summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/common/crypto.c80
-rw-r--r--src/common/crypto.h4
-rw-r--r--src/or/config.c4
-rw-r--r--src/or/router.c4
4 files changed, 46 insertions, 46 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 4e96fed90a..0f828db81f 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1818,15 +1818,15 @@ static BIGNUM *dh_param_g = NULL;
/** Generate and return a reasonable and safe DH parameter p. */
static BIGNUM *
-crypto_generate_dynamic_prime(void)
+crypto_generate_dynamic_dh_modulus(void)
{
- BIGNUM *dynamic_prime;
+ BIGNUM *dynamic_dh_modulus;
DH *dh_parameters;
int r, dh_codes;
char *s;
- dynamic_prime = BN_new();
- tor_assert(dynamic_prime);
+ dynamic_dh_modulus = BN_new();
+ tor_assert(dynamic_dh_modulus);
dh_parameters = DH_generate_parameters(DH_BYTES*8, DH_GENERATOR, NULL, NULL);
tor_assert(dh_parameters);
@@ -1834,24 +1834,24 @@ crypto_generate_dynamic_prime(void)
r = DH_check(dh_parameters, &dh_codes);
tor_assert(r && !dh_codes);
- BN_copy(dynamic_prime, dh_parameters->p);
- tor_assert(dynamic_prime);
+ BN_copy(dynamic_dh_modulus, dh_parameters->p);
+ tor_assert(dynamic_dh_modulus);
DH_free(dh_parameters);
- { /* log the dynamic prime: */
- s = BN_bn2hex(dynamic_prime);
+ { /* log the dynamic DH modulus: */
+ s = BN_bn2hex(dynamic_dh_modulus);
tor_assert(s);
- log_info(LD_OR, "Dynamic prime generated: [%s]", s);
+ log_info(LD_OR, "Dynamic DH modulus generated: [%s]", s);
OPENSSL_free(s);
}
- return dynamic_prime;
+ return dynamic_dh_modulus;
}
-/** Store our dynamic prime to <b>fname</b> for future use. */
+/** Store our dynamic DH modulus to <b>fname</b> for future use. */
int
-crypto_store_dynamic_prime(const char *fname)
+crypto_store_dynamic_dh_modulus(const char *fname)
{
FILE *fp = NULL;
int retval = -1;
@@ -1862,23 +1862,23 @@ crypto_store_dynamic_prime(const char *fname)
fname_status = file_status(fname);
if (fname_status == FN_FILE) {
- /* If the fname is a file, then the dynamic prime is already stored. */
+ /* If the fname is a file, then the dynamic DH modulus is already stored. */
retval = 0;
goto done;
} else if (fname_status != FN_NOENT) {
- log_info(LD_GENERAL, "Dynamic prime filename is occupied.");
+ log_info(LD_GENERAL, "Dynamic DH modulus filename is occupied.");
goto done;
}
tor_assert(fname_status == FN_NOENT);
if (!(fp = fopen(fname, "w"))) {
- log_notice(LD_GENERAL, "Error while creating dynamic prime file.");
+ log_notice(LD_GENERAL, "Error while creating dynamic DH modulus file.");
goto done;
}
if (BN_print_fp(fp, dh_param_p_tls) == 0) {
- log_warn(LD_GENERAL, "Error while printing dynamic prime to file.");
+ log_warn(LD_GENERAL, "Error while printing dynamic DH modulus to file.");
goto done;
}
@@ -1891,29 +1891,29 @@ crypto_store_dynamic_prime(const char *fname)
return retval;
}
-/** Return the dynamic prime stored in <b>fname</b>. If there is no
- dynamic prime stored in <b>fname</b>, return NULL. */
+/** Return the dynamic DH modulus stored in <b>fname</b>. If there is no
+ dynamic DH modulus stored in <b>fname</b>, return NULL. */
static BIGNUM *
-crypto_get_stored_dynamic_prime(const char *fname)
+crypto_get_stored_dynamic_dh_modulus(const char *fname)
{
int retval;
char *contents = NULL;
DH *dh = NULL;
int dh_codes;
- BIGNUM *dynamic_prime = BN_new();
+ BIGNUM *dynamic_dh_modulus = BN_new();
tor_assert(fname);
- if (!dynamic_prime)
+ if (!dynamic_dh_modulus)
goto err;
contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
if (!contents)
goto err;
- retval = BN_hex2bn(&dynamic_prime, contents);
+ retval = BN_hex2bn(&dynamic_dh_modulus, contents);
if (!retval) {
- log_warn(LD_GENERAL, "Could not understand the dynamic prime "
+ log_warn(LD_GENERAL, "Could not understand the dynamic DH modulus "
"format in '%s'", fname);
goto err;
}
@@ -1923,7 +1923,7 @@ crypto_get_stored_dynamic_prime(const char *fname)
if (!dh)
goto err;
- dh->p = BN_dup(dynamic_prime);
+ dh->p = BN_dup(dynamic_dh_modulus);
dh->g = BN_new();
BN_set_word(dh->g, DH_GENERATOR);
@@ -1942,19 +1942,19 @@ crypto_get_stored_dynamic_prime(const char *fname)
}
- { /* log the dynamic prime: */
- char *s = BN_bn2hex(dynamic_prime);
+ { /* log the dynamic DH modulus: */
+ char *s = BN_bn2hex(dynamic_dh_modulus);
tor_assert(s);
- log_info(LD_OR, "Found stored dynamic prime: [%s]", s);
+ log_info(LD_OR, "Found stored dynamic DH modulus: [%s]", s);
OPENSSL_free(s);
}
goto done;
err:
- if (dynamic_prime) {
- BN_free(dynamic_prime);
- dynamic_prime = NULL;
+ if (dynamic_dh_modulus) {
+ BN_free(dynamic_dh_modulus);
+ dynamic_dh_modulus = NULL;
}
done:
@@ -1962,18 +1962,18 @@ crypto_get_stored_dynamic_prime(const char *fname)
if (dh)
DH_free(dh);
- return dynamic_prime;
+ return dynamic_dh_modulus;
}
/** Set the global TLS Diffie-Hellman modulus.
- * If <b>dynamic_prime_fname</b> is set, try to read a dynamic prime
+ * If <b>dynamic_dh_modulus_fname</b> is set, try to read a dynamic DH modulus
* off it and use it as the DH modulus. If that's not possible,
- * generate a new dynamic prime.
- * If <b>dynamic_prime_fname</b> is NULL, use the Apache mod_ssl DH
+ * generate a new dynamic DH modulus.
+ * If <b>dynamic_dh_modulus_fname</b> is NULL, use the Apache mod_ssl DH
* modulus. */
void
-crypto_set_tls_dh_prime(const char *dynamic_prime_fname)
+crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname)
{
BIGNUM *tls_prime = NULL;
int r;
@@ -1984,14 +1984,14 @@ crypto_set_tls_dh_prime(const char *dynamic_prime_fname)
dh_param_p_tls = NULL;
}
- if (dynamic_prime_fname) { /* use dynamic primes: */
- log_info(LD_OR, "Using stored dynamic prime.");
- tls_prime = crypto_get_stored_dynamic_prime(dynamic_prime_fname);
+ if (dynamic_dh_modulus_fname) { /* use dynamic DH moduluss: */
+ log_info(LD_OR, "Using stored dynamic DH modulus.");
+ tls_prime = crypto_get_stored_dynamic_dh_modulus(dynamic_dh_modulus_fname);
if (!tls_prime) {
- log_notice(LD_OR, "Generating fresh dynamic prime. "
+ log_notice(LD_OR, "Generating fresh dynamic DH modulus. "
"This might take a while...");
- tls_prime = crypto_generate_dynamic_prime();
+ tls_prime = crypto_generate_dynamic_dh_modulus();
}
} else { /* use the static DH prime modulus used by Apache in mod_ssl: */
tls_prime = BN_new();
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 20298b3c49..504c59b1a7 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -95,8 +95,8 @@ int crypto_global_cleanup(void);
crypto_pk_env_t *crypto_new_pk_env(void);
void crypto_free_pk_env(crypto_pk_env_t *env);
-void crypto_set_tls_dh_prime(const char *dynamic_prime_fname);
-int crypto_store_dynamic_prime(const char *fname);
+void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname);
+int crypto_store_dynamic_dh_modulus(const char *fname);
/* convenience function: wraps crypto_create_crypto_env, set_key, and init. */
crypto_cipher_env_t *crypto_create_init_cipher(const char *key,
diff --git a/src/or/config.c b/src/or/config.c
index fc3cc745f9..d403decb18 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1365,7 +1365,7 @@ options_act(const or_options_t *old_options)
/* If needed, generate a new TLS DH prime according to the current torrc. */
if (!old_options) {
if (options->DynamicDHGroups) {
- char *fname = get_datadir_fname2("keys", "dynamic_prime");
+ char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus");
crypto_set_tls_dh_prime(fname);
tor_free(fname);
} else {
@@ -1373,7 +1373,7 @@ options_act(const or_options_t *old_options)
}
} else {
if (options->DynamicDHGroups && !old_options->DynamicDHGroups) {
- char *fname = get_datadir_fname2("keys", "dynamic_prime");
+ char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus");
crypto_set_tls_dh_prime(fname);
tor_free(fname);
} else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) {
diff --git a/src/or/router.c b/src/or/router.c
index fa791fc85e..963c781733 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -636,8 +636,8 @@ init_keys(void)
/** 3b. If we use a dynamic prime, store it to disk. */
if (get_options()->DynamicDHGroups) {
- char *fname = get_datadir_fname2("keys", "dynamic_prime");
- if (crypto_store_dynamic_prime(fname)) {
+ char *fname = get_datadir_fname2("keys", "dynamic_dh_modulus");
+ if (crypto_store_dynamic_dh_modulus(fname)) {
log_notice(LD_GENERAL, "Failed while storing dynamic prime. "
"Make sure your data directory is sane.");
}