diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-11-29 20:56:39 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-11-29 20:56:39 -0500 |
| commit | 628b735fe39e13cc37afb567b32d4b006da51c89 (patch) | |
| tree | 8a896c306e0dd749896b0c32548e4fca7da5bd51 /changes | |
| parent | 441ab6cdd57252b44dd6110e273a7f4e406842b0 (diff) | |
| parent | a2791f43f595d06dbaeff7c4ea0bcecc5c04e2de (diff) | |
| download | tor-628b735fe39e13cc37afb567b32d4b006da51c89.tar.gz tor-628b735fe39e13cc37afb567b32d4b006da51c89.zip | |
Merge remote-tracking branch 'rransom-tor/bug3460-v4'
Conflicts:
src/or/rendservice.c
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug3460 | 11 | ||||
| -rw-r--r-- | changes/intro-point-expiration | 5 | ||||
| -rw-r--r-- | changes/per-intro-point-replay-cache | 7 | ||||
| -rw-r--r-- | changes/reduce-hs-intro-dh-key-replay-cache-lifetime | 9 |
4 files changed, 32 insertions, 0 deletions
diff --git a/changes/bug3460 b/changes/bug3460 new file mode 100644 index 0000000000..4fbca01aec --- /dev/null +++ b/changes/bug3460 @@ -0,0 +1,11 @@ + o Major bugfixes: + + - Ignore the timestamps of INTRODUCE2 cells received by a hidden + service. Previously, hidden services would check that the + timestamp was within 30 minutes of their system clock, so that + services could keep only INTRODUCE2 cells they had received in + the last hour in their replay-detection cache. Bugfix on + 0.2.1.6-alpha, when the v3 intro-point protocol (the first one + which sent a timestamp field in the INTRODUCE2 cell) was + introduced; fixes bug 3460. + diff --git a/changes/intro-point-expiration b/changes/intro-point-expiration new file mode 100644 index 0000000000..3de33c188e --- /dev/null +++ b/changes/intro-point-expiration @@ -0,0 +1,5 @@ + o Minor features: + + - Expire old or over-used hidden service introduction points. + Required by fix for bug 3460. + diff --git a/changes/per-intro-point-replay-cache b/changes/per-intro-point-replay-cache new file mode 100644 index 0000000000..f63e428e32 --- /dev/null +++ b/changes/per-intro-point-replay-cache @@ -0,0 +1,7 @@ + o Minor features: + + - Move the replay-detection cache for the RSA-encrypted parts of + INTRODUCE2 cells to the introduction point data structures. + Previously, we would use one replay-detection cache per hidden + service. Required by fix for bug 3460. + diff --git a/changes/reduce-hs-intro-dh-key-replay-cache-lifetime b/changes/reduce-hs-intro-dh-key-replay-cache-lifetime new file mode 100644 index 0000000000..5ae3785fcb --- /dev/null +++ b/changes/reduce-hs-intro-dh-key-replay-cache-lifetime @@ -0,0 +1,9 @@ + o Minor features: + + - Reduce the lifetime of elements of hidden services' + Diffie-Hellman public key replay-detection cache from 60 minutes + to 5 minutes. This replay-detection cache is now used only to + detect multiple INTRODUCE2 cells specifying the same rendezvous + point, so we don't launch multiple simultaneous attempts to + connect to it. + |