diff options
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/config.c | 14 | ||||
-rw-r--r-- | src/or/router.c | 58 | ||||
-rw-r--r-- | src/or/router.h | 2 |
3 files changed, 14 insertions, 60 deletions
diff --git a/src/or/config.c b/src/or/config.c index 78e91bbe11..e1e71b0593 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1365,17 +1365,19 @@ options_act(const or_options_t *old_options) /* If needed, generate a new TLS DH prime according to the current torrc. */ if (!old_options) { if (options->DynamicPrimes) { - crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime()); + char *fname = get_datadir_fname2("keys", "dynamic_prime"); + crypto_set_tls_dh_prime(fname); + tor_free(fname); } else { - crypto_set_tls_dh_prime(0, NULL); + crypto_set_tls_dh_prime(NULL); } } else { if (options->DynamicPrimes && !old_options->DynamicPrimes) { - crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime()); + char *fname = get_datadir_fname2("keys", "dynamic_prime"); + crypto_set_tls_dh_prime(fname); + tor_free(fname); } else if (!options->DynamicPrimes && old_options->DynamicPrimes) { - crypto_set_tls_dh_prime(0, NULL); - } else { - tor_assert(crypto_get_tls_dh_prime()); + crypto_set_tls_dh_prime(NULL); } } diff --git a/src/or/router.c b/src/or/router.c index dd5b9fff52..c554d5b961 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -484,52 +484,6 @@ v3_authority_check_key_expiry(void) last_warned = now; } - -/** Return the dynamic prime stored in the disk. If there is no - dynamic prime stored in the disk, return NULL. */ -BIGNUM * -router_get_stored_dynamic_prime(void) -{ - int retval; - char *contents = NULL; - char *fname = get_datadir_fname2("keys", "dynamic_prime"); - BIGNUM *dynamic_prime = BN_new(); - if (!dynamic_prime) - goto err; - - contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL); - if (!contents) - goto err; - - retval = BN_hex2bn(&dynamic_prime, contents); - if (!retval) { - log_notice(LD_GENERAL, "Could not understand the dynamic prime " - "format in '%s'", fname); - goto err; - } - - { /* log the dynamic prime: */ - char *s = BN_bn2hex(dynamic_prime); - tor_assert(s); - log_info(LD_OR, "Found stored dynamic prime: [%s]", s); - OPENSSL_free(s); - } - - goto done; - - err: - if (dynamic_prime) { - BN_free(dynamic_prime); - dynamic_prime = NULL; - } - - done: - tor_free(fname); - tor_free(contents); - - return dynamic_prime; -} - /** Initialize all OR private keys, and the TLS context, as necessary. * On OPs, this only initializes the tls context. Return 0 on success, * or -1 if Tor should die. @@ -682,12 +636,12 @@ init_keys(void) /** 3b. If we use a dynamic prime, store it to disk. */ if (get_options()->DynamicPrimes) { - const char *fname = get_datadir_fname2("keys", "dynamic_prime"); - if (crypto_store_dynamic_prime(fname)) { - log_notice(LD_GENERAL, "Failed while storing dynamic prime. " - "Make sure your data directory is sane."); - } - tor_free(fname); + char *fname = get_datadir_fname2("keys", "dynamic_prime"); + if (crypto_store_dynamic_prime(fname)) { + log_notice(LD_GENERAL, "Failed while storing dynamic prime. " + "Make sure your data directory is sane."); + } + tor_free(fname); } /* 4. Build our router descriptor. */ diff --git a/src/or/router.h b/src/or/router.h index a998335aa3..b9e9f2a713 100644 --- a/src/or/router.h +++ b/src/or/router.h @@ -29,8 +29,6 @@ void rotate_onion_key(void); crypto_pk_env_t *init_key_from_file(const char *fname, int generate, int severity); -BIGNUM *router_get_stored_dynamic_prime(void); - void v3_authority_check_key_expiry(void); int init_keys(void); |