|
|
@@ -638,11 +638,13 @@ load_ed_keys(const or_options_t *options, time_t now)
|
|
|
goto err; \
|
|
|
} while (0)
|
|
|
#define SET_KEY(key, newval) do { \
|
|
|
- ed25519_keypair_free(key); \
|
|
|
+ if ((key) != (newval)) \
|
|
|
+ ed25519_keypair_free(key); \
|
|
|
key = (newval); \
|
|
|
} while (0)
|
|
|
#define SET_CERT(cert, newval) do { \
|
|
|
- tor_cert_free(cert); \
|
|
|
+ if ((cert) != (newval)) \
|
|
|
+ tor_cert_free(cert); \
|
|
|
cert = (newval); \
|
|
|
} while (0)
|
|
|
#define EXPIRES_SOON(cert, interval) \
|
|
|
@@ -651,10 +653,7 @@ load_ed_keys(const or_options_t *options, time_t now)
|
|
|
/* XXXX support encrypted identity keys fully */
|
|
|
|
|
|
/* First try to get the signing key to see how it is. */
|
|
|
- if (master_signing_key) {
|
|
|
- check_signing_cert = signing_key_cert;
|
|
|
- use_signing = master_signing_key;
|
|
|
- } else {
|
|
|
+ {
|
|
|
char *fname =
|
|
|
options_get_datadir_fname2(options, "keys", "ed25519_signing");
|
|
|
sign = ed_key_init_from_file(
|
|
|
@@ -668,6 +667,11 @@ load_ed_keys(const or_options_t *options, time_t now)
|
|
|
use_signing = sign;
|
|
|
}
|
|
|
|
|
|
+ if (!use_signing && master_signing_key) {
|
|
|
+ check_signing_cert = signing_key_cert;
|
|
|
+ use_signing = master_signing_key;
|
|
|
+ }
|
|
|
+
|
|
|
const int need_new_signing_key =
|
|
|
NULL == use_signing ||
|
|
|
EXPIRES_SOON(check_signing_cert, 0) ||
|
Nick Mathewson