mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Split the client-only parts of init_keys() into a separate function
This should simplify the callgraph a little more.
This commit is contained in:
parent
da04fed865
commit
835e09e54b
3
changes/decouple_init_keys
Normal file
3
changes/decouple_init_keys
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
o Code simplification and refactoring:
|
||||||
|
- Move the client-only parts of init_keys() into a separate function.
|
||||||
|
Closes ticket 16763.
|
@ -1888,7 +1888,7 @@ ip_address_changed(int at_interface)
|
|||||||
if (at_interface) {
|
if (at_interface) {
|
||||||
if (! server) {
|
if (! server) {
|
||||||
/* Okay, change our keys. */
|
/* Okay, change our keys. */
|
||||||
if (init_keys()<0)
|
if (init_keys_client() < 0)
|
||||||
log_warn(LD_GENERAL, "Unable to rotate keys after IP change!");
|
log_warn(LD_GENERAL, "Unable to rotate keys after IP change!");
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -767,6 +767,46 @@ router_write_fingerprint(int hashed)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
init_keys_common(void)
|
||||||
|
{
|
||||||
|
if (!key_lock)
|
||||||
|
key_lock = tor_mutex_new();
|
||||||
|
|
||||||
|
/* There are a couple of paths that put us here before we've asked
|
||||||
|
* openssl to initialize itself. */
|
||||||
|
if (crypto_global_init(get_options()->HardwareAccel,
|
||||||
|
get_options()->AccelName,
|
||||||
|
get_options()->AccelDir)) {
|
||||||
|
log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
init_keys_client(void)
|
||||||
|
{
|
||||||
|
crypto_pk_t *prkey;
|
||||||
|
if (init_keys_common() < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
if (!(prkey = crypto_pk_new()))
|
||||||
|
return -1;
|
||||||
|
if (crypto_pk_generate_key(prkey)) {
|
||||||
|
crypto_pk_free(prkey);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
set_client_identity_key(prkey);
|
||||||
|
/* Create a TLS context. */
|
||||||
|
if (router_initialize_tls_context() < 0) {
|
||||||
|
log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/** Initialize all OR private keys, and the TLS context, as necessary.
|
/** Initialize all OR private keys, and the TLS context, as necessary.
|
||||||
* On OPs, this only initializes the tls context. Return 0 on success,
|
* On OPs, this only initializes the tls context. Return 0 on success,
|
||||||
* or -1 if Tor should die.
|
* or -1 if Tor should die.
|
||||||
@ -786,35 +826,13 @@ init_keys(void)
|
|||||||
int v3_digest_set = 0;
|
int v3_digest_set = 0;
|
||||||
authority_cert_t *cert = NULL;
|
authority_cert_t *cert = NULL;
|
||||||
|
|
||||||
if (!key_lock)
|
|
||||||
key_lock = tor_mutex_new();
|
|
||||||
|
|
||||||
/* There are a couple of paths that put us here before we've asked
|
|
||||||
* openssl to initialize itself. */
|
|
||||||
if (crypto_global_init(get_options()->HardwareAccel,
|
|
||||||
get_options()->AccelName,
|
|
||||||
get_options()->AccelDir)) {
|
|
||||||
log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* OP's don't need persistent keys; just make up an identity and
|
/* OP's don't need persistent keys; just make up an identity and
|
||||||
* initialize the TLS context. */
|
* initialize the TLS context. */
|
||||||
if (!server_mode(options)) {
|
if (!server_mode(options)) {
|
||||||
if (!(prkey = crypto_pk_new()))
|
return init_keys_client();
|
||||||
return -1;
|
|
||||||
if (crypto_pk_generate_key(prkey)) {
|
|
||||||
crypto_pk_free(prkey);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
set_client_identity_key(prkey);
|
|
||||||
/* Create a TLS context. */
|
|
||||||
if (router_initialize_tls_context() < 0) {
|
|
||||||
log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
if (init_keys_common() < 0)
|
||||||
|
return -1;
|
||||||
/* Make sure DataDirectory exists, and is private. */
|
/* Make sure DataDirectory exists, and is private. */
|
||||||
if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) {
|
if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) {
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -37,6 +37,7 @@ void ntor_key_map_free(di_digest256_map_t *map);
|
|||||||
|
|
||||||
int router_initialize_tls_context(void);
|
int router_initialize_tls_context(void);
|
||||||
int init_keys(void);
|
int init_keys(void);
|
||||||
|
int init_keys_client(void);
|
||||||
|
|
||||||
int check_whether_orport_reachable(void);
|
int check_whether_orport_reachable(void);
|
||||||
int check_whether_dirport_reachable(void);
|
int check_whether_dirport_reachable(void);
|
||||||
|
Loading…
Reference in New Issue
Block a user