summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/common/crypto.c6
-rw-r--r--src/or/router.c28
2 files changed, 20 insertions, 14 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 484366297d..72c3dd7c12 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1842,7 +1842,7 @@ crypto_generate_dynamic_prime(void)
{ /* log the dynamic prime: */
s = BN_bn2hex(dynamic_prime);
tor_assert(s);
- log_notice(LD_OR, "Dynamic prime generated: [%s]", s);
+ log_info(LD_OR, "Dynamic prime generated: [%s]", s);
OPENSSL_free(s);
}
@@ -1874,10 +1874,10 @@ crypto_set_tls_dh_prime(int use_dynamic_primes, BIGNUM *stored_dynamic_prime)
if (use_dynamic_primes) { /* use dynamic primes: */
if (stored_dynamic_prime) {
- log_warn(LD_OR, "Using stored dynamic prime.");
+ log_info(LD_OR, "Using stored dynamic prime.");
tls_prime = stored_dynamic_prime;
} else {
- log_notice(LD_OR, "Generating fresh dynamic prime.");
+ log_info(LD_OR, "Generating fresh dynamic prime.");
tls_prime = crypto_generate_dynamic_prime();
}
} else { /* use the static DH prime modulus used by Apache in mod_ssl: */
diff --git a/src/or/router.c b/src/or/router.c
index 368ea1b741..6b38c793ce 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -492,19 +492,26 @@ router_store_dynamic_prime(const BIGNUM *dynamic_prime)
FILE *fp = NULL;
char *fname = get_datadir_fname2("keys", "dynamic_prime");
int retval = -1;
+ file_status_t fname_status = file_status(fname);
- if (file_status(fname) != FN_NOENT) {
- log_warn(LD_GENERAL, "Dynamic prime already occupied.");
+ if (fname_status == FN_FILE) {
+ /* If the fname is a file, then the dynamic prime is already stored. */
+ retval = 0;
+ goto done;
+ } else if (fname_status != FN_NOENT) {
+ log_info(LD_GENERAL, "Dynamic prime filename is occupied.");
goto done;
}
+ tor_assert(fname_status == FN_NOENT);
+
if (!(fp = fopen(fname, "w"))) {
- log_warn(LD_GENERAL, "Error writing to certificate file");
+ log_notice(LD_GENERAL, "Error while creating dynamic prime file.");
goto done;
}
if (BN_print_fp(fp, dynamic_prime) == 0) {
- log_warn(LD_GENERAL, "Error on bn_print_fp()");
+ log_warn(LD_GENERAL, "Error while printing dynamic prime to file.");
goto done;
}
@@ -531,21 +538,20 @@ router_get_stored_dynamic_prime(void)
goto err;
contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
- if (!contents) {
- log_warn(LD_GENERAL, "Error reading dynamic prime from \"%s\"", fname);
+ if (!contents)
goto err;
- }
retval = BN_hex2bn(&dynamic_prime, contents);
if (!retval) {
- log_warn(LD_GENERAL, "C0rrupted dynamic prime?!?!");
+ log_notice(LD_GENERAL, "Could not understand the dynamic prime "
+ "format in '%s'", fname);
goto err;
}
{ /* log the dynamic prime: */
char *s = BN_bn2hex(dynamic_prime);
tor_assert(s);
- log_notice(LD_OR, "Found stored dynamic prime: [%s]", s);
+ log_info(LD_OR, "Found stored dynamic prime: [%s]", s);
OPENSSL_free(s);
}
@@ -719,8 +725,8 @@ init_keys(void)
BIGNUM *dynamic_prime = crypto_get_tls_dh_prime();
if (dynamic_prime) {
if (router_store_dynamic_prime(dynamic_prime) < 0)
- log_warn(LD_GENERAL, "Failed while storing dynamic prime. "
- "Make sure your data directory is sane.");
+ log_notice(LD_GENERAL, "Failed while storing dynamic prime. "
+ "Make sure your data directory is sane.");
}
}