From 9ea80b465f474e9e70d907a4d3f3638b65688e89 Mon Sep 17 00:00:00 2001 From: trinity-1686a Date: Sun, 16 Jul 2023 22:29:23 +0200 Subject: [PATCH] fix non-fatal assertion when rotate_onion_key fails --- src/feature/relay/relay_periodic.c | 4 +++- src/feature/relay/router.c | 7 ++++++- src/feature/relay/router.h | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/feature/relay/relay_periodic.c b/src/feature/relay/relay_periodic.c index dd9be4e36f..7661d00afc 100644 --- a/src/feature/relay/relay_periodic.c +++ b/src/feature/relay/relay_periodic.c @@ -102,7 +102,9 @@ rotate_onion_key_callback(time_t now, const or_options_t *options) } log_info(LD_GENERAL,"Rotating onion key."); - rotate_onion_key(); + if (!rotate_onion_key()) { + return ONION_KEY_CONSENSUS_CHECK_INTERVAL; + } cpuworkers_rotate_keyinfo(); if (!router_rebuild_descriptor(1)) { log_info(LD_CONFIG, "Couldn't rebuild router descriptor"); diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c index f5928127ea..1ed9630e09 100644 --- a/src/feature/relay/router.c +++ b/src/feature/relay/router.c @@ -482,8 +482,10 @@ get_my_v3_legacy_signing_key(void) * - schedule all previous cpuworkers to shut down _after_ processing * pending work. (This will cause fresh cpuworkers to be generated.) * - generate and upload a fresh routerinfo. + * + * Return true on success, else false on error. */ -void +bool rotate_onion_key(void) { char *fname, *fname_prev; @@ -491,6 +493,7 @@ rotate_onion_key(void) or_state_t *state = get_or_state(); curve25519_keypair_t new_curve25519_keypair; time_t now; + bool result = false; fname = get_keydir_fname("secret_onion_key"); fname_prev = get_keydir_fname("secret_onion_key.old"); /* There isn't much point replacing an old key with an empty file */ @@ -540,6 +543,7 @@ rotate_onion_key(void) tor_mutex_release(key_lock); mark_my_descriptor_dirty("rotated onion key"); or_state_mark_dirty(state, get_options()->AvoidDiskWrites ? now+3600 : 0); + result = true; goto done; error: log_warn(LD_GENERAL, "Couldn't rotate onion key."); @@ -549,6 +553,7 @@ rotate_onion_key(void) memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair)); tor_free(fname); tor_free(fname_prev); + return result; } /** Log greeting message that points to new relay lifecycle document the diff --git a/src/feature/relay/router.h b/src/feature/relay/router.h index b5b5a1fffa..f201fdbd63 100644 --- a/src/feature/relay/router.h +++ b/src/feature/relay/router.h @@ -45,7 +45,7 @@ authority_cert_t *get_my_v3_legacy_cert(void); crypto_pk_t *get_my_v3_legacy_signing_key(void); void dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last); void expire_old_onion_keys(void); -void rotate_onion_key(void); +bool rotate_onion_key(void); void v3_authority_check_key_expiry(void); int get_onion_key_lifetime(void); int get_onion_key_grace_period(void);