mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-20 10:12:15 +01:00
Code Issues Projects Releases Wiki Activity

Do not allocate our ed-link crosscert till after tls ctx

Browse Source 
We need this to prevent some annoying chutney crash-at-starts
This commit is contained in:
Nick Mathewson 2015-05-15 11:09:10 -04:00
parent 3bee74c6d1
commit 8f15423b76
3 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/or/router.c
View File

@ -866,8 +866,7 @@ init_keys(void)
}
/* 1d. Load all ed25519 keys */
if (load_ed_keys(options,now) < 0 ||
generate_ed_link_cert(options,now))
if (load_ed_keys(options,now) < 0)
return -1;
/* 2. Read onion key. Make it if none is found. */
@ -935,6 +934,13 @@ init_keys(void)
return -1;
}
/* 3b. Get an ed25519 link certificate. Note that we need to do this
* after we set up the TLS context */
if (generate_ed_link_cert(options, now) < 0) {
log_err(LD_GENERAL,"Couldn't make link cert");
return -1;
}
/* 4. Build our router descriptor. */
/* Must be called after keys are initialized. */
mydesc = router_get_my_descriptor();

7
src/or/routerkeys.c
View File

@ -418,9 +418,6 @@ load_ed_keys(const or_options_t *options, time_t now)
SET_CERT(auth_key_cert, auth_cert);
}
if (generate_ed_link_cert(options, now) < 0)
FAIL("Couldn't make link cert");
return 0;
err:
ed25519_keypair_free(id);
@ -438,8 +435,10 @@ generate_ed_link_cert(const or_options_t *options, time_t now)
const tor_x509_cert_t *link = NULL, *id = NULL;
tor_cert_t *link_cert = NULL;
if (tor_tls_get_my_certs(1, &link, &id) < 0 || link == NULL)
if (tor_tls_get_my_certs(1, &link, &id) < 0 || link == NULL) {
log_warn(LD_OR, "Can't get my x509 link cert.");
return -1;
}
const digests_t *digests = tor_x509_cert_get_cert_digests(link);

6
src/test/test_routerkeys.c
View File

@ -446,6 +446,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
options->DataDirectory = dir;
tt_int_op(0, ==, load_ed_keys(options, now));
tt_int_op(0, ==, generate_ed_link_cert(options, now));
tt_assert(get_master_identity_key());
tt_assert(get_master_identity_key());
tt_assert(get_master_signing_keypair());
@ -460,6 +461,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
/* Call load_ed_keys again, but nothing has changed. */
tt_int_op(0, ==, load_ed_keys(options, now));
tt_int_op(0, ==, generate_ed_link_cert(options, now));
tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
tt_mem_op(&auth, ==, get_current_auth_keypair(), sizeof(auth));
@ -468,6 +470,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
/* Force a reload: we make new link/auth keys. */
routerkeys_free_all();
tt_int_op(0, ==, load_ed_keys(options, now));
tt_int_op(0, ==, generate_ed_link_cert(options, now));
tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
@ -481,6 +484,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
/* Force a link/auth-key regeneration by advancing time. */
tt_int_op(0, ==, load_ed_keys(options, now+3*86400));
tt_int_op(0, ==, generate_ed_link_cert(options, now+3*86400));
tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
@ -494,6 +498,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
/* Force a signing-key regeneration by advancing time. */
tt_int_op(0, ==, load_ed_keys(options, now+100*86400));
tt_int_op(0, ==, generate_ed_link_cert(options, now+100*86400));
tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
tt_mem_op(&sign, !=, get_master_signing_keypair(), sizeof(sign));
tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
@ -511,6 +516,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
unlink(get_fname("test_ed_keys_init_all/keys/"
"ed25519_master_id_secret_key"));
tt_int_op(0, ==, load_ed_keys(options, now));
tt_int_op(0, ==, generate_ed_link_cert(options, now));
tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));