Nick Mathewson [Tue, 15 May 2012 19:32:18 +0000 (15:32 -0400)]
Implement the client side of proposal 198
This is a feature removal: we no longer fake any ciphersuite other
than the not-really-standard SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
(0xfeff). This change will let servers rely on our actually
supporting what we claim to support, and thereby let Tor migrate to
better TLS ciphersuites.
As a drawback, Tor instances that use old openssl versions and
openssl builds with ciphers disabled will no longer give the
"firefox" cipher list.
Karsten Loesing [Wed, 13 Jun 2012 07:21:00 +0000 (09:21 +0200)]
Update to the June 2012 GeoIP database.
Manually removed range 0.116.0.0 to 0.119.255.255 which Maxmind says is
assigned to AT. This is very likely a bug in their database, because
0.0.0.0/8 is a reserved range.
Nick Mathewson [Mon, 11 Jun 2012 15:00:48 +0000 (11:00 -0400)]
Make our compiler-hardening checks robust against MinGW
First, specify -Werror when we are testing each option; if it causes
a warning to appear, we shouldn't be adding it.
Second, do not attempt to add these options until after we have
found the libraries we want. Previously, I would hit a bug where
the linker hardening options worked fine when we weren't linking
anything, but failed completely once we added openssl or libevent.
Nick Mathewson [Mon, 11 Jun 2012 13:48:46 +0000 (09:48 -0400)]
List defaults consistently in manpage
Nearly everywhere, we end options with "(Default: foo)". But in a
few places, we inserted an extra period after or before the close
parenthesis, and in a few other places we said "(Defaults to foo)".
Let's not do that.
Nick Mathewson [Thu, 17 May 2012 14:08:48 +0000 (10:08 -0400)]
Be more careful calling wcstombs
The function is not guaranteed to NUL-terminate its output. It
*is*, however, guaranteed not to generate more than two bytes per
multibyte character (plus terminating nul), so the general approach
I'm taking is to try to allocate enough space, AND to manually add a
NUL at the end of each buffer just in case I screwed up the "enough
space" thing.
Nick Mathewson [Wed, 6 Jun 2012 16:00:04 +0000 (12:00 -0400)]
Change the default for DynamicDHGroups to 0
This feature can make Tor relays less identifiable by their use of the
mod_ssl DH group, but at the cost of some usability (#4721) and bridge
tracing (#6087) regressions.
We should try to turn this on by default again if we find that the
mod_ssl group is uncommon and/or we move to a different DH group size
(see #6088). Before we can do so, we need a fix for bugs #6087 and
Nick Mathewson [Tue, 5 Jun 2012 15:06:26 +0000 (11:06 -0400)]
Fix some mingw build warnings
These include:
- Having a weird in_addr that can't be initialized with {0}
- Needing INVALID_HANDLE_VALUE instead of -1 for file handles.
- Having a weird dependent definition for struct stat.
- pid is signed, not unsigned.
Nick Mathewson [Mon, 4 Jun 2012 23:51:00 +0000 (19:51 -0400)]
Add about 60 more DOCDOC comments to 0.2.3
Also, try to resolve some doxygen issues. First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
Nick Mathewson [Mon, 4 Jun 2012 23:56:44 +0000 (19:56 -0400)]
Update the "redox" doxygen/DOCDOC postprocessing script
Somewhere along the line, doxygen and tor changed their behavior a
little. The script is still a dreadful kludge, but now at least it
sorta works again.
Nick Mathewson [Mon, 4 Jun 2012 15:47:36 +0000 (11:47 -0400)]
Merge origin/maint-0.2.2 for 6007_strict
This code shouldn't have any effect in 0.2.3, since we already accept
(and handle) data received while we are expecting a renegotiation.
(That's because the 0.2.3.x handshake _does_ have data there instead of
the renegotiation.)
I'm leaving it in anyway, since if it breaks anything, we'll want it
broken in master too so we can find out about it. I added an XXX023
comment so that we can come back later and fix that.
Nick Mathewson [Thu, 31 May 2012 15:19:35 +0000 (11:19 -0400)]
Kill non-open OR connections with any data on their inbufs.
This fixes a DoS issue where a client could send so much data in 5
minutes that they exhausted the server's RAM. Fix for bug 5934 and
6007. Bugfix on 0.2.0.20-rc, which enabled the v2 handshake.
Nick Mathewson [Mon, 4 Jun 2012 15:07:52 +0000 (11:07 -0400)]
Fix build warning on Lenny about strtok_r unit test
This fixes a warning in efb8a09f, where Debain Lenny's GCC doesn't get
that
for (i=0; i<3; ++i) {
const char *p;
switch(i) {
case 0:
p="X"; break;
case 1:
p="Y"; break;
case 2:
p="Z"; break;
}
printf("%s\n", p);
}
will never try to print an uninitialezed value.
Found by buildbots. Bug in no released versions of Tor.
Nick Mathewson [Sun, 3 Jun 2012 00:05:32 +0000 (20:05 -0400)]
Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 support
It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it
decides to renegotiate, the client will send a record with version "1.0"
rather than with the current TLS version. This would cause the
connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor
handshake was in use.
As a workaround, disable TLS 1.1 and TLS 1.2. When a later version of
OpenSSL is released, we can make this conditional on running a fixed
version of OpenSSL.
Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client
side. But doing it this way for now means that we not only fix TLS with
patched clients; we also fix TLS when the server has this patch and the
client does not. That could be important to keep the network running
well.
Nick Mathewson [Tue, 15 May 2012 13:41:45 +0000 (09:41 -0400)]
Make all begindir or one-hop circuits internal
This solves bug 5283, where client traffic could get sent over the
same circuit as an anonymized connection to a directory, even if
that circuit used an exit node unsuitable for clients. By marking
the directory connection as needs_internal, we ensure that the
(non-internal!) client-traffic connection won't be sent over the
same circuit.
Conflict was between replacement of MS_WINDOWS with _WIN32 in
master, and with removal of file_handle from tor_mmap_t struct in
close_file_mapping branch (for bug 5951 fix).
Nick Mathewson [Wed, 30 May 2012 16:14:38 +0000 (12:14 -0400)]
Add __attribute__(format)s for our varargs printf/scanf wrappers
It turns out that if you set the third argument of
__attribute__(format) to 0, GCC and Clang will check the format
argument without expecting to find variadic arguments. This is the
correct behavior for vsnprintf, vasprintf, and vscanf.
I'm hoping this will fix bug 5969 (a clang warning) by telling clang that
the format argument to tor_vasprintf is indeed a format string.
projects / thirdparty / tor.git / log
