summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/config.c14
-rw-r--r--src/or/router.c58
-rw-r--r--src/or/router.h2
3 files changed, 14 insertions, 60 deletions
diff --git a/src/or/config.c b/src/or/config.c
index 78e91bbe11..e1e71b0593 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1365,17 +1365,19 @@ options_act(const or_options_t *old_options)
/* If needed, generate a new TLS DH prime according to the current torrc. */
if (!old_options) {
if (options->DynamicPrimes) {
- crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime());
+ char *fname = get_datadir_fname2("keys", "dynamic_prime");
+ crypto_set_tls_dh_prime(fname);
+ tor_free(fname);
} else {
- crypto_set_tls_dh_prime(0, NULL);
+ crypto_set_tls_dh_prime(NULL);
}
} else {
if (options->DynamicPrimes && !old_options->DynamicPrimes) {
- crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime());
+ char *fname = get_datadir_fname2("keys", "dynamic_prime");
+ crypto_set_tls_dh_prime(fname);
+ tor_free(fname);
} else if (!options->DynamicPrimes && old_options->DynamicPrimes) {
- crypto_set_tls_dh_prime(0, NULL);
- } else {
- tor_assert(crypto_get_tls_dh_prime());
+ crypto_set_tls_dh_prime(NULL);
}
}
diff --git a/src/or/router.c b/src/or/router.c
index dd5b9fff52..c554d5b961 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -484,52 +484,6 @@ v3_authority_check_key_expiry(void)
last_warned = now;
}
-
-/** Return the dynamic prime stored in the disk. If there is no
- dynamic prime stored in the disk, return NULL. */
-BIGNUM *
-router_get_stored_dynamic_prime(void)
-{
- int retval;
- char *contents = NULL;
- char *fname = get_datadir_fname2("keys", "dynamic_prime");
- BIGNUM *dynamic_prime = BN_new();
- if (!dynamic_prime)
- goto err;
-
- contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
- if (!contents)
- goto err;
-
- retval = BN_hex2bn(&dynamic_prime, contents);
- if (!retval) {
- log_notice(LD_GENERAL, "Could not understand the dynamic prime "
- "format in '%s'", fname);
- goto err;
- }
-
- { /* log the dynamic prime: */
- char *s = BN_bn2hex(dynamic_prime);
- tor_assert(s);
- log_info(LD_OR, "Found stored dynamic prime: [%s]", s);
- OPENSSL_free(s);
- }
-
- goto done;
-
- err:
- if (dynamic_prime) {
- BN_free(dynamic_prime);
- dynamic_prime = NULL;
- }
-
- done:
- tor_free(fname);
- tor_free(contents);
-
- return dynamic_prime;
-}
-
/** Initialize all OR private keys, and the TLS context, as necessary.
* On OPs, this only initializes the tls context. Return 0 on success,
* or -1 if Tor should die.
@@ -682,12 +636,12 @@ init_keys(void)
/** 3b. If we use a dynamic prime, store it to disk. */
if (get_options()->DynamicPrimes) {
- const char *fname = get_datadir_fname2("keys", "dynamic_prime");
- if (crypto_store_dynamic_prime(fname)) {
- log_notice(LD_GENERAL, "Failed while storing dynamic prime. "
- "Make sure your data directory is sane.");
- }
- tor_free(fname);
+ char *fname = get_datadir_fname2("keys", "dynamic_prime");
+ if (crypto_store_dynamic_prime(fname)) {
+ log_notice(LD_GENERAL, "Failed while storing dynamic prime. "
+ "Make sure your data directory is sane.");
+ }
+ tor_free(fname);
}
/* 4. Build our router descriptor. */
diff --git a/src/or/router.h b/src/or/router.h
index a998335aa3..b9e9f2a713 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -29,8 +29,6 @@ void rotate_onion_key(void);
crypto_pk_env_t *init_key_from_file(const char *fname, int generate,
int severity);
-BIGNUM *router_get_stored_dynamic_prime(void);
-
void v3_authority_check_key_expiry(void);
int init_keys(void);