| Commit message (Expand) | Author | Age |
|---|
| * | Add a missing part of bug 7311's makefile.nmake tweaks•••Fix by "ultramage".
This already has a changes entry.
| Nick Mathewson | 2013-01-17 |
| * | Implement proposal 204: ignore subdomains in hidden service addresses•••The implementation is pretty straightforward: parse_extended_hostname() is
modified to drop any leading components from an address like
'foo.aaaaaaaaaaaaaaaa.onion'.
| Jérémy Bobbio | 2013-01-16 |
| * | Merge branch '024_msvc_squashed'•••Conflicts:
src/or/or.h
srcwin32/orconfig.h
| Nick Mathewson | 2013-01-16 |
| |\ |
|
| | * | Add more test modules for nmake makefiles | Nick Mathewson | 2013-01-16 |
| | * | Try to build tinytest.obj from the right sources | Nick Mathewson | 2013-01-16 |
| | * | use the /Fe flag with msvc•••Fixes 7309
| Nick Mathewson | 2013-01-16 |
| | * | Add missing targets to src/test/Makefile.nmake. Fix for 7316 | Nick Mathewson | 2013-01-16 |
| | * | Add missing includes and libs to makefile.nmake•••Fixes bugs 7312 and 7310.
| Nick Mathewson | 2013-01-16 |
| * | | Aftermath of isin->contains renaming•••Fix wide lines and comments, and add a changes file
| Nick Mathewson | 2013-01-16 |
| * | | Rename *_isin to *_contains•••This is an automatically generated commit, from the following perl script,
run with the options "-w -i -p".
s/smartlist_string_num_isin/smartlist_contains_int_as_string/g;
s/smartlist_string_isin((?:_case)?)/smartlist_contains_string$1/g;
s/smartlist_digest_isin/smartlist_contains_digest/g;
s/smartlist_isin/smartlist_contains/g;
s/digestset_isin/digestset_contains/g;
| Nick Mathewson | 2013-01-16 |
| * | | Actually link against nacl when we want to use it•••Fixes more of bug 7972
| Nick Mathewson | 2013-01-16 |
| * | | Update the copyright date to 201. | Nick Mathewson | 2013-01-16 |
| * | | Make the = at the end of ntor-onion-key optional.•••Makes bug 7869 more easily fixable if we ever choose to do so.
| Nick Mathewson | 2013-01-05 |
| * | | Whoops; make that unit test actually pass :/ | Nick Mathewson | 2013-01-03 |
| * | | Add a unit test for the curve25519 keypair persistence functions | Nick Mathewson | 2013-01-03 |
| * | | Merge branch 'ntor-resquashed'•••Conflicts:
src/or/cpuworker.c
src/or/or.h
src/test/bench.c
| Nick Mathewson | 2013-01-03 |
| |\ \ |
|
| | * | | Implement a constant-time safe_mem_is_zero. | Nick Mathewson | 2013-01-03 |
| | * | | Add reference implementation for ntor, plus compatibility test•••Before I started coding ntor in C, I did another one in Python.
Turns out, they interoperate just fine.
| Nick Mathewson | 2013-01-03 |
| | * | | ntor: Don't fail fast server-side on an unrecognized KEYID(B) | Nick Mathewson | 2013-01-03 |
| | * | | Make libcurve25519_donna get built as a .a•••This lets us give it compiler flags differing from the rest of
libor-crypto.a
| Nick Mathewson | 2013-01-03 |
| | * | | Don't check create cells too much when we're relaying them•••We want to sanity-check our own create cells carefully, and other
people's loosely.
| Nick Mathewson | 2013-01-03 |
| | * | | Implement scheme to allow ntor requests/responses via older servers | Nick Mathewson | 2013-01-03 |
| | * | | Code to parse and format CREATE{,2,_FAST} cells and their allies•••As elsewhere, it makes sense when adding or extending a cell type to
actually make the code to parse it into a separate tested function.
This commit doesn't actually make anything use these new functions;
that's for a later commit.
| Nick Mathewson | 2013-01-03 |
| | * | | Massive refactoring of the various handshake types•••The three handshake types are now accessed from a unified interface;
their state is abstracted from the rest of the cpath state, and so on.
| Nick Mathewson | 2013-01-03 |
| | * | | Split onion.[ch] into onion{,_fast,_tap}.[ch]•••I'm going to want a generic "onionskin" type and set of wrappers, and
for that, it will be helpful to isolate the different circuit creation
handshakes. Now the original handshake is in onion_tap.[ch], the
CREATE_FAST handshake is in onion_fast.[ch], and onion.[ch] now
handles the onion queue.
This commit does nothing but move code and adjust header files.
| Nick Mathewson | 2013-01-02 |
| | * | | Refactor strong os-RNG into its own function•••Previously, we only used the strong OS entropy source as part of
seeding OpenSSL's RNG. But with curve25519, we'll have occasion to
want to generate some keys using extremely-good entopy, as well as the
means to do so. So let's!
This patch refactors the OS-entropy wrapper into its own
crypto_strongest_rand() function, and makes our new
curve25519_secret_key_generate function try it as appropriate.
| Nick Mathewson | 2013-01-02 |
| | * | | Implementat the ntor handshake•••The ntor handshake--described in proposal 216 and in a paper by
Goldberg, Stebila, and Ustaoglu--gets us much better performance than
our current approach.
| Nick Mathewson | 2013-01-02 |
| | * | | Add a wrapper around, and test and build support for, curve25519.•••We want to use donna-c64 when we have a GCC with support for
64x64->uint128_t multiplying. If not, we want to use libnacl if we
can, unless it's giving us the unsafe "ref" implementation. And if
that isn't going to work, we'd like to use the
portable-and-safe-but-slow 32-bit "donna" implementation.
We might need more library searching for the correct libnacl,
especially once the next libnacl release is out -- it's likely to have
bunches of better curve25519 implementations.
I also define a set of curve25519 wrapper functions, though it really
shouldn't be necessary.
We should eventually make the -donna*.c files get build with
-fomit-frame-pointer, since that can make a difference.
| Nick Mathewson | 2013-01-02 |
| | * | | Add a data-invariant linear-search map structure•••I'm going to use this for looking op keys server-side for ntor.
| Nick Mathewson | 2013-01-02 |
| | * | | Add a unit test for the old KDF while we're at it | Nick Mathewson | 2012-12-06 |
| | * | | Implement HKDF from RFC5869•••This is a customizable extract-and-expand HMAC-KDF for deriving keys.
It derives from RFC5869, which derives its rationale from Krawczyk,
H., "Cryptographic Extraction and Key Derivation: The HKDF Scheme",
Proceedings of CRYPTO 2010, 2010, <http://eprint.iacr.org/2010/264>.
I'm also renaming the existing KDF, now that Tor has two of them.
This is the key derivation scheme specified in ntor.
There are also unit tests.
| Nick Mathewson | 2012-12-06 |
| | * | | Add benchmark to test onionskin performance. | Nick Mathewson | 2012-12-06 |
| * | | | Add benchmark for DH handshake and ECDH-P-224/56 handshake | Nick Mathewson | 2012-12-25 |
| | |/
|/| |
|
| * | | Build and test most of the machinery needed for IPv6 virtualaddrmaps•••With an IPv6 virtual address map, we can basically hand out a new
IPv6 address for _every_ address we connect to. That'll be cool, and
will let us maybe get around prop205 issues.
This uses some fancy logic to try to make the code paths in the ipv4
and the ipv6 case as close as possible, and moves to randomly
generated addresses so we don't need to maintain those stupid counters
that will collide if Tor restarts but apps don't.
Also has some XXXX items to fix to make this useful. More design
needed.
| Nick Mathewson | 2012-12-17 |
| * | | Implement option to turn off DNS cache use on a client port•••(This is part 2 of making DNS cache use enabled/disabled on a
per-client port basis. This implements the CacheIPv[46]DNS options,
but not the UseCachedIPv[46] ones.)
| Nick Mathewson | 2012-12-17 |
| * | | Merge branch 'win64-7260'•••Conflicts:
src/or/dns.c
| Nick Mathewson | 2012-12-07 |
| |\ \ |
|
| | * | | In the unit tests, use "test_eq_ptr" and "test_neq_ptr" consistently•••This is part of what's needed to build without warnings on mingw64:
it was warning about the cast from void* to long that happened in
the places we were using test_{n,}eq on pointers.
The alternative here would have been to broaden tt_int_op to accept
a long long or an intptr_t, but that's less correct (since pointers
aren't integers), and would hurt the portability of tinytest a
little.
Fixes part of 7260.
| Nick Mathewson | 2012-11-02 |
| * | | | Merge branch 'bug7306' | Nick Mathewson | 2012-12-07 |
| |\ \ \ |
|
| | * | | | Use FreeLibrary, not CloseHandle, for library in test_util.c•••Fix for bug 7306. Bugfix on 0.2.2.17-alpha.
| Nick Mathewson | 2012-12-06 |
| | | |/
| |/| |
|
| * | | | Merge remote-tracking branch 'public/bug6887' | Nick Mathewson | 2012-12-07 |
| |\ \ \
| |/ /
|/| | |
|
| | * | | Remove some deadcode for parsing v1 directories•••Fixes bug 6887. There are opportunities to remove more functions if
authorities can stop serving dummy v1 directory documents
| Nick Mathewson | 2012-09-18 |
| * | | | Merge branch 'bug7013_take2_squashed' | Nick Mathewson | 2012-11-27 |
| |\ \ \ |
|
| | * | | | Introduce tor_addr_port_parse() and use it to parse ServerTransportListenAddr. | George Kadianakis | 2012-11-27 |
| * | | | | Fix a bug in policy_is_reject_star() that was making IPv4 exits break•••IPv4-only exits have an implicit "reject [::]/0", which was making
policy_is_reject_star() return 1 for them, making us refuse to do
hostname lookups.
This fix chanes policy_is_reject_star() to ask about which family we meant.
| Nick Mathewson | 2012-11-14 |
| * | | | | Actually send back correctly-formed IPv6 CONNECTED cells•••We had some old code to send back connected cells for IPv6 addresses,
but it was wrong. Fortunately, it was also unreachable.
| Nick Mathewson | 2012-11-14 |
| * | | | | Get the client side of receiving an IPv6 address to work•••This makes it so we can handle getting an IPv6 in the 3 different
formats we specified it for in RESOLVED cells,
END_STREAM_REASON_EXITPOLICY cells, and CONNECTED cells.
We don't cache IPv6 addresses yet, since proposal 205 isn't
implemented.
There's a refactored function for parsing connected cells; it has unit
tests.
| Nick Mathewson | 2012-11-14 |
| * | | | | Add an IPv6Exit configuration option•••Don't advertise an IPv6 exit policy, or accept IPv6 exit requests,
if IPv6Exit is not true.
| Nick Mathewson | 2012-11-14 |
| * | | | | Better policy support for IPv6•••Now, "accept *:80" means "accept all addresses on port 80", and not
just IPv4. For just v4, say "accept *4:80"; for just v6 say "accept
*6:80".
We can parse these policies from torrc just fine, and we should be
successfully keeping them out of descriptors for now.
We also now include appropriate IPv6 addresses in "reject private:*"
| Nick Mathewson | 2012-11-14 |
| * | | | | Add a new family-specific syntax for tor_addr_parse_mask_ports•••By default, "*" means "All IPv4 addresses" with
tor_addr_parse_mask_ports, so I won't break anything. But if the new
EXTENDED_STAR flag is provided, then * means "any address", *4 means
"any IPv4 address" (that is, 0.0.0.0/0), and "*6" means "any IPv6
address" (that is, [::]/0).
This is going to let us have a syntax for specifying exit policies in
torrc that won't drive people mad.
Also, add a bunch of unit tests for tor_addr_parse_mask_ports to test
these new features, and to increase coverage.
| Nick Mathewson | 2012-11-14 |
| * | | | | Refactor begin cell parsing into its own function, with tests.•••Add 'flags' argument to begin cells, per proposal 208.
| Nick Mathewson | 2012-11-14 |