commit 9f965640252fb1c64df5214cd71d19ef0e440126 Author: Matthew Finkel sysrqb@torproject.org Date: Mon Feb 1 21:31:46 2021 +0000
Bug 40224: Backport Tor patch for v3 onion services --- ...1-hs-v3-Require-reasonably-live-consensus.patch | 672 +++++++++++++++++++++ ...tests-Fix-unit-tests-after-merge-of-40237.patch | 97 +++ .../0003-Pick-up-merge-conflict-resolutions.patch | 82 +++ projects/tor/build | 4 + projects/tor/config | 3 + 5 files changed, 858 insertions(+)
diff --git a/projects/tor/0001-hs-v3-Require-reasonably-live-consensus.patch b/projects/tor/0001-hs-v3-Require-reasonably-live-consensus.patch new file mode 100644 index 0000000..9a4ec5c --- /dev/null +++ b/projects/tor/0001-hs-v3-Require-reasonably-live-consensus.patch @@ -0,0 +1,672 @@ +From a363b64e82bc1dac2409a65dee0606c4b66f71fc Mon Sep 17 00:00:00 2001 +From: David Goulet dgoulet@torproject.org +Date: Mon, 11 Jan 2021 16:01:22 -0500 +Subject: [PATCH 1/3] hs-v3: Require reasonably live consensus + +Some days before this commit, the network experienced a DDoS on the directory +authorities that prevented them to generate a consensus for more than 5 hours +straight. + +That in turn entirely disabled onion service v3, client and service side, due +to the subsystem requiring a live consensus to function properly. + +We know require a reasonably live consensus which means that the HSv3 +subsystem will to its job for using the best consensus tor can find. If the +entire network is using an old consensus, than this should be alright. + +If the service happens to use a live consensus while a client is not, it +should still work because the client will use the current SRV it sees which +might be the previous SRV for the service for which it still publish +descriptors for. + +If the service is using an old one and somehow can't get a new one while +clients are on a new one, then reachability issues might arise. However, this +is a situation we already have at the moment since the service will simply not +work if it doesn't have a live consensus while a client has one. + +Fixes #40237 + +Signed-off-by: David Goulet dgoulet@torproject.org + +diff --git a/changes/ticket40237 b/changes/ticket40237 +new file mode 100644 +index 0000000000..fc32f59cd4 +--- /dev/null ++++ b/changes/ticket40237 +@@ -0,0 +1,5 @@ ++ o Major bugfixes (onion service v3): ++ - Stop requiring a live consensus for v3 clients and services to work. The ++ use of a reasonably live consensus will allow v3 to work properly in most ++ cases if the network failed to generate a consensus for more than 2 hours ++ in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. +diff --git a/src/core/mainloop/mainloop.c b/src/core/mainloop/mainloop.c +index e4e17f6b76..b4dbedbfe4 100644 +--- a/src/core/mainloop/mainloop.c ++++ b/src/core/mainloop/mainloop.c +@@ -2154,7 +2154,8 @@ hs_service_callback(time_t now, const or_options_t *options) + /* We need to at least be able to build circuits and that we actually have + * a working network. */ + if (!have_completed_a_circuit() || net_is_disabled() || +- networkstatus_get_live_consensus(now) == NULL) { ++ !networkstatus_get_reasonably_live_consensus(now, ++ usable_consensus_flavor())) { + goto end; + } + +diff --git a/src/feature/hs/hs_cache.c b/src/feature/hs/hs_cache.c +index 44cd2505fd..ef5e88e947 100644 +--- a/src/feature/hs/hs_cache.c ++++ b/src/feature/hs/hs_cache.c +@@ -17,6 +17,7 @@ + #include "feature/hs/hs_common.h" + #include "feature/hs/hs_client.h" + #include "feature/hs/hs_descriptor.h" ++#include "feature/nodelist/microdesc.h" + #include "feature/nodelist/networkstatus.h" + #include "feature/rend/rendcache.h" + +@@ -739,7 +740,9 @@ cached_client_descriptor_has_expired(time_t now, + /* We use the current consensus time to see if we should expire this + * descriptor since we use consensus time for all other parts of the protocol + * as well (e.g. to build the blinded key and compute time periods). */ +- const networkstatus_t *ns = networkstatus_get_live_consensus(now); ++ const networkstatus_t *ns = ++ networkstatus_get_reasonably_live_consensus(now, ++ usable_consensus_flavor()); + /* If we don't have a recent consensus, consider this entry expired since we + * will want to fetch a new HS desc when we get a live consensus. */ + if (!ns) { +diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c +index fc1fd76efc..0f6109195b 100644 +--- a/src/feature/hs/hs_client.c ++++ b/src/feature/hs/hs_client.c +@@ -29,6 +29,7 @@ + #include "feature/hs/hs_descriptor.h" + #include "feature/hs/hs_ident.h" + #include "feature/nodelist/describe.h" ++#include "feature/nodelist/microdesc.h" + #include "feature/nodelist/networkstatus.h" + #include "feature/nodelist/nodelist.h" + #include "feature/nodelist/routerset.h" +@@ -1302,9 +1303,10 @@ can_client_refetch_desc(const ed25519_public_key_t *identity_pk, + goto cannot; + } + +- /* Without a live consensus we can't do any client actions. It is needed to +- * compute the hashring for a service. */ +- if (!networkstatus_get_live_consensus(approx_time())) { ++ /* Without a usable consensus we can't do any client actions. It is needed ++ * to compute the hashring for a service. */ ++ if (!networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor())) { + log_info(LD_REND, "Can't fetch descriptor for service %s because we " + "are missing a live consensus. Stalling connection.", + safe_str_client(ed25519_fmt(identity_pk))); +diff --git a/src/feature/hs/hs_common.c b/src/feature/hs/hs_common.c +index 4639cdb68a..86d3fcab7d 100644 +--- a/src/feature/hs/hs_common.c ++++ b/src/feature/hs/hs_common.c +@@ -27,6 +27,7 @@ + #include "feature/hs/hs_service.h" + #include "feature/hs_common/shared_random_client.h" + #include "feature/nodelist/describe.h" ++#include "feature/nodelist/microdesc.h" + #include "feature/nodelist/networkstatus.h" + #include "feature/nodelist/nodelist.h" + #include "feature/nodelist/routerset.h" +@@ -276,7 +277,9 @@ hs_get_time_period_num(time_t now) + if (now != 0) { + current_time = now; + } else { +- networkstatus_t *ns = networkstatus_get_live_consensus(approx_time()); ++ networkstatus_t *ns = ++ networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor()); + current_time = ns ? ns->valid_after : approx_time(); + } + +@@ -1107,7 +1110,8 @@ hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now)) + time_t srv_start_time, tp_start_time; + + if (!consensus) { +- consensus = networkstatus_get_live_consensus(now); ++ consensus = networkstatus_get_reasonably_live_consensus(now, ++ usable_consensus_flavor()); + if (!consensus) { + return 0; + } +@@ -1352,7 +1356,9 @@ hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, + sorted_nodes = smartlist_new(); + + /* Make sure we actually have a live consensus */ +- networkstatus_t *c = networkstatus_get_live_consensus(approx_time()); ++ networkstatus_t *c = ++ networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor()); + if (!c || smartlist_len(c->routerstatus_list) == 0) { + log_warn(LD_REND, "No live consensus so we can't get the responsible " + "hidden service directories."); +diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c +index a42879a48f..2f3f45f252 100644 +--- a/src/feature/hs/hs_service.c ++++ b/src/feature/hs/hs_service.c +@@ -23,6 +23,7 @@ + #include "feature/hs_common/shared_random_client.h" + #include "feature/keymgt/loadkey.h" + #include "feature/nodelist/describe.h" ++#include "feature/nodelist/microdesc.h" + #include "feature/nodelist/networkstatus.h" + #include "feature/nodelist/nickname.h" + #include "feature/nodelist/node_select.h" +@@ -2504,7 +2505,8 @@ should_rotate_descriptors(hs_service_t *service, time_t now) + + tor_assert(service); + +- ns = networkstatus_get_live_consensus(now); ++ ns = networkstatus_get_reasonably_live_consensus(now, ++ usable_consensus_flavor()); + if (ns == NULL) { + goto no_rotation; + } +@@ -3188,10 +3190,8 @@ should_service_upload_descriptor(const hs_service_t *service, + } + + /* Don't upload desc if we don't have a live consensus */ +- if (!networkstatus_get_live_consensus(now)) { +- msg = tor_strdup("No live consensus"); +- log_cant_upload_desc(service, desc, msg, +- LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS); ++ if (!networkstatus_get_reasonably_live_consensus(now, ++ usable_consensus_flavor())) { + goto cannot; + } + +diff --git a/src/feature/hs_common/shared_random_client.c b/src/feature/hs_common/shared_random_client.c +index c2ea5afe32..4e8a2942fc 100644 +--- a/src/feature/hs_common/shared_random_client.c ++++ b/src/feature/hs_common/shared_random_client.c +@@ -13,6 +13,7 @@ + #include "app/config/config.h" + #include "feature/dirauth/authmode.h" + #include "feature/dirauth/voting_schedule.h" ++#include "feature/nodelist/microdesc.h" + #include "feature/nodelist/networkstatus.h" + #include "lib/encoding/binascii.h" + +@@ -55,7 +56,9 @@ int + get_voting_interval(void) + { + int interval; +- networkstatus_t *consensus = networkstatus_get_live_consensus(time(NULL)); ++ networkstatus_t *consensus = ++ networkstatus_get_reasonably_live_consensus(time(NULL), ++ usable_consensus_flavor()); + + if (consensus) { + /* Ideally we have a live consensus and we can just use that. */ +@@ -147,7 +150,8 @@ sr_get_current(const networkstatus_t *ns) + if (ns) { + consensus = ns; + } else { +- consensus = networkstatus_get_live_consensus(approx_time()); ++ consensus = networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor()); + } + /* Ideally we would never be asked for an SRV without a live consensus. Make + * sure this assumption is correct. */ +@@ -170,7 +174,8 @@ sr_get_previous(const networkstatus_t *ns) + if (ns) { + consensus = ns; + } else { +- consensus = networkstatus_get_live_consensus(approx_time()); ++ consensus = networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor()); + } + /* Ideally we would never be asked for an SRV without a live consensus. Make + * sure this assumption is correct. */ +@@ -242,13 +247,14 @@ sr_state_get_start_time_of_current_protocol_run(void) + int voting_interval = get_voting_interval(); + time_t beginning_of_curr_round; + +- /* This function is not used for voting purposes, so if we have a live +- consensus, use its valid-after as the beginning of the current round. +- If we have no consensus but we're an authority, use our own +- schedule. Otherwise, try using our view of the voting interval +- to figure out when the current round _should_ be starting. +- */ +- networkstatus_t *ns = networkstatus_get_live_consensus(approx_time()); ++ /* This function is not used for voting purposes, so if we have a reasonably ++ * live consensus, use its valid-after as the beginning of the current ++ * round. If we have no consensus but we're an authority, use our own ++ * schedule. Otherwise, try using our view of the voting interval to figure ++ * out when the current round _should_ be starting. */ ++ networkstatus_t *ns = ++ networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor()); + if (ns) { + beginning_of_curr_round = ns->valid_after; + } else if (authdir_mode(get_options()) || ASSUME_AUTHORITY_SCHEDULING) { +diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c +index 7454f342f9..6ee1d11cae 100644 +--- a/src/feature/nodelist/nodelist.c ++++ b/src/feature/nodelist/nodelist.c +@@ -362,7 +362,7 @@ node_set_hsdir_index(node_t *node, const networkstatus_t *ns) + tor_assert(node); + tor_assert(ns); + +- if (!networkstatus_is_live(ns, now)) { ++ if (!networkstatus_consensus_reasonably_live(ns, now)) { + static struct ratelim_t live_consensus_ratelim = RATELIM_INIT(30 * 60); + log_fn_ratelim(&live_consensus_ratelim, LOG_INFO, LD_GENERAL, + "Not setting hsdir index with a non-live consensus."); +diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c +index f25bba3584..379f23ec72 100644 +--- a/src/test/test_hs_cache.c ++++ b/src/test/test_hs_cache.c +@@ -462,9 +462,10 @@ test_hsdir_revision_counter_check(void *arg) + static networkstatus_t mock_ns; + + static networkstatus_t * +-mock_networkstatus_get_live_consensus(time_t now) ++mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + return &mock_ns; + } + +@@ -485,8 +486,8 @@ test_client_cache(void *arg) + /* Initialize HSDir cache subsystem */ + init_test(); + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Set consensus time */ + parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC", +diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c +index ae5cc5ed84..fd84293dc2 100644 +--- a/src/test/test_hs_client.c ++++ b/src/test/test_hs_client.c +@@ -66,16 +66,18 @@ static networkstatus_t mock_ns; + + /* Always return NULL. */ + static networkstatus_t * +-mock_networkstatus_get_live_consensus_false(time_t now) ++mock_networkstatus_get_reasonably_live_consensus_false(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + return NULL; + } + + static networkstatus_t * +-mock_networkstatus_get_live_consensus(time_t now) ++mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + return &mock_ns; + } + +@@ -379,8 +381,8 @@ test_client_pick_intro(void *arg) + ed25519_keypair_t service_kp; + hs_descriptor_t *desc = NULL; + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + (void) arg; + +@@ -632,15 +634,15 @@ test_descriptor_fetch(void *arg) + get_options_mutable()->FetchHidServDescriptors = 1; + + /* 2. We don't have a live consensus. */ +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus_false); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus_false); + ret = hs_client_refetch_hsdesc(&service_pk); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + tt_int_op(ret, OP_EQ, HS_CLIENT_FETCH_MISSING_INFO); + + /* From now on, return a live consensus. */ +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* 3. Not enough dir information. */ + MOCK(router_have_minimum_dir_info, +@@ -682,7 +684,7 @@ test_descriptor_fetch(void *arg) + + done: + connection_free_minimal(ENTRY_TO_CONN(ec)); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + UNMOCK(router_have_minimum_dir_info); + hs_free_all(); + } +@@ -880,8 +882,8 @@ test_desc_has_arrived_cleanup(void *arg) + + hs_init(); + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + MOCK(connection_mark_unattached_ap_, + mock_connection_mark_unattached_ap_); + MOCK(router_have_minimum_dir_info, +@@ -953,7 +955,7 @@ test_desc_has_arrived_cleanup(void *arg) + tor_free(desc_str); + hs_free_all(); + +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + UNMOCK(connection_mark_unattached_ap_); + UNMOCK(router_have_minimum_dir_info); + } +@@ -974,8 +976,8 @@ test_close_intro_circuits_new_desc(void *arg) + + /* This is needed because of the client cache expiration timestamp is based + * on having a consensus. See cached_client_descriptor_has_expired(). */ +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Set consensus time */ + parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC", +@@ -1101,7 +1103,7 @@ test_close_intro_circuits_new_desc(void *arg) + hs_descriptor_free(desc1); + hs_descriptor_free(desc2); + hs_free_all(); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + static void +diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c +index 9202074e25..e3d130fb32 100644 +--- a/src/test/test_hs_common.c ++++ b/src/test/test_hs_common.c +@@ -360,9 +360,10 @@ mock_networkstatus_get_latest_consensus(void) + } + + static networkstatus_t * +-mock_networkstatus_get_live_consensus(time_t now) ++mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + + tt_assert(mock_ns); + +@@ -382,6 +383,8 @@ test_responsible_hsdirs(void *arg) + + MOCK(networkstatus_get_latest_consensus, + mock_networkstatus_get_latest_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + ns = networkstatus_get_latest_consensus(); + +@@ -418,6 +421,8 @@ test_responsible_hsdirs(void *arg) + smartlist_clear(ns->routerstatus_list); + networkstatus_vote_free(mock_ns); + cleanup_nodelist(); ++ ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + static void +@@ -467,6 +472,8 @@ test_desc_reupload_logic(void *arg) + + hs_init(); + ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + MOCK(router_have_minimum_dir_info, + mock_router_have_minimum_dir_info); + MOCK(get_or_state, +@@ -911,9 +918,11 @@ static smartlist_t *service_responsible_hsdirs = NULL; + static smartlist_t *client_responsible_hsdirs = NULL; + + static networkstatus_t * +-mock_networkstatus_get_live_consensus_service(time_t now) ++mock_networkstatus_get_reasonably_live_consensus_service(time_t now, ++ int flavor) + { + (void) now; ++ (void) flavor; + + if (mock_service_ns) { + return mock_service_ns; +@@ -929,13 +938,14 @@ mock_networkstatus_get_live_consensus_service(time_t now) + static networkstatus_t * + mock_networkstatus_get_latest_consensus_service(void) + { +- return mock_networkstatus_get_live_consensus_service(0); ++ return mock_networkstatus_get_reasonably_live_consensus_service(0, 0); + } + + static networkstatus_t * +-mock_networkstatus_get_live_consensus_client(time_t now) ++mock_networkstatus_get_reasonably_live_consensus_client(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + + if (mock_client_ns) { + return mock_client_ns; +@@ -951,7 +961,7 @@ mock_networkstatus_get_live_consensus_client(time_t now) + static networkstatus_t * + mock_networkstatus_get_latest_consensus_client(void) + { +- return mock_networkstatus_get_live_consensus_client(0); ++ return mock_networkstatus_get_reasonably_live_consensus_client(0, 0); + } + + /* Mock function because we are not trying to test the close circuit that does +@@ -1411,8 +1421,8 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario) + * === Client setup === + */ + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus_client); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus_client); + MOCK(networkstatus_get_latest_consensus, + mock_networkstatus_get_latest_consensus_client); + +@@ -1436,14 +1446,14 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario) + tt_int_op(smartlist_len(client_responsible_hsdirs), OP_EQ, 6); + + UNMOCK(networkstatus_get_latest_consensus); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + + /* + * === Service setup === + */ + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus_service); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus_service); + MOCK(networkstatus_get_latest_consensus, + mock_networkstatus_get_latest_consensus_service); + +@@ -1470,7 +1480,7 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario) + tt_int_op(smartlist_len(service_responsible_hsdirs), OP_EQ, 8); + + UNMOCK(networkstatus_get_latest_consensus); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + + /* Some testing of the values we just got from the client and service. */ + tt_mem_op(&client_blinded_pk, OP_EQ, &service_blinded_pk, +@@ -1721,8 +1731,8 @@ test_client_service_hsdir_set_sync(void *arg) + + MOCK(networkstatus_get_latest_consensus, + mock_networkstatus_get_latest_consensus); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + MOCK(get_or_state, + get_or_state_replacement); + MOCK(hs_desc_encode_descriptor, +diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c +index 80383baff8..630cfef1fe 100644 +--- a/src/test/test_hs_service.c ++++ b/src/test/test_hs_service.c +@@ -83,9 +83,10 @@ + static networkstatus_t mock_ns; + + static networkstatus_t * +-mock_networkstatus_get_live_consensus(time_t now) ++mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + return &mock_ns; + } + +@@ -1375,8 +1376,8 @@ test_rotate_descriptors(void *arg) + hs_init(); + MOCK(get_or_state, get_or_state_replacement); + MOCK(circuit_mark_for_close_, mock_circuit_mark_for_close); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Descriptor rotation happens with a consensus with a new SRV. */ + +@@ -1464,7 +1465,7 @@ test_rotate_descriptors(void *arg) + hs_free_all(); + UNMOCK(get_or_state); + UNMOCK(circuit_mark_for_close_); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + /** Test building descriptors: picking intro points, setting up their link +@@ -1484,8 +1485,8 @@ test_build_update_descriptors(void *arg) + + MOCK(get_or_state, + get_or_state_replacement); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + dummy_state = or_state_new(); + +@@ -1715,8 +1716,8 @@ test_build_descriptors(void *arg) + + MOCK(get_or_state, + get_or_state_replacement); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + dummy_state = or_state_new(); + +@@ -1816,8 +1817,8 @@ test_upload_descriptors(void *arg) + hs_init(); + MOCK(get_or_state, + get_or_state_replacement); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + dummy_state = or_state_new(); + +diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c +index 148eb5cf90..9e49e835c9 100644 +--- a/src/test/test_shared_random.c ++++ b/src/test/test_shared_random.c +@@ -167,6 +167,15 @@ mock_networkstatus_get_live_consensus(time_t now) + return &mock_consensus; + } + ++/* Mock function to immediately return our local 'mock_consensus'. */ ++static networkstatus_t * ++mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) ++{ ++ (void) now; ++ (void) flavor; ++ return &mock_consensus; ++} ++ + static void + test_get_state_valid_until_time(void *arg) + { +@@ -179,6 +188,8 @@ test_get_state_valid_until_time(void *arg) + + MOCK(networkstatus_get_live_consensus, + mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", + &mock_consensus.fresh_until); +@@ -235,7 +246,7 @@ test_get_state_valid_until_time(void *arg) + } + + done: +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + /** Test the function that calculates the start time of the current SRV +@@ -251,6 +262,8 @@ test_get_start_time_of_current_run(void *arg) + + MOCK(networkstatus_get_live_consensus, + mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", + &mock_consensus.fresh_until); +@@ -335,6 +348,7 @@ test_get_start_time_of_current_run(void *arg) + /* Next test is testing it without a consensus to use the testing voting + * interval . */ + UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + + /* Now let's alter the voting schedule and check the correctness of the + * function. Voting interval of 10 seconds, means that an SRV protocol run +@@ -366,8 +380,8 @@ test_get_start_time_functions(void *arg) + (void) arg; + int retval; + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", + &mock_consensus.fresh_until); +@@ -388,7 +402,7 @@ test_get_start_time_functions(void *arg) + start_time_of_protocol_run); + + done: +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + static void +-- +2.25.1 + diff --git a/projects/tor/0002-tests-Fix-unit-tests-after-merge-of-40237.patch b/projects/tor/0002-tests-Fix-unit-tests-after-merge-of-40237.patch new file mode 100644 index 0000000..32e6812 --- /dev/null +++ b/projects/tor/0002-tests-Fix-unit-tests-after-merge-of-40237.patch @@ -0,0 +1,97 @@ +From 10acc0ce99283ed0aa5c6c5d203f1b0514e60f4a Mon Sep 17 00:00:00 2001 +From: David Goulet dgoulet@torproject.org +Date: Tue, 12 Jan 2021 10:50:01 -0500 +Subject: [PATCH 2/3] tests: Fix unit tests after merge of #40237 + + +diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c +index 379f23ec72..df96b2c791 100644 +--- a/src/test/test_hs_cache.c ++++ b/src/test/test_hs_cache.c +@@ -590,8 +590,8 @@ test_client_cache_decrypt(void *arg) + /* Initialize HSDir cache subsystem */ + hs_init(); + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Set consensus time */ + parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC", +@@ -646,7 +646,7 @@ test_client_cache_decrypt(void *arg) + + hs_free_all(); + +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + static void +@@ -660,8 +660,8 @@ test_client_cache_remove(void *arg) + + hs_init(); + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Set consensus time. Lookup will not return the entry if it has expired + * and it is checked against the consensus valid_after time. */ +@@ -699,7 +699,7 @@ test_client_cache_remove(void *arg) + hs_descriptor_free(desc1); + hs_free_all(); + +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + struct testcase_t hs_cache[] = { +diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c +index fd84293dc2..0cd7d81eea 100644 +--- a/src/test/test_hs_client.c ++++ b/src/test/test_hs_client.c +@@ -1122,8 +1122,8 @@ test_close_intro_circuits_cache_clean(void *arg) + + /* This is needed because of the client cache expiration timestamp is based + * on having a consensus. See cached_client_descriptor_has_expired(). */ +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Set consensus time */ + parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC", +@@ -1188,7 +1188,7 @@ test_close_intro_circuits_cache_clean(void *arg) + hs_descriptor_free(desc1); + hs_free_all(); + rend_cache_free_all(); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + static void +@@ -1209,8 +1209,8 @@ test_socks_hs_errors(void *arg) + + (void) arg; + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + MOCK(connection_mark_unattached_ap_, + mock_connection_mark_unattached_ap_no_close); + MOCK(read_file_to_str, mock_read_file_to_str); +@@ -1358,7 +1358,7 @@ test_socks_hs_errors(void *arg) + + hs_free_all(); + +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + UNMOCK(connection_mark_unattached_ap_); + UNMOCK(read_file_to_str); + UNMOCK(tor_listdir); +-- +2.25.1 + diff --git a/projects/tor/0003-Pick-up-merge-conflict-resolutions.patch b/projects/tor/0003-Pick-up-merge-conflict-resolutions.patch new file mode 100644 index 0000000..dcc8b52 --- /dev/null +++ b/projects/tor/0003-Pick-up-merge-conflict-resolutions.patch @@ -0,0 +1,82 @@ +From 2deca96cb8836a95095354cc717e1738f10b8ce1 Mon Sep 17 00:00:00 2001 +From: Matthew Finkel sysrqb@torproject.org +Date: Mon, 1 Feb 2021 21:03:54 +0000 +Subject: [PATCH 3/3] Pick up merge conflict resolutions + + +diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c +index 2f3f45f252..c29f39c6b4 100644 +--- a/src/feature/hs/hs_service.c ++++ b/src/feature/hs/hs_service.c +@@ -3192,6 +3192,9 @@ should_service_upload_descriptor(const hs_service_t *service, + /* Don't upload desc if we don't have a live consensus */ + if (!networkstatus_get_reasonably_live_consensus(now, + usable_consensus_flavor())) { ++ msg = tor_strdup("No reasonably live consensus"); ++ log_cant_upload_desc(service, desc, msg, ++ LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS); + goto cannot; + } + +diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c +index 630cfef1fe..8b94bb6cf1 100644 +--- a/src/test/test_hs_service.c ++++ b/src/test/test_hs_service.c +@@ -91,9 +91,10 @@ mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) + } + + static networkstatus_t * +-mock_networkstatus_get_live_consensus_null(time_t now) ++mock_networkstatus_get_reasonably_live_consensus_null(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + return NULL; + } + +@@ -2554,8 +2555,8 @@ test_cannot_upload_descriptors(void *arg) + hs_init(); + MOCK(get_or_state, + get_or_state_replacement); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + dummy_state = or_state_new(); + +@@ -2631,17 +2632,17 @@ test_cannot_upload_descriptors(void *arg) + + /* 4. Testing missing live consensus. */ + { +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus_null); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus_null); + setup_full_capture_of_logs(LOG_INFO); + run_upload_descriptor_event(now); + expect_log_msg_containing( + "Service [scrubbed] can't upload its current descriptor: " +- "No live consensus"); ++ "No reasonably live consensus"); + teardown_capture_of_logs(); + /* Reset. */ +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + } + + /* 5. Test missing minimum directory information. */ +@@ -2680,7 +2681,7 @@ test_cannot_upload_descriptors(void *arg) + done: + hs_free_all(); + UNMOCK(count_desc_circuit_established); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + UNMOCK(get_or_state); + } + +-- +2.25.1 + diff --git a/projects/tor/build b/projects/tor/build index c7e9190..219301a 100644 --- a/projects/tor/build +++ b/projects/tor/build @@ -93,6 +93,10 @@ openssldir=/var/tmp/dist/openssl/openssl [% END %]
cd /var/tmp/build/[% project %]-[% c('version') %] +# Patch Tor 0.4.4.6 with the fix for tpo/core/tor#40237 +patch -p1 < $rootdir/0001-hs-v3-Require-reasonably-live-consensus.patch +patch -p1 < $rootdir/0002-tests-Fix-unit-tests-after-merge-of-40237.patch +patch -p1 < $rootdir/0003-Pick-up-merge-conflict-resolutions.patch # add git hash to micro-revision.i for #24995 echo '"[% c("abbrev", { abbrev_length => 16 }) %]"' > micro-revision.i ./autogen.sh diff --git a/projects/tor/config b/projects/tor/config index 3050d7d..1a53d39 100644 --- a/projects/tor/config +++ b/projects/tor/config @@ -68,3 +68,6 @@ input_files: - name: zstd project: zstd enable: '[% c("var/android") %]' + - filename: '0001-hs-v3-Require-reasonably-live-consensus.patch' + - filename: '0002-tests-Fix-unit-tests-after-merge-of-40237.patch' + - filename: '0003-Pick-up-merge-conflict-resolutions.patch'
tor-commits@lists.torproject.org