summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorteor <teor2345@gmail.com>2018-07-06 16:06:44 +1000
committerteor <teor@torproject.org>2018-07-25 09:16:04 +1000
commita99920c7d4ace4d87f6876ab3aaef79ee1aff509 (patch)
tree0fdbbb876c0589829713e6bd93faa8383b80053b
parentdbf57ecf39e3066b567c5aade9e8b5575e1e1ec0 (diff)
downloadtor-a99920c7d4ace4d87f6876ab3aaef79ee1aff509.tar.gz
tor-a99920c7d4ace4d87f6876ab3aaef79ee1aff509.zip
Stop sending unsupported ed25519 link specifiers in v3 introduce cells
Stop sending ed25519 link specifiers in v3 onion service introduce cells, when the rendezvous point doesn't support ed25519 link authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha.
-rw-r--r--changes/bug266274
-rw-r--r--src/or/hs_circuit.c20
2 files changed, 18 insertions, 6 deletions
diff --git a/changes/bug26627 b/changes/bug26627
new file mode 100644
index 0000000000..a46038f72e
--- /dev/null
+++ b/changes/bug26627
@@ -0,0 +1,4 @@
+ o Minor bugfixes (v3 onion services):
+ - Stop sending ed25519 link specifiers in v3 onion service introduce
+ cells, when the rendezvous point doesn't support ed25519 link
+ authentication. Fixes bug 26627; bugfix on 0.3.2.4-alpha.
diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c
index 3a674f6223..0a9999a190 100644
--- a/src/or/hs_circuit.c
+++ b/src/or/hs_circuit.c
@@ -559,10 +559,14 @@ retry_service_rendezvous_point(const origin_circuit_t *circ)
return;
}
-/* Add all possible link specifiers in node to lspecs.
- * legacy ID is mandatory thus MUST be present in node. If the primary address
- * is not IPv4, log a BUG() warning, and return an empty smartlist.
- * Includes ed25519 id and IPv6 link specifiers if present in the node. */
+/* Add all possible link specifiers in node to lspecs:
+ * - legacy ID is mandatory thus MUST be present in node;
+ * - include ed25519 link specifier if present in the node, and the node
+ * supports ed25519 link authentication, even if its link versions are not
+ * compatible with us;
+ * - include IPv4 link specifier, if the primary address is not IPv4, log a
+ * BUG() warning, and return an empty smartlist;
+ * - include IPv6 link specifier if present in the node. */
static void
get_lspecs_from_node(const node_t *node, smartlist_t *lspecs)
{
@@ -600,8 +604,12 @@ get_lspecs_from_node(const node_t *node, smartlist_t *lspecs)
link_specifier_set_ls_len(ls, link_specifier_getlen_un_legacy_id(ls));
smartlist_add(lspecs, ls);
- /* ed25519 ID is only included if the node has it. */
- if (!ed25519_public_key_is_zero(&node->ed25519_id)) {
+ /* ed25519 ID is only included if the node has it, and the node declares a
+ protocol version that supports ed25519 link authentication, even if that
+ link version is not compatible with us. (We are sending the ed25519 key
+ to another tor, which may support different link versions.) */
+ if (!ed25519_public_key_is_zero(&node->ed25519_id) &&
+ node_supports_ed25519_link_authentication(node, 0)) {
ls = link_specifier_new();
link_specifier_set_ls_type(ls, LS_ED25519_ID);
memcpy(link_specifier_getarray_un_ed25519_id(ls), &node->ed25519_id,