1 files changed, 56 insertions, 21 deletions

diff --git a/src/or/router.c b/src/or/router.c
index 00cd0578c6..6532f97d24 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -687,7 +687,9 @@ router_initialize_tls_context(void)
   if (!lifetime) { /* we should guess a good ssl cert lifetime */
 
     /* choose between 5 and 365 days, and round to the day */
-    lifetime = 5*24*3600 + crypto_rand_int(361*24*3600);
+    unsigned int five_days = 5*24*3600;
+    unsigned int one_year = 365*24*3600;
+    lifetime = crypto_rand_int_range(five_days, one_year);
     lifetime -= lifetime % (24*3600);
 
     if (crypto_rand_int(2)) {
@@ -1817,12 +1819,15 @@ router_pick_published_address(const or_options_t *options, uint32_t *addr)
   return 0;
 }
 
-/** If <b>force</b> is true, or our descriptor is out-of-date, rebuild a fresh
- * routerinfo, signed server descriptor, and extra-info document for this OR.
- * Return 0 on success, -1 on temporary error.
+/** Build a fresh routerinfo, signed server descriptor, and extra-info document
+ * for this OR. Set r to the generated routerinfo, e to the generated
+ * extra-info document. Return 0 on success, -1 on temporary error. Failure to
+ * generate an extra-info document is not an error and is indicated by setting
+ * e to NULL. Caller is responsible for freeing generated documents if 0 is
+ * returned.
  */
 int
-router_rebuild_descriptor(int force)
+router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
 {
   routerinfo_t *ri;
   extrainfo_t *ei;
@@ -1831,20 +1836,11 @@ router_rebuild_descriptor(int force)
   int hibernating = we_are_hibernating();
   const or_options_t *options = get_options();
 
-  if (desc_clean_since && !force)
-    return 0;
-
-  if (router_pick_published_address(options, &addr) < 0 ||
-      router_get_advertised_or_port(options) == 0) {
-    /* Stop trying to rebuild our descriptor every second. We'll
-     * learn that it's time to try again when ip_address_changed()
-     * marks it dirty. */
-    desc_clean_since = time(NULL);
+  if (router_pick_published_address(options, &addr) < 0) {
+    log_warn(LD_CONFIG, "Don't know my address while generating descriptor");
     return -1;
   }
 
-  log_info(LD_OR, "Rebuilding relay descriptor%s", force ? " (forced)" : "");
-
   ri = tor_malloc_zero(sizeof(routerinfo_t));
   ri->cache_info.routerlist_index = -1;
   ri->nickname = tor_strdup(options->Nickname);
@@ -2053,6 +2049,41 @@ router_rebuild_descriptor(int force)
     tor_assert(! routerinfo_incompatible_with_extrainfo(ri, ei, NULL, NULL));
   }
 
+  *r = ri;
+  *e = ei;
+  return 0;
+}
+
+/** If <b>force</b> is true, or our descriptor is out-of-date, rebuild a fresh
+ * routerinfo, signed server descriptor, and extra-info document for this OR.
+ * Return 0 on success, -1 on temporary error.
+ */
+int
+router_rebuild_descriptor(int force)
+{
+  routerinfo_t *ri;
+  extrainfo_t *ei;
+  uint32_t addr;
+  const or_options_t *options = get_options();
+
+  if (desc_clean_since && !force)
+    return 0;
+
+  if (router_pick_published_address(options, &addr) < 0 ||
+      router_get_advertised_or_port(options) == 0) {
+    /* Stop trying to rebuild our descriptor every second. We'll
+     * learn that it's time to try again when ip_address_changed()
+     * marks it dirty. */
+    desc_clean_since = time(NULL);
+    return -1;
+  }
+
+  log_info(LD_OR, "Rebuilding relay descriptor%s", force ? " (forced)" : "");
+
+  if (router_build_fresh_descriptor(&ri, &ei) < 0) {
+    return -1;
+  }
+
   routerinfo_free(desc_routerinfo);
   desc_routerinfo = ri;
   extrainfo_free(desc_extrainfo);
@@ -2377,7 +2408,8 @@ router_dump_router_to_string(routerinfo_t *router,
     char ed_cert_base64[256];
     if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
                       (const char*)router->signing_key_cert->encoded,
-                      router->signing_key_cert->encoded_len) < 0) {
+                      router->signing_key_cert->encoded_len,
+                      BASE64_ENCODE_MULTILINE) < 0) {
       log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
       goto err;
     }
@@ -2416,7 +2448,8 @@ router_dump_router_to_string(routerinfo_t *router,
       goto err;
     }
 
-    if (base64_encode(buf, sizeof(buf), (const char*)tap_cc, tap_cc_len) < 0) {
+    if (base64_encode(buf, sizeof(buf), (const char*)tap_cc, tap_cc_len,
+                      BASE64_ENCODE_MULTILINE) < 0) {
       log_warn(LD_BUG,"base64_encode(rsa_crosscert) failed!");
       tor_free(tap_cc);
       goto err;
@@ -2448,7 +2481,8 @@ router_dump_router_to_string(routerinfo_t *router,
     tor_assert(sign == 0 || sign == 1);
 
     if (base64_encode(buf, sizeof(buf),
-                      (const char*)cert->encoded, cert->encoded_len)<0) {
+                      (const char*)cert->encoded, cert->encoded_len,
+                      BASE64_ENCODE_MULTILINE)<0) {
       log_warn(LD_BUG,"base64_encode(ntor_crosscert) failed!");
       tor_cert_free(cert);
       goto err;
@@ -2555,7 +2589,7 @@ router_dump_router_to_string(routerinfo_t *router,
     char kbuf[128];
     base64_encode(kbuf, sizeof(kbuf),
                   (const char *)router->onion_curve25519_pkey->public_key,
-                  CURVE25519_PUBKEY_LEN);
+                  CURVE25519_PUBKEY_LEN, BASE64_ENCODE_MULTILINE);
     smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
   }
 
@@ -2831,7 +2865,8 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
     char ed_cert_base64[256];
     if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
                       (const char*)extrainfo->signing_key_cert->encoded,
-                      extrainfo->signing_key_cert->encoded_len) < 0) {
+                      extrainfo->signing_key_cert->encoded_len,
+                      BASE64_ENCODE_MULTILINE) < 0) {
       log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
       goto err;
     }