April 2015 - tor-commits - lists.torproject.org

[tor/master] Bridges are always dirs
by nickm＠torproject.org 01 Apr '15

01 Apr '15

commit 86002a83d37287308543adfe44f3d5f2f4bdd3a5 Author: Sebastian Hahn <sebastian(a)torproject.org> Date: Wed Apr 1 21:07:46 2015 +0200 Bridges are always dirs This check was accidentally deleted in 05f7336624d6a47b3cf0fe82. --- src/or/entrynodes.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index a9a92e2..9663f34 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -398,6 +398,9 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend, entry->can_retry = 1; } entry->is_dir_cache = node_is_dir(node); + if (get_options()->UseBridges && node_is_a_configured_bridge(node)) + entry->is_dir_cache = 1; + return NULL; } } else if (!for_directory) {

1 0

[tor/master] mark dirinfo_type as unused in populate_live_entry_guards
by nickm＠torproject.org 01 Apr '15

01 Apr '15

commit 081b0c0f770a05b4a6a60c23cd9f275f799a8742 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Apr 1 14:20:01 2015 -0400 mark dirinfo_type as unused in populate_live_entry_guards --- src/or/entrynodes.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index aec47bf..a9a92e2 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1023,6 +1023,8 @@ populate_live_entry_guards(smartlist_t *live_entry_guards, int retval = 0; entry_is_live_flags_t entry_flags = 0; + (void) dirinfo_type; + { /* Set the flags we want our entry node to have */ if (need_uptime) { entry_flags |= ENTRY_NEED_UPTIME;

1 0

[tor/master] Stop checking for torrc state files generated by very old Tor versions
by nickm＠torproject.org 01 Apr '15

01 Apr '15

commit 0f31080d63d74c25ef9ae8f2df786a1bf115b187 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Mar 24 09:10:24 2015 -0400 Stop checking for torrc state files generated by very old Tor versions These haven't worked in so long that if you had a state file of this kind, the guards in it would be so old that you wouldn't use them anyway. --- changes/remove_old_version_checks | 3 +++ src/or/entrynodes.c | 16 ---------------- 2 files changed, 3 insertions(+), 16 deletions(-) diff --git a/changes/remove_old_version_checks b/changes/remove_old_version_checks new file mode 100644 index 0000000..28cd48d --- /dev/null +++ b/changes/remove_old_version_checks @@ -0,0 +1,3 @@ + o Removed features: + - Tor no longer contains workarounds for stat files generated by + super-old versions of Tor that didn't choose guards sensibly. diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 30108b6..c21caf4 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -571,22 +571,6 @@ remove_obsolete_entry_guards(time_t now) } else if (tor_version_parse(ver, &v)) { msg = "does not seem to be from any recognized version of Tor"; version_is_bad = 1; - } else { - char *tor_ver = NULL; - tor_asprintf(&tor_ver, "Tor %s", ver); - if ((tor_version_as_new_as(tor_ver, "0.1.0.10-alpha") && - !tor_version_as_new_as(tor_ver, "0.1.2.16-dev")) || - (tor_version_as_new_as(tor_ver, "0.2.0.0-alpha") && - !tor_version_as_new_as(tor_ver, "0.2.0.6-alpha")) || - /* above are bug 440; below are bug 1217 */ - (tor_version_as_new_as(tor_ver, "0.2.1.3-alpha") && - !tor_version_as_new_as(tor_ver, "0.2.1.23")) || - (tor_version_as_new_as(tor_ver, "0.2.2.0-alpha") && - !tor_version_as_new_as(tor_ver, "0.2.2.7-alpha"))) { - msg = "was selected without regard for guard bandwidth"; - version_is_bad = 1; - } - tor_free(tor_ver); } if (!version_is_bad && entry->chosen_on_date + guard_lifetime < now) { /* It's been too long since the date listed in our state file. */

1 0

[tor/master] Remove version checks for microdescriptor support
by nickm＠torproject.org 01 Apr '15

01 Apr '15

commit 05f7336624d6a47b3cf0fe827097cd526a130873 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Mar 24 09:18:03 2015 -0400 Remove version checks for microdescriptor support At this point, relays without microdescriptor support are no longer allowed on the Tor network. --- changes/remove_old_version_checks | 2 ++ src/or/entrynodes.c | 53 ++++--------------------------------- src/or/or.h | 3 --- src/or/routerlist.c | 3 --- src/or/routerparse.c | 11 -------- src/or/routerparse.h | 1 - 6 files changed, 7 insertions(+), 66 deletions(-) diff --git a/changes/remove_old_version_checks b/changes/remove_old_version_checks index 28cd48d..fe4dab9 100644 --- a/changes/remove_old_version_checks +++ b/changes/remove_old_version_checks @@ -1,3 +1,5 @@ o Removed features: - Tor no longer contains workarounds for stat files generated by super-old versions of Tor that didn't choose guards sensibly. + - Tor no longer contains checks for ancient directory cache versions + that didn't know about microdescriptors. diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index c21caf4..aec47bf 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -141,8 +141,7 @@ entry_guard_set_status(entry_guard_t *e, const node_t *node, } if (node) { - int is_dir = node_is_dir(node) && node->rs && - node->rs->version_supports_microdesc_cache; + int is_dir = node_is_dir(node); if (options->UseBridges && node_is_a_configured_bridge(node)) is_dir = 1; if (e->is_dir_cache != is_dir) { @@ -398,10 +397,7 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend, entry->bad_since = 0; entry->can_retry = 1; } - entry->is_dir_cache = node->rs && - node->rs->version_supports_microdesc_cache; - if (get_options()->UseBridges && node_is_a_configured_bridge(node)) - entry->is_dir_cache = 1; + entry->is_dir_cache = node_is_dir(node); return NULL; } } else if (!for_directory) { @@ -432,8 +428,7 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend, node_describe(node)); strlcpy(entry->nickname, node_get_nickname(node), sizeof(entry->nickname)); memcpy(entry->identity, node->identity, DIGEST_LEN); - entry->is_dir_cache = node_is_dir(node) && node->rs && - node->rs->version_supports_microdesc_cache; + entry->is_dir_cache = node_is_dir(node); if (get_options()->UseBridges && node_is_a_configured_bridge(node)) entry->is_dir_cache = 1; @@ -973,39 +968,6 @@ entry_list_is_constrained(const or_options_t *options) return 0; } -/** Return true iff this node can answer directory questions about - * microdescriptors. */ -static int -node_understands_microdescriptors(const node_t *node) -{ - tor_assert(node); - if (node->rs && node->rs->version_supports_microdesc_cache) - return 1; - if (node->ri && tor_version_supports_microdescriptors(node->ri->platform)) - return 1; - return 0; -} - -/** Return true iff node is able to answer directory questions - * of type dirinfo. Always returns true if dirinfo is - * NO_DIRINFO (zero). */ -static int -node_can_handle_dirinfo(const node_t *node, dirinfo_type_t dirinfo) -{ - /* Checking dirinfo for any type other than microdescriptors isn't required - yet, since we only choose directory guards that can support microdescs, - routerinfos, and networkstatuses, AND we don't use directory guards if - we're configured to do direct downloads of anything else. The only case - where we might have a guard that doesn't know about a type of directory - information is when we're retrieving directory information from a - bridge. */ - - if ((dirinfo & MICRODESC_DIRINFO) && - !node_understands_microdescriptors(node)) - return 0; - return 1; -} - /** Pick a live (up and listed) entry guard from entry_guards. If * state is non-NULL, this is for a specific circuit -- * make sure not to pick this circuit's exit or any node in the @@ -1092,9 +1054,6 @@ populate_live_entry_guards(smartlist_t *live_entry_guards, continue; /* don't pick the same node for entry and exit */ if (smartlist_contains(exit_family, node)) continue; /* avoid relays that are family members of our exit */ - if (dirinfo_type != NO_DIRINFO && - !node_can_handle_dirinfo(node, dirinfo_type)) - continue; /* this node won't be able to answer our dir questions */ smartlist_add(live_entry_guards, (void*)node); if (!entry->made_contact) { /* Always start with the first not-yet-contacted entry @@ -2468,11 +2427,9 @@ any_bridge_supports_microdescriptors(void) SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, e) { node = node_get_by_id(e->identity); if (node && node->is_running && - node_is_bridge(node) && node_is_a_configured_bridge(node) && - node_understands_microdescriptors(node)) { + node_is_bridge(node) && node_is_a_configured_bridge(node)) { /* This is one of our current bridges, and we know enough about - * it to know that it will be able to answer our microdescriptor - * questions. */ + * it to know that it will be able to answer our questions. */ return 1; } } SMARTLIST_FOREACH_END(e); diff --git a/src/or/or.h b/src/or/or.h index f75e776..66692b2 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2131,9 +2131,6 @@ typedef struct routerstatus_t { * if the number of traits we care about ever becomes incredibly big. */ unsigned int version_known:1; - /** True iff this router is a version that, if it caches directory info, - * we can get microdescriptors from. */ - unsigned int version_supports_microdesc_cache:1; /** True iff this router has a version that allows it to accept EXTEND2 * cells */ unsigned int version_supports_extend2_cells:1; diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 98c3bb1..fd09679 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1498,9 +1498,6 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, if ((type & EXTRAINFO_DIRINFO) && !router_supports_extrainfo(node->identity, is_trusted_extrainfo)) continue; - if ((type & MICRODESC_DIRINFO) && !is_trusted && - !node->rs->version_supports_microdesc_cache) - continue; if (for_guard && node->using_as_guard) continue; /* Don't make the same node a guard twice. */ if (try_excluding && diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 5a9626f..6a47747 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -2015,10 +2015,7 @@ routerstatus_parse_entry_from_string(memarea_t *area, tor_assert(tok->n_args == 1); rs->version_known = 1; if (strcmpstart(tok->args[0], "Tor ")) { - rs->version_supports_microdesc_cache = 1; } else { - rs->version_supports_microdesc_cache = - tor_version_supports_microdescriptors(tok->args[0]); rs->version_supports_extend2_cells = tor_version_as_new_as(tok->args[0], "0.2.4.8-alpha"); } @@ -4263,14 +4260,6 @@ microdescs_parse_from_string(const char *s, const char *eos, return result; } -/** Return true iff this Tor version can answer directory questions - * about microdescriptors. */ -int -tor_version_supports_microdescriptors(const char *platform) -{ - return tor_version_as_new_as(platform, "0.2.3.1-alpha"); -} - /** Parse the Tor version of the platform string platform, * and compare it to the version in cutoff. Return 1 if * the router is at least as new as the cutoff, else return 0. diff --git a/src/or/routerparse.h b/src/or/routerparse.h index fc21cb1..e294d95 100644 --- a/src/or/routerparse.h +++ b/src/or/routerparse.h @@ -44,7 +44,6 @@ MOCK_DECL(addr_policy_t *, router_parse_addr_policy_item_from_string, (const char *s, int assume_action)); version_status_t tor_version_is_obsolete(const char *myversion, const char *versionlist); -int tor_version_supports_microdescriptors(const char *platform); int tor_version_as_new_as(const char *platform, const char *cutoff); int tor_version_parse(const char *s, tor_version_t *out); int tor_version_compare(tor_version_t *a, tor_version_t *b);

1 0

[tor/master] Merge remote-tracking branch 'public/remove_old_version_checks'
by nickm＠torproject.org 01 Apr '15

01 Apr '15

commit 05fbbfe472657ca93bd473056e662850e01af6f1 Merge: d366c33 05f7336 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Apr 1 14:02:02 2015 -0400 Merge remote-tracking branch 'public/remove_old_version_checks' changes/remove_old_version_checks | 5 +++ src/or/entrynodes.c | 69 +++---------------------------------- src/or/or.h | 3 -- src/or/routerlist.c | 3 -- src/or/routerparse.c | 11 ------ src/or/routerparse.h | 1 - 6 files changed, 10 insertions(+), 82 deletions(-)

1 0

[tor/master] Remove now-needless AC_PATH_PROG checks from configure.ac
by nickm＠torproject.org 01 Apr '15

01 Apr '15

commit ad3c2f1c921d810f3835aaf6a36be9ccf5b05784 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Apr 1 13:44:35 2015 -0400 Remove now-needless AC_PATH_PROG checks from configure.ac --- configure.ac | 3 --- 1 file changed, 3 deletions(-) diff --git a/configure.ac b/configure.ac index 610a431..2c9c7a3 100644 --- a/configure.ac +++ b/configure.ac @@ -283,9 +283,6 @@ if test "$tor_cv_c_c99_designated_init" != "yes"; then AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x]) fi -AC_PATH_PROG([SHA1SUM], [sha1sum], none) -AC_PATH_PROG([OPENSSL], [openssl], none) - TORUSER=_tor AC_ARG_WITH(tor-user, AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]),

1 0

[tor/master] Drop support for --digests
by nickm＠torproject.org 01 Apr '15

01 Apr '15

commit c66dd179800416d8bcc1aa4a9abdcf1861a7c6c6 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Apr 1 09:54:20 2015 -0400 Drop support for --digests This is a fair amount of maintainance burden, and doesn't help much more than the git microversion. Closes ticket 14742. --- .gitignore | 2 -- changes/no_digests | 5 +++++ src/common/include.am | 15 --------------- src/common/util.h | 2 -- src/common/util_codedigest.c | 13 ------------- src/or/config.c | 8 -------- src/or/config.h | 1 - src/or/config_codedigest.c | 13 ------------- src/or/include.am | 19 ++----------------- 9 files changed, 7 insertions(+), 71 deletions(-) diff --git a/.gitignore b/.gitignore index 02ef256..912b06e 100644 --- a/.gitignore +++ b/.gitignore @@ -121,7 +121,6 @@ cscope.* # /src/common/ /src/common/Makefile /src/common/Makefile.in -/src/common/common_sha1.i /src/common/libor.a /src/common/libor-testing.a /src/common/libor.lib @@ -149,7 +148,6 @@ cscope.* # /src/or/ /src/or/Makefile /src/or/Makefile.in -/src/or/or_sha1.i /src/or/tor /src/or/tor.exe /src/or/tor-cov diff --git a/changes/no_digests b/changes/no_digests new file mode 100644 index 0000000..1327ac3 --- /dev/null +++ b/changes/no_digests @@ -0,0 +1,5 @@ + o Removed features: + - Remove the undocumented "--digests" command-line option. It + complicated our build process, caused subtle build issues + on multiple platforms, and is now redundant since we started + including git version identifiers. Closes ticket 14742. diff --git a/src/common/include.am b/src/common/include.am index 00e0055..b782310 100644 --- a/src/common/include.am +++ b/src/common/include.am @@ -61,7 +61,6 @@ LIBOR_A_SOURCES = \ src/common/log.c \ src/common/memarea.c \ src/common/util.c \ - src/common/util_codedigest.c \ src/common/util_process.c \ src/common/sandbox.c \ src/common/workqueue.c \ @@ -133,17 +132,3 @@ COMMONHEADERS = \ noinst_HEADERS+= $(COMMONHEADERS) -CLEANFILES+= src/common/common_sha1.i - -src/common/common_sha1.i: $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(COMMONHEADERS) - $(AM_V_GEN)if test "@SHA1SUM@" != none; then \ - (cd "$(srcdir)" && "@SHA1SUM@" $(src_common_libor_SOURCES) $(src_common_libor_crypto_a_SOURCES) $(COMMONHEADERS)) | "@SED@" -n 's/^$.*$$$/"\1\\n"/p' > $@; \ - elif test "@OPENSSL@" != none; then \ - (cd "$(srcdir)" && "@OPENSSL@" sha1 $(src_common_libor_SOURCES) $(src_Common_libor_crypto_a_SOURCES) $(COMMONHEADERS)) | "@SED@" -n 's/SHA1($.*$)= $.*$/"\2 \1\\n"/p' > $@; \ - else \ - rm $@; \ - touch $@; \ - fi - -src/common/util_codedigest.o: src/common/common_sha1.i - diff --git a/src/common/util.h b/src/common/util.h index 3584a87..2749e46 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -570,8 +570,6 @@ STATIC int format_helper_exit_status(unsigned char child_state, #endif -const char *libor_get_digests(void); - #define ARRAY_LENGTH(x) ((sizeof(x)) / sizeof(x[0])) #endif diff --git a/src/common/util_codedigest.c b/src/common/util_codedigest.c deleted file mode 100644 index 7384f7d..0000000 --- a/src/common/util_codedigest.c +++ /dev/null @@ -1,13 +0,0 @@ - -#include "util.h" - -/** Return a string describing the digest of the source files in src/common/ - */ -const char * -libor_get_digests(void) -{ - return "" -#include "common_sha1.i" - ; -} - diff --git a/src/or/config.c b/src/or/config.c index 68157a1..f6c32d6 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1909,7 +1909,6 @@ static const struct { { "-h", 0 }, { "--help", 0 }, { "--list-torrc-options", 0 }, - { "--digests", 0 }, { "--nt-service", 0 }, { "-nt-service", 0 }, { NULL, 0 }, @@ -4386,13 +4385,6 @@ options_init_from_torrc(int argc, char **argv) exit(0); } - if (config_line_find(cmdline_only_options, "--digests")) { - printf("Tor version %s.\n",get_version()); - printf("%s", libor_get_digests()); - printf("%s", tor_get_digests()); - exit(0); - } - if (config_line_find(cmdline_only_options, "--library-versions")) { printf("Tor version %s. \n", get_version()); printf("Library versions\tCompiled\t\tRuntime\n"); diff --git a/src/or/config.h b/src/or/config.h index b064f05..b0b23bc 100644 --- a/src/or/config.h +++ b/src/or/config.h @@ -91,7 +91,6 @@ int getinfo_helper_config(control_connection_t *conn, const char *question, char **answer, const char **errmsg); -const char *tor_get_digests(void); uint32_t get_effective_bwrate(const or_options_t *options); uint32_t get_effective_bwburst(const or_options_t *options); diff --git a/src/or/config_codedigest.c b/src/or/config_codedigest.c deleted file mode 100644 index 86d14ba..0000000 --- a/src/or/config_codedigest.c +++ /dev/null @@ -1,13 +0,0 @@ - -const char *tor_get_digests(void); - -/** Return a string describing the digest of the source files in src/or/ - */ -const char * -tor_get_digests(void) -{ - return "" -#include "or_sha1.i" - ; -} - diff --git a/src/or/include.am b/src/or/include.am index c7f22ab..e315cae 100644 --- a/src/or/include.am +++ b/src/or/include.am @@ -79,8 +79,7 @@ LIBTOR_A_SOURCES = \ src/or/status.c \ src/or/onion_ntor.c \ $(evdns_source) \ - $(tor_platform_source) \ - src/or/config_codedigest.c + $(tor_platform_source) src_or_libtor_a_SOURCES = $(LIBTOR_A_SOURCES) src_or_libtor_testing_a_SOURCES = $(LIBTOR_A_SOURCES) @@ -190,8 +189,6 @@ ORHEADERS = \ noinst_HEADERS+= $(ORHEADERS) micro-revision.i -src/or/config_codedigest.o: src/or/or_sha1.i - micro-revision.i: FORCE $(AM_V_GEN)rm -f micro-revision.tmp; \ if test -d "$(top_srcdir)/.git" && \ @@ -210,18 +207,6 @@ micro-revision.i: FORCE rm -f micro-revision.tmp; \ true -src/or/or_sha1.i: $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS) - $(AM_V_GEN)if test "@SHA1SUM@" != none; then \ - (cd "$(srcdir)" && "@SHA1SUM@" $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS) ) | \ - "@SED@" -n 's/^$.*$$$/"\1\\n"/p' > src/or/or_sha1.i; \ - elif test "@OPENSSL@" != none; then \ - (cd "$(srcdir)" && "@OPENSSL@" sha1 $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS)) | \ - "@SED@" -n 's/SHA1($.*$)= $.*$/"\2 \1\\n"/p' > src/or/or_sha1.i; \ - else \ - rm src/or/or_sha1.i; \ - touch src/or/or_sha1.i; \ - fi - -CLEANFILES+= src/or/or_sha1.i micro-revision.i src/or/micro-revision.i micro-revision.tmp +CLEANFILES+= micro-revision.i src/or/micro-revision.i micro-revision.tmp FORCE:

1 0

[tor/master] Merge branch 'remove_digests'
by nickm＠torproject.org 01 Apr '15

01 Apr '15

commit d366c3354f4d10d2a71e837e01d6722c40854b5b Merge: cd8f13b ad3c2f1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Apr 1 13:53:03 2015 -0400 Merge branch 'remove_digests' .gitignore | 2 -- changes/no_digests | 5 +++++ configure.ac | 3 --- src/common/include.am | 15 --------------- src/common/util.h | 2 -- src/common/util_codedigest.c | 13 ------------- src/or/config.c | 8 -------- src/or/config.h | 1 - src/or/config_codedigest.c | 13 ------------- src/or/include.am | 19 ++----------------- 10 files changed, 7 insertions(+), 74 deletions(-)

1 0

[tor/master] Remove needless call to crypto_set_tls_dh_prime()
by nickm＠torproject.org 01 Apr '15

01 Apr '15

commit 8ba2d971b1afc4c1557b080cfe1d9842d4c431cc Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Apr 1 13:37:44 2015 -0400 Remove needless call to crypto_set_tls_dh_prime() --- src/or/config.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index a29cbce..95e145c 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1499,9 +1499,6 @@ options_act(const or_options_t *old_options) finish_daemon(options->DataDirectory); } - /* Probably not needed any longer XXXX */ - crypto_set_tls_dh_prime(); - /* We want to reinit keys as needed before we do much of anything else: keys are important, and other things can depend on them. */ if (transition_affects_workers ||

1 0

[tor/master] Remove DynamicDHGroups as obsoleted by PluggableTransports or P256.
by nickm＠torproject.org 01 Apr '15

01 Apr '15

commit 511ca9b91cec03f4ef6f23adccd5cdd47a245e5f Author: Nick Mathewson <nickm(a)torproject.org> Date: Sat Mar 14 12:40:55 2015 -0400 Remove DynamicDHGroups as obsoleted by PluggableTransports or P256. Closes ticket 13736. --- changes/bug13736 | 5 + src/common/crypto.c | 251 +-------------------------------------------- src/common/crypto.h | 4 +- src/or/config.c | 25 +---- src/or/or.h | 2 - src/test/testing_common.c | 2 +- 6 files changed, 14 insertions(+), 275 deletions(-) diff --git a/changes/bug13736 b/changes/bug13736 new file mode 100644 index 0000000..686d2f1 --- /dev/null +++ b/changes/bug13736 @@ -0,0 +1,5 @@ + o Removed features: + - Remove the (seldom-used) DynamicDHGroups feature. For + anti-fingerprinting we now recommend pluggable transports; for + forward-secrecy in TLS, we now use the P-256 group. + Closes ticket 13736. diff --git a/src/common/crypto.c b/src/common/crypto.c index 218c7be..55f816a 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1768,235 +1768,12 @@ static BIGNUM *dh_param_p_tls = NULL; /** Shared G parameter for our DH key exchanges. */ static BIGNUM *dh_param_g = NULL; -/** Generate and return a reasonable and safe DH parameter p. */ -static BIGNUM * -crypto_generate_dynamic_dh_modulus(void) -{ - BIGNUM *dynamic_dh_modulus; - DH *dh_parameters; - int r, dh_codes; - char *s; - - dynamic_dh_modulus = BN_new(); - tor_assert(dynamic_dh_modulus); - - dh_parameters = DH_new(); - tor_assert(dh_parameters); - - r = DH_generate_parameters_ex(dh_parameters, - DH_BYTES*8, DH_GENERATOR, NULL); - tor_assert(r == 0); - - r = DH_check(dh_parameters, &dh_codes); - tor_assert(r && !dh_codes); - - BN_copy(dynamic_dh_modulus, dh_parameters->p); - tor_assert(dynamic_dh_modulus); - - DH_free(dh_parameters); - - { /* log the dynamic DH modulus: */ - s = BN_bn2hex(dynamic_dh_modulus); - tor_assert(s); - log_info(LD_OR, "Dynamic DH modulus generated: [%s]", s); - OPENSSL_free(s); - } - - return dynamic_dh_modulus; -} - -/** Store our dynamic DH modulus (and its group parameters) to - fname for future use. */ -static int -crypto_store_dynamic_dh_modulus(const char *fname) -{ - int len, new_len; - DH *dh = NULL; - unsigned char *dh_string_repr = NULL; - char *base64_encoded_dh = NULL; - char *file_string = NULL; - int retval = -1; - static const char file_header[] = "# This file contains stored Diffie-" - "Hellman parameters for future use.\n# You *do not* need to edit this " - "file.\n\n"; - - tor_assert(fname); - - if (!dh_param_p_tls) { - log_info(LD_CRYPTO, "Tried to store a DH modulus that does not exist."); - goto done; - } - - if (!(dh = DH_new())) - goto done; - if (!(dh->p = BN_dup(dh_param_p_tls))) - goto done; - if (!(dh->g = BN_new())) - goto done; - if (!BN_set_word(dh->g, DH_GENERATOR)) - goto done; - - len = i2d_DHparams(dh, &dh_string_repr); - if ((len < 0) || (dh_string_repr == NULL)) { - log_warn(LD_CRYPTO, "Error occured while DER encoding DH modulus (2)."); - goto done; - } - - base64_encoded_dh = tor_calloc(len, 2); /* should be enough */ - new_len = base64_encode(base64_encoded_dh, len * 2, - (char *)dh_string_repr, len); - if (new_len < 0) { - log_warn(LD_CRYPTO, "Error occured while base64-encoding DH modulus."); - goto done; - } - - /* concatenate file header and the dh parameters blob */ - new_len = tor_asprintf(&file_string, "%s%s", file_header, base64_encoded_dh); - - /* write to file */ - if (write_bytes_to_new_file(fname, file_string, new_len, 0) < 0) { - log_info(LD_CRYPTO, "'%s' was already occupied.", fname); - goto done; - } - - retval = 0; - - done: - if (dh) - DH_free(dh); - if (dh_string_repr) - OPENSSL_free(dh_string_repr); - tor_free(base64_encoded_dh); - tor_free(file_string); - - return retval; -} - -/** Return the dynamic DH modulus stored in fname. If there is no - dynamic DH modulus stored in fname, return NULL. */ -static BIGNUM * -crypto_get_stored_dynamic_dh_modulus(const char *fname) -{ - int retval; - char *contents = NULL; - const char *contents_tmp = NULL; - int dh_codes; - DH *stored_dh = NULL; - BIGNUM *dynamic_dh_modulus = NULL; - int length = 0; - unsigned char *base64_decoded_dh = NULL; - const unsigned char *cp = NULL; - - tor_assert(fname); - - contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL); - if (!contents) { - log_info(LD_CRYPTO, "Could not open file '%s'", fname); - goto done; /*usually means that ENOENT. don't try to move file to broken.*/ - } - - /* skip the file header */ - contents_tmp = eat_whitespace(contents); - if (!*contents_tmp) { - log_warn(LD_CRYPTO, "Stored dynamic DH modulus file " - "seems corrupted (eat_whitespace)."); - goto err; - } - - /* 'fname' contains the DH parameters stored in base64-ed DER - * format. We are only interested in the DH modulus. - * NOTE: We allocate more storage here than we need. Since we're already - * doing that, we can also add 1 byte extra to appease Coverity's - * scanner. */ - - cp = base64_decoded_dh = tor_malloc_zero(strlen(contents_tmp) + 1); - length = base64_decode((char *)base64_decoded_dh, strlen(contents_tmp), - contents_tmp, strlen(contents_tmp)); - if (length < 0) { - log_warn(LD_CRYPTO, "Stored dynamic DH modulus seems corrupted (base64)."); - goto err; - } - - stored_dh = d2i_DHparams(NULL, &cp, length); - if ((!stored_dh) || (cp - base64_decoded_dh != length)) { - log_warn(LD_CRYPTO, "Stored dynamic DH modulus seems corrupted (d2i)."); - goto err; - } - - { /* check the cryptographic qualities of the stored dynamic DH modulus: */ - retval = DH_check(stored_dh, &dh_codes); - if (!retval || dh_codes) { - log_warn(LD_CRYPTO, "Stored dynamic DH modulus is not a safe prime."); - goto err; - } - - retval = DH_size(stored_dh); - if (retval < DH_BYTES) { - log_warn(LD_CRYPTO, "Stored dynamic DH modulus is smaller " - "than '%d' bits.", DH_BYTES*8); - goto err; - } - - if (!BN_is_word(stored_dh->g, 2)) { - log_warn(LD_CRYPTO, "Stored dynamic DH parameters do not use '2' " - "as the group generator."); - goto err; - } - } - - { /* log the dynamic DH modulus: */ - char *s = BN_bn2hex(stored_dh->p); - tor_assert(s); - log_info(LD_OR, "Found stored dynamic DH modulus: [%s]", s); - OPENSSL_free(s); - } - - goto done; - - err: - - { - /* move broken prime to $filename.broken */ - char *fname_new=NULL; - tor_asprintf(&fname_new, "%s.broken", fname); - - log_warn(LD_CRYPTO, "Moving broken dynamic DH prime to '%s'.", fname_new); - - if (replace_file(fname, fname_new)) - log_notice(LD_CRYPTO, "Error while moving '%s' to '%s'.", - fname, fname_new); - - tor_free(fname_new); - } - - if (stored_dh) { - DH_free(stored_dh); - stored_dh = NULL; - } - - done: - tor_free(contents); - tor_free(base64_decoded_dh); - - if (stored_dh) { - dynamic_dh_modulus = BN_dup(stored_dh->p); - DH_free(stored_dh); - } - - return dynamic_dh_modulus; -} - -/** Set the global TLS Diffie-Hellman modulus. - * If dynamic_dh_modulus_fname is set, try to read a dynamic DH modulus - * off it and use it as the DH modulus. If that's not possible, - * generate a new dynamic DH modulus. - * If dynamic_dh_modulus_fname is NULL, use the Apache mod_ssl DH +/** Set the global TLS Diffie-Hellman modulus. Use the Apache mod_ssl DH * modulus. */ void -crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname) +crypto_set_tls_dh_prime(void) { BIGNUM *tls_prime = NULL; - int store_dh_prime_afterwards = 0; int r; /* If the space is occupied, free the previous TLS DH prime */ @@ -2005,18 +1782,7 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname) dh_param_p_tls = NULL; } - if (dynamic_dh_modulus_fname) { /* use dynamic DH modulus: */ - log_info(LD_OR, "Using stored dynamic DH modulus."); - tls_prime = crypto_get_stored_dynamic_dh_modulus(dynamic_dh_modulus_fname); - - if (!tls_prime) { - log_notice(LD_OR, "Generating fresh dynamic DH modulus. " - "This might take a while..."); - tls_prime = crypto_generate_dynamic_dh_modulus(); - - store_dh_prime_afterwards++; - } - } else { /* use the static DH prime modulus used by Apache in mod_ssl: */ + if (1) { tls_prime = BN_new(); tor_assert(tls_prime); @@ -2036,13 +1802,6 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname) tor_assert(tls_prime); dh_param_p_tls = tls_prime; - - if (store_dh_prime_afterwards) - /* save the new dynamic DH modulus to disk. */ - if (crypto_store_dynamic_dh_modulus(dynamic_dh_modulus_fname)) { - log_notice(LD_CRYPTO, "Failed while storing dynamic DH modulus. " - "Make sure your data directory is sane."); - } } /** Initialize dh_param_p and dh_param_g if they are not already @@ -2079,10 +1838,8 @@ init_dh_param(void) dh_param_p = circuit_dh_prime; dh_param_g = generator; - /* Ensure that we have TLS DH parameters set up, too, even if we're - going to change them soon. */ if (!dh_param_p_tls) { - crypto_set_tls_dh_prime(NULL); + crypto_set_tls_dh_prime(); } } diff --git a/src/common/crypto.h b/src/common/crypto.h index d305bc1..440ff23 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -122,8 +122,7 @@ int crypto_global_cleanup(void); crypto_pk_t *crypto_pk_new(void); void crypto_pk_free(crypto_pk_t *env); -void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname); - +void crypto_set_tls_dh_prime(void); crypto_cipher_t *crypto_cipher_new(const char *key); crypto_cipher_t *crypto_cipher_new_with_iv(const char *key, const char *iv); void crypto_cipher_free(crypto_cipher_t *env); @@ -297,4 +296,3 @@ struct dh_st *crypto_dh_get_dh_(crypto_dh_t *dh); void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in); #endif - diff --git a/src/or/config.c b/src/or/config.c index fca350c..a29cbce 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -225,7 +225,7 @@ static config_var_t option_vars_[] = { V(DisableDebuggerAttachment, BOOL, "1"), V(DisableIOCP, BOOL, "1"), OBSOLETE("DisableV2DirectoryInfo_"), - V(DynamicDHGroups, BOOL, "0"), + OBSOLETE("DynamicDHGroups"), VPORT(DNSPort, LINELIST, NULL), V(DNSListenAddress, LINELIST, NULL), V(DownloadExtraInfo, BOOL, "0"), @@ -1318,10 +1318,6 @@ options_transition_requires_fresh_tls_context(const or_options_t *old_options, if (!old_options) return 0; - if ((old_options->DynamicDHGroups != new_options->DynamicDHGroups)) { - return 1; - } - if (!opt_streq(old_options->TLSECGroup, new_options->TLSECGroup)) return 1; @@ -1503,23 +1499,8 @@ options_act(const or_options_t *old_options) finish_daemon(options->DataDirectory); } - /* If needed, generate a new TLS DH prime according to the current torrc. */ - if (server_mode(options) && options->DynamicDHGroups) { - char *keydir = get_datadir_fname("keys"); - if (check_private_dir(keydir, CPD_CREATE, options->User)) { - tor_free(keydir); - return -1; - } - tor_free(keydir); - - if (!old_options || !old_options->DynamicDHGroups) { - char *fname = get_datadir_fname2("keys", "dynamic_dh_params"); - crypto_set_tls_dh_prime(fname); - tor_free(fname); - } - } else { /* clients don't need a dynamic DH prime. */ - crypto_set_tls_dh_prime(NULL); - } + /* Probably not needed any longer XXXX */ + crypto_set_tls_dh_prime(); /* We want to reinit keys as needed before we do much of anything else: keys are important, and other things can depend on them. */ diff --git a/src/or/or.h b/src/or/or.h index 6723f93..612743e 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3384,8 +3384,6 @@ typedef struct { char *Address; /**< OR only: configured address for this onion router. */ char *PidFile; /**< Where to store PID of Tor process. */ - int DynamicDHGroups; /**< Dynamic generation of prime moduli for use in DH.*/ - routerset_t *ExitNodes; /**< Structure containing nicknames, digests, * country codes and IP address patterns of ORs to * consider as exits. */ diff --git a/src/test/testing_common.c b/src/test/testing_common.c index 403c83b..60be460 100644 --- a/src/test/testing_common.c +++ b/src/test/testing_common.c @@ -269,7 +269,7 @@ main(int c, const char **v) printf("Can't initialize crypto subsystem; exiting.\n"); return 1; } - crypto_set_tls_dh_prime(NULL); + crypto_set_tls_dh_prime(); crypto_seed_rng(1); rep_hist_init(); network_init();

1 0