nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move crypto_get_stored_dynamic_prime() to crypto.c

Browse Source
This commit is contained in:
George Kadianakis 2011-11-24 22:59:01 +01:00
parent 2ef68980a7
commit 94076d9e3b
5 changed files with 75 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
src/common/crypto.c
View File

@ -1851,7 +1851,7 @@ crypto_generate_dynamic_prime(void)
/** Store our dynamic prime to <b>fname</b> for future use. */ /** Store our dynamic prime to <b>fname</b> for future use. */
int int
router_store_dynamic_prime(const char *fname) crypto_store_dynamic_prime(const char *fname)
{ {
FILE *fp = NULL; FILE *fp = NULL;
int retval = -1; int retval = -1;
@ -1889,13 +1889,61 @@ router_store_dynamic_prime(const char *fname)
return retval; return retval;
} }
/** Return the dynamic prime stored in <b>fname</b>. If there is no
dynamic prime stored in <b>fname</b>, return NULL. */
static BIGNUM *
crypto_get_stored_dynamic_prime(const char *fname)
{
int retval;
char *contents = NULL;
BIGNUM *dynamic_prime = BN_new();
tor_assert(fname);
if (!dynamic_prime)
goto err;
contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
if (!contents)
goto err;
retval = BN_hex2bn(&dynamic_prime, contents);
if (!retval) {
log_notice(LD_GENERAL, "Could not understand the dynamic prime "
"format in '%s'", fname);
goto err;
}
{ /* log the dynamic prime: */
char *s = BN_bn2hex(dynamic_prime);
tor_assert(s);
log_info(LD_OR, "Found stored dynamic prime: [%s]", s);
OPENSSL_free(s);
}
goto done;
err:
if (dynamic_prime) {
BN_free(dynamic_prime);
dynamic_prime = NULL;
}
done:
tor_free(contents);
return dynamic_prime;
}
/** Set the global TLS Diffie-Hellman modulus. /** Set the global TLS Diffie-Hellman modulus.
* If <b>use_dynamic_primes</b> is <em>not</em> set, use the prime * If <b>dynamic_prime_fname</b> is set, try to read a dynamic prime
* modulus of mod_ssl. * off it and use it as the DH modulus. If that's not possible,
* If <b>use_dynamic_primes</b> is set, use <b>stored_dynamic_prime</b> * generate a new dynamic prime.
* if it exists, otherwise generate and use a new prime modulus. */ * If <b>dynamic_prime_fname</b> is NULL, use the Apache mod_ssl DH
* modulus. */
void void
crypto_set_tls_dh_prime(int use_dynamic_primes, BIGNUM *stored_dynamic_prime) crypto_set_tls_dh_prime(const char *dynamic_prime_fname)
{ {
BIGNUM *tls_prime = NULL; BIGNUM *tls_prime = NULL;
int r; int r;
@ -1906,11 +1954,11 @@ crypto_set_tls_dh_prime(int use_dynamic_primes, BIGNUM *stored_dynamic_prime)
dh_param_p_tls = NULL; dh_param_p_tls = NULL;
} }
if (use_dynamic_primes) { /* use dynamic primes: */ if (dynamic_prime_fname) { /* use dynamic primes: */
if (stored_dynamic_prime) { log_info(LD_OR, "Using stored dynamic prime.");
log_info(LD_OR, "Using stored dynamic prime."); tls_prime = crypto_get_stored_dynamic_prime(dynamic_prime_fname);
tls_prime = stored_dynamic_prime;
} else { if (!tls_prime) {
log_info(LD_OR, "Generating fresh dynamic prime."); log_info(LD_OR, "Generating fresh dynamic prime.");
tls_prime = crypto_generate_dynamic_prime(); tls_prime = crypto_generate_dynamic_prime();
} }

5
src/common/crypto.h
View File

@ -95,9 +95,8 @@ int crypto_global_cleanup(void);
crypto_pk_env_t *crypto_new_pk_env(void); crypto_pk_env_t *crypto_new_pk_env(void);
void crypto_free_pk_env(crypto_pk_env_t *env); void crypto_free_pk_env(crypto_pk_env_t *env);
void crypto_set_tls_dh_prime(int use_dynamic_primes, void crypto_set_tls_dh_prime(const char *dynamic_prime_fname);
BIGNUM *stored_dynamic_prime); int crypto_store_dynamic_prime(const char *fname);
int router_store_dynamic_prime(const char *fname);
/* convenience function: wraps crypto_create_crypto_env, set_key, and init. */ /* convenience function: wraps crypto_create_crypto_env, set_key, and init. */
crypto_cipher_env_t *crypto_create_init_cipher(const char *key, crypto_cipher_env_t *crypto_create_init_cipher(const char *key,

14
src/or/config.c
View File

@ -1365,17 +1365,19 @@ options_act(const or_options_t *old_options)
/* If needed, generate a new TLS DH prime according to the current torrc. */ /* If needed, generate a new TLS DH prime according to the current torrc. */
if (!old_options) { if (!old_options) {
if (options->DynamicPrimes) { if (options->DynamicPrimes) {
crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime()); char *fname = get_datadir_fname2("keys", "dynamic_prime");
crypto_set_tls_dh_prime(fname);
tor_free(fname);
} else { } else {
crypto_set_tls_dh_prime(0, NULL); crypto_set_tls_dh_prime(NULL);
} }
} else { } else {
if (options->DynamicPrimes && !old_options->DynamicPrimes) { if (options->DynamicPrimes && !old_options->DynamicPrimes) {
crypto_set_tls_dh_prime(1, router_get_stored_dynamic_prime()); char *fname = get_datadir_fname2("keys", "dynamic_prime");
crypto_set_tls_dh_prime(fname);
tor_free(fname);
} else if (!options->DynamicPrimes && old_options->DynamicPrimes) { } else if (!options->DynamicPrimes && old_options->DynamicPrimes) {
crypto_set_tls_dh_prime(0, NULL); crypto_set_tls_dh_prime(NULL);
} else {
tor_assert(crypto_get_tls_dh_prime());
} }
} }

58
src/or/router.c
View File

@ -484,52 +484,6 @@ v3_authority_check_key_expiry(void)
last_warned = now; last_warned = now;
} }
/** Return the dynamic prime stored in the disk. If there is no
dynamic prime stored in the disk, return NULL. */
BIGNUM *
router_get_stored_dynamic_prime(void)
{
int retval;
char *contents = NULL;
char *fname = get_datadir_fname2("keys", "dynamic_prime");
BIGNUM *dynamic_prime = BN_new();
if (!dynamic_prime)
goto err;
contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
if (!contents)
goto err;
retval = BN_hex2bn(&dynamic_prime, contents);
if (!retval) {
log_notice(LD_GENERAL, "Could not understand the dynamic prime "
"format in '%s'", fname);
goto err;
}
{ /* log the dynamic prime: */
char *s = BN_bn2hex(dynamic_prime);
tor_assert(s);
log_info(LD_OR, "Found stored dynamic prime: [%s]", s);
OPENSSL_free(s);
}
goto done;
err:
if (dynamic_prime) {
BN_free(dynamic_prime);
dynamic_prime = NULL;
}
done:
tor_free(fname);
tor_free(contents);
return dynamic_prime;
}
/** Initialize all OR private keys, and the TLS context, as necessary. /** Initialize all OR private keys, and the TLS context, as necessary.
* On OPs, this only initializes the tls context. Return 0 on success, * On OPs, this only initializes the tls context. Return 0 on success,
* or -1 if Tor should die. * or -1 if Tor should die.
@ -682,12 +636,12 @@ init_keys(void)
/** 3b. If we use a dynamic prime, store it to disk. */ /** 3b. If we use a dynamic prime, store it to disk. */
if (get_options()->DynamicPrimes) { if (get_options()->DynamicPrimes) {
const char *fname = get_datadir_fname2("keys", "dynamic_prime"); char *fname = get_datadir_fname2("keys", "dynamic_prime");
if (crypto_store_dynamic_prime(fname)) { if (crypto_store_dynamic_prime(fname)) {
log_notice(LD_GENERAL, "Failed while storing dynamic prime. " log_notice(LD_GENERAL, "Failed while storing dynamic prime. "
"Make sure your data directory is sane."); "Make sure your data directory is sane.");
} }
tor_free(fname); tor_free(fname);
} }
/* 4. Build our router descriptor. */ /* 4. Build our router descriptor. */

2
src/or/router.h
View File

@ -29,8 +29,6 @@ void rotate_onion_key(void);
crypto_pk_env_t *init_key_from_file(const char *fname, int generate, crypto_pk_env_t *init_key_from_file(const char *fname, int generate,
int severity); int severity);
BIGNUM *router_get_stored_dynamic_prime(void);
void v3_authority_check_key_expiry(void); void v3_authority_check_key_expiry(void);
int init_keys(void); int init_keys(void);