1. 12 Dec, 2009 1 commit
    • Sebastian Hahn's avatar
      *_free functions now accept NULL · 3807db00
      Sebastian Hahn authored
      Some *_free functions threw asserts when passed NULL. Now all of them
      accept NULL as input and perform no action when called that way.
      This gains us consistence for our free functions, and allows some
      code simplifications where an explicit null check is no longer necessary.
  2. 04 Dec, 2009 1 commit
  3. 22 Nov, 2009 1 commit
  4. 20 Nov, 2009 2 commits
  5. 14 Nov, 2009 1 commit
    • Jacob Appelbaum's avatar
      Fix compilation with with bionic libc. · 6f1fe7e9
      Jacob Appelbaum authored and Nick Mathewson's avatar Nick Mathewson committed
      This fixes bug 1147:
       bionic doesn't have an actual implementation of mlockall();
       mlockall() is merely in the headers but not actually in the library.
       This prevents Tor compilation with the bionic libc for Android handsets.
  6. 05 Nov, 2009 1 commit
    • Nick Mathewson's avatar
      Make Tor work with OpenSSL 0.9.8l · ce0a89e2
      Nick Mathewson authored
      To fix a major security problem related to incorrect use of
      SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
      default.  We are not affected by this security problem, however,
      since we do renegotiation right.  (Specifically, we never treat a
      renegotiated credential as authenticating previous communication.)
      Nevertheless, OpenSSL's new behavior requires us to explicitly
      turn renegotiation back on in order to get our protocol working
      Amusingly, this is not so simple as "set the flag when you create
      the SSL object" , since calling connect or accept seems to clear
      the flags.
      For belt-and-suspenders purposes, we clear the flag once the Tor
      handshake is done.  There's no way to exploit a second handshake
      either, but we might as well not allow it.
  7. 27 Oct, 2009 2 commits
    • Jacob Appelbaum's avatar
      Implement DisableAllSwap to avoid putting secret info in page files. · 2aac39a7
      Jacob Appelbaum authored and Roger Dingledine's avatar Roger Dingledine committed
      This commit implements a new config option: 'DisableAllSwap'
      This option probably only works properly when Tor is started as root.
      We added two new functions: tor_mlockall() and tor_set_max_memlock().
      tor_mlockall() attempts to mlock() all current and all future memory pages.
      For tor_mlockall() to work properly we set the process rlimits for memory to
      RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
      We behave differently from mlockall() by only allowing tor_mlockall() to be
      called one single time. All other calls will result in a return code of 1.
      It is not possible to change DisableAllSwap while running.
      A sample configuration item was added to the torrc.complete.in config file.
      A new item in the man page for DisableAllSwap was added.
      Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.
      Please note that we make no guarantees about the quality of your OS and its
      mlock/mlockall implementation. It is possible that this will do nothing at all.
      It is also possible that you can ulimit the mlock properties of a given user
      such that root is not required. This has not been extensively tested and is
      unsupported. I have included some comments for possible ways we can handle
      this on win32.
    • Nick Mathewson's avatar
      Remove checks for array existence. (CID 410..415) · 5e4d53d5
      Nick Mathewson authored
      In C, the code "char x[10]; if (x) {...}" always takes the true branch of
      the if statement.  Coverity notices this now.
      In some cases, we were testing arrays to make sure that an operation
      we wanted to do would suceed.  Those cases are now always-true.
      In some cases, we were testing arrays to see if something was _set_.
      Those caes are now tests for strlen(s), or tests for
  8. 26 Oct, 2009 1 commit
    • Karsten Loesing's avatar
      Reduce log level for someone else sending us weak DH keys. · d2b4b49f
      Karsten Loesing authored
      See task 1114. The most plausible explanation for someone sending us weak
      DH keys is that they experiment with their Tor code or implement a new Tor
      client. Usually, we don't care about such events, especially not on warn
      level. If we really care about someone not following the Tor protocol, we
      can set ProtocolWarnings to 1.
  9. 20 Oct, 2009 1 commit
  10. 19 Oct, 2009 1 commit
  11. 18 Oct, 2009 1 commit
  12. 15 Oct, 2009 6 commits
  13. 14 Oct, 2009 1 commit
  14. 29 Sep, 2009 3 commits
  15. 25 Sep, 2009 1 commit
  16. 24 Sep, 2009 2 commits
    • Nick Mathewson's avatar
      Fix compilation on OpenSSLs with unusual state lists. · a3f1da2e
      Nick Mathewson authored
      "Unusual" in this context means "not the same as nickm's."  We should grow a
      better list later.
      (Also, move TLS state table to a separate header.)
    • Nick Mathewson's avatar
      Debugging logs for TLS handshake · b8b29353
      Nick Mathewson authored
      The big change is to add a function to display the current SSL handshake
      state, and to log it everywhere reasonable.  (A failure in
      SSL23_ST_CR_SRVR_HELLO_A is different from one in
      This patch also adds a new log domain for OR handshaking, so you can pull out
      all the handshake log messages without having to run at debug for everything.
      For example, you'd just say "log notice-err [handshake]debug-err file
  17. 23 Sep, 2009 1 commit
    • Nick Mathewson's avatar
      Refactor unit tests to use the tinytest framework. · d4b54549
      Nick Mathewson authored
      "Tinytest" is a minimalist C unit testing framework I wrote for
      Libevent.  It supports some generally useful features, like being able
      to run separate unit tests in their own processes.
      I tried to do the refactoring to change test.c as little as possible.
      Thus, we mostly don't call the tinytest macros directly.  Instead, the
      test.h header is now a wrapper on tinytest.h to make our existing
      test_foo() macros work.
      The next step(s) here will be:
        - To break test.c into separate files, each with its own test group.
        - To look into which things we can test
        - To refactor the more fiddly tests to use the tinytest macros
          directly and/or run forked.
        - To see about writing unit tests for things we couldn't previously
          test without forking.
  18. 21 Sep, 2009 2 commits
  19. 17 Sep, 2009 1 commit
  20. 15 Sep, 2009 3 commits
  21. 01 Sep, 2009 5 commits
  22. 31 Aug, 2009 1 commit
  23. 20 Aug, 2009 1 commit