From 1df6b5a734acd381d49a57bb689c7dcd2cd66ad9 Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Fri, 25 Nov 2011 17:39:45 +0100 Subject: Move broken primes to dynamic_dh_modulus.broken. --- src/common/crypto.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'src/common/crypto.c') diff --git a/src/common/crypto.c b/src/common/crypto.c index 1974a3931b..da3b80becb 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1900,6 +1900,7 @@ crypto_get_stored_dynamic_dh_modulus(const char *fname) char *contents = NULL; DH *dh = NULL; int dh_codes; + char *fname_new = NULL; BIGNUM *dynamic_dh_modulus = BN_new(); tor_assert(fname); @@ -1951,6 +1952,24 @@ crypto_get_stored_dynamic_dh_modulus(const char *fname) goto done; err: + + { /* move broken prime to $filename.broken */ + + fname_new = tor_malloc(strlen(fname) + 8); + + /* no can do if these functions return error */ + strlcpy(fname_new, fname, strlen(fname) + 8); + strlcat(fname_new, ".broken", strlen(fname) + 8); + + log_warn(LD_GENERAL, "Moving broken dynamic DH prime to '%s'.", fname_new); + + if (replace_file(fname, fname_new)) + log_warn(LD_GENERAL, "Error while moving '%s' to '%s'.", fname, fname_new); + + tor_free(fname_new); + + } + if (dynamic_dh_modulus) { BN_free(dynamic_dh_modulus); dynamic_dh_modulus = NULL; -- cgit v1.2.3-54-g00ecf