Call init_keys() where needed; fix hibernate bug.

svn:r2924
2024-11-10 13:13:44 +01:00 · 2004-11-21 04:19:04 +00:00 · 2004-11-21 04:19:04 +00:00 · 36f4e15e81
commit 36f4e15e81
parent bfc2e95230
4 changed files with 25 additions and 3 deletions
--- a/src/or/hibernate.c
+++ b/src/or/hibernate.c
@ -291,6 +291,13 @@ accounting_set_wakeup_time(void)
  int n_days_to_exhaust_bw;
  int n_days_to_consider;

+  if (! identity_key_is_set()) {
+    if (init_keys() < 0) {
+      log_fn(LOG_ERR, "Error initializing keys");
+      tor_assert(0);
+    }
+  }
+
  format_iso_time(buf, interval_start_time);
  crypto_pk_get_digest(get_identity_key(), digest);

--- a/src/or/main.c
+++ b/src/or/main.c
@ -784,9 +784,11 @@ static int do_main_loop(void) {

  /* load the private keys, if we're supposed to have them, and set up the
   * TLS context. */
-  if (init_keys() < 0) {
-    log_fn(LOG_ERR,"Error initializing keys; exiting");
-    return -1;
+  if (! identity_key_is_set()) {
+    if (init_keys() < 0) {
+      log_fn(LOG_ERR,"Error initializing keys; exiting");
+      return -1;
+    }
  }

  /* Set up our buckets */
--- a/src/or/or.h
+++ b/src/or/or.h
@ -1511,6 +1511,7 @@ crypto_pk_env_t *get_previous_onion_key(void);
 time_t get_onion_key_set_at(void);
 void set_identity_key(crypto_pk_env_t *k);
 crypto_pk_env_t *get_identity_key(void);
+int identity_key_is_set(void);
 void dup_onion_keys(crypto_pk_env_t **key, crypto_pk_env_t **last);
 int init_keys(void);
 crypto_pk_env_t *init_key_from_file(const char *fname);
--- a/src/or/router.c
+++ b/src/or/router.c
@ -91,6 +91,12 @@ crypto_pk_env_t *get_identity_key(void) {
  return identitykey;
 }

+/** Return truf iff the identity key has been set. */
+int identity_key_is_set(void) {
+  return identitykey != NULL;
+}
+
+
 /** Replace the previous onion key with the current onion key, and generate
 * a new previous onion key.  Immediately after calling this function,
 * the OR should:
@ -228,6 +234,12 @@ crypto_pk_env_t *init_key_from_file(const char *fname)
 * On OPs, this only initializes the tls context.
 */
 int init_keys(void) {
+  /* XXX009 Two problems with how this is called:
+   * 1. It should be idempotent for servers, so we can call init_keys
+   *    as much as we need to.
+   * 2. Clients should rotate their identity keys at least whenever
+   *    their IPs change.
+   */
  char keydir[512];
  char keydir2[512];
  char fingerprint[FINGERPRINT_LEN+MAX_NICKNAME_LEN+3];