Merge branch 'master' into switch-to-klog

google · Aug 1, 2022 · aa7ede9 · aa7ede9
2 parents bdf297b + ed82d19
commit aa7ede9
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,10 @@
  * `ctfe.PEMCertPool` type has been moved to `x509util.PEMCertPool` to reduce
    dependencies (#903).
 
+### Migrillian
+
+* #960: Skip consistency check when root is size zero.
+
 ### Misc
 
  * updated golangci-lint to v1.46.1 (developers should update to this version)

diff --git a/scanner/fetcher.go b/scanner/fetcher.go
@@ -16,10 +16,12 @@ package scanner
 
 import (
 	"context"
+	"net/http"
 	"sync"
 	"time"
 
 	ct "github.com/google/certificate-transparency-go"
+	"github.com/google/certificate-transparency-go/jsonclient"
 	"github.com/google/trillian/client/backoff"
 	"k8s.io/klog/v2"
 )
@@ -284,7 +286,11 @@ func (f *Fetcher) runWorker(ctx context.Context, ranges <-chan fetchRange, fn fu
 				resp, err = f.client.GetRawEntries(ctx, r.start, r.end)
 				return err
 			}); err != nil {
-				klog.Errorf("%s: GetRawEntries() failed: %v", f.uri, err)
+				if rspErr, isRspErr := err.(jsonclient.RspError); isRspErr && rspErr.StatusCode == http.StatusTooManyRequests {
+					klog.V(2).Infof("%s: GetRawEntries() failed: %v", f.uri, err)
+				} else {
+					klog.Errorf("%s: GetRawEntries() failed: %v", f.uri, err)
+				}
 				// There is no error reporting yet for this worker, so just retry again.
 				continue
 			}

diff --git a/trillian/migrillian/core/controller.go b/trillian/migrillian/core/controller.go
@@ -336,6 +336,10 @@ func (c *Controller) fetchTail(ctx context.Context, begin uint64) (uint64, error
 // verifyConsistency checks that the provided verified Trillian root is
 // consistent with the CT log's STH.
 func (c *Controller) verifyConsistency(ctx context.Context, treeSize uint64, rootHash []byte, sth *ct.SignedTreeHead) error {
+	if treeSize == 0 {
+		// Any head is consistent with empty root -- unnecessary to request empty proof.
+		return nil
+	}
 	if c.opts.NoConsistencyCheck {
 		klog.Warningf("%s: skipping consistency check", c.label)
 		return nil

diff --git a/trillian/migrillian/core/controller_test.go b/trillian/migrillian/core/controller_test.go
@@ -0,0 +1,15 @@
+package core
+
+import (
+	"context"
+	"testing"
+
+	ct "github.com/google/certificate-transparency-go"
+)
+
+func TestVerifyConsistencyEmptyHead(t *testing.T) {
+	controller := new(Controller)
+	if controller.verifyConsistency(context.Background(), 0, []byte("abc"), &ct.SignedTreeHead{TreeSize: 100}) != nil {
+		t.Errorf("verifyConsistency should always succeed given empty root")
+	}
+}