nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'maint-0.2.9'

Browse Source
This commit is contained in:
Nick Mathewson 2016-11-01 13:05:45 -04:00
commit cb35a7c271
5 changed files with 40 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug20472 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (circuits):
- Remove a BUG warning in circuit_pick_extend_handshake. Instead, assume
all nodes support EXTEND2. Use ntor whenever a key is available.
Bugfix on commit 10aa913 from 19163 in 0.2.9.3-alpha. Fixes bug 20472.

65
src/or/circuitbuild.c
View File

@ -828,7 +828,8 @@ circuit_timeout_want_to_count_circ(origin_circuit_t *circ)
/** Decide whether to use a TAP or ntor handshake for connecting to <b>ei</b> /** Decide whether to use a TAP or ntor handshake for connecting to <b>ei</b>
* directly, and set *<b>cell_type_out</b> and *<b>handshake_type_out</b> * directly, and set *<b>cell_type_out</b> and *<b>handshake_type_out</b>
* accordingly. * accordingly.
* Note that TAP handshakes are only used for direct connections: * Note that TAP handshakes in CREATE cells are only used for direct
* connections:
* - from Tor2web to intro points not in the client's consensus, and * - from Tor2web to intro points not in the client's consensus, and
* - from Single Onions to rend points not in the service's consensus. * - from Single Onions to rend points not in the service's consensus.
* This is checked in onion_populate_cpath. */ * This is checked in onion_populate_cpath. */
@ -837,58 +838,43 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
uint16_t *handshake_type_out, uint16_t *handshake_type_out,
const extend_info_t *ei) const extend_info_t *ei)
{ {
/* XXXX030 Remove support for deciding to use TAP. */ /* torspec says: In general, clients SHOULD use CREATE whenever they are
* using the TAP handshake, and CREATE2 otherwise. */
if (extend_info_supports_ntor(ei)) { if (extend_info_supports_ntor(ei)) {
*cell_type_out = CELL_CREATE2; *cell_type_out = CELL_CREATE2;
*handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR; *handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR;
return; } else {
/* XXXX030 Remove support for deciding to use TAP and EXTEND. */
*cell_type_out = CELL_CREATE;
*handshake_type_out = ONION_HANDSHAKE_TYPE_TAP;
} }
*cell_type_out = CELL_CREATE;
*handshake_type_out = ONION_HANDSHAKE_TYPE_TAP;
} }
/** Decide whether to use a TAP or ntor handshake for connecting to <b>ei</b> /** Decide whether to use a TAP or ntor handshake for extending to <b>ei</b>
* directly, and set *<b>handshake_type_out</b> accordingly. Decide whether, * and set *<b>handshake_type_out</b> accordingly. Decide whether we should
* in extending through <b>node</b> to do so, we should use an EXTEND2 or an * use an EXTEND2 or an EXTEND cell to do so, and set *<b>cell_type_out</b>
* EXTEND cell to do so, and set *<b>cell_type_out</b> and * and *<b>create_cell_type_out</b> accordingly.
* *<b>create_cell_type_out</b> accordingly. * Note that TAP handshakes in EXTEND cells are only used:
* Note that TAP handshakes are only used for extend handshakes:
* - from clients to intro points, and * - from clients to intro points, and
* - from hidden services to rend points. * - from hidden services to rend points.
* This is checked in onion_populate_cpath. */ * This is checked in onion_populate_cpath.
*/
static void static void
circuit_pick_extend_handshake(uint8_t *cell_type_out, circuit_pick_extend_handshake(uint8_t *cell_type_out,
uint8_t *create_cell_type_out, uint8_t *create_cell_type_out,
uint16_t *handshake_type_out, uint16_t *handshake_type_out,
const node_t *node_prev,
const extend_info_t *ei) const extend_info_t *ei)
{ {
uint8_t t; uint8_t t;
circuit_pick_create_handshake(&t, handshake_type_out, ei); circuit_pick_create_handshake(&t, handshake_type_out, ei);
/* XXXX030 Remove support for deciding to use TAP. */ /* torspec says: Clients SHOULD use the EXTEND format whenever sending a TAP
* handshake... In other cases, clients SHOULD use EXTEND2. */
/* It is an error to extend if there is no previous node. */ if (*handshake_type_out != ONION_HANDSHAKE_TYPE_TAP) {
if (BUG(node_prev == NULL)) {
*cell_type_out = RELAY_COMMAND_EXTEND;
*create_cell_type_out = CELL_CREATE;
return;
}
/* It is an error for a node with a known version to be so old it does not
* support ntor. */
tor_assert_nonfatal(routerstatus_version_supports_ntor(node_prev->rs, 1));
/* Assume relays without tor versions or routerstatuses support ntor.
* The authorities enforce ntor support, and assuming and failing is better
* than allowing a malicious node to perform a protocol downgrade to TAP. */
if (*handshake_type_out != ONION_HANDSHAKE_TYPE_TAP &&
(node_has_curve25519_onion_key(node_prev) ||
(routerstatus_version_supports_ntor(node_prev->rs, 1)))) {
*cell_type_out = RELAY_COMMAND_EXTEND2; *cell_type_out = RELAY_COMMAND_EXTEND2;
*create_cell_type_out = CELL_CREATE2; *create_cell_type_out = CELL_CREATE2;
} else { } else {
/* XXXX030 Remove support for deciding to use TAP and EXTEND. */
*cell_type_out = RELAY_COMMAND_EXTEND; *cell_type_out = RELAY_COMMAND_EXTEND;
*create_cell_type_out = CELL_CREATE; *create_cell_type_out = CELL_CREATE;
} }
@ -1044,15 +1030,10 @@ circuit_send_next_onion_skin(origin_circuit_t *circ)
return - END_CIRC_REASON_INTERNAL; return - END_CIRC_REASON_INTERNAL;
} }
{ circuit_pick_extend_handshake(&ec.cell_type,
const node_t *prev_node; &ec.create_cell.cell_type,
prev_node = node_get_by_id(hop->prev->extend_info->identity_digest); &ec.create_cell.handshake_type,
circuit_pick_extend_handshake(&ec.cell_type, hop->extend_info);
&ec.create_cell.cell_type,
&ec.create_cell.handshake_type,
prev_node,
hop->extend_info);
}
tor_addr_copy(&ec.orport_ipv4.addr, &hop->extend_info->addr); tor_addr_copy(&ec.orport_ipv4.addr, &hop->extend_info->addr);
ec.orport_ipv4.port = hop->extend_info->port; ec.orport_ipv4.port = hop->extend_info->port;

6
src/or/networkstatus.c
View File

@ -2386,10 +2386,10 @@ client_would_use_router(const routerstatus_t *rs, time_t now,
/* We'd drop it immediately for being too old. */ /* We'd drop it immediately for being too old. */
return 0; return 0;
} }
if (!routerstatus_version_supports_ntor(rs, 1)) { if (!routerstatus_version_supports_extend2_cells(rs, 1)) {
/* We'd ignore it because it doesn't support ntor. /* We'd ignore it because it doesn't support EXTEND2 cells.
* If we don't know the version, download the descriptor so we can * If we don't know the version, download the descriptor so we can
* check if it supports ntor. */ * check if it supports EXTEND2 cells and ntor. */
return 0; return 0;
} }
return 1; return 1;

14
src/or/routerlist.c
View File

@ -2345,9 +2345,10 @@ router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
continue; continue;
if (node_is_unreliable(node, need_uptime, need_capacity, need_guard)) if (node_is_unreliable(node, need_uptime, need_capacity, need_guard))
continue; continue;
/* Don't choose nodes if we are certain they can't do ntor */ /* Don't choose nodes if we are certain they can't do EXTEND2 cells */
if (node->rs && !routerstatus_version_supports_ntor(node->rs, 1)) if (node->rs && !routerstatus_version_supports_extend2_cells(node->rs, 1))
continue; continue;
/* Don't choose nodes if we are certain they can't do ntor. */
if ((node->ri || node->md) && !node_has_curve25519_onion_key(node)) if ((node->ri || node->md) && !node_has_curve25519_onion_key(node))
continue; continue;
/* Choose a node with an OR address that matches the firewall rules */ /* Choose a node with an OR address that matches the firewall rules */
@ -5610,13 +5611,14 @@ routerinfo_has_curve25519_onion_key(const routerinfo_t *ri)
return 1; return 1;
} }
/* Is rs running a tor version known to support ntor? /* Is rs running a tor version known to support EXTEND2 cells?
* If allow_unknown_versions is true, return true if we can't tell * If allow_unknown_versions is true, return true if we can't tell
* (from a versions line or a protocols line) whether it supports ntor. * (from a versions line or a protocols line) whether it supports extend2
* cells.
* Otherwise, return false if the version is unknown. */ * Otherwise, return false if the version is unknown. */
int int
routerstatus_version_supports_ntor(const routerstatus_t *rs, routerstatus_version_supports_extend2_cells(const routerstatus_t *rs,
int allow_unknown_versions) int allow_unknown_versions)
{ {
if (!rs) { if (!rs) {
return allow_unknown_versions; return allow_unknown_versions;

4
src/or/routerlist.h
View File

@ -207,8 +207,8 @@ int routerinfo_incompatible_with_extrainfo(const crypto_pk_t *ri,
signed_descriptor_t *sd, signed_descriptor_t *sd,
const char **msg); const char **msg);
int routerinfo_has_curve25519_onion_key(const routerinfo_t *ri); int routerinfo_has_curve25519_onion_key(const routerinfo_t *ri);
int routerstatus_version_supports_ntor(const routerstatus_t *rs, int routerstatus_version_supports_extend2_cells(const routerstatus_t *rs,
int allow_unknown_versions); int allow_unknown_versions);
void routerlist_assert_ok(const routerlist_t *rl); void routerlist_assert_ok(const routerlist_t *rl);
const char *esc_router_info(const routerinfo_t *router); const char *esc_router_info(const routerinfo_t *router);