[tor-commits] [tor/maint-0.2.2] Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2

nickm at torproject.org nickm at torproject.org
Sun Mar 6 18:42:16 UTC 2011


commit 35fcec38809f9805326d8e2c81bad33d0ef000ae
Merge: ed14888 4fa70e1
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sun Mar 6 13:42:28 2011 -0500

    Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2

 changes/all_descs    |    4 ++++
 changes/ipv6_crash   |    5 +++--
 src/or/dirserv.c     |    2 ++
 src/or/routerparse.c |    8 ++++++++
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --combined src/or/dirserv.c
index 876698a,7db6c19..3c15c59
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@@ -5,22 -5,6 +5,22 @@@
  
  #define DIRSERV_PRIVATE
  #include "or.h"
 +#include "buffers.h"
 +#include "config.h"
 +#include "connection.h"
 +#include "connection_or.h"
 +#include "control.h"
 +#include "directory.h"
 +#include "dirserv.h"
 +#include "dirvote.h"
 +#include "hibernate.h"
 +#include "microdesc.h"
 +#include "networkstatus.h"
 +#include "policies.h"
 +#include "rephist.h"
 +#include "router.h"
 +#include "routerlist.h"
 +#include "routerparse.h"
  
  /**
   * \file dirserv.c
@@@ -57,7 -41,7 +57,7 @@@ static time_t the_v2_networkstatus_is_d
  static cached_dir_t *the_directory = NULL;
  
  /** For authoritative directories: the current (v1) network status. */
 -static cached_dir_t the_runningrouters = { NULL, NULL, 0, 0, 0, -1 };
 +static cached_dir_t the_runningrouters;
  
  static void directory_remove_invalid(void);
  static cached_dir_t *dirserv_regenerate_directory(void);
@@@ -79,16 -63,13 +79,16 @@@ static signed_descriptor_t *get_signed_
                                                          time_t publish_cutoff);
  static int dirserv_add_extrainfo(extrainfo_t *ei, const char **msg);
  
 +/************** Measured Bandwidth parsing code ******/
 +#define MAX_MEASUREMENT_AGE (3*24*60*60) /* 3 days */
 +
  /************** Fingerprint handling code ************/
  
  #define FP_NAMED   1  /**< Listed in fingerprint file. */
  #define FP_INVALID 2  /**< Believed invalid. */
  #define FP_REJECT  4  /**< We will not publish this router. */
  #define FP_BADDIR  8  /**< We'll tell clients to avoid using this as a dir. */
 -#define FP_BADEXIT 16  /**< We'll tell clients not to use this as an exit. */
 +#define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
  #define FP_UNNAMED 32 /**< Another router has this name in fingerprint file. */
  
  /** Encapsulate a nickname and an FP_* status; target of status_by_digest
@@@ -118,7 -99,7 +118,7 @@@ authdir_config_new(void
    return list;
  }
  
 -/** Add the fingerprint <b>fp</b> for the nickname <b>nickname</b> to
 +/** Add the fingerprint <b>fp</b> for <b>nickname</b> to
   * the smartlist of fingerprint_entry_t's <b>list</b>. Return 0 if it's
   * new, or 1 if we replaced the old value.
   */
@@@ -200,7 -181,8 +200,7 @@@ dirserv_add_own_fingerprint(const char 
   * file.  The file format is line-based, with each non-blank holding one
   * nickname, some space, and a fingerprint for that nickname.  On success,
   * replace the current fingerprint list with the new list and return 0.  On
 - * failure, leave the current fingerprint list untouched, and
 - * return -1. */
 + * failure, leave the current fingerprint list untouched, and return -1. */
  int
  dirserv_load_fingerprint_file(void)
  {
@@@ -386,19 -368,13 +386,19 @@@ dirserv_get_status_impl(const char *id_
                strmap_size(fingerprint_list->fp_by_name),
                digestmap_size(fingerprint_list->status_by_digest));
  
 -  /* 0.1.1.17-rc was the first version that claimed to be stable, doesn't
 -   * crash and drop circuits all the time, and is even vaguely compatible with
 -   * the current network */
 -  if (platform && !tor_version_as_new_as(platform,"0.1.1.17-rc")) {
 +  /* Tor 0.2.0.26-rc is the oldest version that currently caches the right
 +   * directory information.  Once more of them die off, we should raise this
 +   * minimum. */
 +  if (platform && !tor_version_as_new_as(platform,"0.2.0.26-rc")) {
      if (msg)
        *msg = "Tor version is far too old to work.";
      return FP_REJECT;
 +  } else if (platform && tor_version_as_new_as(platform,"0.2.1.3-alpha")
 +                      && !tor_version_as_new_as(platform, "0.2.1.19")) {
 +    /* These versions mishandled RELAY_EARLY cells on rend circuits. */
 +    if (msg)
 +      *msg = "Tor version is too buggy to work.";
 +    return FP_REJECT;
    }
  
    result = dirserv_get_name_status(id_digest, nickname);
@@@ -544,7 -520,7 +544,7 @@@ authdir_wants_to_reject_router(routerin
    /* Okay.  Now check whether the fingerprint is recognized. */
    uint32_t status = dirserv_router_get_status(ri, msg);
    time_t now;
 -  int severity = complain ? LOG_NOTICE : LOG_INFO;
 +  int severity = (complain && ri->contact_info) ? LOG_NOTICE : LOG_INFO;
    tor_assert(msg);
    if (status & FP_REJECT)
      return -1; /* msg is already set. */
@@@ -736,10 -712,6 +736,10 @@@ dirserv_add_descriptor(routerinfo_t *ri
    desc = tor_strndup(ri->cache_info.signed_descriptor_body, desclen);
    nickname = tor_strdup(ri->nickname);
  
 +  /* Tell if we're about to need to launch a test if we add this. */
 +  ri->needs_retest_if_added =
 +    dirserv_should_launch_reachability_test(ri, ri_old);
 +
    r = router_add_to_routerlist(ri, msg, 0, 0);
    if (!WRA_WAS_ADDED(r)) {
      /* unless the routerinfo was fine, just out-of-date */
@@@ -754,7 -726,7 +754,7 @@@
  
      changed = smartlist_create();
      smartlist_add(changed, ri);
 -    control_event_descriptors_changed(changed);
 +    routerlist_descriptors_added(changed, 0);
      smartlist_free(changed);
      if (!*msg) {
        *msg =  ri->is_valid ? "Descriptor for valid server accepted" :
@@@ -863,6 -835,46 +863,6 @@@ directory_remove_invalid(void
    routerlist_assert_ok(rl);
  }
  
 -/** Write a list of unregistered descriptors into a newly allocated
 - * string and return it. Used by dirserv operators to keep track of
 - * fast nodes that haven't registered.
 - */
 -int
 -getinfo_helper_dirserv_unregistered(control_connection_t *control_conn,
 -                                    const char *question, char **answer_out)
 -{
 -  smartlist_t *answerlist;
 -  char buf[1024];
 -  char *answer;
 -  int min_bw = atoi(question);
 -  routerlist_t *rl = router_get_routerlist();
 -
 -  (void) control_conn;
 -
 -  if (strcmpstart(question, "unregistered-servers-"))
 -    return 0;
 -  question += strlen("unregistered-servers-");
 -
 -  answerlist = smartlist_create();
 -  SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ent, {
 -    uint32_t r = dirserv_router_get_status(ent, NULL);
 -    if (router_get_advertised_bandwidth(ent) >= (size_t)min_bw &&
 -        !(r & FP_NAMED)) {
 -      /* then log this one */
 -      tor_snprintf(buf, sizeof(buf),
 -                   "%s: BW %d on '%s'.",
 -                   ent->nickname, router_get_advertised_bandwidth(ent),
 -                   ent->platform ? ent->platform : "");
 -      smartlist_add(answerlist, tor_strdup(buf));
 -    }
 -  });
 -  answer = smartlist_join_strings(answerlist, "\r\n", 0, NULL);
 -  SMARTLIST_FOREACH(answerlist, char *, cp, tor_free(cp));
 -  smartlist_free(answerlist);
 -  *answer_out = answer;
 -  return 0;
 -}
 -
  /** Mark the directory as <b>dirty</b> -- when we're next asked for a
   * directory, we will rebuild it instead of reusing the most recently
   * generated one.
@@@ -921,54 -933,26 +921,54 @@@ list_single_server_status(routerinfo_t 
    return tor_strdup(buf);
  }
  
 +static INLINE int
 +running_long_enough_to_decide_unreachable(void)
 +{
 +  return time_of_process_start
 +    + get_options()->TestingAuthDirTimeToLearnReachability < approx_time();
 +}
 +
  /** Each server needs to have passed a reachability test no more
   * than this number of seconds ago, or he is listed as down in
   * the directory. */
  #define REACHABLE_TIMEOUT (45*60)
  
 +/** If we tested a router and found it reachable _at least this long_ after it
 + * declared itself hibernating, it is probably done hibernating and we just
 + * missed a descriptor from it. */
 +#define HIBERNATION_PUBLICATION_SKEW (60*60)
 +
  /** Treat a router as alive if
   *    - It's me, and I'm not hibernating.
   * or - We've found it reachable recently. */
  void
  dirserv_set_router_is_running(routerinfo_t *router, time_t now)
  {
 +  /*XXXX022 This function is a mess.  Separate out the part that calculates
 +    whether it's reachable and the part that tells rephist that the router was
 +    unreachable.
 +   */
    int answer;
  
 -  if (router_is_me(router) && !we_are_hibernating())
 +  if (router_is_me(router)) {
 +    /* We always know if we are down ourselves. */
 +    answer = ! we_are_hibernating();
 +  } else if (router->is_hibernating &&
 +             (router->cache_info.published_on +
 +              HIBERNATION_PUBLICATION_SKEW) > router->last_reachable) {
 +    /* A hibernating router is down unless we (somehow) had contact with it
 +     * since it declared itself to be hibernating. */
 +    answer = 0;
 +  } else if (get_options()->AssumeReachable) {
 +    /* If AssumeReachable, everybody is up unless they say they are down! */
      answer = 1;
 -  else
 -    answer = get_options()->AssumeReachable ||
 -             now < router->last_reachable + REACHABLE_TIMEOUT;
 +  } else {
 +    /* Otherwise, a router counts as up if we found it reachable in the last
 +       REACHABLE_TIMEOUT seconds. */
 +    answer = (now < router->last_reachable + REACHABLE_TIMEOUT);
 +  }
  
 -  if (!answer) {
 +  if (!answer && running_long_enough_to_decide_unreachable()) {
      /* not considered reachable. tell rephist. */
      rep_hist_note_router_unreachable(router->cache_info.identity_digest, now);
    }
@@@ -981,6 -965,7 +981,6 @@@
   * *<b>router_status_out</b>.  Return 0 on success, -1 on failure.
   *
   * If for_controller is true, include the routers with very old descriptors.
 - * If for_controller is &gt;1, use the verbose nickname format.
   */
  int
  list_server_status_v1(smartlist_t *routers, char **router_status_out,
@@@ -1000,22 -985,23 +1000,22 @@@
  
    rs_entries = smartlist_create();
  
 -  SMARTLIST_FOREACH(routers, routerinfo_t *, ri,
 -  {
 +  SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
      if (authdir) {
        /* Update router status in routerinfo_t. */
        dirserv_set_router_is_running(ri, now);
      }
 -    if (for_controller == 1 || ri->cache_info.published_on >= cutoff)
 -      smartlist_add(rs_entries, list_single_server_status(ri, ri->is_running));
 -    else if (for_controller > 2) {
 +    if (for_controller) {
        char name_buf[MAX_VERBOSE_NICKNAME_LEN+2];
        char *cp = name_buf;
        if (!ri->is_running)
          *cp++ = '!';
        router_get_verbose_nickname(cp, ri);
        smartlist_add(rs_entries, tor_strdup(name_buf));
 +    } else if (ri->cache_info.published_on >= cutoff) {
 +      smartlist_add(rs_entries, list_single_server_status(ri, ri->is_running));
      }
 -  });
 +  } SMARTLIST_FOREACH_END(ri);
  
    *router_status_out = smartlist_join_strings(rs_entries, " ", 0, NULL);
  
@@@ -1133,8 -1119,7 +1133,8 @@@ dirserv_dump_directory_to_string(char *
      return -1;
    }
    note_crypto_pk_op(SIGN_DIR);
 -  if (router_append_dirobj_signature(buf,buf_len,digest,private_key)<0) {
 +  if (router_append_dirobj_signature(buf,buf_len,digest,DIGEST_LEN,
 +                                     private_key)<0) {
      tor_free(buf);
      return -1;
    }
@@@ -1159,21 -1144,18 +1159,21 @@@ directory_fetches_from_authorities(or_o
  {
    routerinfo_t *me;
    uint32_t addr;
 +  int refuseunknown;
    if (options->FetchDirInfoEarly)
      return 1;
    if (options->BridgeRelay == 1)
      return 0;
    if (server_mode(options) && router_pick_published_address(options, &addr)<0)
      return 1; /* we don't know our IP address; ask an authority. */
 -  if (options->DirPort == 0)
 +  refuseunknown = ! router_my_exit_policy_is_reject_star() &&
 +    should_refuse_unknown_exits(options);
 +  if (options->DirPort == 0 && !refuseunknown)
      return 0;
    if (!server_mode(options) || !advertised_server_mode())
      return 0;
    me = router_get_my_routerinfo();
 -  if (!me || !me->dir_port)
 +  if (!me || (!me->dir_port && !refuseunknown))
      return 0; /* if dirport not advertised, return 0 too */
    return 1;
  }
@@@ -1213,14 -1195,7 +1213,14 @@@ directory_caches_v2_dir_info(or_options
  int
  directory_caches_dir_info(or_options_t *options)
  {
 -  return options->BridgeRelay != 0 || options->DirPort != 0;
 +  if (options->BridgeRelay || options->DirPort)
 +    return 1;
 +  if (!server_mode(options) || !advertised_server_mode())
 +    return 0;
 +  /* We need an up-to-date view of network info if we're going to try to
 +   * block exit attempts from unknown relays. */
 +  return ! router_my_exit_policy_is_reject_star() &&
 +    should_refuse_unknown_exits(options);
  }
  
  /** Return 1 if we want to allow remote people to ask us directory
@@@ -1263,14 -1238,14 +1263,14 @@@ directory_too_idle_to_fetch_descriptors
  static cached_dir_t *cached_directory = NULL;
  /** The v1 runningrouters document we'll serve (as a cache or as an authority)
   * if requested. */
 -static cached_dir_t cached_runningrouters = { NULL, NULL, 0, 0, 0, -1 };
 +static cached_dir_t cached_runningrouters;
  
  /** Used for other dirservers' v2 network statuses.  Map from hexdigest to
   * cached_dir_t. */
  static digestmap_t *cached_v2_networkstatus = NULL;
  
 -/** The v3 consensus network status that we're currently serving. */
 -static cached_dir_t *cached_v3_networkstatus = NULL;
 +/** Map from flavor name to the v3 consensuses that we're currently serving. */
 +static strmap_t *cached_consensuses = NULL;
  
  /** Possibly replace the contents of <b>d</b> with the value of
   * <b>directory</b> published on <b>when</b>, unless <b>when</b> is older than
@@@ -1344,11 -1319,7 +1344,11 @@@ clear_cached_dir(cached_dir_t *d
  static void
  _free_cached_dir(void *_d)
  {
 -  cached_dir_t *d = (cached_dir_t *)_d;
 +  cached_dir_t *d;
 +  if (!_d)
 +    return;
 +
 +  d = (cached_dir_t *)_d;
    cached_dir_decref(d);
  }
  
@@@ -1442,26 -1413,17 +1442,26 @@@ dirserv_set_cached_networkstatus_v2(con
    }
  }
  
 -/** Replace the v3 consensus networkstatus that we're serving with
 - * <b>networkstatus</b>, published at <b>published</b>.  No validation is
 - * performed. */
 +/** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
 + * we're serving with <b>networkstatus</b>, published at <b>published</b>.  No
 + * validation is performed. */
  void
 -dirserv_set_cached_networkstatus_v3(const char *networkstatus,
 -                                    time_t published)
 +dirserv_set_cached_consensus_networkstatus(const char *networkstatus,
 +                                           const char *flavor_name,
 +                                           const digests_t *digests,
 +                                           time_t published)
  {
 -  if (cached_v3_networkstatus)
 -    cached_dir_decref(cached_v3_networkstatus);
 -  cached_v3_networkstatus = new_cached_dir(
 -                                  tor_strdup(networkstatus), published);
 +  cached_dir_t *new_networkstatus;
 +  cached_dir_t *old_networkstatus;
 +  if (!cached_consensuses)
 +    cached_consensuses = strmap_new();
 +
 +  new_networkstatus = new_cached_dir(tor_strdup(networkstatus), published);
 +  memcpy(&new_networkstatus->digests, digests, sizeof(digests_t));
 +  old_networkstatus = strmap_set(cached_consensuses, flavor_name,
 +                                 new_networkstatus);
 +  if (old_networkstatus)
 +    cached_dir_decref(old_networkstatus);
  }
  
  /** Remove any v2 networkstatus from the directory cache that was published
@@@ -1558,8 -1520,7 +1558,8 @@@ dirserv_regenerate_directory(void
  {
    char *new_directory=NULL;
  
 -  if (dirserv_dump_directory_to_string(&new_directory, get_identity_key())) {
 +  if (dirserv_dump_directory_to_string(&new_directory,
 +                                       get_server_identity_key())) {
      log_warn(LD_BUG, "Error creating directory.");
      tor_free(new_directory);
      return NULL;
@@@ -1589,7 -1550,7 +1589,7 @@@ generate_runningrouters(void
    char digest[DIGEST_LEN];
    char published[ISO_TIME_LEN+1];
    size_t len;
 -  crypto_pk_env_t *private_key = get_identity_key();
 +  crypto_pk_env_t *private_key = get_server_identity_key();
    char *identity_pkey; /* Identity key, DER64-encoded. */
    size_t identity_pkey_len;
  
@@@ -1616,8 -1577,7 +1616,8 @@@
      goto err;
    }
    note_crypto_pk_op(SIGN_DIR);
 -  if (router_append_dirobj_signature(s, len, digest, private_key)<0)
 +  if (router_append_dirobj_signature(s, len, digest, DIGEST_LEN,
 +                                     private_key)<0)
      goto err;
  
    set_cached_dir(&the_runningrouters, s, time(NULL));
@@@ -1645,11 -1605,9 +1645,11 @@@ dirserv_get_runningrouters(void
  /** Return the latest downloaded consensus networkstatus in encoded, signed,
   * optionally compressed format, suitable for sending to clients. */
  cached_dir_t *
 -dirserv_get_consensus(void)
 +dirserv_get_consensus(const char *flavor_name)
  {
 -  return cached_v3_networkstatus;
 +  if (!cached_consensuses)
 +    return NULL;
 +  return strmap_get(cached_consensuses, flavor_name);
  }
  
  /** For authoritative directories: the current (v2) network status. */
@@@ -1687,7 -1645,7 +1687,7 @@@ should_generate_v2_networkstatus(void
  #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
  /** Similarly, every node with sufficient WFU is around enough to be a guard.
   */
 -#define WFU_TO_GUARANTEE_GUARD (0.995)
 +#define WFU_TO_GUARANTEE_GUARD (0.98)
  
  /* Thresholds for server performance: set by
   * dirserv_compute_performance_thresholds, and used by
@@@ -1767,7 -1725,7 +1767,7 @@@ dirserv_thinks_router_is_unreliable(tim
  
  /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
   * Right now this means it advertises support for it, it has a high
 - * uptime, and it's currently considered Running.
 + * uptime, it has a DirPort open, and it's currently considered Running.
   *
   * This function needs to be called after router-\>is_running has
   * been set.
@@@ -1777,11 -1735,7 +1777,11 @@@ dirserv_thinks_router_is_hs_dir(routeri
  {
    long uptime = real_uptime(router, now);
  
 -  return (router->wants_to_be_hs_dir &&
 +  /* XXX We shouldn't need to check dir_port, but we do because of
 +   * bug 1693. In the future, once relays set wants_to_be_hs_dir
 +   * correctly, we can revert to only checking dir_port if router's
 +   * version is too old. */
 +  return (router->wants_to_be_hs_dir && router->dir_port &&
            uptime > get_options()->MinUptimeHidServDirectoryV2 &&
            router->is_running);
  }
@@@ -1836,8 -1790,7 +1836,8 @@@ dirserv_compute_performance_thresholds(
      if (router_is_active(ri, now)) {
        const char *id = ri->cache_info.identity_digest;
        uint32_t bw;
 -      ri->is_exit = exit_policy_is_general_exit(ri->exit_policy);
 +      ri->is_exit = (!router_exit_policy_rejects_all(ri) &&
 +                    exit_policy_is_general_exit(ri->exit_policy));
        uptimes[n_active] = (uint32_t)real_uptime(ri, now);
        mtbfs[n_active] = rep_hist_get_stability(id, now);
        tks  [n_active] = rep_hist_get_weighted_time_known(id, now);
@@@ -1944,20 -1897,16 +1944,20 @@@ version_from_platform(const char *platf
   * which has at least <b>buf_len</b> free characters.  Do NUL-termination.
   * Use the same format as in network-status documents.  If <b>version</b> is
   * non-NULL, add a "v" line for the platform.  Return 0 on success, -1 on
 - * failure.  If <b>first_line_only</b> is true, don't include any flags
 - * or version line.
 + * failure.
 + *
 + * The format argument has three possible values:
 + *   NS_V2 - Output an entry suitable for a V2 NS opinion document
 + *   NS_V3_CONSENSUS - Output the first portion of a V3 NS consensus entry
 + *   NS_V3_CONSENSUS_MICRODESC - Output the first portion of a V3 microdesc
 + *        consensus entry.
 + *   NS_V3_VOTE - Output a complete V3 NS vote
 + *   NS_CONTROL_PORT - Output a NS document for the control port
   */
  int
  routerstatus_format_entry(char *buf, size_t buf_len,
                            routerstatus_t *rs, const char *version,
 -                          int first_line_only, int v2_format)
 -/* XXX: first_line_only and v2_format should probably be be both
 - *      replaced by a single purpose parameter.
 - */
 +                          routerstatus_format_type_t format)
  {
    int r;
    struct in_addr in;
@@@ -1976,11 -1925,10 +1976,11 @@@
    tor_inet_ntoa(&in, ipaddr, sizeof(ipaddr));
  
    r = tor_snprintf(buf, buf_len,
 -                   "r %s %s %s %s %s %d %d\n",
 +                   "r %s %s %s%s%s %s %d %d\n",
                     rs->nickname,
                     identity64,
 -                   digest64,
 +                   (format==NS_V3_CONSENSUS_MICRODESC)?"":digest64,
 +                   (format==NS_V3_CONSENSUS_MICRODESC)?"":" ",
                     published,
                     ipaddr,
                     (int)rs->or_port,
@@@ -1989,12 -1937,7 +1989,12 @@@
      log_warn(LD_BUG, "Not enough space in buffer.");
      return -1;
    }
 -  if (first_line_only)
 +
 +  /* TODO: Maybe we want to pass in what we need to build the rest of
 +   * this here, instead of in the caller. Then we could use the
 +   * networkstatus_type_t values, with an additional control port value
 +   * added -MP */
 +  if (format == NS_V3_CONSENSUS || format == NS_V3_CONSENSUS_MICRODESC)
      return 0;
  
    cp = buf + strlen(buf);
@@@ -2031,87 -1974,62 +2031,87 @@@
      cp += strlen(cp);
    }
  
 -  if (!v2_format) {
 +  if (format != NS_V2) {
      routerinfo_t* desc = router_get_by_digest(rs->identity_digest);
 +    uint32_t bw;
 +
 +    if (format != NS_CONTROL_PORT) {
 +      /* Blow up more or less nicely if we didn't get anything or not the
 +       * thing we expected.
 +       */
 +      if (!desc) {
 +        char id[HEX_DIGEST_LEN+1];
 +        char dd[HEX_DIGEST_LEN+1];
 +
 +        base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
 +        base16_encode(dd, sizeof(dd), rs->descriptor_digest, DIGEST_LEN);
 +        log_warn(LD_BUG, "Cannot get any descriptor for %s "
 +            "(wanted descriptor %s).",
 +            id, dd);
 +        return -1;
 +      };
 +
 +      /* This assert can fire for the control port, because
 +       * it can request NS documents before all descriptors
 +       * have been fetched. */
 +      if (memcmp(desc->cache_info.signed_descriptor_digest,
 +            rs->descriptor_digest,
 +            DIGEST_LEN)) {
 +        char rl_d[HEX_DIGEST_LEN+1];
 +        char rs_d[HEX_DIGEST_LEN+1];
 +        char id[HEX_DIGEST_LEN+1];
 +
 +        base16_encode(rl_d, sizeof(rl_d),
 +            desc->cache_info.signed_descriptor_digest, DIGEST_LEN);
 +        base16_encode(rs_d, sizeof(rs_d), rs->descriptor_digest, DIGEST_LEN);
 +        base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
 +        log_err(LD_BUG, "descriptor digest in routerlist does not match "
 +            "the one in routerstatus: %s vs %s "
 +            "(router %s)\n",
 +            rl_d, rs_d, id);
 +
 +        tor_assert(!memcmp(desc->cache_info.signed_descriptor_digest,
 +              rs->descriptor_digest,
 +              DIGEST_LEN));
 +      };
 +    }
  
 -    /* Blow up more or less nicely if we didn't get anything or not the
 -     * thing we expected.
 -     */
 -    if (!desc) {
 -      char id[HEX_DIGEST_LEN+1];
 -      char dd[HEX_DIGEST_LEN+1];
 -
 -      base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
 -      base16_encode(dd, sizeof(dd), rs->descriptor_digest, DIGEST_LEN);
 -      log_warn(LD_BUG, "Cannot get any descriptor for %s "
 -                       "(wanted descriptor %s).",
 -               id, dd);
 -      return -1;
 -    };
 -    if (memcmp(desc->cache_info.signed_descriptor_digest,
 -               rs->descriptor_digest,
 -               DIGEST_LEN)) {
 -      char rl_d[HEX_DIGEST_LEN+1];
 -      char rs_d[HEX_DIGEST_LEN+1];
 -      char id[HEX_DIGEST_LEN+1];
 -
 -      base16_encode(rl_d, sizeof(rl_d),
 -                    desc->cache_info.signed_descriptor_digest, DIGEST_LEN);
 -      base16_encode(rs_d, sizeof(rs_d), rs->descriptor_digest, DIGEST_LEN);
 -      base16_encode(id, sizeof(id), rs->identity_digest, DIGEST_LEN);
 -      log_err(LD_BUG, "descriptor digest in routerlist does not match "
 -                      "the one in routerstatus: %s vs %s "
 -                      "(router %s)\n",
 -              rl_d, rs_d, id);
 -
 -      tor_assert(!memcmp(desc->cache_info.signed_descriptor_digest,
 -                       rs->descriptor_digest,
 -                       DIGEST_LEN));
 -    };
 -
 +    if (format == NS_CONTROL_PORT && rs->has_bandwidth) {
 +      bw = rs->bandwidth;
 +    } else {
 +      tor_assert(desc);
 +      bw = router_get_advertised_bandwidth_capped(desc) / 1000;
 +    }
      r = tor_snprintf(cp, buf_len - (cp-buf),
 -                     "w Bandwidth=%d\n",
 -                     router_get_advertised_bandwidth_capped(desc) / 1024);
 +                     "w Bandwidth=%d\n", bw);
 +
      if (r<0) {
        log_warn(LD_BUG, "Not enough space in buffer.");
        return -1;
      }
      cp += strlen(cp);
 +    if (format == NS_V3_VOTE && rs->has_measured_bw) {
 +      *--cp = '\0'; /* Kill "\n" */
 +      r = tor_snprintf(cp, buf_len - (cp-buf),
 +                       " Measured=%d\n", rs->measured_bw);
 +      if (r<0) {
 +        log_warn(LD_BUG, "Not enough space in buffer for weight line.");
 +        return -1;
 +      }
 +      cp += strlen(cp);
 +    }
  
 -    summary = policy_summarize(desc->exit_policy);
 -    r = tor_snprintf(cp, buf_len - (cp-buf), "p %s\n", summary);
 -    if (r<0) {
 -      log_warn(LD_BUG, "Not enough space in buffer.");
 +    if (desc) {
 +      summary = policy_summarize(desc->exit_policy);
 +      r = tor_snprintf(cp, buf_len - (cp-buf), "p %s\n", summary);
 +      if (r<0) {
 +        log_warn(LD_BUG, "Not enough space in buffer.");
 +        tor_free(summary);
 +        return -1;
 +      }
 +      cp += strlen(cp);
        tor_free(summary);
 -      return -1;
      }
 -    cp += strlen(cp);
 -    tor_free(summary);
    }
  
    return 0;
@@@ -2214,7 -2132,9 +2214,7 @@@ get_possible_sybil_list(const smartlist
  
  /** Extract status information from <b>ri</b> and from other authority
   * functions and store it in <b>rs</b>>.  If <b>naming</b>, consider setting
 - * the named flag in <b>rs</b>. If not <b>exits_can_be_guards</b>, never mark
 - * an exit as a guard.  If <b>listbadexits</b>, consider setting the badexit
 - * flag.
 + * the named flag in <b>rs</b>.
   *
   * We assume that ri-\>is_running has already been set, e.g. by
   *   dirserv_set_router_is_running(ri, now);
@@@ -2222,8 -2142,8 +2222,8 @@@
  void
  set_routerstatus_from_routerinfo(routerstatus_t *rs,
                                   routerinfo_t *ri, time_t now,
 -                                 int naming, int exits_can_be_guards,
 -                                 int listbadexits, int listbaddirs)
 +                                 int naming, int listbadexits,
 +                                 int listbaddirs)
  {
    int unstable_version =
      !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs");
@@@ -2252,10 -2172,11 +2252,10 @@@
    rs->is_valid = ri->is_valid;
  
    if (rs->is_fast &&
 -      (!rs->is_exit || exits_can_be_guards) &&
        (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
         router_get_advertised_bandwidth(ri) >=
 -       (exits_can_be_guards ? guard_bandwidth_including_exits :
 -        guard_bandwidth_excluding_exits))) {
 +                              MIN(guard_bandwidth_including_exits,
 +                                  guard_bandwidth_excluding_exits))) {
      long tk = rep_hist_get_weighted_time_known(
                                        ri->cache_info.identity_digest, now);
      double wfu = rep_hist_get_weighted_fractional_uptime(
@@@ -2311,177 -2232,6 +2311,177 @@@ router_clear_status_flags(routerinfo_t 
      router->is_bad_exit = router->is_bad_directory = 0;
  }
  
 +/**
 + * Helper function to parse out a line in the measured bandwidth file
 + * into a measured_bw_line_t output structure. Returns -1 on failure
 + * or 0 on success.
 + */
 +int
 +measured_bw_line_parse(measured_bw_line_t *out, const char *orig_line)
 +{
 +  char *line = tor_strdup(orig_line);
 +  char *cp = line;
 +  int got_bw = 0;
 +  int got_node_id = 0;
 +  char *strtok_state; /* lame sauce d'jour */
 +  cp = tor_strtok_r(cp, " \t", &strtok_state);
 +
 +  if (!cp) {
 +    log_warn(LD_DIRSERV, "Invalid line in bandwidth file: %s",
 +             escaped(orig_line));
 +    tor_free(line);
 +    return -1;
 +  }
 +
 +  if (orig_line[strlen(orig_line)-1] != '\n') {
 +    log_warn(LD_DIRSERV, "Incomplete line in bandwidth file: %s",
 +             escaped(orig_line));
 +    tor_free(line);
 +    return -1;
 +  }
 +
 +  do {
 +    if (strcmpstart(cp, "bw=") == 0) {
 +      int parse_ok = 0;
 +      char *endptr;
 +      if (got_bw) {
 +        log_warn(LD_DIRSERV, "Double bw= in bandwidth file line: %s",
 +                 escaped(orig_line));
 +        tor_free(line);
 +        return -1;
 +      }
 +      cp+=strlen("bw=");
 +
 +      out->bw = tor_parse_long(cp, 0, 0, LONG_MAX, &parse_ok, &endptr);
 +      if (!parse_ok || (*endptr && !TOR_ISSPACE(*endptr))) {
 +        log_warn(LD_DIRSERV, "Invalid bandwidth in bandwidth file line: %s",
 +                 escaped(orig_line));
 +        tor_free(line);
 +        return -1;
 +      }
 +      got_bw=1;
 +    } else if (strcmpstart(cp, "node_id=$") == 0) {
 +      if (got_node_id) {
 +        log_warn(LD_DIRSERV, "Double node_id= in bandwidth file line: %s",
 +                 escaped(orig_line));
 +        tor_free(line);
 +        return -1;
 +      }
 +      cp+=strlen("node_id=$");
 +
 +      if (strlen(cp) != HEX_DIGEST_LEN ||
 +          base16_decode(out->node_id, DIGEST_LEN, cp, HEX_DIGEST_LEN)) {
 +        log_warn(LD_DIRSERV, "Invalid node_id in bandwidth file line: %s",
 +                 escaped(orig_line));
 +        tor_free(line);
 +        return -1;
 +      }
 +      strncpy(out->node_hex, cp, sizeof(out->node_hex));
 +      got_node_id=1;
 +    }
 +  } while ((cp = tor_strtok_r(NULL, " \t", &strtok_state)));
 +
 +  if (got_bw && got_node_id) {
 +    tor_free(line);
 +    return 0;
 +  } else {
 +    log_warn(LD_DIRSERV, "Incomplete line in bandwidth file: %s",
 +             escaped(orig_line));
 +    tor_free(line);
 +    return -1;
 +  }
 +}
 +
 +/**
 + * Helper function to apply a parsed measurement line to a list
 + * of bandwidth statuses. Returns true if a line is found,
 + * false otherwise.
 + */
 +int
 +measured_bw_line_apply(measured_bw_line_t *parsed_line,
 +                       smartlist_t *routerstatuses)
 +{
 +  routerstatus_t *rs = NULL;
 +  if (!routerstatuses)
 +    return 0;
 +
 +  rs = smartlist_bsearch(routerstatuses, parsed_line->node_id,
 +                         compare_digest_to_routerstatus_entry);
 +
 +  if (rs) {
 +    rs->has_measured_bw = 1;
 +    rs->measured_bw = (uint32_t)parsed_line->bw;
 +  } else {
 +    log_info(LD_DIRSERV, "Node ID %s not found in routerstatus list",
 +             parsed_line->node_hex);
 +  }
 +
 +  return rs != NULL;
 +}
 +
 +/**
 + * Read the measured bandwidth file and apply it to the list of
 + * routerstatuses. Returns -1 on error, 0 otherwise.
 + */
 +int
 +dirserv_read_measured_bandwidths(const char *from_file,
 +                                 smartlist_t *routerstatuses)
 +{
 +  char line[256];
 +  FILE *fp = fopen(from_file, "r");
 +  int applied_lines = 0;
 +  time_t file_time;
 +  int ok;
 +  if (fp == NULL) {
 +    log_warn(LD_CONFIG, "Can't open bandwidth file at configured location: %s",
 +             from_file);
 +    return -1;
 +  }
 +
 +  if (!fgets(line, sizeof(line), fp)
 +          || !strlen(line) || line[strlen(line)-1] != '\n') {
 +    log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s",
 +             escaped(line));
 +    fclose(fp);
 +    return -1;
 +  }
 +
 +  line[strlen(line)-1] = '\0';
 +  file_time = tor_parse_ulong(line, 10, 0, ULONG_MAX, &ok, NULL);
 +  if (!ok) {
 +    log_warn(LD_DIRSERV, "Non-integer time in bandwidth file: %s",
 +             escaped(line));
 +    fclose(fp);
 +    return -1;
 +  }
 +
 +  if ((time(NULL) - file_time) > MAX_MEASUREMENT_AGE) {
 +    log_warn(LD_DIRSERV, "Bandwidth measurement file stale. Age: %u",
 +             (unsigned)(time(NULL) - file_time));
 +    fclose(fp);
 +    return -1;
 +  }
 +
 +  if (routerstatuses)
 +    smartlist_sort(routerstatuses, compare_routerstatus_entries);
 +
 +  while (!feof(fp)) {
 +    measured_bw_line_t parsed_line;
 +    if (fgets(line, sizeof(line), fp) && strlen(line)) {
 +      if (measured_bw_line_parse(&parsed_line, line) != -1) {
 +        if (measured_bw_line_apply(&parsed_line, routerstatuses) > 0)
 +          applied_lines++;
 +      }
 +    }
 +  }
 +
 +  fclose(fp);
 +  log_info(LD_DIRSERV,
 +           "Bandwidth measurement file successfully read. "
 +           "Applied %d measurements.", applied_lines);
 +  return 0;
 +}
 +
  /** Return a new networkstatus_t* containing our current opinion. (For v3
   * authorities) */
  networkstatus_t *
@@@ -2499,18 -2249,22 +2499,18 @@@ dirserv_generate_networkstatus_vote_obj
    int naming = options->NamingAuthoritativeDir;
    int listbadexits = options->AuthDirListBadExits;
    int listbaddirs = options->AuthDirListBadDirs;
 -  int exits_can_be_guards;
    routerlist_t *rl = router_get_routerlist();
    time_t now = time(NULL);
    time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
    networkstatus_voter_info_t *voter = NULL;
    vote_timing_t timing;
    digestmap_t *omit_as_sybil = NULL;
 -  int vote_on_reachability = 1;
 +  const int vote_on_reachability = running_long_enough_to_decide_unreachable();
 +  smartlist_t *microdescriptors = NULL;
  
    tor_assert(private_key);
    tor_assert(cert);
  
 -  if (now - time_of_process_start <
 -      options->TestingAuthDirTimeToLearnReachability)
 -    vote_on_reachability = 0;
 -
    if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
      log_warn(LD_NET, "Couldn't resolve my hostname");
      return NULL;
@@@ -2545,24 -2299,27 +2545,24 @@@
  
    dirserv_compute_performance_thresholds(rl);
  
 -  /* XXXX We should take steps to keep this from oscillating if
 -   * total_exit_bandwidth is close to total_bandwidth/3. */
 -  exits_can_be_guards = total_exit_bandwidth >= (total_bandwidth / 3);
 -
    routers = smartlist_create();
    smartlist_add_all(routers, rl->routers);
    routers_sort_by_identity(routers);
    omit_as_sybil = get_possible_sybil_list(routers);
  
    routerstatuses = smartlist_create();
 +  microdescriptors = smartlist_create();
  
 -  SMARTLIST_FOREACH(routers, routerinfo_t *, ri, {
 +  SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
      if (ri->cache_info.published_on >= cutoff) {
        routerstatus_t *rs;
        vote_routerstatus_t *vrs;
 +      microdesc_t *md;
  
        vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
        rs = &vrs->status;
        set_routerstatus_from_routerinfo(rs, ri, now,
 -                                       naming, exits_can_be_guards,
 -                                       listbadexits, listbaddirs);
 +                                       naming, listbadexits, listbaddirs);
  
        if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
          clear_status_flags_on_sybil(rs);
@@@ -2571,39 -2328,12 +2571,39 @@@
          rs->is_running = 0;
  
        vrs->version = version_from_platform(ri->platform);
 +      md = dirvote_create_microdescriptor(ri);
 +      if (md) {
 +        char buf[128];
 +        vote_microdesc_hash_t *h;
 +        dirvote_format_microdesc_vote_line(buf, sizeof(buf), md);
 +        h = tor_malloc(sizeof(vote_microdesc_hash_t));
 +        h->microdesc_hash_line = tor_strdup(buf);
 +        h->next = NULL;
 +        vrs->microdesc = h;
 +        md->last_listed = now;
 +        smartlist_add(microdescriptors, md);
 +      }
 +
        smartlist_add(routerstatuses, vrs);
      }
 -  });
 +  } SMARTLIST_FOREACH_END(ri);
 +
 +  {
 +    smartlist_t *added =
 +      microdescs_add_list_to_cache(get_microdesc_cache(),
 +                                   microdescriptors, SAVED_NOWHERE, 0);
 +    smartlist_free(added);
 +    smartlist_free(microdescriptors);
 +  }
 +
    smartlist_free(routers);
    digestmap_free(omit_as_sybil, NULL);
  
 +  if (options->V3BandwidthsFile) {
 +    dirserv_read_measured_bandwidths(options->V3BandwidthsFile,
 +                                     routerstatuses);
 +  }
 +
    v3_out = tor_malloc_zero(sizeof(networkstatus_t));
  
    v3_out->type = NS_TYPE_VOTE;
@@@ -2653,22 -2383,15 +2653,22 @@@
    }
    smartlist_sort_strings(v3_out->known_flags);
  
 +  if (options->ConsensusParams) {
 +    v3_out->net_params = smartlist_create();
 +    smartlist_split_string(v3_out->net_params,
 +                           options->ConsensusParams, NULL, 0, 0);
 +    smartlist_sort_strings(v3_out->net_params);
 +  }
 +
    voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
    voter->nickname = tor_strdup(options->Nickname);
    memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
 +  voter->sigs = smartlist_create();
    voter->address = hostname;
    voter->addr = addr;
    voter->dir_port = options->DirPort;
    voter->or_port = options->ORPort;
    voter->contact = tor_strdup(contact);
 -  memcpy(voter->signing_key_digest, signing_key_digest, DIGEST_LEN);
    if (options->V3AuthUseLegacyKey) {
      authority_cert_t *c = get_my_v3_legacy_cert();
      if (c) {
@@@ -2712,12 -2435,13 +2712,12 @@@ generate_v2_networkstatus_opinion(void
    int versioning = options->VersioningAuthoritativeDir;
    int listbaddirs = options->AuthDirListBadDirs;
    int listbadexits = options->AuthDirListBadExits;
 -  int exits_can_be_guards;
    const char *contact;
    char *version_lines = NULL;
    smartlist_t *routers = NULL;
    digestmap_t *omit_as_sybil = NULL;
  
 -  private_key = get_identity_key();
 +  private_key = get_server_identity_key();
  
    if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
      log_warn(LD_NET, "Couldn't resolve my hostname");
@@@ -2791,6 -2515,10 +2791,6 @@@
  
    dirserv_compute_performance_thresholds(rl);
  
 -  /* XXXX We should take steps to keep this from oscillating if
 -   * total_exit_bandwidth is close to total_bandwidth/3. */
 -  exits_can_be_guards = total_exit_bandwidth >= (total_bandwidth / 3);
 -
    routers = smartlist_create();
    smartlist_add_all(routers, rl->routers);
    routers_sort_by_identity(routers);
@@@ -2803,12 -2531,13 +2803,12 @@@
        char *version = version_from_platform(ri->platform);
  
        set_routerstatus_from_routerinfo(&rs, ri, now,
 -                                       naming, exits_can_be_guards,
 -                                       listbadexits, listbaddirs);
 +                                       naming, listbadexits, listbaddirs);
  
        if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
          clear_status_flags_on_sybil(&rs);
  
 -      if (routerstatus_format_entry(outp, endp-outp, &rs, version, 0, 1)) {
 +      if (routerstatus_format_entry(outp, endp-outp, &rs, version, NS_V2)) {
          log_warn(LD_BUG, "Unable to print router status.");
          tor_free(version);
          goto done;
@@@ -2830,8 -2559,7 +2830,8 @@@
    outp += strlen(outp);
  
    note_crypto_pk_op(SIGN_DIR);
 -  if (router_append_dirobj_signature(outp,endp-outp,digest,private_key)<0) {
 +  if (router_append_dirobj_signature(outp,endp-outp,digest,DIGEST_LEN,
 +                                     private_key)<0) {
      log_warn(LD_BUG, "Unable to sign router status.");
      goto done;
    }
@@@ -2863,8 -2591,10 +2863,8 @@@
    tor_free(status);
    tor_free(hostname);
    tor_free(identity_pkey);
 -  if (routers)
 -    smartlist_free(routers);
 -  if (omit_as_sybil)
 -    digestmap_free(omit_as_sybil, NULL);
 +  smartlist_free(routers);
 +  digestmap_free(omit_as_sybil, NULL);
    return r;
  }
  
@@@ -2912,8 -2642,7 +2912,8 @@@ dirserv_get_networkstatus_v2_fingerprin
        log_info(LD_DIRSERV,
                 "Client requested 'all' network status objects; we have none.");
    } else if (!strcmpstart(key, "fp/")) {
 -    dir_split_resource_into_fingerprints(key+3, result, NULL, 1, 1);
 +    dir_split_resource_into_fingerprints(key+3, result, NULL,
 +                                         DSR_HEX|DSR_SORT_UNIQ);
    }
  }
  
@@@ -2970,6 -2699,8 +2970,8 @@@ dirserv_get_routerdesc_fingerprints(sma
      SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
                        smartlist_add(fps_out,
                        tor_memdup(r->cache_info.identity_digest, DIGEST_LEN)));
+     /* Treat "all" requests as if they were unencrypted */
+     for_unencrypted_conn = 1;
    } else if (!strcmp(key, "authority")) {
      routerinfo_t *ri = router_get_my_routerinfo();
      if (ri)
@@@ -2978,12 -2709,10 +2980,12 @@@
    } else if (!strcmpstart(key, "d/")) {
      by_id = 0;
      key += strlen("d/");
 -    dir_split_resource_into_fingerprints(key, fps_out, NULL, 1, 1);
 +    dir_split_resource_into_fingerprints(key, fps_out, NULL,
 +                                         DSR_HEX|DSR_SORT_UNIQ);
    } else if (!strcmpstart(key, "fp/")) {
      key += strlen("fp/");
 -    dir_split_resource_into_fingerprints(key, fps_out, NULL, 1, 1);
 +    dir_split_resource_into_fingerprints(key, fps_out, NULL,
 +                                         DSR_HEX|DSR_SORT_UNIQ);
    } else {
      *msg = "Key not recognized";
      return -1;
@@@ -3048,8 -2777,7 +3050,8 @@@ dirserv_get_routerdescs(smartlist_t *de
    } else if (!strcmpstart(key, "/tor/server/d/")) {
      smartlist_t *digests = smartlist_create();
      key += strlen("/tor/server/d/");
 -    dir_split_resource_into_fingerprints(key, digests, NULL, 1, 1);
 +    dir_split_resource_into_fingerprints(key, digests, NULL,
 +                                         DSR_HEX|DSR_SORT_UNIQ);
      SMARTLIST_FOREACH(digests, const char *, d,
         {
           signed_descriptor_t *sd = router_get_by_descriptor_digest(d);
@@@ -3062,8 -2790,7 +3064,8 @@@
      smartlist_t *digests = smartlist_create();
      time_t cutoff = time(NULL) - ROUTER_MAX_AGE_TO_PUBLISH;
      key += strlen("/tor/server/fp/");
 -    dir_split_resource_into_fingerprints(key, digests, NULL, 1, 1);
 +    dir_split_resource_into_fingerprints(key, digests, NULL,
 +                                         DSR_HEX|DSR_SORT_UNIQ);
      SMARTLIST_FOREACH(digests, const char *, d,
         {
           if (router_digest_is_me(d)) {
@@@ -3132,48 -2859,8 +3134,48 @@@ dirserv_orconn_tls_done(const char *add
     * skip testing. */
  }
  
 -/** Auth dir server only: if <b>try_all</b> is 1, launch connections to
 - * all known routers; else we want to load balance such that we only
 +/** Called when we, as an authority, receive a new router descriptor either as
 + * an upload or a download.  Used to decide whether to relaunch reachability
 + * testing for the server. */
 +int
 +dirserv_should_launch_reachability_test(routerinfo_t *ri, routerinfo_t *ri_old)
 +{
 +  if (!authdir_mode_handles_descs(get_options(), ri->purpose))
 +    return 0;
 +  if (!ri_old) {
 +    /* New router: Launch an immediate reachability test, so we will have an
 +     * opinion soon in case we're generating a consensus soon */
 +    return 1;
 +  }
 +  if (ri_old->is_hibernating && !ri->is_hibernating) {
 +    /* It just came out of hibernation; launch a reachability test */
 +    return 1;
 +  }
 +  if (! routers_have_same_or_addr(ri, ri_old)) {
 +    /* Address or port changed; launch a reachability test */
 +    return 1;
 +  }
 +  return 0;
 +}
 +
 +/** Helper function for dirserv_test_reachability(). Start a TLS
 + * connection to <b>router</b>, and annotate it with when we started
 + * the test. */
 +void
 +dirserv_single_reachability_test(time_t now, routerinfo_t *router)
 +{
 +  tor_addr_t router_addr;
 +  log_debug(LD_OR,"Testing reachability of %s at %s:%u.",
 +            router->nickname, router->address, router->or_port);
 +  /* Remember when we started trying to determine reachability */
 +  if (!router->testing_since)
 +    router->testing_since = now;
 +  tor_addr_from_ipv4h(&router_addr, router->addr);
 +  connection_or_connect(&router_addr, router->or_port,
 +                        router->cache_info.identity_digest);
 +}
 +
 +/** Auth dir server only: load balance such that we only
   * try a few connections per call.
   *
   * The load balancing is such that if we get called once every ten
@@@ -3181,7 -2868,7 +3183,7 @@@
   * bit over 20 minutes).
   */
  void
 -dirserv_test_reachability(time_t now, int try_all)
 +dirserv_test_reachability(time_t now)
  {
    /* XXX decide what to do here; see or-talk thread "purging old router
     * information, revocation." -NM
@@@ -3198,33 -2885,38 +3200,33 @@@
  
    SMARTLIST_FOREACH_BEGIN(rl->routers, routerinfo_t *, router) {
      const char *id_digest = router->cache_info.identity_digest;
 -    tor_addr_t router_addr;
      if (router_is_me(router))
        continue;
      if (bridge_auth && router->purpose != ROUTER_PURPOSE_BRIDGE)
        continue; /* bridge authorities only test reachability on bridges */
  //    if (router->cache_info.published_on > cutoff)
  //      continue;
 -    if (try_all || (((uint8_t)id_digest[0]) % 128) == ctr) {
 -      log_debug(LD_OR,"Testing reachability of %s at %s:%u.",
 -                router->nickname, router->address, router->or_port);
 -      /* Remember when we started trying to determine reachability */
 -      if (!router->testing_since)
 -        router->testing_since = now;
 -      tor_addr_from_ipv4h(&router_addr, router->addr);
 -      connection_or_connect(&router_addr, router->or_port, id_digest);
 +    if ((((uint8_t)id_digest[0]) % 128) == ctr) {
 +      dirserv_single_reachability_test(now, router);
      }
    } SMARTLIST_FOREACH_END(router);
 -  if (!try_all) /* increment ctr */
 -    ctr = (ctr + 1) % 128;
 +  ctr = (ctr + 1) % 128; /* increment ctr */
  }
  
 -/** Given a fingerprint <b>fp</b> which is either set if we're looking
 - * for a v2 status, or zeroes if we're looking for a v3 status, return
 - * a pointer to the appropriate cached dir object, or NULL if there isn't
 - * one available. */
 +/** Given a fingerprint <b>fp</b> which is either set if we're looking for a
 + * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
 + * flavor name if we want a flavored v3 status, return a pointer to the
 + * appropriate cached dir object, or NULL if there isn't one available. */
  static cached_dir_t *
  lookup_cached_dir_by_fp(const char *fp)
  {
    cached_dir_t *d = NULL;
 -  if (tor_digest_is_zero(fp) && cached_v3_networkstatus)
 -    d = cached_v3_networkstatus;
 -  else if (router_digest_is_me(fp) && the_v2_networkstatus)
 +  if (tor_digest_is_zero(fp) && cached_consensuses)
 +    d = strmap_get(cached_consensuses, "ns");
 +  else if (memchr(fp, '\0', DIGEST_LEN) && cached_consensuses &&
 +           (d = strmap_get(cached_consensuses, fp))) {
 +    /* this here interface is a nasty hack XXXX022 */;
 +  } else if (router_digest_is_me(fp) && the_v2_networkstatus)
      d = the_v2_networkstatus;
    else if (cached_v2_networkstatus)
      d = digestmap_get(cached_v2_networkstatus, fp);
@@@ -3310,18 -3002,6 +3312,18 @@@ dirserv_have_any_serverdesc(smartlist_
    return 0;
  }
  
 +/** Return true iff any of the 256-bit elements in <b>fps</b> is the digest of
 + * a microdescriptor we have. */
 +int
 +dirserv_have_any_microdesc(const smartlist_t *fps)
 +{
 +  microdesc_cache_t *cache = get_microdesc_cache();
 +  SMARTLIST_FOREACH(fps, const char *, fp,
 +                    if (microdesc_cache_lookup_by_digest256(cache, fp))
 +                      return 1);
 +  return 0;
 +}
 +
  /** Return an approximate estimate of the number of bytes that will
   * be needed to transmit the server descriptors (if is_serverdescs --
   * they can be either d/ or fp/ queries) or networkstatus objects (if
@@@ -3353,17 -3033,6 +3355,17 @@@ dirserv_estimate_data_size(smartlist_t 
    return result;
  }
  
 +/** Given a list of microdescriptor hashes, guess how many bytes will be
 + * needed to transmit them, and return the guess. */
 +size_t
 +dirserv_estimate_microdesc_size(const smartlist_t *fps, int compressed)
 +{
 +  size_t result = smartlist_len(fps) * microdesc_average_size(NULL);
 +  if (compressed)
 +    result /= 2;
 +  return result;
 +}
 +
  /** When we're spooling data onto our outbuf, add more whenever we dip
   * below this threshold. */
  #define DIRSERV_BUFFER_MIN 16384
@@@ -3427,8 -3096,6 +3429,8 @@@ connection_dirserv_add_servers_to_outbu
  #endif
      body = signed_descriptor_get_body(sd);
      if (conn->zlib_state) {
 +      /* XXXX022 This 'last' business should actually happen on the last
 +       * routerinfo, not on the last fingerprint. */
        int last = ! smartlist_len(conn->fingerprint_stack);
        connection_write_to_buf_zlib(body, sd->signed_descriptor_len, conn,
                                     last);
@@@ -3452,44 -3119,6 +3454,44 @@@
    return 0;
  }
  
 +/** Spooling helper: called when we're sending a bunch of microdescriptors,
 + * and the outbuf has become too empty. Pulls some entries from
 + * fingerprint_stack, and writes the corresponding microdescs onto outbuf.  If
 + * we run out of entries, flushes the zlib state and sets the spool source to
 + * NONE.  Returns 0 on success, negative on failure.
 + */
 +static int
 +connection_dirserv_add_microdescs_to_outbuf(dir_connection_t *conn)
 +{
 +  microdesc_cache_t *cache = get_microdesc_cache();
 +  while (smartlist_len(conn->fingerprint_stack) &&
 +         buf_datalen(conn->_base.outbuf) < DIRSERV_BUFFER_MIN) {
 +    char *fp256 = smartlist_pop_last(conn->fingerprint_stack);
 +    microdesc_t *md = microdesc_cache_lookup_by_digest256(cache, fp256);
 +    tor_free(fp256);
 +    if (!md)
 +      continue;
 +    if (conn->zlib_state) {
 +      /* XXXX022 This 'last' business should actually happen on the last
 +       * routerinfo, not on the last fingerprint. */
 +      int last = !smartlist_len(conn->fingerprint_stack);
 +      connection_write_to_buf_zlib(md->body, md->bodylen, conn, last);
 +      if (last) {
 +        tor_zlib_free(conn->zlib_state);
 +        conn->zlib_state = NULL;
 +      }
 +    } else {
 +      connection_write_to_buf(md->body, md->bodylen, TO_CONN(conn));
 +    }
 +  }
 +  if (!smartlist_len(conn->fingerprint_stack)) {
 +    conn->dir_spool_src = DIR_SPOOL_NONE;
 +    smartlist_free(conn->fingerprint_stack);
 +    conn->fingerprint_stack = NULL;
 +  }
 +  return 0;
 +}
 +
  /** Spooling helper: Called when we're sending a directory or networkstatus,
   * and the outbuf has become too empty.  Pulls some bytes from
   * <b>conn</b>-\>cached_dir-\>dir_z, uncompresses them if appropriate, and
@@@ -3572,7 -3201,8 +3574,7 @@@ connection_dirserv_add_networkstatus_by
        }
      } else {
        connection_dirserv_finish_spooling(conn);
 -      if (conn->fingerprint_stack)
 -        smartlist_free(conn->fingerprint_stack);
 +      smartlist_free(conn->fingerprint_stack);
        conn->fingerprint_stack = NULL;
        return 0;
      }
@@@ -3596,8 -3226,6 +3598,8 @@@ connection_dirserv_flushed_some(dir_con
      case DIR_SPOOL_SERVER_BY_DIGEST:
      case DIR_SPOOL_SERVER_BY_FP:
        return connection_dirserv_add_servers_to_outbuf(conn);
 +    case DIR_SPOOL_MICRODESC:
 +      return connection_dirserv_add_microdescs_to_outbuf(conn);
      case DIR_SPOOL_CACHED_DIR:
        return connection_dirserv_add_dir_bytes_to_outbuf(conn);
      case DIR_SPOOL_NETWORKSTATUS:
@@@ -3619,10 -3247,10 +3621,10 @@@ dirserv_free_all(void
    cached_dir_decref(the_v2_networkstatus);
    cached_dir_decref(cached_directory);
    clear_cached_dir(&cached_runningrouters);
 -  if (cached_v2_networkstatus) {
 -    digestmap_free(cached_v2_networkstatus, _free_cached_dir);
 -    cached_v2_networkstatus = NULL;
 -  }
 -  cached_dir_decref(cached_v3_networkstatus);
 +
 +  digestmap_free(cached_v2_networkstatus, _free_cached_dir);
 +  cached_v2_networkstatus = NULL;
 +  strmap_free(cached_consensuses, _free_cached_dir);
 +  cached_consensuses = NULL;
  }
  
diff --combined src/or/routerparse.c
index e034c6c,1faa177..28ce97e
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@@ -10,21 -10,7 +10,21 @@@
   **/
  
  #include "or.h"
 +#include "config.h"
 +#include "circuitbuild.h"
 +#include "dirserv.h"
 +#include "dirvote.h"
 +#include "policies.h"
 +#include "rendcommon.h"
 +#include "router.h"
 +#include "routerlist.h"
  #include "memarea.h"
 +#include "microdesc.h"
 +#include "networkstatus.h"
 +#include "rephist.h"
 +#include "routerparse.h"
 +#undef log
 +#include <math.h>
  
  /****************************************************************************/
  
@@@ -69,7 -55,6 +69,7 @@@ typedef enum 
    K_S,
    K_V,
    K_W,
 +  K_M,
    K_EVENTDNS,
    K_EXTRA_INFO,
    K_EXTRA_INFO_DIGEST,
@@@ -77,31 -62,6 +77,31 @@@
    K_HIDDEN_SERVICE_DIR,
    K_ALLOW_SINGLE_HOP_EXITS,
  
 +  K_DIRREQ_END,
 +  K_DIRREQ_V2_IPS,
 +  K_DIRREQ_V3_IPS,
 +  K_DIRREQ_V2_REQS,
 +  K_DIRREQ_V3_REQS,
 +  K_DIRREQ_V2_SHARE,
 +  K_DIRREQ_V3_SHARE,
 +  K_DIRREQ_V2_RESP,
 +  K_DIRREQ_V3_RESP,
 +  K_DIRREQ_V2_DIR,
 +  K_DIRREQ_V3_DIR,
 +  K_DIRREQ_V2_TUN,
 +  K_DIRREQ_V3_TUN,
 +  K_ENTRY_END,
 +  K_ENTRY_IPS,
 +  K_CELL_END,
 +  K_CELL_PROCESSED,
 +  K_CELL_QUEUED,
 +  K_CELL_TIME,
 +  K_CELL_CIRCS,
 +  K_EXIT_END,
 +  K_EXIT_WRITTEN,
 +  K_EXIT_READ,
 +  K_EXIT_OPENED,
 +
    K_DIR_KEY_CERTIFICATE_VERSION,
    K_DIR_IDENTITY_KEY,
    K_DIR_KEY_PUBLISHED,
@@@ -118,18 -78,13 +118,18 @@@
  
    K_KNOWN_FLAGS,
    K_PARAMS,
 +  K_BW_WEIGHTS,
    K_VOTE_DIGEST,
    K_CONSENSUS_DIGEST,
 +  K_ADDITIONAL_DIGEST,
 +  K_ADDITIONAL_SIGNATURE,
    K_CONSENSUS_METHODS,
    K_CONSENSUS_METHOD,
    K_LEGACY_DIR_KEY,
 +  K_DIRECTORY_FOOTER,
  
    A_PURPOSE,
 +  A_LAST_LISTED,
    _A_UNKNOWN,
  
    R_RENDEZVOUS_SERVICE_DESCRIPTOR,
@@@ -167,7 -122,7 +167,7 @@@
   * type.
   *
   * This structure is only allocated in memareas; do not allocate it on
 - * the heap, or token_free() won't work.
 + * the heap, or token_clear() won't work.
   */
  typedef struct directory_token_t {
    directory_keyword tp;        /**< Type of the token. */
@@@ -267,6 -222,8 +267,8 @@@ typedef struct token_rule_t 
  static token_rule_t routerdesc_token_table[] = {
    T0N("reject",              K_REJECT,              ARGS,    NO_OBJ ),
    T0N("accept",              K_ACCEPT,              ARGS,    NO_OBJ ),
+   T0N("reject6",             K_REJECT6,             ARGS,    NO_OBJ ),
+   T0N("accept6",             K_ACCEPT6,             ARGS,    NO_OBJ ),
    T1_START( "router",        K_ROUTER,              GE(5),   NO_OBJ ),
    T1( "signing-key",         K_SIGNING_KEY,         NO_ARGS, NEED_KEY_1024 ),
    T1( "onion-key",           K_ONION_KEY,           NO_ARGS, NEED_KEY_1024 ),
@@@ -301,31 -258,6 +303,31 @@@ static token_rule_t extrainfo_token_tab
    T0N("opt",                 K_OPT,             CONCAT_ARGS, OBJ_OK ),
    T01("read-history",        K_READ_HISTORY,        ARGS,    NO_OBJ ),
    T01("write-history",       K_WRITE_HISTORY,       ARGS,    NO_OBJ ),
 +  T01("dirreq-stats-end",    K_DIRREQ_END,          ARGS,    NO_OBJ ),
 +  T01("dirreq-v2-ips",       K_DIRREQ_V2_IPS,       ARGS,    NO_OBJ ),
 +  T01("dirreq-v3-ips",       K_DIRREQ_V3_IPS,       ARGS,    NO_OBJ ),
 +  T01("dirreq-v2-reqs",      K_DIRREQ_V2_REQS,      ARGS,    NO_OBJ ),
 +  T01("dirreq-v3-reqs",      K_DIRREQ_V3_REQS,      ARGS,    NO_OBJ ),
 +  T01("dirreq-v2-share",     K_DIRREQ_V2_SHARE,     ARGS,    NO_OBJ ),
 +  T01("dirreq-v3-share",     K_DIRREQ_V3_SHARE,     ARGS,    NO_OBJ ),
 +  T01("dirreq-v2-resp",      K_DIRREQ_V2_RESP,      ARGS,    NO_OBJ ),
 +  T01("dirreq-v3-resp",      K_DIRREQ_V3_RESP,      ARGS,    NO_OBJ ),
 +  T01("dirreq-v2-direct-dl", K_DIRREQ_V2_DIR,       ARGS,    NO_OBJ ),
 +  T01("dirreq-v3-direct-dl", K_DIRREQ_V3_DIR,       ARGS,    NO_OBJ ),
 +  T01("dirreq-v2-tunneled-dl", K_DIRREQ_V2_TUN,     ARGS,    NO_OBJ ),
 +  T01("dirreq-v3-tunneled-dl", K_DIRREQ_V3_TUN,     ARGS,    NO_OBJ ),
 +  T01("entry-stats-end",     K_ENTRY_END,           ARGS,    NO_OBJ ),
 +  T01("entry-ips",           K_ENTRY_IPS,           ARGS,    NO_OBJ ),
 +  T01("cell-stats-end",      K_CELL_END,            ARGS,    NO_OBJ ),
 +  T01("cell-processed-cells", K_CELL_PROCESSED,     ARGS,    NO_OBJ ),
 +  T01("cell-queued-cells",   K_CELL_QUEUED,         ARGS,    NO_OBJ ),
 +  T01("cell-time-in-queue",  K_CELL_TIME,           ARGS,    NO_OBJ ),
 +  T01("cell-circuits-per-decile", K_CELL_CIRCS,     ARGS,    NO_OBJ ),
 +  T01("exit-stats-end",      K_EXIT_END,            ARGS,    NO_OBJ ),
 +  T01("exit-kibibytes-written", K_EXIT_WRITTEN,     ARGS,    NO_OBJ ),
 +  T01("exit-kibibytes-read", K_EXIT_READ,           ARGS,    NO_OBJ ),
 +  T01("exit-streams-opened", K_EXIT_OPENED,         ARGS,    NO_OBJ ),
 +
    T1_START( "extra-info",          K_EXTRA_INFO,          GE(2),   NO_OBJ ),
  
    END_OF_TABLE
@@@ -335,11 -267,10 +337,11 @@@
   * documents. */
  static token_rule_t rtrstatus_token_table[] = {
    T01("p",                   K_P,               CONCAT_ARGS, NO_OBJ ),
 -  T1( "r",                   K_R,                   GE(8),   NO_OBJ ),
 +  T1( "r",                   K_R,                   GE(7),   NO_OBJ ),
    T1( "s",                   K_S,                   ARGS,    NO_OBJ ),
    T01("v",                   K_V,               CONCAT_ARGS, NO_OBJ ),
    T01("w",                   K_W,                   ARGS,    NO_OBJ ),
 +  T0N("m",                   K_M,               CONCAT_ARGS, NO_OBJ ),
    T0N("opt",                 K_OPT,             CONCAT_ARGS, OBJ_OK ),
    END_OF_TABLE
  };
@@@ -444,7 -375,7 +446,7 @@@ static token_rule_t client_keys_token_t
  
  /** List of tokens allowed in V3 networkstatus votes. */
  static token_rule_t networkstatus_token_table[] = {
 -  T1("network-status-version", K_NETWORK_STATUS_VERSION,
 +  T1_START("network-status-version", K_NETWORK_STATUS_VERSION,
                                                     GE(1),       NO_OBJ ),
    T1("vote-status",            K_VOTE_STATUS,      GE(1),       NO_OBJ ),
    T1("published",              K_PUBLISHED,        CONCAT_ARGS, NO_OBJ ),
@@@ -472,7 -403,7 +474,7 @@@
  
  /** List of tokens allowed in V3 networkstatus consensuses. */
  static token_rule_t networkstatus_consensus_token_table[] = {
 -  T1("network-status-version", K_NETWORK_STATUS_VERSION,
 +  T1_START("network-status-version", K_NETWORK_STATUS_VERSION,
                                                     GE(1),       NO_OBJ ),
    T1("vote-status",            K_VOTE_STATUS,      GE(1),       NO_OBJ ),
    T1("valid-after",            K_VALID_AFTER,      CONCAT_ARGS, NO_OBJ ),
@@@ -499,29 -430,17 +501,29 @@@
  /** List of tokens allowable in the footer of v1/v2 directory/networkstatus
   * footers. */
  static token_rule_t networkstatus_vote_footer_token_table[] = {
 -  T(  "directory-signature", K_DIRECTORY_SIGNATURE, GE(2),   NEED_OBJ ),
 +  T01("directory-footer",    K_DIRECTORY_FOOTER,    NO_ARGS,   NO_OBJ ),
 +  T01("bandwidth-weights",   K_BW_WEIGHTS,          ARGS,      NO_OBJ ),
 +  T(  "directory-signature", K_DIRECTORY_SIGNATURE, GE(2),     NEED_OBJ ),
    END_OF_TABLE
  };
  
  /** List of tokens allowable in detached networkstatus signature documents. */
  static token_rule_t networkstatus_detached_signature_token_table[] = {
    T1_START("consensus-digest", K_CONSENSUS_DIGEST, GE(1),       NO_OBJ ),
 +  T("additional-digest",       K_ADDITIONAL_DIGEST,GE(3),       NO_OBJ ),
    T1("valid-after",            K_VALID_AFTER,      CONCAT_ARGS, NO_OBJ ),
    T1("fresh-until",            K_FRESH_UNTIL,      CONCAT_ARGS, NO_OBJ ),
    T1("valid-until",            K_VALID_UNTIL,      CONCAT_ARGS, NO_OBJ ),
 -  T1N("directory-signature", K_DIRECTORY_SIGNATURE, GE(2),   NEED_OBJ ),
 +  T("additional-signature",  K_ADDITIONAL_SIGNATURE, GE(4),   NEED_OBJ ),
 +  T1N("directory-signature", K_DIRECTORY_SIGNATURE,  GE(2),   NEED_OBJ ),
 +  END_OF_TABLE
 +};
 +
 +static token_rule_t microdesc_token_table[] = {
 +  T1_START("onion-key",        K_ONION_KEY,        NO_ARGS,     NEED_KEY_1024),
 +  T01("family",                K_FAMILY,           ARGS,        NO_OBJ ),
 +  T01("p",                     K_P,                CONCAT_ARGS, NO_OBJ ),
 +  A01("@last-listed",          A_LAST_LISTED,      CONCAT_ARGS, NO_OBJ ),
    END_OF_TABLE
  };
  
@@@ -534,13 -453,9 +536,13 @@@ static addr_policy_t *router_parse_addr
  
  static int router_get_hash_impl(const char *s, size_t s_len, char *digest,
                                  const char *start_str, const char *end_str,
 -                                char end_char);
 -
 -static void token_free(directory_token_t *tok);
 +                                char end_char,
 +                                digest_algorithm_t alg);
 +static int router_get_hashes_impl(const char *s, size_t s_len,
 +                                  digests_t *digests,
 +                                  const char *start_str, const char *end_str,
 +                                  char end_char);
 +static void token_clear(directory_token_t *tok);
  static smartlist_t *find_all_exitpolicy(smartlist_t *s);
  static directory_token_t *_find_by_keyword(smartlist_t *s,
                                             directory_keyword keyword,
@@@ -564,7 -479,6 +566,7 @@@ static directory_token_t *get_next_toke
  #define CST_CHECK_AUTHORITY   (1<<0)
  #define CST_NO_CHECK_OBJTYPE  (1<<1)
  static int check_signature_token(const char *digest,
 +                                 ssize_t digest_len,
                                   directory_token_t *tok,
                                   crypto_pk_env_t *pkey,
                                   int flags,
@@@ -585,34 -499,6 +587,34 @@@ static int tor_version_same_series(tor_
  #define DUMP_AREA(a,name) STMT_NIL
  #endif
  
 +/** Last time we dumped a descriptor to disk. */
 +static time_t last_desc_dumped = 0;
 +
 +/** For debugging purposes, dump unparseable descriptor *<b>desc</b> of
 + * type *<b>type</b> to file $DATADIR/unparseable-desc. Do not write more
 + * than one descriptor to disk per minute. If there is already such a
 + * file in the data directory, overwrite it. */
 +static void
 +dump_desc(const char *desc, const char *type)
 +{
 +  time_t now = time(NULL);
 +  tor_assert(desc);
 +  tor_assert(type);
 +  if (!last_desc_dumped || last_desc_dumped + 60 < now) {
 +    char *debugfile = get_datadir_fname("unparseable-desc");
 +    size_t filelen = 50 + strlen(type) + strlen(desc);
 +    char *content = tor_malloc_zero(filelen);
 +    tor_snprintf(content, filelen, "Unable to parse descriptor of type "
 +                 "%s:\n%s", type, desc);
 +    write_str_to_file(debugfile, content, 0);
 +    log_info(LD_DIR, "Unable to parse descriptor of type %s. See file "
 +             "unparseable-desc in data directory for details.", type);
 +    tor_free(content);
 +    tor_free(debugfile);
 +    last_desc_dumped = now;
 +  }
 +}
 +
  /** Set <b>digest</b> to the SHA-1 digest of the hash of the directory in
   * <b>s</b>.  Return 0 on success, -1 on failure.
   */
@@@ -620,8 -506,7 +622,8 @@@ in
  router_get_dir_hash(const char *s, char *digest)
  {
    return router_get_hash_impl(s, strlen(s), digest,
 -                              "signed-directory","\ndirectory-signature",'\n');
 +                              "signed-directory","\ndirectory-signature",'\n',
 +                              DIGEST_SHA1);
  }
  
  /** Set <b>digest</b> to the SHA-1 digest of the hash of the first router in
@@@ -631,8 -516,7 +633,8 @@@ in
  router_get_router_hash(const char *s, size_t s_len, char *digest)
  {
    return router_get_hash_impl(s, s_len, digest,
 -                              "router ","\nrouter-signature", '\n');
 +                              "router ","\nrouter-signature", '\n',
 +                              DIGEST_SHA1);
  }
  
  /** Set <b>digest</b> to the SHA-1 digest of the hash of the running-routers
@@@ -642,8 -526,7 +644,8 @@@ in
  router_get_runningrouters_hash(const char *s, char *digest)
  {
    return router_get_hash_impl(s, strlen(s), digest,
 -                              "network-status","\ndirectory-signature", '\n');
 +                              "network-status","\ndirectory-signature", '\n',
 +                              DIGEST_SHA1);
  }
  
  /** Set <b>digest</b> to the SHA-1 digest of the hash of the network-status
@@@ -653,31 -536,18 +655,31 @@@ router_get_networkstatus_v2_hash(const 
  {
    return router_get_hash_impl(s, strlen(s), digest,
                                "network-status-version","\ndirectory-signature",
 -                              '\n');
 +                              '\n',
 +                              DIGEST_SHA1);
 +}
 +
 +/** Set <b>digests</b> to all the digests of the consensus document in
 + * <b>s</b> */
 +int
 +router_get_networkstatus_v3_hashes(const char *s, digests_t *digests)
 +{
 +  return router_get_hashes_impl(s,strlen(s),digests,
 +                                "network-status-version",
 +                                "\ndirectory-signature",
 +                                ' ');
  }
  
  /** Set <b>digest</b> to the SHA-1 digest of the hash of the network-status
   * string in <b>s</b>.  Return 0 on success, -1 on failure. */
  int
 -router_get_networkstatus_v3_hash(const char *s, char *digest)
 +router_get_networkstatus_v3_hash(const char *s, char *digest,
 +                                 digest_algorithm_t alg)
  {
    return router_get_hash_impl(s, strlen(s), digest,
                                "network-status-version",
                                "\ndirectory-signature",
 -                              ' ');
 +                              ' ', alg);
  }
  
  /** Set <b>digest</b> to the SHA-1 digest of the hash of the extrainfo
@@@ -686,7 -556,7 +688,7 @@@ in
  router_get_extrainfo_hash(const char *s, char *digest)
  {
    return router_get_hash_impl(s, strlen(s), digest, "extra-info",
 -                              "\nrouter-signature",'\n');
 +                              "\nrouter-signature",'\n', DIGEST_SHA1);
  }
  
  /** Helper: used to generate signatures for routers, directories and
@@@ -698,17 -568,16 +700,17 @@@
   */
  int
  router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
 -                               crypto_pk_env_t *private_key)
 +                               size_t digest_len, crypto_pk_env_t *private_key)
  {
    char *signature;
    size_t i, keysize;
 +  int siglen;
  
    keysize = crypto_pk_keysize(private_key);
    signature = tor_malloc(keysize);
 -  if (crypto_pk_private_sign(private_key, signature, keysize,
 -                             digest, DIGEST_LEN) < 0) {
 -
 +  siglen = crypto_pk_private_sign(private_key, signature, keysize,
 +                                  digest, digest_len);
 +  if (siglen < 0) {
      log_warn(LD_BUG,"Couldn't sign digest.");
      goto err;
    }
@@@ -716,7 -585,7 +718,7 @@@
      goto truncated;
  
    i = strlen(buf);
 -  if (base64_encode(buf+i, buf_len-i, signature, 128) < 0) {
 +  if (base64_encode(buf+i, buf_len-i, signature, siglen) < 0) {
      log_warn(LD_BUG,"couldn't base64-encode signature");
      goto err;
    }
@@@ -823,7 -692,7 +825,7 @@@ router_parse_directory(const char *str
    char digest[DIGEST_LEN];
    time_t published_on;
    int r;
 -  const char *end, *cp;
 +  const char *end, *cp, *str_dup = str;
    smartlist_t *tokens = NULL;
    crypto_pk_env_t *declared_key = NULL;
    memarea_t *area = memarea_new();
@@@ -859,11 -728,11 +861,11 @@@
    }
    declared_key = find_dir_signing_key(str, str+strlen(str));
    note_crypto_pk_op(VERIFY_DIR);
 -  if (check_signature_token(digest, tok, declared_key,
 +  if (check_signature_token(digest, DIGEST_LEN, tok, declared_key,
                              CST_CHECK_AUTHORITY, "directory")<0)
      goto err;
  
 -  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
    smartlist_clear(tokens);
    memarea_clear(area);
  
@@@ -896,12 -765,11 +898,12 @@@
    r = 0;
    goto done;
   err:
 +  dump_desc(str_dup, "v1 directory");
    r = -1;
   done:
    if (declared_key) crypto_free_pk_env(declared_key);
    if (tokens) {
 -    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
      smartlist_free(tokens);
    }
    if (area) {
@@@ -923,7 -791,7 +925,7 @@@ router_parse_runningrouters(const char 
    int r = -1;
    crypto_pk_env_t *declared_key = NULL;
    smartlist_t *tokens = NULL;
 -  const char *eos = str + strlen(str);
 +  const char *eos = str + strlen(str), *str_dup = str;
    memarea_t *area = NULL;
  
    if (router_get_runningrouters_hash(str, digest)) {
@@@ -952,7 -820,7 +954,7 @@@
    }
    declared_key = find_dir_signing_key(str, eos);
    note_crypto_pk_op(VERIFY_DIR);
 -  if (check_signature_token(digest, tok, declared_key,
 +  if (check_signature_token(digest, DIGEST_LEN, tok, declared_key,
                              CST_CHECK_AUTHORITY, "running-routers")
        < 0)
      goto err;
@@@ -964,10 -832,9 +966,10 @@@
  
    r = 0;
   err:
 +  dump_desc(str_dup, "v1 running-routers");
    if (declared_key) crypto_free_pk_env(declared_key);
    if (tokens) {
 -    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
      smartlist_free(tokens);
    }
    if (area) {
@@@ -1017,7 -884,7 +1019,7 @@@ find_dir_signing_key(const char *str, c
    }
  
   done:
 -  if (tok) token_free(tok);
 +  if (tok) token_clear(tok);
    if (area) {
      DUMP_AREA(area, "dir-signing-key token");
      memarea_drop_all(area);
@@@ -1053,7 -920,6 +1055,7 @@@ dir_signing_key_is_trusted(crypto_pk_en
   */
  static int
  check_signature_token(const char *digest,
 +                      ssize_t digest_len,
                        directory_token_t *tok,
                        crypto_pk_env_t *pkey,
                        int flags,
@@@ -1086,14 -952,14 +1088,14 @@@
    signed_digest = tor_malloc(keysize);
    if (crypto_pk_public_checksig(pkey, signed_digest, keysize,
                                  tok->object_body, tok->object_size)
 -      != DIGEST_LEN) {
 +      < digest_len) {
      log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
      tor_free(signed_digest);
      return -1;
    }
  //  log_debug(LD_DIR,"Signed %s hash starts %s", doctype,
  //            hex_str(signed_digest,4));
 -  if (memcmp(digest, signed_digest, DIGEST_LEN)) {
 +  if (memcmp(digest, signed_digest, digest_len)) {
      log_warn(LD_DIR, "Error reading %s: signature does not match.", doctype);
      tor_free(signed_digest);
      return -1;
@@@ -1279,7 -1145,7 +1281,7 @@@ router_parse_entry_from_string(const ch
    smartlist_t *tokens = NULL, *exit_policy_tokens = NULL;
    directory_token_t *tok;
    struct in_addr in;
 -  const char *start_of_annotations, *cp;
 +  const char *start_of_annotations, *cp, *s_dup = s;
    size_t prepend_len = prepend_annotations ? strlen(prepend_annotations) : 0;
    int ok = 1;
    memarea_t *area = NULL;
@@@ -1503,6 -1369,12 +1505,12 @@@
        router->has_old_dnsworkers = 1;
    }
  
+   if (find_opt_by_keyword(tokens, K_REJECT6) ||
+       find_opt_by_keyword(tokens, K_ACCEPT6)) {
+     log_warn(LD_DIR, "Rejecting router with reject6/accept6 line: they crash "
+              "older Tors.");
+     goto err;
+   }
    exit_policy_tokens = find_all_exitpolicy(tokens);
    if (!smartlist_len(exit_policy_tokens)) {
      log_warn(LD_DIR, "No exit policy tokens in descriptor.");
@@@ -1557,7 -1429,7 +1565,7 @@@
      verified_digests = digestmap_new();
    digestmap_set(verified_digests, signed_digest, (void*)(uintptr_t)1);
  #endif
 -  if (check_signature_token(digest, tok, router->identity_pkey, 0,
 +  if (check_signature_token(digest, DIGEST_LEN, tok, router->identity_pkey, 0,
                              "router descriptor") < 0)
      goto err;
  
@@@ -1575,15 -1447,16 +1583,15 @@@
    goto done;
  
   err:
 +  dump_desc(s_dup, "router descriptor");
    routerinfo_free(router);
    router = NULL;
   done:
    if (tokens) {
 -    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
      smartlist_free(tokens);
    }
 -  if (exit_policy_tokens) {
 -    smartlist_free(exit_policy_tokens);
 -  }
 +  smartlist_free(exit_policy_tokens);
    if (area) {
      DUMP_AREA(area, "routerinfo");
      memarea_drop_all(area);
@@@ -1608,7 -1481,6 +1616,7 @@@ extrainfo_parse_entry_from_string(cons
    crypto_pk_env_t *key = NULL;
    routerinfo_t *router = NULL;
    memarea_t *area = NULL;
 +  const char *s_dup = s;
  
    if (!end) {
      end = s + strlen(s);
@@@ -1683,8 -1555,7 +1691,8 @@@
  
    if (key) {
      note_crypto_pk_op(VERIFY_RTR);
 -    if (check_signature_token(digest, tok, key, 0, "extra-info") < 0)
 +    if (check_signature_token(digest, DIGEST_LEN, tok, key, 0,
 +                              "extra-info") < 0)
        goto err;
  
      if (router)
@@@ -1698,12 -1569,12 +1706,12 @@@
  
    goto done;
   err:
 -  if (extrainfo)
 -    extrainfo_free(extrainfo);
 +  dump_desc(s_dup, "extra-info descriptor");
 +  extrainfo_free(extrainfo);
    extrainfo = NULL;
   done:
    if (tokens) {
 -    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
      smartlist_free(tokens);
    }
    if (area) {
@@@ -1731,7 -1602,6 +1739,7 @@@ authority_cert_parse_from_string(const 
    size_t len;
    int found;
    memarea_t *area = NULL;
 +  const char *s_dup = s;
  
    s = eat_whitespace(s);
    eos = strstr(s, "\ndir-key-certification");
@@@ -1762,7 -1632,7 +1770,7 @@@
      goto err;
    }
    if (router_get_hash_impl(s, strlen(s), digest, "dir-key-certificate-version",
 -                           "\ndir-key-certification", '\n') < 0)
 +                           "\ndir-key-certification", '\n', DIGEST_SHA1) < 0)
      goto err;
    tok = smartlist_get(tokens, 0);
    if (tok->tp != K_DIR_KEY_CERTIFICATE_VERSION || strcmp(tok->args[0], "3")) {
@@@ -1855,7 -1725,7 +1863,7 @@@
      }
    }
    if (!found) {
 -    if (check_signature_token(digest, tok, cert->identity_key, 0,
 +    if (check_signature_token(digest, DIGEST_LEN, tok, cert->identity_key, 0,
                                "key certificate")) {
        goto err;
      }
@@@ -1864,7 -1734,6 +1872,7 @@@
        /* XXXX Once all authorities generate cross-certified certificates,
         * make this field mandatory. */
        if (check_signature_token(cert->cache_info.identity_digest,
 +                                DIGEST_LEN,
                                  tok,
                                  cert->signing_key,
                                  CST_NO_CHECK_OBJTYPE,
@@@ -1884,7 -1753,7 +1892,7 @@@
    if (end_of_string) {
      *end_of_string = eat_whitespace(eos);
    }
 -  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
    smartlist_free(tokens);
    if (area) {
      DUMP_AREA(area, "authority cert");
@@@ -1892,9 -1761,8 +1900,9 @@@
    }
    return cert;
   err:
 +  dump_desc(s_dup, "authority cert");
    authority_cert_free(cert);
 -  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
    smartlist_free(tokens);
    if (area) {
      DUMP_AREA(area, "authority cert");
@@@ -1905,28 -1773,23 +1913,28 @@@
  
  /** Helper: given a string <b>s</b>, return the start of the next router-status
   * object (starting with "r " at the start of a line).  If none is found,
 - * return the start of the next directory signature.  If none is found, return
 - * the end of the string. */
 + * return the start of the directory footer, or the next directory signature.
 + * If none is found, return the end of the string. */
  static INLINE const char *
  find_start_of_next_routerstatus(const char *s)
  {
 -  const char *eos = strstr(s, "\nr ");
 -  if (eos) {
 -    const char *eos2 = tor_memstr(s, eos-s, "\ndirectory-signature");
 -    if (eos2 && eos2 < eos)
 -      return eos2;
 -    else
 -      return eos+1;
 -  } else {
 -    if ((eos = strstr(s, "\ndirectory-signature")))
 -      return eos+1;
 -    return s + strlen(s);
 -  }
 +  const char *eos, *footer, *sig;
 +  if ((eos = strstr(s, "\nr ")))
 +    ++eos;
 +  else
 +    eos = s + strlen(s);
 +
 +  footer = tor_memstr(s, eos-s, "\ndirectory-footer");
 +  sig = tor_memstr(s, eos-s, "\ndirectory-signature");
 +
 +  if (footer && sig)
 +    return MIN(footer, sig) + 1;
 +  else if (footer)
 +    return footer+1;
 +  else if (sig)
 +    return sig+1;
 +  else
 +    return eos;
  }
  
  /** Given a string at *<b>s</b>, containing a routerstatus object, and an
@@@ -1940,29 -1803,22 +1948,29 @@@
   * If <b>consensus_method</b> is nonzero, this routerstatus is part of a
   * consensus, and we should parse it according to the method used to
   * make that consensus.
 + *
 + * Parse according to the syntax used by the consensus flavor <b>flav</b>.
   **/
  static routerstatus_t *
  routerstatus_parse_entry_from_string(memarea_t *area,
                                       const char **s, smartlist_t *tokens,
                                       networkstatus_t *vote,
                                       vote_routerstatus_t *vote_rs,
 -                                     int consensus_method)
 +                                     int consensus_method,
 +                                     consensus_flavor_t flav)
  {
 -  const char *eos;
 +  const char *eos, *s_dup = *s;
    routerstatus_t *rs = NULL;
    directory_token_t *tok;
    char timebuf[ISO_TIME_LEN+1];
    struct in_addr in;
 +  int offset = 0;
    tor_assert(tokens);
    tor_assert(bool_eq(vote, vote_rs));
  
 +  if (!consensus_method)
 +    flav = FLAV_NS;
 +
    eos = find_start_of_next_routerstatus(*s);
  
    if (tokenize_string(area,*s, eos, tokens, rtrstatus_token_table,0)) {
@@@ -1974,15 -1830,7 +1982,15 @@@
      goto err;
    }
    tok = find_by_keyword(tokens, K_R);
 -  tor_assert(tok->n_args >= 8);
 +  tor_assert(tok->n_args >= 7);
 +  if (flav == FLAV_NS) {
 +    if (tok->n_args < 8) {
 +      log_warn(LD_DIR, "Too few arguments to r");
 +      goto err;
 +    }
 +  } else {
 +    offset = -1;
 +  }
    if (vote_rs) {
      rs = &vote_rs->status;
    } else {
@@@ -2003,34 -1851,29 +2011,34 @@@
      goto err;
    }
  
 -  if (digest_from_base64(rs->descriptor_digest, tok->args[2])) {
 -    log_warn(LD_DIR, "Error decoding descriptor digest %s",
 -             escaped(tok->args[2]));
 -    goto err;
 +  if (flav == FLAV_NS) {
 +    if (digest_from_base64(rs->descriptor_digest, tok->args[2])) {
 +      log_warn(LD_DIR, "Error decoding descriptor digest %s",
 +               escaped(tok->args[2]));
 +      goto err;
 +    }
    }
  
    if (tor_snprintf(timebuf, sizeof(timebuf), "%s %s",
 -                   tok->args[3], tok->args[4]) < 0 ||
 +                   tok->args[3+offset], tok->args[4+offset]) < 0 ||
        parse_iso_time(timebuf, &rs->published_on)<0) {
 -    log_warn(LD_DIR, "Error parsing time '%s %s'",
 -             tok->args[3], tok->args[4]);
 +    log_warn(LD_DIR, "Error parsing time '%s %s' [%d %d]",
 +             tok->args[3+offset], tok->args[4+offset],
 +             offset, (int)flav);
      goto err;
    }
  
 -  if (tor_inet_aton(tok->args[5], &in) == 0) {
 +  if (tor_inet_aton(tok->args[5+offset], &in) == 0) {
      log_warn(LD_DIR, "Error parsing router address in network-status %s",
 -             escaped(tok->args[5]));
 +             escaped(tok->args[5+offset]));
      goto err;
    }
    rs->addr = ntohl(in.s_addr);
  
 -  rs->or_port =(uint16_t) tor_parse_long(tok->args[6],10,0,65535,NULL,NULL);
 -  rs->dir_port = (uint16_t) tor_parse_long(tok->args[7],10,0,65535,NULL,NULL);
 +  rs->or_port = (uint16_t) tor_parse_long(tok->args[6+offset],
 +                                         10,0,65535,NULL,NULL);
 +  rs->dir_port = (uint16_t) tor_parse_long(tok->args[7+offset],
 +                                           10,0,65535,NULL,NULL);
  
    tok = find_opt_by_keyword(tokens, K_S);
    if (tok && vote) {
@@@ -2116,17 -1959,6 +2124,17 @@@
            goto err;
          }
          rs->has_bandwidth = 1;
 +      } else if (!strcmpstart(tok->args[i], "Measured=")) {
 +        int ok;
 +        rs->measured_bw =
 +            (uint32_t)tor_parse_ulong(strchr(tok->args[i], '=')+1,
 +                                      10, 0, UINT32_MAX, &ok, NULL);
 +        if (!ok) {
 +          log_warn(LD_DIR, "Invalid Measured Bandwidth %s",
 +                   escaped(tok->args[i]));
 +          goto err;
 +        }
 +        rs->has_measured_bw = 1;
        }
      }
    }
@@@ -2148,29 -1980,16 +2156,29 @@@
      rs->has_exitsummary = 1;
    }
  
 +  if (vote_rs) {
 +    SMARTLIST_FOREACH_BEGIN(tokens, directory_token_t *, t) {
 +      if (t->tp == K_M && t->n_args) {
 +        vote_microdesc_hash_t *line =
 +          tor_malloc(sizeof(vote_microdesc_hash_t));
 +        line->next = vote_rs->microdesc;
 +        line->microdesc_hash_line = tor_strdup(t->args[0]);
 +        vote_rs->microdesc = line;
 +      }
 +    } SMARTLIST_FOREACH_END(t);
 +  }
 +
    if (!strcasecmp(rs->nickname, UNNAMED_ROUTER_NICKNAME))
      rs->is_named = 0;
  
    goto done;
   err:
 +  dump_desc(s_dup, "routerstatus entry");
    if (rs && !vote_rs)
      routerstatus_free(rs);
    rs = NULL;
   done:
 -  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
    smartlist_clear(tokens);
    if (area) {
      DUMP_AREA(area, "routerstatus entry");
@@@ -2182,8 -2001,8 +2190,8 @@@
  }
  
  /** Helper to sort a smartlist of pointers to routerstatus_t */
 -static int
 -_compare_routerstatus_entries(const void **_a, const void **_b)
 +int
 +compare_routerstatus_entries(const void **_a, const void **_b)
  {
    const routerstatus_t *a = *_a, *b = *_b;
    return memcmp(a->identity_digest, b->identity_digest, DIGEST_LEN);
@@@ -2207,7 -2026,7 +2215,7 @@@ _free_duplicate_routerstatus_entry(voi
  networkstatus_v2_t *
  networkstatus_v2_parse_from_string(const char *s)
  {
 -  const char *eos;
 +  const char *eos, *s_dup = s;
    smartlist_t *tokens = smartlist_create();
    smartlist_t *footer_tokens = smartlist_create();
    networkstatus_v2_t *ns = NULL;
@@@ -2321,17 -2140,17 +2329,17 @@@
  
    ns->entries = smartlist_create();
    s = eos;
 -  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
    smartlist_clear(tokens);
    memarea_clear(area);
    while (!strcmpstart(s, "r ")) {
      routerstatus_t *rs;
      if ((rs = routerstatus_parse_entry_from_string(area, &s, tokens,
 -                                                   NULL, NULL, 0)))
 +                                                   NULL, NULL, 0, 0)))
        smartlist_add(ns->entries, rs);
    }
 -  smartlist_sort(ns->entries, _compare_routerstatus_entries);
 -  smartlist_uniq(ns->entries, _compare_routerstatus_entries,
 +  smartlist_sort(ns->entries, compare_routerstatus_entries);
 +  smartlist_uniq(ns->entries, compare_routerstatus_entries,
                   _free_duplicate_routerstatus_entry);
  
    if (tokenize_string(area,s, NULL, footer_tokens, dir_footer_token_table,0)) {
@@@ -2350,19 -2169,19 +2358,19 @@@
    }
  
    note_crypto_pk_op(VERIFY_DIR);
 -  if (check_signature_token(ns_digest, tok, ns->signing_key, 0,
 +  if (check_signature_token(ns_digest, DIGEST_LEN, tok, ns->signing_key, 0,
                              "network-status") < 0)
      goto err;
  
    goto done;
   err:
 -  if (ns)
 -    networkstatus_v2_free(ns);
 +  dump_desc(s_dup, "v2 networkstatus");
 +  networkstatus_v2_free(ns);
    ns = NULL;
   done:
 -  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
    smartlist_free(tokens);
 -  SMARTLIST_FOREACH(footer_tokens, directory_token_t *, t, token_free(t));
 +  SMARTLIST_FOREACH(footer_tokens, directory_token_t *, t, token_clear(t));
    smartlist_free(footer_tokens);
    if (area) {
      DUMP_AREA(area, "v2 networkstatus");
@@@ -2371,395 -2190,6 +2379,395 @@@
    return ns;
  }
  
 +/** Verify the bandwidth weights of a network status document */
 +int
 +networkstatus_verify_bw_weights(networkstatus_t *ns)
 +{
 +  int64_t weight_scale;
 +  int64_t G=0, M=0, E=0, D=0, T=0;
 +  double Wgg, Wgm, Wgd, Wmg, Wmm, Wme, Wmd, Weg, Wem, Wee, Wed;
 +  double Gtotal=0, Mtotal=0, Etotal=0;
 +  const char *casename = NULL;
 +  int valid = 1;
 +
 +  weight_scale = circuit_build_times_get_bw_scale(ns);
 +  Wgg = networkstatus_get_bw_weight(ns, "Wgg", -1);
 +  Wgm = networkstatus_get_bw_weight(ns, "Wgm", -1);
 +  Wgd = networkstatus_get_bw_weight(ns, "Wgd", -1);
 +  Wmg = networkstatus_get_bw_weight(ns, "Wmg", -1);
 +  Wmm = networkstatus_get_bw_weight(ns, "Wmm", -1);
 +  Wme = networkstatus_get_bw_weight(ns, "Wme", -1);
 +  Wmd = networkstatus_get_bw_weight(ns, "Wmd", -1);
 +  Weg = networkstatus_get_bw_weight(ns, "Weg", -1);
 +  Wem = networkstatus_get_bw_weight(ns, "Wem", -1);
 +  Wee = networkstatus_get_bw_weight(ns, "Wee", -1);
 +  Wed = networkstatus_get_bw_weight(ns, "Wed", -1);
 +
 +  if (Wgg<0 || Wgm<0 || Wgd<0 || Wmg<0 || Wmm<0 || Wme<0 || Wmd<0 || Weg<0
 +          || Wem<0 || Wee<0 || Wed<0) {
 +    log_warn(LD_BUG, "No bandwidth weights produced in consensus!");
 +    return 0;
 +  }
 +
 +  // First, sanity check basic summing properties that hold for all cases
 +  // We use > 1 as the check for these because they are computed as integers.
 +  // Sometimes there are rounding errors.
 +  if (fabs(Wmm - weight_scale) > 1) {
 +    log_warn(LD_BUG, "Wmm=%lf != "I64_FORMAT,
 +             Wmm, I64_PRINTF_ARG(weight_scale));
 +    valid = 0;
 +  }
 +
 +  if (fabs(Wem - Wee) > 1) {
 +    log_warn(LD_BUG, "Wem=%lf != Wee=%lf", Wem, Wee);
 +    valid = 0;
 +  }
 +
 +  if (fabs(Wgm - Wgg) > 1) {
 +    log_warn(LD_BUG, "Wgm=%lf != Wgg=%lf", Wgm, Wgg);
 +    valid = 0;
 +  }
 +
 +  if (fabs(Weg - Wed) > 1) {
 +    log_warn(LD_BUG, "Wed=%lf != Weg=%lf", Wed, Weg);
 +    valid = 0;
 +  }
 +
 +  if (fabs(Wgg + Wmg - weight_scale) > 0.001*weight_scale) {
 +    log_warn(LD_BUG, "Wgg=%lf != "I64_FORMAT" - Wmg=%lf", Wgg,
 +             I64_PRINTF_ARG(weight_scale), Wmg);
 +    valid = 0;
 +  }
 +
 +  if (fabs(Wee + Wme - weight_scale) > 0.001*weight_scale) {
 +    log_warn(LD_BUG, "Wee=%lf != "I64_FORMAT" - Wme=%lf", Wee,
 +             I64_PRINTF_ARG(weight_scale), Wme);
 +    valid = 0;
 +  }
 +
 +  if (fabs(Wgd + Wmd + Wed - weight_scale) > 0.001*weight_scale) {
 +    log_warn(LD_BUG, "Wgd=%lf + Wmd=%lf + Wed=%lf != "I64_FORMAT,
 +             Wgd, Wmd, Wed, I64_PRINTF_ARG(weight_scale));
 +    valid = 0;
 +  }
 +
 +  Wgg /= weight_scale;
 +  Wgm /= weight_scale;
 +  Wgd /= weight_scale;
 +
 +  Wmg /= weight_scale;
 +  Wmm /= weight_scale;
 +  Wme /= weight_scale;
 +  Wmd /= weight_scale;
 +
 +  Weg /= weight_scale;
 +  Wem /= weight_scale;
 +  Wee /= weight_scale;
 +  Wed /= weight_scale;
 +
 +  // Then, gather G, M, E, D, T to determine case
 +  SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, routerstatus_t *, rs) {
 +    if (rs->has_bandwidth) {
 +      T += rs->bandwidth;
 +      if (rs->is_exit && rs->is_possible_guard) {
 +        D += rs->bandwidth;
 +        Gtotal += Wgd*rs->bandwidth;
 +        Mtotal += Wmd*rs->bandwidth;
 +        Etotal += Wed*rs->bandwidth;
 +      } else if (rs->is_exit) {
 +        E += rs->bandwidth;
 +        Mtotal += Wme*rs->bandwidth;
 +        Etotal += Wee*rs->bandwidth;
 +      } else if (rs->is_possible_guard) {
 +        G += rs->bandwidth;
 +        Gtotal += Wgg*rs->bandwidth;
 +        Mtotal += Wmg*rs->bandwidth;
 +      } else {
 +        M += rs->bandwidth;
 +        Mtotal += Wmm*rs->bandwidth;
 +      }
 +    } else {
 +      log_warn(LD_BUG, "Missing consensus bandwidth for router %s",
 +          rs->nickname);
 +    }
 +  } SMARTLIST_FOREACH_END(rs);
 +
 +  // Finally, check equality conditions depending upon case 1, 2 or 3
 +  // Full equality cases: 1, 3b
 +  // Partial equality cases: 2b (E=G), 3a (M=E)
 +  // Fully unknown: 2a
 +  if (3*E >= T && 3*G >= T) {
 +    // Case 1: Neither are scarce
 +    casename = "Case 1";
 +    if (fabs(Etotal-Mtotal) > 0.01*MAX(Etotal,Mtotal)) {
 +      log_warn(LD_DIR,
 +               "Bw Weight Failure for %s: Etotal %lf != Mtotal %lf. "
 +               "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +               " T="I64_FORMAT". "
 +               "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +               casename, Etotal, Mtotal,
 +               I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +               I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +               Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +      valid = 0;
 +    }
 +    if (fabs(Etotal-Gtotal) > 0.01*MAX(Etotal,Gtotal)) {
 +      log_warn(LD_DIR,
 +               "Bw Weight Failure for %s: Etotal %lf != Gtotal %lf. "
 +               "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +               " T="I64_FORMAT". "
 +               "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +               casename, Etotal, Gtotal,
 +               I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +               I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +               Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +      valid = 0;
 +    }
 +    if (fabs(Gtotal-Mtotal) > 0.01*MAX(Gtotal,Mtotal)) {
 +      log_warn(LD_DIR,
 +               "Bw Weight Failure for %s: Mtotal %lf != Gtotal %lf. "
 +               "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +               " T="I64_FORMAT". "
 +               "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +               casename, Mtotal, Gtotal,
 +               I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +               I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +               Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +      valid = 0;
 +    }
 +  } else if (3*E < T && 3*G < T) {
 +    int64_t R = MIN(E, G);
 +    int64_t S = MAX(E, G);
 +    /*
 +     * Case 2: Both Guards and Exits are scarce
 +     * Balance D between E and G, depending upon
 +     * D capacity and scarcity. Devote no extra
 +     * bandwidth to middle nodes.
 +     */
 +    if (R+D < S) { // Subcase a
 +      double Rtotal, Stotal;
 +      if (E < G) {
 +        Rtotal = Etotal;
 +        Stotal = Gtotal;
 +      } else {
 +        Rtotal = Gtotal;
 +        Stotal = Etotal;
 +      }
 +      casename = "Case 2a";
 +      // Rtotal < Stotal
 +      if (Rtotal > Stotal) {
 +        log_warn(LD_DIR,
 +                   "Bw Weight Failure for %s: Rtotal %lf > Stotal %lf. "
 +                   "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +                   " T="I64_FORMAT". "
 +                   "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                   casename, Rtotal, Stotal,
 +                   I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                   I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                   Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +        valid = 0;
 +      }
 +      // Rtotal < T/3
 +      if (3*Rtotal > T) {
 +        log_warn(LD_DIR,
 +                   "Bw Weight Failure for %s: 3*Rtotal %lf > T "
 +                   I64_FORMAT". G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT
 +                   " D="I64_FORMAT" T="I64_FORMAT". "
 +                   "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                   casename, Rtotal*3, I64_PRINTF_ARG(T),
 +                   I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                   I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                   Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +        valid = 0;
 +      }
 +      // Stotal < T/3
 +      if (3*Stotal > T) {
 +        log_warn(LD_DIR,
 +                   "Bw Weight Failure for %s: 3*Stotal %lf > T "
 +                   I64_FORMAT". G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT
 +                   " D="I64_FORMAT" T="I64_FORMAT". "
 +                   "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                   casename, Stotal*3, I64_PRINTF_ARG(T),
 +                   I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                   I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                   Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +        valid = 0;
 +      }
 +      // Mtotal > T/3
 +      if (3*Mtotal < T) {
 +        log_warn(LD_DIR,
 +                   "Bw Weight Failure for %s: 3*Mtotal %lf < T "
 +                   I64_FORMAT". "
 +                   "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +                   " T="I64_FORMAT". "
 +                   "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                   casename, Mtotal*3, I64_PRINTF_ARG(T),
 +                   I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                   I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                   Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +        valid = 0;
 +      }
 +    } else { // Subcase b: R+D > S
 +      casename = "Case 2b";
 +
 +      /* Check the rare-M redirect case. */
 +      if (D != 0 && 3*M < T) {
 +        casename = "Case 2b (balanced)";
 +        if (fabs(Etotal-Mtotal) > 0.01*MAX(Etotal,Mtotal)) {
 +          log_warn(LD_DIR,
 +                   "Bw Weight Failure for %s: Etotal %lf != Mtotal %lf. "
 +                   "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +                   " T="I64_FORMAT". "
 +                   "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                   casename, Etotal, Mtotal,
 +                   I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                   I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                   Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +          valid = 0;
 +        }
 +        if (fabs(Etotal-Gtotal) > 0.01*MAX(Etotal,Gtotal)) {
 +          log_warn(LD_DIR,
 +                   "Bw Weight Failure for %s: Etotal %lf != Gtotal %lf. "
 +                   "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +                   " T="I64_FORMAT". "
 +                   "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                   casename, Etotal, Gtotal,
 +                   I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                   I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                   Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +          valid = 0;
 +        }
 +        if (fabs(Gtotal-Mtotal) > 0.01*MAX(Gtotal,Mtotal)) {
 +          log_warn(LD_DIR,
 +                   "Bw Weight Failure for %s: Mtotal %lf != Gtotal %lf. "
 +                   "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +                   " T="I64_FORMAT". "
 +                   "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                   casename, Mtotal, Gtotal,
 +                   I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                   I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                   Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +          valid = 0;
 +        }
 +      } else {
 +        if (fabs(Etotal-Gtotal) > 0.01*MAX(Etotal,Gtotal)) {
 +          log_warn(LD_DIR,
 +                   "Bw Weight Failure for %s: Etotal %lf != Gtotal %lf. "
 +                   "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +                   " T="I64_FORMAT". "
 +                   "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                   casename, Etotal, Gtotal,
 +                   I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                   I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                   Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +          valid = 0;
 +        }
 +      }
 +    }
 +  } else { // if (E < T/3 || G < T/3) {
 +    int64_t S = MIN(E, G);
 +    int64_t NS = MAX(E, G);
 +    if (3*(S+D) < T) { // Subcase a:
 +      double Stotal;
 +      double NStotal;
 +      if (G < E) {
 +        casename = "Case 3a (G scarce)";
 +        Stotal = Gtotal;
 +        NStotal = Etotal;
 +      } else { // if (G >= E) {
 +        casename = "Case 3a (E scarce)";
 +        NStotal = Gtotal;
 +        Stotal = Etotal;
 +      }
 +      // Stotal < T/3
 +      if (3*Stotal > T) {
 +        log_warn(LD_DIR,
 +                   "Bw Weight Failure for %s: 3*Stotal %lf > T "
 +                   I64_FORMAT". G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT
 +                   " D="I64_FORMAT" T="I64_FORMAT". "
 +                   "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                   casename, Stotal*3, I64_PRINTF_ARG(T),
 +                   I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                   I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                   Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +        valid = 0;
 +      }
 +      if (NS >= M) {
 +        if (fabs(NStotal-Mtotal) > 0.01*MAX(NStotal,Mtotal)) {
 +          log_warn(LD_DIR,
 +                   "Bw Weight Failure for %s: NStotal %lf != Mtotal %lf. "
 +                   "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +                   " T="I64_FORMAT". "
 +                   "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                   casename, NStotal, Mtotal,
 +                   I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                   I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                   Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +          valid = 0;
 +        }
 +      } else {
 +        // if NS < M, NStotal > T/3 because only one of G or E is scarce
 +        if (3*NStotal < T) {
 +          log_warn(LD_DIR,
 +                     "Bw Weight Failure for %s: 3*NStotal %lf < T "
 +                     I64_FORMAT". G="I64_FORMAT" M="I64_FORMAT
 +                     " E="I64_FORMAT" D="I64_FORMAT" T="I64_FORMAT". "
 +                     "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                     casename, NStotal*3, I64_PRINTF_ARG(T),
 +                     I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                     I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                     Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +          valid = 0;
 +        }
 +      }
 +    } else { // Subcase b: S+D >= T/3
 +      casename = "Case 3b";
 +      if (fabs(Etotal-Mtotal) > 0.01*MAX(Etotal,Mtotal)) {
 +        log_warn(LD_DIR,
 +                 "Bw Weight Failure for %s: Etotal %lf != Mtotal %lf. "
 +                 "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +                 " T="I64_FORMAT". "
 +                 "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                 casename, Etotal, Mtotal,
 +                 I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                 I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                 Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +        valid = 0;
 +      }
 +      if (fabs(Etotal-Gtotal) > 0.01*MAX(Etotal,Gtotal)) {
 +        log_warn(LD_DIR,
 +                 "Bw Weight Failure for %s: Etotal %lf != Gtotal %lf. "
 +                 "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +                 " T="I64_FORMAT". "
 +                 "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                 casename, Etotal, Gtotal,
 +                 I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                 I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                 Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +        valid = 0;
 +      }
 +      if (fabs(Gtotal-Mtotal) > 0.01*MAX(Gtotal,Mtotal)) {
 +        log_warn(LD_DIR,
 +                 "Bw Weight Failure for %s: Mtotal %lf != Gtotal %lf. "
 +                 "G="I64_FORMAT" M="I64_FORMAT" E="I64_FORMAT" D="I64_FORMAT
 +                 " T="I64_FORMAT". "
 +                 "Wgg=%lf Wgd=%lf Wmg=%lf Wme=%lf Wmd=%lf Wee=%lf Wed=%lf",
 +                 casename, Mtotal, Gtotal,
 +                 I64_PRINTF_ARG(G), I64_PRINTF_ARG(M), I64_PRINTF_ARG(E),
 +                 I64_PRINTF_ARG(D), I64_PRINTF_ARG(T),
 +                 Wgg, Wgd, Wmg, Wme, Wmd, Wee, Wed);
 +        valid = 0;
 +      }
 +    }
 +  }
 +
 +  if (valid)
 +    log_notice(LD_DIR, "Bandwidth-weight %s is verified and valid.",
 +               casename);
 +
 +  return valid;
 +}
 +
  /** Parse a v3 networkstatus vote, opinion, or consensus (depending on
   * ns_type), from <b>s</b>, and return the result.  Return NULL on failure. */
  networkstatus_t *
@@@ -2770,21 -2200,19 +2778,21 @@@ networkstatus_parse_vote_from_string(co
    smartlist_t *rs_tokens = NULL, *footer_tokens = NULL;
    networkstatus_voter_info_t *voter = NULL;
    networkstatus_t *ns = NULL;
 -  char ns_digest[DIGEST_LEN];
 -  const char *cert, *end_of_header, *end_of_footer;
 +  digests_t ns_digests;
 +  const char *cert, *end_of_header, *end_of_footer, *s_dup = s;
    directory_token_t *tok;
    int ok;
    struct in_addr in;
    int i, inorder, n_signatures = 0;
    memarea_t *area = NULL, *rs_area = NULL;
 +  consensus_flavor_t flav = FLAV_NS;
 +
    tor_assert(s);
  
    if (eos_out)
      *eos_out = NULL;
  
 -  if (router_get_networkstatus_v3_hash(s, ns_digest)) {
 +  if (router_get_networkstatus_v3_hashes(s, &ns_digests)) {
      log_warn(LD_DIR, "Unable to compute digest of network-status");
      goto err;
    }
@@@ -2800,23 -2228,7 +2808,23 @@@
    }
  
    ns = tor_malloc_zero(sizeof(networkstatus_t));
 -  memcpy(ns->networkstatus_digest, ns_digest, DIGEST_LEN);
 +  memcpy(&ns->digests, &ns_digests, sizeof(ns_digests));
 +
 +  tok = find_by_keyword(tokens, K_NETWORK_STATUS_VERSION);
 +  tor_assert(tok);
 +  if (tok->n_args > 1) {
 +    int flavor = networkstatus_parse_flavor_name(tok->args[1]);
 +    if (flavor < 0) {
 +      log_warn(LD_DIR, "Can't parse document with unknown flavor %s",
 +               escaped(tok->args[2]));
 +      goto err;
 +    }
 +    ns->flavor = flav = flavor;
 +  }
 +  if (flav != FLAV_NS && ns_type != NS_TYPE_CONSENSUS) {
 +    log_warn(LD_DIR, "Flavor found on non-consenus networkstatus.");
 +    goto err;
 +  }
  
    if (ns_type != NS_TYPE_CONSENSUS) {
      const char *end_of_cert = NULL;
@@@ -2970,9 -2382,8 +2978,9 @@@
        if (voter)
          smartlist_add(ns->voters, voter);
        voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
 +      voter->sigs = smartlist_create();
        if (ns->type != NS_TYPE_CONSENSUS)
 -        memcpy(voter->vote_digest, ns_digest, DIGEST_LEN);
 +        memcpy(voter->vote_digest, ns_digests.d[DIGEST_SHA1], DIGEST_LEN);
  
        voter->nickname = tor_strdup(tok->args[0]);
        if (strlen(tok->args[1]) != HEX_DIGEST_LEN ||
@@@ -3064,7 -2475,7 +3072,7 @@@
      if (ns->type != NS_TYPE_CONSENSUS) {
        vote_routerstatus_t *rs = tor_malloc_zero(sizeof(vote_routerstatus_t));
        if (routerstatus_parse_entry_from_string(rs_area, &s, rs_tokens, ns,
 -                                               rs, 0))
 +                                               rs, 0, 0))
          smartlist_add(ns->routerstatus_list, rs);
        else {
          tor_free(rs->version);
@@@ -3074,8 -2485,7 +3082,8 @@@
        routerstatus_t *rs;
        if ((rs = routerstatus_parse_entry_from_string(rs_area, &s, rs_tokens,
                                                       NULL, NULL,
 -                                                     ns->consensus_method)))
 +                                                     ns->consensus_method,
 +                                                     flav)))
          smartlist_add(ns->routerstatus_list, rs);
      }
    }
@@@ -3108,73 -2518,14 +3116,73 @@@
      goto err;
    }
  
 -  SMARTLIST_FOREACH(footer_tokens, directory_token_t *, _tok,
    {
 +    int found_sig = 0;
 +    SMARTLIST_FOREACH_BEGIN(footer_tokens, directory_token_t *, _tok) {
 +      tok = _tok;
 +      if (tok->tp == K_DIRECTORY_SIGNATURE)
 +        found_sig = 1;
 +      else if (found_sig) {
 +        log_warn(LD_DIR, "Extraneous token after first directory-signature");
 +        goto err;
 +      }
 +    } SMARTLIST_FOREACH_END(_tok);
 +  }
 +
 +  if ((tok = find_opt_by_keyword(footer_tokens, K_DIRECTORY_FOOTER))) {
 +    if (tok != smartlist_get(footer_tokens, 0)) {
 +      log_warn(LD_DIR, "Misplaced directory-footer token");
 +      goto err;
 +    }
 +  }
 +
 +  tok = find_opt_by_keyword(footer_tokens, K_BW_WEIGHTS);
 +  if (tok) {
 +    ns->weight_params = smartlist_create();
 +    for (i = 0; i < tok->n_args; ++i) {
 +      int ok=0;
 +      char *eq = strchr(tok->args[i], '=');
 +      if (!eq) {
 +        log_warn(LD_DIR, "Bad element '%s' in weight params",
 +                 escaped(tok->args[i]));
 +        goto err;
 +      }
 +      tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok, NULL);
 +      if (!ok) {
 +        log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i]));
 +        goto err;
 +      }
 +      smartlist_add(ns->weight_params, tor_strdup(tok->args[i]));
 +    }
 +  }
 +
 +  SMARTLIST_FOREACH_BEGIN(footer_tokens, directory_token_t *, _tok) {
      char declared_identity[DIGEST_LEN];
      networkstatus_voter_info_t *v;
 +    document_signature_t *sig;
 +    const char *id_hexdigest = NULL;
 +    const char *sk_hexdigest = NULL;
 +    digest_algorithm_t alg = DIGEST_SHA1;
      tok = _tok;
      if (tok->tp != K_DIRECTORY_SIGNATURE)
        continue;
      tor_assert(tok->n_args >= 2);
 +    if (tok->n_args == 2) {
 +      id_hexdigest = tok->args[0];
 +      sk_hexdigest = tok->args[1];
 +    } else {
 +      const char *algname = tok->args[0];
 +      int a;
 +      id_hexdigest = tok->args[1];
 +      sk_hexdigest = tok->args[2];
 +      a = crypto_digest_algorithm_parse_name(algname);
 +      if (a<0) {
 +        log_warn(LD_DIR, "Unknown digest algorithm %s; skipping",
 +                 escaped(algname));
 +        continue;
 +      }
 +      alg = a;
 +    }
  
      if (!tok->object_type ||
          strcmp(tok->object_type, "SIGNATURE") ||
@@@ -3183,11 -2534,11 +3191,11 @@@
        goto err;
      }
  
 -    if (strlen(tok->args[0]) != HEX_DIGEST_LEN ||
 +    if (strlen(id_hexdigest) != HEX_DIGEST_LEN ||
          base16_decode(declared_identity, sizeof(declared_identity),
 -                      tok->args[0], HEX_DIGEST_LEN) < 0) {
 +                      id_hexdigest, HEX_DIGEST_LEN) < 0) {
        log_warn(LD_DIR, "Error decoding declared identity %s in "
 -               "network-status vote.", escaped(tok->args[0]));
 +               "network-status vote.", escaped(id_hexdigest));
        goto err;
      }
      if (!(v = networkstatus_get_voter_by_id(ns, declared_identity))) {
@@@ -3195,15 -2546,11 +3203,15 @@@
                 "any declared directory source.");
        goto err;
      }
 -    if (strlen(tok->args[1]) != HEX_DIGEST_LEN ||
 -        base16_decode(v->signing_key_digest, sizeof(v->signing_key_digest),
 -                      tok->args[1], HEX_DIGEST_LEN) < 0) {
 -      log_warn(LD_DIR, "Error decoding declared digest %s in "
 -               "network-status vote.", escaped(tok->args[1]));
 +    sig = tor_malloc_zero(sizeof(document_signature_t));
 +    memcpy(sig->identity_digest, v->identity_digest, DIGEST_LEN);
 +    sig->alg = alg;
 +    if (strlen(sk_hexdigest) != HEX_DIGEST_LEN ||
 +        base16_decode(sig->signing_key_digest, sizeof(sig->signing_key_digest),
 +                      sk_hexdigest, HEX_DIGEST_LEN) < 0) {
 +      log_warn(LD_DIR, "Error decoding declared signing key digest %s in "
 +               "network-status vote.", escaped(sk_hexdigest));
 +      tor_free(sig);
        goto err;
      }
  
@@@ -3212,49 -2559,35 +3220,49 @@@
                   DIGEST_LEN)) {
          log_warn(LD_DIR, "Digest mismatch between declared and actual on "
                   "network-status vote.");
 +        tor_free(sig);
          goto err;
        }
      }
  
 +    if (voter_get_sig_by_algorithm(v, sig->alg)) {
 +      /* We already parsed a vote with this algorithm from this voter. Use the
 +         first one. */
 +      log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus "
 +             "that contains two votes from the same voter with the same "
 +             "algorithm. Ignoring the second vote.");
 +      tor_free(sig);
 +      continue;
 +    }
 +
      if (ns->type != NS_TYPE_CONSENSUS) {
 -      if (check_signature_token(ns_digest, tok, ns->cert->signing_key, 0,
 -                                "network-status vote"))
 +      if (check_signature_token(ns_digests.d[DIGEST_SHA1], DIGEST_LEN,
 +                                tok, ns->cert->signing_key, 0,
 +                                "network-status vote")) {
 +        tor_free(sig);
          goto err;
 -      v->good_signature = 1;
 +      }
 +      sig->good_signature = 1;
      } else {
 -      if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING)
 +      if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING) {
 +        tor_free(sig);
          goto err;
 -      /* We already parsed a vote from this voter. Use the first one. */
 -      if (v->signature) {
 -        log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus "
 -                   "that contains two votes from the same voter. Ignoring "
 -                   "the second vote.");
 -        continue;
        }
 -
 -      v->signature = tor_memdup(tok->object_body, tok->object_size);
 -      v->signature_len = (int) tok->object_size;
 +      sig->signature = tor_memdup(tok->object_body, tok->object_size);
 +      sig->signature_len = (int) tok->object_size;
      }
 +    smartlist_add(v->sigs, sig);
 +
      ++n_signatures;
 -  });
 +  } SMARTLIST_FOREACH_END(_tok);
  
    if (! n_signatures) {
      log_warn(LD_DIR, "No signatures on networkstatus vote.");
      goto err;
 +  } else if (ns->type == NS_TYPE_VOTE && n_signatures != 1) {
 +    log_warn(LD_DIR, "Received more than one signature on a "
 +             "network-status vote.");
 +    goto err;
    }
  
    if (eos_out)
@@@ -3262,31 -2595,27 +3270,31 @@@
  
    goto done;
   err:
 -  if (ns)
 -    networkstatus_vote_free(ns);
 +  dump_desc(s_dup, "v3 networkstatus");
 +  networkstatus_vote_free(ns);
    ns = NULL;
   done:
    if (tokens) {
 -    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
      smartlist_free(tokens);
    }
    if (voter) {
 +    if (voter->sigs) {
 +      SMARTLIST_FOREACH(voter->sigs, document_signature_t *, sig,
 +                        document_signature_free(sig));
 +      smartlist_free(voter->sigs);
 +    }
      tor_free(voter->nickname);
      tor_free(voter->address);
      tor_free(voter->contact);
      tor_free(voter);
    }
    if (rs_tokens) {
 -    SMARTLIST_FOREACH(rs_tokens, directory_token_t *, t, token_free(t));
 +    SMARTLIST_FOREACH(rs_tokens, directory_token_t *, t, token_clear(t));
      smartlist_free(rs_tokens);
    }
    if (footer_tokens) {
 -    SMARTLIST_FOREACH(footer_tokens, directory_token_t *, t, token_free(t));
 +    SMARTLIST_FOREACH(footer_tokens, directory_token_t *, t, token_clear(t));
      smartlist_free(footer_tokens);
    }
    if (area) {
@@@ -3299,35 -2628,6 +3307,35 @@@
    return ns;
  }
  
 +/** Return the digests_t that holds the digests of the
 + * <b>flavor_name</b>-flavored networkstatus according to the detached
 + * signatures document <b>sigs</b>, allocating a new digests_t as neeeded. */
 +static digests_t *
 +detached_get_digests(ns_detached_signatures_t *sigs, const char *flavor_name)
 +{
 +  digests_t *d = strmap_get(sigs->digests, flavor_name);
 +  if (!d) {
 +    d = tor_malloc_zero(sizeof(digests_t));
 +    strmap_set(sigs->digests, flavor_name, d);
 +  }
 +  return d;
 +}
 +
 +/** Return the list of signatures of the <b>flavor_name</b>-flavored
 + * networkstatus according to the detached signatures document <b>sigs</b>,
 + * allocating a new digests_t as neeeded. */
 +static smartlist_t *
 +detached_get_signatures(ns_detached_signatures_t *sigs,
 +                        const char *flavor_name)
 +{
 +  smartlist_t *sl = strmap_get(sigs->signatures, flavor_name);
 +  if (!sl) {
 +    sl = smartlist_create();
 +    strmap_set(sigs->signatures, flavor_name, sl);
 +  }
 +  return sl;
 +}
 +
  /** Parse a detached v3 networkstatus signature document between <b>s</b> and
   * <b>eos</b> and return the result.  Return -1 on failure. */
  ns_detached_signatures_t *
@@@ -3337,13 -2637,10 +3345,13 @@@ networkstatus_parse_detached_signatures
     * networkstatus_parse_vote_from_string(). */
    directory_token_t *tok;
    memarea_t *area = NULL;
 +  digests_t *digests;
  
    smartlist_t *tokens = smartlist_create();
    ns_detached_signatures_t *sigs =
      tor_malloc_zero(sizeof(ns_detached_signatures_t));
 +  sigs->digests = strmap_new();
 +  sigs->signatures = strmap_new();
  
    if (!eos)
      eos = s + strlen(s);
@@@ -3355,57 -2652,18 +3363,57 @@@
      goto err;
    }
  
 -  tok = find_by_keyword(tokens, K_CONSENSUS_DIGEST);
 -  if (strlen(tok->args[0]) != HEX_DIGEST_LEN) {
 -    log_warn(LD_DIR, "Wrong length on consensus-digest in detached "
 -             "networkstatus signatures");
 -    goto err;
 -  }
 -  if (base16_decode(sigs->networkstatus_digest, DIGEST_LEN,
 -                    tok->args[0], strlen(tok->args[0])) < 0) {
 -    log_warn(LD_DIR, "Bad encoding on on consensus-digest in detached "
 -             "networkstatus signatures");
 -    goto err;
 -  }
 +  /* Grab all the digest-like tokens. */
 +  SMARTLIST_FOREACH_BEGIN(tokens, directory_token_t *, _tok) {
 +    const char *algname;
 +    digest_algorithm_t alg;
 +    const char *flavor;
 +    const char *hexdigest;
 +    size_t expected_length;
 +
 +    tok = _tok;
 +
 +    if (tok->tp == K_CONSENSUS_DIGEST) {
 +      algname = "sha1";
 +      alg = DIGEST_SHA1;
 +      flavor = "ns";
 +      hexdigest = tok->args[0];
 +    } else if (tok->tp == K_ADDITIONAL_DIGEST) {
 +      int a = crypto_digest_algorithm_parse_name(tok->args[1]);
 +      if (a<0) {
 +        log_warn(LD_DIR, "Unrecognized algorithm name %s", tok->args[0]);
 +        continue;
 +      }
 +      alg = (digest_algorithm_t) a;
 +      flavor = tok->args[0];
 +      algname = tok->args[1];
 +      hexdigest = tok->args[2];
 +    } else {
 +      continue;
 +    }
 +
 +    expected_length =
 +      (alg == DIGEST_SHA1) ? HEX_DIGEST_LEN : HEX_DIGEST256_LEN;
 +
 +    if (strlen(hexdigest) != expected_length) {
 +      log_warn(LD_DIR, "Wrong length on consensus-digest in detached "
 +               "networkstatus signatures");
 +      goto err;
 +    }
 +    digests = detached_get_digests(sigs, flavor);
 +    tor_assert(digests);
 +    if (!tor_mem_is_zero(digests->d[alg], DIGEST256_LEN)) {
 +      log_warn(LD_DIR, "Multiple digests for %s with %s on detached "
 +               "signatures document", flavor, algname);
 +      continue;
 +    }
 +    if (base16_decode(digests->d[alg], DIGEST256_LEN,
 +                      hexdigest, strlen(hexdigest)) < 0) {
 +      log_warn(LD_DIR, "Bad encoding on consensus-digest in detached "
 +               "networkstatus signatures");
 +      goto err;
 +    }
 +  } SMARTLIST_FOREACH_END(_tok);
  
    tok = find_by_keyword(tokens, K_VALID_AFTER);
    if (parse_iso_time(tok->args[0], &sigs->valid_after)) {
@@@ -3425,102 -2683,57 +3433,102 @@@
      goto err;
    }
  
 -  sigs->signatures = smartlist_create();
 -  SMARTLIST_FOREACH(tokens, directory_token_t *, _tok,
 -    {
 -      char id_digest[DIGEST_LEN];
 -      char sk_digest[DIGEST_LEN];
 -      networkstatus_voter_info_t *voter;
 +  SMARTLIST_FOREACH_BEGIN(tokens, directory_token_t *, _tok) {
 +    const char *id_hexdigest;
 +    const char *sk_hexdigest;
 +    const char *algname;
 +    const char *flavor;
 +    digest_algorithm_t alg;
 +
 +    char id_digest[DIGEST_LEN];
 +    char sk_digest[DIGEST_LEN];
 +    smartlist_t *siglist;
 +    document_signature_t *sig;
 +    int is_duplicate;
  
 -      tok = _tok;
 -      if (tok->tp != K_DIRECTORY_SIGNATURE)
 -        continue;
 +    tok = _tok;
 +    if (tok->tp == K_DIRECTORY_SIGNATURE) {
        tor_assert(tok->n_args >= 2);
 +      flavor = "ns";
 +      algname = "sha1";
 +      id_hexdigest = tok->args[0];
 +      sk_hexdigest = tok->args[1];
 +    } else if (tok->tp == K_ADDITIONAL_SIGNATURE) {
 +      tor_assert(tok->n_args >= 4);
 +      flavor = tok->args[0];
 +      algname = tok->args[1];
 +      id_hexdigest = tok->args[2];
 +      sk_hexdigest = tok->args[3];
 +    } else {
 +      continue;
 +    }
  
 -      if (!tok->object_type ||
 -          strcmp(tok->object_type, "SIGNATURE") ||
 -          tok->object_size < 128 || tok->object_size > 512) {
 -        log_warn(LD_DIR, "Bad object type or length on directory-signature");
 -        goto err;
 +    {
 +      int a = crypto_digest_algorithm_parse_name(algname);
 +      if (a<0) {
 +        log_warn(LD_DIR, "Unrecognized algorithm name %s", algname);
 +        continue;
        }
 +      alg = (digest_algorithm_t) a;
 +    }
  
 -      if (strlen(tok->args[0]) != HEX_DIGEST_LEN ||
 -          base16_decode(id_digest, sizeof(id_digest),
 -                        tok->args[0], HEX_DIGEST_LEN) < 0) {
 -        log_warn(LD_DIR, "Error decoding declared identity %s in "
 -                 "network-status vote.", escaped(tok->args[0]));
 -        goto err;
 -      }
 -      if (strlen(tok->args[1]) != HEX_DIGEST_LEN ||
 -          base16_decode(sk_digest, sizeof(sk_digest),
 -                        tok->args[1], HEX_DIGEST_LEN) < 0) {
 -        log_warn(LD_DIR, "Error decoding declared digest %s in "
 -                 "network-status vote.", escaped(tok->args[1]));
 -        goto err;
 -      }
 +    if (!tok->object_type ||
 +        strcmp(tok->object_type, "SIGNATURE") ||
 +        tok->object_size < 128 || tok->object_size > 512) {
 +      log_warn(LD_DIR, "Bad object type or length on directory-signature");
 +      goto err;
 +    }
  
 -      voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
 -      memcpy(voter->identity_digest, id_digest, DIGEST_LEN);
 -      memcpy(voter->signing_key_digest, sk_digest, DIGEST_LEN);
 -      if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING)
 -        goto err;
 -      voter->signature = tor_memdup(tok->object_body, tok->object_size);
 -      voter->signature_len = (int) tok->object_size;
 +    if (strlen(id_hexdigest) != HEX_DIGEST_LEN ||
 +        base16_decode(id_digest, sizeof(id_digest),
 +                      id_hexdigest, HEX_DIGEST_LEN) < 0) {
 +      log_warn(LD_DIR, "Error decoding declared identity %s in "
 +               "network-status vote.", escaped(id_hexdigest));
 +      goto err;
 +    }
 +    if (strlen(sk_hexdigest) != HEX_DIGEST_LEN ||
 +        base16_decode(sk_digest, sizeof(sk_digest),
 +                      sk_hexdigest, HEX_DIGEST_LEN) < 0) {
 +      log_warn(LD_DIR, "Error decoding declared signing key digest %s in "
 +               "network-status vote.", escaped(sk_hexdigest));
 +      goto err;
 +    }
  
 -      smartlist_add(sigs->signatures, voter);
 +    siglist = detached_get_signatures(sigs, flavor);
 +    is_duplicate = 0;
 +    SMARTLIST_FOREACH(siglist, document_signature_t *, s, {
 +      if (s->alg == alg &&
 +          !memcmp(id_digest, s->identity_digest, DIGEST_LEN) &&
 +          !memcmp(sk_digest, s->signing_key_digest, DIGEST_LEN)) {
 +        is_duplicate = 1;
 +      }
      });
 +    if (is_duplicate) {
 +      log_warn(LD_DIR, "Two signatures with identical keys and algorithm "
 +               "found.");
 +      continue;
 +    }
 +
 +    sig = tor_malloc_zero(sizeof(document_signature_t));
 +    sig->alg = alg;
 +    memcpy(sig->identity_digest, id_digest, DIGEST_LEN);
 +    memcpy(sig->signing_key_digest, sk_digest, DIGEST_LEN);
 +    if (tok->object_size >= INT_MAX || tok->object_size >= SIZE_T_CEILING) {
 +      tor_free(sig);
 +      goto err;
 +    }
 +    sig->signature = tor_memdup(tok->object_body, tok->object_size);
 +    sig->signature_len = (int) tok->object_size;
 +
 +    smartlist_add(siglist, sig);
 +  } SMARTLIST_FOREACH_END(_tok);
  
    goto done;
   err:
    ns_detached_signatures_free(sigs);
    sigs = NULL;
   done:
 -  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
    smartlist_free(tokens);
    if (area) {
      DUMP_AREA(area, "detached signatures");
@@@ -3576,7 -2789,7 +3584,7 @@@ router_parse_addr_policy_item_from_stri
   err:
    r = NULL;
   done:
 -  token_free(tok);
 +  token_clear(tok);
    if (area) {
      DUMP_AREA(area, "policy item");
      memarea_drop_all(area);
@@@ -3699,8 -2912,9 +3707,8 @@@ assert_addr_policy_ok(smartlist_t *lst
  
  /** Free all resources allocated for <b>tok</b> */
  static void
 -token_free(directory_token_t *tok)
 +token_clear(directory_token_t *tok)
  {
 -  tor_assert(tok);
    if (tok->key)
      crypto_free_pk_env(tok->key);
  }
@@@ -3712,7 -2926,7 +3720,7 @@@
  
  #define RET_ERR(msg)                                               \
    STMT_BEGIN                                                       \
 -    if (tok) token_free(tok);                                      \
 +    if (tok) token_clear(tok);                                      \
      tok = ALLOC_ZERO(sizeof(directory_token_t));                   \
      tok->tp = _ERR;                                                \
      tok->error = STRDUP(msg);                                      \
@@@ -4008,7 -3222,7 +4016,7 @@@ tokenize_string(memarea_t *area
      tok = get_next_token(area, s, end, table);
      if (tok->tp == _ERR) {
        log_warn(LD_DIR, "parse error: %s", tok->error);
 -      token_free(tok);
 +      token_clear(tok);
        return -1;
      }
      ++counts[tok->tp];
@@@ -4122,11 -3336,17 +4130,11 @@@ find_all_exitpolicy(smartlist_t *s
    return out;
  }
  
 -/** Compute the SHA-1 digest of the substring of <b>s</b> taken from the first
 - * occurrence of <b>start_str</b> through the first instance of c after the
 - * first subsequent occurrence of <b>end_str</b>; store the 20-byte result in
 - * <b>digest</b>; return 0 on success.
 - *
 - * If no such substring exists, return -1.
 - */
  static int
 -router_get_hash_impl(const char *s, size_t s_len, char *digest,
 +router_get_hash_impl_helper(const char *s, size_t s_len,
                              const char *start_str,
 -                            const char *end_str, char end_c)
 +                            const char *end_str, char end_c,
 +                            const char **start_out, const char **end_out)
  {
    const char *start, *end;
    start = tor_memstr(s, s_len, start_str);
@@@ -4153,214 -3373,14 +4161,214 @@@
    }
    ++end;
  
 -  if (crypto_digest(digest, start, end-start)) {
 -    log_warn(LD_BUG,"couldn't compute digest");
 +  *start_out = start;
 +  *end_out = end;
 +  return 0;
 +}
 +
 +/** Compute the digest of the substring of <b>s</b> taken from the first
 + * occurrence of <b>start_str</b> through the first instance of c after the
 + * first subsequent occurrence of <b>end_str</b>; store the 20-byte result in
 + * <b>digest</b>; return 0 on success.
 + *
 + * If no such substring exists, return -1.
 + */
 +static int
 +router_get_hash_impl(const char *s, size_t s_len, char *digest,
 +                     const char *start_str,
 +                     const char *end_str, char end_c,
 +                     digest_algorithm_t alg)
 +{
 +  const char *start=NULL, *end=NULL;
 +  if (router_get_hash_impl_helper(s,s_len,start_str,end_str,end_c,
 +                                  &start,&end)<0)
      return -1;
 +
 +  if (alg == DIGEST_SHA1) {
 +    if (crypto_digest(digest, start, end-start)) {
 +      log_warn(LD_BUG,"couldn't compute digest");
 +      return -1;
 +    }
 +  } else {
 +    if (crypto_digest256(digest, start, end-start, alg)) {
 +      log_warn(LD_BUG,"couldn't compute digest");
 +      return -1;
 +    }
    }
  
    return 0;
  }
  
 +/** As router_get_hash_impl, but compute all hashes. */
 +static int
 +router_get_hashes_impl(const char *s, size_t s_len, digests_t *digests,
 +                       const char *start_str,
 +                       const char *end_str, char end_c)
 +{
 +  const char *start=NULL, *end=NULL;
 +  if (router_get_hash_impl_helper(s,s_len,start_str,end_str,end_c,
 +                                  &start,&end)<0)
 +    return -1;
 +
 +  if (crypto_digest_all(digests, start, end-start)) {
 +    log_warn(LD_BUG,"couldn't compute digests");
 +    return -1;
 +  }
 +
 +  return 0;
 +}
 +
 +/** Assuming that s starts with a microdesc, return the start of the
 + * *NEXT* one.  Return NULL on "not found." */
 +static const char *
 +find_start_of_next_microdesc(const char *s, const char *eos)
 +{
 +  int started_with_annotations;
 +  s = eat_whitespace_eos(s, eos);
 +  if (!s)
 +    return NULL;
 +
 +#define CHECK_LENGTH() STMT_BEGIN \
 +    if (s+32 > eos)               \
 +      return NULL;                \
 +  STMT_END
 +
 +#define NEXT_LINE() STMT_BEGIN            \
 +    s = memchr(s, '\n', eos-s);           \
 +    if (!s || s+1 >= eos)                 \
 +      return NULL;                        \
 +    s++;                                  \
 +  STMT_END
 +
 +  CHECK_LENGTH();
 +
 +  started_with_annotations = (*s == '@');
 +
 +  if (started_with_annotations) {
 +    /* Start by advancing to the first non-annotation line. */
 +    while (*s == '@')
 +      NEXT_LINE();
 +  }
 +  CHECK_LENGTH();
 +
 +  /* Now we should be pointed at an onion-key line.  If we are, then skip
 +   * it. */
 +  if (!strcmpstart(s, "onion-key"))
 +    NEXT_LINE();
 +
 +  /* Okay, now we're pointed at the first line of the microdescriptor which is
 +     not an annotation or onion-key.  The next line that _is_ an annotation or
 +     onion-key is the start of the next microdescriptor. */
 +  while (s+32 < eos) {
 +    if (*s == '@' || !strcmpstart(s, "onion-key"))
 +      return s;
 +    NEXT_LINE();
 +  }
 +  return NULL;
 +
 +#undef CHECK_LENGTH
 +#undef NEXT_LINE
 +}
 +
 +/** Parse as many microdescriptors as are found from the string starting at
 + * <b>s</b> and ending at <b>eos</b>.  If allow_annotations is set, read any
 + * annotations we recognize and ignore ones we don't.  If <b>copy_body</b> is
 + * true, then strdup the bodies of the microdescriptors.  Return all newly
 + * parsed microdescriptors in a newly allocated smartlist_t. */
 +smartlist_t *
 +microdescs_parse_from_string(const char *s, const char *eos,
 +                             int allow_annotations, int copy_body)
 +{
 +  smartlist_t *tokens;
 +  smartlist_t *result;
 +  microdesc_t *md = NULL;
 +  memarea_t *area;
 +  const char *start = s;
 +  const char *start_of_next_microdesc;
 +  int flags = allow_annotations ? TS_ANNOTATIONS_OK : 0;
 +
 +  directory_token_t *tok;
 +
 +  if (!eos)
 +    eos = s + strlen(s);
 +
 +  s = eat_whitespace_eos(s, eos);
 +  area = memarea_new();
 +  result = smartlist_create();
 +  tokens = smartlist_create();
 +
 +  while (s < eos) {
 +    start_of_next_microdesc = find_start_of_next_microdesc(s, eos);
 +    if (!start_of_next_microdesc)
 +      start_of_next_microdesc = eos;
 +
 +    if (tokenize_string(area, s, start_of_next_microdesc, tokens,
 +                        microdesc_token_table, flags)) {
 +      log_warn(LD_DIR, "Unparseable microdescriptor");
 +      goto next;
 +    }
 +
 +    md = tor_malloc_zero(sizeof(microdesc_t));
 +    {
 +      const char *cp = tor_memstr(s, start_of_next_microdesc-s,
 +                                  "onion-key");
 +      tor_assert(cp);
 +
 +      md->bodylen = start_of_next_microdesc - cp;
 +      if (copy_body)
 +        md->body = tor_strndup(cp, md->bodylen);
 +      else
 +        md->body = (char*)cp;
 +      md->off = cp - start;
 +    }
 +
 +    if ((tok = find_opt_by_keyword(tokens, A_LAST_LISTED))) {
 +      if (parse_iso_time(tok->args[0], &md->last_listed)) {
 +        log_warn(LD_DIR, "Bad last-listed time in microdescriptor");
 +        goto next;
 +      }
 +    }
 +
 +    tok = find_by_keyword(tokens, K_ONION_KEY);
 +    md->onion_pkey = tok->key;
 +    tok->key = NULL;
 +
 +    if ((tok = find_opt_by_keyword(tokens, K_FAMILY))) {
 +      int i;
 +      md->family = smartlist_create();
 +      for (i=0;i<tok->n_args;++i) {
 +        if (!is_legal_nickname_or_hexdigest(tok->args[i])) {
 +          log_warn(LD_DIR, "Illegal nickname %s in family line",
 +                   escaped(tok->args[i]));
 +          goto next;
 +        }
 +        smartlist_add(md->family, tor_strdup(tok->args[i]));
 +      }
 +    }
 +
 +    if ((tok = find_opt_by_keyword(tokens, K_P))) {
 +      md->exitsummary = tor_strdup(tok->args[0]);
 +    }
 +
 +    crypto_digest256(md->digest, md->body, md->bodylen, DIGEST_SHA256);
 +
 +    smartlist_add(result, md);
 +
 +    md = NULL;
 +  next:
 +    microdesc_free(md);
 +
 +    memarea_clear(area);
 +    smartlist_clear(tokens);
 +    s = start_of_next_microdesc;
 +  }
 +
 +  memarea_drop_all(area);
 +  smartlist_free(tokens);
 +
 +  return result;
 +}
 +
  /** Parse the Tor version of the platform string <b>platform</b>,
   * and compare it to the version in <b>cutoff</b>. Return 1 if
   * the router is at least as new as the cutoff, else return 0.
@@@ -4385,7 -3405,7 +4393,7 @@@ tor_version_as_new_as(const char *platf
    if (!*start) return 0;
    s = (char *)find_whitespace(start); /* also finds '\0', which is fine */
    s2 = (char*)eat_whitespace(s);
 -  if (!strcmpstart(s2, "(r"))
 +  if (!strcmpstart(s2, "(r") || !strcmpstart(s2, "(git-"))
      s = (char*)find_whitespace(s2);
  
    if ((size_t)(s-start+1) >= sizeof(tmp)) /* too big, no */
@@@ -4481,23 -3501,6 +4489,23 @@@ tor_version_parse(const char *s, tor_ve
    if (!strcmpstart(cp, "(r")) {
      cp += 2;
      out->svn_revision = (int) strtol(cp,&eos,10);
 +  } else if (!strcmpstart(cp, "(git-")) {
 +    char *close_paren = strchr(cp, ')');
 +    int hexlen;
 +    char digest[DIGEST_LEN];
 +    if (! close_paren)
 +      return -1;
 +    cp += 5;
 +    if (close_paren-cp > HEX_DIGEST_LEN)
 +      return -1;
 +    hexlen = (int)(close_paren-cp);
 +    memset(digest, 0, sizeof(digest));
 +    if ( hexlen == 0 || (hexlen % 2) == 1)
 +      return -1;
 +    if (base16_decode(digest, hexlen/2, cp, hexlen))
 +      return -1;
 +    memcpy(out->git_tag, digest, hexlen/2);
 +    out->git_tag_len = hexlen/2;
    }
  
    return 0;
@@@ -4523,14 -3526,8 +4531,14 @@@ tor_version_compare(tor_version_t *a, t
      return i;
    else if ((i = strcmp(a->status_tag, b->status_tag)))
      return i;
 +  else if ((i = a->svn_revision - b->svn_revision))
 +    return i;
 +  else if ((i = a->git_tag_len - b->git_tag_len))
 +    return i;
 +  else if (a->git_tag_len)
 +    return memcmp(a->git_tag, b->git_tag, a->git_tag_len);
    else
 -    return a->svn_revision - b->svn_revision;
 +    return 0;
  }
  
  /** Return true iff versions <b>a</b> and <b>b</b> belong to the same series.
@@@ -4619,7 -3616,7 +4627,7 @@@ rend_parse_v2_service_descriptor(rend_s
    /* Compute descriptor hash for later validation. */
    if (router_get_hash_impl(desc, strlen(desc), desc_hash,
                             "rendezvous-service-descriptor ",
 -                           "\nsignature", '\n') < 0) {
 +                           "\nsignature", '\n', DIGEST_SHA1) < 0) {
      log_warn(LD_REND, "Couldn't compute descriptor hash.");
      goto err;
    }
@@@ -4738,7 -3735,7 +4746,7 @@@
    /* Parse and verify signature. */
    tok = find_by_keyword(tokens, R_SIGNATURE);
    note_crypto_pk_op(VERIFY_RTR);
 -  if (check_signature_token(desc_hash, tok, result->pk, 0,
 +  if (check_signature_token(desc_hash, DIGEST_LEN, tok, result->pk, 0,
                              "v2 rendezvous service descriptor") < 0)
      goto err;
    /* Verify that descriptor ID belongs to public key and secret ID part. */
@@@ -4752,11 -3749,12 +4760,11 @@@
    }
    goto done;
   err:
 -  if (result)
 -    rend_service_descriptor_free(result);
 +  rend_service_descriptor_free(result);
    result = NULL;
   done:
    if (tokens) {
 -    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
      smartlist_free(tokens);
    }
    if (area)
@@@ -4914,7 -3912,7 +4922,7 @@@ rend_parse_introduction_points(rend_ser
        eos = eos+1;
      tor_assert(eos <= intro_points_encoded+intro_points_encoded_size);
      /* Free tokens and clear token list. */
 -    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
      smartlist_clear(tokens);
      memarea_clear(area);
      /* Tokenize string. */
@@@ -4987,7 -3985,7 +4995,7 @@@
  
   done:
    /* Free tokens and clear token list. */
 -  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
    smartlist_free(tokens);
    if (area)
      memarea_drop_all(area);
@@@ -5026,7 -4024,7 +5034,7 @@@ rend_parse_client_keys(strmap_t *parsed
      else
        eos = eos + 1;
      /* Free tokens and clear token list. */
 -    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +    SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
      smartlist_clear(tokens);
      memarea_clear(area);
      /* Tokenize string. */
@@@ -5098,7 -4096,7 +5106,7 @@@
    result = -1;
   done:
    /* Free tokens and clear token list. */
 -  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_free(t));
 +  SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
    smartlist_free(tokens);
    if (area)
      memarea_drop_all(area);



More information about the tor-commits mailing list