+Changes in version 0.2.2.10-alpha - 2010-??-??
+ o Major features (performance):
+ - Alter the client path selection to use new consensus-generated
+ weightings to alter bandwidths when selecting Guard, Middle, Exit,
+ and Guard+Exit flagged nodes for entry, middle, and exit positions.
+ This should more evenly distribute the network load across these
+ different types of nodes, and give us the flexibility to globally
+ alter our node selection algorithms in the future.
+
+ o Minor features (performance):
+ - Always perform router selections using weighted node bandwidth,
+ even if we don't need a high capacity circuit at the time. Non-fast
+ circuits now only differ from fast ones in that they can use nodes
+ not marked with the Fast flag.
+
+ o Minor bugfixes:
+ - Fix a memleak in the EXTENDCIRCUIT logic. Spotted by coverity.
+ Bugfix on 0.2.2.9-alpha.
+ - Fix a dereference-then-NULL-check sequence when publishing
+ descriptors. Bugfix on tor-0.2.1.5-alpha. Discovered by ekir,
+ fixes bug 1255.
+ - Disallow values larger than INT32_MAX for PerConnBWRate|Burst
+ config option. Bugfix on 0.2.2.7-alpha.
+
+ o Code simplifications and refactoring:
+ - Fix some urls in the exit notice file and make it XHTML1.1 strict
+ compliant. Based on a patch from Christian Kujau.
+
+
+Changes in version 0.2.2.9-alpha - 2010-02-22
+ o Directory authority changes:
+ - Change IP address for dannenberg (v3 directory authority), and
+ remove moria2 (obsolete v1, v2 directory authority and v0 hidden
+ service directory authority) from the list.
+
+ o Major bugfixes:
+ - Make Tor work again on the latest OS X: when deciding whether to
+ use strange flags to turn TLS renegotiation on, detect the OpenSSL
+ version at run-time, not compile time. We need to do this because
+ Apple doesn't update its dev-tools headers when it updates its
+ libraries in a security patch.
+ - Fix a potential buffer overflow in lookup_last_hid_serv_request()
+ that could happen on 32-bit platforms with 64-bit time_t. Also fix
+ a memory leak when requesting a hidden service descriptor we've
+ requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
+ by aakova.
+ - Authorities could be tricked into giving out the Exit flag to relays
+ that didn't allow exiting to any ports. This bug could screw
+ with load balancing and stats. Bugfix on 0.1.1.6-alpha; fixes bug
+ 1238. Bug discovered by Martin Kowalczyk.
+ - When freeing a cipher, zero it out completely. We only zeroed
+ the first ptrsize bytes. Bugfix on tor-0.0.2pre8. Discovered
+ and patched by ekir. Fixes bug 1254.
+
+ o Minor bugfixes:
+ - Fix static compilation by listing the openssl libraries in the right
+ order. Bugfix on Tor 0.2.2.8-alpha; fixes bug 1237.
+ - Resume handling .exit hostnames in a special way: originally we
+ stripped the .exit part and used the requested exit relay. In
+ 0.2.2.1-alpha we stopped treating them in any special way, meaning
+ if you use a .exit address then Tor will pass it on to the exit
+ relay. Now we reject the .exit stream outright, since that behavior
+ might be more expected by the user. Found and diagnosed by Scott
+ Bennett and Downie on or-talk.
+ - Don't spam the controller with events when we have no file
+ descriptors available. Bugfix on 0.2.1.5-alpha. (Rate-limiting
+ for log messages was already solved from bug 748.)
+ - Avoid a bogus overlapped memcpy in tor_addr_copy(). Reported by
+ "memcpyfail".
+ - Make the DNSPort option work with libevent 2.x. Don't alter the
+ behaviour for libevent 1.x. Fixes bug 1143. Found by SwissTorExit.
+ - Emit a GUARD DROPPED controller event for a case we missed.
+ - Make more fields in the controller protocol case-insensitive, since
+ control-spec.txt said they were.
+ - Refactor resolve_my_address() to not use gethostbyname() anymore.
+ Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.
+ - Fix a spec conformance issue: the network-status-version token
+ must be the first token in a v3 consensus or vote. Discovered by
+ parakeep. Bugfix on 0.2.0.3-alpha.
+
+ o Code simplifications and refactoring:
+ - Generate our manpage and HTML documentation using Asciidoc. This
+ change should make it easier to maintain the documentation, and
+ produce nicer HTML.
+ - Remove the --enable-iphone option. According to reports from Marco
+ Bonetti, Tor builds fine without any special tweaking on recent
+ iPhone SDK versions.
+ - Removed some unnecessary files from the source distribution. The
+ AUTHORS file has now been merged into the people page on the
+ website. The roadmaps and design doc can now be found in the
+ projects directory in svn.
+ - Enabled various circuit build timeout constants to be controlled
+ by consensus parameters. Also set better defaults for these
+ parameters based on experimentation on broadband and simulated
+ high latency links.
+
+ o Minor features:
+ - The 'EXTENDCIRCUIT' control port command can now be used with
+ a circ id of 0 and no path. This feature will cause Tor to build
+ a new 'fast' general purpose circuit using its own path selection
+ algorithms.
+ - Added a BUILDTIMEOUT_SET controller event to describe changes
+ to the circuit build timeout.
+ - Future-proof the controller protocol a bit by ignoring keyword
+ arguments we do not recognize.
+ - Expand homedirs passed to tor-checkkey. This should silence a
+ coverity complaint about passing a user-supplied string into
+ open() without checking it.
+
+
+ Changes in version 0.2.1.25 - 2010-??-??
+ o Major bugfixes:
+ - When freeing a cipher, zero it out completely. We only zeroed
+ the first ptrsize bytes. Bugfix on tor-0.0.2pre8. Discovered
+ and patched by ekir. Fixes bug 1254.
+ o Minor bugfixes:
+ - Fix a dereference-then-NULL-check sequence when publishing
+ descriptors. Bugfix on tor-0.2.1.5-alpha. Discovered by ekir,
+ fixes bug 1255.
+ - Fix another dereference-then-NULL-check sequence. Bugfix on
+ 0.2.1.14-rc. Discovered by ekir, fixes bug 1256.
+ - Make sure we treat potentially not NUL-terminated strings correctly.
+ Bugfix on 0.1.1.13-alpha. Discovered by rieo, fixes bug 1257.
+
++
Changes in version 0.2.1.24 - 2010-02-21
Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time
for sure!
static addr_policy_t *router_parse_addr_policy(directory_token_t *tok);
static addr_policy_t *router_parse_addr_policy_private(directory_token_t *tok);
- static int router_get_hash_impl(const char *s, char *digest,
+ static int router_get_hash_impl(const char *s, size_t s_len, char *digest,
const char *start_str, const char *end_str,
- char end_char);
-
-static void token_free(directory_token_t *tok);
+ char end_char,
+ digest_algorithm_t alg);
- static int router_get_hashes_impl(const char *s, digests_t *digests,
++static int router_get_hashes_impl(const char *s, size_t s_len,
++ digests_t *digests,
+ const char *start_str, const char *end_str,
+ char end_char);
+static void token_clear(directory_token_t *tok);
static smartlist_t *find_all_exitpolicy(smartlist_t *s);
static directory_token_t *_find_by_keyword(smartlist_t *s,
directory_keyword keyword,
int
router_get_dir_hash(const char *s, char *digest)
{
- return router_get_hash_impl(s,digest,
+ return router_get_hash_impl(s, strlen(s), digest,
- "signed-directory","\ndirectory-signature",'\n');
+ "signed-directory","\ndirectory-signature",'\n',
+ DIGEST_SHA1);
}
/** Set <b>digest</b> to the SHA-1 digest of the hash of the first router in
* <b>s</b>. Return 0 on success, -1 on failure.
*/
int
- router_get_router_hash(const char *s, char *digest)
+ router_get_router_hash(const char *s, size_t s_len, char *digest)
{
- return router_get_hash_impl(s,digest,
+ return router_get_hash_impl(s, s_len, digest,
- "router ","\nrouter-signature", '\n');
+ "router ","\nrouter-signature", '\n',
+ DIGEST_SHA1);
}
/** Set <b>digest</b> to the SHA-1 digest of the hash of the running-routers
int
router_get_runningrouters_hash(const char *s, char *digest)
{
- return router_get_hash_impl(s,digest,
+ return router_get_hash_impl(s, strlen(s), digest,
- "network-status","\ndirectory-signature", '\n');
+ "network-status","\ndirectory-signature", '\n',
+ DIGEST_SHA1);
}
/** Set <b>digest</b> to the SHA-1 digest of the hash of the network-status
int
router_get_networkstatus_v2_hash(const char *s, char *digest)
{
- return router_get_hash_impl(s,digest,
+ return router_get_hash_impl(s, strlen(s), digest,
"network-status-version","\ndirectory-signature",
- '\n');
+ '\n',
+ DIGEST_SHA1);
+}
+
+/** Set <b>digests</b> to all the digests of the consensus document in
+ * <b>s</b> */
+int
+router_get_networkstatus_v3_hashes(const char *s, digests_t *digests)
+{
- return router_get_hashes_impl(s,digests,
++ return router_get_hashes_impl(s,strlen(s),digests,
+ "network-status-version",
+ "\ndirectory-signature",
+ ' ');
}
/** Set <b>digest</b> to the SHA-1 digest of the hash of the network-status
* string in <b>s</b>. Return 0 on success, -1 on failure. */
int
-router_get_networkstatus_v3_hash(const char *s, char *digest)
+router_get_networkstatus_v3_hash(const char *s, char *digest,
+ digest_algorithm_t alg)
{
- return router_get_hash_impl(s,digest,
+ return router_get_hash_impl(s, strlen(s), digest,
"network-status-version",
"\ndirectory-signature",
- ' ');
+ ' ', alg);
}
/** Set <b>digest</b> to the SHA-1 digest of the hash of the extrainfo
int
router_get_extrainfo_hash(const char *s, char *digest)
{
- return router_get_hash_impl(s,digest,"extra-info","\nrouter-signature",'\n',
- DIGEST_SHA1);
+ return router_get_hash_impl(s, strlen(s), digest, "extra-info",
- "\nrouter-signature",'\n');
++ "\nrouter-signature",'\n', DIGEST_SHA1);
}
/** Helper: used to generate signatures for routers, directories and
log_warn(LD_DIR, "Error tokenizing key certificate");
goto err;
}
- if (router_get_hash_impl(s, digest, "dir-key-certificate-version",
+ if (router_get_hash_impl(s, strlen(s), digest, "dir-key-certificate-version",
- "\ndir-key-certification", '\n') < 0)
+ "\ndir-key-certification", '\n', DIGEST_SHA1) < 0)
goto err;
tok = smartlist_get(tokens, 0);
if (tok->tp != K_DIR_KEY_CERTIFICATE_VERSION || strcmp(tok->args[0], "3")) {
return out;
}
-/** Compute the SHA-1 digest of the substring of <b>s</b> taken from the first
- * occurrence of <b>start_str</b> through the first instance of c after the
- * first subsequent occurrence of <b>end_str</b>; store the 20-byte result in
- * <b>digest</b>; return 0 on success.
- *
- * If no such substring exists, return -1.
- */
static int
- router_get_hash_impl_helper(const char *s,
-router_get_hash_impl(const char *s, size_t s_len, char *digest,
++router_get_hash_impl_helper(const char *s, size_t s_len,
const char *start_str,
- const char *end_str, char end_c)
+ const char *end_str, char end_c,
+ const char **start_out, const char **end_out)
{
- char *start, *end;
- start = strstr(s, start_str);
+ const char *start, *end;
+ start = tor_memstr(s, s_len, start_str);
if (!start) {
log_warn(LD_DIR,"couldn't find start of hashed material \"%s\"",start_str);
return -1;
}
++end;
- if (crypto_digest(digest, start, end-start)) {
- log_warn(LD_BUG,"couldn't compute digest");
+ *start_out = start;
+ *end_out = end;
+ return 0;
+}
+
+/** Compute the digest of the substring of <b>s</b> taken from the first
+ * occurrence of <b>start_str</b> through the first instance of c after the
+ * first subsequent occurrence of <b>end_str</b>; store the 20-byte result in
+ * <b>digest</b>; return 0 on success.
+ *
+ * If no such substring exists, return -1.
+ */
+static int
- router_get_hash_impl(const char *s, char *digest,
++router_get_hash_impl(const char *s, size_t s_len, char *digest,
+ const char *start_str,
+ const char *end_str, char end_c,
+ digest_algorithm_t alg)
+{
+ const char *start=NULL, *end=NULL;
- if (router_get_hash_impl_helper(s,start_str,end_str,end_c,&start,&end)<0)
++ if (router_get_hash_impl_helper(s,s_len,start_str,end_str,end_c,&start,&end)<0)
+ return -1;
+
+ if (alg == DIGEST_SHA1) {
+ if (crypto_digest(digest, start, end-start)) {
+ log_warn(LD_BUG,"couldn't compute digest");
+ return -1;
+ }
+ } else {
+ if (crypto_digest256(digest, start, end-start, alg)) {
+ log_warn(LD_BUG,"couldn't compute digest");
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+/** As router_get_hash_impl, but compute all hashes. */
+static int
- router_get_hashes_impl(const char *s, digests_t *digests,
++router_get_hashes_impl(const char *s, size_t s_len, digests_t *digests,
+ const char *start_str,
+ const char *end_str, char end_c)
+{
+ const char *start=NULL, *end=NULL;
- if (router_get_hash_impl_helper(s,start_str,end_str,end_c,&start,&end)<0)
++ if (router_get_hash_impl_helper(s,s_len,start_str,end_str,end_c,&start,&end)<0)
+ return -1;
+
+ if (crypto_digest_all(digests, start, end-start)) {
+ log_warn(LD_BUG,"couldn't compute digests");
return -1;
}
goto err;
}
/* Compute descriptor hash for later validation. */
- if (router_get_hash_impl(desc, desc_hash,
+ if (router_get_hash_impl(desc, strlen(desc), desc_hash,
"rendezvous-service-descriptor ",
- "\nsignature", '\n') < 0) {
+ "\nsignature", '\n', DIGEST_SHA1) < 0) {
log_warn(LD_REND, "Couldn't compute descriptor hash.");
goto err;
}
projects / thirdparty / tor.git / commitdiff
