[tor-commits] [tor/master] Move crypto_get_stored_dynamic_prime() to crypto.c

29 Nov 2011

commit 94076d9e3b74ad1f6aee8a96f51eb4af5f5bdb64
Author: George Kadianakis desnacked@gmail.com
Date:   Thu Nov 24 22:59:01 2011 +0100
Move crypto_get_stored_dynamic_prime() to crypto.c
---
 src/common/crypto.c |   70 +++++++++++++++++++++++++++++++++++++++++++--------
 src/common/crypto.h |    5 +--
 src/or/config.c     |   14 ++++++----
 src/or/router.c     |   58 ++++-------------------------------------
 src/or/router.h     |    2 -
 5 files changed, 75 insertions(+), 74 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index a3c2923..c6285e5 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1851,7 +1851,7 @@ crypto_generate_dynamic_prime(void)
/** Store our dynamic prime to <b>fname</b> for future use. */
 int
-router_store_dynamic_prime(const char *fname)
+crypto_store_dynamic_prime(const char *fname)
 {
   FILE *fp = NULL;
   int retval = -1;
@@ -1889,13 +1889,61 @@ router_store_dynamic_prime(const char *fname)
   return retval;
 }
+/** Return the dynamic prime stored in <b>fname</b>. If there is no
+    dynamic prime stored in <b>fname</b>, return NULL. */
+static BIGNUM *
+crypto_get_stored_dynamic_prime(const char *fname)
+{
+  int retval;
+  char *contents = NULL;
+  BIGNUM *dynamic_prime = BN_new();
+
+  tor_assert(fname);
+
+  if (!dynamic_prime)
+    goto err;
+
+  contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
+  if (!contents)
+    goto err;
+
+  retval = BN_hex2bn(&dynamic_prime, contents);
+  if (!retval) {
+    log_notice(LD_GENERAL, "Could not understand the dynamic prime "
+               "format in '%s'", fname);
+    goto err;
+  }
+
+  { /* log the dynamic prime: */
+    char *s = BN_bn2hex(dynamic_prime);
+    tor_assert(s);
+    log_info(LD_OR, "Found stored dynamic prime: [%s]", s);
+    OPENSSL_free(s);
+  }
+
+  goto done;
+
+ err:
+  if (dynamic_prime) {
+    BN_free(dynamic_prime);
+    dynamic_prime = NULL;
+  }
+
+ done:
+  tor_free(contents);
+
+  return dynamic_prime;
+}
+
+
 /** Set the global TLS Diffie-Hellman modulus.
- * If <b>use_dynamic_primes</b> is <em>not</em> set, use the prime
- * modulus of mod_ssl.
- * If <b>use_dynamic_primes</b> is set, use <b>stored_dynamic_prime</b>
- * if it exists, otherwise generate and use a new prime modulus. */
+ * If <b>dynamic_prime_fname</b> is set, try to read a dynamic prime
+ * off it and use it as the DH modulus. If that's not possible,
+ * generate a new dynamic prime.
+ * If <b>dynamic_prime_fname</b> is NULL, use the Apache mod_ssl DH
+ * modulus. */
 void
-crypto_set_tls_dh_prime(int use_dynamic_primes, BIGNUM *stored_dynamic_prime)
+crypto_set_tls_dh_prime(const char *dynamic_prime_fname)
 {
   BIGNUM *tls_prime = NULL;
   int r;
@@ -1906,11 +1954,11 @@ crypto_set_tls_dh_prime(int use_dynamic_primes, BIGNUM *stored_dynamic_prime)
     dh_param_p_tls = NULL;
   }
-  if (use_dynamic_primes) { /* use dynamic primes: */
-    if (stored_dynamic_prime) {
-      log_info(LD_OR, "Using stored dynamic prime.");
-      tls_prime = stored_dynamic_prime;
-    } else {
+  if (dynamic_prime_fname) { /* use dynamic primes: */
+    log_info(LD_OR, "Using stored dynamic prime.");
+    tls_prime = crypto_get_stored_dynamic_prime(dynamic_prime_fname);
+
+    if (!tls_prime) {
       log_info(LD_OR, "Generating fresh dynamic prime.");
       tls_prime = crypto_generate_dynamic_prime();
     }
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 8c99dd7..20298b3 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -95,9 +95,8 @@ int crypto_global_cleanup(void);
 crypto_pk_env_t *crypto_new_pk_env(void);
 void crypto_free_pk_env(crypto_pk_env_t *env);
-void crypto_set_tls_dh_prime(int use_dynamic_primes,
-                             BIGNUM *stored_dynamic_prime);
-int router_store_dynamic_prime(const char *fname);
+void crypto_set_tls_dh_prime(const char *dynamic_prime_fname);
+int crypto_store_dynamic_prime(const char *fname);
/* convenience function: wraps crypto_create_crypto_env, set_key, and init. */
 crypto_cipher_env_t *crypto_create_init_cipher(const char *key,
diff --git a/src/or/config.c b/src/or/config.c
index 78e91bb..e1e71b0 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1365,17 +1365,19 @@ options_act(const or_options_t *old_options)
   /* If needed, generate a new TLS DH prime according to the current torrc. */
   if (!old_options) {
     if (options->DynamicPrimes) {
-      crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime());
+      char *fname = get_datadir_fname2("keys", "dynamic_prime");
+      crypto_set_tls_dh_prime(fname);
+      tor_free(fname);
     } else {
-      crypto_set_tls_dh_prime(0, NULL);
+      crypto_set_tls_dh_prime(NULL);
     }
   } else {
     if (options->DynamicPrimes && !old_options->DynamicPrimes) {
-      crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime());
+      char *fname = get_datadir_fname2("keys", "dynamic_prime");
+      crypto_set_tls_dh_prime(fname);
+      tor_free(fname);
     } else if (!options->DynamicPrimes && old_options->DynamicPrimes) {
-      crypto_set_tls_dh_prime(0, NULL);
-    } else {
-      tor_assert(crypto_get_tls_dh_prime());
+      crypto_set_tls_dh_prime(NULL);
     }
   }
diff --git a/src/or/router.c b/src/or/router.c
index dd5b9ff..c554d5b 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -484,52 +484,6 @@ v3_authority_check_key_expiry(void)
   last_warned = now;
 }
-
-/** Return the dynamic prime stored in the disk. If there is no
-    dynamic prime stored in the disk, return NULL. */
-BIGNUM *
-router_get_stored_dynamic_prime(void)
-{
-  int retval;
-  char *contents = NULL;
-  char *fname = get_datadir_fname2("keys", "dynamic_prime");
-  BIGNUM *dynamic_prime = BN_new();
-  if (!dynamic_prime)
-    goto err;
-
-  contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
-  if (!contents)
-    goto err;
-
-  retval = BN_hex2bn(&dynamic_prime, contents);
-  if (!retval) {
-    log_notice(LD_GENERAL, "Could not understand the dynamic prime "
-               "format in '%s'", fname);
-    goto err;
-  }
-
-  { /* log the dynamic prime: */
-    char *s = BN_bn2hex(dynamic_prime);
-    tor_assert(s);
-    log_info(LD_OR, "Found stored dynamic prime: [%s]", s);
-    OPENSSL_free(s);
-  }
-
-  goto done;
-
- err:
-  if (dynamic_prime) {
-    BN_free(dynamic_prime);
-    dynamic_prime = NULL;
-  }
-
- done:
-  tor_free(fname);
-  tor_free(contents);
-
-  return dynamic_prime;
-}
-
 /** Initialize all OR private keys, and the TLS context, as necessary.
  * On OPs, this only initializes the tls context. Return 0 on success,
  * or -1 if Tor should die.
@@ -682,12 +636,12 @@ init_keys(void)
/** 3b. If we use a dynamic prime, store it to disk. */
   if (get_options()->DynamicPrimes) {
-      const char *fname = get_datadir_fname2("keys", "dynamic_prime");
-      if (crypto_store_dynamic_prime(fname)) {
-          log_notice(LD_GENERAL, "Failed while storing dynamic prime. "
-                     "Make sure your data directory is sane.");
-      }
-      tor_free(fname);
+    char *fname = get_datadir_fname2("keys", "dynamic_prime");
+    if (crypto_store_dynamic_prime(fname)) {
+      log_notice(LD_GENERAL, "Failed while storing dynamic prime. "
+                 "Make sure your data directory is sane.");
+    }
+    tor_free(fname);
   }
/* 4. Build our router descriptor. */
diff --git a/src/or/router.h b/src/or/router.h
index a998335..b9e9f2a 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -29,8 +29,6 @@ void rotate_onion_key(void);
 crypto_pk_env_t *init_key_from_file(const char *fname, int generate,
                                     int severity);
-BIGNUM *router_get_stored_dynamic_prime(void);
-
 void v3_authority_check_key_expiry(void);
int init_keys(void);

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[tor-commits] [tor/master] Move crypto_get_stored_dynamic_prime() to crypto.c