diff options
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/crypto.c | 34 | ||||
| -rw-r--r-- | src/common/crypto.h | 5 | ||||
| -rw-r--r-- | src/common/tortls.c | 2 |
3 files changed, 33 insertions, 8 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 29137a834d..48c8dea08f 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1505,8 +1505,10 @@ crypto_hmac_sha1(char *hmac_out, /* DH */ -/** Shared P parameter for our DH key exchanged. */ +/** Shared P parameter for our circuit-crypto DH key exchanges. */ static BIGNUM *dh_param_p = NULL; +/** Shared P parameter for our TLS DH key exchanges. */ +static BIGNUM *dh_param_p_tls = NULL; /** Shared G parameter for our DH key exchanges. */ static BIGNUM *dh_param_g = NULL; @@ -1515,14 +1517,16 @@ static BIGNUM *dh_param_g = NULL; static void init_dh_param(void) { - BIGNUM *p, *g; + BIGNUM *p, *p2, *g; int r; - if (dh_param_p && dh_param_g) + if (dh_param_p && dh_param_g && dh_param_p_tls) return; p = BN_new(); + p2 = BN_new(); g = BN_new(); tor_assert(p); + tor_assert(p2); tor_assert(g); /* This is from rfc2409, section 6.2. It's a safe prime, and @@ -1536,10 +1540,20 @@ init_dh_param(void) "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6" "49286651ECE65381FFFFFFFFFFFFFFFF"); tor_assert(r); + /* This is the 1024-bit safe prime that Apache uses for its DH stuff; see + * modules/ssl/ssl_engine_dh.c */ + r = BN_hex2bn(&p2, + "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98" + "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A" + "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7" + "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68" + "B0E7393E0F24218EB3"); + tor_assert(r); r = BN_set_word(g, 2); tor_assert(r); dh_param_p = p; + dh_param_p_tls = p2; dh_param_g = g; } @@ -1548,18 +1562,26 @@ init_dh_param(void) /** Allocate and return a new DH object for a key exchange. */ crypto_dh_env_t * -crypto_dh_new(void) +crypto_dh_new(int dh_type) { crypto_dh_env_t *res = tor_malloc_zero(sizeof(crypto_dh_env_t)); + tor_assert(dh_type == DH_TYPE_CIRCUIT || dh_type == DH_TYPE_TLS || + dh_type == DH_TYPE_REND); + if (!dh_param_p) init_dh_param(); if (!(res->dh = DH_new())) goto err; - if (!(res->dh->p = BN_dup(dh_param_p))) - goto err; + if (dh_type == DH_TYPE_TLS) { + if (!(res->dh->p = BN_dup(dh_param_p_tls))) + goto err; + } else { + if (!(res->dh->p = BN_dup(dh_param_p))) + goto err; + } if (!(res->dh->g = BN_dup(dh_param_g))) goto err; diff --git a/src/common/crypto.h b/src/common/crypto.h index d6f5555379..576c03dc30 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -159,7 +159,10 @@ void crypto_hmac_sha1(char *hmac_out, const char *msg, size_t msg_len); /* Key negotiation */ -crypto_dh_env_t *crypto_dh_new(void); +#define DH_TYPE_CIRCUIT 1 +#define DH_TYPE_REND 2 +#define DH_TYPE_TLS 3 +crypto_dh_env_t *crypto_dh_new(int dh_type); int crypto_dh_get_bytes(crypto_dh_env_t *dh); int crypto_dh_generate_public(crypto_dh_env_t *dh); int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out, diff --git a/src/common/tortls.c b/src/common/tortls.c index 1d597e2952..7735618ea2 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -684,7 +684,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) if (!SSL_CTX_check_private_key(result->ctx)) goto error; { - crypto_dh_env_t *dh = crypto_dh_new(); + crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS); SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh)); crypto_dh_free(dh); } |