summaryrefslogtreecommitdiff
path: root/src/or/channeltls.c
AgeCommit message (Collapse)Author
2017-12-08chan: Do not re-queue after a fail cell writeDavid Goulet
Couple things happen in this commit. First, we do not re-queue a cell back in the circuit queue if the write packed cell failed. Currently, it is close to impossible to have it failed but just in case, the channel is mark as closed and we move on. The second thing is that the channel_write_packed_cell() always took ownership of the cell whatever the outcome. This means, on success or failure, it needs to free it. It turns out that that we were using the wrong free function in one case and not freeing it in an other possible code path. So, this commit makes sure we only free it in one place that is at the very end of channel_write_packed_cell() which is the top layer of the channel abstraction. This makes also channel_tls_write_packed_cell_method() return a negative value on error. Two unit tests had to be fixed (quite trivial) due to a double free of the packed cell in the test since now we do free it in all cases correctly. Part of #23709 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22channel: Remove incoming/outgoing queueDavid Goulet
For the rationale, see ticket #23709. This is a pretty massive commit. Those queues were everywhere in channel.c and it turns out that it was used by lots of dead code. The channel subsystem *never* handles variable size cell (var_cell_t) or unpacked cells (cell_t). The variable ones are only handled in channeltls and outbound cells are always packed from the circuit queue so this commit removes code related to variable and unpacked cells. However, inbound cells are unpacked (cell_t), that is untouched and is handled via channel_process_cell() function. In order to make the commit compile, test have been modified but not passing at this commit. Also, many tests have been removed but better improved ones get added in future commits. This commit also adds a XXX: which indicates that the handling process of outbound cells isn't fully working. This as well is fixed in a future commit. Finally, at this commit, more dead code remains, it will be cleanup in future commits. Fixes #23709 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-20Fix a comment that misunderstood is_canonicalNick Mathewson
is_canonical doesn't mean "am I connected to the one true address of this relay"; it means "does this relay tell me that the address I'm connected to belong to it." The point is to prevent TCP-based MITM, not to prevent the relay from multi-homing. Related to 22890.
2017-09-15Run our #else/#endif annotator on our source code.Nick Mathewson
2017-09-15Merge branch 'maint-0.3.1'Nick Mathewson
Resolve conflict with 23532 code.
2017-09-15Make NETINFO clock skew detection work on clientsTaylor Yu
An unnecessary routerlist check in the NETINFO clock skew detection in channel_tls_process_netinfo_cell() was preventing clients from reporting NETINFO clock skew to controllers.
2017-09-15Refactor channeltls.c lightlyTaylor Yu
Refactor some repetitive deep indirections in several functions in channeltls.c into local variables.
2017-09-15Fix several places where md-using relays would get wrong behavior.Nick Mathewson
This patch replaces a few calls to router_get_by_id_digest ("do we have a routerinfo?") with connection_or_digest_is_known_relay ("do we know this relay to be in the consensus, or have been there some time recently?"). Found while doing the 21585 audit; fixes bug 23533. Bugfix on 0.3.0.1-alpha.
2017-09-05Repair buffer API so everything starts with buf_.Nick Mathewson
Our convention is that functions which manipulate a type T should be named T_foo. But the buffer functions were super old, and followed all kinds of conventions. Now they're uniform. Here's the perl I used to do this: \#!/usr/bin/perl -w -i -p s/read_to_buf\(/buf_read_from_socket\(/; s/flush_buf\(/buf_flush_to_socket\(/; s/read_to_buf_tls\(/buf_read_from_tls\(/; s/flush_buf_tls\(/buf_flush_to_tls\(/; s/write_to_buf\(/buf_add\(/; s/write_to_buf_compress\(/buf_add_compress\(/; s/move_buf_to_buf\(/buf_move_to_buf\(/; s/peek_from_buf\(/buf_peek\(/; s/fetch_from_buf\(/buf_get_bytes\(/; s/fetch_from_buf_line\(/buf_get_line\(/; s/fetch_from_buf_line\(/buf_get_line\(/; s/buf_remove_from_front\(/buf_drain\(/; s/peek_buf_startswith\(/buf_peek_startswith\(/; s/assert_buf_ok\(/buf_assert_ok\(/;
2017-07-01general formatting / whitespace / typo fixesRoger Dingledine
2017-06-21Merge branch 'callgraph_reduction_v2'Nick Mathewson
2017-06-21Extract channel_do_open_actions() from non-open _change_state casesNick Mathewson
This reduces the size of the largest SCC in the callgraph by 30 functions, from 58 to 28.
2017-05-08whitespace fixesNick Mathewson
2017-05-08Merge branch 'netflow_padding-v6-rebased2-squashed'Nick Mathewson
2017-05-08Fix issues from dgoulet's code review.Mike Perry
https://gitlab.com/dgoulet/tor/merge_requests/24
2017-05-08Bug 17604: Converge on only one long-lived TLS conn between relays.Mike Perry
Accomplished via the following: 1. Use NETINFO cells to determine if both peers will agree on canonical status. Prefer connections where they agree to those where they do not. 2. Alter channel_is_better() to prefer older orconns in the case of multiple canonical connections, and use the orconn with more circuits on it in case of age ties. Also perform some hourly accounting on how many of these types of connections there are and log it at info or notice level.
2017-05-08Netflow record collapsing defense.Mike Perry
This defense will cause Cisco, Juniper, Fortinet, and other routers operating in the default configuration to collapse netflow records that would normally be split due to the 15 second flow idle timeout. Collapsing these records should greatly reduce the utility of default netflow data for correlation attacks, since all client-side records should become 30 minute chunks of total bytes sent/received, rather than creating multiple separate records for every webpage load/ssh command interaction/XMPP chat/whatever else happens to be inactive for more than 15 seconds. The defense adds consensus parameters to govern the range of timeout values for sending padding packets, as well as for keeping connections open. The defense only sends padding when connections are otherwise inactive, and it does not pad connections used solely for directory traffic at all. By default it also doesn't pad inter-relay connections. Statistics on the total padding in the last 24 hours are exported to the extra-info descriptors.
2017-05-02Merge branch 'teor_connection-with-client-v2_squashed'Nick Mathewson
2017-05-02Accurately identify client connections by their lack of peer authenticationteor
This means that we bail out earlier if asked to extend to a client. Follow-up to 21407. Fixes bug 21406; bugfix on 0.2.4.23.
2017-03-15Run the copyright update script.Nick Mathewson
2016-12-16Merge branch 'prop271_030_v1_squashed'Nick Mathewson
2016-12-08Add a few more debug/info-level logs for ed25519 link handshake stuffNick Mathewson
2016-12-08Add a bunch of work-in-progress comments for 15056 planningNick Mathewson
2016-12-08When attempting to find a channel by ID, consider Ed ID.Nick Mathewson
Right now, there's only a mechanism to look for a channel where the RSA ID matches *and* the ED ID matches. We can add a separate map later if we want.
2016-11-30New function to tell the guard module "We're on the net!"Nick Mathewson
(Call it whenever we read a cell.)
2016-11-03Replace some assert(1)s with nonfatal_unreached_once().Nick Mathewson
These were probably supposed to be assert(0).
2016-11-03whitespace fixesNick Mathewson
2016-11-03Merge branch 'feature_15055_v2'Nick Mathewson
2016-11-03Audit use of tor_tls_cert_get_key().Nick Mathewson
This function is allowed to return NULL if the certified key isn't RSA. But in a couple of places we were treating this as a bug or internal error, and in one other place we weren't checking for it at all! Caught by Isis during code review for #15055. The serious bug was only on the 15055 branch, thank goodness.
2016-11-03Clean up comments, mark more branches as BUG.Nick Mathewson
2016-11-03Unit tests for cert-chain-processing, including failed casesNick Mathewson
Check out the coverage!
2016-11-03Send and receive AUTHENTICATE cells correctly with ED keys.Nick Mathewson
Includes updated test for authchallenge cells
2016-11-03Verify ed25519 link handshake certificatesNick Mathewson
This code stores the ed certs as appropriate, and tries to check them. The Ed25519 result is not yet used, and (because of its behavior) this will break RSA authenticate cells. That will get fixed as we go, however. This should implement 19157, but it needs tests, and it needs to get wired in.
2016-11-03Add "Ed ID" arguments to a bunch of connection-ID-related fns.Nick Mathewson
In particular, these functions are the ones that set the identity of a given connection or channel, and/or confirm that we have learned said IDs. There's a lot of stub code here: we don't actually need to use the new keys till we start looking up connections/channels by Ed25519 IDs. Still, we want to start passing the Ed25519 IDs in now, so it makes sense to add these stubs as part of 15055.
2016-11-03Make the current time an argument to x509 cert-checking functionsNick Mathewson
This makes the code a bit cleaner by having more of the functions be pure functions that don't depend on the current time.
2016-11-03Refactor RSA certificate checking into its own function.Nick Mathewson
2016-11-03Migrate certificates into a sub-structure of or_handshake_stateNick Mathewson
This will help us do cert-checking in the background in the future, perhaps.
2016-11-03Refactor ...compute_authenticate_cell_body() to return a var_cell_t.Nick Mathewson
This means we don't need to precompute the length. Helps simplify the implementation of 19156.
2016-11-03Code to send correct authentication data when we are using AUTHTYPE>2Nick Mathewson
Implements the major part of 19156, except doesn't actually send the new cell type yet.
2016-11-03When parsing certs cells, allow more certs typesNick Mathewson
Implements the parsing part of #19157
2016-10-18Module docs for channel.c and channeltls.cNick Mathewson
2016-09-06checkSpace.pl now forbids more identifiers.Nick Mathewson
The functions it warns about are: assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc, strdup, strndup, calloc. Also, fix a few lingering instances of these in the code. Use other conventions to indicate _intended_ use of assert and malloc/realloc/etc.
2016-08-12Merge remote-tracking branch 'public/Fix_19450'Nick Mathewson
2016-08-02Search for remaining references to 'bufferevent'.Nick Mathewson
Remove or adjust as appropriate.
2016-07-28Fix all -Wshadow warnings on LinuxNick Mathewson
This is a partial fix for 18902.
2016-06-11Add -Wmissing-variable-declarations, with attendant fixesNick Mathewson
This is a big-ish patch, but it's very straightforward. Under this clang warning, we're not actually allowed to have a global variable without a previous extern declaration for it. The cases where we violated this rule fall into three roughly equal groups: * Stuff that should have been static. * Stuff that was global but where the extern was local to some other C file. * Stuff that was only global when built for the unit tests, that needed a conditional extern in the headers. The first two were IMO genuine problems; the last is a wart of how we build tests.
2016-06-11Resolve some warnings from OSX clang.Nick Mathewson
2016-06-11Use -Wdouble-promotion in GCC >= 4.6Nick Mathewson
This warning triggers on silently promoting a float to a double. In our code, it's just a sign that somebody used a float by mistake, since we always prefer double.
2016-06-11Enable -Wnull-dereference (GCC >=6.1), and fix the easy casesNick Mathewson
This warning, IIUC, means that the compiler doesn't like it when it sees a NULL check _after_ we've already dereferenced the variable. In such cases, it considers itself free to eliminate the NULL check. There are a couple of tricky cases: One was the case related to the fact that tor_addr_to_in6() can return NULL if it gets a non-AF_INET6 address. The fix was to create a variant which asserts on the address type, and never returns NULL.
2016-03-28Rename tor_dup_addr to tor_addr_to_str_dup.Nick Mathewson
Patch from icanhasaccount; closes 18462.