[tor-bugs] #28415 [Core Tor/Tor]: extra-info-digest's sha256-digest isn't actually over the same data as the sha1-digest
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 12 21:38:50 UTC 2018
#28415: extra-info-digest's sha256-digest isn't actually over the same data as the
sha1-digest
------------------------------+----------------------
Reporter: irl | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: dir-spec
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+----------------------
Please review my pull request at:
https://github.com/torproject/torspec/pull/44
The extra-info-digest field of server descriptors was defined to contain
either a SHA1, or a SHA1 and a SHA256 digest. These were both meant to
be computed over the same data but due to an implementation error, the
Tor network has been computing the digests over different data for a
while. This is a lot easier to fix in the spec than in the code, and
the error does not seem to cause any harm beyond being a little
confusing (which this patch should help with).
A minor fix is also made to the SHA1 digest portion of the text. This is
a typo fix and a clarification, and does not change the semantic meaning
for that portion.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28415>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list