summaryrefslogtreecommitdiff
path: root/src/or
AgeCommit message (Collapse)Author
2014-10-27Remove configure option to disable curve25519Sebastian Hahn
By now, support in the network is widespread and it's time to require more modern crypto on all Tor instances, whether they're clients or servers. By doing this early in 0.2.6, we can be sure that at some point all clients will have reasonable support.
2014-10-23Fix minor typos, two line lengths, and a repeated includeteor
2014-10-22Merge remote-tracking branch 'public/ticket6938'Nick Mathewson
Conflicts: src/tools/tor-resolve.c
2014-10-20Merge remote-tracking branch 'teor/memwipe-more-keys'Nick Mathewson
2014-10-20Fix a use-after-free error in cleaned-up rouerlist code.Nick Mathewson
Bug not in any released tor. This is CID 1248521
2014-10-20Memwipe more keys after tor has finished with themteor
Ensure we securely wipe keys from memory after crypto_digest_get_digest and init_curve25519_keypair_from_file have finished using them. Fixes bug 13477.
2014-10-16Merge remote-tracking branch 'origin/maint-0.2.5'Nick Mathewson
2014-10-16Downgrade 'unexpected sendme cell from client' to PROTOCOL_WARNNick Mathewson
Closes 8093.
2014-10-16Merge remote-tracking branch 'yawning/bug13314'Nick Mathewson
2014-10-13Merge remote-tracking branch 'public/bug11243_squashed'Nick Mathewson
2014-10-13Add comments to can_dl_again usageNick Mathewson
2014-10-13Note that parse-list functions may add duplicate 'invalid' entries.Nick Mathewson
2014-10-13Bugfixes on bug11243 fix for the not-added cases and testsNick Mathewson
1. The test that adds things to the cache needs to set the clock back so that the descriptors it adds are valid. 2. We split ROUTER_NOT_NEW into ROUTER_TOO_OLD, so that we can distinguish "already had it" from "rejected because of old published date". 3. We make extrainfo_insert() return a was_router_added_t, and we make its caller use it correctly. This is probably redundant with the extrainfo_is_bogus flag.
2014-10-13Use symbolic constants for statuses in microdescs_add_to_cache.Nick Mathewson
Suggested by Andrea in her review of 11243.
2014-10-13Don't reset the download failure status of any object marked as impossibleNick Mathewson
2014-10-13Unit tests for 11243: loading ri, ei, mds from listsNick Mathewson
These tests make sure that entries are actually marked undownloadable as appropriate.
2014-10-13Treat unparseable (micro)descriptors and extrainfos as undownloadableNick Mathewson
One pain point in evolving the Tor design and implementing has been adding code that makes clients reject directory documents that they previously would have accepted, if those descriptors actually exist. When this happened, the clients would get the document, reject it, and then decide to try downloading it again, ad infinitum. This problem becomes particularly obnoxious with authorities, since if some authorities accept a descriptor that others don't, the ones that don't accept it would go crazy trying to re-fetch it over and over. (See for example ticket #9286.) This patch tries to solve this problem by tracking, if a descriptor isn't parseable, what its digest was, and whether it is invalid because of some flaw that applies to the portion containing the digest. (This excludes RSA signature problems: RSA signatures aren't included in the digest. This means that a directory authority can still put another directory authority into a loop by mentioning a descriptor, and then serving that descriptor with an invalid RSA signatures. But that would also make the misbehaving directory authority get DoSed by the server it's attacking, so it's not much of an issue.) We already have a mechanism to mark something undownloadable with downloadstatus_mark_impossible(); we use that here for microdescriptors, extrainfos, and router descriptors. Unit tests to follow in another patch. Closes ticket #11243.
2014-10-13Merge remote-tracking branch 'isis/bug12951_r1'Nick Mathewson
2014-10-09Remove is_router_version_good_for_possible_guard()Nick Mathewson
The versions which this function would keep from getting the guard flag are already blocked by the minimum version check. Closes 13152.
2014-10-09Merge remote-tracking branch ↵Nick Mathewson
'teor/bug-13163-AlternateAuthorities-type-handling-fixed'
2014-10-08Bitwise check BRIDGE_DIRINFOteor
Bitwise check for the BRIDGE_DIRINFO flag, rather than checking for equality. Fixes a (potential) bug where directories offering BRIDGE_DIRINFO, and some other flag (i.e. microdescriptors or extrainfo), would be ignored when looking for bridge directories. Final fix in series for bug 13163.
2014-10-08Improve DIRINFO flags' usage commentsteor
Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in functions which take them as arguments. Replace 0 with NO_DIRINFO in a function call for clarity. Seeks to prevent future issues like 13163.
2014-10-08Stop using default authorities with both Alternate Dir and Bridge Authorityteor
Stop using the default authorities in networks which provide both AlternateDirAuthority and AlternateBridgeAuthority. This bug occurred due to an ambiguity around the use of NO_DIRINFO. (Does it mean "any" or "none"?) Partially fixes bug 13163.
2014-10-01Send back SOCKS5 errors for all of the address related failures.Yawning Angel
Cases that now send errors: * Malformed IP address (SOCKS5_GENERAL_ERROR) * CONNECT/RESOLVE request with IP, when SafeSocks is set (SOCKS5_NOT_ALLOWED) * RESOLVE_PTR request with FQDN (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED) * Malformed FQDN (SOCKS5_GENERAL_ERROR) * Unknown address type (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED) Fixes bug 13314.
2014-10-01Add TestingDirAuthVoteExit option (like TestingDirAuthVoteGuard)teor
Add the TestingDirAuthVoteExit option, a list of nodes to vote Exit for, regardless of their uptime, bandwidth, or exit policy. TestingTorNetwork must be set for this option to have any effect. Works around an issue where authorities would take up to 35 minutes to give nodes the Exit flag in a test network, despite short consensus intervals. Partially implements ticket 13161.
2014-09-29Clear the cached address from resolve_my_address() when our IP changesNick Mathewson
Closes 11582; patch from "ra".
2014-09-29Merge remote-tracking branch 'teor/circuitstats-pareto-avoid-div-zero'Nick Mathewson
2014-09-29Merge branch 'bug12971_take2_squashed'Nick Mathewson
2014-09-29Rename socks5 error code setting function againNick Mathewson
I'd prefer not to use the name "send" for any function that doesn't really send things.
2014-09-29Respond with 'Command not supported' SOCKS5 reply message upon reception of ↵rl1987
unsupported request.
2014-09-29Merge branch 'ticket961_squashed'Nick Mathewson
2014-09-29Avoid frequent strcmp() calls for AccountingRuleNick Mathewson
Generally, we don't like to parse the same thing over and over; it's best IMO to do it once at the start of the code.
2014-09-29Add an "AccountingRule" feature to permit limiting bw usage by read+writeNick Mathewson
Patch from "chobe". Closes ticket 961.
2014-09-29Merge remote-tracking branch 'yawning/bug13213'Nick Mathewson
2014-09-29Whitespace fixesNick Mathewson
2014-09-29Avoid division by zero in circuitstats paretoteor
In circuit_build_times_calculate_timeout() in circuitstats.c, avoid dividing by zero in the pareto calculations. If either the alpha or p parameters are 0, we would divide by zero, yielding an infinite result; which would be clamped to INT32_MAX anyway. So rather than dividing by zero, we just skip the offending calculation(s), and use INT32_MAX for the result. Division by zero traps under clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error.
2014-09-28Stop spurious clang shallow analysis null pointer errorsteor
Avoid 4 null pointer errors under clang shallow analysis (the default when building under Xcode) by using tor_assert() to prove that the pointers aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-26Fix a double-free in failing case of handle_control_authenticate.Nick Mathewson
Bugfix on ed8f020e205267e6270494634346ab68d830e1d8; bug not in any released version of Tor. Found by Coverity; this is CID 1239290. [Yes, I used this commit message before, in 58e813d0fcfcecfc2017. Turns out, that fix wasn't right, since I didn't look up a screen. :P ]
2014-09-25Merge branch 'libscrypt_trunnel_squashed'Nick Mathewson
Conflicts: src/test/test_crypto.c
2014-09-25More generic passphrase hashing code, including scrypt supportNick Mathewson
Uses libscrypt when found; otherwise, we don't have scrypt and we only support openpgp rfc2440 s2k hashing, or pbkdf2. Includes documentation and unit tests; coverage around 95%. Remaining uncovered code is sanity-checks that shouldn't be reachable fwict.
2014-09-24Do not launch pluggable transport plugins when DisableNetwork is set.Yawning Angel
When DisableNetwork is set, do not launch pluggable transport plugins, and if any are running already, terminate the existing instances. Resolves ticket 13213.
2014-09-23two more typosRoger Dingledine
2014-09-22+ is not how we say concatenateRoger Dingledine
2014-09-22Merge branch 'bug8197_squashed'Nick Mathewson
Conflicts: src/test/test_policy.c
2014-09-22Writing comments for newly added functions.rl1987
2014-09-22Whitespace fixesrl1987
2014-09-22New API for policies_parse_exit_policy().rl1987
2014-09-22Remove config options that have been obsolete since 0.2.3Adrien BAK
2014-09-22Merge remote-tracking branch 'arma/feature13211'Nick Mathewson
2014-09-22Merge remote-tracking branch 'arma/feature13153'Nick Mathewson