mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Fix bug in saving onion keys to disk when rotating; also survive short-term shutdowns better
svn:r2206
This commit is contained in:
parent
e6c34ad071
commit
6141097f6e
@ -98,8 +98,11 @@ crypto_pk_env_t *get_identity_key(void) {
|
|||||||
void rotate_onion_key(void)
|
void rotate_onion_key(void)
|
||||||
{
|
{
|
||||||
char fname[512];
|
char fname[512];
|
||||||
|
char fname_prev[512];
|
||||||
crypto_pk_env_t *prkey;
|
crypto_pk_env_t *prkey;
|
||||||
sprintf(fname,"%s/keys/onion.key",get_data_directory(&options));
|
sprintf(fname,"%s/keys/secret_onion_key",get_data_directory(&options));
|
||||||
|
sprintf(fname_prev,"%s/keys/secret_onion_key.old",
|
||||||
|
get_data_directory(&options));
|
||||||
if (!(prkey = crypto_new_pk_env())) {
|
if (!(prkey = crypto_new_pk_env())) {
|
||||||
log(LOG_ERR, "Error creating crypto environment.");
|
log(LOG_ERR, "Error creating crypto environment.");
|
||||||
goto error;
|
goto error;
|
||||||
@ -108,6 +111,10 @@ void rotate_onion_key(void)
|
|||||||
log(LOG_ERR, "Error generating onion key");
|
log(LOG_ERR, "Error generating onion key");
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
if (file_status(fname) == FN_FILE) {
|
||||||
|
if (replace_file(fname, fname_prev))
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
if (crypto_pk_write_private_key_to_filename(prkey, fname)) {
|
if (crypto_pk_write_private_key_to_filename(prkey, fname)) {
|
||||||
log(LOG_ERR, "Couldn't write generated key to %s.", fname);
|
log(LOG_ERR, "Couldn't write generated key to %s.", fname);
|
||||||
goto error;
|
goto error;
|
||||||
@ -144,15 +151,9 @@ static crypto_pk_env_t *
|
|||||||
init_key_from_file_name_changed(const char *fname_old,
|
init_key_from_file_name_changed(const char *fname_old,
|
||||||
const char *fname_new)
|
const char *fname_new)
|
||||||
{
|
{
|
||||||
int fs;
|
|
||||||
|
|
||||||
fs = file_status(fname_new);
|
if (file_status(fname_new) == FN_FILE || file_status(fname_old) != FN_FILE)
|
||||||
if (fs == FN_FILE)
|
/* The new filename is there, or both are, or neither is. */
|
||||||
/* The new filename is there. */
|
|
||||||
return init_key_from_file(fname_new);
|
|
||||||
fs = file_status(fname_old);
|
|
||||||
if (fs != FN_FILE)
|
|
||||||
/* There is no key under either name. */
|
|
||||||
return init_key_from_file(fname_new);
|
return init_key_from_file(fname_new);
|
||||||
|
|
||||||
/* The old filename exists, and the new one doesn't. Rename and load. */
|
/* The old filename exists, and the new one doesn't. Rename and load. */
|
||||||
@ -284,6 +285,12 @@ int init_keys(void) {
|
|||||||
prkey = init_key_from_file_name_changed(keydir,keydir2);
|
prkey = init_key_from_file_name_changed(keydir,keydir2);
|
||||||
if (!prkey) return -1;
|
if (!prkey) return -1;
|
||||||
set_onion_key(prkey);
|
set_onion_key(prkey);
|
||||||
|
sprintf(keydir,"%s/keys/secret_onion_key.old",datadir);
|
||||||
|
if (file_status(keydir) == FN_FILE) {
|
||||||
|
prkey = init_key_from_file(keydir);
|
||||||
|
if (prkey)
|
||||||
|
lastonionkey = prkey;
|
||||||
|
}
|
||||||
|
|
||||||
/* 3. Initialize link key and TLS context. */
|
/* 3. Initialize link key and TLS context. */
|
||||||
if (tor_tls_context_new(get_identity_key(), 1, options.Nickname,
|
if (tor_tls_context_new(get_identity_key(), 1, options.Nickname,
|
||||||
|
Loading…
Reference in New Issue
Block a user