9 files changed, 35 insertions, 47 deletions
diff --git a/src/or/channel.c b/src/or/channel.c
index 87fa721089..6a78b21988 100644
--- a/src/or/channel.c
+++ b/src/or/channel.c
@@ -838,7 +838,7 @@ channel_free(channel_t *chan)
   }
 
   /* Call a free method if there is one */
-  if (chan->free) chan->free(chan);
+  if (chan->free_fn) chan->free_fn(chan);
 
   channel_clear_remote_end(chan);
 
@@ -878,7 +878,7 @@ channel_listener_free(channel_listener_t *chan_l)
   tor_assert(!(chan_l->registered));
 
   /* Call a free method if there is one */
-  if (chan_l->free) chan_l->free(chan_l);
+  if (chan_l->free_fn) chan_l->free_fn(chan_l);
 
   /*
    * We're in CLOSED or ERROR, so the incoming channel queue is already
@@ -916,7 +916,7 @@ channel_force_free(channel_t *chan)
   }
 
   /* Call a free method if there is one */
-  if (chan->free) chan->free(chan);
+  if (chan->free_fn) chan->free_fn(chan);
 
   channel_clear_remote_end(chan);
 
@@ -958,7 +958,7 @@ channel_listener_force_free(channel_listener_t *chan_l)
             chan_l);
 
   /* Call a free method if there is one */
-  if (chan_l->free) chan_l->free(chan_l);
+  if (chan_l->free_fn) chan_l->free_fn(chan_l);
 
   /*
    * The incoming list just gets emptied and freed; we request close on
diff --git a/src/or/channel.h b/src/or/channel.h
index 78e1b71014..a711b56d44 100644
--- a/src/or/channel.h
+++ b/src/or/channel.h
@@ -90,7 +90,7 @@ struct channel_s {
   /* Methods implemented by the lower layer */
 
   /** Free a channel */
-  void (*free)(channel_t *);
+  void (*free_fn)(channel_t *);
   /** Close an open channel */
   void (*close)(channel_t *);
   /** Describe the transport subclass for this channel */
@@ -273,7 +273,7 @@ struct channel_listener_s {
   /* Methods implemented by the lower layer */
 
   /** Free a channel */
-  void (*free)(channel_listener_t *);
+  void (*free_fn)(channel_listener_t *);
   /** Close an open channel */
   void (*close)(channel_listener_t *);
   /** Describe the transport subclass for this channel */
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index a62f80ef91..9c2411ede8 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -117,7 +117,7 @@ channel_tls_common_init(channel_tls_t *tlschan)
   chan->state = CHANNEL_STATE_OPENING;
   chan->close = channel_tls_close_method;
   chan->describe_transport = channel_tls_describe_transport_method;
-  chan->free = channel_tls_free_method;
+  chan->free_fn = channel_tls_free_method;
   chan->get_overhead_estimate = channel_tls_get_overhead_estimate_method;
   chan->get_remote_addr = channel_tls_get_remote_addr_method;
   chan->get_remote_descr = channel_tls_get_remote_descr_method;
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index 9748f4ae4d..ae869c9064 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -1582,7 +1582,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
       const char *chosen_version;
       const char *chosen_name = NULL;
       int exitsummary_disagreement = 0;
-      int is_named = 0, is_unnamed = 0, is_running = 0;
+      int is_named = 0, is_unnamed = 0, is_running = 0, is_valid = 0;
       int is_guard = 0, is_exit = 0, is_bad_exit = 0;
       int naming_conflict = 0;
       int n_listing = 0;
@@ -1733,6 +1733,8 @@ networkstatus_compute_consensus(smartlist_t *votes,
               is_running = 1;
             else if (!strcmp(fl, "BadExit"))
               is_bad_exit = 1;
+            else if (!strcmp(fl, "Valid"))
+              is_valid = 1;
           }
         }
       } SMARTLIST_FOREACH_END(fl);
@@ -1742,6 +1744,12 @@ networkstatus_compute_consensus(smartlist_t *votes,
       if (!is_running)
         continue;
 
+      /* Starting with consensus method 24, we don't list servers
+       * that are not valid in a consensus.  See Proposal 272 */
+      if (!is_valid &&
+          consensus_method >= MIN_METHOD_FOR_EXCLUDING_INVALID_NODES)
+        continue;
+
       /* Pick the version. */
       if (smartlist_len(versions)) {
         sort_version_list(versions, 0);
diff --git a/src/or/dirvote.h b/src/or/dirvote.h
index a1f71ce4bb..06bfe671bd 100644
--- a/src/or/dirvote.h
+++ b/src/or/dirvote.h
@@ -55,7 +55,7 @@
 #define MIN_SUPPORTED_CONSENSUS_METHOD 13
 
 /** The highest consensus method that we currently support. */
-#define MAX_SUPPORTED_CONSENSUS_METHOD 23
+#define MAX_SUPPORTED_CONSENSUS_METHOD 24
 
 /** Lowest consensus method where microdesc consensuses omit any entry
  * with no microdesc. */
@@ -99,6 +99,10 @@
  * value(s). */
 #define MIN_METHOD_FOR_SHARED_RANDOM 23
 
+/** Lowest consensus method where authorities drop all nodes that don't get
+ * the Valid flag. */
+#define MIN_METHOD_FOR_EXCLUDING_INVALID_NODES 24
+
 /** Default bandwidth to clip unmeasured bandwidths to using method >=
  * MIN_METHOD_TO_CLIP_UNMEASURED_BW.  (This is not a consensus method; do not
  * get confused with the above macros.) */
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 3a742fec0a..263dd3d876 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -1373,40 +1373,15 @@ rend_client_get_random_intro_impl(const rend_cache_entry_t *entry,
     smartlist_del(usable_nodes, i);
     goto again;
   }
-  /* Do we need to look up the router or is the extend info complete? */
+  /* All version 2 HS descriptors come with a TAP onion key.
+   * Clients used to try to get the TAP onion key from the consensus, but this
+   * meant that hidden services could discover which consensus clients have. */
   if (!extend_info_supports_tap(intro->extend_info)) {
-    const node_t *node;
-    extend_info_t *new_extend_info;
-    if (tor_digest_is_zero(intro->extend_info->identity_digest))
-      node = node_get_by_hex_id(intro->extend_info->nickname);
-    else
-      node = node_get_by_id(intro->extend_info->identity_digest);
-    if (!node) {
-      log_info(LD_REND, "Unknown router with nickname '%s'; trying another.",
-               intro->extend_info->nickname);
-      smartlist_del(usable_nodes, i);
-      goto again;
-    }
-#ifdef ENABLE_TOR2WEB_MODE
-    new_extend_info = extend_info_from_node(node, options->Tor2webMode);
-#else
-    new_extend_info = extend_info_from_node(node, 0);
-#endif
-    if (!new_extend_info) {
-      const char *alternate_reason = "";
-#ifdef ENABLE_TOR2WEB_MODE
-      alternate_reason = ", or we cannot connect directly to it";
-#endif
-      log_info(LD_REND, "We don't have a descriptor for the intro-point relay "
-               "'%s'%s; trying another.",
-               extend_info_describe(intro->extend_info), alternate_reason);
-      smartlist_del(usable_nodes, i);
-      goto again;
-    } else {
-      extend_info_free(intro->extend_info);
-      intro->extend_info = new_extend_info;
-    }
-    tor_assert(intro->extend_info != NULL);
+    log_info(LD_REND, "The HS descriptor is missing a TAP onion key for the "
+             "intro-point relay '%s'; trying another.",
+             safe_str_client(extend_info_describe(intro->extend_info)));
+    smartlist_del(usable_nodes, i);
+    goto again;
   }
   /* Check if we should refuse to talk to this router. */
   if (strict &&
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 12af7484ae..8d3a7d704c 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -508,7 +508,7 @@ rend_config_services(const or_options_t *options, int validate_only)
     if (!strcasecmp(line->key, "HiddenServiceDir")) {
       if (service) { /* register the one we just finished parsing */
         if (validate_only)
-           rend_service_free(service);
+          rend_service_free(service);
         else
           rend_add_service(service);
       }
diff --git a/src/or/router.c b/src/or/router.c
index b664a88760..8fa5799896 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -452,7 +452,8 @@ init_key_from_file(const char *fname, int generate, int severity,
           goto error;
         }
       } else {
-        log_info(LD_GENERAL, "No key found in \"%s\"", fname);
+        tor_log(severity, LD_GENERAL, "No key found in \"%s\"", fname);
+        goto error;
       }
       return prkey;
     case FN_FILE:
@@ -560,7 +561,7 @@ load_authority_keyset(int legacy, crypto_pk_t **key_out,
 
   fname = get_datadir_fname2("keys",
                  legacy ? "legacy_signing_key" : "authority_signing_key");
-  signing_key = init_key_from_file(fname, 0, LOG_INFO, 0);
+  signing_key = init_key_from_file(fname, 0, LOG_ERR, 0);
   if (!signing_key) {
     log_warn(LD_DIR, "No version 3 directory key found in %s", fname);
     goto done;
diff --git a/src/or/shared_random.c b/src/or/shared_random.c
index 19564f5924..e672a416be 100644
--- a/src/or/shared_random.c
+++ b/src/or/shared_random.c
@@ -578,8 +578,8 @@ commit_is_authoritative(const sr_commit_t *commit,
   tor_assert(commit);
   tor_assert(voter_key);
 
-  return !memcmp(commit->rsa_identity, voter_key,
-                 sizeof(commit->rsa_identity));
+  return fast_memeq(commit->rsa_identity, voter_key,
+                    sizeof(commit->rsa_identity));
 }
 
 /* Decide if the newly received <b>commit</b> should be kept depending on