commit e598c6f6dee3696df1d0c228268a1bf1b369eb86 Author: David Goulet dgoulet@torproject.org Date: Thu Oct 26 14:54:20 2017 -0400

hs-v3: Check the ed25519 key when picking intro point

If the intro point supports ed25519 link authentication, make sure we don't have a zeroed key which would lead to a failure to extend to it.

We already check for an empty key if the intro point does not support it so this makes the check on the key more consistent and symmetric.

Fixes #24002

Signed-off-by: David Goulet dgoulet@torproject.org --- changes/bug24002 | 5 +++++ src/or/hs_service.c | 4 ++++ 2 files changed, 9 insertions(+)

diff --git a/changes/bug24002 b/changes/bug24002 new file mode 100644 index 000000000..cdb608111 --- /dev/null +++ b/changes/bug24002 @@ -0,0 +1,5 @@ + o Minor bugfixes (hidden service): + - Make sure that we have a usable ed25519 key when the intro point relay + does support ed25519 link authentication. We do check for an empty key + when the relay does not support it so this makes it nice and symmetric. + Fixes bug 24002; bugfix on 0.3.2.1-alpha. diff --git a/src/or/hs_service.c b/src/or/hs_service.c index 3d1945aa9..4b67bb4d4 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -1564,6 +1564,10 @@ pick_intro_point(unsigned int direct_conn, smartlist_t *exclude_nodes) * protocol */ if (!node_supports_ed25519_link_authentication(node)) { tor_assert_nonfatal(ed25519_public_key_is_zero(&info->ed_identity)); + } else { + /* Make sure we *do* have an ed key if we support the link authentication. + * Sending an empty key would result in a failure to extend. */ + tor_assert_nonfatal(!ed25519_public_key_is_zero(&info->ed_identity)); }

/* Create our objects and populate them with the node information. */