diff options
-rw-r--r-- | src/or/hibernate.c | 7 | ||||
-rw-r--r-- | src/or/main.c | 8 | ||||
-rw-r--r-- | src/or/or.h | 1 | ||||
-rw-r--r-- | src/or/router.c | 12 |
4 files changed, 25 insertions, 3 deletions
diff --git a/src/or/hibernate.c b/src/or/hibernate.c index 2407fad6cf..6719a88578 100644 --- a/src/or/hibernate.c +++ b/src/or/hibernate.c @@ -291,6 +291,13 @@ accounting_set_wakeup_time(void) int n_days_to_exhaust_bw; int n_days_to_consider; + if (! identity_key_is_set()) { + if (init_keys() < 0) { + log_fn(LOG_ERR, "Error initializing keys"); + tor_assert(0); + } + } + format_iso_time(buf, interval_start_time); crypto_pk_get_digest(get_identity_key(), digest); diff --git a/src/or/main.c b/src/or/main.c index 9b566822b3..cc8379d0c8 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -784,9 +784,11 @@ static int do_main_loop(void) { /* load the private keys, if we're supposed to have them, and set up the * TLS context. */ - if (init_keys() < 0) { - log_fn(LOG_ERR,"Error initializing keys; exiting"); - return -1; + if (! identity_key_is_set()) { + if (init_keys() < 0) { + log_fn(LOG_ERR,"Error initializing keys; exiting"); + return -1; + } } /* Set up our buckets */ diff --git a/src/or/or.h b/src/or/or.h index f581291f45..2568f662f9 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1511,6 +1511,7 @@ crypto_pk_env_t *get_previous_onion_key(void); time_t get_onion_key_set_at(void); void set_identity_key(crypto_pk_env_t *k); crypto_pk_env_t *get_identity_key(void); +int identity_key_is_set(void); void dup_onion_keys(crypto_pk_env_t **key, crypto_pk_env_t **last); int init_keys(void); crypto_pk_env_t *init_key_from_file(const char *fname); diff --git a/src/or/router.c b/src/or/router.c index a7cb473fc0..3b6c569ee7 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -91,6 +91,12 @@ crypto_pk_env_t *get_identity_key(void) { return identitykey; } +/** Return truf iff the identity key has been set. */ +int identity_key_is_set(void) { + return identitykey != NULL; +} + + /** Replace the previous onion key with the current onion key, and generate * a new previous onion key. Immediately after calling this function, * the OR should: @@ -228,6 +234,12 @@ crypto_pk_env_t *init_key_from_file(const char *fname) * On OPs, this only initializes the tls context. */ int init_keys(void) { + /* XXX009 Two problems with how this is called: + * 1. It should be idempotent for servers, so we can call init_keys + * as much as we need to. + * 2. Clients should rotate their identity keys at least whenever + * their IPs change. + */ char keydir[512]; char keydir2[512]; char fingerprint[FINGERPRINT_LEN+MAX_NICKNAME_LEN+3]; |