Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

prop250: Add a valid flag to sr_commit_t

We assert on it using the ASSERT_COMMIT_VALID() macro in critical places
where we use them expecting a commit to be valid.

Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet 8 years ago
parent
056b6186ad
commit
8ac88f6f97
3 changed files with 17 additions and 0 deletions
Split View Show Diff Stats
  1. 9 0
      src/or/shared_random.c
  2. 5 0
      src/or/shared_random.h
  3. 3 0
      src/or/shared_random_state.c

+ 9 - 0
src/or/shared_random.c
View File 

@@ -700,6 +700,8 @@ save_commit_to_state(sr_commit_t *commit)
 
 {
 
   sr_phase_t phase = sr_state_get_phase();
 
 
+  ASSERT_COMMIT_VALID(commit);
 
+
 
   switch (phase) {
 
   case SR_PHASE_COMMIT:
 
     /* During commit phase, just save any new authoritative commit */
 
@@ -914,6 +916,8 @@ sr_generate_our_commit(time_t timestamp, const authority_cert_t *my_rsa_cert)
 
 
   log_debug(LD_DIR, "SR: Generated our commitment:");
 
   commit_log(commit);
 
+  /* Our commit better be valid :). */
 
+  commit->valid = 1;
 
   return commit;
 
 
  error:
 
@@ -942,6 +946,8 @@ sr_compute_srv(void)
 
   /* We must make a list of commit ordered by authority fingerprint in
 
    * ascending order as specified by proposal 250. */
 
   DIGESTMAP_FOREACH(state_commits, key, sr_commit_t *, c) {
 
+    /* Extra safety net, make sure we have valid commit before using it. */
 
+    ASSERT_COMMIT_VALID(c);
 
     smartlist_add(commits, c);
 
   } DIGESTMAP_FOREACH_END;
 
   smartlist_sort(commits, compare_reveal_);
 
@@ -1130,6 +1136,9 @@ sr_handle_received_commits(smartlist_t *commits, crypto_pk_t *voter_key)
 
       sr_commit_free(commit);
 
       continue;
 
     }
 
+    /* Ok, we have a valid commit now that we are about to put in our state.
 
+     * so flag it valid from now on. */
 
+    commit->valid = 1;
 
     /* Everything lines up: save this commit to state then! */
 
     save_commit_to_state(commit);
 
   } SMARTLIST_FOREACH_END(commit);

+ 5 - 0
src/or/shared_random.h
View File 

@@ -48,6 +48,9 @@
 
 #define SR_SRV_VALUE_BASE64_LEN \
 
   (((DIGEST256_LEN - 1) / 3) * 4 + 4)
 
 
+/* Assert if commit valid flag is not set. */
 
+#define ASSERT_COMMIT_VALID(c) tor_assert((c)->valid)
 
+
 
 /* Protocol phase. */
 
 typedef enum {
 
   /* Commitment phase */
 
@@ -68,6 +71,8 @@ typedef struct sr_srv_t {
 
 typedef struct sr_commit_t {
 
   /* Hashing algorithm used. */
 
   digest_algorithm_t alg;
 
+  /* Indicate if this commit has been verified thus valid. */
 
+  unsigned int valid:1;
 
 
   /* Commit owner info */

+ 3 - 0
src/or/shared_random_state.c
View File 

@@ -410,6 +410,9 @@ disk_state_parse_commits(sr_state_t *state,
 
        * fingerprint that we don't know about so it shouldn't be used. */
 
       continue;
 
     }
 
+    /* We consider parseable commit from our disk state to be valid because
 
+     * they need to be in the first place to get in there. */
 
+    commit->valid = 1;
 
     /* Add commit to our state pointer. */
 
     commit_add_to_state(commit, state);