Opened 5 years ago

Closed 5 years ago

#12404 closed defect (worksforme)

#9777 breaks clients that build with disabled curve25519

Reported by: arma Owned by: nickm
Priority: Medium Milestone: Tor: 0.2.5.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-client 024-backport
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

#9777 made us try 32 times to get a circuit with at least one ntor supporting relay in it, and after that we give up.

But if you build without CURVE25519_ENABLED you're never going to get there.

Seems like we should allow people who build without it to work?

Suggested by https://blog.torproject.org/blog/tor-02422-released#comment-63335

Child Tickets

Change History (3)

comment:1 Changed 5 years ago by nickm

Keywords: tor-client 024-backport added
Owner: set to nickm
Status: newassigned

Maaaybe? I gotta say, the case made on that ticket is not exactly compelling. It mixes up the use of curve25519 in ntor with the use of P256/P224 ECDHE in TLS -- the latter of which has nothing to do with curve25519.

Still, this isn't exactly a hard fix. Just because I don't agree with the one user who thinks that DH1024 is better choice than curve25519, doesn't mean that there isn't some other reason to try --disable-curve25519. (And breaking a feature by accident is not exactly the right way to deprecate it.)

comment:2 Changed 5 years ago by nickm

Status: assignedneeds_information

Hang on. Isn't this already handled in onion_populate_cpath() with the "! using_ntor" case in:

      /* This circuit doesn't need/shouldn't be forced to have an ntor hop */
      if (circ->build_state->desired_path_len <= 1 || ! using_ntor)
        return 0;

I just tried building the maint-0.2.4 branch with --disable-curve25519 : everything worked okay, and it built circuits just fine. I also verified to see that it works with --enable-curve25519 and "UseNTorHandshake 0". Then I tried the same cases on master, and that worked too.

Did anybody check to see if this bug was actually happening? I think we can close it as "worksforme", unless you think we should retroactively clarify the changelog.

comment:3 Changed 5 years ago by nickm

Resolution: worksforme
Status: needs_informationclosed

Closing as worksforme -- as far as I can tell, this bug report happened because of reading the changelog, which _did_ sorta imply that this bug would happen -- but this bug doesn't happen for me.

Note: See TracTickets for help on using tickets.