commit e5754c42d124549b3fd8e8d7c11d4dde3b5acec1 Merge: c875265 943369f Author: Nick Mathewson nickm@torproject.org Date: Wed Nov 25 22:33:49 2015 -0500

Merge branch 'bug17686_v2_027'

changes/bug17686 | 4 ++++ src/common/compat.h | 2 ++ src/common/crypto.c | 35 +++++++++++++++++++++-------------- src/common/crypto.h | 11 ++++++----- src/common/crypto_curve25519.c | 3 +-- src/common/tortls.c | 3 +-- src/or/config.c | 3 +-- src/or/connection_or.c | 3 +-- src/or/control.c | 3 +-- src/or/ext_orport.c | 3 +-- src/or/main.c | 6 ++++-- src/or/onion_fast.c | 8 ++------ src/or/rendclient.c | 6 +----- src/or/rendcommon.c | 12 ++---------- src/test/bench.c | 5 ++++- src/test/test_extorport.c | 5 ++--- src/test/test_workqueue.c | 10 ++++++++-- src/test/testing_common.c | 5 ++++- 18 files changed, 66 insertions(+), 61 deletions(-)

diff --cc src/or/main.c index c9007b9,0f8d7ff..1469fd1 --- a/src/or/main.c +++ b/src/or/main.c @@@ -1607,37 -1371,43 +1607,39 @@@ rotate_x509_certificate_callback(time_

/* 1b. Every MAX_SSL_KEY_LIFETIME_INTERNAL seconds, we change our * TLS context. */ - if (!time_to.last_rotated_x509_certificate) - time_to.last_rotated_x509_certificate = now; - if (time_to.last_rotated_x509_certificate + - MAX_SSL_KEY_LIFETIME_INTERNAL < now) { - log_info(LD_GENERAL,"Rotating tls context."); - if (router_initialize_tls_context() < 0) { - log_warn(LD_BUG, "Error reinitializing TLS context"); - /* XXX is it a bug here, that we just keep going? -RD */ - } - time_to.last_rotated_x509_certificate = now; - /* We also make sure to rotate the TLS connections themselves if they've - * been up for too long -- but that's done via is_bad_for_new_circs in - * connection_run_housekeeping() above. */ - } - - if (time_to.add_entropy < now) { - if (time_to.add_entropy) { - /* We already seeded once, so don't die on failure. */ - if (crypto_seed_rng() < 0) { - log_warn(LD_GENERAL, "Tried to re-seed RNG, but failed. We already " - "seeded once, though, so we won't exit here."); - } - } -/** How often do we add more entropy to OpenSSL's RNG pool? */ -#define ENTROPY_INTERVAL (60*60) - time_to.add_entropy = now + ENTROPY_INTERVAL; + log_info(LD_GENERAL,"Rotating tls context."); + if (router_initialize_tls_context() < 0) { + log_warn(LD_BUG, "Error reinitializing TLS context"); + /* XXX is it a bug here, that we just keep going? -RD */ }

- /* 1c. If we have to change the accounting interval or record - * bandwidth used in this accounting interval, do so. */ - if (accounting_is_enabled(options)) - accounting_run_housekeeping(now); + /* We also make sure to rotate the TLS connections themselves if they've + * been up for too long -- but that's done via is_bad_for_new_circs in + * run_connection_housekeeping() above. */ - + return MAX_SSL_KEY_LIFETIME_INTERNAL; +} + +static int +add_entropy_callback(time_t now, const or_options_t *options) +{ + (void)now; + (void)options; + /* We already seeded once, so don't die on failure. */ - crypto_seed_rng(); ++ if (crypto_seed_rng() < 0) { ++ log_warn(LD_GENERAL, "Tried to re-seed RNG, but failed. We already " ++ "seeded once, though, so we won't exit here."); ++ } + + /** How often do we add more entropy to OpenSSL's RNG pool? */ +#define ENTROPY_INTERVAL (60*60) + return ENTROPY_INTERVAL; +}

- if (time_to.launch_reachability_tests < now && - (authdir_mode_tests_reachability(options)) && - !net_is_disabled()) { - time_to.launch_reachability_tests = now + REACHABILITY_TEST_INTERVAL; +static int +launch_reachability_tests_callback(time_t now, const or_options_t *options) +{ + if (authdir_mode_tests_reachability(options) && + !net_is_disabled()) { /* try to determine reachability of the other Tor relays */ dirserv_test_reachability(now); }