June 2017 - tor-commits - lists.torproject.org

[tor/release-0.3.0] Merge branch 'maint-0.3.0' into release-0.3.0
by nickm＠torproject.org 06 Jun '17

06 Jun '17

commit 9390ec043b101b765b505cd920453de58a35a8f1 Merge: 2d26802 68c3df6 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 6 11:34:01 2017 -0400 Merge branch 'maint-0.3.0' into release-0.3.0 src/or/routerkeys.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-)

1 0

[tor/release-0.3.0] Repair the unit test behavior of my fix for 22508.
by nickm＠torproject.org 06 Jun '17

06 Jun '17

commit 68c3df69dec4b2b9b5276f7cc9f86ef4167fc705 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 6 11:32:01 2017 -0400 Repair the unit test behavior of my fix for 22508. Apparently, the unit tests relied on being able to make ed->x509 link certs even when they hadn't set any server flags in the options. So instead of making "client" mean "never generate an ed->x509 cert", we'll have it mean "it's okay not to generate an ed->x509 cert". (Going with a minimal fix here, since this is supposed to be a stable version.) --- src/or/routerkeys.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index f69c0f1..aa7aee4 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -997,12 +997,11 @@ generate_ed_link_cert(const or_options_t *options, time_t now, const tor_x509_cert_t *link_ = NULL, *id = NULL; tor_cert_t *link_cert = NULL; - if (!server_mode(options)) { - /* No need to make an Ed25519->Link cert: we are a client */ - return 0; - } - if (tor_tls_get_my_certs(1, &link_, &id) < 0 || link_ == NULL) { + if (!server_mode(options)) { + /* No need to make an Ed25519->Link cert: we are a client */ + return 0; + } log_warn(LD_OR, "Can't get my x509 link cert."); return -1; }

1 0

[metrics-web/master] Update news.
by karsten＠torproject.org 06 Jun '17

06 Jun '17

commit ccd28f5ef7f072167894f27147a3be6167fe13d0 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Tue Jun 6 16:47:03 2017 +0200 Update news. --- website/src/main/resources/etc/news.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/website/src/main/resources/etc/news.json b/website/src/main/resources/etc/news.json index ec6490d..ed1969b 100644 --- a/website/src/main/resources/etc/news.json +++ b/website/src/main/resources/etc/news.json @@ -107,7 +107,8 @@ "start": "2016-06-01", "place": "kz", "protocols": [ - "<OR>" + "<OR>", + "obfs4" ], "description": "Kazakhstan blocks vanilla Tor TLS. Users mostly switch to obfs4.", "links": [

1 0

[tor/release-0.3.0] Merge branch 'maint-0.3.0' into release-0.3.0
by nickm＠torproject.org 06 Jun '17

06 Jun '17

commit 2d26802524135a21df8494694005e759baa66a1e Merge: 624bccc 4ed0f0d Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 6 09:32:37 2017 -0400 Merge branch 'maint-0.3.0' into release-0.3.0 src/or/routerkeys.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)

1 0

[tor/master] Make generate_ed_link_cert() a no-op on clients.
by nickm＠torproject.org 06 Jun '17

06 Jun '17

commit 4ed0f0d62f760f83d9d87f37b88104b11c44fb6a Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 6 09:31:54 2017 -0400 Make generate_ed_link_cert() a no-op on clients. Fixes bug 22508; bug not in any released Tor. --- src/or/routerkeys.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 1eb44db..f69c0f1 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -988,7 +988,7 @@ load_ed_keys(const or_options_t *options, time_t now) * * Returns -1 upon error. Otherwise, returns 0 upon success (either when the * current certificate is still valid, or when a new certificate was - * successfully generated). + * successfully generated, or no certificate was needed). */ int generate_ed_link_cert(const or_options_t *options, time_t now, @@ -997,6 +997,11 @@ generate_ed_link_cert(const or_options_t *options, time_t now, const tor_x509_cert_t *link_ = NULL, *id = NULL; tor_cert_t *link_cert = NULL; + if (!server_mode(options)) { + /* No need to make an Ed25519->Link cert: we are a client */ + return 0; + } + if (tor_tls_get_my_certs(1, &link_, &id) < 0 || link_ == NULL) { log_warn(LD_OR, "Can't get my x509 link cert."); return -1;

1 0

[tor/release-0.3.0] Make generate_ed_link_cert() a no-op on clients.
by nickm＠torproject.org 06 Jun '17

06 Jun '17

commit 4ed0f0d62f760f83d9d87f37b88104b11c44fb6a Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 6 09:31:54 2017 -0400 Make generate_ed_link_cert() a no-op on clients. Fixes bug 22508; bug not in any released Tor. --- src/or/routerkeys.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 1eb44db..f69c0f1 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -988,7 +988,7 @@ load_ed_keys(const or_options_t *options, time_t now) * * Returns -1 upon error. Otherwise, returns 0 upon success (either when the * current certificate is still valid, or when a new certificate was - * successfully generated). + * successfully generated, or no certificate was needed). */ int generate_ed_link_cert(const or_options_t *options, time_t now, @@ -997,6 +997,11 @@ generate_ed_link_cert(const or_options_t *options, time_t now, const tor_x509_cert_t *link_ = NULL, *id = NULL; tor_cert_t *link_cert = NULL; + if (!server_mode(options)) { + /* No need to make an Ed25519->Link cert: we are a client */ + return 0; + } + if (tor_tls_get_my_certs(1, &link_, &id) < 0 || link_ == NULL) { log_warn(LD_OR, "Can't get my x509 link cert."); return -1;

1 0

[tor/master] Merge branch 'maint-0.3.0'
by nickm＠torproject.org 06 Jun '17

06 Jun '17

commit 14ffcc003d5e8fd383598e34183938fcec51a901 Merge: 5343d2b 4ed0f0d Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 6 09:32:45 2017 -0400 Merge branch 'maint-0.3.0' src/or/routerkeys.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)

1 0

[tor/maint-0.3.0] Make generate_ed_link_cert() a no-op on clients.
by nickm＠torproject.org 06 Jun '17

06 Jun '17

commit 4ed0f0d62f760f83d9d87f37b88104b11c44fb6a Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 6 09:31:54 2017 -0400 Make generate_ed_link_cert() a no-op on clients. Fixes bug 22508; bug not in any released Tor. --- src/or/routerkeys.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 1eb44db..f69c0f1 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -988,7 +988,7 @@ load_ed_keys(const or_options_t *options, time_t now) * * Returns -1 upon error. Otherwise, returns 0 upon success (either when the * current certificate is still valid, or when a new certificate was - * successfully generated). + * successfully generated, or no certificate was needed). */ int generate_ed_link_cert(const or_options_t *options, time_t now, @@ -997,6 +997,11 @@ generate_ed_link_cert(const or_options_t *options, time_t now, const tor_x509_cert_t *link_ = NULL, *id = NULL; tor_cert_t *link_cert = NULL; + if (!server_mode(options)) { + /* No need to make an Ed25519->Link cert: we are a client */ + return 0; + } + if (tor_tls_get_my_certs(1, &link_, &id) < 0 || link_ == NULL) { log_warn(LD_OR, "Can't get my x509 link cert."); return -1;

1 0

[metrics-lib/master] Fix encoding bug in RelayDirectoryImpl and NetworkStatusImpl.
by karsten＠torproject.org 06 Jun '17

06 Jun '17

commit fadcaa4b200e9a8af9c1f47c1458880d0245a9b6 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Mon May 29 14:35:40 2017 +0200 Fix encoding bug in RelayDirectoryImpl and NetworkStatusImpl. --- CHANGELOG.md | 4 ++++ src/main/java/org/torproject/descriptor/impl/NetworkStatusImpl.java | 4 +++- src/main/java/org/torproject/descriptor/impl/RelayDirectoryImpl.java | 4 +++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0cedcd1..143494e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,10 @@ - Move descriptor digest computation to DescriptorImpl. - Fix a bug in digest computation by making sure that the descriptor string actually contains the end token. + - Fix a bug where both RelayDirectoryImpl and all NetworkStatusImpl + subclasses fail to get indexes right if parts of raw descriptor + strings contain non-ASCII chars. In practice, this only affects + version 1 directories which were last archived in 2007. # Changes in version 1.7.0 - 2017-05-17 diff --git a/src/main/java/org/torproject/descriptor/impl/NetworkStatusImpl.java b/src/main/java/org/torproject/descriptor/impl/NetworkStatusImpl.java index f67c32a..93acf7b 100644 --- a/src/main/java/org/torproject/descriptor/impl/NetworkStatusImpl.java +++ b/src/main/java/org/torproject/descriptor/impl/NetworkStatusImpl.java @@ -8,6 +8,7 @@ import org.torproject.descriptor.DirSourceEntry; import org.torproject.descriptor.DirectorySignature; import org.torproject.descriptor.NetworkStatusEntry; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.List; import java.util.SortedMap; @@ -33,7 +34,8 @@ public abstract class NetworkStatusImpl extends DescriptorImpl { if (this.rawDescriptorBytes.length == 0) { throw new DescriptorParseException("Descriptor is empty."); } - String descriptorString = new String(rawDescriptorBytes); + String descriptorString = new String(rawDescriptorBytes, + StandardCharsets.US_ASCII); int firstRIndex = this.findFirstIndexOfKeyword(descriptorString, Key.R.keyword); int endIndex = descriptorString.length(); diff --git a/src/main/java/org/torproject/descriptor/impl/RelayDirectoryImpl.java b/src/main/java/org/torproject/descriptor/impl/RelayDirectoryImpl.java index 3c810e0..27887e6 100644 --- a/src/main/java/org/torproject/descriptor/impl/RelayDirectoryImpl.java +++ b/src/main/java/org/torproject/descriptor/impl/RelayDirectoryImpl.java @@ -8,6 +8,7 @@ import org.torproject.descriptor.RelayDirectory; import org.torproject.descriptor.RouterStatusEntry; import org.torproject.descriptor.ServerDescriptor; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.EnumSet; import java.util.List; @@ -56,7 +57,8 @@ public class RelayDirectoryImpl extends DescriptorImpl if (this.rawDescriptorBytes.length == 0) { throw new DescriptorParseException("Descriptor is empty."); } - String descriptorString = new String(rawDescriptorBytes); + String descriptorString = new String(rawDescriptorBytes, + StandardCharsets.US_ASCII); int startIndex = 0; int firstRouterIndex = this.findFirstIndexOfKeyword(descriptorString, Key.ROUTER.keyword);

1 0

[metrics-lib/master] Fix bug in digest computation.
by karsten＠torproject.org 06 Jun '17

06 Jun '17

commit 232ea426b50859fd5f981d312edf606c4380a682 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Mon May 29 14:25:11 2017 +0200 Fix bug in digest computation. --- CHANGELOG.md | 2 ++ .../org/torproject/descriptor/impl/DescriptorImpl.java | 16 ++++++++++++---- .../descriptor/impl/RelayNetworkStatusImplTest.java | 9 ++++++++- .../descriptor/impl/ServerDescriptorImplTest.java | 14 +++++++------- 4 files changed, 29 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 85c9be8..0cedcd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ - Fix a bug where Microdescriptor's getDigestSha256Base64() returns a hex string rather than a base64 string. - Move descriptor digest computation to DescriptorImpl. + - Fix a bug in digest computation by making sure that the + descriptor string actually contains the end token. # Changes in version 1.7.0 - 2017-05-17 diff --git a/src/main/java/org/torproject/descriptor/impl/DescriptorImpl.java b/src/main/java/org/torproject/descriptor/impl/DescriptorImpl.java index d5d28c8..8c9c315 100644 --- a/src/main/java/org/torproject/descriptor/impl/DescriptorImpl.java +++ b/src/main/java/org/torproject/descriptor/impl/DescriptorImpl.java @@ -371,8 +371,12 @@ public abstract class DescriptorImpl implements Descriptor { String ascii = new String(this.rawDescriptorBytes, StandardCharsets.US_ASCII); int start = ascii.indexOf(startToken); - int end = (null == endToken) ? ascii.length() - : (ascii.indexOf(endToken) + endToken.length()); + int end = -1; + if (null == endToken) { + end = ascii.length(); + } else if (ascii.contains(endToken)) { + end = ascii.indexOf(endToken) + endToken.length(); + } if (start >= 0 && end >= 0 && end > start) { byte[] forDigest = new byte[end - start]; System.arraycopy(this.rawDescriptorBytes, start, forDigest, 0, @@ -408,8 +412,12 @@ public abstract class DescriptorImpl implements Descriptor { String ascii = new String(this.rawDescriptorBytes, StandardCharsets.US_ASCII); int start = ascii.indexOf(startToken); - int end = (null == endToken) ? ascii.length() - : (ascii.indexOf(endToken) + endToken.length()); + int end = -1; + if (null == endToken) { + end = ascii.length(); + } else if (ascii.contains(endToken)) { + end = ascii.indexOf(endToken) + endToken.length(); + } if (start >= 0 && end >= 0 && end > start) { byte[] forDigest = new byte[end - start]; System.arraycopy(this.rawDescriptorBytes, start, forDigest, 0, diff --git a/src/test/java/org/torproject/descriptor/impl/RelayNetworkStatusImplTest.java b/src/test/java/org/torproject/descriptor/impl/RelayNetworkStatusImplTest.java index d550d26..cccc6f7 100644 --- a/src/test/java/org/torproject/descriptor/impl/RelayNetworkStatusImplTest.java +++ b/src/test/java/org/torproject/descriptor/impl/RelayNetworkStatusImplTest.java @@ -24,8 +24,15 @@ public class RelayNetworkStatusImplTest { + "c6JWYUWZSPpW1uyjyLPUI/ikyyH7zmtR4MfhSeNdt2zSakojYNaPAgMBAAE=\n" + "-----END RSA PUBLIC KEY-----\n"; + private static final String validFooter = "directory-signature dizum\n" + + "-----BEGIN SIGNATURE-----\n" + + "G62xrsrqpmJKSHP672o2Wv/5hdKmy+LoWwdQl/JvT7WN7VfdlfBpo5UgsxvIHGSF\n" + + "MGVROgjL1+EW4vezm5U0/Tz02CbCaw5Gs2hu4fviT0qKTV+QTP+l9a4SeY36a1qL\n" + + "TZiThjmOWg5C5ru2eOZKzst2wGW0WDPmsVRpWO7UMzs=\n" + + "-----END SIGNATURE-----\n"; + private static final String validStatus = - "@type network-status-2 1.0\n" + validHeader; + "@type network-status-2 1.0\n" + validHeader + validFooter; @Test(expected = DescriptorParseException.class) public void testParseBrokenHeader() throws DescriptorParseException { diff --git a/src/test/java/org/torproject/descriptor/impl/ServerDescriptorImplTest.java b/src/test/java/org/torproject/descriptor/impl/ServerDescriptorImplTest.java index 4a84764..6cfb024 100644 --- a/src/test/java/org/torproject/descriptor/impl/ServerDescriptorImplTest.java +++ b/src/test/java/org/torproject/descriptor/impl/ServerDescriptorImplTest.java @@ -1027,14 +1027,14 @@ public class ServerDescriptorImplTest { descriptor.getExitPolicyLines()); } - @Test() - public void testRouterSignatureOpt() - throws DescriptorParseException { - DescriptorBuilder.createWithRouterSignatureLines("opt " - + "router-signature\n" + @Test(expected = DescriptorParseException.class) + public void testEndSignatureFourDashes() throws DescriptorParseException { + DescriptorBuilder.createWithRouterSignatureLines("router-signature\n" + "-----BEGIN SIGNATURE-----\n" - + "crypto lines are ignored anyway\n" - + "-----END SIGNATURE-----"); + + "o4j+kH8UQfjBwepUnr99v0ebN8RpzHJ/lqYsTojXHy9kMr1RNI9IDeSzA7PSqT" + + "uV\n4PL8QsGtlfwthtIoZpB2srZeyN/mcpA9fa1JXUrt/UN9K/+32Cyaad7h0n" + + "HE6Xfb\njqpXDpnBpvk4zjmzjjKYnIsUWTnADmu0fo3xTRqXi7g=\n" + + "-----END SIGNATURE----"); } @Test(expected = DescriptorParseException.class)

1 0