mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-25 15:10:48 +01:00
Code Issues Projects Releases Wiki Activity
14734 commits 53 branches 632 tags 102 MiB
Commit graph

10160 commits

Author SHA1 Message Date
Nick Mathewson
d29a390733 Test for broken counter-mode at runtime 
To solve bug 4779, we want to avoid OpenSSL 1.0.0's counter mode.
But Fedora (and maybe others) lie about the actual OpenSSL version,
so we can't trust the header to tell us if it's safe.

Instead, let's do a run-time test to see whether it's safe, and if
not, use our built-in version.

fermenthor contributed a pretty essential fixup to this patch. Thanks!
 2012-01-10 11:15:35 -05:00
Nick Mathewson
5741aef3dc We no longer need to detect openssl without RAND_poll() 
We require openssl 0.9.7 or later, and RAND_poll() was first added in
openssl 0.9.6.
 2012-01-10 10:40:31 -05:00
Nick Mathewson
85c7d7659e Add macros to construct openssl version numbers 
It's a pain to convert 0x0090813f to and from 0.9.8s-release on the
fly, so these macros should help.
 2012-01-10 10:40:30 -05:00
Sebastian Hahn
6b9298ef72 Log which votes we still need to fetch 
This might help us see which authorities are problematic in getting
their vote published the first time.
 2012-01-10 16:13:30 +01:00
Sebastian Hahn
50a50392b7 Advertise dirport if accountingmax is large enough 
When we have an effective bandwidthrate configured so that we cannot
exceed our bandwidth limit in one accounting interval, don't disable
advertising the dirport. Implements ticket 2434.
 2012-01-10 09:59:36 -05:00
Nick Mathewson
2a9b279163 Merge remote-tracking branch 'rransom-tor/bug4883' 2012-01-10 09:33:55 -05:00
Robert Ransom
72ed4a41f5 Fix brown-paper-bag bug in #4759 fix 
Fixes #4883, not yet in any release.
 2012-01-09 22:03:04 -08:00
Sebastian Hahn
2367f7e559 Make sure MAX_DNS_LABEL_SIZE is defined 
MAX_DNS_LABEL_SIZE was only defined for old versions of openssl, which
broke the build. Spotted by xiando. Fixes bug 4413; not in any released
version.
 2012-01-10 06:14:35 +01:00
Nick Mathewson
b1ee1a719d Tweaks for bug4413 fix 
The thing that's limited to 63 bytes is a "label", not a hostname.

Docment input constraints and behavior on bogus inputs.

Generally it's better to check for overflow-like conditions before
than after.  In this case, it's not a true overflow, so we're okay,
but let's be consistent.

pedantic less->fewer in the documentation
 2012-01-09 19:14:51 -05:00
Stephen Palmateer
3fadc074ca Remove (untriggerable) overflow in crypto_random_hostname() 
Fixes bug 4413; bugfix on xxxx.

Hostname components cannot be larger than 63 characters.
This simple check makes certain randlen cannot overflow rand_bytes_len.
 2012-01-09 19:05:05 -05:00
Nick Mathewson
1e5d66997b Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-09 16:40:42 -05:00
Nick Mathewson
c78a314e95 Fix comment about TLSv1_method() per comments by wanoskarnet 2012-01-09 16:40:21 -05:00
Nick Mathewson
838ec086be Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-09 12:22:29 -05:00
Nick Mathewson
6fd61cf767 Fix a trivial log message error in renservice.c 
Fixes bug 4856; bugfix on 0.0.6

This bug was introduced in 79fc5217, back in 2004.
 2012-01-09 12:21:04 -05:00
Nick Mathewson
d4de312b3c Merge remote-tracking branch 'rransom-tor/bug4842' 2012-01-09 11:59:08 -05:00
Roger Dingledine
ecdea4eeaf Merge branch 'maint-0.2.2' 2012-01-08 12:17:16 -05:00
Roger Dingledine
cc1580dbe0 when the consensus fails, list which dir auths were in or out 2012-01-08 12:14:44 -05:00
Roger Dingledine
04bf17c50c nickname, not identity fingerprint, will help more 2012-01-08 12:09:01 -05:00
Roger Dingledine
78e95b7b71 tell me who votes are actually for, not just where they're from 2012-01-08 10:03:46 -05:00
Roger Dingledine
1416dd47a9 add a note from wanoskarnet 
he disagrees about what the code that we decided not to use would do
 2012-01-08 09:03:03 -05:00
Roger Dingledine
19c372daf0 clean up a comment that confused arturo 2012-01-07 07:41:46 -05:00
Robert Ransom
b46a7ebb2b Don't remove rend cpath element from relaunched service-side rend circs 
Fixes bug 4842, not in any release.
 2012-01-06 22:44:20 -08:00
Emile Snyder
d7eaa4b396 Change to use SSL_state_string_long() instead of homebrew ssl_state_to_string() function. 2012-01-06 05:31:34 -08:00
Nick Mathewson
ef69f2f2ab Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-05 14:17:44 -05:00
Nick Mathewson
ccd8289958 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2012-01-05 14:16:30 -05:00
Robert Ransom
4752b34879 Log at info level when disabling SSLv3 2012-01-05 12:28:56 -05:00
Nick Mathewson
db78fe4589 Disable SSLv3 when using a not-up-to-date openssl 
This is to address bug 4822, and CVE-2011-4576.
 2012-01-05 12:28:55 -05:00
Roger Dingledine
9bfb8af265 Merge branch 'maint-0.2.2' 2012-01-05 06:55:34 -05:00
Roger Dingledine
a1074c7aa2 Merge branch 'maint-0.2.1' into maint-0.2.2 2012-01-05 06:45:28 -05:00
Roger Dingledine
ff03347579 note some dead code. if i'm right, should this be removed? 2012-01-05 05:37:06 -05:00
Karsten Loesing
1db1b23a7b Update to the January 2012 GeoIP database. 2012-01-05 11:10:57 +01:00
Nick Mathewson
65420e4cb5 Merge remote-tracking branch 'rransom-tor/bug1297b-v2' 2012-01-04 13:50:24 -05:00
Robert Ransom
0bd53b8d87 Verbotify documentation comments for the #1297-fix flags 2012-01-04 09:37:49 -08:00
Nick Mathewson
47b7a27929 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-03 13:22:34 -05:00
Sebastian Hahn
5d9be49540 Fix a check-spaces violation in compat.c 
Also fix a comment typo
 2011-12-30 23:30:57 +01:00
Sebastian Hahn
d861b4cc9d Fix spelling in a controlsocket log msg 
Fixes bug 4803.
 2011-12-30 23:27:02 +01:00
Nick Mathewson
bfae41328e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-28 16:52:31 -05:00
Nick Mathewson
84bf8e3808 Merge remote-tracking branch 'public/bug4788' into maint-0.2.2 2011-12-28 16:50:45 -05:00
Nick Mathewson
9f06ec0c13 Add interface enumeration based on SIOCGIFCONF for older unixes 2011-12-28 16:34:16 -05:00
Nick Mathewson
5d44a6b334 Multicast addresses, if any were configured, would not be good if addrs 2011-12-28 16:34:16 -05:00
Nick Mathewson
aa529f6c32 Use getifaddrs, not connect+getsockname, to find our address 
This resolves bug1827, and lets us avoid freaking people out.
Later, we can use it to get a complete list of our interfaces.
 2011-12-28 16:34:16 -05:00
Nick Mathewson
e3a6493898 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-28 15:57:48 -05:00
Nick Mathewson
c563551eef Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-12-28 15:56:37 -05:00
Nick Mathewson
120a745346 Bug 4786 fix: don't convert EARLY to RELAY on v1 connections 
We used to do this as a workaround for older Tors, but now it's never
the correct thing to do (especially since anything that didn't
understand RELAY_EARLY is now deprecated hard).
 2011-12-28 15:54:06 -05:00
Robert Ransom
2b189a222b Don't exit when marking a newly created _C_INTRODUCING circ for close 2011-12-28 09:02:14 -08:00
Nick Mathewson
9bcb187387 Authorities reject insecure Tors. 
This patch should make us reject every Tor that was vulnerable to
CVE-2011-0427.  Additionally, it makes us reject every Tor that couldn't
handle RELAY_EARLY cells, which helps with proposal 110 (#4339).
 2011-12-27 21:47:04 -05:00
Nick Mathewson
78f43c5d03 Require openssl 1.0.0a for using openssl's ctr-mode implementation 
Previously we required 1.0.0, but there was a bug in the 1.0.0 counter
mode. Found by Pascal. Fixes bug 4779.

A more elegant solution would be good here if somebody has time to code
one.
 2011-12-27 20:31:23 -05:00
Robert Ransom
836161c560 Add an option to close HS service-side rend circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
f88c8ca8c9 Don't close HS service-side rend circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
078e3e9dd5 Add an option to close 'almost-connected' HS client circs on timeout 2011-12-27 08:02:43 -08:00