| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
svn:r12580
|
| |
|
|
|
|
|
| |
When we complete an OR handshake, set up all the internal fields and mark the connection as open.
svn:r12495
|
| |
|
|
|
|
|
| |
Mess with the formula for the Guard flag again. Now it requires that you be in the most familiar 7/8 of nodes, and have above median wfu for that 7/8th. See spec for details. Also, log thresholds better.
svn:r12440
|
| |
|
|
|
|
|
| |
Improve "tls error. breaking" message a little.
svn:r12411
|
| |
|
|
|
|
|
| |
without link encryption.
svn:r12410
|
| |
|
|
|
|
|
| |
Parse CERT cells and act correctly when we get them.
svn:r12396
|
| |
|
|
|
|
|
| |
Fix compile on sparc64
svn:r12394
|
| |
|
|
|
|
|
| |
Send and parse link_auth cells properly.
svn:r12386
|
| |
|
|
|
|
|
| |
Add functions to encode certificates
svn:r12384
|
| |
|
|
|
|
|
| |
Make TLS contexts reference-counted, and add a reference from TLS objects to their corresponding context. This lets us reliably get the certificates for a given TLS connection, even if we have rotated TLS contexts.
svn:r12383
|
| |
|
|
|
|
|
| |
Remember X509 certificates in the context. Store peer/self certificate digests in handshake state.
svn:r12382
|
| |
|
|
|
|
|
| |
Code to remember client_random and server_random values, and to compute hmac using TLS master secret.
svn:r12381
|
| |
|
|
|
|
|
| |
Add a smartlist_bsearch_idx function that gives more useful output than regular bsearch for the value-not-found case.
svn:r12360
|
| |
|
|
|
|
|
| |
Space fixes.
svn:r12345
|
| |
|
|
|
|
|
| |
If setting our rlimit to rlim_max or cap fails, fall back to OPEN_FILES if defiled. This makes Tor run on OSX 10.5, while allowing OSX to mend its ways in the future.
svn:r12341
|
| |
|
|
|
|
|
| |
Use rlim_t instead of unsigned long to manipulate rlimit values.
svn:r12339
|
| |
|
|
|
|
|
| |
Use HMAC() function from openssl. Oops.
svn:r12304
|
| |
|
|
|
|
|
| |
Clean spaces.
svn:r12301
|
| |
|
|
|
|
|
| |
HMAC-SHA-1 implementation, with unit tests based on vectors from RVFC2202. Steven's stuff will need this.
svn:r12289
|
| |
|
|
|
|
|
| |
Implement (but do not enable) link connection version negotiation
svn:r12286
|
| |
|
|
|
|
|
| |
Improved skew reporting: "You are 365 days in the duture" is more useful than "You are 525600 minutes in the future". Also, when we get something that proves we are at least an hour in the past, tell the controller "CLOCK_SKEW MIN_SKEW=-3600" rather than just "CLOCK_SKEW"
svn:r12283
|
| |
|
|
|
|
|
| |
Drop support for OpenSSL 0.9.6.
svn:r12191
|
| |
|
|
|
|
|
| |
Fix windows mmap changes.
svn:r12171
|
| |
|
|
|
|
|
| |
Make tor_mmap_file() set and preserve errno in a useful way.
svn:r12153
|
| |
|
|
|
|
|
| |
Check a platform assumption we have made without checking for too long: "Characters are represented in ascii."
svn:r12088
|
| |
|
|
|
|
|
| |
New code (disabled for now) to use the SSL context's cert store instead of using its "extra chain cert" list to get our identity certificate sent. This is a little close to what OpenSSL expects people to do, and it has the advantage that we should be able to keep the id cert from being sent by setting the NO_CHAIN_CERT bit. I have tried turning new code on, and it seemed to work fine.
svn:r12086
|
| |
|
|
|
|
|
| |
Fix implementation of sdmap_size and rimap_size() and eimap_size(). Nobody was using them, so no backport needed.
svn:r12068
|
| |
|
|
|
|
|
| |
Change meaning of "freefn" argument to smartlist_uniq so that we can remove duplicates from a list without freeing them.
svn:r12053
|
| |
|
|
|
|
|
| |
oprofile was telling me that a fair bit of our time in openssl was spent in base64_decode, so replace base64_decode with an all-at-once fairly optimized implementation. For decoding keys and digests, it seems 3-3.5x faster than calling out to openssl. (Yes, I wrote it from scratch.)
svn:r12002
|
| |
|
|
|
|
|
| |
Fix example use of hash table iterators
svn:r11991
|
| |
|
|
|
|
|
| |
Fix bug 528: fix memory leak in base32_decode(). While there, also make base32_decode() accept upper-case inputs.
svn:r11946
|
| |
|
|
|
|
|
| |
Remove a bunch of redundant includes in crypto.c
svn:r11885
|
| |
|
|
|
|
|
|
| |
Fix a minor memory leak whenever we wrote out a file. Bugfix on
0.2.0.7-alpha.
svn:r11863
|
| |
|
|
|
|
|
|
| |
Fix a minor memory leak whenever we parse guards from our state
file. Bugfix on 0.2.0.7-alpha.
svn:r11862
|
| |
|
|
|
|
|
| |
Add a bunch of function documentation; clean up a little code; fix some XXXXs; tag the nonsensical EXTRAINFO_PURPOSE_GENERAL as nonsesnse; note another bit of "do not cache special routers" code to nuke.
svn:r11761
|
| |
|
|
|
|
|
| |
Make some functions static; remove some dead code.
svn:r11750
|
| |
|
|
|
|
|
| |
From little acorns: redo our string and digest hashing code to be faster, since this stuff may be critical-path.
svn:r11700
|
| |
|
|
|
|
|
| |
Patch from karsten: remove cbc and make unit tests handle aes-ctr-with-iv.
svn:r11538
|
| |
|
|
|
|
|
| |
Clean up some macros in aes.c
svn:r11537
|
| |
|
|
|
|
|
| |
Re-optimize counter-mode: save about 15% on my core2 by (1) not regenerating the entire counter buffer every time we encrypt a block of keystream (2) using the platform-optimized htonl to convert to big-endian (It's a single instruction on 486 and later ) and (3) not even keeping a separate "counter" and "buffer" when the platform is big-endian. The third still needs testing.
svn:r11536
|
| |
|
|
|
|
|
| |
is what you meant to do.
svn:r11529
|
| |
|
|
|
|
|
| |
New (untested) code to implement AES-with-IV. Currently, IVs are generated randomly. Once tested, should be (almost) a drop-in replacement for the CBC functions.
svn:r11519
|
| |
|
|
|
|
|
| |
Switch our AES implementation from "128 bit counter with to 64 bits set to 0" to a proper implementation of counter mode. Also, add an aes_set_iv function to initialize the counter to a nonzero value.
svn:r11518
|
| |
|
|
| |
svn:r11490
|
| |
|
|
|
|
|
| |
step of integrating his new hidden service stuff
svn:r11489
|
| |
|
|
|
|
|
| |
Unify all of the divergent median/nth-percentile code in container.[ch]
svn:r11457
|
| |
|
|
|
|
|
| |
Another round of whitespeace fixes.
svn:r11407
|
| |
|
|
|
|
|
| |
Add some generic skew-and-tolerance functions so we can handle time more sanely.
svn:r11406
|
| |
|
|
|
|
|
| |
Fix a segfault in expand_filename("~"). Found by lindi.
svn:r11332
|
| |
|
|
|
|
|
| |
Use (and debug) new file-writing functions in order to simplify code that formerly built big strings in RAM.
svn:r11301
|