GitLab

Closes ticket 40035.

This warning only affects platforms (like win32) with 32-bit time_t.

Fixes bug 40028; bugfix on 0.3.2.8-rc.

Alexander Færøy authored May 16, 2020 and Nick Mathewson committed Jul 06, 2020

This patch changes our bits-to-bytes conversion logic in the NSS
implementation of `tor_tls_cert_matches_key()` from using (x >> 3) to
((x + 7) >> 3) since DER bit-strings are allowed to contain a number of
bits that is not a multiple of 8.

Additionally, we add a comment on why we cannot use the
`DER_ConvertBitString()` macro from NSS, as we would potentially apply
the bits-to-bytes conversion logic twice, which would lead to an
insignificant amount of bytes being compared in
`SECITEM_ItemsAreEqual()` and thus turn the logic into being a
prefix match instead of a full match.

The `DER_ConvertBitString()` macro is defined in NSS as:

    /*
    ** Macro to convert der decoded bit string into a decoded octet
    ** string. All it needs to do is fiddle with the length code.
    */
    #define DER_ConvertBitString(item)            \
        {                                         \
            (item)->len = ((item)->len + 7) >> 3; \
        }

Thanks to Taylor Yu for spotting this problem.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119

Alexander Færøy authored May 16, 2020 and Nick Mathewson committed Jul 06, 2020

We add constness to `peer_info_orig_len` and `cert_info_orig_len` in
`tor_tls_cert_matches_key` to ensure that we don't accidentally alter
the variables.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119

Alexander Færøy authored Mar 31, 2020 and Nick Mathewson committed Jul 06, 2020

This patch fixes an out-of-bound memory read in
`tor_tls_cert_matches_key()` when Tor is compiled to use Mozilla's NSS
instead of OpenSSL.

The NSS library stores some length fields in bits instead of bytes, but
the comparison function found in `SECITEM_ItemsAreEqual()` needs the
length to be encoded in bytes. This means that for a 140-byte,
DER-encoded, SubjectPublicKeyInfo struct (with a 1024-bit RSA public key
in it), we would ask `SECITEM_ItemsAreEqual()` to compare the first 1120
bytes instead of 140 (140bytes * 8bits = 1120bits).

This patch fixes the issue by converting from bits to bytes before
calling `SECITEM_ItemsAreEqual()` and convert the `len`-fields back to
bits before we leave the function.

This patch is part of the fix for TROVE-2020-001.

See: https://bugs.torproject.org/33119

Fixes bug 32673; bugfix on 0.3.0.4-alpha.  We introduced these
checks in ee5471f9 to help diagnose 21369, but we used "-1"
when "TOR_TLS_ERROR_MISC" would have been correct.  Found by opara.

I don't think that this is actually getting triggered in the wild,
but if it were, it could cause nasty behavior: spurious
WANTREAD/WANTWRITE returns have a way of turning into CPU-eating
busy-loops.

We introduced these BUG() checks in b0ddaac0 to prevent a
recurrence of bug 23690.  But there's a report of the BUG() message
getting triggered and filling up the disk.  Let's change it to
IF_BUG_ONCE().

Fixes bug 33093; bugfix on 0.3.2.2-alpha.

This gives us the definition of tor_x509_cert_impl_t, and makes us
less dependent on include order.

This is an automated commit, generated by:

perl -i -pe 'next if /define/; s/((?:ENABLE|DISABLE)_GCC_WARNING)\(([A-Za-z0-9_\-]+)\)/$1(\"-W$2\")/' src/*/*/*.[ch] src/*/*.[ch]

Using a standard ending here will let other tools that expect
markdown understand our output here.

This commit was automatically generated with:

   for fn in $(find src -name '*.dox'); do \
      git mv "$fn" "${fn%.dox}.md"; \
   done

This is an automatically generated commit, made with:

find src -name '*.dox' | \
   xargs  perl -i -ne 'print unless (m#^\s*/?\*\*/?\s*$#);'

(This copies documentation from doc/HACKING/design, and edits for
concisensess and clarity.)

This commit was automatically generated with:

find src -name '*.dox' |xargs perl -i -pe 's{\@dir ([^/])}{\@dir /$1};'

This includes app, core, feature, lib, and tools, but excludes
ext, test, and trunnel.

This was generated by the following shell script:

cd src
for dname in $(find lib core feature app tools -type d |grep -v \\.deps$); do
    keyword="$(echo "$dname" |sed -e "s/\//_/" )"
    target="${dname}/${keyword}.dox"
    echo "$target"
    cat <<EOF >"$target"
/**
@dir ${dname}
@brief ${dname}
**/
EOF

    git add "$target"
done

If a file doesn't use the file command (either \file or @file),
Doxygen won't try to process it.

These declarations also turned up a doxygen warning for
crypto_ope.c; I fixed that too.

Rather than filling the logs with similar warnings.

Fixes bug 31939; bugfix on 0.3.0.4-rc.

This happened when I went to fix long lines after running "make
autostyle".

This mechanism isn't perfect, and sometimes it will guess wrong,
but it will help our automation.

Nick Mathewson authored Mar 29, 2019 and teor committed Apr 06, 2019

In current NSS versions, these ciphersuites don't work with
SSL_ExportKeyingMaterial(), which was causing relays to fail when
they tried to negotiate the v3 link protocol authentication.

Fixes bug 29241; bugfix on 0.4.0.1-alpha.

Nick Mathewson authored Mar 29, 2019 and teor committed Apr 06, 2019

Diagnostic for 29241.

Closes ticket 29026; patch from Mangix.

This one only needs a shutdown right now.

Nothing should ever look at them on failure, but in some cases,
the unit tests don't check for failure, and then GCC-LTO freaks out.

Fixes part of 27772.

Fixes bug 27782; bugfix on 0.3.5.1-alpha

Related to #27795 -- since NSS will close the socket, we must not
count it as owned by Tor.

Closes ticket 27288