Merge remote-tracking branch 'origin/maint-0.2.2'

Conflicts:
	src/or/config.c

Conflict was in or_options_free, where two newly added fields had free
calls in the same place.

1 files changed, 19 insertions, 0 deletions

diff --git a/src/or/config.c b/src/or/config.c
index 2a8c54096..2ce930bd7 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -813,6 +813,7 @@ or_options_free(or_options_t *options)
                       rs, routerset_free(rs));
     smartlist_free(options->NodeFamilySets);
   }
+  tor_free(options->BridgePassword_AuthDigest);
   config_free(&options_format, options);
 }
 
@@ -1547,6 +1548,24 @@ options_act(const or_options_t *old_options)
   /* Change the cell EWMA settings */
   cell_ewma_set_scale_factor(options, networkstatus_get_latest_consensus());
 
+  /* Update the BridgePassword's hashed version as needed.  We store this as a
+   * digest so that we can do side-channel-proof comparisons on it.
+   */
+  if (options->BridgePassword) {
+    char *http_authenticator;
+    http_authenticator = alloc_http_authenticator(options->BridgePassword);
+    if (!http_authenticator) {
+      log_warn(LD_BUG, "Unable to allocate HTTP authenticator. Not setting "
+               "BridgePassword.");
+      return -1;
+    }
+    options->BridgePassword_AuthDigest = tor_malloc(DIGEST256_LEN);
+    crypto_digest256(options->BridgePassword_AuthDigest,
+                     http_authenticator, strlen(http_authenticator),
+                     DIGEST_SHA256);
+    tor_free(http_authenticator);
+  }
+
   /* Check for transitions that need action. */
   if (old_options) {
     int revise_trackexithosts = 0;