on aarch64Micah Elizabeth Scott
This is a fix for a very rare buffer overflow in hashx, specific to the dynamic compiler on aarch64 platforms. In practice this issue is extremely unlikely to hit randomly, and it's only been seen in unit tests that supply unusual mock PRNG output to the program generator. My best attempt at estimating the probability of hitting the overflow randomly is about 10^-23. Crafting an input with the intent to overflow can be done only as fast as an exhaustive search, so long as Blake2B is unbroken. The root cause is that hashx writes assembly code without any length checks, and it uses an estimated size rather than an absolute maximum size to allocate the buffer for compiled code. Some instructions are much longer than others, especially on aarch64. The length of the overflow is nearly 300 bytes in the worst synthetic test cases I've developed so far. Overflow occurs during hashx_make(), and the subsequent hashx_exec() will always SIGSEGV as the written code crosses outside the region that's been marked executable. In typical use, hashx_exec() is called immediately after hashx_make(). This fix increases the buffer size from 1 page to 2 pages on aarch64, adds an analysis of the compiled code size, and adds runtime checks so we can gracefully fail on overflow. It also adds a unit test (written in Rust) that includes a PRNG sequence exercising the overflow. Without this patch the unit test shows a SIGSEGV on aarch64, with this patch it runs successfully and matches interpreter output. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-08-07hashx: Fix a few more compiler warningsMicah Elizabeth Scott
Fix a couple cases where size_t values were being confused with int. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-07-28hashx: Rust hook for inspecting and modifying the random number streamMicah Elizabeth Scott
This patch has no effect on the C tor build. Adds a function hashx_rng_callback() to the hashx API, defined only when HASHX_RNG_CALLBACK is defined. This is then used in the Rust wrapper to implement a similar rng_callback(). Included some minimal test cases. This code is intented for use in cross-compatibility fuzzing tests which drive multiple implementations of hashx with the same custom Rng stream. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-07-26Include a basic Rust wrapper for Equi-X and HashXMicah Elizabeth Scott
The idea behind this is that we may want to start exporting more pieces of c-tor as Rust crates so that Arti can perform cross compatibility and comparison testing using Rust tooling. This turns the 'tor' repo into a Cargo workspace, and adds one crate to start with: "tor-c-equix", rooted in src/ext/equix. This actually includes both Equi-X itself and HashX, since there's less overall duplication if we package these together instead of packaging HashX separately. This patch adds a basic safe Rust interface, but doesn't expose any additional internals for testing purposes. No changes to the C code here or the normal Tor build system. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-06-05More fixes for compile-time warnings in equix and hashxMicah Elizabeth Scott
This addresses issue #40800 and a couple other problems I noticed while trying to reproduce that one. The original issue is just a missing cast to void* on the args of __builtin___clear_cache(), and clang is picky about the implicit cast between what it considers to be char of different signedness. Original report is from MacOS but it's also reproducible on other clang targets. The cmake-based original build system for equix and hashx was a handy way to run tests, but it suffered from some warnings due to incorrect application of include_directories(). And lastly, there were some return codes from hashx_exec() that get ignored on equix when asserts are disabled. It bugged me too much to just silence this with a (void) cast, since even though this is in the realm of low-likelyhood programming errors and not true runtime errors, I don't want to make it easy for the hashx_exec() wrappers to return values that are dangerously wrong if an error is ignored. I made sure that even if asserts are disabled, we return values that will cause the solver and verifier to both fail to validate a potential solution. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-28equix: API changes for new result codes and hashx compatibilityMicah Elizabeth Scott
This change adapts Equi-X to the corresponding HashX API changes that added HASHX_TRY_COMPILE. The new regularized HashX return codes are reflected by revised corresponding Equi-X return codes. Both solve and verify operations now return an error/success code, and a new equix_solutions_buffer struct includes both the solution buffer and information about the solution count and hashx implementation. With this change, it's possible to discern between hash construction failures (invalid seed) and some external error like an mprotect() failure. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-28hashx: API changes to allow recovery from late compile failuresMicah Elizabeth Scott
This is an API breaking change to hashx, which modifies the error handling strategy. The main goal here is to allow unproblematic recovery from hashx_compile failures. hashx_alloc can no longer fail for reasons other than memory allocation. All platform-specific compile failures are now reported via hashx_make(), in order to both allow later failure and avoid requiring users of the API to maintain and test multiple failure paths. Note that late failures may be more common in actual use than early failures. Early failures represent architectures other than x86_64 and aarch64. Late failures could represent a number of system configurations where syscalls are restricted. The definition of a hashx context no longer tries to overlay storage for the different types of program, and instead allows one context to always contain an interpretable description of the program as well as an optional buffer for compiled code. The hashx_type enum is now used to mean either a specific type of hash function or a type of hashx context. You can allocate a context for use only with interpreted or compiled functions, or you can use HASHX_TRY_COMPILE to prefer the compiler with an automatic fallback on the interpreter. After calling hashx_make(), the new hashx_query_type() can be used if needed to determine which implementation was actually chosen. The error return types have been overhauled so that everyone uses the hashx_result enum, and seed failures vs compile failures are always clearly distinguishable. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-28hashx: allow hashx_compile to fail, avoid segfault without changing APIMicah Elizabeth Scott
This is a minimal portion of the fix for tor issue #40794, in which hashx segfaults due to denial of mprotect() syscalls at runtime. Prior to this fix, hashx makes the assumption that if the JIT is supported on the current architecture, it will also be usable at runtime. This isn't true if mprotect fails on linux, which it may for various reasons: the tor built-in sandbox, the shadow simulator, or external security software that implements a syscall filter. The necessary error propagation was missing internally in hashx, causing us to obliviously call into code which was never made executable. With this fix, hashx_make() will instead fail by returning zero. A proper fix will require API changes so that callers can discern between different types of failures. Zero already means that a program couldn't be constructed, which requires a different response: choosing a different seed, vs switching implementations. Callers would also benefit from a way to use one context (with its already-built program) to run in either compiled or interpreted mode. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-28hashx: minor, another logical operator changeMicah Elizabeth Scott
The code style in equix and hashx sometimes uses bitwise operators in place of logical ones in cases where it doesn't really matter either way. This sometimes annoys our static analyzer tools. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-11equix: avoid a coverity warning in hashx_alloc()Micah Elizabeth Scott
This addresses one of the warnings in issue #40792. As far as I can tell this is a false positive, since the use of "ctx->type" in hashx_free() can only be hit after the unioned code/program pointer is non-NULL. It's no big deal to zero this value explicitly to silence the warning though. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-10hashx: trim trailing whitespaceMicah Elizabeth Scott
Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-10equix: Portability fixes for big endian platformsMicah Elizabeth Scott
Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-10equix: Build cleanly with -Wall -WerrorMicah Elizabeth Scott
Fixes some type nitpicks that show up in Tor development builds, which usually run with -Wall -Werror. Tested on x86_64 and aarch64 for clean build and passing equix-tests + hashx-tests. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-10ext: build equix and hashx using automakeMicah Elizabeth Scott
This replaces the sketchy cmake invocation we had inside configure The libs are always built and always used in unit tests, but only included in libtor and tor when --enable-gpl is set. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-10hs_pow: Replace libb2 dependency with hashx's internal blake2Micah Elizabeth Scott
This forgoes another external library dependency, and instead introduces a compatibility header so that interested parties (who already depend on equix, like hs_pow and unit tests) can use the implementation of blake2b included in hashx. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-10test_crypto: add equix and hashx testsMicah Elizabeth Scott
This adds test vectors for the Equi-X proof of work algorithm and the Hash-X function it's based on. The overall Equi-X test takes about 10 seconds to run on my machine, so it's in test_crypto_slow. The hashx test still covers both the compiled and interpreted versions of the hash function. There aren't any official test vectors for Equi-X or for its particular configuration of Hash-X, so I made some up based on the current implementation. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
2023-05-10ext: Add Equi-X libraryDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-04-27Remove broken MSVC supportAlex Xu (Hello71)
MSVC compilation has been broken since at least 1e417b727502 ("All remaining files in src/common belong to the event loop.") deleted src/common/Makefile.nmake in 2018.
2021-12-16fix syntax errors listed by cppcheckHans-Christoph Steiner
2021-10-06Remove last artifacts of Rust related codeDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-12-17Merge branch 'tor-gitlab/mr/243' into maint-0.4.5David Goulet
2020-12-17Fix Keccak undefined behavior on exotic platforms.George Kadianakis
Bug reported and diagnosed in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975977 Fixes bug #40210.
2020-11-12Fix typos.Samanta Navarro
Typos found with codespell. Please keep in mind that this should have impact on actual code and must be carefully evaluated: src/core/or/lttng_circuit.inc - ctf_enum_value("CONTROLER", CIRCUIT_PURPOSE_CONTROLLER) + ctf_enum_value("CONTROLLER", CIRCUIT_PURPOSE_CONTROLLER)
2020-08-23Include crypto_rand.h in ed25519_tor.cNeel Chauhan
2020-07-02Move description of ext contents into an md file.Nick Mathewson
This way, doxygen can include it.
2020-07-02Mention that src/ext should not be edited lightly.Nick Mathewson
Closes #32661
2020-05-06Merge branch 'maint-0.4.3'Nick Mathewson
Amazingly, this time we had no merge conflicts with "falls through" comments.
2020-05-06Use __attribute__((fallthrough)) rather than magic GCC comments.Nick Mathewson
GCC added an implicit-fallthrough warning a while back, where it would complain if you had a nontrivial "case:" block that didn't end with break, return, or something like that. Clang recently added the same thing. GCC, however, would let you annotate a fall-through as intended by any of various magic "/* fall through */" comments. Clang, however, only seems to like "__attribute__((fallthrough))". Fortunately, GCC accepts that too. A previous commit in this branch defined a FALLTHROUGH macro to do the right thing if GNUC is defined; here we replace all of our "fall through" comments with uses of that macro. This is an automated commit, made with the following perl one-liner: #!/usr/bin/perl -i -p s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i; (In order to avoid conflicts, I'm applying this script separately to each maint branch. This is the 0.4.3 version.)
2020-05-06Use __attribute__((fallthrough)) rather than magic GCC comments.Nick Mathewson
GCC added an implicit-fallthrough warning a while back, where it would complain if you had a nontrivial "case:" block that didn't end with break, return, or something like that. Clang recently added the same thing. GCC, however, would let you annotate a fall-through as intended by any of various magic "/* fall through */" comments. Clang, however, only seems to like "__attribute__((fallthrough))". Fortunately, GCC accepts that too. A previous commit in this branch defined a FALLTHROUGH macro to do the right thing if GNUC is defined; here we replace all of our "fall through" comments with uses of that macro. This is an automated commit, made with the following perl one-liner: #!/usr/bin/perl -i -p s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
2020-05-06Merge branch 'maint-0.4.3'Nick Mathewson
2020-05-06Merge branch 'maint-0.4.2' into maint-0.4.3Nick Mathewson
2020-05-06Merge branch 'maint-0.4.1' into maint-0.4.2Nick Mathewson
2020-05-06Merge branch 'bug34078_prelim_035' into bug34078_prelim_041Nick Mathewson
2020-05-06include compat_compiler for ed25519_donnaNick Mathewson
2020-02-10ht.h: Require a semicolon after HT_PROTOTYPE and HT_GENERATE[2]Nick Mathewson
2020-01-28Use print() function in both Python 2 and Python 3cclauss
2020-01-09siphash.h: include stdint.Nick Mathewson
Doing this gives us a valid uint64_t type, freeing us from dependencies on include order.
2020-01-09Use raw_assert in ht.hNick Mathewson
Also, include torerr.h from ht.h if we are using raw_assert. Otherwise, our includes need to be ordered so that ht.h comes after util_log.h.
2020-01-09Remove extra ; from tt_assert() macro definition.Nick Mathewson
We were actually omitting the semicolon in a few places, leading to confusing indentation and some cocci failures.
2019-12-12src/ext: Add __future__ imports for python 3 compatibilityteor
Closes ticket 32732.
2019-11-21ht.h: improve documentation for HT_NEXT_RMV.Nick Mathewson
2019-11-07Make all our struct names end with "_t".Nick Mathewson
This is an automated commit, generated by this command: ./scripts/maint/rename_c_identifier.py \ address_ttl_s address_ttl_t \ aes_cnt_cipher aes_cnt_cipher_t \ authchallenge_data_s authchallenge_data_t \ authenticate_data_s authenticate_data_t \ cached_bw_event_s cached_bw_event_t \ cbuf cbuf_t \ cell_ewma_s cell_ewma_t \ certs_data_s certs_data_t \ channel_idmap_entry_s channel_idmap_entry_t \ channel_listener_s channel_listener_t \ channel_s channel_t \ channel_tls_s channel_tls_t \ circuit_build_times_s circuit_build_times_t \ circuit_muxinfo_s circuit_muxinfo_t \ circuitmux_policy_circ_data_s circuitmux_policy_circ_data_t \ circuitmux_policy_data_s circuitmux_policy_data_t \ circuitmux_policy_s circuitmux_policy_t \ circuitmux_s circuitmux_t \ coord coord_t \ cpuworker_job_u cpuworker_job_u_t \ cv_testinfo_s cv_testinfo_t \ ddmap_entry_s ddmap_entry_t \ dircollator_s dircollator_t \ dist_ops dist_ops_t \ ecdh_work_s ecdh_work_t \ ewma_policy_circ_data_s ewma_policy_circ_data_t \ ewma_policy_data_s ewma_policy_data_t \ fp_pair_map_entry_s fp_pair_map_entry_t \ fp_pair_map_s fp_pair_map_t \ guard_selection_s guard_selection_t \ mbw_cache_entry_s mbw_cache_entry_t \ outbuf_table_ent_s outbuf_table_ent_t \ queued_event_s queued_event_t \ replyqueue_s replyqueue_t \ rsa_work_s rsa_work_t \ sandbox_cfg_elem sandbox_cfg_elem_t \ scheduler_s scheduler_t \ smp_param smp_param_t \ socket_table_ent_s socket_table_ent_t \ state_s state_t \ threadpool_s threadpool_t \ timeout_cb timeout_cb_t \ tor_libevent_cfg tor_libevent_cfg_t \ tor_threadlocal_s tor_threadlocal_t \ url_table_ent_s url_table_ent_t \ worker_state_s worker_state_t \ workerthread_s workerthread_t \ workqueue_entry_s workqueue_entry_t
2019-06-28Coverity: different implementation for csiphashNick Mathewson
Coverity has had trouble figuring out our csiphash implementation, and has given spurious warnings about its behavior. This patch changes the csiphash implementation when coverity is in use, so that coverity can figure out that we are not about to read beyond the provided input. Closes ticket 31025.
2019-06-11trunnel: Rename sendme.trunnel to sendme_cell.trunnelDavid Goulet
This is to avoid having two sendme.{c|h} in the repository since the subsystem is implemented in src/core/or/sendme.{c|h}. Fixes #30769 Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-05-15Give tinytest a function to say whether the current test has failedNick Mathewson
2019-04-10Merge branch 'maint-0.4.0'Nick Mathewson
2019-04-10Merge remote-tracking branch 'tor-github/pr/926' into maint-0.4.0Nick Mathewson
2019-04-10Prevent double free on huge files with 32 bit.Tobias Stoeckmann
The function compat_getdelim_ is used for tor_getline if tor is compiled on a system that lacks getline and getdelim. These systems should be very rare, considering that getdelim is POSIX. If this system is further a 32 bit architecture, it is possible to trigger a double free with huge files. If bufsiz has been already increased to 2 GB, the next chunk would be 4 GB in size, which wraps around to 0 due to 32 bit limitations. A realloc(*buf, 0) could be imagined as "free(*buf); return malloc(0);" which therefore could return NULL. The code in question considers that an error, but will keep the value of *buf pointing to already freed memory. The caller of tor_getline() would free the pointer again, therefore leading to a double free. This code can only be triggered in dirserv_read_measured_bandwidths with a huge measured bandwith list file on a system that actually allows to reach 2 GB of space through realloc. It is not possible to trigger this on Linux with glibc or other major *BSD systems even on unit tests, because these systems cannot reach so much memory due to memory fragmentation. This patch is effectively based on the penetration test report of cure53 for curl available at https://cure53.de/pentest-report_curl.pdf and explained under section "CRL-01-007 Double-free in aprintf() via unsafe size_t multiplication (Medium)".