9 years ago · 8f15423b76
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -866,8 +866,7 @@ init_keys(void)
 
				   }
			
 
				 
			
 
				   /* 1d. Load all ed25519 keys */
			
 
				-  if (load_ed_keys(options,now) < 0 ||
			
 
				-      generate_ed_link_cert(options,now))
			
 
				+  if (load_ed_keys(options,now) < 0)
			
 
				     return -1;
			
 
				 
			
 
				   /* 2. Read onion key.  Make it if none is found. */
			
@@ -935,6 +934,13 @@ init_keys(void)
 
				     return -1;
			
 
				   }
			
 
				 
			
 
				+  /* 3b. Get an ed25519 link certificate.  Note that we need to do this
			
 
				+   * after we set up the TLS context */
			
 
				+  if (generate_ed_link_cert(options, now) < 0) {
			
 
				+    log_err(LD_GENERAL,"Couldn't make link cert");
			
 
				+    return -1;
			
 
				+  }
			
 
				+
			
 
				   /* 4. Build our router descriptor. */
			
 
				   /* Must be called after keys are initialized. */
			
 
				   mydesc = router_get_my_descriptor();
			
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -418,9 +418,6 @@ load_ed_keys(const or_options_t *options, time_t now)
 
				     SET_CERT(auth_key_cert, auth_cert);
			
 
				   }
			
 
				 
			
 
				-  if (generate_ed_link_cert(options, now) < 0)
			
 
				-    FAIL("Couldn't make link cert");
			
 
				-
			
 
				   return 0;
			
 
				  err:
			
 
				   ed25519_keypair_free(id);
			
@@ -438,8 +435,10 @@ generate_ed_link_cert(const or_options_t *options, time_t now)
 
				   const tor_x509_cert_t *link = NULL, *id = NULL;
			
 
				   tor_cert_t *link_cert = NULL;
			
 
				 
			
 
				-  if (tor_tls_get_my_certs(1, &link, &id) < 0 || link == NULL)
			
 
				+  if (tor_tls_get_my_certs(1, &link, &id) < 0 || link == NULL) {
			
 
				+    log_warn(LD_OR, "Can't get my x509 link cert.");
			
 
				     return -1;
			
 
				+  }
			
 
				 
			
 
				   const digests_t *digests = tor_x509_cert_get_cert_digests(link);
			
 
				 
			
--- a/src/test/test_routerkeys.c
+++ b/src/test/test_routerkeys.c
@@ -446,6 +446,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
 
				   options->DataDirectory = dir;
			
 
				 
			
 
				   tt_int_op(0, ==, load_ed_keys(options, now));
			
 
				+  tt_int_op(0, ==, generate_ed_link_cert(options, now));
			
 
				   tt_assert(get_master_identity_key());
			
 
				   tt_assert(get_master_identity_key());
			
 
				   tt_assert(get_master_signing_keypair());
			
@@ -460,6 +461,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
 
				 
			
 
				   /* Call load_ed_keys again, but nothing has changed. */
			
 
				   tt_int_op(0, ==, load_ed_keys(options, now));
			
 
				+  tt_int_op(0, ==, generate_ed_link_cert(options, now));
			
 
				   tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
			
 
				   tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
			
 
				   tt_mem_op(&auth, ==, get_current_auth_keypair(), sizeof(auth));
			
@@ -468,6 +470,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
 
				   /* Force a reload: we make new link/auth keys. */
			
 
				   routerkeys_free_all();
			
 
				   tt_int_op(0, ==, load_ed_keys(options, now));
			
 
				+  tt_int_op(0, ==, generate_ed_link_cert(options, now));
			
 
				   tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
			
 
				   tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
			
 
				   tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
			
@@ -481,6 +484,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
 
				 
			
 
				   /* Force a link/auth-key regeneration by advancing time. */
			
 
				   tt_int_op(0, ==, load_ed_keys(options, now+3*86400));
			
 
				+  tt_int_op(0, ==, generate_ed_link_cert(options, now+3*86400));
			
 
				   tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
			
 
				   tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
			
 
				   tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
			
@@ -494,6 +498,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
 
				 
			
 
				   /* Force a signing-key regeneration by advancing time. */
			
 
				   tt_int_op(0, ==, load_ed_keys(options, now+100*86400));
			
 
				+  tt_int_op(0, ==, generate_ed_link_cert(options, now+100*86400));
			
 
				   tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
			
 
				   tt_mem_op(&sign, !=, get_master_signing_keypair(), sizeof(sign));
			
 
				   tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
			
@@ -511,6 +516,7 @@ test_routerkeys_ed_keys_init_all(void *arg)
 
				   unlink(get_fname("test_ed_keys_init_all/keys/"
			
 
				                    "ed25519_master_id_secret_key"));
			
 
				   tt_int_op(0, ==, load_ed_keys(options, now));
			
 
				+  tt_int_op(0, ==, generate_ed_link_cert(options, now));
			
 
				   tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
			
 
				   tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
			
 
				   tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));