diff options
| -rw-r--r-- | changes/8712 | 6 | ||||
| -rw-r--r-- | src/common/crypto_ed25519.c | 18 | ||||
| -rw-r--r-- | src/common/util.c | 9 | ||||
| -rw-r--r-- | src/or/circuituse.c | 2 | ||||
| -rw-r--r-- | src/or/dirserv.c | 5 | ||||
| -rw-r--r-- | src/or/rendcommon.c | 2 | ||||
| -rw-r--r-- | src/or/rendservice.c | 49 | ||||
| -rw-r--r-- | src/or/rendservice.h | 9 | ||||
| -rw-r--r-- | src/or/routerkeys.c | 12 |
9 files changed, 46 insertions, 66 deletions
diff --git a/changes/8712 b/changes/8712 new file mode 100644 index 0000000000..c7423e84c8 --- /dev/null +++ b/changes/8712 @@ -0,0 +1,6 @@ + o Minor features (directory authorities): + - Directory authorities no longer vote against the "Fast", + "Stable", and "HSDir" flags just because they were going to vote + against "Running": if the consensus turns out to be that the + router was running, then the authority's vote should count. + Patch from Peter Retzlaff; closes issue 8712.
\ No newline at end of file diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c index 599a1ca9b7..1606d02c48 100644 --- a/src/common/crypto_ed25519.c +++ b/src/common/crypto_ed25519.c @@ -381,10 +381,13 @@ ed25519_seckey_read_from_file(ed25519_secret_key_t *seckey_out, len = crypto_read_tagged_contents_from_file(filename, "ed25519v1-secret", tag_out, seckey_out->seckey, sizeof(seckey_out->seckey)); - if (len != sizeof(seckey_out->seckey)) - return -1; + if (len == sizeof(seckey_out->seckey)) { + return 0; + } else if (len >= 0) { + errno = EINVAL; + } - return 0; + return -1; } /** @@ -417,10 +420,13 @@ ed25519_pubkey_read_from_file(ed25519_public_key_t *pubkey_out, len = crypto_read_tagged_contents_from_file(filename, "ed25519v1-public", tag_out, pubkey_out->pubkey, sizeof(pubkey_out->pubkey)); - if (len != sizeof(pubkey_out->pubkey)) - return -1; + if (len == sizeof(pubkey_out->pubkey)) { + return 0; + } else if (len >= 0) { + errno = EINVAL; + } - return 0; + return -1; } /** Release all storage held for <b>kp</b>. */ diff --git a/src/common/util.c b/src/common/util.c index a140057dea..1849613512 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1997,8 +1997,10 @@ read_all(tor_socket_t fd, char *buf, size_t count, int isSocket) size_t numread = 0; ssize_t result; - if (count > SIZE_T_CEILING || count > SSIZE_MAX) + if (count > SIZE_T_CEILING || count > SSIZE_MAX) { + errno = EINVAL; return -1; + } while (numread != count) { if (isSocket) @@ -2558,8 +2560,10 @@ read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out) char *string = NULL; size_t string_max = 0; - if (max_bytes_to_read+1 >= SIZE_T_CEILING) + if (max_bytes_to_read+1 >= SIZE_T_CEILING) { + errno = EINVAL; return NULL; + } do { /* XXXX This "add 1K" approach is a little goofy; if we care about @@ -2655,6 +2659,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out) if ((uint64_t)(statbuf.st_size)+1 >= SIZE_T_CEILING) { close(fd); + errno = EINVAL; return NULL; } diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 572a4f3ed8..05e67361b8 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1128,7 +1128,7 @@ circuit_build_needed_circs(time_t now) /* make sure any hidden services have enough intro points * HS intro point streams only require an internal circuit */ if (router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN) - rend_services_introduce(); + rend_consider_services_intro_points(); circuit_expire_old_circs_as_needed(now); diff --git a/src/or/dirserv.c b/src/or/dirserv.c index ed38ba2259..71be626fff 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1372,8 +1372,7 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router, return (router->wants_to_be_hs_dir && router->dir_port && node->is_stable && - uptime >= get_options()->MinUptimeHidServDirectoryV2 && - router_is_active(router, node, now)); + uptime >= get_options()->MinUptimeHidServDirectoryV2); } /** Don't consider routers with less bandwidth than this when computing @@ -2143,10 +2142,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, /* Already set by compute_performance_thresholds. */ rs->is_exit = node->is_exit; rs->is_stable = node->is_stable = - router_is_active(ri, node, now) && !dirserv_thinks_router_is_unreliable(now, ri, 1, 0); rs->is_fast = node->is_fast = - router_is_active(ri, node, now) && !dirserv_thinks_router_is_unreliable(now, ri, 0, 1); rs->is_flagged_running = node->is_running; /* computed above */ diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index 411a87c004..22599e9830 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -787,7 +787,7 @@ rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, break; case RELAY_COMMAND_INTRODUCE2: if (origin_circ) - r = rend_service_introduce(origin_circ,payload,length); + r = rend_service_receive_introduction(origin_circ,payload,length); break; case RELAY_COMMAND_INTRODUCE_ACK: if (origin_circ) diff --git a/src/or/rendservice.c b/src/or/rendservice.c index f4fb860078..74e8a8d5ec 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1437,8 +1437,9 @@ rend_check_authorization(rend_service_t *service, * rendezvous point. */ int -rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, - size_t request_len) +rend_service_receive_introduction(origin_circuit_t *circuit, + const uint8_t *request, + size_t request_len) { /* Global status stuff */ int status = 0, result; @@ -1537,17 +1538,6 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, tor_free(err_msg); } - stage_descr = "early validation"; - /* Early validation of pk/ciphertext part */ - result = rend_service_validate_intro_early(parsed_req, &err_msg); - if (result < 0) { - goto log_error; - } else if (err_msg) { - log_info(LD_REND, "%s on circ %u.", err_msg, - (unsigned)circuit->base_.n_circ_id); - tor_free(err_msg); - } - /* make sure service replay caches are present */ if (!service->accepted_intro_dh_parts) { service->accepted_intro_dh_parts = @@ -2514,37 +2504,6 @@ rend_service_parse_intro_plaintext( return status; } -/** Do validity checks on a parsed intro cell before decryption; some of - * these are not done in rend_service_begin_parse_intro() itself because - * they depend on a lot of other state and would make it hard to unit test. - * Returns >= 0 if successful or < 0 if the intro cell is invalid, and - * optionally writes out an error message for logging. If an err_msg - * pointer is provided, it is the caller's responsibility to free any - * provided message. - */ - -int -rend_service_validate_intro_early(const rend_intro_cell_t *intro, - char **err_msg_out) -{ - int status = 0; - - if (!intro) { - if (err_msg_out) - *err_msg_out = - tor_strdup("NULL intro cell passed to " - "rend_service_validate_intro_early()"); - - status = -1; - goto err; - } - - /* TODO */ - - err: - return status; -} - /** Do validity checks on a parsed intro cell after decryption; some of * these are not done in rend_service_parse_intro_plaintext() itself because * they depend on a lot of other state and would make it hard to unit test. @@ -3523,7 +3482,7 @@ rend_service_desc_has_uploaded(const rend_data_t *rend_data) * This is called once a second by the main loop. */ void -rend_services_introduce(void) +rend_consider_services_intro_points(void) { int i; time_t now; diff --git a/src/or/rendservice.h b/src/or/rendservice.h index 35a0bb25e6..a16a99cf88 100644 --- a/src/or/rendservice.h +++ b/src/or/rendservice.h @@ -70,7 +70,7 @@ int rend_config_services(const or_options_t *options, int validate_only); int rend_service_load_all_keys(void); void rend_services_add_filenames_to_lists(smartlist_t *open_lst, smartlist_t *stat_lst); -void rend_services_introduce(void); +void rend_consider_services_intro_points(void); void rend_consider_services_upload(time_t now); void rend_hsdir_routers_changed(void); void rend_consider_descriptor_republication(void); @@ -80,8 +80,9 @@ int rend_service_intro_established(origin_circuit_t *circuit, const uint8_t *request, size_t request_len); void rend_service_rendezvous_has_opened(origin_circuit_t *circuit); -int rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, - size_t request_len); +int rend_service_receive_introduction(origin_circuit_t *circuit, + const uint8_t *request, + size_t request_len); int rend_service_decrypt_intro(rend_intro_cell_t *request, crypto_pk_t *key, char **err_msg_out); @@ -92,8 +93,6 @@ rend_intro_cell_t * rend_service_begin_parse_intro(const uint8_t *request, char **err_msg_out); int rend_service_parse_intro_plaintext(rend_intro_cell_t *intro, char **err_msg_out); -int rend_service_validate_intro_early(const rend_intro_cell_t *intro, - char **err_msg_out); int rend_service_validate_intro_late(const rend_intro_cell_t *intro, char **err_msg_out); void rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc); diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index d38b5a3ba3..955cb9ce23 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -34,14 +34,18 @@ read_encrypted_secret_key(ed25519_secret_key_t *out, r = 0; goto done; } - if (strcmp(tag, ENC_KEY_TAG)) + if (strcmp(tag, ENC_KEY_TAG)) { + saved_errno = EINVAL; goto done; + } while (1) { ssize_t pwlen = tor_getpass("Enter pasphrase for master key:", pwbuf, sizeof(pwbuf)); - if (pwlen < 0) + if (pwlen < 0) { + saved_errno = EINVAL; goto done; + } const int r = crypto_unpwbox(&secret, &secret_len, encrypted_key, encrypted_len, @@ -194,6 +198,10 @@ ed_key_init_from_file(const char *fname, uint32_t flags, const int norepair = !! (flags & INIT_ED_KEY_NO_REPAIR); const int split = !! (flags & INIT_ED_KEY_SPLIT); + /* we don't support setting both of these flags at once. */ + tor_assert((flags & (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)) != + (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)); + char tag[8]; tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type); |