[tor-commits] [tor/master] Simplify DH prime generation logic some.

nickm at torproject.org nickm at torproject.org
Mon Apr 9 14:24:55 UTC 2012 

commit ed8374eb5ac12a58edd8ae3a29813ef1b1abd76e
Author: Sebastian Hahn <sebastian at torproject.org>
Date:   Sun Apr 8 01:07:53 2012 +0200

    Simplify DH prime generation logic some.
    
    This is just refactoring work here. The old logic was kind of
    convoluted, especially after the bug 5572 fix. We don't actually need to
    distinguish so many cases here. Dropping detection of the
    "!old_options || !old_options->DynamicDHGroups" case is fine because
    that's the same that we'd do for clients.
    
    Also add a changes file for bug 5572.
---
 changes/bug5572 |    5 +++++
 src/or/config.c |   42 ++++++++++++------------------------------
 2 files changed, 17 insertions(+), 30 deletions(-)

diff --git a/changes/bug5572 b/changes/bug5572
new file mode 100644
index 0000000..e263088
--- /dev/null
+++ b/changes/bug5572
@@ -0,0 +1,5 @@
+  o Major bugfixes:
+    - Make sure we create the keys directory if it doesn't exist and we're
+      about to store the dynamic diffie hellman parameters. Fixes bug 5572;
+      bugfix on 0.2.3.13-alpha.
+
diff --git a/src/or/config.c b/src/or/config.c
index 75a1bd2..696bbd0 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1332,7 +1332,6 @@ options_act(const or_options_t *old_options)
   or_options_t *options = get_options_mutable();
   int running_tor = options->command == CMD_RUN_TOR;
   char *msg;
-  char *keydir;
   const int transition_affects_workers =
     old_options && options_transition_affects_workers(old_options, options);
 
@@ -1459,35 +1458,18 @@ options_act(const or_options_t *old_options)
   }
 
   /* If needed, generate a new TLS DH prime according to the current torrc. */
-  if (server_mode(options)) {
-    if (!old_options) {
-      if (options->DynamicDHGroups) {
-        char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
-        keydir = get_datadir_fname("keys");
-        if (check_private_dir(keydir, CPD_CREATE, options->User)) {
-          tor_free(keydir);
-          return -1;
-        }
-        tor_free(keydir);
-        crypto_set_tls_dh_prime(fname);
-        tor_free(fname);
-      } else {
-        crypto_set_tls_dh_prime(NULL);
-      }
-    } else {
-      if (options->DynamicDHGroups && !old_options->DynamicDHGroups) {
-        char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
-        keydir = get_datadir_fname("keys");
-        if (check_private_dir(keydir, CPD_CREATE, options->User)) {
-          tor_free(keydir);
-          return -1;
-        }
-        tor_free(keydir);
-        crypto_set_tls_dh_prime(fname);
-        tor_free(fname);
-      } else if (!options->DynamicDHGroups && old_options->DynamicDHGroups) {
-        crypto_set_tls_dh_prime(NULL);
-      }
+  if (server_mode(options) && options->DynamicDHGroups) {
+    char *keydir = get_datadir_fname("keys");
+    if (check_private_dir(keydir, CPD_CREATE, options->User)) {
+      tor_free(keydir);
+      return -1;
+    }
+    tor_free(keydir);
+
+    if (!old_options || !old_options->DynamicDHGroups) {
+      char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
+      crypto_set_tls_dh_prime(fname);
+      tor_free(fname);
     }
   } else { /* clients don't need a dynamic DH prime. */
     crypto_set_tls_dh_prime(NULL);

More information about the tor-commits mailing list