diff options
author | Nick Mathewson <nickm@torproject.org> | 2006-01-10 21:12:06 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2006-01-10 21:12:06 +0000 |
commit | 55ac4f032c7fb87bc14e1c9ad603126cf17885cb (patch) | |
tree | 457ed1d1021860d6acf2891957b571a75ff8c87f /src/common | |
parent | 210d9db54da7ae39abac0ade069c02bd2d88617f (diff) | |
download | tor-55ac4f032c7fb87bc14e1c9ad603126cf17885cb.tar.gz tor-55ac4f032c7fb87bc14e1c9ad603126cf17885cb.zip |
Add a (diabled by default) option in crypto.h to disable most of the interesting crypto-related changes made on 0.1.1.9. This will help hunt bug 234.
svn:r5777
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/crypto.c | 12 | ||||
-rw-r--r-- | src/common/crypto.h | 2 | ||||
-rw-r--r-- | src/common/tortls.c | 2 |
3 files changed, 16 insertions, 0 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index c4597cf5f2..a486b23513 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -228,7 +228,9 @@ crypto_global_init(int useAccel) void crypto_thread_cleanup(void) { +#ifndef ENABLE_0119_PARANOIA ERR_remove_state(0); +#endif } /** Uninitialize the crypto library. Return 0 on success, -1 on failure. @@ -237,13 +239,17 @@ int crypto_global_cleanup(void) { EVP_cleanup(); +#ifndef ENABLE_0119_PARANOIA ERR_remove_state(0); +#endif ERR_free_strings(); #ifndef NO_ENGINES ENGINE_cleanup(); +#ifndef ENABLE_0119_PARANOIA CONF_modules_unload(1); CRYPTO_cleanup_all_ex_data(); #endif +#endif #ifdef TOR_IS_MULTITHREADED if (_n_openssl_mutexes) { int n = _n_openssl_mutexes; @@ -1375,7 +1381,9 @@ crypto_dh_new(void) if (!(res->dh->g = BN_dup(dh_param_g))) goto err; +#ifndef ENABLE_0119_PARANOIA res->dh->length = DH_PRIVATE_KEY_BITS; +#endif return res; err: @@ -1602,7 +1610,11 @@ crypto_dh_free(crypto_dh_env_t *dh) /* Use RAND_poll if openssl is 0.9.6 release or later. (The "f" means "release".) */ +#ifndef ENABLE_0119_PARANOIA #define USE_RAND_POLL (OPENSSL_VERSION_NUMBER >= 0x0090600fl) +#else +#define USE_RAND_POLL 0 +#endif /** Seed OpenSSL's random number generator with bytes from the * operating system. Return 0 on success, -1 on failure. diff --git a/src/common/crypto.h b/src/common/crypto.h index be53b964bb..28571d16a8 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -15,6 +15,8 @@ #include <stdio.h> +#undef ENABLE_0119_PARANOIA + /** Length of the output of our message digest. */ #define DIGEST_LEN 20 /** Length of our symmetric cipher's keys. */ diff --git a/src/common/tortls.c b/src/common/tortls.c index cd070b164d..7a41a931f7 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -363,7 +363,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, goto error; SSL_CTX_set_options(*ctx, SSL_OP_NO_SSLv2); #endif +#ifndef ENABLE_0119_PARANOIA SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_DH_USE); +#endif if (!SSL_CTX_set_cipher_list(*ctx, CIPHER_LIST)) goto error; if (!client_only) { |