diff options
Diffstat (limited to 'src/or/routerkeys.c')
| -rw-r--r-- | src/or/routerkeys.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index d65b62991b..b1e9ed36f0 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -321,6 +321,7 @@ ed_key_init_from_file(const char *fname, uint32_t flags, if (r > 0) { have_secret = 1; have_encrypted_secret_file = 1; + tor_free(got_tag); /* convince coverity we aren't leaking */ got_tag = tor_strdup(tag); loaded_secret_fname = encrypted_secret_fname; } else if (errno != ENOENT && norepair) { @@ -646,11 +647,13 @@ load_ed_keys(const or_options_t *options, time_t now) goto err; \ } while (0) #define SET_KEY(key, newval) do { \ - ed25519_keypair_free(key); \ + if ((key) != (newval)) \ + ed25519_keypair_free(key); \ key = (newval); \ } while (0) #define SET_CERT(cert, newval) do { \ - tor_cert_free(cert); \ + if ((cert) != (newval)) \ + tor_cert_free(cert); \ cert = (newval); \ } while (0) #define EXPIRES_SOON(cert, interval) \ @@ -659,10 +662,7 @@ load_ed_keys(const or_options_t *options, time_t now) /* XXXX support encrypted identity keys fully */ /* First try to get the signing key to see how it is. */ - if (master_signing_key) { - check_signing_cert = signing_key_cert; - use_signing = master_signing_key; - } else { + { char *fname = options_get_datadir_fname2(options, "keys", "ed25519_signing"); sign = ed_key_init_from_file( @@ -676,9 +676,13 @@ load_ed_keys(const or_options_t *options, time_t now) use_signing = sign; } + if (!use_signing && master_signing_key) { + check_signing_cert = signing_key_cert; + use_signing = master_signing_key; + } + const int offline_master = options->OfflineMasterKey && options->command != CMD_KEYGEN; - const int need_new_signing_key = NULL == use_signing || EXPIRES_SOON(check_signing_cert, 0) || |