[tor-commits] [tor/master] Merge branches 'feature_16582' and 'feature_16581'
nickm at torproject.org
nickm at torproject.org
Wed Jul 15 15:12:39 UTC 2015
commit 7bd5212ddccf12fbb0ee2ea50b73604886b499f5
Merge: a65e835 c4ab8f7 3fcb74e
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Jul 15 11:05:33 2015 -0400
Merge branches 'feature_16582' and 'feature_16581'
src/common/crypto_curve25519.c | 21 ++++++--
src/common/crypto_ed25519.c | 18 ++++---
src/common/util.c | 14 ++++-
src/or/routerkeys.c | 111 ++++++++++++++++++++++++++++++++++------
src/or/routerkeys.h | 1 +
src/or/torcert.c | 9 ++--
6 files changed, 142 insertions(+), 32 deletions(-)
diff --cc src/or/routerkeys.c
index d075c67,c9afad9,d38b5a3..955cb9c
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@@@ -178,10 -191,15 -187,13 +191,17 @@@@ ed_key_init_from_file(const char *fname
char *encrypted_secret_fname = NULL;
char *public_fname = NULL;
char *cert_fname = NULL;
++ const char *loaded_secret_fname = NULL;
int created_pk = 0, created_sk = 0, created_cert = 0;
const int try_to_load = ! (flags & INIT_ED_KEY_REPLACE);
-- const int encrypt_key = (flags & INIT_ED_KEY_TRY_ENCRYPTED);
- const int norepair = (flags & INIT_ED_KEY_NO_REPAIR);
++ const int encrypt_key = !! (flags & INIT_ED_KEY_TRY_ENCRYPTED);
++ const int norepair = !! (flags & INIT_ED_KEY_NO_REPAIR);
++ const int split = !! (flags & INIT_ED_KEY_SPLIT);
+
+ + /* we don't support setting both of these flags at once. */
+ + tor_assert((flags & (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)) !=
+ + (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT));
+
char tag[8];
tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type);
@@@@ -195,10 -213,21 -207,22 +215,22 @@@@
tor_asprintf(&cert_fname, "%s_cert", fname);
/* Try to read the secret key. */
- int have_secret = try_to_load &&
- !(flags & INIT_ED_KEY_OMIT_SECRET) &&
- ed25519_seckey_read_from_file(&keypair->seckey,
- &got_tag, secret_fname) == 0;
+ int have_secret = 0;
+ if (try_to_load &&
+ !(flags & INIT_ED_KEY_OMIT_SECRET)) {
+ int rv = ed25519_seckey_read_from_file(&keypair->seckey,
+ &got_tag, secret_fname);
+ if (rv == 0) {
+ have_secret = 1;
++ loaded_secret_fname = secret_fname;
+ } else {
+ if (errno != ENOENT && norepair) {
+ tor_log(severity, LD_OR, "Unable to read %s: %s", secret_fname,
+ strerror(errno));
+ goto err;
+ }
+ }
+ }
/* Should we try for an encrypted key? */
if (!have_secret && try_to_load && encrypt_key) {
@@@@ -207,6 -236,10 -231,11 +239,11 @@@@
if (r > 0) {
have_secret = 1;
got_tag = tor_strdup(tag);
++ loaded_secret_fname = encrypted_secret_fname;
+ } else if (errno != ENOENT && norepair) {
+ tor_log(severity, LD_OR, "Unable to read %s: %s", encrypted_secret_fname,
+ strerror(errno));
+ goto err;
}
}
@@@@ -222,12 -255,17 -252,19 +260,19 @@@@
}
}
-- /* If it's absent and that's okay, try to read the pubkey. */
++ /* If it's absent and that's okay, or if we do split keys here, try to re
++ * the pubkey. */
int found_public = 0;
-- if (!have_secret && try_to_load) {
++ if ((!have_secret && try_to_load) || (have_secret && split)) {
++ ed25519_public_key_t pubkey_tmp;
tor_free(got_tag);
-- found_public = ed25519_pubkey_read_from_file(&keypair->pubkey,
++ found_public = ed25519_pubkey_read_from_file(&pubkey_tmp,
&got_tag, public_fname) == 0;
+ if (!found_public && errno != ENOENT && norepair) {
+ tor_log(severity, LD_OR, "Unable to read %s: %s", public_fname,
+ strerror(errno));
+ goto err;
+ }
if (found_public && strcmp(got_tag, tag)) {
tor_log(severity, LD_OR, "%s has wrong tag", public_fname);
goto err;
More information about the tor-commits
mailing list