summaryrefslogtreecommitdiff
path: root/src/feature/hs/hs_cell.c
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2018-10-22 16:18:44 -0400
committerDavid Goulet <dgoulet@torproject.org>2018-10-22 16:34:41 -0400
commit81c466c34abdcaae9ed78958da50148ccf9939f8 (patch)
tree309eb699d0a4ea297ba756888f36167babe46a3d /src/feature/hs/hs_cell.c
parent1ae91166016ec70a242c6dbb14c9ca5e77b1313f (diff)
downloadtor-81c466c34abdcaae9ed78958da50148ccf9939f8.tar.gz
tor-81c466c34abdcaae9ed78958da50148ccf9939f8.zip
hs-v3: Create desc signing key cert before uploading
Before this commit, we would create the descriptor signing key certificate when first building the descriptor. In some extreme cases, it lead to the expiry of the certificate which triggers a BUG() when encoding the descriptor before uploading. Ticket #27838 details a possible scenario in which this can happen. It is an edge case where tor losts internet connectivity, notices it and closes all circuits. When it came back up, the HS subsystem noticed that it had no introduction circuits, created them and tried to upload the descriptor. However, in the meantime, if tor did lack a live consensus because it is currently seeking to download one, we would consider that we don't need to rotate the descriptors leading to using the expired signing key certificate. That being said, this commit does a bit more to make this process cleaner. There are a series of things that we need to "refresh" before uploading a descriptor: signing key cert, intro points and revision counter. A refresh function is added to deal with all mutable descriptor fields. It in turn simplified a bit the code surrounding the creation of the plaintext data. We keep creating the cert when building the descriptor in order to accomodate the unit tests. However, it is replaced every single time the descriptor is uploaded. Fixes #27838 Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/feature/hs/hs_cell.c')
0 files changed, 0 insertions, 0 deletions