r14062@tombo: nickm | 2008-02-08 15:17:07 -0500

Change DNs in x509 certificates to be harder to fingerprint. Raise common code. Refactor random hostname generation into crypto.c svn:r13429
author: Nick Mathewson <nickm@torproject.org> 2008-02-08 21:13:12 +0000
committer: Nick Mathewson <nickm@torproject.org> 2008-02-08 21:13:12 +0000
commit: de827f89df460e5920239a14addd1dd264b76bb5 (patch)
tree: 9e3dd40f12b8c6847c433fcfb53080bd5b00ac26 /src/or
parent: 809227a121136d4c48ea09ad96aef5ecb9eb15eb (diff)
download: tor-de827f89df460e5920239a14addd1dd264b76bb5.tar.gz
tor-de827f89df460e5920239a14addd1dd264b76bb5.zip
3 files changed, 7 insertions, 19 deletions
diff --git a/src/or/dns.c b/src/or/dns.c
index 78faaf70de..0efe286ce5 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -1418,22 +1418,14 @@ evdns_wildcard_check_callback(int result, char type, int count, int ttl,
 static void
 launch_wildcard_check(int min_len, int max_len, const char *suffix)
 {
-  char random_bytes[20], name[64], *addr;
-  size_t len;
+  char *addr;
   int r;
 
-  len = min_len + crypto_rand_int(max_len-min_len+1);
-  if (crypto_rand(random_bytes, sizeof(random_bytes)) < 0)
-    return;
-  base32_encode(name, sizeof(name), random_bytes, sizeof(random_bytes));
-  name[len] = '\0';
-  strlcat(name, suffix, sizeof(name));
-
+  addr = crypto_random_hostname(min_len, max_len, "", suffix);
   log_info(LD_EXIT, "Testing whether our DNS server is hijacking nonexistent "
-           "domains with request for bogus hostname \"%s\"", name);
+           "domains with request for bogus hostname \"%s\"", addr);
 
-  addr = tor_strdup(name);
-  r = evdns_resolve_ipv4(name, DNS_QUERY_NO_SEARCH,
+  r = evdns_resolve_ipv4(addr, DNS_QUERY_NO_SEARCH,
                          evdns_wildcard_check_callback, addr);
   if (r)
     tor_free(addr);
diff --git a/src/or/main.c b/src/or/main.c
index 293f07c418..53d8adad30 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -886,8 +886,7 @@ run_scheduled_events(time_t now)
     last_rotated_x509_certificate = now;
   if (last_rotated_x509_certificate+MAX_SSL_KEY_LIFETIME < now) {
     log_info(LD_GENERAL,"Rotating tls context.");
-    if (tor_tls_context_new(get_identity_key(), options->Nickname,
-                            MAX_SSL_KEY_LIFETIME) < 0) {
+    if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) {
       log_warn(LD_BUG, "Error reinitializing TLS context");
       /* XXX is it a bug here, that we just keep going? -RD */
     }
diff --git a/src/or/router.c b/src/or/router.c
index e9e78d9e0a..6388d244e2 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -403,9 +403,7 @@ init_keys(void)
     }
     set_identity_key(prkey);
     /* Create a TLS context; default the client nickname to "client". */
-    if (tor_tls_context_new(get_identity_key(),
-                            options->Nickname ? options->Nickname : "client",
-                            MAX_SSL_KEY_LIFETIME) < 0) {
+    if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) {
       log_err(LD_GENERAL,"Error creating TLS context for Tor client.");
       return -1;
     }
@@ -483,8 +481,7 @@ init_keys(void)
   tor_free(keydir);
 
   /* 3. Initialize link key and TLS context. */
-  if (tor_tls_context_new(get_identity_key(), options->Nickname,
-                          MAX_SSL_KEY_LIFETIME) < 0) {
+  if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) {
     log_err(LD_GENERAL,"Error initializing TLS context");
     return -1;
   }
author	Nick Mathewson <nickm@torproject.org>	2008-02-08 21:13:12 +0000
committer	Nick Mathewson <nickm@torproject.org>	2008-02-08 21:13:12 +0000
commit	de827f89df460e5920239a14addd1dd264b76bb5 (patch)
tree	9e3dd40f12b8c6847c433fcfb53080bd5b00ac26 /src/or
parent	809227a121136d4c48ea09ad96aef5ecb9eb15eb (diff)
download	tor-de827f89df460e5920239a14addd1dd264b76bb5.tar.gz tor-de827f89df460e5920239a14addd1dd264b76bb5.zip