[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor is released

This, the second alpha in the Tor 0.2.7 series, has a number of new
features, including a way to manually pick the number of introduction
points for hidden services, and the much stronger Ed25519 signing key
algorithm for regular Tor relays (including support for encrypted
offline identity keys in the new algorithm).

Support for Ed25519 on relays is currently limited to signing router
descriptors; later alphas in this series will extend Ed25519 key
support to more parts of the Tor protocol.

You can download the source from the usual place on the website.
Packages should be up in a few days.

NOTE: This is an alpha release. Please expect bugs.

  o Major features (Ed25519 identity keys, Proposal 220):
    - All relays now maintain a stronger identity key, using the Ed25519
      elliptic curve signature format. This master key is designed so
      that it can be kept offline. Relays also generate an online
      signing key, and a set of other Ed25519 keys and certificates.
      These are all automatically regenerated and rotated as needed.
      Implements part of ticket 12498.
    - Directory authorities now vote on Ed25519 identity keys along with
      RSA1024 keys. Implements part of ticket 12498.
    - Directory authorities track which Ed25519 identity keys have been
      used with which RSA1024 identity keys, and do not allow them to
      vary freely. Implements part of ticket 12498.
    - Microdescriptors now include Ed25519 identity keys. Implements
      part of ticket 12498.
    - Add support for offline encrypted Ed25519 master keys. To use this
      feature on your tor relay, run "tor --keygen" to make a new master
      key (or to make a new signing key if you already have a master
      key). Closes ticket 13642.

  o Major features (Hidden services):
    - Add the torrc option HiddenServiceNumIntroductionPoints, to
      specify a fixed number of introduction points. Its maximum value
      is 10 and default is 3. Using this option can increase a hidden
      service's reliability under load, at the cost of making it more
      visible that the hidden service is facing extra load. Closes
      ticket 4862.
    - Remove the adaptive algorithm for choosing the number of
      introduction points, which used to change the number of
      introduction points (poorly) depending on the number of
      connections the HS sees. Closes ticket 4862.

  o Major features (onion key cross-certification):
    - Relay descriptors now include signatures of their own identity
      keys, made using the TAP and ntor onion keys. These signatures
      allow relays to prove ownership of their own onion keys. Because
      of this change, microdescriptors will no longer need to include
      RSA identity keys. Implements proposal 228; closes ticket 12499.

  o Major features (performance):
    - Improve the runtime speed of Ed25519 operations by using the
      public-domain Ed25519-donna by Andrew M. ("floodyberry").
      Implements ticket 16467.
    - Improve the runtime speed of the ntor handshake by using an
      optimized curve25519 basepoint scalarmult implementation from the
      public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on
      ideas by Adam Langley. Implements ticket 9663.

  o Major bugfixes (client-side privacy, also in
    - Properly separate out each SOCKSPort when applying stream
      isolation. The error occurred because each port's session group
      was being overwritten by a default value when the listener
      connection was initialized. Fixes bug 16247; bugfix on Patch by "jojelino".

  o Major bugfixes (hidden service clients, stability, also in
    - Stop refusing to store updated hidden service descriptors on a
      client. This reverts commit 9407040c59218 (which indeed fixed bug
      14219, but introduced a major hidden service reachability
      regression detailed in bug 16381). This is a temporary fix since
      we can live with the minor issue in bug 14219 (it just results in
      some load on the network) but the regression of 16381 is too much
      of a setback. First-round fix for bug 16381; bugfix

  o Major bugfixes (hidden services):
    - When cannibalizing a circuit for an introduction point, always
      extend to the chosen exit node (creating a 4 hop circuit).
      Previously Tor would use the current circuit exit node, which
      changed the original choice of introduction point, and could cause
      the hidden service to skip excluded introduction points or
      reconnect to a skipped introduction point. Fixes bug 16260; bugfix

  o Major bugfixes (open file limit):
    - The open file limit wasn't checked before calling
      tor_accept_socket_nonblocking(), which would make Tor exceed the
      limit. Now, before opening a new socket, Tor validates the open
      file limit just before, and if the max has been reached, return an
      error. Fixes bug 16288; bugfix on

  o Major bugfixes (stability, also in
    - Stop crashing with an assertion failure when parsing certain kinds
      of malformed or truncated microdescriptors. Fixes bug 16400;
      bugfix on Found by "torkeln"; fix based on a patch
      by "cypherpunks_backup".
    - Stop random client-side assertion failures that could occur when
      connecting to a busy hidden service, or connecting to a hidden
      service while a NEWNYM is in progress. Fixes bug 16013; bugfix

  o Minor features (directory authorities, security, also in
    - The HSDir flag given by authorities now requires the Stable flag.
      For the current network, this results in going from 2887 to 2806
      HSDirs. Also, it makes it harder for an attacker to launch a sybil
      attack by raising the effort for a relay to become Stable to
      require at the very least 7 days, while maintaining the 96 hours
      uptime requirement for HSDir. Implements ticket 8243.

  o Minor features (client):
    - Relax the validation of hostnames in SOCKS5 requests, allowing the
      character '_' to appear, in order to cope with domains observed in
      the wild that are serving non-RFC compliant records. Resolves
      ticket 16430.
    - Relax the validation done to hostnames in SOCKS5 requests, and
      allow a single trailing '.' to cope with clients that pass FQDNs
      using that syntax to explicitly indicate that the domain name is
      fully-qualified. Fixes bug 16674; bugfix on
    - Add GroupWritable and WorldWritable options to unix-socket based
      SocksPort and ControlPort options. These options apply to a single
      socket, and override {Control,Socks}SocketsGroupWritable. Closes
      ticket 15220.

  o Minor features (control protocol):
    - Support network-liveness GETINFO key and NETWORK_LIVENESS event in
      the control protocol. Resolves ticket 15358.

  o Minor features (directory authorities):
    - Directory authorities no longer vote against the "Fast", "Stable",
      and "HSDir" flags just because they were going to vote against
      "Running": if the consensus turns out to be that the router was
      running, then the authority's vote should count. Patch from Peter
      Retzlaff; closes issue 8712.

  o Minor features (geoip, also in
    - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
    - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.

  o Minor features (hidden services):
    - Add the new options "HiddenServiceMaxStreams" and
      "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to
      limit the maximum number of simultaneous streams per circuit, and
      optionally tear down the circuit when the limit is exceeded. Part
      of ticket 16052.

  o Minor features (portability):
    - Use C99 variadic macros when the compiler is not GCC. This avoids
      failing compilations on MSVC, and fixes a log-file-based race
      condition in our old workarounds. Original patch from Gisle Vanem.

  o Minor bugfixes (compilation, also in
    - Build with --enable-systemd correctly when libsystemd is
      installed, but systemd is not. Fixes bug 16164; bugfix on Patch from Peter Palfrader.

  o Minor bugfixes (controller):
    - Add the descriptor ID in each HS_DESC control event. It was
      missing, but specified in control-spec.txt. Fixes bug 15881;
      bugfix on

  o Minor bugfixes (crypto error-handling, also in
    - Check for failures from crypto_early_init, and refuse to continue.
      A previous typo meant that we could keep going with an
      uninitialized crypto library, and would have OpenSSL initialize
      its own PRNG. Fixes bug 16360; bugfix on, introduced
      when implementing ticket 4900. Patch by "teor".

  o Minor bugfixes (hidden services):
    - Fix a crash when reloading configuration while at least one
      configured and one ephemeral hidden service exists. Fixes bug
      16060; bugfix on
    - Avoid crashing with a double-free bug when we create an ephemeral
      hidden service but adding it fails for some reason. Fixes bug
      16228; bugfix on

  o Minor bugfixes (Linux seccomp2 sandbox):
    - Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is
      defined. Patch by "teor". Fixes bug 16515; bugfix on

  o Minor bugfixes (Linux seccomp2 sandbox, also in
    - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
      these when eventfd2() support is missing. Fixes bug 16363; bugfix
      on Patch from "teor".

  o Minor bugfixes (Linux seccomp2 sandbox, also in
    - Fix sandboxing to work when running as a relay, by allowing the
      renaming of secret_id_key, and allowing the eventfd2 and futex
      syscalls. Fixes bug 16244; bugfix on Patch by
      Peter Palfrader.
    - Allow systemd connections to work with the Linux seccomp2 sandbox
      code. Fixes bug 16212; bugfix on Patch by
      Peter Palfrader.

  o Minor bugfixes (relay):
    - Fix a rarely-encountered memory leak when failing to initialize
      the thread pool. Fixes bug 16631; bugfix on Patch
      from "cypherpunks".

  o Minor bugfixes (systemd):
    - Fix an accidental formatting error that broke the systemd
      configuration file. Fixes bug 16152; bugfix on
    - Tor's systemd unit file no longer contains extraneous spaces.
      These spaces would sometimes confuse tools like deb-systemd-
      helper. Fixes bug 16162; bugfix on

  o Minor bugfixes (tests):
    - Use the configured Python executable when running test-stem-full.
      Fixes bug 16470; bugfix on

  o Minor bugfixes (tests, also in
    - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
      16030; bugfix on Patch from "NewEraCracker".

  o Minor bugfixes (threads, comments):
    - Always initialize return value in compute_desc_id in rendcommon.c
      Patch by "teor". Fixes part of bug 16115; bugfix on
    - Check for NULL values in getinfo_helper_onions(). Patch by "teor".
      Fixes part of bug 16115; bugfix on
    - Remove undefined directive-in-macro in test_util_writepid clang
      3.7 complains that using a preprocessor directive inside a macro
      invocation in test_util_writepid in test_util.c is undefined.
      Patch by "teor". Fixes part of bug 16115; bugfix on

  o Code simplification and refactoring:
    - Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order
      to ensure they remain consistent and visible everywhere.
    - Remove some vestigial workarounds for the MSVC6 compiler. We
      haven't supported that in ages.
    - The link authentication code has been refactored for better
      testability and reliability. It now uses code generated with the
      "trunnel" binary encoding generator, to reduce the risk of bugs
      due to programmer error. Done as part of ticket 12498.

  o Documentation:
    - Include a specific and (hopefully) accurate documentation of the
      torrc file's meta-format in doc/torrc_format.txt. This is mainly
      of interest to people writing programs to parse or generate torrc
      files. This document is not a commitment to long-term
      compatibility; some aspects of the current format are a bit
      ridiculous. Closes ticket 2325.

  o Removed features:
    - Tor no longer supports copies of OpenSSL that are missing support
      for Elliptic Curve Cryptography. (We began using ECC when
      available in, for more safe and efficient key
      negotiation.) In particular, support for at least one of P256 or
      P224 is now required, with manual configuration needed if only
      P224 is available. Resolves ticket 16140.
    - Tor no longer supports versions of OpenSSL before 1.0. (If you are
      on an operating system that has not upgraded to OpenSSL 1.0 or
      later, and you compile Tor from source, you will need to install a
      more recent OpenSSL to link Tor against.) These versions of
      OpenSSL are still supported by the OpenSSL, but the numerous
      cryptographic improvements in later OpenSSL releases makes them a
      clear choice. Resolves ticket 16034.
    - Remove the HidServDirectoryV2 option. Now all relays offer to
      store hidden service descriptors. Related to 16543.
    - Remove the VoteOnHidServDirectoriesV2 option, since all
      authorities have long set it to 1. Closes ticket 16543.

  o Testing:
    - Document use of coverity, clang static analyzer, and clang dynamic
      undefined behavior and address sanitizers in doc/HACKING. Include
      detailed usage instructions in the blacklist. Patch by "teor".
      Closes ticket 15817.
    - The link authentication protocol code now has extensive tests.
    - The relay descriptor signature testing code now has
      extensive tests.
    - The test_workqueue program now runs faster, and is enabled by
      default as a part of "make check".
    - Now that OpenSSL has its own scrypt implementation, add an unit
      test that checks for interoperability between libscrypt_scrypt()
      and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt
      and rely on EVP_PBE_scrypt() whenever possible. Resolves
      ticket 16189.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to