| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
It's increasingly apparent that we want to make sure we initialize our
PRNG nice and early, or else OpenSSL will do it for us. (OpenSSL
doesn't do _too_ bad a job, but it's nice to do it ourselves.)
We'll also need this for making sure we initialize the siphash key
before we do any hashes.
|
| |
|
|
|
|
|
|
|
|
| |
I've made an exception for cases where I'm sure that users can't
influence the inputs. This is likely to cause a slowdown somewhere,
but it's safer to siphash everything and *then* look for cases to
optimize.
This patch doesn't actually get us any _benefit_ from siphash yet,
since we don't really randomize the key at any point.
|
| | |
|
| | |
|
| |
|
|
| |
sed -i 's/BN_free/BN_clear_free/g'
|
| | |
|
| | |
|
| |
|
|
|
| |
Fix for #10563. This is a compatibility issue with libseccomp-2.1.
I guess you could call it a bugfix on 0.2.5.1?
|
| |\
| |
| |
| |
| | |
Conflicts:
src/common/crypto.c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes bug 10402, where the rdrand engine would use the rdrand
instruction, not as an additional entropy source, but as a replacement
for the entire userspace PRNG. That's obviously stupid: even if you
don't think that RDRAND is a likely security risk, the right response
to an alleged new alleged entropy source is never to throw away all
previously used entropy sources.
Thanks to coderman and rl1987 for diagnosing and tracking this down.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This flag prevents the creation of a console window popup on Windows. We
need it for pluggable transport executables--otherwise you get blank
console windows when you launch the 3.x browser bundle with transports
enabled.
http://msdn.microsoft.com/en-us/library/ms684863.aspx#CREATE_NO_WINDOW
The browser bundles that used Vidalia used to set this flag when
launching tor itself; it was apparently inherited by the pluggable
transports launched by tor. In the 3.x bundles, tor is launched by some
JavaScript code, which doesn't have the ability to set CREATE_NO_WINDOW.
tor itself is now being compiled with the -mwindows option, so that it
is a GUI application, not a console application, and doesn't show a
console window in any case. This workaround doesn't work for pluggable
transports, because they need to be able to write control messages to
stdout.
https://trac.torproject.org/projects/tor/ticket/9444#comment:30
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The previous commit from piet would have backed out some of proposal
198 and made servers built without the V2 handshake not use the
unrestricted cipher list from prop198.
Bug not in any released Tor.
|
| | |
| |
| |
| | |
Fixes bug 4677; bugfix on 0.2.3.2-alpha. Fix by "piet".
|
| | |
| |
| |
| | |
Fixes CID 743381
|
| | |
| |
| |
| | |
Coverity wants this; CID 1130990.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
With any luck, this will clean up errors where we detect that
REG_{EIP,RIP} is present in autoconf, but when we go to include it,
it isn't there.
|
| | |
| |
| |
| |
| |
| |
| | |
It's not nice to talk about NID_aes_{128,256}_{ctr,gcm} when they
don't exist.
Fix on 84458b79a78ea7e26820bf0; bug not in any released Tor.
|
| | | |
|
| | |
| |
| |
| | |
Fixes ticket 10043; patch from Joshua Datko.
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/common/sandbox.c
src/common/sandbox.h
src/common/util.c
src/or/main.c
src/test/include.am
src/test/test.c
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
This meant moving a fair bit of code around, and writing a signal
cleanup function. Still pretty nice from what I can tell, though.
|
| | | |
| | |
| | |
| | |
| | | |
Don't report that a failure happened in the assertion_failed function just
because we logged it from there.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We had accidentially grown two fake ones: one for backtrace.c, and one
for sandbox.c. Let's do this properly instead.
Now, when we configure logs, we keep track of fds that should get told
about bad stuff happening from signal handlers. There's another entry
point for these that avoids using non-signal-handler-safe functions.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
On platforms with the backtrace/backtrace_symbols_fd interface, Tor
can now dump stack traces on assertion failure. By default, I log
them to DataDir/stack_dump and to stderr.
|
| | | | |
|
| | | | |
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
Conflicts:
src/or/relay.c
Conflict changes were easy; compilation fixes required were using
using TOR_SIMPLEQ_FIRST to get head of cell queue.
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Conflicts:
src/or/or.h
src/or/relay.c
Conflicts were simple to resolve. More fixes were needed for
compilation, including: reinstating the tv_to_msec function, and renaming
*_conn_cells to *_chan_cells.
|
| |\| | | |
|
| | |\ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
According to the manpage, bridges use P256 for conformity and relays
use P224 for speed. But skruffy points out that we've gotten it
backwards in the code.
In this patch, we make the default P256 for everybody.
Fixes bug 9780; bugfix on 0.2.4.8-alpha.
|
| | |\ \ \ \ |
|
| |\ \ \ \ \ \ |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Implements #1376.
|
| |\ \ \ \ \ \ \
| | |/ / / / /
| |/| | | | | |
|
| | |\ \ \ \ \ \
| | | |_|_|/ /
| | |/| | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fix format_helper_exit_status to allow full HEX_ERRNO_SIZE answers,
*and* increase the buffer length again.
|
| |\| | | | | | |
|
| | |\| | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is probably not an exploitable bug, since you would need to have
errno be a large negative value in the unix pluggable-transport launcher
case. Still, best avoided.
Fixes bug 9928; bugfix on 0.2.3.18-rc.
|
| |\| | | | | | |
|
| | | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | |
| | | | | | |
Patch from "hantwister" on trac. Fixes bug #9904; bugfix on
0.2.3.11-alpha.
|
| |\ \ \ \ \ \
| | |_|_|/ /
| |/| | | | |
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
To fix #6033, we disabled TLS 1.1 and 1.2. Eventually, OpenSSL fixed
the bug behind #6033.
I've considered alternate implementations that do more testing to see
if there's secretly an OpenSSL 1.0.1c or something that secretly has a
backport of the OpenSSL 1.0.1e fix, and decided against it on the
grounds of complexity.
|