diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-12-14 14:07:00 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2019-01-03 09:45:43 -0500 |
| commit | b82717b27378a0f8048da9d865a8bd3c6dfedd6f (patch) | |
| tree | f1d5158dd88b494988a32aa03746ef10467cc891 /src/lib/crypt_ops | |
| parent | 94a79981580d6260597f799bc1a163c8e6f07acd (diff) | |
| download | tor-b82717b27378a0f8048da9d865a8bd3c6dfedd6f.tar.gz tor-b82717b27378a0f8048da9d865a8bd3c6dfedd6f.zip | |
Stop re-checking our hardcoded dh parameters on every startup
Closes ticket 28851.
Diffstat (limited to 'src/lib/crypt_ops')
| -rw-r--r-- | src/lib/crypt_ops/crypto_dh_openssl.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/crypt_ops/crypto_dh_openssl.c b/src/lib/crypt_ops/crypto_dh_openssl.c index 54946458d5..0d9bd513cf 100644 --- a/src/lib/crypt_ops/crypto_dh_openssl.c +++ b/src/lib/crypt_ops/crypto_dh_openssl.c @@ -45,6 +45,8 @@ static BIGNUM *dh_param_p_tls = NULL; /** Shared G parameter for our DH key exchanges. */ static BIGNUM *dh_param_g = NULL; +/* This function is disabled unless we change the DH parameters. */ +#if 0 /** Validate a given set of Diffie-Hellman parameters. This is moderately * computationally expensive (milliseconds), so should only be called when * the DH parameters change. Returns 0 on success, * -1 on failure. @@ -98,6 +100,7 @@ crypto_validate_dh_params(const BIGNUM *p, const BIGNUM *g) DH_free(dh); return ret; } +#endif /** * Helper: convert <b>hex<b> to a bignum, and return it. Assert that the @@ -151,8 +154,11 @@ crypto_dh_init_openssl(void) dh_param_p = bignum_from_hex(OAKLEY_PRIME_2); dh_param_p_tls = bignum_from_hex(TLS_DH_PRIME); + /* Checks below are disabled unless we change the hardcoded DH parameters. */ +#if 0 tor_assert(0 == crypto_validate_dh_params(dh_param_p, dh_param_g)); tor_assert(0 == crypto_validate_dh_params(dh_param_p_tls, dh_param_g)); +#endif } /** Number of bits to use when choosing the x or y value in a Diffie-Hellman |