authcert.c 41 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208
  1. /* Copyright (c) 2001 Matej Pfajfar.
  2. * Copyright (c) 2001-2004, Roger Dingledine.
  3. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  4. * Copyright (c) 2007-2019, The Tor Project, Inc. */
  5. /* See LICENSE for licensing information */
  6. /**
  7. * \file authcert.c
  8. * \brief Code to maintain directory authorities' certificates.
  9. *
  10. * Authority certificates are signed with authority identity keys; they
  11. * are used to authenticate shorter-term authority signing keys. We
  12. * fetch them when we find a consensus or a vote that has been signed
  13. * with a signing key we don't recognize. We cache them on disk and
  14. * load them on startup. Authority operators generate them with the
  15. * "tor-gencert" utility.
  16. */
  17. #include "core/or/or.h"
  18. #include "app/config/config.h"
  19. #include "core/mainloop/connection.h"
  20. #include "core/mainloop/mainloop.h"
  21. #include "core/or/policies.h"
  22. #include "feature/client/bridges.h"
  23. #include "feature/dirauth/authmode.h"
  24. #include "feature/dirclient/dirclient.h"
  25. #include "feature/dirclient/dlstatus.h"
  26. #include "feature/dircommon/directory.h"
  27. #include "feature/dircommon/fp_pair.h"
  28. #include "feature/dirparse/authcert_parse.h"
  29. #include "feature/nodelist/authcert.h"
  30. #include "feature/nodelist/dirlist.h"
  31. #include "feature/nodelist/networkstatus.h"
  32. #include "feature/nodelist/node_select.h"
  33. #include "feature/nodelist/nodelist.h"
  34. #include "feature/nodelist/routerlist.h"
  35. #include "feature/relay/routermode.h"
  36. #include "core/or/connection_st.h"
  37. #include "feature/dirclient/dir_server_st.h"
  38. #include "feature/dircommon/dir_connection_st.h"
  39. #include "feature/nodelist/authority_cert_st.h"
  40. #include "feature/nodelist/document_signature_st.h"
  41. #include "feature/nodelist/networkstatus_st.h"
  42. #include "feature/nodelist/networkstatus_voter_info_st.h"
  43. #include "feature/nodelist/node_st.h"
  44. DECLARE_TYPED_DIGESTMAP_FNS(dsmap_, digest_ds_map_t, download_status_t)
  45. #define DSMAP_FOREACH(map, keyvar, valvar) \
  46. DIGESTMAP_FOREACH(dsmap_to_digestmap(map), keyvar, download_status_t *, \
  47. valvar)
  48. #define dsmap_free(map, fn) MAP_FREE_AND_NULL(dsmap, (map), (fn))
  49. /* Forward declaration for cert_list_t */
  50. typedef struct cert_list_t cert_list_t;
  51. static void download_status_reset_by_sk_in_cl(cert_list_t *cl,
  52. const char *digest);
  53. static int download_status_is_ready_by_sk_in_cl(cert_list_t *cl,
  54. const char *digest,
  55. time_t now);
  56. static void list_pending_fpsk_downloads(fp_pair_map_t *result);
  57. /** List of certificates for a single authority, and download status for
  58. * latest certificate.
  59. */
  60. struct cert_list_t {
  61. /*
  62. * The keys of download status map are cert->signing_key_digest for pending
  63. * downloads by (identity digest/signing key digest) pair; functions such
  64. * as authority_cert_get_by_digest() already assume these are unique.
  65. */
  66. struct digest_ds_map_t *dl_status_map;
  67. /* There is also a dlstatus for the download by identity key only */
  68. download_status_t dl_status_by_id;
  69. smartlist_t *certs;
  70. };
  71. /** Map from v3 identity key digest to cert_list_t. */
  72. static digestmap_t *trusted_dir_certs = NULL;
  73. /** True iff any key certificate in at least one member of
  74. * <b>trusted_dir_certs</b> has changed since we last flushed the
  75. * certificates to disk. */
  76. static int trusted_dir_servers_certs_changed = 0;
  77. /** Initialise schedule, want_authority, and increment_on in the download
  78. * status dlstatus, then call download_status_reset() on it.
  79. * It is safe to call this function or download_status_reset() multiple times
  80. * on a new dlstatus. But it should *not* be called after a dlstatus has been
  81. * used to count download attempts or failures. */
  82. static void
  83. download_status_cert_init(download_status_t *dlstatus)
  84. {
  85. dlstatus->schedule = DL_SCHED_CONSENSUS;
  86. dlstatus->want_authority = DL_WANT_ANY_DIRSERVER;
  87. dlstatus->increment_on = DL_SCHED_INCREMENT_FAILURE;
  88. dlstatus->last_backoff_position = 0;
  89. dlstatus->last_delay_used = 0;
  90. /* Use the new schedule to set next_attempt_at */
  91. download_status_reset(dlstatus);
  92. }
  93. /** Reset the download status of a specified element in a dsmap */
  94. static void
  95. download_status_reset_by_sk_in_cl(cert_list_t *cl, const char *digest)
  96. {
  97. download_status_t *dlstatus = NULL;
  98. tor_assert(cl);
  99. tor_assert(digest);
  100. /* Make sure we have a dsmap */
  101. if (!(cl->dl_status_map)) {
  102. cl->dl_status_map = dsmap_new();
  103. }
  104. /* Look for a download_status_t in the map with this digest */
  105. dlstatus = dsmap_get(cl->dl_status_map, digest);
  106. /* Got one? */
  107. if (!dlstatus) {
  108. /* Insert before we reset */
  109. dlstatus = tor_malloc_zero(sizeof(*dlstatus));
  110. dsmap_set(cl->dl_status_map, digest, dlstatus);
  111. download_status_cert_init(dlstatus);
  112. }
  113. tor_assert(dlstatus);
  114. /* Go ahead and reset it */
  115. download_status_reset(dlstatus);
  116. }
  117. /**
  118. * Return true if the download for this signing key digest in cl is ready
  119. * to be re-attempted.
  120. */
  121. static int
  122. download_status_is_ready_by_sk_in_cl(cert_list_t *cl,
  123. const char *digest,
  124. time_t now)
  125. {
  126. int rv = 0;
  127. download_status_t *dlstatus = NULL;
  128. tor_assert(cl);
  129. tor_assert(digest);
  130. /* Make sure we have a dsmap */
  131. if (!(cl->dl_status_map)) {
  132. cl->dl_status_map = dsmap_new();
  133. }
  134. /* Look for a download_status_t in the map with this digest */
  135. dlstatus = dsmap_get(cl->dl_status_map, digest);
  136. /* Got one? */
  137. if (dlstatus) {
  138. /* Use download_status_is_ready() */
  139. rv = download_status_is_ready(dlstatus, now);
  140. } else {
  141. /*
  142. * If we don't know anything about it, return 1, since we haven't
  143. * tried this one before. We need to create a new entry here,
  144. * too.
  145. */
  146. dlstatus = tor_malloc_zero(sizeof(*dlstatus));
  147. download_status_cert_init(dlstatus);
  148. dsmap_set(cl->dl_status_map, digest, dlstatus);
  149. rv = 1;
  150. }
  151. return rv;
  152. }
  153. /** Helper: Return the cert_list_t for an authority whose authority ID is
  154. * <b>id_digest</b>, allocating a new list if necessary. */
  155. static cert_list_t *
  156. get_cert_list(const char *id_digest)
  157. {
  158. cert_list_t *cl;
  159. if (!trusted_dir_certs)
  160. trusted_dir_certs = digestmap_new();
  161. cl = digestmap_get(trusted_dir_certs, id_digest);
  162. if (!cl) {
  163. cl = tor_malloc_zero(sizeof(cert_list_t));
  164. download_status_cert_init(&cl->dl_status_by_id);
  165. cl->certs = smartlist_new();
  166. cl->dl_status_map = dsmap_new();
  167. digestmap_set(trusted_dir_certs, id_digest, cl);
  168. }
  169. return cl;
  170. }
  171. /** Return a list of authority ID digests with potentially enumerable lists
  172. * of download_status_t objects; used by controller GETINFO queries.
  173. */
  174. MOCK_IMPL(smartlist_t *,
  175. list_authority_ids_with_downloads, (void))
  176. {
  177. smartlist_t *ids = smartlist_new();
  178. digestmap_iter_t *i;
  179. const char *digest;
  180. char *tmp;
  181. void *cl;
  182. if (trusted_dir_certs) {
  183. for (i = digestmap_iter_init(trusted_dir_certs);
  184. !(digestmap_iter_done(i));
  185. i = digestmap_iter_next(trusted_dir_certs, i)) {
  186. /*
  187. * We always have at least dl_status_by_id to query, so no need to
  188. * probe deeper than the existence of a cert_list_t.
  189. */
  190. digestmap_iter_get(i, &digest, &cl);
  191. tmp = tor_malloc(DIGEST_LEN);
  192. memcpy(tmp, digest, DIGEST_LEN);
  193. smartlist_add(ids, tmp);
  194. }
  195. }
  196. /* else definitely no downloads going since nothing even has a cert list */
  197. return ids;
  198. }
  199. /** Given an authority ID digest, return a pointer to the default download
  200. * status, or NULL if there is no such entry in trusted_dir_certs */
  201. MOCK_IMPL(download_status_t *,
  202. id_only_download_status_for_authority_id, (const char *digest))
  203. {
  204. download_status_t *dl = NULL;
  205. cert_list_t *cl;
  206. if (trusted_dir_certs) {
  207. cl = digestmap_get(trusted_dir_certs, digest);
  208. if (cl) {
  209. dl = &(cl->dl_status_by_id);
  210. }
  211. }
  212. return dl;
  213. }
  214. /** Given an authority ID digest, return a smartlist of signing key digests
  215. * for which download_status_t is potentially queryable, or NULL if no such
  216. * authority ID digest is known. */
  217. MOCK_IMPL(smartlist_t *,
  218. list_sk_digests_for_authority_id, (const char *digest))
  219. {
  220. smartlist_t *sks = NULL;
  221. cert_list_t *cl;
  222. dsmap_iter_t *i;
  223. const char *sk_digest;
  224. char *tmp;
  225. download_status_t *dl;
  226. if (trusted_dir_certs) {
  227. cl = digestmap_get(trusted_dir_certs, digest);
  228. if (cl) {
  229. sks = smartlist_new();
  230. if (cl->dl_status_map) {
  231. for (i = dsmap_iter_init(cl->dl_status_map);
  232. !(dsmap_iter_done(i));
  233. i = dsmap_iter_next(cl->dl_status_map, i)) {
  234. /* Pull the digest out and add it to the list */
  235. dsmap_iter_get(i, &sk_digest, &dl);
  236. tmp = tor_malloc(DIGEST_LEN);
  237. memcpy(tmp, sk_digest, DIGEST_LEN);
  238. smartlist_add(sks, tmp);
  239. }
  240. }
  241. }
  242. }
  243. return sks;
  244. }
  245. /** Given an authority ID digest and a signing key digest, return the
  246. * download_status_t or NULL if none exists. */
  247. MOCK_IMPL(download_status_t *,
  248. download_status_for_authority_id_and_sk,(const char *id_digest,
  249. const char *sk_digest))
  250. {
  251. download_status_t *dl = NULL;
  252. cert_list_t *cl = NULL;
  253. if (trusted_dir_certs) {
  254. cl = digestmap_get(trusted_dir_certs, id_digest);
  255. if (cl && cl->dl_status_map) {
  256. dl = dsmap_get(cl->dl_status_map, sk_digest);
  257. }
  258. }
  259. return dl;
  260. }
  261. #define cert_list_free(val) \
  262. FREE_AND_NULL(cert_list_t, cert_list_free_, (val))
  263. /** Release all space held by a cert_list_t */
  264. static void
  265. cert_list_free_(cert_list_t *cl)
  266. {
  267. if (!cl)
  268. return;
  269. SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
  270. authority_cert_free(cert));
  271. smartlist_free(cl->certs);
  272. dsmap_free(cl->dl_status_map, tor_free_);
  273. tor_free(cl);
  274. }
  275. /** Wrapper for cert_list_free so we can pass it to digestmap_free */
  276. static void
  277. cert_list_free_void(void *cl)
  278. {
  279. cert_list_free_(cl);
  280. }
  281. /** Reload the cached v3 key certificates from the cached-certs file in
  282. * the data directory. Return 0 on success, -1 on failure. */
  283. int
  284. trusted_dirs_reload_certs(void)
  285. {
  286. char *filename;
  287. char *contents;
  288. int r;
  289. filename = get_cachedir_fname("cached-certs");
  290. contents = read_file_to_str(filename, RFTS_IGNORE_MISSING, NULL);
  291. tor_free(filename);
  292. if (!contents)
  293. return 0;
  294. r = trusted_dirs_load_certs_from_string(
  295. contents,
  296. TRUSTED_DIRS_CERTS_SRC_FROM_STORE, 1, NULL);
  297. tor_free(contents);
  298. return r;
  299. }
  300. /** Helper: return true iff we already have loaded the exact cert
  301. * <b>cert</b>. */
  302. static inline int
  303. already_have_cert(authority_cert_t *cert)
  304. {
  305. cert_list_t *cl = get_cert_list(cert->cache_info.identity_digest);
  306. SMARTLIST_FOREACH(cl->certs, authority_cert_t *, c,
  307. {
  308. if (tor_memeq(c->cache_info.signed_descriptor_digest,
  309. cert->cache_info.signed_descriptor_digest,
  310. DIGEST_LEN))
  311. return 1;
  312. });
  313. return 0;
  314. }
  315. /** Load a bunch of new key certificates from the string <b>contents</b>. If
  316. * <b>source</b> is TRUSTED_DIRS_CERTS_SRC_FROM_STORE, the certificates are
  317. * from the cache, and we don't need to flush them to disk. If we are a
  318. * dirauth loading our own cert, source is TRUSTED_DIRS_CERTS_SRC_SELF.
  319. * Otherwise, source is download type: TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST
  320. * or TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST. If <b>flush</b> is true, we
  321. * need to flush any changed certificates to disk now. Return 0 on success,
  322. * -1 if any certs fail to parse.
  323. *
  324. * If source_dir is non-NULL, it's the identity digest for a directory that
  325. * we've just successfully retrieved certificates from, so try it first to
  326. * fetch any missing certificates.
  327. */
  328. int
  329. trusted_dirs_load_certs_from_string(const char *contents, int source,
  330. int flush, const char *source_dir)
  331. {
  332. dir_server_t *ds;
  333. const char *s, *eos;
  334. int failure_code = 0;
  335. int from_store = (source == TRUSTED_DIRS_CERTS_SRC_FROM_STORE);
  336. int added_trusted_cert = 0;
  337. for (s = contents; *s; s = eos) {
  338. authority_cert_t *cert = authority_cert_parse_from_string(s, &eos);
  339. cert_list_t *cl;
  340. if (!cert) {
  341. failure_code = -1;
  342. break;
  343. }
  344. ds = trusteddirserver_get_by_v3_auth_digest(
  345. cert->cache_info.identity_digest);
  346. log_debug(LD_DIR, "Parsed certificate for %s",
  347. ds ? ds->nickname : "unknown authority");
  348. if (already_have_cert(cert)) {
  349. /* we already have this one. continue. */
  350. log_info(LD_DIR, "Skipping %s certificate for %s that we "
  351. "already have.",
  352. from_store ? "cached" : "downloaded",
  353. ds ? ds->nickname : "an old or new authority");
  354. /*
  355. * A duplicate on download should be treated as a failure, so we call
  356. * authority_cert_dl_failed() to reset the download status to make sure
  357. * we can't try again. Since we've implemented the fp-sk mechanism
  358. * to download certs by signing key, this should be much rarer than it
  359. * was and is perhaps cause for concern.
  360. */
  361. if (!from_store) {
  362. if (authdir_mode(get_options())) {
  363. log_warn(LD_DIR,
  364. "Got a certificate for %s, but we already have it. "
  365. "Maybe they haven't updated it. Waiting for a while.",
  366. ds ? ds->nickname : "an old or new authority");
  367. } else {
  368. log_info(LD_DIR,
  369. "Got a certificate for %s, but we already have it. "
  370. "Maybe they haven't updated it. Waiting for a while.",
  371. ds ? ds->nickname : "an old or new authority");
  372. }
  373. /*
  374. * This is where we care about the source; authority_cert_dl_failed()
  375. * needs to know whether the download was by fp or (fp,sk) pair to
  376. * twiddle the right bit in the download map.
  377. */
  378. if (source == TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST) {
  379. authority_cert_dl_failed(cert->cache_info.identity_digest,
  380. NULL, 404);
  381. } else if (source == TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST) {
  382. authority_cert_dl_failed(cert->cache_info.identity_digest,
  383. cert->signing_key_digest, 404);
  384. }
  385. }
  386. authority_cert_free(cert);
  387. continue;
  388. }
  389. if (ds) {
  390. added_trusted_cert = 1;
  391. log_info(LD_DIR, "Adding %s certificate for directory authority %s with "
  392. "signing key %s", from_store ? "cached" : "downloaded",
  393. ds->nickname, hex_str(cert->signing_key_digest,DIGEST_LEN));
  394. } else {
  395. int adding = we_want_to_fetch_unknown_auth_certs(get_options());
  396. log_info(LD_DIR, "%s %s certificate for unrecognized directory "
  397. "authority with signing key %s",
  398. adding ? "Adding" : "Not adding",
  399. from_store ? "cached" : "downloaded",
  400. hex_str(cert->signing_key_digest,DIGEST_LEN));
  401. if (!adding) {
  402. authority_cert_free(cert);
  403. continue;
  404. }
  405. }
  406. cl = get_cert_list(cert->cache_info.identity_digest);
  407. smartlist_add(cl->certs, cert);
  408. if (ds && cert->cache_info.published_on > ds->addr_current_at) {
  409. /* Check to see whether we should update our view of the authority's
  410. * address. */
  411. if (cert->addr && cert->dir_port &&
  412. (ds->addr != cert->addr ||
  413. ds->dir_port != cert->dir_port)) {
  414. char *a = tor_dup_ip(cert->addr);
  415. log_notice(LD_DIR, "Updating address for directory authority %s "
  416. "from %s:%d to %s:%d based on certificate.",
  417. ds->nickname, ds->address, (int)ds->dir_port,
  418. a, cert->dir_port);
  419. tor_free(a);
  420. ds->addr = cert->addr;
  421. ds->dir_port = cert->dir_port;
  422. }
  423. ds->addr_current_at = cert->cache_info.published_on;
  424. }
  425. if (!from_store)
  426. trusted_dir_servers_certs_changed = 1;
  427. }
  428. if (flush)
  429. trusted_dirs_flush_certs_to_disk();
  430. /* call this even if failure_code is <0, since some certs might have
  431. * succeeded, but only pass source_dir if there were no failures,
  432. * and at least one more authority certificate was added to the store.
  433. * This avoids retrying a directory that's serving bad or entirely duplicate
  434. * certificates. */
  435. if (failure_code == 0 && added_trusted_cert) {
  436. networkstatus_note_certs_arrived(source_dir);
  437. } else {
  438. networkstatus_note_certs_arrived(NULL);
  439. }
  440. return failure_code;
  441. }
  442. /** Save all v3 key certificates to the cached-certs file. */
  443. void
  444. trusted_dirs_flush_certs_to_disk(void)
  445. {
  446. char *filename;
  447. smartlist_t *chunks;
  448. if (!trusted_dir_servers_certs_changed || !trusted_dir_certs)
  449. return;
  450. chunks = smartlist_new();
  451. DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
  452. SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
  453. {
  454. sized_chunk_t *c = tor_malloc(sizeof(sized_chunk_t));
  455. c->bytes = cert->cache_info.signed_descriptor_body;
  456. c->len = cert->cache_info.signed_descriptor_len;
  457. smartlist_add(chunks, c);
  458. });
  459. } DIGESTMAP_FOREACH_END;
  460. filename = get_cachedir_fname("cached-certs");
  461. if (write_chunks_to_file(filename, chunks, 0, 0)) {
  462. log_warn(LD_FS, "Error writing certificates to disk.");
  463. }
  464. tor_free(filename);
  465. SMARTLIST_FOREACH(chunks, sized_chunk_t *, c, tor_free(c));
  466. smartlist_free(chunks);
  467. trusted_dir_servers_certs_changed = 0;
  468. }
  469. static int
  470. compare_certs_by_pubdates(const void **_a, const void **_b)
  471. {
  472. const authority_cert_t *cert1 = *_a, *cert2=*_b;
  473. if (cert1->cache_info.published_on < cert2->cache_info.published_on)
  474. return -1;
  475. else if (cert1->cache_info.published_on > cert2->cache_info.published_on)
  476. return 1;
  477. else
  478. return 0;
  479. }
  480. /** Remove all expired v3 authority certificates that have been superseded for
  481. * more than 48 hours or, if not expired, that were published more than 7 days
  482. * before being superseded. (If the most recent cert was published more than 48
  483. * hours ago, then we aren't going to get any consensuses signed with older
  484. * keys.) */
  485. void
  486. trusted_dirs_remove_old_certs(void)
  487. {
  488. time_t now = time(NULL);
  489. #define DEAD_CERT_LIFETIME (2*24*60*60)
  490. #define SUPERSEDED_CERT_LIFETIME (2*24*60*60)
  491. if (!trusted_dir_certs)
  492. return;
  493. DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
  494. /* Sort the list from first-published to last-published */
  495. smartlist_sort(cl->certs, compare_certs_by_pubdates);
  496. SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
  497. if (cert_sl_idx == smartlist_len(cl->certs) - 1) {
  498. /* This is the most recently published cert. Keep it. */
  499. continue;
  500. }
  501. authority_cert_t *next_cert = smartlist_get(cl->certs, cert_sl_idx+1);
  502. const time_t next_cert_published = next_cert->cache_info.published_on;
  503. if (next_cert_published > now) {
  504. /* All later certs are published in the future. Keep everything
  505. * we didn't discard. */
  506. break;
  507. }
  508. int should_remove = 0;
  509. if (cert->expires + DEAD_CERT_LIFETIME < now) {
  510. /* Certificate has been expired for at least DEAD_CERT_LIFETIME.
  511. * Remove it. */
  512. should_remove = 1;
  513. } else if (next_cert_published + SUPERSEDED_CERT_LIFETIME < now) {
  514. /* Certificate has been superseded for OLD_CERT_LIFETIME.
  515. * Remove it.
  516. */
  517. should_remove = 1;
  518. }
  519. if (should_remove) {
  520. SMARTLIST_DEL_CURRENT_KEEPORDER(cl->certs, cert);
  521. authority_cert_free(cert);
  522. trusted_dir_servers_certs_changed = 1;
  523. }
  524. } SMARTLIST_FOREACH_END(cert);
  525. } DIGESTMAP_FOREACH_END;
  526. #undef DEAD_CERT_LIFETIME
  527. #undef OLD_CERT_LIFETIME
  528. trusted_dirs_flush_certs_to_disk();
  529. }
  530. /** Return the newest v3 authority certificate whose v3 authority identity key
  531. * has digest <b>id_digest</b>. Return NULL if no such authority is known,
  532. * or it has no certificate. */
  533. authority_cert_t *
  534. authority_cert_get_newest_by_id(const char *id_digest)
  535. {
  536. cert_list_t *cl;
  537. authority_cert_t *best = NULL;
  538. if (!trusted_dir_certs ||
  539. !(cl = digestmap_get(trusted_dir_certs, id_digest)))
  540. return NULL;
  541. SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
  542. {
  543. if (!best || cert->cache_info.published_on > best->cache_info.published_on)
  544. best = cert;
  545. });
  546. return best;
  547. }
  548. /** Return the newest v3 authority certificate whose directory signing key has
  549. * digest <b>sk_digest</b>. Return NULL if no such certificate is known.
  550. */
  551. authority_cert_t *
  552. authority_cert_get_by_sk_digest(const char *sk_digest)
  553. {
  554. authority_cert_t *c;
  555. if (!trusted_dir_certs)
  556. return NULL;
  557. if ((c = get_my_v3_authority_cert()) &&
  558. tor_memeq(c->signing_key_digest, sk_digest, DIGEST_LEN))
  559. return c;
  560. if ((c = get_my_v3_legacy_cert()) &&
  561. tor_memeq(c->signing_key_digest, sk_digest, DIGEST_LEN))
  562. return c;
  563. DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
  564. SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
  565. {
  566. if (tor_memeq(cert->signing_key_digest, sk_digest, DIGEST_LEN))
  567. return cert;
  568. });
  569. } DIGESTMAP_FOREACH_END;
  570. return NULL;
  571. }
  572. /** Return the v3 authority certificate with signing key matching
  573. * <b>sk_digest</b>, for the authority with identity digest <b>id_digest</b>.
  574. * Return NULL if no such authority is known. */
  575. authority_cert_t *
  576. authority_cert_get_by_digests(const char *id_digest,
  577. const char *sk_digest)
  578. {
  579. cert_list_t *cl;
  580. if (!trusted_dir_certs ||
  581. !(cl = digestmap_get(trusted_dir_certs, id_digest)))
  582. return NULL;
  583. SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
  584. if (tor_memeq(cert->signing_key_digest, sk_digest, DIGEST_LEN))
  585. return cert; );
  586. return NULL;
  587. }
  588. /** Add every known authority_cert_t to <b>certs_out</b>. */
  589. void
  590. authority_cert_get_all(smartlist_t *certs_out)
  591. {
  592. tor_assert(certs_out);
  593. if (!trusted_dir_certs)
  594. return;
  595. DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
  596. SMARTLIST_FOREACH(cl->certs, authority_cert_t *, c,
  597. smartlist_add(certs_out, c));
  598. } DIGESTMAP_FOREACH_END;
  599. }
  600. /** Called when an attempt to download a certificate with the authority with
  601. * ID <b>id_digest</b> and, if not NULL, signed with key signing_key_digest
  602. * fails with HTTP response code <b>status</b>: remember the failure, so we
  603. * don't try again immediately. */
  604. void
  605. authority_cert_dl_failed(const char *id_digest,
  606. const char *signing_key_digest, int status)
  607. {
  608. cert_list_t *cl;
  609. download_status_t *dlstatus = NULL;
  610. char id_digest_str[2*DIGEST_LEN+1];
  611. char sk_digest_str[2*DIGEST_LEN+1];
  612. if (!trusted_dir_certs ||
  613. !(cl = digestmap_get(trusted_dir_certs, id_digest)))
  614. return;
  615. /*
  616. * Are we noting a failed download of the latest cert for the id digest,
  617. * or of a download by (id, signing key) digest pair?
  618. */
  619. if (!signing_key_digest) {
  620. /* Just by id digest */
  621. download_status_failed(&cl->dl_status_by_id, status);
  622. } else {
  623. /* Reset by (id, signing key) digest pair
  624. *
  625. * Look for a download_status_t in the map with this digest
  626. */
  627. dlstatus = dsmap_get(cl->dl_status_map, signing_key_digest);
  628. /* Got one? */
  629. if (dlstatus) {
  630. download_status_failed(dlstatus, status);
  631. } else {
  632. /*
  633. * Do this rather than hex_str(), since hex_str clobbers
  634. * old results and we call twice in the param list.
  635. */
  636. base16_encode(id_digest_str, sizeof(id_digest_str),
  637. id_digest, DIGEST_LEN);
  638. base16_encode(sk_digest_str, sizeof(sk_digest_str),
  639. signing_key_digest, DIGEST_LEN);
  640. log_warn(LD_BUG,
  641. "Got failure for cert fetch with (fp,sk) = (%s,%s), with "
  642. "status %d, but knew nothing about the download.",
  643. id_digest_str, sk_digest_str, status);
  644. }
  645. }
  646. }
  647. static const char *BAD_SIGNING_KEYS[] = {
  648. "09CD84F751FD6E955E0F8ADB497D5401470D697E", // Expires 2015-01-11 16:26:31
  649. "0E7E9C07F0969D0468AD741E172A6109DC289F3C", // Expires 2014-08-12 10:18:26
  650. "57B85409891D3FB32137F642FDEDF8B7F8CDFDCD", // Expires 2015-02-11 17:19:09
  651. "87326329007AF781F587AF5B594E540B2B6C7630", // Expires 2014-07-17 11:10:09
  652. "98CC82342DE8D298CF99D3F1A396475901E0D38E", // Expires 2014-11-10 13:18:56
  653. "9904B52336713A5ADCB13E4FB14DC919E0D45571", // Expires 2014-04-20 20:01:01
  654. "9DCD8E3F1DD1597E2AD476BBA28A1A89F3095227", // Expires 2015-01-16 03:52:30
  655. "A61682F34B9BB9694AC98491FE1ABBFE61923941", // Expires 2014-06-11 09:25:09
  656. "B59F6E99C575113650C99F1C425BA7B20A8C071D", // Expires 2014-07-31 13:22:10
  657. "D27178388FA75B96D37FA36E0B015227DDDBDA51", // Expires 2014-08-04 04:01:57
  658. NULL,
  659. };
  660. /** Return true iff <b>cert</b> authenticates some atuhority signing key
  661. * which, because of the old openssl heartbleed vulnerability, should
  662. * never be trusted. */
  663. int
  664. authority_cert_is_blacklisted(const authority_cert_t *cert)
  665. {
  666. char hex_digest[HEX_DIGEST_LEN+1];
  667. int i;
  668. base16_encode(hex_digest, sizeof(hex_digest),
  669. cert->signing_key_digest, sizeof(cert->signing_key_digest));
  670. for (i = 0; BAD_SIGNING_KEYS[i]; ++i) {
  671. if (!strcasecmp(hex_digest, BAD_SIGNING_KEYS[i])) {
  672. return 1;
  673. }
  674. }
  675. return 0;
  676. }
  677. /** Return true iff when we've been getting enough failures when trying to
  678. * download the certificate with ID digest <b>id_digest</b> that we're willing
  679. * to start bugging the user about it. */
  680. int
  681. authority_cert_dl_looks_uncertain(const char *id_digest)
  682. {
  683. #define N_AUTH_CERT_DL_FAILURES_TO_BUG_USER 2
  684. cert_list_t *cl;
  685. int n_failures;
  686. if (!trusted_dir_certs ||
  687. !(cl = digestmap_get(trusted_dir_certs, id_digest)))
  688. return 0;
  689. n_failures = download_status_get_n_failures(&cl->dl_status_by_id);
  690. return n_failures >= N_AUTH_CERT_DL_FAILURES_TO_BUG_USER;
  691. }
  692. /* Fetch the authority certificates specified in resource.
  693. * If we are a bridge client, and node is a configured bridge, fetch from node
  694. * using dir_hint as the fingerprint. Otherwise, if rs is not NULL, fetch from
  695. * rs. Otherwise, fetch from a random directory mirror. */
  696. static void
  697. authority_certs_fetch_resource_impl(const char *resource,
  698. const char *dir_hint,
  699. const node_t *node,
  700. const routerstatus_t *rs)
  701. {
  702. const or_options_t *options = get_options();
  703. int get_via_tor = purpose_needs_anonymity(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
  704. resource);
  705. /* Make sure bridge clients never connect to anything but a bridge */
  706. if (options->UseBridges) {
  707. if (node && !node_is_a_configured_bridge(node)) {
  708. /* If we're using bridges, and node is not a bridge, use a 3-hop path. */
  709. get_via_tor = 1;
  710. } else if (!node) {
  711. /* If we're using bridges, and there's no node, use a 3-hop path. */
  712. get_via_tor = 1;
  713. }
  714. }
  715. const dir_indirection_t indirection = get_via_tor ? DIRIND_ANONYMOUS
  716. : DIRIND_ONEHOP;
  717. directory_request_t *req = NULL;
  718. /* If we've just downloaded a consensus from a bridge, re-use that
  719. * bridge */
  720. if (options->UseBridges && node && node->ri && !get_via_tor) {
  721. /* clients always make OR connections to bridges */
  722. tor_addr_port_t or_ap;
  723. /* we are willing to use a non-preferred address if we need to */
  724. fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0,
  725. &or_ap);
  726. req = directory_request_new(DIR_PURPOSE_FETCH_CERTIFICATE);
  727. directory_request_set_or_addr_port(req, &or_ap);
  728. if (dir_hint)
  729. directory_request_set_directory_id_digest(req, dir_hint);
  730. } else if (rs) {
  731. /* And if we've just downloaded a consensus from a directory, re-use that
  732. * directory */
  733. req = directory_request_new(DIR_PURPOSE_FETCH_CERTIFICATE);
  734. directory_request_set_routerstatus(req, rs);
  735. }
  736. if (req) {
  737. /* We've set up a request object -- fill in the other request fields, and
  738. * send the request. */
  739. directory_request_set_indirection(req, indirection);
  740. directory_request_set_resource(req, resource);
  741. directory_initiate_request(req);
  742. directory_request_free(req);
  743. return;
  744. }
  745. /* Otherwise, we want certs from a random fallback or directory
  746. * mirror, because they will almost always succeed. */
  747. directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
  748. resource, PDS_RETRY_IF_NO_SERVERS,
  749. DL_WANT_ANY_DIRSERVER);
  750. }
  751. /** Try to download any v3 authority certificates that we may be missing. If
  752. * <b>status</b> is provided, try to get all the ones that were used to sign
  753. * <b>status</b>. Additionally, try to have a non-expired certificate for
  754. * every V3 authority in trusted_dir_servers. Don't fetch certificates we
  755. * already have.
  756. *
  757. * If dir_hint is non-NULL, it's the identity digest for a directory that
  758. * we've just successfully retrieved a consensus or certificates from, so try
  759. * it first to fetch any missing certificates.
  760. **/
  761. void
  762. authority_certs_fetch_missing(networkstatus_t *status, time_t now,
  763. const char *dir_hint)
  764. {
  765. /*
  766. * The pending_id digestmap tracks pending certificate downloads by
  767. * identity digest; the pending_cert digestmap tracks pending downloads
  768. * by (identity digest, signing key digest) pairs.
  769. */
  770. digestmap_t *pending_id;
  771. fp_pair_map_t *pending_cert;
  772. /*
  773. * The missing_id_digests smartlist will hold a list of id digests
  774. * we want to fetch the newest cert for; the missing_cert_digests
  775. * smartlist will hold a list of fp_pair_t with an identity and
  776. * signing key digest.
  777. */
  778. smartlist_t *missing_cert_digests, *missing_id_digests;
  779. char *resource = NULL;
  780. cert_list_t *cl;
  781. const or_options_t *options = get_options();
  782. const int keep_unknown = we_want_to_fetch_unknown_auth_certs(options);
  783. fp_pair_t *fp_tmp = NULL;
  784. char id_digest_str[2*DIGEST_LEN+1];
  785. char sk_digest_str[2*DIGEST_LEN+1];
  786. if (should_delay_dir_fetches(options, NULL))
  787. return;
  788. pending_cert = fp_pair_map_new();
  789. pending_id = digestmap_new();
  790. missing_cert_digests = smartlist_new();
  791. missing_id_digests = smartlist_new();
  792. /*
  793. * First, we get the lists of already pending downloads so we don't
  794. * duplicate effort.
  795. */
  796. list_pending_downloads(pending_id, NULL,
  797. DIR_PURPOSE_FETCH_CERTIFICATE, "fp/");
  798. list_pending_fpsk_downloads(pending_cert);
  799. /*
  800. * Now, we download any trusted authority certs we don't have by
  801. * identity digest only. This gets the latest cert for that authority.
  802. */
  803. SMARTLIST_FOREACH_BEGIN(router_get_trusted_dir_servers(),
  804. dir_server_t *, ds) {
  805. int found = 0;
  806. if (!(ds->type & V3_DIRINFO))
  807. continue;
  808. if (smartlist_contains_digest(missing_id_digests,
  809. ds->v3_identity_digest))
  810. continue;
  811. cl = get_cert_list(ds->v3_identity_digest);
  812. SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) {
  813. if (now < cert->expires) {
  814. /* It's not expired, and we weren't looking for something to
  815. * verify a consensus with. Call it done. */
  816. download_status_reset(&(cl->dl_status_by_id));
  817. /* No sense trying to download it specifically by signing key hash */
  818. download_status_reset_by_sk_in_cl(cl, cert->signing_key_digest);
  819. found = 1;
  820. break;
  821. }
  822. } SMARTLIST_FOREACH_END(cert);
  823. if (!found &&
  824. download_status_is_ready(&(cl->dl_status_by_id), now) &&
  825. !digestmap_get(pending_id, ds->v3_identity_digest)) {
  826. log_info(LD_DIR,
  827. "No current certificate known for authority %s "
  828. "(ID digest %s); launching request.",
  829. ds->nickname, hex_str(ds->v3_identity_digest, DIGEST_LEN));
  830. smartlist_add(missing_id_digests, ds->v3_identity_digest);
  831. }
  832. } SMARTLIST_FOREACH_END(ds);
  833. /*
  834. * Next, if we have a consensus, scan through it and look for anything
  835. * signed with a key from a cert we don't have. Those get downloaded
  836. * by (fp,sk) pair, but if we don't know any certs at all for the fp
  837. * (identity digest), and it's one of the trusted dir server certs
  838. * we started off above or a pending download in pending_id, don't
  839. * try to get it yet. Most likely, the one we'll get for that will
  840. * have the right signing key too, and we'd just be downloading
  841. * redundantly.
  842. */
  843. if (status) {
  844. SMARTLIST_FOREACH_BEGIN(status->voters, networkstatus_voter_info_t *,
  845. voter) {
  846. if (!smartlist_len(voter->sigs))
  847. continue; /* This authority never signed this consensus, so don't
  848. * go looking for a cert with key digest 0000000000. */
  849. if (!keep_unknown &&
  850. !trusteddirserver_get_by_v3_auth_digest(voter->identity_digest))
  851. continue; /* We don't want unknown certs, and we don't know this
  852. * authority.*/
  853. /*
  854. * If we don't know *any* cert for this authority, and a download by ID
  855. * is pending or we added it to missing_id_digests above, skip this
  856. * one for now to avoid duplicate downloads.
  857. */
  858. cl = get_cert_list(voter->identity_digest);
  859. if (smartlist_len(cl->certs) == 0) {
  860. /* We have no certs at all for this one */
  861. /* Do we have a download of one pending? */
  862. if (digestmap_get(pending_id, voter->identity_digest))
  863. continue;
  864. /*
  865. * Are we about to launch a download of one due to the trusted
  866. * dir server check above?
  867. */
  868. if (smartlist_contains_digest(missing_id_digests,
  869. voter->identity_digest))
  870. continue;
  871. }
  872. SMARTLIST_FOREACH_BEGIN(voter->sigs, document_signature_t *, sig) {
  873. authority_cert_t *cert =
  874. authority_cert_get_by_digests(voter->identity_digest,
  875. sig->signing_key_digest);
  876. if (cert) {
  877. if (now < cert->expires)
  878. download_status_reset_by_sk_in_cl(cl, sig->signing_key_digest);
  879. continue;
  880. }
  881. if (download_status_is_ready_by_sk_in_cl(
  882. cl, sig->signing_key_digest, now) &&
  883. !fp_pair_map_get_by_digests(pending_cert,
  884. voter->identity_digest,
  885. sig->signing_key_digest)) {
  886. /*
  887. * Do this rather than hex_str(), since hex_str clobbers
  888. * old results and we call twice in the param list.
  889. */
  890. base16_encode(id_digest_str, sizeof(id_digest_str),
  891. voter->identity_digest, DIGEST_LEN);
  892. base16_encode(sk_digest_str, sizeof(sk_digest_str),
  893. sig->signing_key_digest, DIGEST_LEN);
  894. if (voter->nickname) {
  895. log_info(LD_DIR,
  896. "We're missing a certificate from authority %s "
  897. "(ID digest %s) with signing key %s: "
  898. "launching request.",
  899. voter->nickname, id_digest_str, sk_digest_str);
  900. } else {
  901. log_info(LD_DIR,
  902. "We're missing a certificate from authority ID digest "
  903. "%s with signing key %s: launching request.",
  904. id_digest_str, sk_digest_str);
  905. }
  906. /* Allocate a new fp_pair_t to append */
  907. fp_tmp = tor_malloc(sizeof(*fp_tmp));
  908. memcpy(fp_tmp->first, voter->identity_digest, sizeof(fp_tmp->first));
  909. memcpy(fp_tmp->second, sig->signing_key_digest,
  910. sizeof(fp_tmp->second));
  911. smartlist_add(missing_cert_digests, fp_tmp);
  912. }
  913. } SMARTLIST_FOREACH_END(sig);
  914. } SMARTLIST_FOREACH_END(voter);
  915. }
  916. /* Bridge clients look up the node for the dir_hint */
  917. const node_t *node = NULL;
  918. /* All clients, including bridge clients, look up the routerstatus for the
  919. * dir_hint */
  920. const routerstatus_t *rs = NULL;
  921. /* If we still need certificates, try the directory that just successfully
  922. * served us a consensus or certificates.
  923. * As soon as the directory fails to provide additional certificates, we try
  924. * another, randomly selected directory. This avoids continual retries.
  925. * (We only ever have one outstanding request per certificate.)
  926. */
  927. if (dir_hint) {
  928. if (options->UseBridges) {
  929. /* Bridge clients try the nodelist. If the dir_hint is from an authority,
  930. * or something else fetched over tor, we won't find the node here, but
  931. * we will find the rs. */
  932. node = node_get_by_id(dir_hint);
  933. }
  934. /* All clients try the consensus routerstatus, then the fallback
  935. * routerstatus */
  936. rs = router_get_consensus_status_by_id(dir_hint);
  937. if (!rs) {
  938. /* This will also find authorities */
  939. const dir_server_t *ds = router_get_fallback_dirserver_by_digest(
  940. dir_hint);
  941. if (ds) {
  942. rs = &ds->fake_status;
  943. }
  944. }
  945. if (!node && !rs) {
  946. log_warn(LD_BUG, "Directory %s delivered a consensus, but %s"
  947. "no routerstatus could be found for it.",
  948. options->UseBridges ? "no node and " : "",
  949. hex_str(dir_hint, DIGEST_LEN));
  950. }
  951. }
  952. /* Do downloads by identity digest */
  953. if (smartlist_len(missing_id_digests) > 0) {
  954. int need_plus = 0;
  955. smartlist_t *fps = smartlist_new();
  956. smartlist_add_strdup(fps, "fp/");
  957. SMARTLIST_FOREACH_BEGIN(missing_id_digests, const char *, d) {
  958. char *fp = NULL;
  959. if (digestmap_get(pending_id, d))
  960. continue;
  961. base16_encode(id_digest_str, sizeof(id_digest_str),
  962. d, DIGEST_LEN);
  963. if (need_plus) {
  964. tor_asprintf(&fp, "+%s", id_digest_str);
  965. } else {
  966. /* No need for tor_asprintf() in this case; first one gets no '+' */
  967. fp = tor_strdup(id_digest_str);
  968. need_plus = 1;
  969. }
  970. smartlist_add(fps, fp);
  971. } SMARTLIST_FOREACH_END(d);
  972. if (smartlist_len(fps) > 1) {
  973. resource = smartlist_join_strings(fps, "", 0, NULL);
  974. /* node and rs are directories that just gave us a consensus or
  975. * certificates */
  976. authority_certs_fetch_resource_impl(resource, dir_hint, node, rs);
  977. tor_free(resource);
  978. }
  979. /* else we didn't add any: they were all pending */
  980. SMARTLIST_FOREACH(fps, char *, cp, tor_free(cp));
  981. smartlist_free(fps);
  982. }
  983. /* Do downloads by identity digest/signing key pair */
  984. if (smartlist_len(missing_cert_digests) > 0) {
  985. int need_plus = 0;
  986. smartlist_t *fp_pairs = smartlist_new();
  987. smartlist_add_strdup(fp_pairs, "fp-sk/");
  988. SMARTLIST_FOREACH_BEGIN(missing_cert_digests, const fp_pair_t *, d) {
  989. char *fp_pair = NULL;
  990. if (fp_pair_map_get(pending_cert, d))
  991. continue;
  992. /* Construct string encodings of the digests */
  993. base16_encode(id_digest_str, sizeof(id_digest_str),
  994. d->first, DIGEST_LEN);
  995. base16_encode(sk_digest_str, sizeof(sk_digest_str),
  996. d->second, DIGEST_LEN);
  997. /* Now tor_asprintf() */
  998. if (need_plus) {
  999. tor_asprintf(&fp_pair, "+%s-%s", id_digest_str, sk_digest_str);
  1000. } else {
  1001. /* First one in the list doesn't get a '+' */
  1002. tor_asprintf(&fp_pair, "%s-%s", id_digest_str, sk_digest_str);
  1003. need_plus = 1;
  1004. }
  1005. /* Add it to the list of pairs to request */
  1006. smartlist_add(fp_pairs, fp_pair);
  1007. } SMARTLIST_FOREACH_END(d);
  1008. if (smartlist_len(fp_pairs) > 1) {
  1009. resource = smartlist_join_strings(fp_pairs, "", 0, NULL);
  1010. /* node and rs are directories that just gave us a consensus or
  1011. * certificates */
  1012. authority_certs_fetch_resource_impl(resource, dir_hint, node, rs);
  1013. tor_free(resource);
  1014. }
  1015. /* else they were all pending */
  1016. SMARTLIST_FOREACH(fp_pairs, char *, p, tor_free(p));
  1017. smartlist_free(fp_pairs);
  1018. }
  1019. smartlist_free(missing_id_digests);
  1020. SMARTLIST_FOREACH(missing_cert_digests, fp_pair_t *, p, tor_free(p));
  1021. smartlist_free(missing_cert_digests);
  1022. digestmap_free(pending_id, NULL);
  1023. fp_pair_map_free(pending_cert, NULL);
  1024. }
  1025. void
  1026. authcert_free_all(void)
  1027. {
  1028. if (trusted_dir_certs) {
  1029. digestmap_free(trusted_dir_certs, cert_list_free_void);
  1030. trusted_dir_certs = NULL;
  1031. }
  1032. }
  1033. /** Free storage held in <b>cert</b>. */
  1034. void
  1035. authority_cert_free_(authority_cert_t *cert)
  1036. {
  1037. if (!cert)
  1038. return;
  1039. tor_free(cert->cache_info.signed_descriptor_body);
  1040. crypto_pk_free(cert->signing_key);
  1041. crypto_pk_free(cert->identity_key);
  1042. tor_free(cert);
  1043. }
  1044. /** For every certificate we are currently downloading by (identity digest,
  1045. * signing key digest) pair, set result[fp_pair] to (void *1).
  1046. */
  1047. static void
  1048. list_pending_fpsk_downloads(fp_pair_map_t *result)
  1049. {
  1050. const char *pfx = "fp-sk/";
  1051. smartlist_t *tmp;
  1052. smartlist_t *conns;
  1053. const char *resource;
  1054. tor_assert(result);
  1055. tmp = smartlist_new();
  1056. conns = get_connection_array();
  1057. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
  1058. if (conn->type == CONN_TYPE_DIR &&
  1059. conn->purpose == DIR_PURPOSE_FETCH_CERTIFICATE &&
  1060. !conn->marked_for_close) {
  1061. resource = TO_DIR_CONN(conn)->requested_resource;
  1062. if (!strcmpstart(resource, pfx))
  1063. dir_split_resource_into_fingerprint_pairs(resource + strlen(pfx),
  1064. tmp);
  1065. }
  1066. } SMARTLIST_FOREACH_END(conn);
  1067. SMARTLIST_FOREACH_BEGIN(tmp, fp_pair_t *, fp) {
  1068. fp_pair_map_set(result, fp, (void*)1);
  1069. tor_free(fp);
  1070. } SMARTLIST_FOREACH_END(fp);
  1071. smartlist_free(tmp);
  1072. }