| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-06-02 | Use accessor functions for client_random/server_random/master_key | Nick Mathewson | |
| If OpenSSL accepts my patch to introduce these functions, they'll be a way to help Tor work with OpenSSL 1.1. | |||
| 2015-05-26 | Stop looking at session->ciphers when possible | Nick Mathewson | |
| If the OpenSSL team accepts my patch to add an SSL_get_client_ciphers function, this patch will make Tor use it when available, thereby working better with openssl 1.1. | |||
| 2015-05-26 | Remove rectify_client_ciphers as needless. | Nick Mathewson | |
| We previously used this function instead of SSL_set_cipher_list() to set up a stack of client SSL_CIPHERs for these reasons: A) In order to force a particular order of the results. B) In order to be able to include dummy entries for ciphers that this build of openssl did not support, so we could impersonate Firefox harder. But we no longer do B, since we merged proposal 198 and stopped lying about what ciphers we know. And A was actually pointless, since I had misread the implementation of SSL_set_cipher_list(). It _does_ do some internal sorting, but that is pre-sorting on the master list of ciphers, not sorting on the user's preferred order. | |||
| 2015-05-26 | Revert "Try using SSL_get_ciphers in place of session->ciphers" | Nick Mathewson | |
| This reverts commit 67964cfa787461bc56380fe46439fd5c9863bb4f. It was the cause of #16153, and was not in any released Tor. We need a better solution for getting session->ciphers. | |||
| 2015-05-20 | Stop poking SSL_CTX->comp_methods | Nick Mathewson | |
| 2015-05-20 | Use SSL_CIPHER accessor functions | Nick Mathewson | |
| 2015-05-20 | Use SSL_CIPHER_find where possible. | Nick Mathewson | |
| 2015-05-20 | Try using SSL_get_ciphers in place of session->ciphers | Nick Mathewson | |
| This should help openssl 1.1. On pre-1.1, we double-check that these two methods give us the same list, since the underlying code is awfully hairy. | |||
| 2015-05-20 | Tweak rectify_client_ciphers to work with openssl 1.1 | Nick Mathewson | |
| The key here is to never touch ssl->cipher_list directly, but only via SSL_get_ciphers(). But it's not so simple. See, if there is no specialized cipher_list on the SSL object, SSL_get_ciphers returns the cipher_list on the SSL_CTX. But we sure don't want to modify that one! So we need to use SSL_set_cipher_list first to make sure that we really have a cipher list on the SSL object. | |||
| 2015-05-13 | tor_tls_get_buffer_sizes() will not work on openssl 1.1. Patch from yawning | Nick Mathewson | |
| 2015-05-13 | Use SSL_state() to inspect the state of SSL objects. | Nick Mathewson | |
| 2015-05-13 | Use SSL_clear_mode where available. | Nick Mathewson | |
| 2015-05-13 | SSL_clear_mode exists; we can use it. | Nick Mathewson | |
| 2015-05-13 | Stop accessing 'ssl->s3->flags' when we are using openssl 1.1 | Nick Mathewson | |
| This field was only needed to work with the now-long-gone (I hope, except for some horrible apples) openssl 0.9.8l; if your headers say you have openssl 1.1, you won't even need it. | |||
| 2015-05-13 | ERR_remove_state() is deprecated since OpenSSL 1.0.0. | Yawning Angel | |
| OpenSSL 1.1.0 must be built with "enable-deprecated", and compiled with `OPENSSL_USE_DEPRECATED` for this to work, so instead, use the newer routine as appropriate. | |||
| 2015-05-13 | Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 | Nick Mathewson | |
| 2015-05-05 | Fix out-of-bounds read in INTRODUCE2 client auth | John Brooks | |
| The length of auth_data from an INTRODUCE2 cell is checked when the auth_type is recognized (1 or 2), but not for any other non-zero auth_type. Later, auth_data is assumed to have at least REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds read. Fixed by checking auth_len before comparing the descriptor cookie against known clients. Fixes #15823; bugfix on 0.2.1.6-alpha. | |||
| 2015-04-28 | Revert "Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()" | David Goulet | |
| Fixes #15850, part of #15801. Change file is added by this commit. The original comment in the reverted commit is removed because right now we *need* a DirPort until #15849 is implemented so no doubt nor confusion there anymore. This reverts commit 80bed1ac96a3035f8c55ddced5528f0d7d16d386. Signed-off-by: David Goulet <dgoulet@ev0ke.net> | |||
| 2015-04-27 | Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 | Nick Mathewson | |
| 2015-04-27 | Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2015-04-27 | Merge remote-tracking branch 'karsten/geoip6-apr2015' into maint-0.2.4 | Nick Mathewson | |
| 2015-04-27 | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 | Nick Mathewson | |
| 2015-04-24 | Update geoip6 to the April 8 2015 database. | Karsten Loesing | |
| 2015-04-24 | Update geoip to the April 8 2015 database. | Karsten Loesing | |
| 2015-04-06 | bump version to 0.2.6.7-dev | Nick Mathewson | |
| 2015-04-06 | bump version to 0.2.6.7 | Nick Mathewson | |
| 2015-04-06 | bump 0.2.5 version to 0.2.5.12 | Nick Mathewson | |
| 2015-04-06 | Bump 0.2.4 version more places | Nick Mathewson | |
| 2015-04-06 | Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 | Nick Mathewson | |
| 2015-04-06 | Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2015-04-06 | Handle empty/zero length encoded intro points more gracefully. | Yawning Angel | |
| In theory these should never the triggered as the only caller now validates the parameters before this routine gets called. | |||
| 2015-04-06 | Treat empty introduction points sections as missing. | Yawning Angel | |
| Found by DonnchaC. | |||
| 2015-04-06 | Validate the RSA key size received when parsing INTRODUCE2 cells. | Yawning Angel | |
| Fixes bug 15600; reported by skruffy | |||
| 2015-04-03 | Decrease the amount of rend circ relaunches for hidden services. | George Kadianakis | |
| 2015-04-03 | Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 | Nick Mathewson | |
| 2015-04-03 | Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 | Nick Mathewson | |
| 2015-04-03 | Merge branch 'bug15515_024' into maint-0.2.4 | Nick Mathewson | |
| 2015-04-03 | ... and if we do get multiple INTRODUCE1s on a circuit, kill the circuit | George Kadianakis | |
| (Sending a nak would be pointless.) See ticket 15515 for discussion. | |||
| 2015-04-03 | Block multiple introductions on the same intro circuit. | George Kadianakis | |
| 2015-03-24 | bump to 0.2.6.6 | Nick Mathewson | |
| 2015-03-23 | Merge remote-tracking branch 'public/bug15436_025' into maint-0.2.6 | Nick Mathewson | |
| 2015-03-23 | Fix unaligned access in SipHash-2-4. | Yawning Angel | |
| The compiler is allowed to assume that a "uint64_t *" is aligned correctly, and will inline a version of memcpy that acts as such. Use "uint8_t *", so the compiler does the right thing. | |||
| 2015-03-18 | bump to 0.2.6.5-rc.dev | Nick Mathewson | |
| 2015-03-18 | bump to 0.2.6.5-rc | Nick Mathewson | |
| 2015-03-14 | Simplify the loop. | Nick Mathewson | |
| 2015-03-14 | Add comments for new functions | Nick Mathewson | |
| 2015-03-14 | remove a needless "if (1)" that was there for indentation; fix indentation. | Nick Mathewson | |
| 2015-03-14 | Extract main part of main loop into a separate function | Nick Mathewson | |
| For 15176; Shadow would like this. Based on a patch by Rob Jansen, but revised to have a minimal-sized diff. | |||
| 2015-03-12 | Merge remote-tracking branch 'public/feature15212_026' into maint-0.2.6 | Nick Mathewson | |
| 2015-03-12 | Initialize the extorport auth cookie before launching PTs. | Yawning Angel | |
| PTs expect the auth cookie to be available immedieately after launch, leading to a race condition when PTs opt to cache the extorport cookie once immediately after startup. Fixes #15240. | |||
 |
index : tor | |
| Transit encryption and privacy out of the box | The Tor Project |
| summaryrefslogtreecommitdiff |