diff options
| author | George Kadianakis <desnacked@gmail.com> | 2011-11-22 04:53:43 +0100 |
|---|---|---|
| committer | George Kadianakis <desnacked@gmail.com> | 2011-11-24 22:09:06 +0100 |
| commit | 659381e00dc09deb4fb342d9f45cfae0b65aa33f (patch) | |
| tree | 383ff1a6ec2575fb748bac94005e513171775d83 | |
| parent | edec9409e85ba4a8b5d0575b23046d83d7562b87 (diff) | |
| download | tor-659381e00dc09deb4fb342d9f45cfae0b65aa33f.tar.gz tor-659381e00dc09deb4fb342d9f45cfae0b65aa33f.zip | |
Introduce the DynamicPrimes configuration option.
| -rw-r--r-- | src/common/crypto.c | 13 | ||||
| -rw-r--r-- | src/common/crypto.h | 3 | ||||
| -rw-r--r-- | src/or/config.c | 1 | ||||
| -rw-r--r-- | src/or/main.c | 3 | ||||
| -rw-r--r-- | src/or/or.h | 2 | ||||
| -rw-r--r-- | src/or/router.c | 3 | ||||
| -rw-r--r-- | src/test/test.c | 2 | ||||
| -rw-r--r-- | src/tools/tor-checkkey.c | 2 | ||||
| -rw-r--r-- | src/tools/tor-gencert.c | 2 |
9 files changed, 18 insertions, 13 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index aeaabafb0c..790ea1646c 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -224,13 +224,15 @@ try_load_engine(const char *path, const char *engine) /** Initialize the crypto library. Return 0 on success, -1 on failure. */ int -crypto_global_init(int useAccel, const char *accelName, const char *accelDir) +crypto_global_init(int useAccel, const char *accelName, const char *accelDir, + int DynamicPrimes) { if (!_crypto_global_initialized) { ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); _crypto_global_initialized = 1; setup_openssl_threading(); + use_dynamic_primes = DynamicPrimes; if (useAccel > 0) { #ifdef DISABLE_ENGINES (void)accelName; @@ -1815,6 +1817,8 @@ static BIGNUM *dh_param_p = NULL; static BIGNUM *dh_param_p_tls = NULL; /** Shared G parameter for our DH key exchanges. */ static BIGNUM *dh_param_g = NULL; +/** True if we use dynamic primes. */ +static int use_dynamic_primes = 0; /** Generate and return a reasonable and safe DH parameter p. */ static BIGNUM *generate_rakshasa_prime(void) @@ -1871,13 +1875,8 @@ init_dh_param(void) r = BN_set_word(g, generator); tor_assert(r); - /* Are we generating a random DH parameter?*/ - log_notice(LD_OR, "Do we want to generate a Rakshasa prime?"); - rakshasa = get_rakshasa(); - log_notice(LD_OR, "We think: %i?", rakshasa); - /* This implements the prime number strategy outlined in prop 179 */ - if (rakshasa == 1) { + if (use_dynamic_primes) { rakshasa_prime = generate_rakshasa_prime(); } diff --git a/src/common/crypto.h b/src/common/crypto.h index 2929a2effb..99c52b1c42 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -87,7 +87,8 @@ typedef struct crypto_dh_env_t crypto_dh_env_t; /* global state */ int crypto_global_init(int hardwareAccel, const char *accelName, - const char *accelPath); + const char *accelPath, + int DynamicPrimes); void crypto_thread_cleanup(void); int crypto_global_cleanup(void); diff --git a/src/or/config.c b/src/or/config.c index 06d7d5c022..4766b24196 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -247,6 +247,7 @@ static config_var_t _option_vars[] = { VAR("DirServer", LINELIST, DirServers, NULL), V(DisableAllSwap, BOOL, "0"), V(DisableIOCP, BOOL, "1"), + V(DynamicPrimes, BOOL, "1"), V(DNSPort, LINELIST, NULL), V(DNSListenAddress, LINELIST, NULL), V(DownloadExtraInfo, BOOL, "0"), diff --git a/src/or/main.c b/src/or/main.c index 7008d388a1..3c75e1c645 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2275,7 +2275,8 @@ tor_init(int argc, char *argv[]) if (crypto_global_init(get_options()->HardwareAccel, get_options()->AccelName, - get_options()->AccelDir)) { + get_options()->AccelDir, + get_options()->DynamicPrimes)) { log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting."); return -1; } diff --git a/src/or/or.h b/src/or/or.h index 67ba62bdd6..b2ea3bc7a7 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2873,6 +2873,8 @@ typedef struct { char *Address; /**< OR only: configured address for this onion router. */ char *PidFile; /**< Where to store PID of Tor process. */ + int DynamicPrimes; /**< Enable dynamic generation of primes for use in DH. */ + routerset_t *ExitNodes; /**< Structure containing nicknames, digests, * country codes and IP address patterns of ORs to * consider as exits. */ diff --git a/src/or/router.c b/src/or/router.c index b6b96a5fff..414d346bfa 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -514,7 +514,8 @@ init_keys(void) * openssl to initialize itself. */ if (crypto_global_init(get_options()->HardwareAccel, get_options()->AccelName, - get_options()->AccelDir)) { + get_options()->AccelDir, + get_options()->DynamicPrimes)) { log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting."); return -1; } diff --git a/src/test/test.c b/src/test/test.c index d4edf1484b..26a55d13f2 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -1903,7 +1903,7 @@ main(int c, const char **v) } options->command = CMD_RUN_UNITTESTS; - if (crypto_global_init(0, NULL, NULL)) { + if (crypto_global_init(0, NULL, NULL, 1)) { printf("Can't initialize crypto subsystem; exiting.\n"); return 1; } diff --git a/src/tools/tor-checkkey.c b/src/tools/tor-checkkey.c index 94c8cbd44c..55480b4881 100644 --- a/src/tools/tor-checkkey.c +++ b/src/tools/tor-checkkey.c @@ -31,7 +31,7 @@ main(int c, char **v) return 1; } - if (crypto_global_init(0, NULL, NULL)) { + if (crypto_global_init(0, NULL, NULL, 0)) { fprintf(stderr, "Couldn't initialize crypto library.\n"); return 1; } diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index 974a58becf..b9f16d9929 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -508,7 +508,7 @@ main(int argc, char **argv) init_logging(); /* Don't bother using acceleration. */ - if (crypto_global_init(0, NULL, NULL)) { + if (crypto_global_init(0, NULL, NULL, 0)) { fprintf(stderr, "Couldn't initialize crypto library.\n"); return 1; } |