[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #28415 [Core Tor/Tor]: extra-info-digest's sha256-digest isn't actually over the same data as the sha1-digest



#28415: extra-info-digest's sha256-digest isn't actually over the same data as the
sha1-digest
------------------------------+----------------------
     Reporter:  irl           |      Owner:  (none)
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  dir-spec
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+----------------------
 Please review my pull request at:

 https://github.com/torproject/torspec/pull/44

 The extra-info-digest field of server descriptors was defined to contain
 either a SHA1, or a SHA1 and a SHA256 digest. These were both meant to
 be computed over the same data but due to an implementation error, the
 Tor network has been computing the digests over different data for a
 while. This is a lot easier to fix in the spec than in the code, and
 the error does not seem to cause any harm beyond being a little
 confusing (which this patch should help with).

 A minor fix is also made to the SHA1 digest portion of the text. This is
 a typo fix and a clarification, and does not change the semantic meaning
 for that portion.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28415>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs