summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGeorge Kadianakis <desnacked@gmail.com>2011-11-24 22:59:01 +0100
committerGeorge Kadianakis <desnacked@gmail.com>2011-11-24 22:59:01 +0100
commit94076d9e3b74ad1f6aee8a96f51eb4af5f5bdb64 (patch)
treec7bfbe7c9cd9fc6de220259ce84b966e712e48a7
parent2ef68980a778666bcc9b3b492c4acbd7af27fc28 (diff)
downloadtor-94076d9e3b74ad1f6aee8a96f51eb4af5f5bdb64.tar.gz
tor-94076d9e3b74ad1f6aee8a96f51eb4af5f5bdb64.zip
Move crypto_get_stored_dynamic_prime() to crypto.c
-rw-r--r--src/common/crypto.c70
-rw-r--r--src/common/crypto.h5
-rw-r--r--src/or/config.c14
-rw-r--r--src/or/router.c58
-rw-r--r--src/or/router.h2
5 files changed, 75 insertions, 74 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index a3c292324b..c6285e5ce9 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1851,7 +1851,7 @@ crypto_generate_dynamic_prime(void)
/** Store our dynamic prime to <b>fname</b> for future use. */
int
-router_store_dynamic_prime(const char *fname)
+crypto_store_dynamic_prime(const char *fname)
{
FILE *fp = NULL;
int retval = -1;
@@ -1889,13 +1889,61 @@ router_store_dynamic_prime(const char *fname)
return retval;
}
+/** Return the dynamic prime stored in <b>fname</b>. If there is no
+ dynamic prime stored in <b>fname</b>, return NULL. */
+static BIGNUM *
+crypto_get_stored_dynamic_prime(const char *fname)
+{
+ int retval;
+ char *contents = NULL;
+ BIGNUM *dynamic_prime = BN_new();
+
+ tor_assert(fname);
+
+ if (!dynamic_prime)
+ goto err;
+
+ contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
+ if (!contents)
+ goto err;
+
+ retval = BN_hex2bn(&dynamic_prime, contents);
+ if (!retval) {
+ log_notice(LD_GENERAL, "Could not understand the dynamic prime "
+ "format in '%s'", fname);
+ goto err;
+ }
+
+ { /* log the dynamic prime: */
+ char *s = BN_bn2hex(dynamic_prime);
+ tor_assert(s);
+ log_info(LD_OR, "Found stored dynamic prime: [%s]", s);
+ OPENSSL_free(s);
+ }
+
+ goto done;
+
+ err:
+ if (dynamic_prime) {
+ BN_free(dynamic_prime);
+ dynamic_prime = NULL;
+ }
+
+ done:
+ tor_free(contents);
+
+ return dynamic_prime;
+}
+
+
/** Set the global TLS Diffie-Hellman modulus.
- * If <b>use_dynamic_primes</b> is <em>not</em> set, use the prime
- * modulus of mod_ssl.
- * If <b>use_dynamic_primes</b> is set, use <b>stored_dynamic_prime</b>
- * if it exists, otherwise generate and use a new prime modulus. */
+ * If <b>dynamic_prime_fname</b> is set, try to read a dynamic prime
+ * off it and use it as the DH modulus. If that's not possible,
+ * generate a new dynamic prime.
+ * If <b>dynamic_prime_fname</b> is NULL, use the Apache mod_ssl DH
+ * modulus. */
void
-crypto_set_tls_dh_prime(int use_dynamic_primes, BIGNUM *stored_dynamic_prime)
+crypto_set_tls_dh_prime(const char *dynamic_prime_fname)
{
BIGNUM *tls_prime = NULL;
int r;
@@ -1906,11 +1954,11 @@ crypto_set_tls_dh_prime(int use_dynamic_primes, BIGNUM *stored_dynamic_prime)
dh_param_p_tls = NULL;
}
- if (use_dynamic_primes) { /* use dynamic primes: */
- if (stored_dynamic_prime) {
- log_info(LD_OR, "Using stored dynamic prime.");
- tls_prime = stored_dynamic_prime;
- } else {
+ if (dynamic_prime_fname) { /* use dynamic primes: */
+ log_info(LD_OR, "Using stored dynamic prime.");
+ tls_prime = crypto_get_stored_dynamic_prime(dynamic_prime_fname);
+
+ if (!tls_prime) {
log_info(LD_OR, "Generating fresh dynamic prime.");
tls_prime = crypto_generate_dynamic_prime();
}
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 8c99dd7a37..20298b3c49 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -95,9 +95,8 @@ int crypto_global_cleanup(void);
crypto_pk_env_t *crypto_new_pk_env(void);
void crypto_free_pk_env(crypto_pk_env_t *env);
-void crypto_set_tls_dh_prime(int use_dynamic_primes,
- BIGNUM *stored_dynamic_prime);
-int router_store_dynamic_prime(const char *fname);
+void crypto_set_tls_dh_prime(const char *dynamic_prime_fname);
+int crypto_store_dynamic_prime(const char *fname);
/* convenience function: wraps crypto_create_crypto_env, set_key, and init. */
crypto_cipher_env_t *crypto_create_init_cipher(const char *key,
diff --git a/src/or/config.c b/src/or/config.c
index 78e91bbe11..e1e71b0593 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1365,17 +1365,19 @@ options_act(const or_options_t *old_options)
/* If needed, generate a new TLS DH prime according to the current torrc. */
if (!old_options) {
if (options->DynamicPrimes) {
- crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime());
+ char *fname = get_datadir_fname2("keys", "dynamic_prime");
+ crypto_set_tls_dh_prime(fname);
+ tor_free(fname);
} else {
- crypto_set_tls_dh_prime(0, NULL);
+ crypto_set_tls_dh_prime(NULL);
}
} else {
if (options->DynamicPrimes && !old_options->DynamicPrimes) {
- crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime());
+ char *fname = get_datadir_fname2("keys", "dynamic_prime");
+ crypto_set_tls_dh_prime(fname);
+ tor_free(fname);
} else if (!options->DynamicPrimes && old_options->DynamicPrimes) {
- crypto_set_tls_dh_prime(0, NULL);
- } else {
- tor_assert(crypto_get_tls_dh_prime());
+ crypto_set_tls_dh_prime(NULL);
}
}
diff --git a/src/or/router.c b/src/or/router.c
index dd5b9fff52..c554d5b961 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -484,52 +484,6 @@ v3_authority_check_key_expiry(void)
last_warned = now;
}
-
-/** Return the dynamic prime stored in the disk. If there is no
- dynamic prime stored in the disk, return NULL. */
-BIGNUM *
-router_get_stored_dynamic_prime(void)
-{
- int retval;
- char *contents = NULL;
- char *fname = get_datadir_fname2("keys", "dynamic_prime");
- BIGNUM *dynamic_prime = BN_new();
- if (!dynamic_prime)
- goto err;
-
- contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
- if (!contents)
- goto err;
-
- retval = BN_hex2bn(&dynamic_prime, contents);
- if (!retval) {
- log_notice(LD_GENERAL, "Could not understand the dynamic prime "
- "format in '%s'", fname);
- goto err;
- }
-
- { /* log the dynamic prime: */
- char *s = BN_bn2hex(dynamic_prime);
- tor_assert(s);
- log_info(LD_OR, "Found stored dynamic prime: [%s]", s);
- OPENSSL_free(s);
- }
-
- goto done;
-
- err:
- if (dynamic_prime) {
- BN_free(dynamic_prime);
- dynamic_prime = NULL;
- }
-
- done:
- tor_free(fname);
- tor_free(contents);
-
- return dynamic_prime;
-}
-
/** Initialize all OR private keys, and the TLS context, as necessary.
* On OPs, this only initializes the tls context. Return 0 on success,
* or -1 if Tor should die.
@@ -682,12 +636,12 @@ init_keys(void)
/** 3b. If we use a dynamic prime, store it to disk. */
if (get_options()->DynamicPrimes) {
- const char *fname = get_datadir_fname2("keys", "dynamic_prime");
- if (crypto_store_dynamic_prime(fname)) {
- log_notice(LD_GENERAL, "Failed while storing dynamic prime. "
- "Make sure your data directory is sane.");
- }
- tor_free(fname);
+ char *fname = get_datadir_fname2("keys", "dynamic_prime");
+ if (crypto_store_dynamic_prime(fname)) {
+ log_notice(LD_GENERAL, "Failed while storing dynamic prime. "
+ "Make sure your data directory is sane.");
+ }
+ tor_free(fname);
}
/* 4. Build our router descriptor. */
diff --git a/src/or/router.h b/src/or/router.h
index a998335aa3..b9e9f2a713 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -29,8 +29,6 @@ void rotate_onion_key(void);
crypto_pk_env_t *init_key_from_file(const char *fname, int generate,
int severity);
-BIGNUM *router_get_stored_dynamic_prime(void);
-
void v3_authority_check_key_expiry(void);
int init_keys(void);