Nick Mathewson [Tue, 8 Apr 2014 15:31:48 +0000 (11:31 -0400)]
Update ciphers.inc to match ff28
The major changes are to re-order some ciphers, to drop the ECDH suites
(note: *not* ECDHE: ECDHE is still there), to kill off some made-up
stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop
some of the DSS suites... *and* to enable the ECDHE+GCM ciphersuites.
This change is autogenerated by get_mozilla_ciphers.py from
Firefox 28 and OpenSSL 1.0.1g.
When extracting geoip and geoip6 files from MaxMind's GeoLite2 Country
database, we only look at country->iso_code which is the two-character ISO
3166-1 country code of the country where MaxMind believes the end user is
located.
But if MaxMind thinks a range belongs to anonymous proxies, they don't put
anything there. Hence, we omit those ranges and resolve them all to '??'.
That's not what we want.
What we should do is first try country->iso_code, and if there's no such
key, try registered_country->iso_code which is the country in which the
ISP has registered the IP address.
In short: let's fill all A1 entries with what ARIN et. al think.
"""
Sebastian Hahn [Thu, 13 Feb 2014 07:25:08 +0000 (08:25 +0100)]
gcc/clang: Mark macro-generated functions as possible unused
clang 3.4 introduced a new by-default warning about unused static
functions, which we triggered heavily for the hashtable and map function
generating macros. We can use __attribute__ ((unused)) (thanks nickm for
the suggestion :-) ) to silence these warnings.
There is no WSAEPERM; we were implying that there was.This fixes a
bug in e0c8031516852143fb82d8fee91a0f4c576c7418, which hadn't yet
appeared in any released Tor.
Nick Mathewson [Fri, 7 Feb 2014 22:36:11 +0000 (17:36 -0500)]
Survive fedora's openssl in our benchmarks
Apparently fedora currently has ECDH but not P224. This isn't a huge
deal, since we no longer use OpenSSL's P224 ever (see #9780 and 72c1e5acfe1c6). But we shouldn't have segfaulting benchmarks really.
Nick Mathewson [Thu, 6 Feb 2014 22:08:50 +0000 (17:08 -0500)]
Discard circuit paths on which nobody supports ntor
Right now this accounts for about 1% of circuits over all, but if you
pick a guard that's running 0.2.3, it will be about 6% of the circuits
running through that guard.
Making sure that every circuit has at least one ntor link means that
we're getting plausibly good forward secrecy on every circuit.
Nick Mathewson [Sat, 21 Dec 2013 15:15:09 +0000 (10:15 -0500)]
Fix a logic error in circuit_stream_is_being_handled.
When I introduced the unusable_for_new_circuits flag in 62fb209d837f3f551, I had a spurious ! in the
circuit_stream_is_being_handled loop. This made us decide that
non-unusable circuits (that is, usable ones) were the ones to avoid,
and caused it to launch a bunch of extra circuits.
Nick Mathewson [Wed, 18 Dec 2013 16:49:44 +0000 (11:49 -0500)]
Never allow OpenSSL engines to replace the RAND_SSLeay method
This fixes bug 10402, where the rdrand engine would use the rdrand
instruction, not as an additional entropy source, but as a replacement
for the entire userspace PRNG. That's obviously stupid: even if you
don't think that RDRAND is a likely security risk, the right response
to an alleged new alleged entropy source is never to throw away all
previously used entropy sources.
Thanks to coderman and rl1987 for diagnosing and tracking this down.
Nick Mathewson [Mon, 16 Dec 2013 18:00:15 +0000 (13:00 -0500)]
Avoid free()ing from an mmap on corrupted microdesc cache
The 'body' field of a microdesc_t holds a strdup()'d value if the
microdesc's saved_location field is SAVED_IN_JOURNAL or
SAVED_NOWHERE, and holds a pointer to the middle of an mmap if the
microdesc is SAVED_IN_CACHE. But we weren't setting that field
until a while after we parsed the microdescriptor, which left an
interval where microdesc_free() would try to free() the middle of
the mmap().
This patch also includes a regression test.
This is a fix for #10409; bugfix on 0.2.2.6-alpha.
Nick Mathewson [Fri, 15 Nov 2013 20:29:24 +0000 (15:29 -0500)]
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
src/or/or.h
src/or/relay.c
Conflicts were simple to resolve. More fixes were needed for
compilation, including: reinstating the tv_to_msec function, and renaming
*_conn_cells to *_chan_cells.
Nick Mathewson [Thu, 7 Nov 2013 17:15:30 +0000 (12:15 -0500)]
Improved circuit queue out-of-memory handler
Previously, when we ran low on memory, we'd close whichever circuits
had the most queued cells. Now, we close those that have the
*oldest* queued cells, on the theory that those are most responsible
for us running low on memory, and that those are the least likely to
actually drain on their own if we wait a little longer.
Based on analysis from a forthcoming paper by Jansen, Tschorsch,
Johnson, and Scheuermann. Fixes bug 9093.
Roger Dingledine [Fri, 11 Oct 2013 00:09:16 +0000 (20:09 -0400)]
be willing to bootstrap from all three of our directory guards
Also fix a bug where if the guard we choose first doesn't answer, we
would try the second guard, but once we connected to the second guard
we would abandon it and retry the first one, slowing down bootstrapping.
The fix in both cases is to treat all our initially chosen guards as
acceptable to use.
We're going to not make this change in 0.2.4, since changing
torrc.sample.in makes all the debian users do some pointless
busywork. see tor-dev discusion of 9 Oct 2013.
Karsten Loesing [Wed, 9 Oct 2013 10:01:45 +0000 (12:01 +0200)]
Clarify who learns about ContactInfo.
Explicitly include bridges, and note that we archive and publish all
descriptors.
(We are not yet publishing ContactInfo lines contained in bridge
descriptors, but maybe we'll want to do that soon, so let's err on the
side of caution here.)
Nick Mathewson [Thu, 19 Sep 2013 14:40:41 +0000 (10:40 -0400)]
Switch ECDHE group default logic for bridge/relay TLS
According to the manpage, bridges use P256 for conformity and relays
use P224 for speed. But skruffy points out that we've gotten it
backwards in the code.
In this patch, we make the default P256 for everybody.
Nick Mathewson [Tue, 8 Oct 2013 15:13:21 +0000 (11:13 -0400)]
Raise buffer size, fix checks for format_exit_helper_status.
This is probably not an exploitable bug, since you would need to have
errno be a large negative value in the unix pluggable-transport launcher
case. Still, best avoided.
Nick Mathewson [Thu, 3 Oct 2013 01:42:24 +0000 (21:42 -0400)]
Fix a bug in our bug 9776 fix.
By calling circuit_n_chan_done() unconditionally on close, we were
closing pending connections that might not have been pending quite for
the connection we were closing. Fix for bug 9880.
Thanks to skruffy for finding this and explaining it patiently until
we understood.
Nick Mathewson [Wed, 14 Aug 2013 03:43:39 +0000 (23:43 -0400)]
Re-enable TLS 1.[12] when building with OpenSSL >= 1.0.1e
To fix #6033, we disabled TLS 1.1 and 1.2. Eventually, OpenSSL fixed
the bug behind #6033.
I've considered alternate implementations that do more testing to see
if there's secretly an OpenSSL 1.0.1c or something that secretly has a
backport of the OpenSSL 1.0.1e fix, and decided against it on the
grounds of complexity.
this was causing directory authorities to send a time of 0 on all
connections they generated themselves, which means everybody reachability
test caused a time skew warning in the log for that relay.
(i didn't just revert, because the changes file has been modified by
other later commits.)
Nick Mathewson [Wed, 18 Sep 2013 14:51:04 +0000 (10:51 -0400)]
Remove the timestamp from AUTHENTICATE cells; replace with random bytes
This isn't actually much of an issue, since only relays send
AUTHENTICATE cells, but while we're removing timestamps, we might as
well do this too.
Part of proposal 222. I didn't take the approach in the proposal of
using a time-based HMAC, since that was a bad-prng-mitigation hack
from SSL3, and in real life, if you don't have a good RNG, you're
hopeless as a Tor server.
projects / thirdparty / tor.git / log
