commit 56f713b8a477b4203f3bfd8f3ad0952706dc9599 Author: David Goulet dgoulet@torproject.org Date: Thu Oct 18 11:44:26 2018 -0400

hs-v3: Always generate the descriptor cookie

It won't be used if there are no authorized client configured. We do that so we can easily support the addition of a client with a HUP signal which allow us to avoid more complex code path to generate that cookie if we have at least one client auth and we had none before.

Fixes #27995

Signed-off-by: David Goulet dgoulet@torproject.org --- changes/ticket27995 | 4 ++++ src/feature/hs/hs_service.c | 10 ++++------ 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/changes/ticket27995 b/changes/ticket27995 new file mode 100644 index 000000000..8c7542574 --- /dev/null +++ b/changes/ticket27995 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden service v3, client authorization): + - Fix an assert() when adding a client authorization for the first time + and then sending a HUP signal to the service. Before that, tor would + stop abruptly. Fixes bug 27995; bugfix on 0.3.5.1-alpha. diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 78654bfb2..aec2aa438 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -1924,12 +1924,10 @@ build_service_desc_keys(const hs_service_t *service, goto end; }

- /* Random a descriptor cookie to be used as a part of a key to encrypt the - * descriptor, if the client auth is enabled. */ - if (service->config.is_client_auth_enabled) { - crypto_strongest_rand(desc->descriptor_cookie, - sizeof(desc->descriptor_cookie)); - } + /* Random descriptor cookie to be used as a part of a key to encrypt the + * descriptor, only if the client auth is enabled will it be used. */ + crypto_strongest_rand(desc->descriptor_cookie, + sizeof(desc->descriptor_cookie));

/* Success. */ ret = 0;