[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Merge branch 'maint-0.3.5' into bug31107_035



commit 7589995111b452cf7e92f5e9b5d94df244cbdbb9
Merge: 3c97ab3c2 046183714
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Tue Sep 17 09:16:52 2019 -0400

    Merge branch 'maint-0.3.5' into bug31107_035

 .appveyor.yml                                      |  119 +
 .gitignore                                         |  139 +-
 .gitlab-ci.yml                                     |   45 +
 .gitmodules                                        |    3 +
 .travis.yml                                        |   78 +-
 CODE_OF_CONDUCT                                    |    7 +
 CONTRIBUTING                                       |   39 +
 ChangeLog                                          | 9099 +++++++++++++++++++-
 Doxyfile.in                                        | 1184 ++-
 INSTALL                                            |   34 -
 LICENSE                                            |   32 +-
 Makefile.am                                        |  276 +-
 README                                             |    3 +
 ReleaseNotes                                       | 7319 +++++++++++++++-
 acinclude.m4                                       |   25 +-
 autogen.sh                                         |    4 +-
 changes/29241_diagnostic                           |    4 +
 changes/bug13221                                   |    5 +
 changes/bug21394.2                                 |    7 -
 changes/bug22619                                   |    3 +
 changes/bug23512                                   |    6 -
 changes/bug23681                                   |    5 -
 changes/bug23790                                   |    6 -
 changes/bug24104                                   |    4 -
 changes/bug24661                                   |    3 +
 changes/bug24903                                   |    5 -
 changes/bug25113                                   |    5 -
 changes/bug25116                                   |    4 -
 changes/bug25733                                   |    4 -
 changes/bug27073                                   |    4 -
 changes/bug27197                                   |    3 +
 changes/bug27199                                   |    3 +
 changes/bug27316                                   |    3 -
 changes/bug27658                                   |    6 -
 changes/bug27709                                   |    4 -
 changes/bug27740                                   |    4 +
 changes/bug27741                                   |    5 +
 changes/bug27750                                   |    6 +
 changes/bug27800                                   |    4 +
 changes/bug27804                                   |    3 +
 changes/bug27841                                   |    7 +
 changes/bug27963_timeradd                          |    4 +
 changes/bug27968                                   |    3 +
 changes/bug28115                                   |    3 +
 changes/bug28127                                   |    7 +
 changes/bug28183                                   |    4 +
 changes/bug28298                                   |    4 +
 changes/bug28303                                   |    3 +
 changes/bug28348_034                               |    5 +
 changes/bug28399                                   |    4 +
 changes/bug28419                                   |    3 +
 changes/bug28435                                   |    3 +
 changes/bug28441                                   |    4 +
 changes/bug28454                                   |    4 +
 changes/bug28485                                   |    3 +
 changes/bug28524                                   |    4 +
 changes/bug28554                                   |    3 +
 changes/bug28562                                   |    5 +
 changes/bug28568                                   |    4 +
 changes/bug28569                                   |    3 +
 changes/bug28612                                   |    4 +
 changes/bug28619                                   |    6 +
 changes/bug28656                                   |    3 +
 changes/bug28698                                   |    3 +
 changes/bug28895                                   |    5 +
 changes/bug28920                                   |    6 +
 changes/bug28938                                   |    4 +
 changes/bug28974                                   |    3 +
 changes/bug28979                                   |    4 +
 changes/bug28981                                   |    5 +
 changes/bug28995                                   |    5 +
 changes/bug29017                                   |    4 +
 changes/bug29034                                   |    5 +
 changes/bug29040                                   |    4 +
 changes/bug29042                                   |    5 +
 changes/bug29135                                   |    5 +
 changes/bug29144                                   |    5 +
 changes/bug29161                                   |    3 +
 changes/bug29175_035                               |    4 +
 changes/bug29241                                   |    6 +
 changes/bug29244                                   |    4 +
 changes/bug29530_035                               |    5 +
 changes/bug29601                                   |    6 +
 changes/bug29670                                   |    4 +
 changes/bug29875                                   |   11 +
 changes/bug29922                                   |    4 +
 changes/bug30011                                   |    4 +
 changes/bug30040                                   |    9 +
 changes/bug30148                                   |    4 +
 changes/bug30189                                   |    4 +
 changes/bug30190                                   |    3 +
 changes/bug30316                                   |    4 +
 changes/bug30452                                   |    3 +
 changes/bug30475                                   |    4 +
 changes/bug30713                                   |    5 +
 changes/bug30744                                   |    3 +
 changes/bug30894                                   |    4 +
 changes/bug31003                                   |    4 +
 changes/bug31463                                   |    3 +
 changes/cid1444119                                 |    3 +
 changes/geoip-2018-09-06                           |    4 -
 changes/geoip-2018-10-09                           |    4 -
 changes/rust_asan                                  |    8 +
 changes/ticket19566                                |    6 +
 changes/ticket27252                                |    6 -
 changes/ticket27471                                |    5 +
 changes/ticket27738                                |    4 -
 changes/ticket27751                                |    2 +
 changes/ticket27838                                |    4 +
 changes/ticket27913                                |    3 +
 changes/ticket27995                                |    4 +
 changes/ticket28026                                |    3 +
 changes/ticket28113                                |    5 +
 changes/ticket28128                                |    4 +
 changes/ticket28229_diag                           |    3 +
 changes/ticket28275                                |    4 +
 changes/ticket28318                                |    3 +
 changes/ticket28459                                |    4 +
 changes/ticket28574                                |    4 +
 changes/ticket28668                                |    3 +
 changes/ticket28669                                |    6 +
 changes/ticket28838                                |    8 +
 changes/ticket28851                                |    4 +
 changes/ticket28879                                |    5 +
 changes/ticket28881                                |    4 +
 changes/ticket28883                                |    4 +
 changes/ticket28912                                |    6 +
 changes/ticket28924                                |    4 +
 changes/ticket28973                                |    6 +
 changes/ticket29026                                |    4 +
 changes/ticket29160                                |    4 +
 changes/ticket29168                                |    5 +
 changes/ticket29435                                |    3 +
 changes/ticket29617                                |    4 +
 changes/ticket29702                                |    4 +
 changes/ticket29806                                |    7 +
 changes/ticket29962                                |    3 +
 changes/ticket30117                                |    4 +
 changes/ticket30234                                |    2 +
 changes/ticket30454                                |   10 +
 changes/ticket30591                                |    3 +
 changes/ticket30694                                |    3 +
 changes/ticket30871                                |    6 +
 changes/ticket31554                                |    4 +
 config.rust.in                                     |   24 +
 configure.ac                                       |  967 ++-
 contrib/dist/tor.service.in                        |    2 +-
 contrib/include.am                                 |    1 -
 contrib/operator-tools/linux-tor-prio.sh           |    2 +-
 contrib/win32build/package_nsis-mingw.sh           |   95 -
 contrib/win32build/tor-mingw.nsi.in                |    2 +-
 doc/HACKING/CodeStructure.md                       |  129 +
 doc/HACKING/CodingStandards.md                     |  237 +-
 doc/HACKING/CodingStandardsRust.md                 |  523 ++
 doc/HACKING/Fuzzing.md                             |  123 +
 doc/HACKING/GettingStarted.md                      |    5 +-
 doc/HACKING/GettingStartedRust.md                  |  183 +
 doc/HACKING/HelpfulTools.md                        |  132 +-
 doc/HACKING/HowToReview.md                         |    3 +
 doc/HACKING/Module.md                              |  111 +
 doc/HACKING/ReleasingTor.md                        |  135 +-
 doc/HACKING/Tracing.md                             |   91 +
 doc/HACKING/WritingTests.md                        |   12 +-
 doc/HACKING/android/Simpleperf.md                  |   98 +
 doc/include.am                                     |   28 +-
 doc/tor-print-ed-signing-cert.1.txt                |   32 +
 doc/tor-resolve.1.txt                              |    2 +-
 doc/tor.1.txt                                      | 1706 ++--
 doc/torify.1.txt                                   |   20 +-
 doc/torrc_format.txt                               |   15 +-
 m4/ax_check_sign.m4                                |    4 +-
 m4/pc_from_ucontext.m4                             |   20 +-
 scripts/README                                     |    6 +
 scripts/coccinelle/ceil_div.cocci                  |    6 +
 scripts/coccinelle/test-operator-cleanup           |   11 +
 scripts/coccinelle/test_assert_int.cocci           |   49 +
 scripts/coccinelle/test_assert_null.cocci          |   11 +
 scripts/coccinelle/test_assert_zero.cocci          |    5 +
 scripts/codegen/fuzzing_include_am.py              |  154 +
 scripts/codegen/gen_server_ciphers.py              |   64 +-
 scripts/codegen/get_mozilla_ciphers.py             |   15 +-
 scripts/codegen/makedesc.py                        |    2 +-
 scripts/codegen/run_trunnel.sh                     |   10 +-
 scripts/maint/analyze_callgraph.py                 |  259 -
 scripts/maint/annotate_ifdef_directives            |   74 +
 scripts/maint/checkIncludes.py                     |  115 +
 scripts/maint/checkOptionDocs.pl.in                |    2 +-
 scripts/maint/checkSpace.pl                        |  148 +-
 scripts/maint/display_callgraph.py                 |   41 -
 scripts/maint/fallback.blacklist                   |  229 -
 scripts/maint/fallback.whitelist                   |  525 +-
 scripts/maint/format_changelog.py                  |    4 +-
 scripts/maint/generateFallbackDirLine.py           |   38 +
 scripts/maint/generate_callgraph.sh                |   14 -
 scripts/maint/lintChanges.py                       |   72 +-
 scripts/maint/lookupFallbackDirContact.py          |   28 +
 scripts/maint/rectify_include_paths.py             |   60 +
 scripts/maint/redox.py                             |    4 +-
 scripts/maint/run_calltool.sh                      |   29 +
 scripts/maint/sortChanges.py                       |    2 +-
 scripts/maint/updateCopyright.pl                   |    4 +-
 scripts/maint/updateFallbackDirs.py                |  815 +-
 scripts/maint/updateRustDependencies.sh            |   45 +
 scripts/test/appveyor-irc-notify.py                |  219 +
 scripts/test/chutney-git-bisect.sh                 |   62 +
 scripts/test/cov-diff                              |   14 +-
 scripts/test/cov-exclude                           |    6 +
 scripts/test/coverage                              |    8 +-
 scripts/test/scan-build.sh                         |   61 +-
 src/{or => app/config}/auth_dirs.inc               |    0
 src/app/config/config.c                            | 8521 ++++++++++++++++++
 src/app/config/config.h                            |  300 +
 src/app/config/confparse.c                         | 1207 +++
 src/app/config/confparse.h                         |  233 +
 src/{or => app/config}/fallback_dirs.inc           |    0
 src/app/config/or_options_st.h                     | 1077 +++
 src/app/config/or_state_st.h                       |   92 +
 src/app/config/statefile.c                         |  728 ++
 src/app/config/statefile.h                         |   36 +
 src/app/include.am                                 |   35 +
 src/app/main/main.c                                | 1519 ++++
 src/app/main/main.h                                |   31 +
 src/app/main/ntmain.c                              |  785 ++
 src/app/main/ntmain.h                              |   28 +
 src/app/main/tor_main.c                            |   42 +
 src/common/Makefile.nmake                          |   28 -
 src/common/address.c                               | 2162 -----
 src/common/address.h                               |  379 -
 src/common/address_set.c                           |  129 -
 src/common/address_set.h                           |   35 -
 src/common/aes.c                                   |  404 -
 src/common/aes.h                                   |   27 -
 src/common/backtrace.c                             |  248 -
 src/common/backtrace.h                             |   21 -
 src/common/ciphers.inc                             |  140 -
 src/common/compat.c                                | 3555 --------
 src/common/compat.h                                |  747 --
 src/common/compat_libevent.c                       |  285 -
 src/common/compat_libevent.h                       |   75 -
 src/common/compat_openssl.h                        |   47 -
 src/common/compat_pthreads.c                       |  349 -
 src/common/compat_threads.c                        |  332 -
 src/common/compat_threads.h                        |  151 -
 src/common/compat_time.c                           |  656 --
 src/common/compat_time.h                           |  162 -
 src/common/compat_winthreads.c                     |  250 -
 src/common/container.c                             | 1517 ----
 src/common/container.h                             |  725 --
 src/common/crypto.c                                | 3432 --------
 src/common/crypto.h                                |  340 -
 src/common/crypto_curve25519.c                     |  354 -
 src/common/crypto_curve25519.h                     |   87 -
 src/common/crypto_ed25519.c                        |  736 --
 src/common/crypto_ed25519.h                        |  131 -
 src/common/crypto_format.c                         |  277 -
 src/common/crypto_format.h                         |   46 -
 src/common/crypto_pwbox.c                          |  212 -
 src/common/crypto_pwbox.h                          |   20 -
 src/common/crypto_s2k.c                            |  468 -
 src/common/crypto_s2k.h                            |   73 -
 src/common/di_ops.c                                |  274 -
 src/common/di_ops.h                                |   50 -
 src/common/handles.h                               |  153 -
 src/common/include.am                              |  175 -
 src/common/log.c                                   | 1395 ---
 src/common/memarea.c                               |  306 -
 src/common/memarea.h                               |   24 -
 src/common/procmon.c                               |  343 -
 src/common/procmon.h                               |   33 -
 src/common/pubsub.c                                |  129 -
 src/common/pubsub.h                                |  179 -
 src/common/sandbox.c                               | 2016 -----
 src/common/sandbox.h                               |  182 -
 src/common/testsupport.h                           |   90 -
 src/common/timers.c                                |  293 -
 src/common/timers.h                                |   24 -
 src/common/torgzip.c                               |  586 --
 src/common/torgzip.h                               |   72 -
 src/common/torint.h                                |  367 -
 src/common/torlog.h                                |  251 -
 src/common/tortls.c                                | 2579 ------
 src/common/tortls.h                                |  265 -
 src/common/util.c                                  | 5774 -------------
 src/common/util.h                                  |  561 --
 src/common/util_bug.c                              |  115 -
 src/common/util_bug.h                              |  204 -
 src/common/util_format.c                           |  562 --
 src/common/util_format.h                           |   34 -
 src/common/util_process.c                          |  158 -
 src/common/util_process.h                          |   26 -
 src/common/workqueue.c                             |  538 --
 src/common/workqueue.h                             |   49 -
 src/config/torrc.minimal.in-staging                |   18 +-
 src/config/torrc.sample.in                         |   49 +-
 src/core/crypto/hs_ntor.c                          |  620 ++
 src/core/crypto/hs_ntor.h                          |   69 +
 src/core/crypto/onion_crypto.c                     |  311 +
 src/core/crypto/onion_crypto.h                     |   47 +
 src/core/crypto/onion_fast.c                       |  144 +
 src/core/crypto/onion_fast.h                       |   41 +
 src/core/crypto/onion_ntor.c                       |  341 +
 src/core/crypto/onion_ntor.h                       |   65 +
 src/core/crypto/onion_tap.c                        |  246 +
 src/core/crypto/onion_tap.h                        |   40 +
 src/core/crypto/relay_crypto.c                     |  332 +
 src/core/crypto/relay_crypto.h                     |   31 +
 src/core/include.am                                |  404 +
 src/core/mainloop/connection.c                     | 5504 ++++++++++++
 src/core/mainloop/connection.h                     |  353 +
 src/core/mainloop/cpuworker.c                      |  600 ++
 src/core/mainloop/cpuworker.h                      |   37 +
 src/core/mainloop/mainloop.c                       | 2942 +++++++
 src/core/mainloop/mainloop.h                       |  114 +
 src/core/mainloop/netstatus.c                      |   28 +
 src/core/mainloop/netstatus.h                      |   13 +
 src/core/mainloop/periodic.c                       |  174 +
 src/core/mainloop/periodic.h                       |   88 +
 src/core/or/addr_policy_st.h                       |   46 +
 src/core/or/address_set.c                          |   71 +
 src/core/or/address_set.h                          |   31 +
 src/core/or/cell_queue_st.h                        |   29 +
 src/core/or/cell_st.h                              |   20 +
 src/core/or/channel.c                              | 3476 ++++++++
 src/core/or/channel.h                              |  780 ++
 src/core/or/channelpadding.c                       |  794 ++
 src/core/or/channelpadding.h                       |   43 +
 src/core/or/channeltls.c                           | 2485 ++++++
 src/core/or/channeltls.h                           |   79 +
 src/core/or/circuit_st.h                           |  182 +
 src/core/or/circuitbuild.c                         | 3012 +++++++
 src/core/or/circuitbuild.h                         |  102 +
 src/core/or/circuitlist.c                          | 2853 ++++++
 src/core/or/circuitlist.h                          |  250 +
 src/core/or/circuitmux.c                           | 1364 +++
 src/core/or/circuitmux.h                           |  162 +
 src/core/or/circuitmux_ewma.c                      |  829 ++
 src/core/or/circuitmux_ewma.h                      |   30 +
 src/core/or/circuitstats.c                         | 1951 +++++
 src/core/or/circuitstats.h                         |  213 +
 src/core/or/circuituse.c                           | 3142 +++++++
 src/core/or/circuituse.h                           |   93 +
 src/core/or/command.c                              |  703 ++
 src/core/or/command.h                              |   31 +
 src/core/or/connection_edge.c                      | 4534 ++++++++++
 src/core/or/connection_edge.h                      |  279 +
 src/core/or/connection_or.c                        | 3026 +++++++
 src/core/or/connection_or.h                        |  166 +
 src/core/or/connection_st.h                        |  149 +
 src/core/or/cpath_build_state_st.h                 |   38 +
 src/core/or/crypt_path_reference_st.h              |   23 +
 src/core/or/crypt_path_st.h                        |   70 +
 src/core/or/destroy_cell_queue_st.h                |   27 +
 src/core/or/dos.c                                  |  801 ++
 src/core/or/dos.h                                  |  140 +
 src/core/or/edge_connection_st.h                   |   77 +
 src/core/or/entry_connection_st.h                  |  100 +
 src/core/or/entry_port_cfg_st.h                    |   54 +
 src/core/or/extend_info_st.h                       |   30 +
 src/core/or/half_edge_st.h                         |   34 +
 src/core/or/listener_connection_st.h               |   25 +
 src/core/or/onion.c                                |  720 ++
 src/core/or/onion.h                                |   90 +
 src/core/or/or.h                                   | 1094 +++
 src/core/or/or_circuit_st.h                        |   80 +
 src/core/or/or_connection_st.h                     |   92 +
 src/core/or/or_handshake_certs_st.h                |   40 +
 src/core/or/or_handshake_state_st.h                |   78 +
 src/core/or/origin_circuit_st.h                    |  294 +
 src/core/or/policies.c                             | 3145 +++++++
 src/core/or/policies.h                             |  187 +
 src/core/or/port_cfg_st.h                          |   35 +
 src/core/or/protover.c                             |  942 ++
 src/core/or/protover.h                             |   97 +
 src/core/or/protover_rust.c                        |   34 +
 src/core/or/reasons.c                              |  497 ++
 src/core/or/reasons.h                              |   34 +
 src/core/or/relay.c                                | 3169 +++++++
 src/core/or/relay.h                                |  124 +
 src/core/or/relay_crypto_st.h                      |   31 +
 src/core/or/scheduler.c                            |  768 ++
 src/core/or/scheduler.h                            |  218 +
 src/core/or/scheduler_kist.c                       |  844 ++
 src/core/or/scheduler_vanilla.c                    |  175 +
 src/core/or/server_port_cfg_st.h                   |   20 +
 src/core/or/socks_request_st.h                     |   77 +
 src/core/or/status.c                               |  252 +
 src/core/or/status.h                               |   18 +
 src/core/or/tor_version_st.h                       |   32 +
 src/core/or/var_cell_st.h                          |   23 +
 src/core/or/versions.c                             |  422 +
 src/core/or/versions.h                             |   44 +
 src/core/proto/proto_cell.c                        |   86 +
 src/core/proto/proto_cell.h                        |   17 +
 src/core/proto/proto_control0.c                    |   26 +
 src/core/proto/proto_control0.h                    |   14 +
 src/core/proto/proto_ext_or.c                      |   40 +
 src/core/proto/proto_ext_or.h                      |   22 +
 src/core/proto/proto_http.c                        |  171 +
 src/core/proto/proto_http.h                        |   24 +
 src/core/proto/proto_socks.c                       | 1133 +++
 src/core/proto/proto_socks.h                       |   21 +
 src/ext/OpenBSD_malloc_Linux.c                     |    2 +-
 src/ext/byteorder.h                                |   71 +
 src/ext/csiphash.c                                 |   50 +-
 src/ext/curve25519_donna/curve25519-donna-c64.c    |    2 +-
 src/ext/curve25519_donna/curve25519-donna.c        |    2 +-
 src/ext/ed25519/donna/ed25519-donna-impl-base.h    |   12 +-
 .../donna/ed25519-donna-portable-identify.h        |    2 +-
 src/ext/ed25519/donna/ed25519-hash-custom.h        |   31 +
 src/ext/ed25519/donna/ed25519-randombytes-custom.h |    2 +-
 src/ext/ed25519/donna/ed25519_donna_tor.h          |    7 +-
 src/ext/ed25519/donna/ed25519_tor.c                |   43 +-
 src/ext/ed25519/ref10/blinding.c                   |   51 +-
 src/ext/ed25519/ref10/crypto_hash_sha512.h         |   30 +-
 src/ext/ed25519/ref10/crypto_int32.h               |    2 +-
 src/ext/ed25519/ref10/crypto_int64.h               |    2 +-
 src/ext/ed25519/ref10/crypto_uint32.h              |    2 +-
 src/ext/ed25519/ref10/crypto_uint64.h              |    2 +-
 src/ext/ed25519/ref10/crypto_verify_32.h           |    3 +-
 src/ext/ed25519/ref10/ed25519_ref10.h              |    6 +-
 src/ext/ed25519/ref10/keypair.c                    |    4 +-
 src/ext/ed25519/ref10/randombytes.h                |    2 +-
 src/ext/getdelim.c                                 |   79 +
 src/ext/ht.h                                       |    4 +-
 src/ext/include.am                                 |    4 +-
 src/ext/keccak-tiny/keccak-tiny-unrolled.c         |   21 +-
 src/ext/keccak-tiny/keccak-tiny.h                  |    2 +-
 src/ext/mulodi/mulodi4.c                           |    2 +-
 src/ext/rust                                       |    1 +
 src/ext/siphash.h                                  |    1 +
 src/ext/timeouts/timeout-bitops.c                  |    3 +-
 src/ext/timeouts/timeout.c                         |    4 +-
 src/ext/tinytest.c                                 |   13 +-
 src/ext/trunnel/trunnel-impl.h                     |    5 +-
 src/ext/trunnel/trunnel.c                          |   10 +-
 src/ext/trunnel/trunnel.h                          |    4 +-
 src/feature/api/tor_api.c                          |  167 +
 src/feature/api/tor_api.h                          |  129 +
 src/feature/api/tor_api_internal.h                 |   29 +
 src/feature/client/addressmap.c                    | 1156 +++
 src/feature/client/addressmap.h                    |   65 +
 src/feature/client/bridges.c                       | 1029 +++
 src/feature/client/bridges.h                       |   80 +
 src/feature/client/circpathbias.c                  | 1641 ++++
 src/feature/client/circpathbias.h                  |   29 +
 src/feature/client/dnsserv.c                       |  415 +
 src/feature/client/dnsserv.h                       |   27 +
 src/feature/client/entrynodes.c                    | 3824 ++++++++
 src/feature/client/entrynodes.h                    |  639 ++
 src/feature/client/transports.c                    | 1738 ++++
 src/feature/client/transports.h                    |  147 +
 src/feature/control/control.c                      | 7902 +++++++++++++++++
 src/feature/control/control.h                      |  417 +
 src/feature/control/control_connection_st.h        |   46 +
 src/feature/control/fmt_serverstatus.c             |  104 +
 src/feature/control/fmt_serverstatus.h             |   18 +
 src/feature/control/getinfo_geoip.c                |   45 +
 src/feature/control/getinfo_geoip.h                |   14 +
 src/feature/dirauth/authmode.c                     |   70 +
 src/feature/dirauth/authmode.h                     |   46 +
 src/feature/dirauth/bwauth.c                       |  459 +
 src/feature/dirauth/bwauth.h                       |   58 +
 src/feature/dirauth/dircollate.c                   |  327 +
 src/feature/dirauth/dircollate.h                   |   70 +
 src/feature/dirauth/dirvote.c                      | 4658 ++++++++++
 src/feature/dirauth/dirvote.h                      |  250 +
 src/feature/dirauth/dsigs_parse.c                  |  282 +
 src/feature/dirauth/dsigs_parse.h                  |   22 +
 src/feature/dirauth/guardfraction.c                |  333 +
 src/feature/dirauth/guardfraction.h                |   24 +
 src/feature/dirauth/keypin.c                       |  515 ++
 src/feature/dirauth/keypin.h                       |   47 +
 src/feature/dirauth/ns_detached_signatures_st.h    |   22 +
 src/feature/dirauth/process_descs.c                |  839 ++
 src/feature/dirauth/process_descs.h                |   38 +
 src/feature/dirauth/reachability.c                 |  207 +
 src/feature/dirauth/reachability.h                 |   36 +
 src/feature/dirauth/recommend_pkg.c                |   90 +
 src/feature/dirauth/recommend_pkg.h                |   17 +
 src/feature/dirauth/shared_random.c                | 1291 +++
 src/feature/dirauth/shared_random.h                |  194 +
 src/feature/dirauth/shared_random_state.c          | 1340 +++
 src/feature/dirauth/shared_random_state.h          |  148 +
 src/feature/dirauth/vote_microdesc_hash_st.h       |   22 +
 src/feature/dirauth/voteflags.c                    |  644 ++
 src/feature/dirauth/voteflags.h                    |   31 +
 src/feature/dircache/cached_dir_st.h               |   25 +
 src/feature/dircache/conscache.c                   |  627 ++
 src/feature/dircache/conscache.h                   |   66 +
 src/feature/dircache/consdiffmgr.c                 | 1945 +++++
 src/feature/dircache/consdiffmgr.h                 |   75 +
 src/feature/dircache/dircache.c                    | 1740 ++++
 src/feature/dircache/dircache.h                    |   43 +
 src/feature/dircache/dirserv.c                     |  918 ++
 src/feature/dircache/dirserv.h                     |  119 +
 src/feature/dirclient/dir_server_st.h              |   54 +
 src/feature/dirclient/dirclient.c                  | 3206 +++++++
 src/feature/dirclient/dirclient.h                  |  172 +
 src/feature/dirclient/dlstatus.c                   |  422 +
 src/feature/dirclient/dlstatus.h                   |   58 +
 src/feature/dirclient/download_status_st.h         |   65 +
 src/feature/dircommon/consdiff.c                   | 1414 +++
 src/feature/dircommon/consdiff.h                   |   99 +
 src/feature/dircommon/dir_connection_st.h          |   67 +
 src/feature/dircommon/directory.c                  |  651 ++
 src/feature/dircommon/directory.h                  |  129 +
 src/feature/dircommon/fp_pair.c                    |  315 +
 src/feature/dircommon/fp_pair.h                    |   56 +
 src/feature/dircommon/vote_timing_st.h             |   24 +
 src/feature/dircommon/voting_schedule.c            |  194 +
 src/feature/dircommon/voting_schedule.h            |   65 +
 src/feature/dirparse/authcert_members.i            |   13 +
 src/feature/dirparse/authcert_parse.c              |  207 +
 src/feature/dirparse/authcert_parse.h              |   18 +
 src/feature/dirparse/microdesc_parse.c             |  267 +
 src/feature/dirparse/microdesc_parse.h             |   20 +
 src/feature/dirparse/ns_parse.c                    | 1685 ++++
 src/feature/dirparse/ns_parse.h                    |   45 +
 src/feature/dirparse/parsecommon.c                 |  458 +
 src/feature/dirparse/parsecommon.h                 |  324 +
 src/feature/dirparse/policy_parse.c                |  224 +
 src/feature/dirparse/policy_parse.h                |   25 +
 src/feature/dirparse/routerparse.c                 | 1245 +++
 src/feature/dirparse/routerparse.h                 |   49 +
 src/feature/dirparse/sigcommon.c                   |  185 +
 src/feature/dirparse/sigcommon.h                   |   48 +
 src/feature/dirparse/signing.c                     |   98 +
 src/feature/dirparse/signing.h                     |   23 +
 src/feature/dirparse/unparseable.c                 |  591 ++
 src/feature/dirparse/unparseable.h                 |   56 +
 src/feature/hibernate/hibernate.c                  | 1267 +++
 src/feature/hibernate/hibernate.h                  |   61 +
 src/feature/hs/hs_cache.c                          |  986 +++
 src/feature/hs/hs_cache.h                          |  130 +
 src/feature/hs/hs_cell.c                           |  952 ++
 src/feature/hs/hs_cell.h                           |  109 +
 src/feature/hs/hs_circuit.c                        | 1271 +++
 src/feature/hs/hs_circuit.h                        |   75 +
 src/feature/hs/hs_circuitmap.c                     |  585 ++
 src/feature/hs/hs_circuitmap.h                     |  112 +
 src/feature/hs/hs_client.c                         | 1945 +++++
 src/feature/hs/hs_client.h                         |  119 +
 src/feature/hs/hs_common.c                         | 1829 ++++
 src/feature/hs/hs_common.h                         |  288 +
 src/feature/hs/hs_config.c                         |  696 ++
 src/feature/hs/hs_config.h                         |   25 +
 src/feature/hs/hs_control.c                        |  261 +
 src/feature/hs/hs_control.h                        |   52 +
 src/feature/hs/hs_descriptor.c                     | 3073 +++++++
 src/feature/hs/hs_descriptor.h                     |  346 +
 src/feature/hs/hs_ident.c                          |  127 +
 src/feature/hs/hs_ident.h                          |  150 +
 src/feature/hs/hs_intropoint.c                     |  609 ++
 src/feature/hs/hs_intropoint.h                     |   64 +
 src/feature/hs/hs_service.c                        | 4170 +++++++++
 src/feature/hs/hs_service.h                        |  444 +
 src/feature/hs/hs_stats.c                          |   58 +
 src/feature/hs/hs_stats.h                          |   14 +
 src/feature/hs/hsdir_index_st.h                    |   24 +
 src/feature/hs_common/replaycache.c                |  209 +
 src/feature/hs_common/replaycache.h                |   67 +
 src/feature/hs_common/shared_random_client.c       |  293 +
 src/feature/hs_common/shared_random_client.h       |   48 +
 src/feature/keymgt/loadkey.c                       |  755 ++
 src/feature/keymgt/loadkey.h                       |   55 +
 src/feature/nodelist/authcert.c                    | 1208 +++
 src/feature/nodelist/authcert.h                    |   60 +
 src/feature/nodelist/authority_cert_st.h           |   32 +
 src/feature/nodelist/desc_store_st.h               |   39 +
 src/feature/nodelist/describe.c                    |  183 +
 src/feature/nodelist/describe.h                    |   25 +
 src/feature/nodelist/dirlist.c                     |  422 +
 src/feature/nodelist/dirlist.h                     |   47 +
 src/feature/nodelist/document_signature_st.h       |   29 +
 src/feature/nodelist/extrainfo_st.h                |   30 +
 src/feature/nodelist/fmt_routerstatus.c            |  253 +
 src/feature/nodelist/fmt_routerstatus.h            |   41 +
 src/feature/nodelist/microdesc.c                   | 1063 +++
 src/feature/nodelist/microdesc.h                   |   60 +
 src/feature/nodelist/microdesc_st.h                |   80 +
 src/feature/nodelist/networkstatus.c               | 2723 ++++++
 src/feature/nodelist/networkstatus.h               |  160 +
 src/feature/nodelist/networkstatus_sr_info_st.h    |   23 +
 src/feature/nodelist/networkstatus_st.h            |  104 +
 src/feature/nodelist/networkstatus_voter_info_st.h |   30 +
 src/feature/nodelist/nickname.c                    |   62 +
 src/feature/nodelist/nickname.h                    |   19 +
 src/feature/nodelist/node_select.c                 | 1111 +++
 src/feature/nodelist/node_select.h                 |  102 +
 src/feature/nodelist/node_st.h                     |  102 +
 src/feature/nodelist/nodelist.c                    | 2620 ++++++
 src/feature/nodelist/nodelist.h                    |  169 +
 src/feature/nodelist/routerinfo.c                  |   79 +
 src/feature/nodelist/routerinfo.h                  |   27 +
 src/feature/nodelist/routerinfo_st.h               |  115 +
 src/feature/nodelist/routerlist.c                  | 3234 +++++++
 src/feature/nodelist/routerlist.h                  |  207 +
 src/feature/nodelist/routerlist_st.h               |   40 +
 src/feature/nodelist/routerset.c                   |  463 +
 src/feature/nodelist/routerset.h                   |   89 +
 src/feature/nodelist/routerstatus_st.h             |   80 +
 src/feature/nodelist/signed_descriptor_st.h        |   61 +
 src/feature/nodelist/torcert.c                     |  764 ++
 src/feature/nodelist/torcert.h                     |  116 +
 src/feature/nodelist/vote_routerstatus_st.h        |   41 +
 src/feature/relay/dns.c                            | 2187 +++++
 src/feature/relay/dns.h                            |   72 +
 src/feature/relay/dns_structs.h                    |  102 +
 src/feature/relay/ext_orport.c                     |  662 ++
 src/feature/relay/ext_orport.h                     |   64 +
 src/feature/relay/onion_queue.c                    |  361 +
 src/feature/relay/onion_queue.h                    |   23 +
 src/feature/relay/router.c                         | 3128 +++++++
 src/feature/relay/router.h                         |  122 +
 src/feature/relay/routerkeys.c                     |  740 ++
 src/feature/relay/routerkeys.h                     |   45 +
 src/feature/relay/routermode.c                     |   80 +
 src/feature/relay/routermode.h                     |   24 +
 src/feature/relay/selftest.c                       |  301 +
 src/feature/relay/selftest.h                       |   24 +
 src/feature/rend/rend_authorized_client_st.h       |   18 +
 .../rend/rend_encoded_v2_service_descriptor_st.h   |   17 +
 src/feature/rend/rend_intro_point_st.h             |   76 +
 src/feature/rend/rend_service_descriptor_st.h      |   34 +
 src/feature/rend/rendcache.c                       | 1008 +++
 src/feature/rend/rendcache.h                       |  130 +
 src/feature/rend/rendclient.c                      | 1228 +++
 src/feature/rend/rendclient.h                      |   51 +
 src/feature/rend/rendcommon.c                      | 1047 +++
 src/feature/rend/rendcommon.h                      |   82 +
 src/feature/rend/rendmid.c                         |  370 +
 src/feature/rend/rendmid.h                         |   25 +
 src/feature/rend/rendparse.c                       |  600 ++
 src/feature/rend/rendparse.h                       |   32 +
 src/feature/rend/rendservice.c                     | 4487 ++++++++++
 src/feature/rend/rendservice.h                     |  222 +
 src/feature/stats/geoip_stats.c                    | 1425 +++
 src/feature/stats/geoip_stats.h                    |  139 +
 src/feature/stats/predict_ports.c                  |  313 +
 src/feature/stats/predict_ports.h                  |   30 +
 src/feature/stats/rephist.c                        | 2933 +++++++
 src/feature/stats/rephist.h                        |  133 +
 src/include.am                                     |   43 +-
 src/lib/arch/.may_include                          |    2 +
 src/lib/arch/bytes.h                               |  182 +
 src/lib/arch/include.am                            |    3 +
 src/lib/cc/.may_include                            |    1 +
 src/lib/cc/compat_compiler.h                       |  220 +
 src/lib/cc/include.am                              |    4 +
 src/lib/cc/torint.h                                |  128 +
 src/lib/compress/.may_include                      |   12 +
 src/lib/compress/compress.c                        |  681 ++
 src/lib/compress/compress.h                        |   99 +
 src/lib/compress/compress_buf.c                    |   83 +
 src/lib/compress/compress_lzma.c                   |  362 +
 src/lib/compress/compress_lzma.h                   |   46 +
 src/lib/compress/compress_none.c                   |   54 +
 src/lib/compress/compress_none.h                   |   20 +
 src/lib/compress/compress_zlib.c                   |  304 +
 src/lib/compress/compress_zlib.h                   |   46 +
 src/lib/compress/compress_zstd.c                   |  541 ++
 src/lib/compress/compress_zstd.h                   |   53 +
 src/lib/compress/include.am                        |   26 +
 src/lib/container/.may_include                     |   18 +
 src/lib/container/bitarray.h                       |   86 +
 src/lib/container/bloomfilt.c                      |  113 +
 src/lib/container/bloomfilt.h                      |   41 +
 src/lib/container/buffers.c                        |  932 ++
 src/lib/container/buffers.h                        |  122 +
 src/lib/container/handles.h                        |  153 +
 src/lib/container/include.am                       |   27 +
 src/lib/container/map.c                            |  413 +
 src/lib/container/map.h                            |  261 +
 src/lib/container/order.c                          |   48 +
 src/lib/container/order.h                          |   60 +
 src/lib/container/smartlist.c                      |  866 ++
 src/lib/container/smartlist.h                      |  168 +
 src/lib/crypt_ops/.may_include                     |   24 +
 src/lib/crypt_ops/aes.h                            |   31 +
 src/lib/crypt_ops/aes_nss.c                        |  106 +
 src/lib/crypt_ops/aes_openssl.c                    |  410 +
 src/lib/crypt_ops/compat_openssl.h                 |   57 +
 src/lib/crypt_ops/crypto_cipher.c                  |  190 +
 src/lib/crypt_ops/crypto_cipher.h                  |   57 +
 src/lib/crypt_ops/crypto_curve25519.c              |  366 +
 src/lib/crypt_ops/crypto_curve25519.h              |   85 +
 src/lib/crypt_ops/crypto_dh.c                      |  113 +
 src/lib/crypt_ops/crypto_dh.h                      |   64 +
 src/lib/crypt_ops/crypto_dh_nss.c                  |  209 +
 src/lib/crypt_ops/crypto_dh_openssl.c              |  477 +
 src/lib/crypt_ops/crypto_digest.c                  |  828 ++
 src/lib/crypt_ops/crypto_digest.h                  |  132 +
 src/lib/crypt_ops/crypto_ed25519.c                 |  821 ++
 src/lib/crypt_ops/crypto_ed25519.h                 |  144 +
 src/lib/crypt_ops/crypto_format.c                  |  305 +
 src/lib/crypt_ops/crypto_format.h                  |   50 +
 src/lib/crypt_ops/crypto_hkdf.c                    |  201 +
 src/lib/crypt_ops/crypto_hkdf.h                    |   27 +
 src/lib/crypt_ops/crypto_init.c                    |  204 +
 src/lib/crypt_ops/crypto_init.h                    |   36 +
 src/lib/crypt_ops/crypto_nss_mgt.c                 |  132 +
 src/lib/crypt_ops/crypto_nss_mgt.h                 |   34 +
 src/lib/crypt_ops/crypto_ope.c                     |  185 +
 src/lib/crypt_ops/crypto_ope.h                     |   46 +
 src/lib/crypt_ops/crypto_openssl_mgt.c             |  398 +
 src/lib/crypt_ops/crypto_openssl_mgt.h             |   89 +
 src/lib/crypt_ops/crypto_pwbox.c                   |  219 +
 src/lib/crypt_ops/crypto_pwbox.h                   |   28 +
 src/lib/crypt_ops/crypto_rand.c                    |  731 ++
 src/lib/crypt_ops/crypto_rand.h                    |   53 +
 src/lib/crypt_ops/crypto_rsa.c                     |  672 ++
 src/lib/crypt_ops/crypto_rsa.h                     |  145 +
 src/lib/crypt_ops/crypto_rsa_nss.c                 |  738 ++
 src/lib/crypt_ops/crypto_rsa_openssl.c             |  590 ++
 src/lib/crypt_ops/crypto_s2k.c                     |  525 ++
 src/lib/crypt_ops/crypto_s2k.h                     |   78 +
 src/lib/crypt_ops/crypto_util.c                    |  111 +
 src/lib/crypt_ops/crypto_util.h                    |   21 +
 src/lib/crypt_ops/digestset.c                      |   58 +
 src/lib/crypt_ops/digestset.h                      |   29 +
 src/lib/crypt_ops/include.am                       |   70 +
 src/lib/ctime/.may_include                         |    5 +
 src/lib/ctime/di_ops.c                             |  278 +
 src/lib/ctime/di_ops.h                             |   55 +
 src/lib/ctime/include.am                           |   25 +
 src/lib/defs/.may_include                          |    1 +
 src/lib/defs/dh_sizes.h                            |   22 +
 src/lib/defs/digest_sizes.h                        |   27 +
 src/lib/defs/include.am                            |    5 +
 src/lib/defs/x25519_sizes.h                        |   36 +
 src/lib/encoding/.may_include                      |   10 +
 src/lib/encoding/binascii.c                        |  520 ++
 src/lib/encoding/binascii.h                        |   60 +
 src/lib/encoding/confline.c                        |  402 +
 src/lib/encoding/confline.h                        |   78 +
 src/lib/encoding/cstring.c                         |  138 +
 src/lib/encoding/cstring.h                         |   19 +
 src/lib/encoding/include.am                        |   26 +
 src/lib/encoding/keyval.c                          |   52 +
 src/lib/encoding/keyval.h                          |   17 +
 src/lib/encoding/pem.c                             |  106 +
 src/lib/encoding/pem.h                             |   26 +
 src/lib/encoding/time_fmt.c                        |  516 ++
 src/lib/encoding/time_fmt.h                        |   44 +
 src/lib/err/.may_include                           |    3 +
 src/lib/err/backtrace.c                            |  286 +
 src/lib/err/backtrace.h                            |   35 +
 src/lib/err/include.am                             |   19 +
 src/lib/err/torerr.c                               |  238 +
 src/lib/err/torerr.h                               |   47 +
 src/lib/evloop/.may_include                        |   16 +
 src/lib/evloop/compat_libevent.c                   |  535 ++
 src/lib/evloop/compat_libevent.h                   |  104 +
 src/lib/evloop/include.am                          |   26 +
 src/lib/evloop/procmon.c                           |  339 +
 src/lib/evloop/procmon.h                           |   34 +
 src/lib/evloop/timers.c                            |  328 +
 src/lib/evloop/timers.h                            |   35 +
 src/lib/evloop/token_bucket.c                      |  258 +
 src/lib/evloop/token_bucket.h                      |  117 +
 src/lib/evloop/workqueue.c                         |  682 ++
 src/lib/evloop/workqueue.h                         |   70 +
 src/lib/fdio/.may_include                          |    4 +
 src/lib/fdio/fdio.c                                |  115 +
 src/lib/fdio/fdio.h                                |   23 +
 src/lib/fdio/include.am                            |   17 +
 src/lib/fs/.may_include                            |   16 +
 src/lib/fs/conffile.c                              |  174 +
 src/lib/fs/conffile.h                              |   23 +
 src/lib/fs/dir.c                                   |  367 +
 src/lib/fs/dir.h                                   |   33 +
 src/lib/fs/files.c                                 |  721 ++
 src/lib/fs/files.h                                 |  145 +
 src/lib/fs/freespace.c                             |   63 +
 src/lib/fs/include.am                              |   37 +
 src/lib/fs/lockfile.c                              |  145 +
 src/lib/fs/lockfile.h                              |   20 +
 src/lib/fs/mmap.c                                  |  240 +
 src/lib/fs/mmap.h                                  |   41 +
 src/lib/fs/path.c                                  |  295 +
 src/lib/fs/path.h                                  |   30 +
 src/lib/fs/storagedir.c                            |  606 ++
 src/lib/fs/storagedir.h                            |   64 +
 src/lib/fs/userdb.c                                |  138 +
 src/lib/fs/userdb.h                                |   26 +
 src/lib/fs/winlib.c                                |   30 +
 src/lib/fs/winlib.h                                |   22 +
 src/lib/geoip/.may_include                         |   13 +
 src/lib/geoip/country.h                            |   16 +
 src/lib/geoip/geoip.c                              |  510 ++
 src/lib/geoip/geoip.h                              |   50 +
 src/lib/geoip/include.am                           |   17 +
 src/lib/include.libdonna.am                        |   24 +
 src/lib/intmath/.may_include                       |    4 +
 src/lib/intmath/addsub.c                           |   28 +
 src/lib/intmath/addsub.h                           |   19 +
 src/lib/intmath/bits.c                             |   94 +
 src/lib/intmath/bits.h                             |   22 +
 src/lib/intmath/cmp.h                              |   39 +
 src/lib/intmath/include.am                         |   25 +
 src/lib/intmath/logic.h                            |   20 +
 src/lib/intmath/muldiv.c                           |   81 +
 src/lib/intmath/muldiv.h                           |   28 +
 src/lib/intmath/weakrng.c                          |   60 +
 src/lib/intmath/weakrng.h                          |   31 +
 src/lib/lock/.may_include                          |    5 +
 src/lib/lock/compat_mutex.c                        |   40 +
 src/lib/lock/compat_mutex.h                        |   66 +
 src/lib/lock/compat_mutex_pthreads.c               |  103 +
 src/lib/lock/compat_mutex_winthreads.c             |   46 +
 src/lib/lock/include.am                            |   24 +
 src/lib/log/.may_include                           |   15 +
 src/lib/log/escape.c                               |  137 +
 src/lib/log/escape.h                               |   23 +
 src/lib/log/git_revision.c                         |   24 +
 src/lib/log/git_revision.h                         |   12 +
 src/lib/log/include.am                             |   36 +
 src/lib/log/log.c                                  | 1483 ++++
 src/lib/log/log.h                                  |  276 +
 src/lib/log/ratelim.c                              |   60 +
 src/lib/log/ratelim.h                              |   53 +
 src/lib/log/util_bug.c                             |  161 +
 src/lib/log/util_bug.h                             |  246 +
 src/lib/log/win32err.c                             |   61 +
 src/lib/log/win32err.h                             |   22 +
 src/lib/malloc/.may_include                        |    6 +
 src/lib/malloc/include.am                          |   21 +
 src/lib/malloc/malloc.c                            |  230 +
 src/lib/malloc/malloc.h                            |   92 +
 src/lib/math/.may_include                          |    5 +
 src/lib/math/fp.c                                  |  119 +
 src/lib/math/fp.h                                  |   23 +
 src/lib/math/include.am                            |   20 +
 src/lib/math/laplace.c                             |   73 +
 src/lib/math/laplace.h                             |   22 +
 src/lib/memarea/.may_include                       |    7 +
 src/lib/memarea/include.am                         |   17 +
 src/lib/memarea/memarea.c                          |  403 +
 src/lib/memarea/memarea.h                          |   35 +
 src/lib/meminfo/.may_include                       |    8 +
 src/lib/meminfo/include.am                         |   17 +
 src/lib/meminfo/meminfo.c                          |  180 +
 src/lib/meminfo/meminfo.h                          |   21 +
 src/lib/net/.may_include                           |   15 +
 src/lib/net/address.c                              | 2057 +++++
 src/lib/net/address.h                              |  388 +
 src/lib/net/alertsock.c                            |  295 +
 src/lib/net/alertsock.h                            |   45 +
 src/lib/net/buffers_net.c                          |  202 +
 src/lib/net/buffers_net.h                          |   27 +
 src/lib/net/gethostname.c                          |   30 +
 src/lib/net/gethostname.h                          |   19 +
 src/lib/net/inaddr.c                               |  267 +
 src/lib/net/inaddr.h                               |   27 +
 src/lib/net/inaddr_st.h                            |  107 +
 src/lib/net/include.am                             |   34 +
 src/lib/net/nettypes.h                             |   44 +
 src/lib/net/resolve.c                              |  424 +
 src/lib/net/resolve.h                              |   58 +
 src/lib/net/socket.c                               |  697 ++
 src/lib/net/socket.h                               |  118 +
 src/lib/net/socketpair.c                           |  214 +
 src/lib/net/socketpair.h                           |   19 +
 src/lib/net/socks5_status.h                        |   32 +
 src/lib/osinfo/.may_include                        |    5 +
 src/lib/osinfo/include.am                          |   17 +
 src/lib/osinfo/uname.c                             |  149 +
 src/lib/osinfo/uname.h                             |   18 +
 src/lib/process/.may_include                       |   17 +
 src/lib/process/daemon.c                           |  187 +
 src/lib/process/daemon.h                           |   21 +
 src/lib/process/env.c                              |  224 +
 src/lib/process/env.h                              |   41 +
 src/lib/process/include.am                         |   29 +
 src/lib/process/pidfile.c                          |   52 +
 src/lib/process/pidfile.h                          |   16 +
 src/lib/process/restrict.c                         |  285 +
 src/lib/process/restrict.h                         |   27 +
 src/lib/process/setuid.c                           |  386 +
 src/lib/process/setuid.h                           |   22 +
 src/lib/process/subprocess.c                       | 1236 +++
 src/lib/process/subprocess.h                       |  134 +
 src/lib/process/waitpid.c                          |  154 +
 src/lib/process/waitpid.h                          |   29 +
 src/lib/sandbox/.may_include                       |   15 +
 src/lib/sandbox/include.am                         |   18 +
 src/{common => lib/sandbox}/linux_syscalls.inc     |    0
 src/lib/sandbox/sandbox.c                          | 1808 ++++
 src/lib/sandbox/sandbox.h                          |  150 +
 src/lib/smartlist_core/.may_include                |    7 +
 src/lib/smartlist_core/include.am                  |   21 +
 src/lib/smartlist_core/smartlist_core.c            |  234 +
 src/lib/smartlist_core/smartlist_core.h            |  100 +
 src/lib/smartlist_core/smartlist_foreach.h         |  133 +
 src/lib/smartlist_core/smartlist_split.c           |   92 +
 src/lib/smartlist_core/smartlist_split.h           |   20 +
 src/lib/string/.may_include                        |   10 +
 src/lib/string/compat_ctype.c                      |   72 +
 src/lib/string/compat_ctype.h                      |   67 +
 src/lib/string/compat_string.c                     |   74 +
 src/lib/string/compat_string.h                     |   62 +
 src/lib/string/include.am                          |   27 +
 src/lib/string/parse_int.c                         |  131 +
 src/lib/string/parse_int.h                         |   25 +
 src/lib/string/printf.c                            |  167 +
 src/lib/string/printf.h                            |   30 +
 src/lib/string/scanf.c                             |  317 +
 src/lib/string/scanf.h                             |   24 +
 src/lib/string/util_string.c                       |  543 ++
 src/lib/string/util_string.h                       |   57 +
 src/lib/term/.may_include                          |    9 +
 src/lib/term/getpass.c                             |  120 +
 src/lib/term/getpass.h                             |   18 +
 src/lib/term/include.am                            |   24 +
 src/lib/testsupport/.may_include                   |    0
 src/lib/testsupport/include.am                     |    3 +
 src/lib/testsupport/testsupport.h                  |  103 +
 src/lib/thread/.may_include                        |    7 +
 src/lib/thread/compat_pthreads.c                   |  270 +
 src/lib/thread/compat_threads.c                    |  111 +
 src/lib/thread/compat_winthreads.c                 |  223 +
 src/lib/thread/include.am                          |   27 +
 src/lib/thread/numcpus.c                           |   98 +
 src/lib/thread/numcpus.h                           |   16 +
 src/lib/thread/threads.h                           |  168 +
 src/lib/time/.may_include                          |   11 +
 src/lib/time/compat_time.c                         |  869 ++
 src/lib/time/compat_time.h                         |  235 +
 src/lib/time/include.am                            |   19 +
 src/lib/time/tvdiff.c                              |  189 +
 src/lib/time/tvdiff.h                              |   23 +
 src/lib/tls/.may_include                           |   17 +
 src/lib/tls/buffers_tls.c                          |  182 +
 src/lib/tls/buffers_tls.h                          |   23 +
 src/lib/tls/ciphers.inc                            |  100 +
 src/lib/tls/include.am                             |   40 +
 src/lib/tls/nss_countbytes.c                       |  244 +
 src/lib/tls/nss_countbytes.h                       |   25 +
 src/lib/tls/tortls.c                               |  442 +
 src/lib/tls/tortls.h                               |  160 +
 src/lib/tls/tortls_internal.h                      |   76 +
 src/lib/tls/tortls_nss.c                           |  833 ++
 src/lib/tls/tortls_openssl.c                       | 1795 ++++
 src/lib/tls/tortls_st.h                            |   75 +
 src/lib/tls/x509.c                                 |  143 +
 src/lib/tls/x509.h                                 |   75 +
 src/lib/tls/x509_internal.h                        |   53 +
 src/lib/tls/x509_nss.c                             |  458 +
 src/lib/tls/x509_openssl.c                         |  464 +
 src/lib/trace/.may_include                         |    3 +
 src/lib/trace/debug.h                              |   30 +
 src/lib/trace/events.h                             |   45 +
 src/lib/trace/include.am                           |   18 +
 src/lib/trace/trace.c                              |   17 +
 src/lib/trace/trace.h                              |   14 +
 src/lib/wallclock/.may_include                     |    6 +
 src/lib/wallclock/approx_time.c                    |   43 +
 src/lib/wallclock/approx_time.h                    |   25 +
 src/lib/wallclock/include.am                       |   22 +
 src/lib/wallclock/time_to_tm.c                     |  200 +
 src/lib/wallclock/time_to_tm.h                     |   22 +
 src/lib/wallclock/timeval.h                        |   65 +
 src/lib/wallclock/tor_gettimeofday.c               |   82 +
 src/lib/wallclock/tor_gettimeofday.h               |   20 +
 src/or/Makefile.nmake                              |   78 -
 src/or/addressmap.c                                | 1125 ---
 src/or/addressmap.h                                |   65 -
 src/or/buffers.c                                   | 2065 -----
 src/or/buffers.h                                   |  101 -
 src/or/channel.c                                   | 4617 ----------
 src/or/channel.h                                   |  609 --
 src/or/channeltls.c                                | 2208 -----
 src/or/channeltls.h                                |   76 -
 src/or/circpathbias.c                              | 1546 ----
 src/or/circpathbias.h                              |   29 -
 src/or/circuitbuild.c                              | 2553 ------
 src/or/circuitbuild.h                              |   78 -
 src/or/circuitlist.c                               | 2435 ------
 src/or/circuitlist.h                               |   91 -
 src/or/circuitmux.c                                | 1990 -----
 src/or/circuitmux.h                                |  160 -
 src/or/circuitmux_ewma.c                           |  765 --
 src/or/circuitmux_ewma.h                           |   24 -
 src/or/circuitstats.c                              | 1734 ----
 src/or/circuitstats.h                              |   98 -
 src/or/circuituse.c                                | 2624 ------
 src/or/circuituse.h                                |   63 -
 src/or/command.c                                   |  642 --
 src/or/command.h                                   |   31 -
 src/or/config.c                                    | 8013 -----------------
 src/or/config.h                                    |  205 -
 src/or/confparse.c                                 | 1364 ---
 src/or/confparse.h                                 |  143 -
 src/or/connection.c                                | 5177 -----------
 src/or/connection.h                                |  290 -
 src/or/connection_edge.c                           | 3825 --------
 src/or/connection_edge.h                           |  192 -
 src/or/connection_or.c                             | 2454 ------
 src/or/connection_or.h                             |  107 -
 src/or/control.c                                   | 7190 ----------------
 src/or/control.h                                   |  292 -
 src/or/cpuworker.c                                 |  572 --
 src/or/cpuworker.h                                 |   29 -
 src/or/dircollate.c                                |  353 -
 src/or/dircollate.h                                |   68 -
 src/or/directory.c                                 | 4316 ----------
 src/or/directory.h                                 |  175 -
 src/or/dirserv.c                                   | 3913 ---------
 src/or/dirserv.h                                   |  143 -
 src/or/dirvote.c                                   | 4012 ---------
 src/or/dirvote.h                                   |  240 -
 src/or/dns.c                                       | 2120 -----
 src/or/dns.h                                       |   70 -
 src/or/dns_structs.h                               |  102 -
 src/or/dnsserv.c                                   |  396 -
 src/or/dnsserv.h                                   |   27 -
 src/or/dos.c                                       |  794 --
 src/or/dos.h                                       |  140 -
 src/or/entrynodes.c                                | 2561 ------
 src/or/entrynodes.h                                |  187 -
 src/or/ext_orport.c                                |  653 --
 src/or/ext_orport.h                                |   42 -
 src/or/fp_pair.c                                   |  315 -
 src/or/fp_pair.h                                   |   45 -
 src/or/geoip.c                                     | 1875 ----
 src/or/geoip.h                                     |  100 -
 src/or/hibernate.c                                 | 1125 ---
 src/or/hibernate.h                                 |   59 -
 src/or/include.am                                  |  222 -
 src/or/keypin.c                                    |  498 --
 src/or/keypin.h                                    |   47 -
 src/or/main.c                                      | 3533 --------
 src/or/main.h                                      |   98 -
 src/or/microdesc.c                                 |  968 ---
 src/or/microdesc.h                                 |   56 -
 src/or/networkstatus.c                             | 2535 ------
 src/or/networkstatus.h                             |  135 -
 src/or/nodelist.c                                  | 2026 -----
 src/or/nodelist.h                                  |  131 -
 src/or/ntmain.c                                    |  781 --
 src/or/ntmain.h                                    |   28 -
 src/or/onion.c                                     | 1247 ---
 src/or/onion.h                                     |  121 -
 src/or/onion_fast.c                                |  142 -
 src/or/onion_fast.h                                |   39 -
 src/or/onion_ntor.c                                |  335 -
 src/or/onion_ntor.h                                |   61 -
 src/or/onion_tap.c                                 |  247 -
 src/or/onion_tap.h                                 |   38 -
 src/or/or.h                                        | 5392 ------------
 src/or/periodic.c                                  |  126 -
 src/or/periodic.h                                  |   37 -
 src/or/policies.c                                  | 3040 -------
 src/or/policies.h                                  |  147 -
 src/or/protover.c                                  |  793 --
 src/or/protover.h                                  |   74 -
 src/or/reasons.c                                   |  444 -
 src/or/reasons.h                                   |   31 -
 src/or/relay.c                                     | 3068 -------
 src/or/relay.h                                     |  115 -
 src/or/rendcache.c                                 | 1013 ---
 src/or/rendcache.h                                 |  115 -
 src/or/rendclient.c                                | 1567 ----
 src/or/rendclient.h                                |   58 -
 src/or/rendcommon.c                                | 1118 ---
 src/or/rendcommon.h                                |   87 -
 src/or/rendmid.c                                   |  382 -
 src/or/rendmid.h                                   |   25 -
 src/or/rendservice.c                               | 4438 ----------
 src/or/rendservice.h                               |  205 -
 src/or/rephist.c                                   | 3299 -------
 src/or/rephist.h                                   |  123 -
 src/or/replaycache.c                               |  216 -
 src/or/replaycache.h                               |   66 -
 src/or/router.c                                    | 3658 --------
 src/or/router.h                                    |  163 -
 src/or/routerkeys.c                                | 1147 ---
 src/or/routerkeys.h                                |   77 -
 src/or/routerlist.c                                | 5820 -------------
 src/or/routerlist.h                                |  258 -
 src/or/routerparse.c                               | 6364 --------------
 src/or/routerparse.h                               |  131 -
 src/or/routerset.c                                 |  445 -
 src/or/routerset.h                                 |   84 -
 src/or/scheduler.c                                 |  707 --
 src/or/scheduler.h                                 |   57 -
 src/or/shared_random.c                             | 1363 ---
 src/or/shared_random.h                             |  168 -
 src/or/shared_random_state.c                       | 1360 ---
 src/or/shared_random_state.h                       |  149 -
 src/or/statefile.c                                 |  684 --
 src/or/statefile.h                                 |   28 -
 src/or/status.c                                    |  210 -
 src/or/status.h                                    |   18 -
 src/or/tor_main.c                                  |   40 -
 src/or/torcert.c                                   |  297 -
 src/or/torcert.h                                   |   76 -
 src/or/transports.c                                | 1744 ----
 src/or/transports.h                                |  139 -
 src/rust/.cargo/config.in                          |   12 +
 src/rust/.rustfmt.toml                             |   12 +
 src/rust/Cargo.lock                                |  122 +
 src/rust/Cargo.toml                                |   26 +
 src/rust/build.rs                                  |  190 +
 src/rust/crypto/Cargo.toml                         |   37 +
 src/rust/crypto/digests/mod.rs                     |    7 +
 src/rust/crypto/digests/sha2.rs                    |  234 +
 src/rust/crypto/lib.rs                             |   46 +
 src/rust/crypto/rand/mod.rs                        |    6 +
 src/rust/crypto/rand/rng.rs                        |  145 +
 src/rust/external/Cargo.toml                       |   20 +
 src/rust/external/crypto_digest.rs                 |  454 +
 src/rust/external/crypto_rand.rs                   |   84 +
 src/rust/external/external.rs                      |   37 +
 src/rust/external/lib.rs                           |   19 +
 src/rust/include.am                                |   41 +
 src/rust/protover/Cargo.toml                       |   33 +
 src/rust/protover/errors.rs                        |   57 +
 src/rust/protover/ffi.rs                           |  245 +
 src/rust/protover/lib.rs                           |   40 +
 src/rust/protover/protoset.rs                      |  689 ++
 src/rust/protover/protover.rs                      |  971 +++
 src/rust/protover/tests/protover.rs                |  404 +
 src/rust/smartlist/Cargo.toml                      |   18 +
 src/rust/smartlist/lib.rs                          |   17 +
 src/rust/smartlist/smartlist.rs                    |  115 +
 src/rust/tor_allocate/Cargo.toml                   |   18 +
 src/rust/tor_allocate/lib.rs                       |   20 +
 src/rust/tor_allocate/tor_allocate.rs              |  104 +
 src/rust/tor_log/Cargo.toml                        |   21 +
 src/rust/tor_log/lib.rs                            |   16 +
 src/rust/tor_log/tor_log.rs                        |  265 +
 src/rust/tor_rust/Cargo.toml                       |   22 +
 src/rust/tor_rust/include.am                       |   28 +
 src/rust/tor_rust/lib.rs                           |    5 +
 src/rust/tor_util/Cargo.toml                       |   24 +
 src/rust/tor_util/ffi.rs                           |   27 +
 src/rust/tor_util/lib.rs                           |   14 +
 src/rust/tor_util/strings.rs                       |  140 +
 src/test/Makefile.nmake                            |    4 +-
 src/test/bench.c                                   |  125 +-
 src/test/bt_test.py                                |    2 +-
 src/test/ed25519_exts_ref.py                       |   38 +-
 src/test/ed25519_vectors.inc                       |   32 +-
 src/test/fakechans.h                               |    3 +-
 src/test/fuzz/dict/consensus                       |   52 +
 src/test/fuzz/dict/descriptor                      |   41 +
 src/test/fuzz/dict/extrainfo                       |   32 +
 src/test/fuzz/dict/hsdescv2                        |    8 +
 src/test/fuzz/dict/hsdescv3                        |    6 +
 src/test/fuzz/dict/http                            |   24 +
 src/test/fuzz/dict/iptsv2                          |    6 +
 src/test/fuzz/dict/microdesc                       |    7 +
 src/test/fuzz/fixup_filenames.sh                   |   19 +
 src/test/fuzz/fuzz_consensus.c                     |   81 +
 src/test/fuzz/fuzz_descriptor.c                    |   81 +
 src/test/fuzz/fuzz_diff.c                          |   69 +
 src/test/fuzz/fuzz_diff_apply.c                    |   65 +
 src/test/fuzz/fuzz_extrainfo.c                     |   67 +
 src/test/fuzz/fuzz_hsdescv2.c                      |   52 +
 src/test/fuzz/fuzz_hsdescv3.c                      |   99 +
 src/test/fuzz/fuzz_http.c                          |  134 +
 src/test/fuzz/fuzz_http_connect.c                  |  109 +
 src/test/fuzz/fuzz_iptsv2.c                        |   50 +
 src/test/fuzz/fuzz_microdesc.c                     |   49 +
 src/test/fuzz/fuzz_multi.sh                        |   34 +
 src/test/fuzz/fuzz_socks.c                         |   50 +
 src/test/fuzz/fuzz_vrs.c                           |   87 +
 src/test/fuzz/fuzzing.h                            |   13 +
 src/test/fuzz/fuzzing_common.c                     |  197 +
 src/test/fuzz/include.am                           |  440 +
 src/test/fuzz/minimize.sh                          |   14 +
 src/test/fuzz_static_testcases.sh                  |   27 +
 src/test/hs_build_address.py                       |   38 +
 src/test/hs_indexes.py                             |   70 +
 src/test/hs_ntor_ref.py                            |  428 +
 src/test/hs_test_helpers.c                         |  325 +
 src/test/hs_test_helpers.h                         |   25 +
 src/test/include.am                                |  224 +-
 src/test/log_test_helpers.c                        |    6 +-
 src/test/log_test_helpers.h                        |   45 +-
 src/test/ntor_ref.py                               |    2 +-
 src/test/ope_ref.py                                |   40 +
 src/test/rend_test_helpers.c                       |   31 +-
 src/test/rend_test_helpers.h                       |    7 +-
 src/test/rust_supp.txt                             |    1 +
 src/test/test-child.c                              |    4 +-
 src/test/test-memwipe.c                            |   17 +-
 src/test/test-network.sh                           |    4 +-
 src/test/test-timers.c                             |   31 +-
 src/test/test.c                                    |  568 +-
 src/test/test.h                                    |   79 +-
 src/test/test_accounting.c                         |   16 +-
 src/test/test_addr.c                               |  248 +-
 src/test/test_address.c                            |  147 +-
 src/test/test_address_set.c                        |   26 +-
 src/test/test_bridges.c                            |  704 ++
 src/test/test_bt_cl.c                              |   27 +-
 src/test/test_buffers.c                            |  548 +-
 src/test/test_bwmgt.c                              |  233 +
 src/test/test_cell_formats.c                       |   66 +-
 src/test/test_cell_queue.c                         |   19 +-
 src/test/test_channel.c                            | 1931 ++---
 src/test/test_channelpadding.c                     | 1104 +++
 src/test/test_channeltls.c                         |   67 +-
 src/test/test_checkdir.c                           |   16 +-
 src/test/test_circuitbuild.c                       |  182 +
 src/test/test_circuitlist.c                        |  192 +-
 src/test/test_circuitmux.c                         |   69 +-
 src/test/test_circuitstats.c                       |  206 +
 src/test/test_circuituse.c                         |  310 +
 src/test/test_compat_libevent.c                    |   71 +-
 src/test/test_config.c                             | 1983 +++--
 src/test/test_connection.c                         |  558 +-
 src/test/test_connection.h                         |   13 +
 src/test/test_conscache.c                          |  340 +
 src/test/test_consdiff.c                           | 1185 +++
 src/test/test_consdiffmgr.c                        |  900 ++
 src/test/test_containers.c                         |  150 +-
 src/test/test_controller.c                         |  667 +-
 src/test/test_controller_events.c                  |  160 +-
 src/test/test_crypto.c                             |  538 +-
 src/test/test_crypto_ope.c                         |  154 +
 src/test/test_crypto_openssl.c                     |  106 +
 src/test/test_crypto_slow.c                        |   50 +-
 src/test/test_data.c                               |    4 +-
 src/test/test_dir.c                                | 2531 ++++--
 src/test/test_dir_common.c                         |   28 +-
 src/test/test_dir_common.h                         |    7 +-
 src/test/test_dir_handle_get.c                     |  376 +-
 src/test/test_dns.c                                |   88 +-
 src/test/test_dos.c                                |   31 +-
 src/test/test_entryconn.c                          |  202 +-
 src/test/test_entrynodes.c                         | 3519 ++++++--
 src/test/test_extorport.c                          |   86 +-
 src/test/test_geoip.c                              |  580 ++
 src/test/test_guardfraction.c                      |   81 +-
 src/test/test_handles.c                            |   13 +-
 src/test/test_helpers.c                            |  229 +-
 src/test/test_helpers.h                            |   22 +-
 src/test/test_hs.c                                 |  613 +-
 src/test/test_hs_cache.c                           |  566 ++
 src/test/test_hs_cell.c                            |  131 +
 src/test/test_hs_client.c                          | 1010 +++
 src/test/test_hs_common.c                          | 1839 ++++
 src/test/test_hs_config.c                          |  517 ++
 src/test/test_hs_control.c                         |  194 +
 src/test/test_hs_descriptor.c                      |  965 +++
 src/test/test_hs_descriptor.inc                    |  224 +
 src/test/test_hs_intropoint.c                      |  930 ++
 src/test/test_hs_ntor.c                            |  115 +
 src/test/test_hs_ntor.sh                           |   11 +
 src/test/test_hs_ntor_cl.c                         |  259 +
 src/test/test_hs_service.c                         | 2145 +++++
 src/test/test_introduce.c                          |   20 +-
 src/test/test_key_expiration.sh                    |  138 +
 src/test/test_keygen.sh                            |  112 +-
 src/test/test_keypin.c                             |  112 +-
 src/test/test_link_handshake.c                     |  941 +-
 src/test/test_logging.c                            |   28 +-
 src/test/test_mainloop.c                           |  142 +
 src/test/test_microdesc.c                          |  135 +-
 src/test/test_nodelist.c                           |  140 +-
 src/test/test_ntor_cl.c                            |   18 +-
 src/test/test_oom.c                                |   83 +-
 src/test/test_oos.c                                |   37 +-
 src/test/test_options.c                            |  981 +--
 src/test/test_pem.c                                |  122 +
 src/test/test_periodic_event.c                     |  333 +
 src/test/test_policy.c                             |  492 +-
 src/test/test_procmon.c                            |   10 +-
 src/test/test_proto_http.c                         |  213 +
 src/test/test_proto_misc.c                         |  265 +
 src/test/test_protover.c                           |  363 +-
 src/test/test_pt.c                                 |   74 +-
 src/test/test_pubsub.c                             |   85 -
 src/test/test_rebind.py                            |  145 +
 src/test/test_rebind.sh                            |   32 +
 src/test/test_relay.c                              |   59 +-
 src/test/test_relaycell.c                          |  837 +-
 src/test/test_relaycrypt.c                         |  190 +
 src/test/test_rendcache.c                          |  114 +-
 src/test/test_replay.c                             |   34 +-
 src/test/test_router.c                             |  119 +-
 src/test/test_routerkeys.c                         |  334 +-
 src/test/test_routerlist.c                         |  432 +-
 src/test/test_routerset.c                          |  130 +-
 src/test/test_rust.sh                              |   27 +
 src/test/test_scheduler.c                          | 1115 ++-
 src/test/test_shared_random.c                      |  508 +-
 src/test/test_slow.c                               |    6 +-
 src/test/test_socks.c                              |  671 +-
 src/test/test_status.c                             |   57 +-
 src/test/test_storagedir.c                         |  376 +
 src/test/test_switch_id.c                          |   17 +-
 src/test/test_threads.c                            |   20 +-
 src/test/test_tortls.c                             | 2860 +-----
 src/test/test_tortls.h                             |   13 +
 src/test/test_tortls_openssl.c                     | 2316 +++++
 src/test/test_util.c                               | 1553 +++-
 src/test/test_util_format.c                        |   99 +-
 src/test/test_util_process.c                       |   12 +-
 src/test/test_util_slow.c                          |   45 +-
 src/test/test_voting_schedule.c                    |   64 +
 src/test/test_workqueue.c                          |   79 +-
 src/test/test_x509.c                               |  205 +
 src/test/test_zero_length_keys.sh                  |    6 +-
 src/test/testing_common.c                          |  181 +-
 src/test/testing_rsakeys.c                         |  546 ++
 src/test/zero_length_keys.sh                       |    3 +-
 src/tools/Makefile.nmake                           |    5 +-
 src/tools/include.am                               |   80 +-
 src/tools/tor-checkkey.c                           |   89 -
 src/tools/tor-fw-helper/README                     |   10 -
 src/tools/tor-gencert.c                            |  110 +-
 src/tools/tor-print-ed-signing-cert.c              |   65 +
 src/tools/tor-resolve.c                            |   72 +-
 src/tools/tor_runner.c                             |  112 +
 src/trunnel/channelpadding_negotiation.c           |  281 +
 src/trunnel/channelpadding_negotiation.h           |   98 +
 src/trunnel/channelpadding_negotiation.trunnel     |   17 +
 src/trunnel/ed25519_cert.c                         | 2312 ++++-
 src/trunnel/ed25519_cert.h                         |  678 +-
 src/trunnel/ed25519_cert.trunnel                   |   64 +-
 src/trunnel/hs/cell_common.c                       |  595 ++
 src/trunnel/hs/cell_common.h                       |  203 +
 src/trunnel/hs/cell_common.trunnel                 |   12 +
 src/trunnel/hs/cell_establish_intro.c              |  735 ++
 src/trunnel/hs/cell_establish_intro.h              |  276 +
 src/trunnel/hs/cell_establish_intro.trunnel        |   41 +
 src/trunnel/hs/cell_introduce1.c                   | 1347 +++
 src/trunnel/hs/cell_introduce1.h                   |  500 ++
 src/trunnel/hs/cell_introduce1.trunnel             |   75 +
 src/trunnel/hs/cell_rendezvous.c                   |  470 +
 src/trunnel/hs/cell_rendezvous.h                   |  187 +
 src/trunnel/hs/cell_rendezvous.trunnel             |   29 +
 src/trunnel/include.am                             |   36 +-
 src/trunnel/link_handshake.c                       |  212 +-
 src/trunnel/link_handshake.h                       |  148 +-
 src/trunnel/pwbox.c                                |   54 +-
 src/trunnel/pwbox.h                                |   38 +-
 src/trunnel/socks5.c                               | 3978 +++++++++
 src/trunnel/socks5.h                               |  995 +++
 src/trunnel/socks5.trunnel                         |   94 +
 src/trunnel/trunnel-local.h                        |    6 +-
 src/win32/orconfig.h                               |    2 +-
 warning_flags.in                                   |    1 +
 1347 files changed, 319206 insertions(+), 195287 deletions(-)

diff --cc src/core/or/channeltls.c
index 000000000,91a424728..4db283d20
mode 000000,100644..100644
--- a/src/core/or/channeltls.c
+++ b/src/core/or/channeltls.c
@@@ -1,0 -1,2477 +1,2485 @@@
+ /* * Copyright (c) 2012-2019, The Tor Project, Inc. */
+ /* See LICENSE for licensing information */
+ 
+ /**
+  * \file channeltls.c
+  *
+  * \brief A concrete subclass of channel_t using or_connection_t to transfer
+  * cells between Tor instances.
+  *
+  * This module fills in the various function pointers in channel_t, to
+  * implement the channel_tls_t channels as used in Tor today.  These channels
+  * are created from channel_tls_connect() and
+  * channel_tls_handle_incoming(). Each corresponds 1:1 to or_connection_t
+  * object, as implemented in connection_or.c.  These channels transmit cells
+  * to the underlying or_connection_t by calling
+  * connection_or_write_*_cell_to_buf(), and receive cells from the underlying
+  * or_connection_t when connection_or_process_cells_from_inbuf() calls
+  * channel_tls_handle_*_cell().
+  *
+  * Here we also implement the server (responder) side of the v3+ Tor link
+  * handshake, which uses CERTS and AUTHENTICATE cell to negotiate versions,
+  * exchange expected and observed IP and time information, and bootstrap a
+  * level of authentication higher than we have gotten on the raw TLS
+  * handshake.
+  *
+  * NOTE: Since there is currently only one type of channel, there are probably
+  * more than a few cases where functionality that is currently in
+  * channeltls.c, connection_or.c, and channel.c ought to be divided up
+  * differently.  The right time to do this is probably whenever we introduce
+  * our next channel type.
+  **/
+ 
+ /*
+  * Define this so channel.h gives us things only channel_t subclasses
+  * should touch.
+  */
+ #define TOR_CHANNEL_INTERNAL_
+ 
+ #define CHANNELTLS_PRIVATE
+ 
+ #include "core/or/or.h"
+ #include "core/or/channel.h"
+ #include "core/or/channeltls.h"
+ #include "core/or/circuitmux.h"
+ #include "core/or/circuitmux_ewma.h"
+ #include "core/or/command.h"
+ #include "app/config/config.h"
+ #include "core/mainloop/connection.h"
+ #include "core/or/connection_or.h"
+ #include "feature/control/control.h"
+ #include "feature/client/entrynodes.h"
+ #include "trunnel/link_handshake.h"
+ #include "core/or/relay.h"
+ #include "feature/stats/rephist.h"
+ #include "feature/relay/router.h"
+ #include "feature/relay/routermode.h"
+ #include "feature/nodelist/dirlist.h"
+ #include "core/or/scheduler.h"
+ #include "feature/nodelist/torcert.h"
+ #include "feature/nodelist/networkstatus.h"
+ #include "trunnel/channelpadding_negotiation.h"
+ #include "core/or/channelpadding.h"
+ 
+ #include "core/or/cell_st.h"
+ #include "core/or/cell_queue_st.h"
+ #include "core/or/extend_info_st.h"
+ #include "core/or/or_connection_st.h"
+ #include "core/or/or_handshake_certs_st.h"
+ #include "core/or/or_handshake_state_st.h"
+ #include "feature/nodelist/routerinfo_st.h"
+ #include "core/or/var_cell_st.h"
+ 
+ #include "lib/tls/tortls.h"
+ #include "lib/tls/x509.h"
+ 
+ /** How many CELL_PADDING cells have we received, ever? */
+ uint64_t stats_n_padding_cells_processed = 0;
+ /** How many CELL_VERSIONS cells have we received, ever? */
+ uint64_t stats_n_versions_cells_processed = 0;
+ /** How many CELL_NETINFO cells have we received, ever? */
+ uint64_t stats_n_netinfo_cells_processed = 0;
+ /** How many CELL_VPADDING cells have we received, ever? */
+ uint64_t stats_n_vpadding_cells_processed = 0;
+ /** How many CELL_CERTS cells have we received, ever? */
+ uint64_t stats_n_certs_cells_processed = 0;
+ /** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
+ uint64_t stats_n_auth_challenge_cells_processed = 0;
+ /** How many CELL_AUTHENTICATE cells have we received, ever? */
+ uint64_t stats_n_authenticate_cells_processed = 0;
+ /** How many CELL_AUTHORIZE cells have we received, ever? */
+ uint64_t stats_n_authorize_cells_processed = 0;
+ 
+ /** Active listener, if any */
+ static channel_listener_t *channel_tls_listener = NULL;
+ 
+ /* channel_tls_t method declarations */
+ 
+ static void channel_tls_close_method(channel_t *chan);
+ static const char * channel_tls_describe_transport_method(channel_t *chan);
+ static void channel_tls_free_method(channel_t *chan);
+ static double channel_tls_get_overhead_estimate_method(channel_t *chan);
+ static int
+ channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out);
+ static int
+ channel_tls_get_transport_name_method(channel_t *chan, char **transport_out);
+ static const char *
+ channel_tls_get_remote_descr_method(channel_t *chan, int flags);
+ static int channel_tls_has_queued_writes_method(channel_t *chan);
+ static int channel_tls_is_canonical_method(channel_t *chan, int req);
+ static int
+ channel_tls_matches_extend_info_method(channel_t *chan,
+                                        extend_info_t *extend_info);
+ static int channel_tls_matches_target_method(channel_t *chan,
+                                              const tor_addr_t *target);
+ static int channel_tls_num_cells_writeable_method(channel_t *chan);
+ static size_t channel_tls_num_bytes_queued_method(channel_t *chan);
+ static int channel_tls_write_cell_method(channel_t *chan,
+                                          cell_t *cell);
+ static int channel_tls_write_packed_cell_method(channel_t *chan,
+                                                 packed_cell_t *packed_cell);
+ static int channel_tls_write_var_cell_method(channel_t *chan,
+                                              var_cell_t *var_cell);
+ 
+ /* channel_listener_tls_t method declarations */
+ 
+ static void channel_tls_listener_close_method(channel_listener_t *chan_l);
+ static const char *
+ channel_tls_listener_describe_transport_method(channel_listener_t *chan_l);
+ 
+ /** Handle incoming cells for the handshake stuff here rather than
+  * passing them on up. */
+ 
+ static void channel_tls_process_versions_cell(var_cell_t *cell,
+                                               channel_tls_t *tlschan);
+ static void channel_tls_process_netinfo_cell(cell_t *cell,
+                                              channel_tls_t *tlschan);
+ static int command_allowed_before_handshake(uint8_t command);
+ static int enter_v3_handshake_with_cell(var_cell_t *cell,
+                                         channel_tls_t *tlschan);
+ static void channel_tls_process_padding_negotiate_cell(cell_t *cell,
+                                                        channel_tls_t *chan);
+ 
+ /**
+  * Do parts of channel_tls_t initialization common to channel_tls_connect()
+  * and channel_tls_handle_incoming().
+  */
+ STATIC void
+ channel_tls_common_init(channel_tls_t *tlschan)
+ {
+   channel_t *chan;
+ 
+   tor_assert(tlschan);
+ 
+   chan = &(tlschan->base_);
+   channel_init(chan);
+   chan->magic = TLS_CHAN_MAGIC;
+   chan->state = CHANNEL_STATE_OPENING;
+   chan->close = channel_tls_close_method;
+   chan->describe_transport = channel_tls_describe_transport_method;
+   chan->free_fn = channel_tls_free_method;
+   chan->get_overhead_estimate = channel_tls_get_overhead_estimate_method;
+   chan->get_remote_addr = channel_tls_get_remote_addr_method;
+   chan->get_remote_descr = channel_tls_get_remote_descr_method;
+   chan->get_transport_name = channel_tls_get_transport_name_method;
+   chan->has_queued_writes = channel_tls_has_queued_writes_method;
+   chan->is_canonical = channel_tls_is_canonical_method;
+   chan->matches_extend_info = channel_tls_matches_extend_info_method;
+   chan->matches_target = channel_tls_matches_target_method;
+   chan->num_bytes_queued = channel_tls_num_bytes_queued_method;
+   chan->num_cells_writeable = channel_tls_num_cells_writeable_method;
+   chan->write_cell = channel_tls_write_cell_method;
+   chan->write_packed_cell = channel_tls_write_packed_cell_method;
+   chan->write_var_cell = channel_tls_write_var_cell_method;
+ 
+   chan->cmux = circuitmux_alloc();
+   /* We only have one policy for now so always set it to EWMA. */
+   circuitmux_set_policy(chan->cmux, &ewma_policy);
+ }
+ 
+ /**
+  * Start a new TLS channel.
+  *
+  * Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
+  * handshake with an OR with identity digest <b>id_digest</b>, and wrap
+  * it in a channel_tls_t.
+  */
+ channel_t *
+ channel_tls_connect(const tor_addr_t *addr, uint16_t port,
+                     const char *id_digest,
+                     const ed25519_public_key_t *ed_id)
+ {
+   channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
+   channel_t *chan = &(tlschan->base_);
+ 
+   channel_tls_common_init(tlschan);
+ 
+   log_debug(LD_CHANNEL,
+             "In channel_tls_connect() for channel %p "
+             "(global id %"PRIu64 ")",
+             tlschan,
+             (chan->global_identifier));
+ 
+   if (is_local_addr(addr)) {
+     log_debug(LD_CHANNEL,
+               "Marking new outgoing channel %"PRIu64 " at %p as local",
+               (chan->global_identifier), chan);
+     channel_mark_local(chan);
+   } else {
+     log_debug(LD_CHANNEL,
+               "Marking new outgoing channel %"PRIu64 " at %p as remote",
+               (chan->global_identifier), chan);
+     channel_mark_remote(chan);
+   }
+ 
+   channel_mark_outgoing(chan);
+ 
+   /* Set up or_connection stuff */
+   tlschan->conn = connection_or_connect(addr, port, id_digest, ed_id, tlschan);
+   /* connection_or_connect() will fill in tlschan->conn */
+   if (!(tlschan->conn)) {
+     chan->reason_for_closing = CHANNEL_CLOSE_FOR_ERROR;
+     channel_change_state(chan, CHANNEL_STATE_ERROR);
+     goto err;
+   }
+ 
+   log_debug(LD_CHANNEL,
+             "Got orconn %p for channel with global id %"PRIu64,
+             tlschan->conn, (chan->global_identifier));
+ 
+   goto done;
+ 
+  err:
+   circuitmux_free(chan->cmux);
+   tor_free(tlschan);
+   chan = NULL;
+ 
+  done:
+   /* If we got one, we should register it */
+   if (chan) channel_register(chan);
+ 
+   return chan;
+ }
+ 
+ /**
+  * Return the current channel_tls_t listener.
+  *
+  * Returns the current channel listener for incoming TLS connections, or
+  * NULL if none has been established
+  */
+ channel_listener_t *
+ channel_tls_get_listener(void)
+ {
+   return channel_tls_listener;
+ }
+ 
+ /**
+  * Start a channel_tls_t listener if necessary.
+  *
+  * Return the current channel_tls_t listener, or start one if we haven't yet,
+  * and return that.
+  */
+ channel_listener_t *
+ channel_tls_start_listener(void)
+ {
+   channel_listener_t *listener;
+ 
+   if (!channel_tls_listener) {
+     listener = tor_malloc_zero(sizeof(*listener));
+     channel_init_listener(listener);
+     listener->state = CHANNEL_LISTENER_STATE_LISTENING;
+     listener->close = channel_tls_listener_close_method;
+     listener->describe_transport =
+       channel_tls_listener_describe_transport_method;
+ 
+     channel_tls_listener = listener;
+ 
+     log_debug(LD_CHANNEL,
+               "Starting TLS channel listener %p with global id %"PRIu64,
+               listener, (listener->global_identifier));
+ 
+     channel_listener_register(listener);
+   } else listener = channel_tls_listener;
+ 
+   return listener;
+ }
+ 
+ /**
+  * Free everything on shutdown.
+  *
+  * Not much to do here, since channel_free_all() takes care of a lot, but let's
+  * get rid of the listener.
+  */
+ void
+ channel_tls_free_all(void)
+ {
+   channel_listener_t *old_listener = NULL;
+ 
+   log_debug(LD_CHANNEL,
+             "Shutting down TLS channels...");
+ 
+   if (channel_tls_listener) {
+     /*
+      * When we close it, channel_tls_listener will get nulled out, so save
+      * a pointer so we can free it.
+      */
+     old_listener = channel_tls_listener;
+     log_debug(LD_CHANNEL,
+               "Closing channel_tls_listener with ID %"PRIu64
+               " at %p.",
+               (old_listener->global_identifier),
+               old_listener);
+     channel_listener_unregister(old_listener);
+     channel_listener_mark_for_close(old_listener);
+     channel_listener_free(old_listener);
+     tor_assert(channel_tls_listener == NULL);
+   }
+ 
+   log_debug(LD_CHANNEL,
+             "Done shutting down TLS channels");
+ }
+ 
+ /**
+  * Create a new channel around an incoming or_connection_t.
+  */
+ channel_t *
+ channel_tls_handle_incoming(or_connection_t *orconn)
+ {
+   channel_tls_t *tlschan = tor_malloc_zero(sizeof(*tlschan));
+   channel_t *chan = &(tlschan->base_);
+ 
+   tor_assert(orconn);
+   tor_assert(!(orconn->chan));
+ 
+   channel_tls_common_init(tlschan);
+ 
+   /* Link the channel and orconn to each other */
+   tlschan->conn = orconn;
+   orconn->chan = tlschan;
+ 
+   if (is_local_addr(&(TO_CONN(orconn)->addr))) {
+     log_debug(LD_CHANNEL,
+               "Marking new incoming channel %"PRIu64 " at %p as local",
+               (chan->global_identifier), chan);
+     channel_mark_local(chan);
+   } else {
+     log_debug(LD_CHANNEL,
+               "Marking new incoming channel %"PRIu64 " at %p as remote",
+               (chan->global_identifier), chan);
+     channel_mark_remote(chan);
+   }
+ 
+   channel_mark_incoming(chan);
+ 
+   /* Register it */
+   channel_register(chan);
+ 
+   return chan;
+ }
+ 
+ /*********
+  * Casts *
+  ********/
+ 
+ /**
+  * Cast a channel_tls_t to a channel_t.
+  */
+ channel_t *
+ channel_tls_to_base(channel_tls_t *tlschan)
+ {
+   if (!tlschan) return NULL;
+ 
+   return &(tlschan->base_);
+ }
+ 
+ /**
+  * Cast a channel_t to a channel_tls_t, with appropriate type-checking
+  * asserts.
+  */
+ channel_tls_t *
+ channel_tls_from_base(channel_t *chan)
+ {
+   if (!chan) return NULL;
+ 
+   tor_assert(chan->magic == TLS_CHAN_MAGIC);
+ 
+   return (channel_tls_t *)(chan);
+ }
+ 
+ /********************************************
+  * Method implementations for channel_tls_t *
+  *******************************************/
+ 
+ /**
+  * Close a channel_tls_t.
+  *
+  * This implements the close method for channel_tls_t.
+  */
+ static void
+ channel_tls_close_method(channel_t *chan)
+ {
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+ 
+   tor_assert(tlschan);
+ 
+   if (tlschan->conn) connection_or_close_normally(tlschan->conn, 1);
+   else {
+     /* Weird - we'll have to change the state ourselves, I guess */
+     log_info(LD_CHANNEL,
+              "Tried to close channel_tls_t %p with NULL conn",
+              tlschan);
+     channel_change_state(chan, CHANNEL_STATE_ERROR);
+   }
+ }
+ 
+ /**
+  * Describe the transport for a channel_tls_t.
+  *
+  * This returns the string "TLS channel on connection <id>" to the upper
+  * layer.
+  */
+ static const char *
+ channel_tls_describe_transport_method(channel_t *chan)
+ {
+   static char *buf = NULL;
+   uint64_t id;
+   channel_tls_t *tlschan;
+   const char *rv = NULL;
+ 
+   tor_assert(chan);
+ 
+   tlschan = BASE_CHAN_TO_TLS(chan);
+ 
+   if (tlschan->conn) {
+     id = TO_CONN(tlschan->conn)->global_identifier;
+ 
+     if (buf) tor_free(buf);
+     tor_asprintf(&buf,
+                  "TLS channel (connection %"PRIu64 ")",
+                  (id));
+ 
+     rv = buf;
+   } else {
+     rv = "TLS channel (no connection)";
+   }
+ 
+   return rv;
+ }
+ 
+ /**
+  * Free a channel_tls_t.
+  *
+  * This is called by the generic channel layer when freeing a channel_tls_t;
+  * this happens either on a channel which has already reached
+  * CHANNEL_STATE_CLOSED or CHANNEL_STATE_ERROR from channel_run_cleanup() or
+  * on shutdown from channel_free_all().  In the latter case we might still
+  * have an orconn active (which connection_free_all() will get to later),
+  * so we should null out its channel pointer now.
+  */
+ static void
+ channel_tls_free_method(channel_t *chan)
+ {
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+ 
+   tor_assert(tlschan);
+ 
+   if (tlschan->conn) {
+     tlschan->conn->chan = NULL;
+     tlschan->conn = NULL;
+   }
+ }
+ 
+ /**
+  * Get an estimate of the average TLS overhead for the upper layer.
+  */
+ static double
+ channel_tls_get_overhead_estimate_method(channel_t *chan)
+ {
+   double overhead = 1.0;
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+ 
+   tor_assert(tlschan);
+   tor_assert(tlschan->conn);
+ 
+   /* Just return 1.0f if we don't have sensible data */
+   if (tlschan->conn->bytes_xmitted > 0 &&
+       tlschan->conn->bytes_xmitted_by_tls >=
+       tlschan->conn->bytes_xmitted) {
+     overhead = ((double)(tlschan->conn->bytes_xmitted_by_tls)) /
+       ((double)(tlschan->conn->bytes_xmitted));
+ 
+     /*
+      * Never estimate more than 2.0; otherwise we get silly large estimates
+      * at the very start of a new TLS connection.
+      */
+     if (overhead > 2.0)
+       overhead = 2.0;
+   }
+ 
+   log_debug(LD_CHANNEL,
+             "Estimated overhead ratio for TLS chan %"PRIu64 " is %f",
+             (chan->global_identifier), overhead);
+ 
+   return overhead;
+ }
+ 
+ /**
+  * Get the remote address of a channel_tls_t.
+  *
+  * This implements the get_remote_addr method for channel_tls_t; copy the
+  * remote endpoint of the channel to addr_out and return 1 (always
+  * succeeds for this transport).
+  */
+ static int
+ channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out)
+ {
+   int rv = 0;
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+ 
+   tor_assert(tlschan);
+   tor_assert(addr_out);
+ 
+   if (tlschan->conn) {
+     tor_addr_copy(addr_out, &(tlschan->conn->real_addr));
+     rv = 1;
+   } else tor_addr_make_unspec(addr_out);
+ 
+   return rv;
+ }
+ 
+ /**
+  * Get the name of the pluggable transport used by a channel_tls_t.
+  *
+  * This implements the get_transport_name for channel_tls_t. If the
+  * channel uses a pluggable transport, copy its name to
+  * <b>transport_out</b> and return 0. If the channel did not use a
+  * pluggable transport, return -1.
+  */
+ static int
+ channel_tls_get_transport_name_method(channel_t *chan, char **transport_out)
+ {
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+ 
+   tor_assert(tlschan);
+   tor_assert(transport_out);
+   tor_assert(tlschan->conn);
+ 
+   if (!tlschan->conn->ext_or_transport)
+     return -1;
+ 
+   *transport_out = tor_strdup(tlschan->conn->ext_or_transport);
+   return 0;
+ }
+ 
+ /**
+  * Get endpoint description of a channel_tls_t.
+  *
+  * This implements the get_remote_descr method for channel_tls_t; it returns
+  * a text description of the remote endpoint of the channel suitable for use
+  * in log messages. The req parameter is 0 for the canonical address or 1 for
+  * the actual address seen.
+  */
+ static const char *
+ channel_tls_get_remote_descr_method(channel_t *chan, int flags)
+ {
+ #define MAX_DESCR_LEN 32
+ 
+   static char buf[MAX_DESCR_LEN + 1];
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+   connection_t *conn;
+   const char *answer = NULL;
+   char *addr_str;
+ 
+   tor_assert(tlschan);
+ 
+   if (tlschan->conn) {
+     conn = TO_CONN(tlschan->conn);
+     switch (flags) {
+       case 0:
+         /* Canonical address with port*/
+         tor_snprintf(buf, MAX_DESCR_LEN + 1,
+                      "%s:%u", conn->address, conn->port);
+         answer = buf;
+         break;
+       case GRD_FLAG_ORIGINAL:
+         /* Actual address with port */
+         addr_str = tor_addr_to_str_dup(&(tlschan->conn->real_addr));
+         tor_snprintf(buf, MAX_DESCR_LEN + 1,
+                      "%s:%u", addr_str, conn->port);
+         tor_free(addr_str);
+         answer = buf;
+         break;
+       case GRD_FLAG_ADDR_ONLY:
+         /* Canonical address, no port */
+         strlcpy(buf, conn->address, sizeof(buf));
+         answer = buf;
+         break;
+       case GRD_FLAG_ORIGINAL|GRD_FLAG_ADDR_ONLY:
+         /* Actual address, no port */
+         addr_str = tor_addr_to_str_dup(&(tlschan->conn->real_addr));
+         strlcpy(buf, addr_str, sizeof(buf));
+         tor_free(addr_str);
+         answer = buf;
+         break;
+       default:
+         /* Something's broken in channel.c */
+         tor_assert_nonfatal_unreached_once();
+     }
+   } else {
+     strlcpy(buf, "(No connection)", sizeof(buf));
+     answer = buf;
+   }
+ 
+   return answer;
+ }
+ 
+ /**
+  * Tell the upper layer if we have queued writes.
+  *
+  * This implements the has_queued_writes method for channel_tls t_; it returns
+  * 1 iff we have queued writes on the outbuf of the underlying or_connection_t.
+  */
+ static int
+ channel_tls_has_queued_writes_method(channel_t *chan)
+ {
+   size_t outbuf_len;
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+ 
+   tor_assert(tlschan);
+   if (!(tlschan->conn)) {
+     log_info(LD_CHANNEL,
+              "something called has_queued_writes on a tlschan "
+              "(%p with ID %"PRIu64 " but no conn",
+              chan, (chan->global_identifier));
+   }
+ 
+   outbuf_len = (tlschan->conn != NULL) ?
+     connection_get_outbuf_len(TO_CONN(tlschan->conn)) :
+     0;
+ 
+   return (outbuf_len > 0);
+ }
+ 
+ /**
+  * Tell the upper layer if we're canonical.
+  *
+  * This implements the is_canonical method for channel_tls_t; if req is zero,
+  * it returns whether this is a canonical channel, and if it is one it returns
+  * whether that can be relied upon.
+  */
+ static int
+ channel_tls_is_canonical_method(channel_t *chan, int req)
+ {
+   int answer = 0;
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+ 
+   tor_assert(tlschan);
+ 
+   if (tlschan->conn) {
+     switch (req) {
+       case 0:
+         answer = tlschan->conn->is_canonical;
+         break;
+       case 1:
+         /*
+          * Is the is_canonical bit reliable?  In protocols version 2 and up
+          * we get the canonical address from a NETINFO cell, but in older
+          * versions it might be based on an obsolete descriptor.
+          */
+         answer = (tlschan->conn->link_proto >= 2);
+         break;
+       default:
+         /* This shouldn't happen; channel.c is broken if it does */
+         tor_assert_nonfatal_unreached_once();
+     }
+   }
+   /* else return 0 for tlschan->conn == NULL */
+ 
+   return answer;
+ }
+ 
+ /**
+  * Check if we match an extend_info_t.
+  *
+  * This implements the matches_extend_info method for channel_tls_t; the upper
+  * layer wants to know if this channel matches an extend_info_t.
+  */
+ static int
+ channel_tls_matches_extend_info_method(channel_t *chan,
+                                        extend_info_t *extend_info)
+ {
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+ 
+   tor_assert(tlschan);
+   tor_assert(extend_info);
+ 
+   /* Never match if we have no conn */
+   if (!(tlschan->conn)) {
+     log_info(LD_CHANNEL,
+              "something called matches_extend_info on a tlschan "
+              "(%p with ID %"PRIu64 " but no conn",
+              chan, (chan->global_identifier));
+     return 0;
+   }
+ 
+   return (tor_addr_eq(&(extend_info->addr),
+                       &(TO_CONN(tlschan->conn)->addr)) &&
+          (extend_info->port == TO_CONN(tlschan->conn)->port));
+ }
+ 
+ /**
+  * Check if we match a target address; return true iff we do.
+  *
+  * This implements the matches_target method for channel_tls t_; the upper
+  * layer wants to know if this channel matches a target address when extending
+  * a circuit.
+  */
+ static int
+ channel_tls_matches_target_method(channel_t *chan,
+                                   const tor_addr_t *target)
+ {
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+ 
+   tor_assert(tlschan);
+   tor_assert(target);
+ 
+   /* Never match if we have no conn */
+   if (!(tlschan->conn)) {
+     log_info(LD_CHANNEL,
+              "something called matches_target on a tlschan "
+              "(%p with ID %"PRIu64 " but no conn",
+              chan, (chan->global_identifier));
+     return 0;
+   }
+ 
+   /* real_addr is the address this connection came from.
+    * base_.addr is updated by connection_or_init_conn_from_address()
+    * to be the address in the descriptor. It may be tempting to
+    * allow either address to be allowed, but if we did so, it would
+    * enable someone who steals a relay's keys to impersonate/MITM it
+    * from anywhere on the Internet! (Because they could make long-lived
+    * TLS connections from anywhere to all relays, and wait for them to
+    * be used for extends).
+    */
+   return tor_addr_eq(&(tlschan->conn->real_addr), target);
+ }
+ 
+ /**
+  * Tell the upper layer how many bytes we have queued and not yet
+  * sent.
+  */
+ static size_t
+ channel_tls_num_bytes_queued_method(channel_t *chan)
+ {
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+ 
+   tor_assert(tlschan);
+   tor_assert(tlschan->conn);
+ 
+   return connection_get_outbuf_len(TO_CONN(tlschan->conn));
+ }
+ 
+ /**
+  * Tell the upper layer how many cells we can accept to write.
+  *
+  * This implements the num_cells_writeable method for channel_tls_t; it
+  * returns an estimate of the number of cells we can accept with
+  * channel_tls_write_*_cell().
+  */
+ static int
+ channel_tls_num_cells_writeable_method(channel_t *chan)
+ {
+   size_t outbuf_len;
+   ssize_t n;
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+   size_t cell_network_size;
+ 
+   tor_assert(tlschan);
+   tor_assert(tlschan->conn);
+ 
+   cell_network_size = get_cell_network_size(tlschan->conn->wide_circ_ids);
+   outbuf_len = connection_get_outbuf_len(TO_CONN(tlschan->conn));
+   /* Get the number of cells */
+   n = CEIL_DIV(OR_CONN_HIGHWATER - outbuf_len, cell_network_size);
+   if (n < 0) n = 0;
+ #if SIZEOF_SIZE_T > SIZEOF_INT
+   if (n > INT_MAX) n = INT_MAX;
+ #endif
+ 
+   return (int)n;
+ }
+ 
+ /**
+  * Write a cell to a channel_tls_t.
+  *
+  * This implements the write_cell method for channel_tls_t; given a
+  * channel_tls_t and a cell_t, transmit the cell_t.
+  */
+ static int
+ channel_tls_write_cell_method(channel_t *chan, cell_t *cell)
+ {
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+   int written = 0;
+ 
+   tor_assert(tlschan);
+   tor_assert(cell);
+ 
+   if (tlschan->conn) {
+     connection_or_write_cell_to_buf(cell, tlschan->conn);
+     ++written;
+   } else {
+     log_info(LD_CHANNEL,
+              "something called write_cell on a tlschan "
+              "(%p with ID %"PRIu64 " but no conn",
+              chan, (chan->global_identifier));
+   }
+ 
+   return written;
+ }
+ 
+ /**
+  * Write a packed cell to a channel_tls_t.
+  *
+  * This implements the write_packed_cell method for channel_tls_t; given a
+  * channel_tls_t and a packed_cell_t, transmit the packed_cell_t.
+  *
+  * Return 0 on success or negative value on error. The caller must free the
+  * packed cell.
+  */
+ static int
+ channel_tls_write_packed_cell_method(channel_t *chan,
+                                      packed_cell_t *packed_cell)
+ {
+   tor_assert(chan);
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+   size_t cell_network_size = get_cell_network_size(chan->wide_circ_ids);
+ 
+   tor_assert(tlschan);
+   tor_assert(packed_cell);
+ 
+   if (tlschan->conn) {
+     connection_buf_add(packed_cell->body, cell_network_size,
+                             TO_CONN(tlschan->conn));
+   } else {
+     log_info(LD_CHANNEL,
+              "something called write_packed_cell on a tlschan "
+              "(%p with ID %"PRIu64 " but no conn",
+              chan, (chan->global_identifier));
+     return -1;
+   }
+ 
+   return 0;
+ }
+ 
+ /**
+  * Write a variable-length cell to a channel_tls_t.
+  *
+  * This implements the write_var_cell method for channel_tls_t; given a
+  * channel_tls_t and a var_cell_t, transmit the var_cell_t.
+  */
+ static int
+ channel_tls_write_var_cell_method(channel_t *chan, var_cell_t *var_cell)
+ {
+   channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+   int written = 0;
+ 
+   tor_assert(tlschan);
+   tor_assert(var_cell);
+ 
+   if (tlschan->conn) {
+     connection_or_write_var_cell_to_buf(var_cell, tlschan->conn);
+     ++written;
+   } else {
+     log_info(LD_CHANNEL,
+              "something called write_var_cell on a tlschan "
+              "(%p with ID %"PRIu64 " but no conn",
+              chan, (chan->global_identifier));
+   }
+ 
+   return written;
+ }
+ 
+ /*************************************************
+  * Method implementations for channel_listener_t *
+  ************************************************/
+ 
+ /**
+  * Close a channel_listener_t.
+  *
+  * This implements the close method for channel_listener_t.
+  */
+ static void
+ channel_tls_listener_close_method(channel_listener_t *chan_l)
+ {
+   tor_assert(chan_l);
+ 
+   /*
+    * Listeners we just go ahead and change state through to CLOSED, but
+    * make sure to check if they're channel_tls_listener to NULL it out.
+    */
+   if (chan_l == channel_tls_listener)
+     channel_tls_listener = NULL;
+ 
+   if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSING ||
+         chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
+         chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
+     channel_listener_change_state(chan_l, CHANNEL_LISTENER_STATE_CLOSING);
+   }
+ 
+   if (chan_l->incoming_list) {
+     SMARTLIST_FOREACH_BEGIN(chan_l->incoming_list,
+                             channel_t *, ichan) {
+       channel_mark_for_close(ichan);
+     } SMARTLIST_FOREACH_END(ichan);
+ 
+     smartlist_free(chan_l->incoming_list);
+     chan_l->incoming_list = NULL;
+   }
+ 
+   if (!(chan_l->state == CHANNEL_LISTENER_STATE_CLOSED ||
+         chan_l->state == CHANNEL_LISTENER_STATE_ERROR)) {
+     channel_listener_change_state(chan_l, CHANNEL_LISTENER_STATE_CLOSED);
+   }
+ }
+ 
+ /**
+  * Describe the transport for a channel_listener_t.
+  *
+  * This returns the string "TLS channel (listening)" to the upper
+  * layer.
+  */
+ static const char *
+ channel_tls_listener_describe_transport_method(channel_listener_t *chan_l)
+ {
+   tor_assert(chan_l);
+ 
+   return "TLS channel (listening)";
+ }
+ 
+ /*******************************************************
+  * Functions for handling events on an or_connection_t *
+  ******************************************************/
+ 
+ /**
+  * Handle an orconn state change.
+  *
+  * This function will be called by connection_or.c when the or_connection_t
+  * associated with this channel_tls_t changes state.
+  */
+ void
+ channel_tls_handle_state_change_on_orconn(channel_tls_t *chan,
+                                           or_connection_t *conn,
+                                           uint8_t old_state,
+                                           uint8_t state)
+ {
+   channel_t *base_chan;
+ 
+   tor_assert(chan);
+   tor_assert(conn);
+   tor_assert(conn->chan == chan);
+   tor_assert(chan->conn == conn);
+   /* Shut the compiler up without triggering -Wtautological-compare */
+   (void)old_state;
+ 
+   base_chan = TLS_CHAN_TO_BASE(chan);
+ 
+   /* Make sure the base connection state makes sense - shouldn't be error
+    * or closed. */
+ 
+   tor_assert(CHANNEL_IS_OPENING(base_chan) ||
+              CHANNEL_IS_OPEN(base_chan) ||
+              CHANNEL_IS_MAINT(base_chan) ||
+              CHANNEL_IS_CLOSING(base_chan));
+ 
+   /* Did we just go to state open? */
+   if (state == OR_CONN_STATE_OPEN) {
+     /*
+      * We can go to CHANNEL_STATE_OPEN from CHANNEL_STATE_OPENING or
+      * CHANNEL_STATE_MAINT on this.
+      */
+     channel_change_state_open(base_chan);
+     /* We might have just become writeable; check and tell the scheduler */
+     if (connection_or_num_cells_writeable(conn) > 0) {
+       scheduler_channel_wants_writes(base_chan);
+     }
+   } else {
+     /*
+      * Not open, so from CHANNEL_STATE_OPEN we go to CHANNEL_STATE_MAINT,
+      * otherwise no change.
+      */
+     if (CHANNEL_IS_OPEN(base_chan)) {
+       channel_change_state(base_chan, CHANNEL_STATE_MAINT);
+     }
+   }
+ }
+ 
+ #ifdef KEEP_TIMING_STATS
+ 
+ /**
+  * Timing states wrapper.
+  *
+  * This is a wrapper function around the actual function that processes the
+  * <b>cell</b> that just arrived on <b>chan</b>. Increment <b>*time</b>
+  * by the number of microseconds used by the call to <b>*func(cell, chan)</b>.
+  */
+ static void
+ channel_tls_time_process_cell(cell_t *cell, channel_tls_t *chan, int *time,
+                               void (*func)(cell_t *, channel_tls_t *))
+ {
+   struct timeval start, end;
+   long time_passed;
+ 
+   tor_gettimeofday(&start);
+ 
+   (*func)(cell, chan);
+ 
+   tor_gettimeofday(&end);
+   time_passed = tv_udiff(&start, &end) ;
+ 
+   if (time_passed > 10000) { /* more than 10ms */
+     log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000);
+   }
+ 
+   if (time_passed < 0) {
+     log_info(LD_GENERAL,"That call took us back in time!");
+     time_passed = 0;
+   }
+ 
+   *time += time_passed;
+ }
+ #endif /* defined(KEEP_TIMING_STATS) */
+ 
+ /**
+  * Handle an incoming cell on a channel_tls_t.
+  *
+  * This is called from connection_or.c to handle an arriving cell; it checks
+  * for cell types specific to the handshake for this transport protocol and
+  * handles them, and queues all other cells to the channel_t layer, which
+  * eventually will hand them off to command.c.
+  *
+  * The channel layer itself decides whether the cell should be queued or
+  * can be handed off immediately to the upper-layer code.  It is responsible
+  * for copying in the case that it queues; we merely pass pointers through
+  * which we get from connection_or_process_cells_from_inbuf().
+  */
+ void
+ channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
+ {
+   channel_tls_t *chan;
+   int handshaking;
+ 
+ #ifdef KEEP_TIMING_STATS
+ #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN {                   \
+     ++num ## tp;                                                \
+     channel_tls_time_process_cell(cl, cn, & tp ## time ,            \
+                              channel_tls_process_ ## tp ## _cell);  \
+     } STMT_END
+ #else /* !(defined(KEEP_TIMING_STATS)) */
+ #define PROCESS_CELL(tp, cl, cn) channel_tls_process_ ## tp ## _cell(cl, cn)
+ #endif /* defined(KEEP_TIMING_STATS) */
+ 
+   tor_assert(cell);
+   tor_assert(conn);
+ 
+   chan = conn->chan;
+ 
+  if (!chan) {
+    log_warn(LD_CHANNEL,
+             "Got a cell_t on an OR connection with no channel");
+    return;
+   }
+ 
+   handshaking = (TO_CONN(conn)->state != OR_CONN_STATE_OPEN);
+ 
+   if (conn->base_.marked_for_close)
+     return;
+ 
+   /* Reject all but VERSIONS and NETINFO when handshaking. */
+   /* (VERSIONS should actually be impossible; it's variable-length.) */
+   if (handshaking && cell->command != CELL_VERSIONS &&
+       cell->command != CELL_NETINFO) {
+     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+            "Received unexpected cell command %d in chan state %s / "
+            "conn state %s; closing the connection.",
+            (int)cell->command,
+            channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
+            conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state));
+     connection_or_close_for_error(conn, 0);
+     return;
+   }
+ 
+   if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
+     or_handshake_state_record_cell(conn, conn->handshake_state, cell, 1);
+ 
+   /* We note that we're on the internet whenever we read a cell. This is
+    * a fast operation. */
+   entry_guards_note_internet_connectivity(get_guard_selection_info());
+   rep_hist_padding_count_read(PADDING_TYPE_TOTAL);
+ 
+   if (TLS_CHAN_TO_BASE(chan)->currently_padding)
+     rep_hist_padding_count_read(PADDING_TYPE_ENABLED_TOTAL);
+ 
+   switch (cell->command) {
+     case CELL_PADDING:
+       rep_hist_padding_count_read(PADDING_TYPE_CELL);
+       if (TLS_CHAN_TO_BASE(chan)->currently_padding)
+         rep_hist_padding_count_read(PADDING_TYPE_ENABLED_CELL);
+       ++stats_n_padding_cells_processed;
+       /* do nothing */
+       break;
+     case CELL_VERSIONS:
 -      tor_fragile_assert();
++      /* A VERSIONS cell should always be a variable-length cell, and
++       * so should never reach this function (which handles constant-sized
++       * cells). But if the connection is using the (obsolete) v1 link
++       * protocol, all cells will be treated as constant-sized, and so
++       * it's possible we'll reach this code.
++       */
++      log_fn(LOG_PROTOCOL_WARN, LD_CHANNEL,
++             "Received unexpected VERSIONS cell on a channel using link "
++             "protocol %d; ignoring.", conn->link_proto);
+       break;
+     case CELL_NETINFO:
+       ++stats_n_netinfo_cells_processed;
+       PROCESS_CELL(netinfo, cell, chan);
+       break;
+     case CELL_PADDING_NEGOTIATE:
+       ++stats_n_netinfo_cells_processed;
+       PROCESS_CELL(padding_negotiate, cell, chan);
+       break;
+     case CELL_CREATE:
+     case CELL_CREATE_FAST:
+     case CELL_CREATED:
+     case CELL_CREATED_FAST:
+     case CELL_RELAY:
+     case CELL_RELAY_EARLY:
+     case CELL_DESTROY:
+     case CELL_CREATE2:
+     case CELL_CREATED2:
+       /*
+        * These are all transport independent and we pass them up through the
+        * channel_t mechanism.  They are ultimately handled in command.c.
+        */
+       channel_process_cell(TLS_CHAN_TO_BASE(chan), cell);
+       break;
+     default:
+       log_fn(LOG_INFO, LD_PROTOCOL,
+              "Cell of unknown type (%d) received in channeltls.c.  "
+              "Dropping.",
+              cell->command);
+              break;
+   }
+ }
+ 
+ /**
+  * Handle an incoming variable-length cell on a channel_tls_t.
+  *
+  * Process a <b>var_cell</b> that was just received on <b>conn</b>. Keep
+  * internal statistics about how many of each cell we've processed so far
+  * this second, and the total number of microseconds it took to
+  * process each type of cell.  All the var_cell commands are handshake-
+  * related and live below the channel_t layer, so no variable-length
+  * cells ever get delivered in the current implementation, but I've left
+  * the mechanism in place for future use.
+  *
+  * If we were handing them off to the upper layer, the channel_t queueing
+  * code would be responsible for memory management, and we'd just be passing
+  * pointers through from connection_or_process_cells_from_inbuf().  That
+  * caller always frees them after this function returns, so this function
+  * should never free var_cell.
+  */
+ void
+ channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
+ {
+   channel_tls_t *chan;
+ 
+ #ifdef KEEP_TIMING_STATS
+   /* how many of each cell have we seen so far this second? needs better
+    * name. */
+   static int num_versions = 0, num_certs = 0;
+   static time_t current_second = 0; /* from previous calls to time */
+   time_t now = time(NULL);
+ 
+   if (current_second == 0) current_second = now;
+   if (now > current_second) { /* the second has rolled over */
+     /* print stats */
+     log_info(LD_OR,
+              "At end of second: %d versions (%d ms), %d certs (%d ms)",
+              num_versions, versions_time / ((now - current_second) * 1000),
+              num_certs, certs_time / ((now - current_second) * 1000));
+ 
+     num_versions = num_certs = 0;
+     versions_time = certs_time = 0;
+ 
+     /* remember which second it is, for next time */
+     current_second = now;
+   }
+ #endif /* defined(KEEP_TIMING_STATS) */
+ 
+   tor_assert(var_cell);
+   tor_assert(conn);
+ 
+   chan = conn->chan;
+ 
+   if (!chan) {
+     log_warn(LD_CHANNEL,
+              "Got a var_cell_t on an OR connection with no channel");
+     return;
+   }
+ 
+   if (TO_CONN(conn)->marked_for_close)
+     return;
+ 
+   switch (TO_CONN(conn)->state) {
+     case OR_CONN_STATE_OR_HANDSHAKING_V2:
+       if (var_cell->command != CELL_VERSIONS) {
+         log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+                "Received a cell with command %d in unexpected "
+                "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
+                "closing the connection.",
+                (int)(var_cell->command),
+                conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
+                TO_CONN(conn)->state,
+                channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
+                (int)(TLS_CHAN_TO_BASE(chan)->state));
+         /*
+          * The code in connection_or.c will tell channel_t to close for
+          * error; it will go to CHANNEL_STATE_CLOSING, and then to
+          * CHANNEL_STATE_ERROR when conn is closed.
+          */
+         connection_or_close_for_error(conn, 0);
+         return;
+       }
+       break;
+     case OR_CONN_STATE_TLS_HANDSHAKING:
+       /* If we're using bufferevents, it's entirely possible for us to
+        * notice "hey, data arrived!" before we notice "hey, the handshake
+        * finished!" And we need to be accepting both at once to handle both
+        * the v2 and v3 handshakes. */
+       /* But that should be happening any longer've disabled bufferevents. */
+       tor_assert_nonfatal_unreached_once();
+ 
+       /* fall through */
+     case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
+       if (!(command_allowed_before_handshake(var_cell->command))) {
+         log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+                "Received a cell with command %d in unexpected "
+                "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
+                "closing the connection.",
+                (int)(var_cell->command),
+                conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
+                (int)(TO_CONN(conn)->state),
+                channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
+                (int)(TLS_CHAN_TO_BASE(chan)->state));
+         /* see above comment about CHANNEL_STATE_ERROR */
+         connection_or_close_for_error(conn, 0);
+         return;
+       } else {
+         if (enter_v3_handshake_with_cell(var_cell, chan) < 0)
+           return;
+       }
+       break;
+     case OR_CONN_STATE_OR_HANDSHAKING_V3:
+       if (var_cell->command != CELL_AUTHENTICATE)
+         or_handshake_state_record_var_cell(conn, conn->handshake_state,
+                                            var_cell, 1);
+       break; /* Everything is allowed */
+     case OR_CONN_STATE_OPEN:
+       if (conn->link_proto < 3) {
+         log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+                "Received a variable-length cell with command %d in orconn "
+                "state %s [%d], channel state %s [%d] with link protocol %d; "
+                "ignoring it.",
+                (int)(var_cell->command),
+                conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
+                (int)(TO_CONN(conn)->state),
+                channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
+                (int)(TLS_CHAN_TO_BASE(chan)->state),
+                (int)(conn->link_proto));
+         return;
+       }
+       break;
+     default:
+       log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+              "Received var-length cell with command %d in unexpected "
+              "orconn state \"%s\" [%d], channel state \"%s\" [%d]; "
+              "ignoring it.",
+              (int)(var_cell->command),
+              conn_state_to_string(CONN_TYPE_OR, TO_CONN(conn)->state),
+              (int)(TO_CONN(conn)->state),
+              channel_state_to_string(TLS_CHAN_TO_BASE(chan)->state),
+              (int)(TLS_CHAN_TO_BASE(chan)->state));
+       return;
+   }
+ 
+   /* We note that we're on the internet whenever we read a cell. This is
+    * a fast operation. */
+   entry_guards_note_internet_connectivity(get_guard_selection_info());
+ 
+   /* Now handle the cell */
+ 
+   switch (var_cell->command) {
+     case CELL_VERSIONS:
+       ++stats_n_versions_cells_processed;
+       PROCESS_CELL(versions, var_cell, chan);
+       break;
+     case CELL_VPADDING:
+       ++stats_n_vpadding_cells_processed;
+       /* Do nothing */
+       break;
+     case CELL_CERTS:
+       ++stats_n_certs_cells_processed;
+       PROCESS_CELL(certs, var_cell, chan);
+       break;
+     case CELL_AUTH_CHALLENGE:
+       ++stats_n_auth_challenge_cells_processed;
+       PROCESS_CELL(auth_challenge, var_cell, chan);
+       break;
+     case CELL_AUTHENTICATE:
+       ++stats_n_authenticate_cells_processed;
+       PROCESS_CELL(authenticate, var_cell, chan);
+       break;
+     case CELL_AUTHORIZE:
+       ++stats_n_authorize_cells_processed;
+       /* Ignored so far. */
+       break;
+     default:
+       log_fn(LOG_INFO, LD_PROTOCOL,
+              "Variable-length cell of unknown type (%d) received.",
+              (int)(var_cell->command));
+       break;
+   }
+ }
+ 
+ /**
+  * Update channel marks after connection_or.c has changed an address.
+  *
+  * This is called from connection_or_init_conn_from_address() after the
+  * connection's _base.addr or real_addr fields have potentially been changed
+  * so we can recalculate the local mark.  Notably, this happens when incoming
+  * connections are reverse-proxied and we only learn the real address of the
+  * remote router by looking it up in the consensus after we finish the
+  * handshake and know an authenticated identity digest.
+  */
+ void
+ channel_tls_update_marks(or_connection_t *conn)
+ {
+   channel_t *chan = NULL;
+ 
+   tor_assert(conn);
+   tor_assert(conn->chan);
+ 
+   chan = TLS_CHAN_TO_BASE(conn->chan);
+ 
+   if (is_local_addr(&(TO_CONN(conn)->addr))) {
+     if (!channel_is_local(chan)) {
+       log_debug(LD_CHANNEL,
+                 "Marking channel %"PRIu64 " at %p as local",
+                 (chan->global_identifier), chan);
+       channel_mark_local(chan);
+     }
+   } else {
+     if (channel_is_local(chan)) {
+       log_debug(LD_CHANNEL,
+                 "Marking channel %"PRIu64 " at %p as remote",
+                 (chan->global_identifier), chan);
+       channel_mark_remote(chan);
+     }
+   }
+ }
+ 
+ /**
+  * Check if this cell type is allowed before the handshake is finished.
+  *
+  * Return true if <b>command</b> is a cell command that's allowed to start a
+  * V3 handshake.
+  */
+ static int
+ command_allowed_before_handshake(uint8_t command)
+ {
+   switch (command) {
+     case CELL_VERSIONS:
+     case CELL_VPADDING:
+     case CELL_AUTHORIZE:
+       return 1;
+     default:
+       return 0;
+   }
+ }
+ 
+ /**
+  * Start a V3 handshake on an incoming connection.
+  *
+  * Called when we as a server receive an appropriate cell while waiting
+  * either for a cell or a TLS handshake.  Set the connection's state to
+  * "handshaking_v3', initializes the or_handshake_state field as needed,
+  * and add the cell to the hash of incoming cells.)
+  */
+ static int
+ enter_v3_handshake_with_cell(var_cell_t *cell, channel_tls_t *chan)
+ {
+   int started_here = 0;
+ 
+   tor_assert(cell);
+   tor_assert(chan);
+   tor_assert(chan->conn);
+ 
+   started_here = connection_or_nonopen_was_started_here(chan->conn);
+ 
+   tor_assert(TO_CONN(chan->conn)->state == OR_CONN_STATE_TLS_HANDSHAKING ||
+              TO_CONN(chan->conn)->state ==
+                OR_CONN_STATE_TLS_SERVER_RENEGOTIATING);
+ 
+   if (started_here) {
+     log_fn(LOG_PROTOCOL_WARN, LD_OR,
+            "Received a cell while TLS-handshaking, not in "
+            "OR_HANDSHAKING_V3, on a connection we originated.");
+   }
+   connection_or_block_renegotiation(chan->conn);
+   chan->conn->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+   if (connection_init_or_handshake_state(chan->conn, started_here) < 0) {
+     connection_or_close_for_error(chan->conn, 0);
+     return -1;
+   }
+   or_handshake_state_record_var_cell(chan->conn,
+                                      chan->conn->handshake_state, cell, 1);
+   return 0;
+ }
+ 
+ /**
+  * Process a 'versions' cell.
+  *
+  * This function is called to handle an incoming VERSIONS cell; the current
+  * link protocol version must be 0 to indicate that no version has yet been
+  * negotiated.  We compare the versions in the cell to the list of versions
+  * we support, pick the highest version we have in common, and continue the
+  * negotiation from there.
+  */
+ static void
+ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
+ {
+   int highest_supported_version = 0;
+   int started_here = 0;
+ 
+   tor_assert(cell);
+   tor_assert(chan);
+   tor_assert(chan->conn);
+ 
+   if ((cell->payload_len % 2) == 1) {
+     log_fn(LOG_PROTOCOL_WARN, LD_OR,
+            "Received a VERSION cell with odd payload length %d; "
+            "closing connection.",cell->payload_len);
+     connection_or_close_for_error(chan->conn, 0);
+     return;
+   }
+ 
+   started_here = connection_or_nonopen_was_started_here(chan->conn);
+ 
+   if (chan->conn->link_proto != 0 ||
+       (chan->conn->handshake_state &&
+        chan->conn->handshake_state->received_versions)) {
+     log_fn(LOG_PROTOCOL_WARN, LD_OR,
+            "Received a VERSIONS cell on a connection with its version "
+            "already set to %d; dropping",
+            (int)(chan->conn->link_proto));
+     return;
+   }
+   switch (chan->conn->base_.state)
+     {
+     case OR_CONN_STATE_OR_HANDSHAKING_V2:
+     case OR_CONN_STATE_OR_HANDSHAKING_V3:
+       break;
+     case OR_CONN_STATE_TLS_HANDSHAKING:
+     case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
+     default:
+       log_fn(LOG_PROTOCOL_WARN, LD_OR,
+              "VERSIONS cell while in unexpected state");
+       return;
+   }
+ 
+   tor_assert(chan->conn->handshake_state);
+ 
+   {
+     int i;
+     const uint8_t *cp = cell->payload;
+     for (i = 0; i < cell->payload_len / 2; ++i, cp += 2) {
+       uint16_t v = ntohs(get_uint16(cp));
+       if (is_or_protocol_version_known(v) && v > highest_supported_version)
+         highest_supported_version = v;
+     }
+   }
+   if (!highest_supported_version) {
+     log_fn(LOG_PROTOCOL_WARN, LD_OR,
+            "Couldn't find a version in common between my version list and the "
+            "list in the VERSIONS cell; closing connection.");
+     connection_or_close_for_error(chan->conn, 0);
+     return;
+   } else if (highest_supported_version == 1) {
+     /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
+      * cells. */
+     log_fn(LOG_PROTOCOL_WARN, LD_OR,
+            "Used version negotiation protocol to negotiate a v1 connection. "
+            "That's crazily non-compliant. Closing connection.");
+     connection_or_close_for_error(chan->conn, 0);
+     return;
+   } else if (highest_supported_version < 3 &&
+              chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
+     log_fn(LOG_PROTOCOL_WARN, LD_OR,
+            "Negotiated link protocol 2 or lower after doing a v3 TLS "
+            "handshake. Closing connection.");
+     connection_or_close_for_error(chan->conn, 0);
+     return;
+   } else if (highest_supported_version != 2 &&
+              chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V2) {
+     /* XXXX This should eventually be a log_protocol_warn */
+     log_fn(LOG_WARN, LD_OR,
+            "Negotiated link with non-2 protocol after doing a v2 TLS "
+            "handshake with %s. Closing connection.",
+            fmt_addr(&chan->conn->base_.addr));
+     connection_or_close_for_error(chan->conn, 0);
+     return;
+   }
+ 
+   rep_hist_note_negotiated_link_proto(highest_supported_version, started_here);
+ 
+   chan->conn->link_proto = highest_supported_version;
+   chan->conn->handshake_state->received_versions = 1;
+ 
+   if (chan->conn->link_proto == 2) {
+     log_info(LD_OR,
+              "Negotiated version %d with %s:%d; sending NETINFO.",
+              highest_supported_version,
+              safe_str_client(chan->conn->base_.address),
+              chan->conn->base_.port);
+ 
+     if (connection_or_send_netinfo(chan->conn) < 0) {
+       connection_or_close_for_error(chan->conn, 0);
+       return;
+     }
+   } else {
+     const int send_versions = !started_here;
+     /* If we want to authenticate, send a CERTS cell */
+     const int send_certs = !started_here || public_server_mode(get_options());
+     /* If we're a host that got a connection, ask for authentication. */
+     const int send_chall = !started_here;
+     /* If our certs cell will authenticate us, we can send a netinfo cell
+      * right now. */
+     const int send_netinfo = !started_here;
+     const int send_any =
+       send_versions || send_certs || send_chall || send_netinfo;
+     tor_assert(chan->conn->link_proto >= 3);
+ 
+     log_info(LD_OR,
+              "Negotiated version %d with %s:%d; %s%s%s%s%s",
+              highest_supported_version,
+              safe_str_client(chan->conn->base_.address),
+              chan->conn->base_.port,
+              send_any ? "Sending cells:" : "Waiting for CERTS cell",
+              send_versions ? " VERSIONS" : "",
+              send_certs ? " CERTS" : "",
+              send_chall ? " AUTH_CHALLENGE" : "",
+              send_netinfo ? " NETINFO" : "");
+ 
+ #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
+     if (1) {
+       connection_or_close_normally(chan->conn, 1);
+       return;
+     }
+ #endif /* defined(DISABLE_V3_LINKPROTO_SERVERSIDE) */
+ 
+     if (send_versions) {
+       if (connection_or_send_versions(chan->conn, 1) < 0) {
+         log_warn(LD_OR, "Couldn't send versions cell");
+         connection_or_close_for_error(chan->conn, 0);
+         return;
+       }
+     }
+ 
+     /* We set this after sending the versions cell. */
+     /*XXXXX symbolic const.*/
+     TLS_CHAN_TO_BASE(chan)->wide_circ_ids =
+       chan->conn->link_proto >= MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS;
+     chan->conn->wide_circ_ids = TLS_CHAN_TO_BASE(chan)->wide_circ_ids;
+ 
+     TLS_CHAN_TO_BASE(chan)->padding_enabled =
+       chan->conn->link_proto >= MIN_LINK_PROTO_FOR_CHANNEL_PADDING;
+ 
+     if (send_certs) {
+       if (connection_or_send_certs_cell(chan->conn) < 0) {
+         log_warn(LD_OR, "Couldn't send certs cell");
+         connection_or_close_for_error(chan->conn, 0);
+         return;
+       }
+     }
+     if (send_chall) {
+       if (connection_or_send_auth_challenge_cell(chan->conn) < 0) {
+         log_warn(LD_OR, "Couldn't send auth_challenge cell");
+         connection_or_close_for_error(chan->conn, 0);
+         return;
+       }
+     }
+     if (send_netinfo) {
+       if (connection_or_send_netinfo(chan->conn) < 0) {
+         log_warn(LD_OR, "Couldn't send netinfo cell");
+         connection_or_close_for_error(chan->conn, 0);
+         return;
+       }
+     }
+   }
+ }
+ 
+ /**
+  * Process a 'padding_negotiate' cell.
+  *
+  * This function is called to handle an incoming PADDING_NEGOTIATE cell;
+  * enable or disable padding accordingly, and read and act on its timeout
+  * value contents.
+  */
+ static void
+ channel_tls_process_padding_negotiate_cell(cell_t *cell, channel_tls_t *chan)
+ {
+   channelpadding_negotiate_t *negotiation;
+   tor_assert(cell);
+   tor_assert(chan);
+   tor_assert(chan->conn);
+ 
+   if (chan->conn->link_proto < MIN_LINK_PROTO_FOR_CHANNEL_PADDING) {
+     log_fn(LOG_PROTOCOL_WARN, LD_OR,
+            "Received a PADDING_NEGOTIATE cell on v%d connection; dropping.",
+            chan->conn->link_proto);
+     return;
+   }
+ 
+   if (channelpadding_negotiate_parse(&negotiation, cell->payload,
+                                      CELL_PAYLOAD_SIZE) < 0) {
+     log_fn(LOG_PROTOCOL_WARN, LD_OR,
+           "Received malformed PADDING_NEGOTIATE cell on v%d connection; "
+           "dropping.", chan->conn->link_proto);
+ 
+     return;
+   }
+ 
+   channelpadding_update_padding_for_channel(TLS_CHAN_TO_BASE(chan),
+                                             negotiation);
+ 
+   channelpadding_negotiate_free(negotiation);
+ }
+ 
+ /**
+  * Helper: compute the absolute value of a time_t.
+  *
+  * (we need this because labs() doesn't always work for time_t, since
+  * long can be shorter than time_t.)
+  */
+ static inline time_t
+ time_abs(time_t val)
+ {
+   return (val < 0) ? -val : val;
+ }
+ 
+ /**
+  * Process a 'netinfo' cell
+  *
+  * This function is called to handle an incoming NETINFO cell; read and act
+  * on its contents, and set the connection state to "open".
+  */
+ static void
+ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
+ {
+   time_t timestamp;
+   uint8_t my_addr_type;
+   uint8_t my_addr_len;
+   const uint8_t *my_addr_ptr;
+   const uint8_t *cp, *end;
+   uint8_t n_other_addrs;
+   time_t now = time(NULL);
+   const routerinfo_t *me = router_get_my_routerinfo();
+ 
+   time_t apparent_skew = 0;
+   tor_addr_t my_apparent_addr = TOR_ADDR_NULL;
+   int started_here = 0;
+   const char *identity_digest = NULL;
+ 
+   tor_assert(cell);
+   tor_assert(chan);
+   tor_assert(chan->conn);
+ 
+   if (chan->conn->link_proto < 2) {
+     log_fn(LOG_PROTOCOL_WARN, LD_OR,
+            "Received a NETINFO cell on %s connection; dropping.",
+            chan->conn->link_proto == 0 ? "non-versioned" : "a v1");
+     return;
+   }
+   if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&
+       chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {
+     log_fn(LOG_PROTOCOL_WARN, LD_OR,
+            "Received a NETINFO cell on non-handshaking connection; dropping.");
+     return;
+   }
+   tor_assert(chan->conn->handshake_state &&
+              chan->conn->handshake_state->received_versions);
+   started_here = connection_or_nonopen_was_started_here(chan->conn);
+   identity_digest = chan->conn->identity_digest;
+ 
+   if (chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
+     tor_assert(chan->conn->link_proto >= 3);
+     if (started_here) {
+       if (!(chan->conn->handshake_state->authenticated)) {
+         log_fn(LOG_PROTOCOL_WARN, LD_OR,
+                "Got a NETINFO cell from server, "
+                "but no authentication.  Closing the connection.");
+         connection_or_close_for_error(chan->conn, 0);
+         return;
+       }
+     } else {
+       /* we're the server.  If the client never authenticated, we have
+          some housekeeping to do.*/
+       if (!(chan->conn->handshake_state->authenticated)) {
+         tor_assert(tor_digest_is_zero(
+                   (const char*)(chan->conn->handshake_state->
+                       authenticated_rsa_peer_id)));
+         tor_assert(tor_mem_is_zero(
+                   (const char*)(chan->conn->handshake_state->
+                                 authenticated_ed25519_peer_id.pubkey), 32));
+         /* If the client never authenticated, it's a tor client or bridge
+          * relay, and we must not use it for EXTEND requests (nor could we, as
+          * there are no authenticated peer IDs) */
+         channel_mark_client(TLS_CHAN_TO_BASE(chan));
+         channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
+                chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
+ 
+         connection_or_init_conn_from_address(chan->conn,
+                   &(chan->conn->base_.addr),
+                   chan->conn->base_.port,
+                   /* zero, checked above */
+                   (const char*)(chan->conn->handshake_state->
+                                 authenticated_rsa_peer_id),
+                   NULL, /* Ed25519 ID: Also checked as zero */
+                   0);
+       }
+     }
+   }
+ 
+   /* Decode the cell. */
+   timestamp = ntohl(get_uint32(cell->payload));
+   const time_t sent_versions_at =
+     chan->conn->handshake_state->sent_versions_at;
+   if (now > sent_versions_at && (now - sent_versions_at) < 180) {
+     /* If we have gotten the NETINFO cell reasonably soon after having
+      * sent our VERSIONS cell, maybe we can learn skew information from it. */
+     apparent_skew = now - timestamp;
+   }
+ 
+   my_addr_type = (uint8_t) cell->payload[4];
+   my_addr_len = (uint8_t) cell->payload[5];
+   my_addr_ptr = (uint8_t*) cell->payload + 6;
+   end = cell->payload + CELL_PAYLOAD_SIZE;
+   cp = cell->payload + 6 + my_addr_len;
+ 
+   /* We used to check:
+    *    if (my_addr_len >= CELL_PAYLOAD_SIZE - 6) {
+    *
+    * This is actually never going to happen, since my_addr_len is at most 255,
+    * and CELL_PAYLOAD_LEN - 6 is 503.  So we know that cp is < end. */
+ 
+   if (my_addr_type == RESOLVED_TYPE_IPV4 && my_addr_len == 4) {
+     tor_addr_from_ipv4n(&my_apparent_addr, get_uint32(my_addr_ptr));
+ 
+     if (!get_options()->BridgeRelay && me &&
+         get_uint32(my_addr_ptr) == htonl(me->addr)) {
+       TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
+     }
+ 
+   } else if (my_addr_type == RESOLVED_TYPE_IPV6 && my_addr_len == 16) {
+     tor_addr_from_ipv6_bytes(&my_apparent_addr, (const char *) my_addr_ptr);
+ 
+     if (!get_options()->BridgeRelay && me &&
+         !tor_addr_is_null(&me->ipv6_addr) &&
+         tor_addr_eq(&my_apparent_addr, &me->ipv6_addr)) {
+       TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer = 1;
+     }
+   }
+ 
+   n_other_addrs = (uint8_t) *cp++;
+   while (n_other_addrs && cp < end-2) {
+     /* Consider all the other addresses; if any matches, this connection is
+      * "canonical." */
+     tor_addr_t addr;
+     const uint8_t *next =
+       decode_address_from_payload(&addr, cp, (int)(end-cp));
+     if (next == NULL) {
+       log_fn(LOG_PROTOCOL_WARN,  LD_OR,
+              "Bad address in netinfo cell; closing connection.");
+       connection_or_close_for_error(chan->conn, 0);
+       return;
+     }
+     /* A relay can connect from anywhere and be canonical, so
+      * long as it tells you from where it came. This may sound a bit
+      * concerning... but that's what "canonical" means: that the
+      * address is one that the relay itself has claimed.  The relay
+      * might be doing something funny, but nobody else is doing a MITM
+      * on the relay's TCP.
+      */
+     if (tor_addr_eq(&addr, &(chan->conn->real_addr))) {
+       connection_or_set_canonical(chan->conn, 1);
+       break;
+     }
+     cp = next;
+     --n_other_addrs;
+   }
+ 
+   if (me && !TLS_CHAN_TO_BASE(chan)->is_canonical_to_peer &&
+       channel_is_canonical(TLS_CHAN_TO_BASE(chan))) {
+     const char *descr =
+       TLS_CHAN_TO_BASE(chan)->get_remote_descr(TLS_CHAN_TO_BASE(chan), 0);
+     log_info(LD_OR,
+              "We made a connection to a relay at %s (fp=%s) but we think "
+              "they will not consider this connection canonical. They "
+              "think we are at %s, but we think its %s.",
+              safe_str(descr),
+              safe_str(hex_str(identity_digest, DIGEST_LEN)),
+              safe_str(tor_addr_is_null(&my_apparent_addr) ?
+              "<none>" : fmt_and_decorate_addr(&my_apparent_addr)),
+              safe_str(fmt_addr32(me->addr)));
+   }
+ 
+   /* Act on apparent skew. */
+   /** Warn when we get a netinfo skew with at least this value. */
+ #define NETINFO_NOTICE_SKEW 3600
+   if (time_abs(apparent_skew) > NETINFO_NOTICE_SKEW &&
+       (started_here ||
+        connection_or_digest_is_known_relay(chan->conn->identity_digest))) {
+     int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest);
+     clock_skew_warning(TO_CONN(chan->conn), apparent_skew, trusted, LD_GENERAL,
+                        "NETINFO cell", "OR");
+   }
+ 
+   /* XXX maybe act on my_apparent_addr, if the source is sufficiently
+    * trustworthy. */
+ 
+   if (! chan->conn->handshake_state->sent_netinfo) {
+     /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
+      * cell, then we would not previously have sent a NETINFO cell. Do so
+      * now. */
+     if (connection_or_send_netinfo(chan->conn) < 0) {
+       connection_or_close_for_error(chan->conn, 0);
+       return;
+     }
+   }
+ 
+   if (connection_or_set_state_open(chan->conn) < 0) {
+     log_fn(LOG_PROTOCOL_WARN, LD_OR,
+            "Got good NETINFO cell from %s:%d; but "
+            "was unable to make the OR connection become open.",
+            safe_str_client(chan->conn->base_.address),
+            chan->conn->base_.port);
+     connection_or_close_for_error(chan->conn, 0);
+   } else {
+     log_info(LD_OR,
+              "Got good NETINFO cell from %s:%d; OR connection is now "
+              "open, using protocol version %d. Its ID digest is %s. "
+              "Our address is apparently %s.",
+              safe_str_client(chan->conn->base_.address),
+              chan->conn->base_.port,
+              (int)(chan->conn->link_proto),
+              hex_str(identity_digest, DIGEST_LEN),
+              tor_addr_is_null(&my_apparent_addr) ?
+                "<none>" :
+                safe_str_client(fmt_and_decorate_addr(&my_apparent_addr)));
+   }
+   assert_connection_ok(TO_CONN(chan->conn),time(NULL));
+ }
+ 
+ /** Types of certificates that we know how to parse from CERTS cells.  Each
+  * type corresponds to a different encoding format. */
+ typedef enum cert_encoding_t {
+   CERT_ENCODING_UNKNOWN, /**< We don't recognize this. */
+   CERT_ENCODING_X509, /**< It's an RSA key, signed with RSA, encoded in x509.
+                    * (Actually, it might not be RSA. We test that later.) */
+   CERT_ENCODING_ED25519, /**< It's something signed with an Ed25519 key,
+                       * encoded asa a tor_cert_t.*/
+   CERT_ENCODING_RSA_CROSSCERT, /**< It's an Ed key signed with an RSA key. */
+ } cert_encoding_t;
+ 
+ /**
+  * Given one of the certificate type codes used in a CERTS cell,
+  * return the corresponding cert_encoding_t that we should use to parse
+  * the certificate.
+  */
+ static cert_encoding_t
+ certs_cell_typenum_to_cert_type(int typenum)
+ {
+   switch (typenum) {
+   case CERTTYPE_RSA1024_ID_LINK:
+   case CERTTYPE_RSA1024_ID_ID:
+   case CERTTYPE_RSA1024_ID_AUTH:
+     return CERT_ENCODING_X509;
+   case CERTTYPE_ED_ID_SIGN:
+   case CERTTYPE_ED_SIGN_LINK:
+   case CERTTYPE_ED_SIGN_AUTH:
+     return CERT_ENCODING_ED25519;
+   case CERTTYPE_RSA1024_ID_EDID:
+     return CERT_ENCODING_RSA_CROSSCERT;
+   default:
+     return CERT_ENCODING_UNKNOWN;
+   }
+ }
+ 
+ /**
+  * Process a CERTS cell from a channel.
+  *
+  * This function is called to process an incoming CERTS cell on a
+  * channel_tls_t:
+  *
+  * If the other side should not have sent us a CERTS cell, or the cell is
+  * malformed, or it is supposed to authenticate the TLS key but it doesn't,
+  * then mark the connection.
+  *
+  * If the cell has a good cert chain and we're doing a v3 handshake, then
+  * store the certificates in or_handshake_state.  If this is the client side
+  * of the connection, we then authenticate the server or mark the connection.
+  * If it's the server side, wait for an AUTHENTICATE cell.
+  */
+ STATIC void
+ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
+ {
+ #define MAX_CERT_TYPE_WANTED CERTTYPE_RSA1024_ID_EDID
+   /* These arrays will be sparse, since a cert type can be at most one
+    * of ed/x509 */
+   tor_x509_cert_t *x509_certs[MAX_CERT_TYPE_WANTED + 1];
+   tor_cert_t *ed_certs[MAX_CERT_TYPE_WANTED + 1];
+   uint8_t *rsa_ed_cc_cert = NULL;
+   size_t rsa_ed_cc_cert_len = 0;
+ 
+   int n_certs, i;
+   certs_cell_t *cc = NULL;
+ 
+   int send_netinfo = 0, started_here = 0;
+ 
+   memset(x509_certs, 0, sizeof(x509_certs));
+   memset(ed_certs, 0, sizeof(ed_certs));
+   tor_assert(cell);
+   tor_assert(chan);
+   tor_assert(chan->conn);
+ 
+ #define ERR(s)                                                  \
+   do {                                                          \
+     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,                      \
+            "Received a bad CERTS cell from %s:%d: %s",          \
+            safe_str(chan->conn->base_.address),                 \
+            chan->conn->base_.port, (s));                        \
+     connection_or_close_for_error(chan->conn, 0);               \
+     goto err;                                                   \
+   } while (0)
+ 
+   /* Can't use connection_or_nonopen_was_started_here(); its conn->tls
+    * check looks like it breaks
+    * test_link_handshake_recv_certs_ok_server().  */
+   started_here = chan->conn->handshake_state->started_here;
+ 
+   if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
+     ERR("We're not doing a v3 handshake!");
+   if (chan->conn->link_proto < 3)
+     ERR("We're not using link protocol >= 3");
+   if (chan->conn->handshake_state->received_certs_cell)
+     ERR("We already got one");
+   if (chan->conn->handshake_state->authenticated) {
+     /* Should be unreachable, but let's make sure. */
+     ERR("We're already authenticated!");
+   }
+   if (cell->payload_len < 1)
+     ERR("It had no body");
+   if (cell->circ_id)
+     ERR("It had a nonzero circuit ID");
+ 
+   if (certs_cell_parse(&cc, cell->payload, cell->payload_len) < 0)
+     ERR("It couldn't be parsed.");
+ 
+   n_certs = cc->n_certs;
+ 
+   for (i = 0; i < n_certs; ++i) {
+     certs_cell_cert_t *c = certs_cell_get_certs(cc, i);
+ 
+     uint16_t cert_type = c->cert_type;
+     uint16_t cert_len = c->cert_len;
+     uint8_t *cert_body = certs_cell_cert_getarray_body(c);
+ 
+     if (cert_type > MAX_CERT_TYPE_WANTED)
+       continue;
+     const cert_encoding_t ct = certs_cell_typenum_to_cert_type(cert_type);
+     switch (ct) {
+       default:
+       case CERT_ENCODING_UNKNOWN:
+         break;
+       case CERT_ENCODING_X509: {
+         tor_x509_cert_t *x509_cert = tor_x509_cert_decode(cert_body, cert_len);
+         if (!x509_cert) {
+           log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+                  "Received undecodable certificate in CERTS cell from %s:%d",
+                  safe_str(chan->conn->base_.address),
+                chan->conn->base_.port);
+         } else {
+           if (x509_certs[cert_type]) {
+             tor_x509_cert_free(x509_cert);
+             ERR("Duplicate x509 certificate");
+           } else {
+             x509_certs[cert_type] = x509_cert;
+           }
+         }
+         break;
+       }
+       case CERT_ENCODING_ED25519: {
+         tor_cert_t *ed_cert = tor_cert_parse(cert_body, cert_len);
+         if (!ed_cert) {
+           log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+                  "Received undecodable Ed certificate "
+                  "in CERTS cell from %s:%d",
+                  safe_str(chan->conn->base_.address),
+                chan->conn->base_.port);
+         } else {
+           if (ed_certs[cert_type]) {
+             tor_cert_free(ed_cert);
+             ERR("Duplicate Ed25519 certificate");
+           } else {
+             ed_certs[cert_type] = ed_cert;
+           }
+         }
+         break;
+       }
+ 
+      case CERT_ENCODING_RSA_CROSSCERT: {
+         if (rsa_ed_cc_cert) {
+           ERR("Duplicate RSA->Ed25519 crosscert");
+         } else {
+           rsa_ed_cc_cert = tor_memdup(cert_body, cert_len);
+           rsa_ed_cc_cert_len = cert_len;
+         }
+         break;
+       }
+     }
+   }
+ 
+   /* Move the certificates we (might) want into the handshake_state->certs
+    * structure. */
+   tor_x509_cert_t *id_cert = x509_certs[CERTTYPE_RSA1024_ID_ID];
+   tor_x509_cert_t *auth_cert = x509_certs[CERTTYPE_RSA1024_ID_AUTH];
+   tor_x509_cert_t *link_cert = x509_certs[CERTTYPE_RSA1024_ID_LINK];
+   chan->conn->handshake_state->certs->auth_cert = auth_cert;
+   chan->conn->handshake_state->certs->link_cert = link_cert;
+   chan->conn->handshake_state->certs->id_cert = id_cert;
+   x509_certs[CERTTYPE_RSA1024_ID_ID] =
+     x509_certs[CERTTYPE_RSA1024_ID_AUTH] =
+     x509_certs[CERTTYPE_RSA1024_ID_LINK] = NULL;
+ 
+   tor_cert_t *ed_id_sign = ed_certs[CERTTYPE_ED_ID_SIGN];
+   tor_cert_t *ed_sign_link = ed_certs[CERTTYPE_ED_SIGN_LINK];
+   tor_cert_t *ed_sign_auth = ed_certs[CERTTYPE_ED_SIGN_AUTH];
+   chan->conn->handshake_state->certs->ed_id_sign = ed_id_sign;
+   chan->conn->handshake_state->certs->ed_sign_link = ed_sign_link;
+   chan->conn->handshake_state->certs->ed_sign_auth = ed_sign_auth;
+   ed_certs[CERTTYPE_ED_ID_SIGN] =
+     ed_certs[CERTTYPE_ED_SIGN_LINK] =
+     ed_certs[CERTTYPE_ED_SIGN_AUTH] = NULL;
+ 
+   chan->conn->handshake_state->certs->ed_rsa_crosscert = rsa_ed_cc_cert;
+   chan->conn->handshake_state->certs->ed_rsa_crosscert_len =
+     rsa_ed_cc_cert_len;
+   rsa_ed_cc_cert = NULL;
+ 
+   int severity;
+   /* Note that this warns more loudly about time and validity if we were
+    * _trying_ to connect to an authority, not necessarily if we _did_ connect
+    * to one. */
+   if (started_here &&
+       router_digest_is_trusted_dir(TLS_CHAN_TO_BASE(chan)->identity_digest))
+     severity = LOG_WARN;
+   else
+     severity = LOG_PROTOCOL_WARN;
+ 
+   const ed25519_public_key_t *checked_ed_id = NULL;
+   const common_digests_t *checked_rsa_id = NULL;
+   or_handshake_certs_check_both(severity,
+                                 chan->conn->handshake_state->certs,
+                                 chan->conn->tls,
+                                 time(NULL),
+                                 &checked_ed_id,
+                                 &checked_rsa_id);
+ 
+   if (!checked_rsa_id)
+     ERR("Invalid certificate chain!");
+ 
+   if (started_here) {
+     /* No more information is needed. */
+ 
+     chan->conn->handshake_state->authenticated = 1;
+     chan->conn->handshake_state->authenticated_rsa = 1;
+     {
+       const common_digests_t *id_digests = checked_rsa_id;
+       crypto_pk_t *identity_rcvd;
+       if (!id_digests)
+         ERR("Couldn't compute digests for key in ID cert");
+ 
+       identity_rcvd = tor_tls_cert_get_key(id_cert);
+       if (!identity_rcvd) {
+         ERR("Couldn't get RSA key from ID cert.");
+       }
+       memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
+              id_digests->d[DIGEST_SHA1], DIGEST_LEN);
+       channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
+                 chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
+       crypto_pk_free(identity_rcvd);
+     }
+ 
+     if (checked_ed_id) {
+       chan->conn->handshake_state->authenticated_ed25519 = 1;
+       memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
+              checked_ed_id, sizeof(ed25519_public_key_t));
+     }
+ 
+     log_debug(LD_HANDSHAKE, "calling client_learned_peer_id from "
+               "process_certs_cell");
+ 
+     if (connection_or_client_learned_peer_id(chan->conn,
+                   chan->conn->handshake_state->authenticated_rsa_peer_id,
+                   checked_ed_id) < 0)
+       ERR("Problem setting or checking peer id");
+ 
+     log_info(LD_HANDSHAKE,
+              "Got some good certificates from %s:%d: Authenticated it with "
+              "RSA%s",
+              safe_str(chan->conn->base_.address), chan->conn->base_.port,
+              checked_ed_id ? " and Ed25519" : "");
+ 
+     if (!public_server_mode(get_options())) {
+       /* If we initiated the connection and we are not a public server, we
+        * aren't planning to authenticate at all.  At this point we know who we
+        * are talking to, so we can just send a netinfo now. */
+       send_netinfo = 1;
+     }
+   } else {
+     /* We can't call it authenticated till we see an AUTHENTICATE cell. */
+     log_info(LD_OR,
+              "Got some good RSA%s certificates from %s:%d. "
+              "Waiting for AUTHENTICATE.",
+              checked_ed_id ? " and Ed25519" : "",
+              safe_str(chan->conn->base_.address),
+              chan->conn->base_.port);
+     /* XXXX check more stuff? */
+   }
+ 
+   chan->conn->handshake_state->received_certs_cell = 1;
+ 
+   if (send_netinfo) {
+     if (connection_or_send_netinfo(chan->conn) < 0) {
+       log_warn(LD_OR, "Couldn't send netinfo cell");
+       connection_or_close_for_error(chan->conn, 0);
+       goto err;
+     }
+   }
+ 
+  err:
+   for (unsigned u = 0; u < ARRAY_LENGTH(x509_certs); ++u) {
+     tor_x509_cert_free(x509_certs[u]);
+   }
+   for (unsigned u = 0; u < ARRAY_LENGTH(ed_certs); ++u) {
+     tor_cert_free(ed_certs[u]);
+   }
+   tor_free(rsa_ed_cc_cert);
+   certs_cell_free(cc);
+ #undef ERR
+ }
+ 
+ /**
+  * Process an AUTH_CHALLENGE cell from a channel_tls_t.
+  *
+  * This function is called to handle an incoming AUTH_CHALLENGE cell on a
+  * channel_tls_t; if we weren't supposed to get one (for example, because we're
+  * not the originator of the channel), or it's ill-formed, or we aren't doing
+  * a v3 handshake, mark the channel.  If the cell is well-formed but we don't
+  * want to authenticate, just drop it.  If the cell is well-formed *and* we
+  * want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.
+  */
+ STATIC void
+ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
+ {
+   int n_types, i, use_type = -1;
+   auth_challenge_cell_t *ac = NULL;
+ 
+   tor_assert(cell);
+   tor_assert(chan);
+   tor_assert(chan->conn);
+ 
+ #define ERR(s)                                                  \
+   do {                                                          \
+     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,                      \
+            "Received a bad AUTH_CHALLENGE cell from %s:%d: %s", \
+            safe_str(chan->conn->base_.address),                 \
+            chan->conn->base_.port, (s));                        \
+     connection_or_close_for_error(chan->conn, 0);               \
+     goto done;                                                  \
+   } while (0)
+ 
+   if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
+     ERR("We're not currently doing a v3 handshake");
+   if (chan->conn->link_proto < 3)
+     ERR("We're not using link protocol >= 3");
+   if (!(chan->conn->handshake_state->started_here))
+     ERR("We didn't originate this connection");
+   if (chan->conn->handshake_state->received_auth_challenge)
+     ERR("We already received one");
+   if (!(chan->conn->handshake_state->received_certs_cell))
+     ERR("We haven't gotten a CERTS cell yet");
+   if (cell->circ_id)
+     ERR("It had a nonzero circuit ID");
+ 
+   if (auth_challenge_cell_parse(&ac, cell->payload, cell->payload_len) < 0)
+     ERR("It was not well-formed.");
+ 
+   n_types = ac->n_methods;
+ 
+   /* Now see if there is an authentication type we can use */
+   for (i = 0; i < n_types; ++i) {
+     uint16_t authtype = auth_challenge_cell_get_methods(ac, i);
+     if (authchallenge_type_is_supported(authtype)) {
+       if (use_type == -1 ||
+           authchallenge_type_is_better(authtype, use_type)) {
+         use_type = authtype;
+       }
+     }
+   }
+ 
+   chan->conn->handshake_state->received_auth_challenge = 1;
+ 
+   if (! public_server_mode(get_options())) {
+     /* If we're not a public server then we don't want to authenticate on a
+        connection we originated, and we already sent a NETINFO cell when we
+        got the CERTS cell. We have nothing more to do. */
+     goto done;
+   }
+ 
+   if (use_type >= 0) {
+     log_info(LD_OR,
+              "Got an AUTH_CHALLENGE cell from %s:%d: Sending "
+              "authentication type %d",
+              safe_str(chan->conn->base_.address),
+              chan->conn->base_.port,
+              use_type);
+ 
+     if (connection_or_send_authenticate_cell(chan->conn, use_type) < 0) {
+       log_warn(LD_OR,
+                "Couldn't send authenticate cell");
+       connection_or_close_for_error(chan->conn, 0);
+       goto done;
+     }
+   } else {
+     log_info(LD_OR,
+              "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "
+              "know any of its authentication types. Not authenticating.",
+              safe_str(chan->conn->base_.address),
+              chan->conn->base_.port);
+   }
+ 
+   if (connection_or_send_netinfo(chan->conn) < 0) {
+     log_warn(LD_OR, "Couldn't send netinfo cell");
+     connection_or_close_for_error(chan->conn, 0);
+     goto done;
+   }
+ 
+  done:
+   auth_challenge_cell_free(ac);
+ 
+ #undef ERR
+ }
+ 
+ /**
+  * Process an AUTHENTICATE cell from a channel_tls_t.
+  *
+  * If it's ill-formed or we weren't supposed to get one or we're not doing a
+  * v3 handshake, then mark the connection.  If it does not authenticate the
+  * other side of the connection successfully (because it isn't signed right,
+  * we didn't get a CERTS cell, etc) mark the connection.  Otherwise, accept
+  * the identity of the router on the other side of the connection.
+  */
+ STATIC void
+ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
+ {
+   var_cell_t *expected_cell = NULL;
+   const uint8_t *auth;
+   int authlen;
+   int authtype;
+   int bodylen;
+ 
+   tor_assert(cell);
+   tor_assert(chan);
+   tor_assert(chan->conn);
+ 
+ #define ERR(s)                                                  \
+   do {                                                          \
+     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,                      \
+            "Received a bad AUTHENTICATE cell from %s:%d: %s",   \
+            safe_str(chan->conn->base_.address),                 \
+            chan->conn->base_.port, (s));                        \
+     connection_or_close_for_error(chan->conn, 0);               \
+     var_cell_free(expected_cell);                               \
+     return;                                                     \
+   } while (0)
+ 
+   if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
+     ERR("We're not doing a v3 handshake");
+   if (chan->conn->link_proto < 3)
+     ERR("We're not using link protocol >= 3");
+   if (chan->conn->handshake_state->started_here)
+     ERR("We originated this connection");
+   if (chan->conn->handshake_state->received_authenticate)
+     ERR("We already got one!");
+   if (chan->conn->handshake_state->authenticated) {
+     /* Should be impossible given other checks */
+     ERR("The peer is already authenticated");
+   }
+   if (!(chan->conn->handshake_state->received_certs_cell))
+     ERR("We never got a certs cell");
+   if (chan->conn->handshake_state->certs->id_cert == NULL)
+     ERR("We never got an identity certificate");
+   if (cell->payload_len < 4)
+     ERR("Cell was way too short");
+ 
+   auth = cell->payload;
+   {
+     uint16_t type = ntohs(get_uint16(auth));
+     uint16_t len = ntohs(get_uint16(auth+2));
+     if (4 + len > cell->payload_len)
+       ERR("Authenticator was truncated");
+ 
+     if (! authchallenge_type_is_supported(type))
+       ERR("Authenticator type was not recognized");
+     authtype = type;
+ 
+     auth += 4;
+     authlen = len;
+   }
+ 
+   if (authlen < V3_AUTH_BODY_LEN + 1)
+     ERR("Authenticator was too short");
+ 
+   expected_cell = connection_or_compute_authenticate_cell_body(
+                 chan->conn, authtype, NULL, NULL, 1);
+   if (! expected_cell)
+     ERR("Couldn't compute expected AUTHENTICATE cell body");
+ 
+   int sig_is_rsa;
+   if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET ||
+       authtype == AUTHTYPE_RSA_SHA256_RFC5705) {
+     bodylen = V3_AUTH_BODY_LEN;
+     sig_is_rsa = 1;
+   } else {
+     tor_assert(authtype == AUTHTYPE_ED25519_SHA256_RFC5705);
+     /* Our earlier check had better have made sure we had room
+      * for an ed25519 sig (inadvertently) */
+     tor_assert(V3_AUTH_BODY_LEN > ED25519_SIG_LEN);
+     bodylen = authlen - ED25519_SIG_LEN;
+     sig_is_rsa = 0;
+   }
+   if (expected_cell->payload_len != bodylen+4) {
+     ERR("Expected AUTHENTICATE cell body len not as expected.");
+   }
+ 
+   /* Length of random part. */
+   if (BUG(bodylen < 24)) {
+     // LCOV_EXCL_START
+     ERR("Bodylen is somehow less than 24, which should really be impossible");
+     // LCOV_EXCL_STOP
+   }
+ 
+   if (tor_memneq(expected_cell->payload+4, auth, bodylen-24))
+     ERR("Some field in the AUTHENTICATE cell body was not as expected");
+ 
+   if (sig_is_rsa) {
+     if (chan->conn->handshake_state->certs->ed_id_sign != NULL)
+       ERR("RSA-signed AUTHENTICATE response provided with an ED25519 cert");
+ 
+     if (chan->conn->handshake_state->certs->auth_cert == NULL)
+       ERR("We never got an RSA authentication certificate");
+ 
+     crypto_pk_t *pk = tor_tls_cert_get_key(
+                              chan->conn->handshake_state->certs->auth_cert);
+     char d[DIGEST256_LEN];
+     char *signed_data;
+     size_t keysize;
+     int signed_len;
+ 
+     if (! pk) {
+       ERR("Couldn't get RSA key from AUTH cert.");
+     }
+     crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);
+ 
+     keysize = crypto_pk_keysize(pk);
+     signed_data = tor_malloc(keysize);
+     signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,
+                                            (char*)auth + V3_AUTH_BODY_LEN,
+                                            authlen - V3_AUTH_BODY_LEN);
+     crypto_pk_free(pk);
+     if (signed_len < 0) {
+       tor_free(signed_data);
+       ERR("RSA signature wasn't valid");
+     }
+     if (signed_len < DIGEST256_LEN) {
+       tor_free(signed_data);
+       ERR("Not enough data was signed");
+     }
+     /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
+      * in case they're later used to hold a SHA3 digest or something. */
+     if (tor_memneq(signed_data, d, DIGEST256_LEN)) {
+       tor_free(signed_data);
+       ERR("Signature did not match data to be signed.");
+     }
+     tor_free(signed_data);
+   } else {
+     if (chan->conn->handshake_state->certs->ed_id_sign == NULL)
+       ERR("We never got an Ed25519 identity certificate.");
+     if (chan->conn->handshake_state->certs->ed_sign_auth == NULL)
+       ERR("We never got an Ed25519 authentication certificate.");
+ 
+     const ed25519_public_key_t *authkey =
+       &chan->conn->handshake_state->certs->ed_sign_auth->signed_key;
+     ed25519_signature_t sig;
+     tor_assert(authlen > ED25519_SIG_LEN);
+     memcpy(&sig.sig, auth + authlen - ED25519_SIG_LEN, ED25519_SIG_LEN);
+     if (ed25519_checksig(&sig, auth, authlen - ED25519_SIG_LEN, authkey)<0) {
+       ERR("Ed25519 signature wasn't valid.");
+     }
+   }
+ 
+   /* Okay, we are authenticated. */
+   chan->conn->handshake_state->received_authenticate = 1;
+   chan->conn->handshake_state->authenticated = 1;
+   chan->conn->handshake_state->authenticated_rsa = 1;
+   chan->conn->handshake_state->digest_received_data = 0;
+   {
+     tor_x509_cert_t *id_cert = chan->conn->handshake_state->certs->id_cert;
+     crypto_pk_t *identity_rcvd = tor_tls_cert_get_key(id_cert);
+     const common_digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert);
+     const ed25519_public_key_t *ed_identity_received = NULL;
+ 
+     if (! sig_is_rsa) {
+       chan->conn->handshake_state->authenticated_ed25519 = 1;
+       ed_identity_received =
+         &chan->conn->handshake_state->certs->ed_id_sign->signing_key;
+       memcpy(&chan->conn->handshake_state->authenticated_ed25519_peer_id,
+              ed_identity_received, sizeof(ed25519_public_key_t));
+     }
+ 
+     /* This must exist; we checked key type when reading the cert. */
+     tor_assert(id_digests);
+ 
+     memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
+            id_digests->d[DIGEST_SHA1], DIGEST_LEN);
+ 
+     channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
+                chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
+     crypto_pk_free(identity_rcvd);
+ 
+     log_debug(LD_HANDSHAKE,
+               "Calling connection_or_init_conn_from_address for %s "
+               " from %s, with%s ed25519 id.",
+               safe_str(chan->conn->base_.address),
+               __func__,
+               ed_identity_received ? "" : "out");
+ 
+     connection_or_init_conn_from_address(chan->conn,
+                   &(chan->conn->base_.addr),
+                   chan->conn->base_.port,
+                   (const char*)(chan->conn->handshake_state->
+                     authenticated_rsa_peer_id),
+                   ed_identity_received,
+                   0);
+ 
+     log_debug(LD_HANDSHAKE,
+              "Got an AUTHENTICATE cell from %s:%d, type %d: Looks good.",
+              safe_str(chan->conn->base_.address),
+              chan->conn->base_.port,
+              authtype);
+   }
+ 
+   var_cell_free(expected_cell);
+ 
+ #undef ERR
+ }



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits