summaryrefslogtreecommitdiff
path: root/src/or
AgeCommit message (Collapse)Author
2016-11-03Handle u32 overflow in ed25519 cert expiration time.Nick Mathewson
The impact here isn't too bad. First, the only affected certs that expire after 32-bit signed time overflows in Y2038. Second, it could only make it seem that a non-expired cert is expired: it could never make it seem that an expired cert was still live. Fixes bug 20027; bugfix on 0.2.7.2-alpha.
2016-11-03Fix a misfeature with the Ed cert expiration APINick Mathewson
The batch-verification helper didn't expose the expiration time, which made it pretty error-prone. This closes ticket 15087.
2016-11-03Make the current time an argument to x509 cert-checking functionsNick Mathewson
This makes the code a bit cleaner by having more of the functions be pure functions that don't depend on the current time.
2016-11-03Add function to check RSA->Ed cross-certificationsNick Mathewson
Also, adjust signing approach to more closely match the signing scheme in the proposal. (The format doesn't quite match the format in the proposal, since RSA signatures aren't fixed-length.) Closes 19020.
2016-11-03Refactor RSA certificate checking into its own function.Nick Mathewson
2016-11-03Free rsa_ed_crosscert at exit.Nick Mathewson
Fixes bug 17779; bugfix on 0.2.7.2-alpha.
2016-11-03Migrate certificates into a sub-structure of or_handshake_stateNick Mathewson
This will help us do cert-checking in the background in the future, perhaps.
2016-11-03Refactor ...compute_authenticate_cell_body() to return a var_cell_t.Nick Mathewson
This means we don't need to precompute the length. Helps simplify the implementation of 19156.
2016-11-03Code to send correct authentication data when we are using AUTHTYPE>2Nick Mathewson
Implements the major part of 19156, except doesn't actually send the new cell type yet.
2016-11-03New authentication types to use RFC5705.Nick Mathewson
See proposal 244. This feature lets us stop looking at the internals of SSL objects, *and* should let us port better to more SSL libraries, if they have RFC5705 support. Preparatory for #19156
2016-11-03Send ed25519 certificates in certs cell, when we have them.Nick Mathewson
Implements 19155 (send CERTS cells correctly for Ed25519) Also send RSA->Ed crosscert
2016-11-03Refactor connection_or_send_certs_cell() to use trunnelNick Mathewson
We no longer generate certs cells by pasting the certs together one by one. Instead we use trunnel to generate them. Preliminary work for 19155 (send CERTS cell with ed certs)
2016-11-03When parsing certs cells, allow more certs typesNick Mathewson
Implements the parsing part of #19157
2016-09-08Fix typo error in bug warning in relay.cNick Mathewson
2016-09-08capture and detect expected BUG messages in shared-random testsNick Mathewson
2016-09-07Merge remote-tracking branch 'dgoulet/ticket18693_029_01'Nick Mathewson
2016-09-07Merge remote-tracking branch 'sebastian/bug20064'Nick Mathewson
2016-09-06Merge remote-tracking branch 'teor/bug20012'Nick Mathewson
2016-09-06Merge remote-tracking branch 'public/ticket20002'Nick Mathewson
2016-09-06checkSpace.pl now forbids more identifiers.Nick Mathewson
The functions it warns about are: assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc, strdup, strndup, calloc. Also, fix a few lingering instances of these in the code. Use other conventions to indicate _intended_ use of assert and malloc/realloc/etc.
2016-09-06Merge remote-tracking branch 'sebastian/bug20065'Nick Mathewson
2016-09-06Fix an indentation issue in rend_config_servicesteor
2016-09-06Give useful error if authority_signing_key doesn't existSebastian Hahn
2016-09-05Vote Exit correctly with DirAllowPrivateAddresses setSebastian Hahn
When allowing private addresses, mark Exits that only exit to private locations as such. Fixes bug 20064; bugfix on 0.2.2.9-alpha.
2016-09-05Appease make check-spacesAndrea Shepard
2016-08-31Don't warn on unlink(bw_accounting) when errno == ENOENTNick Mathewson
Patch from pastly; fixes bug 19964.
2016-08-31Fix a deref-before-null-check complaintNick Mathewson
Found by coverity scan; this is CID 1372329. Also, reindent some oddly indented code.
2016-08-31Stop inadvertently upgrading client intro connections to ntorteor
Also stop logging the intro point details on error by default. Fixes #20012, introduced with ntor in tor 0.2.4.8-alpha.
2016-08-29We no longer need to tag UseNTorHandshake as deprecated, since it is obsoleteNick Mathewson
2016-08-29Merge remote-tracking branch 'teor/reject-tap-v6'Nick Mathewson
2016-08-26prop272: When voting, include no non-Valid relays in consensusNick Mathewson
Implements ticket 20002, and part of proposal 272.
2016-08-26Fix OOS comparator fixAndrea Shepard
2016-08-25Fix duplicated if condition in connection.cDavid Goulet
Furthermore, fix a test that could returned an uninitialized value. Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-08-25Merge remote-tracking branch 'andrea/ticket18640_v3'Nick Mathewson
2016-08-24Check onion hostnames against client port flagsteor (Tim Wilson-Brown)
Check NoOnionTraffic before attaching a stream. NoOnionTraffic refuses connections to all onion hostnames, but permits non-onion hostnames and IP addresses.
2016-08-24Check non-onion hostnames & IP addresses against client port flagsteor (Tim Wilson-Brown)
Check NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic before attaching a stream. NoDNSRequest refuses connections to all non-onion hostnames, but permits IP addresses. NoIPv4Traffic refuses connections to IPv4 addresses, but resolves hostnames. NoIPv6Traffic refuses connections to IPv6 addresses, but resolves hostnames. Combined, they refuse all non-onion hostnames and IP addresses.
2016-08-24Make Tor2Web error message clearerteor (Tim Wilson-Brown)
Tor2Web refuses non-onion hostnames and IP addresses.
2016-08-24Comment-only punctuation fixteor (Tim Wilson-Brown)
2016-08-24Parse *Port flags NoDNSRequest, NoOnionTraffic & OnionTrafficOnlyteor (Tim Wilson-Brown)
OnionTrafficOnly is equivalent to NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic. Add unit tests for parsing and checking option validity. Add documentation for each flag to the man page. Add changes file for all of #18693. Parsing only: the flags do not change client behaviour (yet!)
2016-08-24make check-spaces fixesNick Mathewson
2016-08-24Merge branch 'maint-0.2.8'Nick Mathewson
2016-08-24Fix path selection on firewalled clientsteor
Signed-off-by: teor <teor2345@gmail.com>
2016-08-24Merge branch 'maint-0.2.8'Nick Mathewson
2016-08-24Merge branch 'maint-0.2.7' into maint-0.2.8Nick Mathewson
2016-08-24Replace Tonga with Bifroest.Isis Lovecruft
* FIXES #19728: https://bugs.torproject.org/19728 * CLOSES #19690: https://bugs.torproject.org/19690
2016-08-24Add a stub for rend_service_allow_direct_connectionteor
It always returns 0. It should be replaced with the Single Onion version from #17178 when both are merged.
2016-08-24Client & HS ignore UseNTorHandshake, all non-HS handshakes use ntorteor (Tim Wilson-Brown)
Rely on onion_populate_cpath to check that we're only using TAP for the rare hidden service cases. Check and log if handshakes only support TAP when they should support ntor.
2016-08-24Improve comments in circuit_get_cpath_*teor (Tim Wilson-Brown)
2016-08-24Client & HS make sure every hop in every non-HS path supports ntorteor (Tim Wilson-Brown)
When a client connects to an intro point not in the client's consensus, or a hidden service connects to a rend point not in the hidden service's consensus, we are stuck with using TAP, because there is no ntor link specifier.
2016-08-23Merge remote-tracking branch 'jigsaw/fix-17758'Nick Mathewson
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion