пре 9 година · 41891cbf93
--- a/changes/ed25519_hup
+++ b/changes/ed25519_hup
@@ -0,0 +1,4 @@
 
				+  o Minor features (relay, Ed25519):
			
 
				+    - On receiving a HUP signal, check to see whether the Ed25519
			
 
				+      signing key has changed, and reload it if so. Closes ticket
			
 
				+      16790.
			
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2019,6 +2019,14 @@ do_hup(void)
 
				    * force a retry there. */
			
 
				 
			
 
				   if (server_mode(options)) {
			
 
				+    /* Maybe we've been given a new ed25519 key or certificate?
			
 
				+     */
			
 
				+    time_t now = approx_time();
			
 
				+    if (load_ed_keys(options, now) < 0 ||
			
 
				+         generate_ed_link_cert(options, now)) {
			
 
				+      log_warn(LD_OR, "Problem reloading Ed25519 keys; still using old keys.");
			
 
				+    }
			
 
				+
			
 
				     /* Update cpuworker and dnsworker processes, so they get up-to-date
			
 
				      * configuration options. */
			
 
				     cpuworkers_rotate_keyinfo();
			
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -638,11 +638,13 @@ load_ed_keys(const or_options_t *options, time_t now)
 
				     goto err;                                   \
			
 
				   } while (0)
			
 
				 #define SET_KEY(key, newval) do {               \
			
 
				-    ed25519_keypair_free(key);                  \
			
 
				+    if ((key) != (newval))                      \
			
 
				+      ed25519_keypair_free(key);                \
			
 
				     key = (newval);                             \
			
 
				   } while (0)
			
 
				 #define SET_CERT(cert, newval) do {             \
			
 
				-    tor_cert_free(cert);                        \
			
 
				+    if ((cert) != (newval))                     \
			
 
				+      tor_cert_free(cert);                      \
			
 
				     cert = (newval);                            \
			
 
				   } while (0)
			
 
				 #define EXPIRES_SOON(cert, interval)            \
			
@@ -651,10 +653,7 @@ load_ed_keys(const or_options_t *options, time_t now)
 
				   /* XXXX support encrypted identity keys fully */
			
 
				 
			
 
				   /* First try to get the signing key to see how it is. */
			
 
				-  if (master_signing_key) {
			
 
				-    check_signing_cert = signing_key_cert;
			
 
				-    use_signing = master_signing_key;
			
 
				-  } else {
			
 
				+  {
			
 
				     char *fname =
			
 
				       options_get_datadir_fname2(options, "keys", "ed25519_signing");
			
 
				     sign = ed_key_init_from_file(
			
@@ -668,6 +667,11 @@ load_ed_keys(const or_options_t *options, time_t now)
 
				     use_signing = sign;
			
 
				   }
			
 
				 
			
 
				+  if (!use_signing && master_signing_key) {
			
 
				+    check_signing_cert = signing_key_cert;
			
 
				+    use_signing = master_signing_key;
			
 
				+  }
			
 
				+
			
 
				   const int need_new_signing_key =
			
 
				     NULL == use_signing ||
			
 
				     EXPIRES_SOON(check_signing_cert, 0) ||