diff options
| author | George Kadianakis <desnacked@gmail.com> | 2011-11-25 17:39:28 +0100 |
|---|---|---|
| committer | George Kadianakis <desnacked@gmail.com> | 2011-11-25 17:39:28 +0100 |
| commit | 4938bcc06a41b95f47def181ce03a7ade805595b (patch) | |
| tree | 7362b50384714408a457bc31163f82c322eac015 /src | |
| parent | 1d1d5ae7f8f91b62f0e86081ff1f7255c545383b (diff) | |
| download | tor-4938bcc06a41b95f47def181ce03a7ade805595b.tar.gz tor-4938bcc06a41b95f47def181ce03a7ade805595b.zip | |
Do dynamic DH modulus storing in crypto.c.
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/crypto.c | 15 | ||||
| -rw-r--r-- | src/common/crypto.h | 1 | ||||
| -rw-r--r-- | src/or/router.c | 10 |
3 files changed, 13 insertions, 13 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 8b0f0ef9da..1974a3931b 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1850,7 +1850,7 @@ crypto_generate_dynamic_dh_modulus(void) } /** Store our dynamic DH modulus to <b>fname</b> for future use. */ -int +static int crypto_store_dynamic_dh_modulus(const char *fname) { FILE *fp = NULL; @@ -1974,6 +1974,7 @@ void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname) { BIGNUM *tls_prime = NULL; + int store_dh_prime_afterwards = 0; int r; /* If the space is occupied, free the previous TLS DH prime */ @@ -1982,7 +1983,7 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname) dh_param_p_tls = NULL; } - if (dynamic_dh_modulus_fname) { /* use dynamic DH moduluss: */ + if (dynamic_dh_modulus_fname) { /* use dynamic DH modulus: */ log_info(LD_OR, "Using stored dynamic DH modulus."); tls_prime = crypto_get_stored_dynamic_dh_modulus(dynamic_dh_modulus_fname); @@ -1990,6 +1991,8 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname) log_notice(LD_OR, "Generating fresh dynamic DH modulus. " "This might take a while..."); tls_prime = crypto_generate_dynamic_dh_modulus(); + + store_dh_prime_afterwards++; } } else { /* use the static DH prime modulus used by Apache in mod_ssl: */ tls_prime = BN_new(); @@ -2011,6 +2014,14 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname) tor_assert(tls_prime); dh_param_p_tls = tls_prime; + + if (store_dh_prime_afterwards) + /* save the new dynamic DH modulus to disk. */ + if (crypto_store_dynamic_dh_modulus(dynamic_dh_modulus_fname)) { + log_notice(LD_GENERAL, "Failed while storing dynamic DH modulus. " + "Make sure your data directory is sane."); + } + } /** Initialize dh_param_p and dh_param_g if they are not already diff --git a/src/common/crypto.h b/src/common/crypto.h index 683c8ea38f..bac6db920a 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -94,7 +94,6 @@ crypto_pk_env_t *crypto_new_pk_env(void); void crypto_free_pk_env(crypto_pk_env_t *env); void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname); -int crypto_store_dynamic_dh_modulus(const char *fname); /* convenience function: wraps crypto_create_crypto_env, set_key, and init. */ crypto_cipher_env_t *crypto_create_init_cipher(const char *key, diff --git a/src/or/router.c b/src/or/router.c index 963c781733..fdc83f5087 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -634,16 +634,6 @@ init_keys(void) return -1; } - /** 3b. If we use a dynamic prime, store it to disk. */ - if (get_options()->DynamicDHGroups) { - char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus"); - if (crypto_store_dynamic_dh_modulus(fname)) { - log_notice(LD_GENERAL, "Failed while storing dynamic prime. " - "Make sure your data directory is sane."); - } - tor_free(fname); - } - /* 4. Build our router descriptor. */ /* Must be called after keys are initialized. */ mydesc = router_get_my_descriptor(); |