February 2015 - tor-commits - lists.torproject.org

[tor/master] Check more thoroughly for unlogged OpenSSL errors
by nickm＠torproject.org 02 Feb '15

02 Feb '15

commit 5bcf9522618307ca4829ee7349a482a869766d6e Author: Nick Mathewson <nickm(a)torproject.org> Date: Sun Nov 2 13:04:44 2014 -0500 Check more thoroughly for unlogged OpenSSL errors --- changes/bug13319 | 4 ++++ src/common/tortls.c | 55 ++++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 47 insertions(+), 12 deletions(-) diff --git a/changes/bug13319 b/changes/bug13319 new file mode 100644 index 0000000..eee95c8 --- /dev/null +++ b/changes/bug13319 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Check more thoroughly throughout the TLS code for possible unlogged + TLS errors. Possible diagnostic or fix for bug 13319. + diff --git a/src/common/tortls.c b/src/common/tortls.c index cca2d42..4f588de 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -452,6 +452,8 @@ tor_tls_get_error(tor_tls_t *tls, int r, int extra, static void tor_tls_init(void) { + check_no_tls_errors(); + if (!tls_library_is_initialized) { long version; SSL_library_init(); @@ -550,6 +552,8 @@ tor_tls_init(void) void tor_tls_free_all(void) { + check_no_tls_errors(); + if (server_tls_context) { tor_tls_context_t *ctx = server_tls_context; server_tls_context = NULL; @@ -861,29 +865,33 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len) const unsigned char *cp = (const unsigned char *)certificate; tor_cert_t *newcert; tor_assert(certificate); + check_no_tls_errors(); if (certificate_len > INT_MAX) - return NULL; + goto err; x509 = d2i_X509(NULL, &cp, (int)certificate_len); if (!x509) - return NULL; /* Couldn't decode */ + goto err; /* Couldn't decode */ if (cp - certificate != (int)certificate_len) { X509_free(x509); - return NULL; /* Didn't use all the bytes */ + goto err; /* Didn't use all the bytes */ } newcert = tor_cert_new(x509); if (!newcert) { - return NULL; + goto err; } if (newcert->encoded_len != certificate_len || fast_memneq(newcert->encoded, certificate, certificate_len)) { /* Cert wasn't in DER */ tor_cert_free(newcert); - return NULL; + goto err; } return newcert; + err: + tls_log_errors(NULL, LOG_INFO, LD_CRYPTO, "decoding a certificate"); + return NULL; } /** Set *encoded_out and *size_out to cert's encoded DER @@ -1025,21 +1033,24 @@ tor_tls_cert_is_valid(int severity, const tor_cert_t *signing_cert, int check_rsa_1024) { + check_no_tls_errors(); + EVP_PKEY *cert_key; EVP_PKEY *signing_key = X509_get_pubkey(signing_cert->cert); int r, key_ok = 0; + if (!signing_key) - return 0; + goto bad; r = X509_verify(cert->cert, signing_key); EVP_PKEY_free(signing_key); if (r <= 0) - return 0; + goto bad; /* okay, the signature checked out right. Now let's check the check the * lifetime. */ if (check_cert_lifetime_internal(severity, cert->cert, 48*60*60, 30*24*60*60) < 0) - return 0; + goto bad; cert_key = X509_get_pubkey(cert->cert); if (check_rsa_1024 && cert_key) { @@ -1059,11 +1070,14 @@ tor_tls_cert_is_valid(int severity, } EVP_PKEY_free(cert_key); if (!key_ok) - return 0; + goto bad; /* XXXX compare DNs or anything? */ return 1; + bad: + tls_log_errors(NULL, LOG_INFO, LD_CRYPTO, "checking a certificate"); + return 0; } /** Increase the reference count of ctx. */ @@ -1090,6 +1104,7 @@ tor_tls_context_init(unsigned flags, int rv1 = 0; int rv2 = 0; const int is_public_server = flags & TOR_TLS_CTX_IS_PUBLIC_SERVER; + check_no_tls_errors(); if (is_public_server) { tor_tls_context_t *new_ctx; @@ -1134,6 +1149,7 @@ tor_tls_context_init(unsigned flags, 1); } + tls_log_errors(NULL, LOG_WARN, LD_CRYPTO, "constructing a TLS context"); return MIN(rv1, rv2); } @@ -1857,11 +1873,12 @@ tor_tls_new(int sock, int isServer) client_tls_context; result->magic = TOR_TLS_MAGIC; + check_no_tls_errors(); tor_assert(context); /* make sure somebody made it first */ if (!(result->ssl = SSL_new(context->ctx))) { tls_log_errors(NULL, LOG_WARN, LD_NET, "creating SSL object"); tor_free(result); - return NULL; + goto err; } #ifdef SSL_set_tlsext_host_name @@ -1881,7 +1898,7 @@ tor_tls_new(int sock, int isServer) #endif SSL_free(result->ssl); tor_free(result); - return NULL; + goto err; } if (!isServer) rectify_client_ciphers(&result->ssl->cipher_list); @@ -1894,7 +1911,7 @@ tor_tls_new(int sock, int isServer) #endif SSL_free(result->ssl); tor_free(result); - return NULL; + goto err; } { int set_worked = @@ -1928,6 +1945,10 @@ tor_tls_new(int sock, int isServer) if (isServer) tor_tls_setup_session_secret_cb(result); + goto done; + err: + result = NULL; + done: /* Not expected to get called. */ tls_log_errors(NULL, LOG_WARN, LD_NET, "creating tor_tls_t object"); return result; @@ -2175,6 +2196,7 @@ int tor_tls_finish_handshake(tor_tls_t *tls) { int r = TOR_TLS_DONE; + check_no_tls_errors(); if (tls->isServer) { SSL_set_info_callback(tls->ssl, NULL); SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb); @@ -2220,6 +2242,7 @@ tor_tls_finish_handshake(tor_tls_t *tls) r = TOR_TLS_ERROR_MISC; } } + tls_log_errors(NULL, LOG_WARN, LD_NET, "finishing the handshake"); return r; } @@ -2250,6 +2273,8 @@ tor_tls_renegotiate(tor_tls_t *tls) /* We could do server-initiated renegotiation too, but that would be tricky. * Instead of "SSL_renegotiate, then SSL_do_handshake until done" */ tor_assert(!tls->isServer); + + check_no_tls_errors(); if (tls->state != TOR_TLS_ST_RENEGOTIATE) { int r = SSL_renegotiate(tls->ssl); if (r <= 0) { @@ -2278,6 +2303,7 @@ tor_tls_shutdown(tor_tls_t *tls) char buf[128]; tor_assert(tls); tor_assert(tls->ssl); + check_no_tls_errors(); while (1) { if (tls->state == TOR_TLS_ST_SENTCLOSE) { @@ -2465,6 +2491,7 @@ tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity_key) RSA *rsa; int r = -1; + check_no_tls_errors(); *identity_key = NULL; try_to_extract_certs_from_tls(severity, tls, &cert, &id_cert); @@ -2705,6 +2732,8 @@ dn_indicates_v3_cert(X509_NAME *name) int tor_tls_received_v3_certificate(tor_tls_t *tls) { + check_no_tls_errors(); + X509 *cert = SSL_get_peer_certificate(tls->ssl); EVP_PKEY *key = NULL; X509_NAME *issuer_name, *subject_name; @@ -2737,6 +2766,8 @@ tor_tls_received_v3_certificate(tor_tls_t *tls) } done: + tls_log_errors(tls, LOG_WARN, LD_NET, "checking for a v3 cert"); + if (key) EVP_PKEY_free(key); if (cert)

1 0

[tor/master] Merge remote-tracking branch 'public/bug13319'
by nickm＠torproject.org 02 Feb '15

02 Feb '15

commit 69deab8b2a5f09577fa4f15190c3aac181f5b6af Merge: f4b79bc 5bcf952 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 2 10:25:25 2015 -0500 Merge remote-tracking branch 'public/bug13319' changes/bug13319 | 4 ++++ src/common/tortls.c | 55 ++++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 47 insertions(+), 12 deletions(-)

1 0

[tor/master] Only retry connecting to configured bridges
by nickm＠torproject.org 02 Feb '15

02 Feb '15

commit 4cb59ceb8ef603f5661f87e4787d45255fbe210c Author: Matthew Finkel <Matthew.Finkel(a)gmail.com> Date: Sat Jan 31 09:34:24 2015 +0000 Only retry connecting to configured bridges After connectivity problems, only try connecting to bridges which are currently configured; don't mark bridges which we previously used but are no longer configured. Fixes 14216. Reported by and fix provided by arma. --- changes/bug14216 | 5 +++++ src/or/entrynodes.c | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/changes/bug14216 b/changes/bug14216 new file mode 100644 index 0000000..47893ce --- /dev/null +++ b/changes/bug14216 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - When we are using bridges and we had a network connectivity problem, only + retry connecting to our currently configured bridges, not all bridges we + know about and remember using. + Fixes bug 14216; bugfix on tor-0.2.2.17-alpha. Patch from arma. diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 5b0e342..17cb825 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -2368,7 +2368,9 @@ entries_retry_helper(const or_options_t *options, int act) SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, e) { node = node_get_by_id(e->identity); if (node && node_has_descriptor(node) && - node_is_bridge(node) == need_bridges) { + node_is_bridge(node) == need_bridges && + (!need_bridges || (!e->bad_since && + node_is_a_configured_bridge(node)))) { any_known = 1; if (node->is_running) any_running = 1; /* some entry is both known and running */

1 0

[tor/master] Merge remote-tracking branch 'sysrqb/bug14216_bad_since'
by nickm＠torproject.org 02 Feb '15

02 Feb '15

commit f4b79bc4208132d057a7be04e6135480129c5048 Merge: 55639bc 4cb59ce Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 2 10:23:52 2015 -0500 Merge remote-tracking branch 'sysrqb/bug14216_bad_since' changes/bug14216 | 5 +++++ src/or/entrynodes.c | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-)

1 0

[tor/master] Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()
by nickm＠torproject.org 02 Feb '15

02 Feb '15

commit 80bed1ac96a3035f8c55ddced5528f0d7d16d386 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Thu Jan 29 12:52:18 2015 -0500 Remove obsolete workaround in dirserv_thinks_router_is_hs_dir() Fixes #14202 Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- changes/bug14202 | 3 +++ src/or/dirserv.c | 9 +-------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/changes/bug14202 b/changes/bug14202 new file mode 100644 index 0000000..2bb4ba1 --- /dev/null +++ b/changes/bug14202 @@ -0,0 +1,3 @@ + o Minor cleanup + - Remove workaround in dirserv_thinks_router_is_hs_dir() that was only + for version <= 0.2.2.24 which is now deprecated. diff --git a/src/or/dirserv.c b/src/or/dirserv.c index b694f8a..3579924 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1305,14 +1305,7 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router, else uptime = real_uptime(router, now); - /* XXX We shouldn't need to check dir_port, but we do because of - * bug 1693. In the future, once relays set wants_to_be_hs_dir - * correctly, we can revert to only checking dir_port if router's - * version is too old. */ - /* XXX Unfortunately, we need to keep checking dir_port until all - * *clients* suffering from bug 2722 are obsolete. The first version - * to fix the bug was 0.2.2.25-alpha. */ - return (router->wants_to_be_hs_dir && router->dir_port && + return (router->wants_to_be_hs_dir && uptime >= get_options()->MinUptimeHidServDirectoryV2 && router_is_active(router, node, now)); }

1 0

[tor/master] Merge remote-tracking branch 'dgoulet/bug14202_026_v1'
by nickm＠torproject.org 02 Feb '15

02 Feb '15

commit 55639bc67f66e0bb41af1474ce8654d49faf9a61 Merge: e78b7e2 80bed1a Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 2 10:16:48 2015 -0500 Merge remote-tracking branch 'dgoulet/bug14202_026_v1' changes/bug14202 | 3 +++ src/or/dirserv.c | 9 +-------- 2 files changed, 4 insertions(+), 8 deletions(-)

1 0

[tor/master] Try to work around changes in openssl 1.1.0
by nickm＠torproject.org 02 Feb '15

02 Feb '15

commit e9caa8645e5da69ac503a365624896d33b91504b Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jan 28 10:00:58 2015 -0500 Try to work around changes in openssl 1.1.0 Prefer not to use a couple of deprecated functions; include more headers in tortls.c This is part of ticket 14188. --- changes/ticket14188_part1 | 2 ++ src/common/crypto.c | 18 +++++++++++++++++- src/common/tortls.c | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/changes/ticket14188_part1 b/changes/ticket14188_part1 new file mode 100644 index 0000000..9d66bba --- /dev/null +++ b/changes/ticket14188_part1 @@ -0,0 +1,2 @@ + o Compilation fixes: + - Compile correctly with (unreleased) OpenSSL 1.1.0 headers. diff --git a/src/common/crypto.c b/src/common/crypto.c index 370c04a..218c7be 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1780,9 +1780,13 @@ crypto_generate_dynamic_dh_modulus(void) dynamic_dh_modulus = BN_new(); tor_assert(dynamic_dh_modulus); - dh_parameters = DH_generate_parameters(DH_BYTES*8, DH_GENERATOR, NULL, NULL); + dh_parameters = DH_new(); tor_assert(dh_parameters); + r = DH_generate_parameters_ex(dh_parameters, + DH_BYTES*8, DH_GENERATOR, NULL); + tor_assert(r == 0); + r = DH_check(dh_parameters, &dh_codes); tor_assert(r && !dh_codes); @@ -3115,6 +3119,14 @@ openssl_dynlock_destroy_cb_(struct CRYPTO_dynlock_value *v, tor_free(v); } +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0) +static void +tor_set_openssl_thread_id(CRYPTO_THREADID *threadid) +{ + CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id()); +} +#endif + /** @{ */ /** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being * multithreaded. */ @@ -3128,7 +3140,11 @@ setup_openssl_threading(void) for (i=0; i < n; ++i) openssl_mutexes_[i] = tor_mutex_new(); CRYPTO_set_locking_callback(openssl_locking_cb_); +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0) CRYPTO_set_id_callback(tor_get_thread_id); +#else + CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id); +#endif CRYPTO_set_dynlock_create_callback(openssl_dynlock_create_cb_); CRYPTO_set_dynlock_lock_callback(openssl_dynlock_lock_cb_); CRYPTO_set_dynlock_destroy_callback(openssl_dynlock_destroy_cb_); diff --git a/src/common/tortls.c b/src/common/tortls.c index ca62913..5df6364 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -50,6 +50,8 @@ #include <openssl/asn1.h> #include <openssl/bio.h> #include <openssl/opensslv.h> +#include <openssl/bn.h> +#include <openssl/rsa.h> #if __GNUC__ && GCC_VERSION >= 402 #if GCC_VERSION >= 406

1 0

[tor/master] Merge remote-tracking branch 'public/14188_part1'
by nickm＠torproject.org 02 Feb '15

02 Feb '15

commit e78b7e27761df246349b4eee7667c304a68b73fd Merge: aa4f773 e9caa86 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 2 10:15:26 2015 -0500 Merge remote-tracking branch 'public/14188_part1' changes/ticket14188_part1 | 2 ++ src/common/crypto.c | 18 +++++++++++++++++- src/common/tortls.c | 2 ++ 3 files changed, 21 insertions(+), 1 deletion(-)

1 0

[tor/master] Updating OpenBSD section of doc/TUNING.
by nickm＠torproject.org 02 Feb '15

02 Feb '15

commit aa4f773670e79bc78ed68de3b4c05e7d5afadea0 Author: rl1987 <rl1987(a)sdf.lonestar.org> Date: Sun Feb 1 19:52:54 2015 +0200 Updating OpenBSD section of doc/TUNING. --- doc/TUNING | 75 ++++++++++++++++++++++-------------------------------------- 1 file changed, 27 insertions(+), 48 deletions(-) diff --git a/doc/TUNING b/doc/TUNING index 90bd120..24552a3 100644 --- a/doc/TUNING +++ b/doc/TUNING @@ -38,62 +38,41 @@ read-only on OS X. OpenBSD ------- -For recent versions of OpenBSD (5.5 and 5.6, and probably older releases -as well), the maximum number of file descriptors that can be opened is -7030: +Because OpenBSD is primarily focused on security and stability, it uses default +resource limits stricter than those of more popular Unix-like operating systems. -http://unix.stackexchange.com/questions/104929/does-openbsd-have-a-limit-to-the-number-of-file-descriptors/104948#104948 +OpenBSD stores a kernel-level file descriptor limit in the sysctl variable +kern.maxfiles. It defaults to 7,030. To change it to, for example, 16,000 while +the system is running, use the command 'sudo sysctl kern.maxfiles=16000'. +kern.maxfiles will reset to the default value upon system reboot unless you also +add 'kern.maxfiles=16000' to the file /etc/sysctl.conf. -The maximum number of file descriptors that an OpenBSD machine can have -open is stored in the sysctl variable kern.maxfiles. This value defaults -to 7030 - to verify this, run sysctl kern.maxfiles. +There are stricter resource limits set on user classes, which are stored in +/etc/login.conf. This config file also allows limit sets for daemons started +with scripts in the /etc/rc.d directory, which presumably includes Tor. -To immediately change a running system's file descriptor limit to, for -example, 20,000 files, run sudo sysctl kern.maxfiles=20000. All sysctl -variables are reset upon reboot using defaults and /etc/sysctl.conf, so -to make your change permanent you must add the line kern.maxfiles=20000 -to /etc/sysctl.conf. - -One can also change a maximum number of allowed file descriptors for Tor -daemon alone by editing /etc/rc.d/tor and adding the following lines: +To increase the file descriptor limit from its default of 1,024, add the +following to /etc/login.conf: tor:\ - :openfiles-max=8192:\ - :tc=daemon: - -However, there are stricter limits set on users. This is a security -feature intended to prevent one user from choking out others by opening -all possible file descriptors. - -The stricter limits are set in /etc/login.conf. This config file sets -resource access rules for user classes. You should be running -Tor as a non-privileged daemon user '_tor', which belongs to the 'daemon' -class. It will therefore be subject to the 'default' and 'daemon' rules. -There are two relevant rules: openfiles-cur and openfiles-max. The prior -is the initial limit upon login - the soft limit. The latter is the maximum -limit that can be set using 'ulimit -n' or setrlimit() without editing -/etc/login.conf and rebooting. This is known as the hard limit. - -Without editing /etc/login.conf, daemon-owned processes have -soft limit of 512 open files and a hard limit of 1024 open files. -Tor can increase the soft limit as needed, so you will therefore -eventually get warnings about running out of available file descriptors -once Tor reaches ~1024 open files. - -To increase the hard limit, add the following line to the daemon class -rules in /etc/login.conf: + :openfiles-max=13500:\ + :tc=daemon: -tor:\ - :openfiles-max=8192:\ - :tc=daemon: +Upon restarting Tor, it will be able to open up to 13,500 file descriptors. + +This will work *only* if you are starting Tor with the script /etc/rc.d/tor. If +you're using a custom build instead of the package, you can easily copy the rc.d +script from the Tor port directory. Alternatively, you can ensure that the Tor's +daemon user has its own user class and make a /etc/login.conf entry for it. + +High-bandwidth relays sometimes give the syslog warning: -Upon restarting the machine, Tor will be able to open up to 6500 file -descriptors. +/bsd: WARNING: mclpools limit reached; increase kern.maxclusters -Be aware that, by doing this, you are bypassing a security and stability -feature of the OS. If you are running your relay on a weak or old system, -watch your system load to ensure that it can handle this many open files. -Also, Tor may interfere with any other programs that open many files. +In this case, increase kern.maxclusters with the sysctl command and in the file +/etc/sysctl.conf, as described with kern.maxfiles above. Use 'sysctl +kern.maxclusters' to query the current value. Increasing by about 15% per day +until the error no longer appears is a good guideline. Disclaimer ----------

1 0

[translation/torbutton-torbuttonproperties] Update translations for torbutton-torbuttonproperties
by translation＠torproject.org 02 Feb '15

02 Feb '15

commit a63bef0b61b73c7137c46bf2c866d3ae7da80a6e Author: Translation commit bot <translation(a)torproject.org> Date: Mon Feb 2 13:46:13 2015 +0000 Update translations for torbutton-torbuttonproperties --- kn/torbutton.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kn/torbutton.properties b/kn/torbutton.properties index d23c67d..fb501d9 100644 --- a/kn/torbutton.properties +++ b/kn/torbutton.properties @@ -21,8 +21,8 @@ torbutton.popup.test.auto_failed = The automatic Tor proxy test failed to use To torbutton.prefs.recommended = (recommended) torbutton.prefs.optional = (optional) torbutton.prefs.crucial = (crucial) -torbutton.popup.external.title = Download an external file type? -torbutton.popup.external.app = Tor Browser cannot display this file. You will need to open it with another application.\n\n +torbutton.popup.external.title = ಬಾಹ್ಯ ಕಡತ ಪ್ರಕಾರವನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಬೇಕೆ? +torbutton.popup.external.app = ಟಾರ್ ಬ್ರೌಸರ್ ಈ ಕಡತವನ್ನು ಪ್ರದರ್ಶಿಸಲಾಗುವುದಿಲ್ಲ. ನೀವು ಇದನ್ನು ಇನ್ನೊಂದು ಅಪ್ಲಿಕೇಶನಿಂದ ಅದನ್ನು ತೆರೆಯಿರಿ.\n\n torbutton.popup.external.note = Some types of files can cause applications to connect to the Internet without using Tor.\n\n torbutton.popup.external.suggest = To be safe, you should only open downloaded files while offline, or use a Tor Live CD such as Tails.\n torbutton.popup.launch = Download file

1 0