From 835e09e54b07cac826e1d2efb450b0223e8a92ba Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 11 Aug 2015 10:35:10 -0400 Subject: [PATCH] Split the client-only parts of init_keys() into a separate function This should simplify the callgraph a little more. --- changes/decouple_init_keys | 3 ++ src/or/main.c | 2 +- src/or/router.c | 68 ++++++++++++++++++++++++-------------- src/or/router.h | 1 + 4 files changed, 48 insertions(+), 26 deletions(-) create mode 100644 changes/decouple_init_keys diff --git a/changes/decouple_init_keys b/changes/decouple_init_keys new file mode 100644 index 0000000000..7f48d2b9d3 --- /dev/null +++ b/changes/decouple_init_keys @@ -0,0 +1,3 @@ + o Code simplification and refactoring: + - Move the client-only parts of init_keys() into a separate function. + Closes ticket 16763. diff --git a/src/or/main.c b/src/or/main.c index e564e6c132..c6dcd2ae95 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1888,7 +1888,7 @@ ip_address_changed(int at_interface) if (at_interface) { if (! server) { /* Okay, change our keys. */ - if (init_keys()<0) + if (init_keys_client() < 0) log_warn(LD_GENERAL, "Unable to rotate keys after IP change!"); } } else { diff --git a/src/or/router.c b/src/or/router.c index 47825e2d1c..03973ae90a 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -767,6 +767,46 @@ router_write_fingerprint(int hashed) return result; } +static int +init_keys_common(void) +{ + if (!key_lock) + key_lock = tor_mutex_new(); + + /* There are a couple of paths that put us here before we've asked + * openssl to initialize itself. */ + if (crypto_global_init(get_options()->HardwareAccel, + get_options()->AccelName, + get_options()->AccelDir)) { + log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting."); + return -1; + } + + return 0; +} + +int +init_keys_client(void) +{ + crypto_pk_t *prkey; + if (init_keys_common() < 0) + return -1; + + if (!(prkey = crypto_pk_new())) + return -1; + if (crypto_pk_generate_key(prkey)) { + crypto_pk_free(prkey); + return -1; + } + set_client_identity_key(prkey); + /* Create a TLS context. */ + if (router_initialize_tls_context() < 0) { + log_err(LD_GENERAL,"Error creating TLS context for Tor client."); + return -1; + } + return 0; +} + /** Initialize all OR private keys, and the TLS context, as necessary. * On OPs, this only initializes the tls context. Return 0 on success, * or -1 if Tor should die. @@ -786,35 +826,13 @@ init_keys(void) int v3_digest_set = 0; authority_cert_t *cert = NULL; - if (!key_lock) - key_lock = tor_mutex_new(); - - /* There are a couple of paths that put us here before we've asked - * openssl to initialize itself. */ - if (crypto_global_init(get_options()->HardwareAccel, - get_options()->AccelName, - get_options()->AccelDir)) { - log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting."); - return -1; - } - /* OP's don't need persistent keys; just make up an identity and * initialize the TLS context. */ if (!server_mode(options)) { - if (!(prkey = crypto_pk_new())) - return -1; - if (crypto_pk_generate_key(prkey)) { - crypto_pk_free(prkey); - return -1; - } - set_client_identity_key(prkey); - /* Create a TLS context. */ - if (router_initialize_tls_context() < 0) { - log_err(LD_GENERAL,"Error creating TLS context for Tor client."); - return -1; - } - return 0; + return init_keys_client(); } + if (init_keys_common() < 0) + return -1; /* Make sure DataDirectory exists, and is private. */ if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) { return -1; diff --git a/src/or/router.h b/src/or/router.h index 61b35d6b5a..d8fcf0a9ad 100644 --- a/src/or/router.h +++ b/src/or/router.h @@ -37,6 +37,7 @@ void ntor_key_map_free(di_digest256_map_t *map); int router_initialize_tls_context(void); int init_keys(void); +int init_keys_client(void); int check_whether_orport_reachable(void); int check_whether_dirport_reachable(void);