Commit Graph

30745 Commits

Author SHA1 Message Date
David Goulet
81c466c34a hs-v3: Create desc signing key cert before uploading
Before this commit, we would create the descriptor signing key certificate
when first building the descriptor.

In some extreme cases, it lead to the expiry of the certificate which triggers
a BUG() when encoding the descriptor before uploading.

Ticket #27838 details a possible scenario in which this can happen. It is an
edge case where tor losts internet connectivity, notices it and closes all
circuits. When it came back up, the HS subsystem noticed that it had no
introduction circuits, created them and tried to upload the descriptor.

However, in the meantime, if tor did lack a live consensus because it is
currently seeking to download one, we would consider that we don't need to
rotate the descriptors leading to using the expired signing key certificate.

That being said, this commit does a bit more to make this process cleaner.
There are a series of things that we need to "refresh" before uploading a
descriptor: signing key cert, intro points and revision counter.

A refresh function is added to deal with all mutable descriptor fields. It in
turn simplified a bit the code surrounding the creation of the plaintext data.

We keep creating the cert when building the descriptor in order to accomodate
the unit tests. However, it is replaced every single time the descriptor is
uploaded.

Fixes #27838

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-22 16:34:41 -04:00
Nick Mathewson
afc22ec539 Merge remote-tracking branch 'tor-github/pr/421' 2018-10-22 08:49:55 -04:00
Roger Dingledine
7aa9fc1637 clean up a tor2web comment 2018-10-21 23:46:09 -04:00
rl1987
98cef6807e Exclude test and a supporting function when evdns_base_get_nameserver_addr() is not available 2018-10-20 20:34:08 +03:00
rl1987
92f0e04f8d Check if libevent comes with evdns_base_get_nameserver_addr() 2018-10-20 20:34:08 +03:00
rl1987
d827902cb1 Unit test for DNS fallback in configure_nameservers 2018-10-20 20:34:08 +03:00
rl1987
1a1b088f8c Add changes file 2018-10-20 20:34:08 +03:00
rl1987
98fd3b4104 Mention DNS fallback in manpage 2018-10-20 20:34:08 +03:00
rl1987
91fa12aedc Fallback to local DNS when no other nameservers are known 2018-10-20 20:34:08 +03:00
Nick Mathewson
275e831cea Merge remote-tracking branch 'tor-github/pr/396' 2018-10-19 14:29:01 -04:00
Nick Mathewson
95c3cc2b90 Merge branch 'maint-0.3.5' 2018-10-19 14:21:01 -04:00
Nick Mathewson
1ae9116601 Merge remote-tracking branch 'onionk/rust-protocommas1' into maint-0.3.5 2018-10-19 14:20:57 -04:00
Nick Mathewson
a05a113062 Merge remote-tracking branch 'onionk/rust-protocommas1' 2018-10-19 14:20:43 -04:00
Nick Mathewson
d1d66866b2 Rename a function; it is used to convert a value _From_ le.
We can't use htons()/ntohs() -- those are no-ops on exactly the
wrong platforms.
2018-10-19 08:42:28 -04:00
Nick Mathewson
f8a1dc64f9 Fix a misspelled macro test that was breaking big-endian OPE
Fixes bug 28115; bugfix on 0.3.5.1-alpha.
2018-10-19 08:41:25 -04:00
Nick Mathewson
62401812c7 Merge remote-tracking branch 'dgoulet/ticket27471_035_02' 2018-10-18 13:01:41 -04:00
David Goulet
8b2e72106a test: Add test for closing intro circuits when storing a new descriptor
This is client side and related to 27471 for previous commit that fixes this
issue.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 12:56:51 -04:00
David Goulet
9ba16c4d03 hs-v3: Close client intro circuits if the descriptor is replaced
When storing a descriptor in the client cache, if we are about to replace an
existing descriptor, make sure to close every introduction circuits of the old
descriptor so we don't have leftovers lying around.

Ticket 27471 describes a situation where tor is sending an INTRODUCE1 cell on
an introduction circuit for which it doesn't have a matching intro point
object (taken from the descriptor).

The main theory is that, after a new descriptor showed up, the introduction
points changed which led to selecting an introduction circuit not used by the
service anymore thus for which we are unable to find the corresponding
introduction point within the descriptor we just fetched.

Closes #27471.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 12:56:51 -04:00
David Goulet
56f713b8a4 hs-v3: Always generate the descriptor cookie
It won't be used if there are no authorized client configured. We do that so
we can easily support the addition of a client with a HUP signal which allow
us to avoid more complex code path to generate that cookie if we have at least
one client auth and we had none before.

Fixes #27995

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 11:46:07 -04:00
Nick Mathewson
0a41d17c15 Merge branch 'ticket27549_035_01_squashed' 2018-10-18 10:16:30 -04:00
David Goulet
3a8f32067d hs-v3: Consolidate descriptor cookie computation code
Both client and service had their own code for this. Consolidate into one
place so we avoid duplication.

Closes #27549

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-10-18 10:16:07 -04:00
Nick Mathewson
d1eac7830f Merge branch 'maint-0.3.3' into maint-0.3.4 2018-10-18 09:12:58 -04:00
Nick Mathewson
a5599fb71c Merge branch 'maint-0.3.4' into maint-0.3.5 2018-10-18 09:12:58 -04:00
Nick Mathewson
e979a56bb6 Merge branch 'maint-0.3.5' 2018-10-18 09:12:58 -04:00
Taylor Yu
7f6c0fce46 Merge branch 'bug27800-034' into bug27800-035 2018-10-17 16:00:11 -05:00
Taylor Yu
4e7f65ee5d Merge branch 'bug27800-033' into tor-034 2018-10-17 15:42:58 -05:00
Taylor Yu
93fd924bdb Log more info for duplicate ed25519 IDs
Occasionally, key pinning doesn't catch a relay that shares an ed25519
ID with another relay.  Log the identity fingerprints and the shared
ed25519 ID when this happens, instead of making a BUG() warning.

Fixes bug 27800; bugfix on 0.3.2.1-alpha.
2018-10-17 15:39:55 -05:00
cypherpunks
a56451af42 evloop: fix docs for threadpool_register_reply_event
Commit 6a5f62f68f ultimately didn't
include the base argument, and the callback is named cb.
2018-10-17 20:27:19 +00:00
cypherpunks
f07ab5b95c evloop: fix docs
alert_sockets_t was moved in 544ab27a94.
2018-10-17 20:27:19 +00:00
Nick Mathewson
fd2e0ac1c3 Bump to 0.3.6.0-alpha-dev. 2018-10-17 14:46:38 -04:00
Nick Mathewson
0afa0bc167 Merge branch 'maint-0.3.5'
"ours" to avoid version bump.
2018-10-17 14:46:10 -04:00
Nick Mathewson
389bae0e8b Bump to 0.3.5.3-alpha-dev 2018-10-17 14:46:00 -04:00
Nick Mathewson
444e9b37c5 expand the blurb 2018-10-17 14:20:55 -04:00
Nick Mathewson
cd6e75a6b4 Reflow the changelog 2018-10-17 14:19:33 -04:00
Roger Dingledine
df78a2730c merge in some fixes i found in a sandbox 2018-10-17 13:56:41 -04:00
Roger Dingledine
1a3fbba92b 0.3.5.3-alpha changelog touch-ups 2018-10-17 13:42:59 -04:00
Nick Mathewson
498a852bba Fold in the entry for 28089 2018-10-17 13:12:24 -04:00
Nick Mathewson
b1891068f1 Merge branch 'maint-0.3.4' 2018-10-17 13:02:23 -04:00
David Goulet
2000d04cb6 conn: Stop writing when our write bandwidth limist is exhausted
Commit 488e2b00bf introduced an issue, most
likely introduced by a bad copy paste, that made us stop reading on the
connection if our write bandwidth limit was reached.

The problem is that because "read_blocked_on_bw" was never set, the connection
was never reenabled for reading.

This is most likely the cause of #27813 where bytes were accumulating in the
kernel TCP bufers because tor was not doing reads. Only relays with
RelayBandwidthRate would suffer from this but affecting all relays connecting
to them. And using that tor option is recommended and best practice so many
many relays have it enabled.

Fixes #28089.
2018-10-17 12:25:12 -04:00
Nick Mathewson
0ba05092ad Light changelog edits 2018-10-17 09:40:20 -04:00
Nick Mathewson
d70ca3554e Bump to 0.3.5.3-alpha 2018-10-17 09:26:32 -04:00
Nick Mathewson
4b4233e0bc Run format-changelog 2018-10-17 09:26:04 -04:00
Nick Mathewson
e2bfffefb0 Fold changes file into changelog 2018-10-17 09:25:43 -04:00
Nick Mathewson
34cd1fc523 Merge remote-tracking branch 'tor-github/pr/406' 2018-10-16 21:33:38 -04:00
cypherpunks
2f0744b3e6 rust/tor_util: drop unsafe block in cstr!
This is unnecessary just to get an empty string, there's Default::default().

Fix on 8fff331bb0.
2018-10-17 00:16:21 +00:00
Nick Mathewson
63c5e09a40 Merge remote-tracking branch 'tor-github/pr/408' 2018-10-16 19:10:05 -04:00
Nick Mathewson
e97adaf8dc Argh. The unset value for OwningControllerFD is NOT -1. 2018-10-16 17:57:04 -04:00
Nick Mathewson
56a3cef4d7 Merge branch 'bug27849_redux' 2018-10-16 17:33:58 -04:00
Nick Mathewson
698629f5a9 Merge remote-tracking branch 'tor-github/pr/404' 2018-10-16 17:29:50 -04:00
Nick Mathewson
8a0b741487 Add a tor_free() in tor_gencert to fix a coverity warning 2018-10-16 17:18:46 -04:00