diff options
| author | Karsten Loesing <karsten.loesing@gmx.net> | 2009-10-25 23:47:05 -0700 |
|---|---|---|
| committer | Karsten Loesing <karsten.loesing@gmx.net> | 2009-10-25 23:47:05 -0700 |
| commit | d2b4b49ff043df43c048b6f1f52a34dd5c4c0108 (patch) | |
| tree | 6ef8d55c438685668bc0333171305761dcdfd02d /src/or | |
| parent | fa23430496f2675c2dca5dbc0c6455c404c184fe (diff) | |
| download | tor-d2b4b49ff043df43c048b6f1f52a34dd5c4c0108.tar.gz tor-d2b4b49ff043df43c048b6f1f52a34dd5c4c0108.zip | |
Reduce log level for someone else sending us weak DH keys.
See task 1114. The most plausible explanation for someone sending us weak
DH keys is that they experiment with their Tor code or implement a new Tor
client. Usually, we don't care about such events, especially not on warn
level. If we really care about someone not following the Tor protocol, we
can set ProtocolWarnings to 1.
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/onion.c | 10 | ||||
| -rw-r--r-- | src/or/rendclient.c | 5 | ||||
| -rw-r--r-- | src/or/rendservice.c | 3 |
3 files changed, 11 insertions, 7 deletions
diff --git a/src/or/onion.c b/src/or/onion.c index b49a86aba3..58a51aedfe 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -253,8 +253,9 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/ key_material_len = DIGEST_LEN+key_out_len; key_material = tor_malloc(key_material_len); - len = crypto_dh_compute_secret(dh, challenge, DH_KEY_LEN, - key_material, key_material_len); + len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh, challenge, + DH_KEY_LEN, key_material, + key_material_len); if (len < 0) { log_info(LD_GENERAL, "crypto_dh_compute_secret failed."); goto err; @@ -304,8 +305,9 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state, key_material_len = DIGEST_LEN + key_out_len; key_material = tor_malloc(key_material_len); - len = crypto_dh_compute_secret(handshake_state, handshake_reply, DH_KEY_LEN, - key_material, key_material_len); + len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, handshake_state, + handshake_reply, DH_KEY_LEN, key_material, + key_material_len); if (len < 0) goto err; diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 0ade46807c..b7ea40eed7 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -621,8 +621,9 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request, tor_assert(circ->build_state->pending_final_cpath); hop = circ->build_state->pending_final_cpath; tor_assert(hop->dh_handshake_state); - if (crypto_dh_compute_secret(hop->dh_handshake_state, request, DH_KEY_LEN, - keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) { + if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->dh_handshake_state, + request, DH_KEY_LEN, keys, + DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) { log_warn(LD_GENERAL, "Couldn't complete DH handshake."); goto err; } diff --git a/src/or/rendservice.c b/src/or/rendservice.c index daf8247e55..f00cfd44d8 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1090,7 +1090,8 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request, reason = END_CIRC_REASON_INTERNAL; goto err; } - if (crypto_dh_compute_secret(dh, ptr+REND_COOKIE_LEN, DH_KEY_LEN, keys, + if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh, ptr+REND_COOKIE_LEN, + DH_KEY_LEN, keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) { log_warn(LD_BUG, "Internal error: couldn't complete DH handshake"); reason = END_CIRC_REASON_INTERNAL; |