March 2011 - tor-commits - lists.torproject.org

[tor/master] Fix typo in man page
by nickm＠torproject.org 04 Mar '11

04 Mar '11

commit 88e0de9ebbb75a64d7870ccd8cf431bb0f23c937 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Mar 3 10:41:39 2011 -0800 Fix typo in man page --- doc/tor.1.txt | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 8b8fd20..f1734d2 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -34,7 +34,7 @@ OPTIONS Display a short help message and exit. **-f** __FILE__:: - FILE contains further "option value" paris. (Default: @CONFDIR@/torrc) + FILE contains further "option value" pairs. (Default: @CONFDIR@/torrc) **--hash-password**:: Generates a hashed password for control port access.

1 0

[tor/master] Emend changes/tls-hash
by nickm＠torproject.org 04 Mar '11

04 Mar '11

commit 4d21fe28701809bf00a65f66c0191e6697504e21 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Mar 3 17:54:53 2011 -0800 Emend changes/tls-hash --- changes/tls-hash | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/changes/tls-hash b/changes/tls-hash index a34083a..884ff91 100644 --- a/changes/tls-hash +++ b/changes/tls-hash @@ -1,3 +1,5 @@ o Code simplifications and refactoring: - - Use SSL_get_app_data to map SSL objects to tortls_t objects: there's + - Use SSL_get_ex_data to map SSL objects to tor_tls_t objects: there's no need for a hash table. + +

1 0

[tor/master] C style fix: a no-args function is void fn(void), not void fn().
by nickm＠torproject.org 04 Mar '11

04 Mar '11

commit f608872b0c62263c761157076129d8f4b07c20a9 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Mar 3 23:42:14 2011 -0500 C style fix: a no-args function is void fn(void), not void fn(). --- src/common/tortls.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index f4d4ec8..aaf2fda 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -160,7 +160,7 @@ static int tor_tls_object_ex_data_index = -1; /** Helper: Allocate tor_tls_object_ex_data_index. */ static void -tor_tls_allocate_tor_tls_object_ex_data_index() +tor_tls_allocate_tor_tls_object_ex_data_index(void) { if (tor_tls_object_ex_data_index == -1) { tor_tls_object_ex_data_index =

1 0

[tor/master] Add a magic field to tor_tls_t to catch exdata corruption bugs, if any appear.
by nickm＠torproject.org 04 Mar '11

04 Mar '11

commit 8ae179deec203bc7127f7a0b326569ef11e78dc0 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Mar 3 23:41:34 2011 -0500 Add a magic field to tor_tls_t to catch exdata corruption bugs, if any appear. --- src/common/tortls.c | 11 ++++++++++- 1 files changed, 10 insertions(+), 1 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 01d3e2a..f4d4ec8 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -103,10 +103,13 @@ typedef struct tor_tls_context_t { crypto_pk_env_t *key; } tor_tls_context_t; +#define TOR_TLS_MAGIC 0x71571571 + /** Holds a SSL object and its associated data. Members are only * accessed from within tortls.c. */ struct tor_tls_t { + uint32_t magic; tor_tls_context_t *context; /** A link to the context object for this tls. */ SSL *ssl; /**< An OpenSSL SSL object. */ int socket; /**< The underlying file descriptor for this TLS connection. */ @@ -171,7 +174,10 @@ tor_tls_allocate_tor_tls_object_ex_data_index() static INLINE tor_tls_t * tor_tls_get_by_ssl(const SSL *ssl) { - return SSL_get_ex_data(ssl, tor_tls_object_ex_data_index); + tor_tls_t *result = SSL_get_ex_data(ssl, tor_tls_object_ex_data_index); + if (result) + tor_assert(result->magic == TOR_TLS_MAGIC); + return result; } static void tor_tls_context_decref(tor_tls_context_t *ctx); @@ -918,6 +924,7 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) ++tls->server_handshake_count; } else { log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!"); + return; } /* Now check the cipher list. */ @@ -1025,6 +1032,7 @@ tor_tls_new(int sock, int isServer) tor_tls_t *result = tor_malloc_zero(sizeof(tor_tls_t)); tor_tls_context_t *context = isServer ? server_tls_context : client_tls_context; + result->magic = TOR_TLS_MAGIC; tor_assert(context); /* make sure somebody made it first */ if (!(result->ssl = SSL_new(context->ctx))) { @@ -1195,6 +1203,7 @@ tor_tls_free(tor_tls_t *tls) if (tls->context) tor_tls_context_decref(tls->context); tor_free(tls->address); + tls->magic = 0x99999999; tor_free(tls); }

1 0

[tor/master] Use SSL_*_ex_data instead of SSL_*_app_data
by nickm＠torproject.org 04 Mar '11

04 Mar '11

commit fe1137be6f0fc01d7dfda568134590ecb5627eb4 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Mar 3 15:34:53 2011 -0800 Use SSL_*_ex_data instead of SSL_*_app_data SSL_*_app_data uses ex_data index 0, which will be the first one allocated by SSL_get_ex_new_index. Thus, if we ever started using the ex_data feature for some other purpose, or a library linked to Tor ever started using OpenSSL's ex_data feature, Tor would break in spectacular and mysterious ways. Using the SSL_*_ex_data functions directly now may save us from that particular form of breakage in the future. But I would not be surprised if using OpenSSL's ex_data functions at all (directly or not) comes back to bite us on our backends quite hard. The specified behaviour of dup_func in the man page is stupid, and crypto/ex_data.c is a horrific mess. --- src/common/tortls.c | 21 +++++++++++++++++++-- 1 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 61cc4ba..905ecbb 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -151,12 +151,27 @@ static SSL_CIPHER *CLIENT_CIPHER_DUMMIES = NULL; static STACK_OF(SSL_CIPHER) *CLIENT_CIPHER_STACK = NULL; #endif +/** The ex_data index in which we store a pointer to an SSL object's + * corresponding tor_tls_t object. */ +static int tor_tls_object_ex_data_index = -1; + +/** Helper: Allocate tor_tls_object_ex_data_index. */ +static void +tor_tls_allocate_tor_tls_object_ex_data_index() +{ + if (tor_tls_object_ex_data_index == -1) { + tor_tls_object_ex_data_index = + SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); + tor_assert(tor_tls_object_ex_data_index != -1); + } +} + /** Helper: given a SSL* pointer, return the tor_tls_t object using that * pointer. */ static INLINE tor_tls_t * tor_tls_get_by_ssl(const SSL *ssl) { - return SSL_get_app_data(ssl); + return SSL_get_ex_data(ssl, tor_tls_object_ex_data_index); } static void tor_tls_context_decref(tor_tls_context_t *ctx); @@ -415,6 +430,8 @@ tor_tls_init(void) SSLeay_version(SSLEAY_VERSION), version); } + tor_tls_allocate_tor_tls_object_ex_data_index(); + tls_library_is_initialized = 1; } } @@ -1048,7 +1065,7 @@ tor_tls_new(int sock, int isServer) tor_free(result); return NULL; } - SSL_set_app_data(result->ssl, result); + SSL_set_ex_data(result->ssl, tor_tls_object_ex_data_index, result); SSL_set_bio(result->ssl, bio, bio); tor_tls_context_incref(context); result->context = context;

1 0

[tor/master] Check the result of SSL_set_ex_data
by nickm＠torproject.org 04 Mar '11

04 Mar '11

commit 74fc993b98a98f57d257d2150b0a915b47356490 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Mar 3 16:17:39 2011 -0800 Check the result of SSL_set_ex_data Reported by piebeer. --- src/common/tortls.c | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 905ecbb..01d3e2a 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1065,7 +1065,14 @@ tor_tls_new(int sock, int isServer) tor_free(result); return NULL; } - SSL_set_ex_data(result->ssl, tor_tls_object_ex_data_index, result); + { + int set_worked = + SSL_set_ex_data(result->ssl, tor_tls_object_ex_data_index, result); + if (!set_worked) { + log_warn(LD_BUG, + "Couldn't set the tls for an SSL*; connection will fail"); + } + } SSL_set_bio(result->ssl, bio, bio); tor_tls_context_incref(context); result->context = context;

1 0

[tor/master] Remove now-unused helper functions
by nickm＠torproject.org 04 Mar '11

04 Mar '11

commit 13ee80346927c155b2cecc7859e14865c05bb5f8 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Mar 3 14:59:21 2011 -0800 Remove now-unused helper functions These functions were needed only by code removed in the preceding commit. Reported by mobmix. --- src/common/tortls.c | 18 ------------------ 1 files changed, 0 insertions(+), 18 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 20a0e77..61cc4ba 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -151,24 +151,6 @@ static SSL_CIPHER *CLIENT_CIPHER_DUMMIES = NULL; static STACK_OF(SSL_CIPHER) *CLIENT_CIPHER_STACK = NULL; #endif -/** Helper: compare tor_tls_t objects by its SSL. */ -static INLINE int -tor_tls_entries_eq(const tor_tls_t *a, const tor_tls_t *b) -{ - return a->ssl == b->ssl; -} - -/** Helper: return a hash value for a tor_tls_t by its SSL. */ -static INLINE unsigned int -tor_tls_entry_hash(const tor_tls_t *a) -{ -#if SIZEOF_INT == SIZEOF_VOID_P - return ((unsigned int)(uintptr_t)a->ssl); -#else - return (unsigned int) ((((uint64_t)a->ssl)>>2) & UINT_MAX); -#endif -} - /** Helper: given a SSL* pointer, return the tor_tls_t object using that * pointer. */ static INLINE tor_tls_t *

1 0

[tor/maint-0.2.2] Merge remote branch 'rransom/typo-fix-2011-03-03-01' into maint-0.2.2
by nickm＠torproject.org 04 Mar '11

04 Mar '11

commit 1d6af67ab8d96c30e022f1f7602276f10c8444dc Merge: 6b74081 88e0de9 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Mar 3 13:50:17 2011 -0500 Merge remote branch 'rransom/typo-fix-2011-03-03-01' into maint-0.2.2 doc/tor.1.txt | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)

1 0

[tor/maint-0.2.2] Fix typo in man page
by nickm＠torproject.org 04 Mar '11

04 Mar '11

commit 88e0de9ebbb75a64d7870ccd8cf431bb0f23c937 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Mar 3 10:41:39 2011 -0800 Fix typo in man page --- doc/tor.1.txt | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 8b8fd20..f1734d2 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -34,7 +34,7 @@ OPTIONS Display a short help message and exit. **-f** __FILE__:: - FILE contains further "option value" paris. (Default: @CONFDIR@/torrc) + FILE contains further "option value" pairs. (Default: @CONFDIR@/torrc) **--hash-password**:: Generates a hashed password for control port access.

1 0

r24301: {} add some images for presentations. (projects/presentations/images)
by Andrew Lewman 04 Mar '11

04 Mar '11

Author: phobos Date: 2011-03-04 04:23:06 +0000 (Fri, 04 Mar 2011) New Revision: 24301 Added: projects/presentations/images/mediacom-ad-injection-apple.png projects/presentations/images/mediacom-ad-injection-google.png projects/presentations/images/myanmar-gmail-ssl-mitm-mpt.png projects/presentations/images/myanmar-ssl-mitm-gmail.png Log: add some images for presentations. Added: projects/presentations/images/mediacom-ad-injection-apple.png =================================================================== (Binary files differ) Property changes on: projects/presentations/images/mediacom-ad-injection-apple.png ___________________________________________________________________ Added: svn:mime-type + image/png Added: projects/presentations/images/mediacom-ad-injection-google.png =================================================================== (Binary files differ) Property changes on: projects/presentations/images/mediacom-ad-injection-google.png ___________________________________________________________________ Added: svn:mime-type + image/png Added: projects/presentations/images/myanmar-gmail-ssl-mitm-mpt.png =================================================================== (Binary files differ) Property changes on: projects/presentations/images/myanmar-gmail-ssl-mitm-mpt.png ___________________________________________________________________ Added: svn:mime-type + image/png Added: projects/presentations/images/myanmar-ssl-mitm-gmail.png =================================================================== (Binary files differ) Property changes on: projects/presentations/images/myanmar-ssl-mitm-gmail.png ___________________________________________________________________ Added: svn:mime-type + image/png

1 0