If loading an ed25519 master key fails with errno != ENOENT, give up.

This implements feature 16582: if we get EMFILE or something when loading our master key, we should not at that point attempt to overwrite it.
author: Nick Mathewson <nickm@torproject.org> 2015-07-14 10:36:39 -0400
committer: Nick Mathewson <nickm@torproject.org> 2015-07-14 10:36:39 -0400
commit: 5e8edba3d80bf53e5e5c09c8a87e06d0c69e00b7 (patch)
tree: 5df3e1354d288c232c02432c5ce19d9d58f02d07
parent: 0a6997d78bdbf485f42acfa95558a91db3381d70 (diff)
download: tor-5e8edba3d80bf53e5e5c09c8a87e06d0c69e00b7.tar.gz
tor-5e8edba3d80bf53e5e5c09c8a87e06d0c69e00b7.zip
2 files changed, 31 insertions, 6 deletions
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 97a586dc56..946c48bc08 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -166,10 +166,13 @@ write_secret_key(const ed25519_secret_key_t *key, int encrypted,
  * public key file but no secret key file, return successfully anyway.
  *
  * If INIT_ED_KEY_OMIT_SECRET is set in <b>flags</b>, do not even try to
- * load or return a secret key (but create and save on if needed).
+ * load or return a secret key (but create and save one if needed).
  *
  * If INIT_ED_KEY_TRY_ENCRYPTED is set, we look for an encrypted secret key
  * and consider encrypting any new secret key.
+ *
+ * If INIT_ED_KEY_NO_REPAIR is set, and there is any issue loading the keys
+ * from disk _other than their absence_, we do not try to replace them.
  */
 ed25519_keypair_t *
 ed_key_init_from_file(const char *fname, uint32_t flags,
@@ -187,6 +190,7 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
   int created_pk = 0, created_sk = 0, created_cert = 0;
   const int try_to_load = ! (flags & INIT_ED_KEY_REPLACE);
   const int encrypt_key = (flags & INIT_ED_KEY_TRY_ENCRYPTED);
+  const int norepair = (flags & INIT_ED_KEY_NO_REPAIR);
 
   char tag[8];
   tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type);
@@ -201,10 +205,21 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
   tor_asprintf(&cert_fname, "%s_cert", fname);
 
   /* Try to read the secret key. */
-  int have_secret = try_to_load &&
-    !(flags & INIT_ED_KEY_OMIT_SECRET) &&
-    ed25519_seckey_read_from_file(&keypair->seckey,
-                                  &got_tag, secret_fname) == 0;
+  int have_secret = 0;
+  if (try_to_load &&
+      !(flags & INIT_ED_KEY_OMIT_SECRET)) {
+    int rv = ed25519_seckey_read_from_file(&keypair->seckey,
+                                           &got_tag, secret_fname);
+    if (rv == 0) {
+      have_secret = 1;
+    } else {
+      if (errno != ENOENT && norepair) {
+        tor_log(severity, LD_OR, "Unable to read %s: %s", secret_fname,
+                strerror(errno));
+        goto err;
+      }
+    }
+  }
 
   /* Should we try for an encrypted key? */
   if (!have_secret && try_to_load && encrypt_key) {
@@ -213,6 +228,10 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
     if (r > 0) {
       have_secret = 1;
       got_tag = tor_strdup(tag);
+    } else if (errno != ENOENT && norepair) {
+      tor_log(severity, LD_OR, "Unable to read %s: %s", encrypted_secret_fname,
+              strerror(errno));
+      goto err;
     }
   }
 
@@ -234,6 +253,11 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
     tor_free(got_tag);
     found_public = ed25519_pubkey_read_from_file(&keypair->pubkey,
                                                  &got_tag, public_fname) == 0;
+    if (!found_public && errno != ENOENT && norepair) {
+      tor_log(severity, LD_OR, "Unable to read %s: %s", public_fname,
+              strerror(errno));
+      goto err;
+    }
     if (found_public && strcmp(got_tag, tag)) {
       tor_log(severity, LD_OR, "%s has wrong tag", public_fname);
       goto err;
@@ -486,7 +510,7 @@ load_ed_keys(const or_options_t *options, time_t now)
   {
     uint32_t flags =
       (INIT_ED_KEY_CREATE|INIT_ED_KEY_SPLIT|
-       INIT_ED_KEY_EXTRA_STRONG);
+       INIT_ED_KEY_EXTRA_STRONG|INIT_ED_KEY_NO_REPAIR);
     if (! need_new_signing_key)
       flags |= INIT_ED_KEY_MISSING_SECRET_OK;
     if (! want_new_signing_key)
diff --git a/src/or/routerkeys.h b/src/or/routerkeys.h
index 1e0199e5e6..9b93358ae3 100644
--- a/src/or/routerkeys.h
+++ b/src/or/routerkeys.h
@@ -15,6 +15,7 @@
 #define INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT (1u<<6)
 #define INIT_ED_KEY_OMIT_SECRET                 (1u<<7)
 #define INIT_ED_KEY_TRY_ENCRYPTED               (1u<<8)
+#define INIT_ED_KEY_NO_REPAIR                   (1u<<9)
 
 struct tor_cert_st;
 ed25519_keypair_t *ed_key_init_from_file(const char *fname, uint32_t flags,
author	Nick Mathewson <nickm@torproject.org>	2015-07-14 10:36:39 -0400
committer	Nick Mathewson <nickm@torproject.org>	2015-07-14 10:36:39 -0400
commit	5e8edba3d80bf53e5e5c09c8a87e06d0c69e00b7 (patch)
tree	5df3e1354d288c232c02432c5ce19d9d58f02d07
parent	0a6997d78bdbf485f42acfa95558a91db3381d70 (diff)
download	tor-5e8edba3d80bf53e5e5c09c8a87e06d0c69e00b7.tar.gz tor-5e8edba3d80bf53e5e5c09c8a87e06d0c69e00b7.zip