Loading changes/ticket19566 0 → 100644 +6 −0 Original line number Diff line number Diff line o Code simplification and refactoring (shared random, dirauth): - Change many tor_assert() to use BUG() instead. The idea is to not crash a dirauth but rather scream loudly with a stacktrace and let it continue run. The shared random subsystem is very resilient and if anything wrong happens with it, at worst a non coherent value will be put in the vote and discarded by the other authorities. Closes ticket 19566. src/feature/dirauth/shared_random.c +2 −1 Original line number Diff line number Diff line Loading @@ -949,7 +949,8 @@ sr_compute_srv(void) /* Computing a shared random value in the commit phase is very wrong. This * should only happen at the very end of the reveal phase when a new * protocol run is about to start. */ tor_assert(sr_state_get_phase() == SR_PHASE_REVEAL); if (BUG(sr_state_get_phase() != SR_PHASE_REVEAL)) return; state_commits = sr_state_get_commits(); commits = smartlist_new(); Loading src/feature/dirauth/shared_random_state.c +12 −6 Original line number Diff line number Diff line Loading @@ -595,8 +595,10 @@ disk_state_update(void) { config_line_t **next, *line; tor_assert(sr_disk_state); tor_assert(sr_state); if (BUG(!sr_disk_state)) return; if (BUG(!sr_state)) return; /* Reset current disk state. */ disk_state_reset(); Loading Loading @@ -760,7 +762,8 @@ disk_state_save_to_disk(void) STATIC void reset_state_for_new_protocol_run(time_t valid_after) { tor_assert(sr_state); if (BUG(!sr_state)) return; /* Keep counters in track */ sr_state->n_reveal_rounds = 0; Loading Loading @@ -1092,7 +1095,8 @@ sr_state_update(time_t valid_after) { sr_phase_t next_phase; tor_assert(sr_state); if (BUG(!sr_state)) return; /* Don't call this function twice in the same voting period. */ if (valid_after <= sr_state->valid_after) { Loading Loading @@ -1131,7 +1135,8 @@ sr_state_update(time_t valid_after) /* Count the current round */ if (sr_state->phase == SR_PHASE_COMMIT) { /* invariant check: we've not entered reveal phase yet */ tor_assert(sr_state->n_reveal_rounds == 0); if (BUG(sr_state->n_reveal_rounds != 0)) return; sr_state->n_commit_rounds++; } else { sr_state->n_reveal_rounds++; Loading Loading @@ -1321,7 +1326,8 @@ sr_state_init(int save_to_disk, int read_from_disk) void set_sr_phase(sr_phase_t phase) { tor_assert(sr_state); if (BUG(!sr_state)) return; sr_state->phase = phase; } Loading Loading
changes/ticket19566 0 → 100644 +6 −0 Original line number Diff line number Diff line o Code simplification and refactoring (shared random, dirauth): - Change many tor_assert() to use BUG() instead. The idea is to not crash a dirauth but rather scream loudly with a stacktrace and let it continue run. The shared random subsystem is very resilient and if anything wrong happens with it, at worst a non coherent value will be put in the vote and discarded by the other authorities. Closes ticket 19566.
src/feature/dirauth/shared_random.c +2 −1 Original line number Diff line number Diff line Loading @@ -949,7 +949,8 @@ sr_compute_srv(void) /* Computing a shared random value in the commit phase is very wrong. This * should only happen at the very end of the reveal phase when a new * protocol run is about to start. */ tor_assert(sr_state_get_phase() == SR_PHASE_REVEAL); if (BUG(sr_state_get_phase() != SR_PHASE_REVEAL)) return; state_commits = sr_state_get_commits(); commits = smartlist_new(); Loading
src/feature/dirauth/shared_random_state.c +12 −6 Original line number Diff line number Diff line Loading @@ -595,8 +595,10 @@ disk_state_update(void) { config_line_t **next, *line; tor_assert(sr_disk_state); tor_assert(sr_state); if (BUG(!sr_disk_state)) return; if (BUG(!sr_state)) return; /* Reset current disk state. */ disk_state_reset(); Loading Loading @@ -760,7 +762,8 @@ disk_state_save_to_disk(void) STATIC void reset_state_for_new_protocol_run(time_t valid_after) { tor_assert(sr_state); if (BUG(!sr_state)) return; /* Keep counters in track */ sr_state->n_reveal_rounds = 0; Loading Loading @@ -1092,7 +1095,8 @@ sr_state_update(time_t valid_after) { sr_phase_t next_phase; tor_assert(sr_state); if (BUG(!sr_state)) return; /* Don't call this function twice in the same voting period. */ if (valid_after <= sr_state->valid_after) { Loading Loading @@ -1131,7 +1135,8 @@ sr_state_update(time_t valid_after) /* Count the current round */ if (sr_state->phase == SR_PHASE_COMMIT) { /* invariant check: we've not entered reveal phase yet */ tor_assert(sr_state->n_reveal_rounds == 0); if (BUG(sr_state->n_reveal_rounds != 0)) return; sr_state->n_commit_rounds++; } else { sr_state->n_reveal_rounds++; Loading Loading @@ -1321,7 +1326,8 @@ sr_state_init(int save_to_disk, int read_from_disk) void set_sr_phase(sr_phase_t phase) { tor_assert(sr_state); if (BUG(!sr_state)) return; sr_state->phase = phase; } Loading
