June 2017 - tor-commits - lists.torproject.org

[tor/maint-0.2.9] Merge branch 'maint-0.2.6' into maint-0.2.7-redux
by nickm＠torproject.org 05 Jun '17

05 Jun '17

commit 3f2d1f7f0730a17b81d2fb94df9b6a5b8b277893 Merge: 71dd1d7 9ea3d08 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Jun 5 12:00:41 2017 -0400 Merge branch 'maint-0.2.6' into maint-0.2.7-redux changes/bug22490 | 3 +++ src/or/geoip.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-)

1 0

[tor/maint-0.2.9] Merge branch 'maint-0.2.5' into maint-0.2.6
by nickm＠torproject.org 05 Jun '17

05 Jun '17

commit 9ea3d0877a5be2762cfcb4d7c2015e5ec43a2055 Merge: 159ddf6 1a540b5 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Jun 5 12:00:27 2017 -0400 Merge branch 'maint-0.2.5' into maint-0.2.6 changes/bug22490 | 3 +++ src/or/geoip.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-)

1 0

[tor/release-0.3.0] Merge branch 'maint-0.3.0' into release-0.3.0
by nickm＠torproject.org 05 Jun '17

05 Jun '17

commit 10c33a6af248fa50b42b52fe81b98546a00f442c Merge: 2ab1de9 41ed9e9 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Jun 5 09:51:48 2017 -0400 Merge branch 'maint-0.3.0' into release-0.3.0 changes/bug22466_regenerate | 8 ++++++++ src/or/routerkeys.c | 15 ++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-)

1 0

[tor/master] Use tor_assert_nonfatal() to try to detect #22466
by nickm＠torproject.org 05 Jun '17

05 Jun '17

commit f2068ef8626302f7dce44bf206c4e83d4af7abba Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 1 09:42:32 2017 -0400 Use tor_assert_nonfatal() to try to detect #22466 --- changes/bug22466_diagnostic | 4 ++++ src/or/routerkeys.c | 4 ++++ src/or/torcert.c | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/changes/bug22466_diagnostic b/changes/bug22466_diagnostic new file mode 100644 index 0000000..0286c65 --- /dev/null +++ b/changes/bug22466_diagnostic @@ -0,0 +1,4 @@ + o Minor features (diagnostic): + - Add logging messages to try to diagnose a rare bug that seems + to generate RSA->Ed25519 cross-certificates dated in the 1970s. + Diagnostic for bug 22466. diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 6259e3f..e2053ef 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -685,6 +685,10 @@ load_ed_keys(const or_options_t *options, time_t now) tor_cert_t *sign_cert = NULL; tor_cert_t *auth_cert = NULL; + // It is later than 1972, since otherwise there would be no C compilers. + // (Try to diagnose #22466.) + tor_assert_nonfatal(now >= 2 * 365 * 86400); + #define FAIL(msg) do { \ log_warn(LD_OR, (msg)); \ goto err; \ diff --git a/src/or/torcert.c b/src/or/torcert.c index c58f3da..edc5200 100644 --- a/src/or/torcert.c +++ b/src/or/torcert.c @@ -302,6 +302,10 @@ tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key, time_t expires, uint8_t **cert) { + // It is later than 1985, since otherwise there would be no C89 + // compilers. (Try to diagnose #22466.) + tor_assert_nonfatal(expires >= 15 * 365 * 86400); + uint8_t *res; rsa_ed_crosscert_t *cc = rsa_ed_crosscert_new();

1 0

[tor/release-0.3.0] Regenerate RSA->ed25519 identity crosscertificate as needed
by nickm＠torproject.org 05 Jun '17

05 Jun '17

commit 41ed9e978b77080c027e50ed831370efbeeeac37 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 1 10:04:52 2017 -0400 Regenerate RSA->ed25519 identity crosscertificate as needed --- changes/bug22466_regenerate | 8 ++++++++ src/or/routerkeys.c | 15 ++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/changes/bug22466_regenerate b/changes/bug22466_regenerate new file mode 100644 index 0000000..8dbda89 --- /dev/null +++ b/changes/bug22466_regenerate @@ -0,0 +1,8 @@ + o Minor bugfixes (link handshake): + - Lower the lifetime of the RSA->Ed25519 cross-certificate to + six months, and regenerate it when it is within one month of expiring. + Previously, we had generated this certificate at startup with + a ten-year lifetime, but that could lead to weird behavior when + Tor was started with a grossly inaccurate clock. Mitigates + bug 22466; mitigation on 0.3.0.1-alpha. + diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 6259e3f..611ac91 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -668,6 +668,7 @@ static tor_cert_t *auth_key_cert = NULL; static uint8_t *rsa_ed_crosscert = NULL; static size_t rsa_ed_crosscert_len = 0; +static time_t rsa_ed_crosscert_expiration = 0; /** * Running as a server: load, reload, or refresh our ed25519 keys and @@ -699,8 +700,10 @@ load_ed_keys(const or_options_t *options, time_t now) tor_cert_free(cert); \ cert = (newval); \ } while (0) +#define HAPPENS_SOON(when, interval) \ + ((when) < now + (interval)) #define EXPIRES_SOON(cert, interval) \ - (!(cert) || (cert)->valid_until < now + (interval)) + (!(cert) || HAPPENS_SOON((cert)->valid_until, (interval))) /* XXXX support encrypted identity keys fully */ @@ -899,14 +902,19 @@ load_ed_keys(const or_options_t *options, time_t now) if (options->command == CMD_KEYGEN) goto end; - if (!rsa_ed_crosscert && server_mode(options)) { + if (server_mode(options) && + (!rsa_ed_crosscert || + HAPPENS_SOON(rsa_ed_crosscert_expiration, 30*86400))) { uint8_t *crosscert; + time_t expiration = now+6*30*86400; /* 6 months in the future. */ ssize_t crosscert_len = tor_make_rsa_ed25519_crosscert(&id->pubkey, get_server_identity_key(), - now+10*365*86400,/*XXXX*/ + expiration, &crosscert); + tor_free(rsa_ed_crosscert); rsa_ed_crosscert_len = crosscert_len; rsa_ed_crosscert = crosscert; + rsa_ed_crosscert_expiration = expiration; } if (!current_auth_key || @@ -1038,6 +1046,7 @@ should_make_new_ed_keys(const or_options_t *options, const time_t now) } #undef EXPIRES_SOON +#undef HAPPENS_SOON #ifdef TOR_UNIT_TESTS /* Helper for unit tests: populate the ed25519 keys without saving or

1 0

[tor/master] Merge branch 'bug22466_diagnostic_030'
by nickm＠torproject.org 05 Jun '17

05 Jun '17

commit 26d9fffae428a186e92ffa53053da76bea519fec Merge: be741d7 f2068ef Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Jun 5 09:52:09 2017 -0400 Merge branch 'bug22466_diagnostic_030' changes/bug22466_diagnostic | 4 ++++ src/or/routerkeys.c | 4 ++++ src/or/torcert.c | 4 ++++ 3 files changed, 12 insertions(+)

1 0

[tor/master] Merge branch 'maint-0.3.0'
by nickm＠torproject.org 05 Jun '17

05 Jun '17

commit be741d7e63b06fe103caab3db4b64ada45bd6bae Merge: 1763aa0 41ed9e9 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Jun 5 09:51:57 2017 -0400 Merge branch 'maint-0.3.0' changes/bug22466_regenerate | 8 ++++++++ src/or/routerkeys.c | 15 ++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-)

1 0

[tor/maint-0.3.0] Regenerate RSA->ed25519 identity crosscertificate as needed
by nickm＠torproject.org 05 Jun '17

05 Jun '17

commit 41ed9e978b77080c027e50ed831370efbeeeac37 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 1 10:04:52 2017 -0400 Regenerate RSA->ed25519 identity crosscertificate as needed --- changes/bug22466_regenerate | 8 ++++++++ src/or/routerkeys.c | 15 ++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/changes/bug22466_regenerate b/changes/bug22466_regenerate new file mode 100644 index 0000000..8dbda89 --- /dev/null +++ b/changes/bug22466_regenerate @@ -0,0 +1,8 @@ + o Minor bugfixes (link handshake): + - Lower the lifetime of the RSA->Ed25519 cross-certificate to + six months, and regenerate it when it is within one month of expiring. + Previously, we had generated this certificate at startup with + a ten-year lifetime, but that could lead to weird behavior when + Tor was started with a grossly inaccurate clock. Mitigates + bug 22466; mitigation on 0.3.0.1-alpha. + diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 6259e3f..611ac91 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -668,6 +668,7 @@ static tor_cert_t *auth_key_cert = NULL; static uint8_t *rsa_ed_crosscert = NULL; static size_t rsa_ed_crosscert_len = 0; +static time_t rsa_ed_crosscert_expiration = 0; /** * Running as a server: load, reload, or refresh our ed25519 keys and @@ -699,8 +700,10 @@ load_ed_keys(const or_options_t *options, time_t now) tor_cert_free(cert); \ cert = (newval); \ } while (0) +#define HAPPENS_SOON(when, interval) \ + ((when) < now + (interval)) #define EXPIRES_SOON(cert, interval) \ - (!(cert) || (cert)->valid_until < now + (interval)) + (!(cert) || HAPPENS_SOON((cert)->valid_until, (interval))) /* XXXX support encrypted identity keys fully */ @@ -899,14 +902,19 @@ load_ed_keys(const or_options_t *options, time_t now) if (options->command == CMD_KEYGEN) goto end; - if (!rsa_ed_crosscert && server_mode(options)) { + if (server_mode(options) && + (!rsa_ed_crosscert || + HAPPENS_SOON(rsa_ed_crosscert_expiration, 30*86400))) { uint8_t *crosscert; + time_t expiration = now+6*30*86400; /* 6 months in the future. */ ssize_t crosscert_len = tor_make_rsa_ed25519_crosscert(&id->pubkey, get_server_identity_key(), - now+10*365*86400,/*XXXX*/ + expiration, &crosscert); + tor_free(rsa_ed_crosscert); rsa_ed_crosscert_len = crosscert_len; rsa_ed_crosscert = crosscert; + rsa_ed_crosscert_expiration = expiration; } if (!current_auth_key || @@ -1038,6 +1046,7 @@ should_make_new_ed_keys(const or_options_t *options, const time_t now) } #undef EXPIRES_SOON +#undef HAPPENS_SOON #ifdef TOR_UNIT_TESTS /* Helper for unit tests: populate the ed25519 keys without saving or

1 0

[tor/master] Regenerate RSA->ed25519 identity crosscertificate as needed
by nickm＠torproject.org 05 Jun '17

05 Jun '17

commit 41ed9e978b77080c027e50ed831370efbeeeac37 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 1 10:04:52 2017 -0400 Regenerate RSA->ed25519 identity crosscertificate as needed --- changes/bug22466_regenerate | 8 ++++++++ src/or/routerkeys.c | 15 ++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/changes/bug22466_regenerate b/changes/bug22466_regenerate new file mode 100644 index 0000000..8dbda89 --- /dev/null +++ b/changes/bug22466_regenerate @@ -0,0 +1,8 @@ + o Minor bugfixes (link handshake): + - Lower the lifetime of the RSA->Ed25519 cross-certificate to + six months, and regenerate it when it is within one month of expiring. + Previously, we had generated this certificate at startup with + a ten-year lifetime, but that could lead to weird behavior when + Tor was started with a grossly inaccurate clock. Mitigates + bug 22466; mitigation on 0.3.0.1-alpha. + diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 6259e3f..611ac91 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -668,6 +668,7 @@ static tor_cert_t *auth_key_cert = NULL; static uint8_t *rsa_ed_crosscert = NULL; static size_t rsa_ed_crosscert_len = 0; +static time_t rsa_ed_crosscert_expiration = 0; /** * Running as a server: load, reload, or refresh our ed25519 keys and @@ -699,8 +700,10 @@ load_ed_keys(const or_options_t *options, time_t now) tor_cert_free(cert); \ cert = (newval); \ } while (0) +#define HAPPENS_SOON(when, interval) \ + ((when) < now + (interval)) #define EXPIRES_SOON(cert, interval) \ - (!(cert) || (cert)->valid_until < now + (interval)) + (!(cert) || HAPPENS_SOON((cert)->valid_until, (interval))) /* XXXX support encrypted identity keys fully */ @@ -899,14 +902,19 @@ load_ed_keys(const or_options_t *options, time_t now) if (options->command == CMD_KEYGEN) goto end; - if (!rsa_ed_crosscert && server_mode(options)) { + if (server_mode(options) && + (!rsa_ed_crosscert || + HAPPENS_SOON(rsa_ed_crosscert_expiration, 30*86400))) { uint8_t *crosscert; + time_t expiration = now+6*30*86400; /* 6 months in the future. */ ssize_t crosscert_len = tor_make_rsa_ed25519_crosscert(&id->pubkey, get_server_identity_key(), - now+10*365*86400,/*XXXX*/ + expiration, &crosscert); + tor_free(rsa_ed_crosscert); rsa_ed_crosscert_len = crosscert_len; rsa_ed_crosscert = crosscert; + rsa_ed_crosscert_expiration = expiration; } if (!current_auth_key || @@ -1038,6 +1046,7 @@ should_make_new_ed_keys(const or_options_t *options, const time_t now) } #undef EXPIRES_SOON +#undef HAPPENS_SOON #ifdef TOR_UNIT_TESTS /* Helper for unit tests: populate the ed25519 keys without saving or

1 0

[tor-browser-bundle/maint-7.0] Picking up new tor browser tag and release date update
by gk＠torproject.org 04 Jun '17

04 Jun '17

commit 50274bc101d2e0ce1a2d89975c6da51d4d929baf Author: Georg Koppen <gk(a)torproject.org> Date: Sun Jun 4 08:51:41 2017 +0000 Picking up new tor browser tag and release date update --- Bundle-Data/Docs/ChangeLog.txt | 2 +- gitian/versions | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 4411b56..9a830c3 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,4 +1,4 @@ -Tor Browser 7.0 -- June 6 2017 +Tor Browser 7.0 -- June 7 2017 * All Platforms * Update Firefox to 52.1.2esr * Update Tor to 0.3.0.7 diff --git a/gitian/versions b/gitian/versions index d385801..86156ea 100755 --- a/gitian/versions +++ b/gitian/versions @@ -14,7 +14,7 @@ FIREFOX_VERSION=52.1.2esr TORBROWSER_UPDATE_CHANNEL=release -TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-7.0-1-build1 +TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-7.0-1-build2 TOR_TAG=tor-0.3.0.7 TORLAUNCHER_TAG=0.2.12.2 TORBUTTON_TAG=1.9.7.3

1 0