mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 10:12:15 +01:00
Call init_keys() where needed; fix hibernate bug.
svn:r2924
This commit is contained in:
parent
bfc2e95230
commit
36f4e15e81
@ -291,6 +291,13 @@ accounting_set_wakeup_time(void)
|
||||
int n_days_to_exhaust_bw;
|
||||
int n_days_to_consider;
|
||||
|
||||
if (! identity_key_is_set()) {
|
||||
if (init_keys() < 0) {
|
||||
log_fn(LOG_ERR, "Error initializing keys");
|
||||
tor_assert(0);
|
||||
}
|
||||
}
|
||||
|
||||
format_iso_time(buf, interval_start_time);
|
||||
crypto_pk_get_digest(get_identity_key(), digest);
|
||||
|
||||
|
@ -784,9 +784,11 @@ static int do_main_loop(void) {
|
||||
|
||||
/* load the private keys, if we're supposed to have them, and set up the
|
||||
* TLS context. */
|
||||
if (init_keys() < 0) {
|
||||
log_fn(LOG_ERR,"Error initializing keys; exiting");
|
||||
return -1;
|
||||
if (! identity_key_is_set()) {
|
||||
if (init_keys() < 0) {
|
||||
log_fn(LOG_ERR,"Error initializing keys; exiting");
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Set up our buckets */
|
||||
|
@ -1511,6 +1511,7 @@ crypto_pk_env_t *get_previous_onion_key(void);
|
||||
time_t get_onion_key_set_at(void);
|
||||
void set_identity_key(crypto_pk_env_t *k);
|
||||
crypto_pk_env_t *get_identity_key(void);
|
||||
int identity_key_is_set(void);
|
||||
void dup_onion_keys(crypto_pk_env_t **key, crypto_pk_env_t **last);
|
||||
int init_keys(void);
|
||||
crypto_pk_env_t *init_key_from_file(const char *fname);
|
||||
|
@ -91,6 +91,12 @@ crypto_pk_env_t *get_identity_key(void) {
|
||||
return identitykey;
|
||||
}
|
||||
|
||||
/** Return truf iff the identity key has been set. */
|
||||
int identity_key_is_set(void) {
|
||||
return identitykey != NULL;
|
||||
}
|
||||
|
||||
|
||||
/** Replace the previous onion key with the current onion key, and generate
|
||||
* a new previous onion key. Immediately after calling this function,
|
||||
* the OR should:
|
||||
@ -228,6 +234,12 @@ crypto_pk_env_t *init_key_from_file(const char *fname)
|
||||
* On OPs, this only initializes the tls context.
|
||||
*/
|
||||
int init_keys(void) {
|
||||
/* XXX009 Two problems with how this is called:
|
||||
* 1. It should be idempotent for servers, so we can call init_keys
|
||||
* as much as we need to.
|
||||
* 2. Clients should rotate their identity keys at least whenever
|
||||
* their IPs change.
|
||||
*/
|
||||
char keydir[512];
|
||||
char keydir2[512];
|
||||
char fingerprint[FINGERPRINT_LEN+MAX_NICKNAME_LEN+3];
|
||||
|
Loading…
Reference in New Issue
Block a user