nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 13:43:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Introduce the DynamicPrimes configuration option.

Browse Source
This commit is contained in:
George Kadianakis 2011-11-22 04:53:43 +01:00
parent edec9409e8
commit 659381e00d
9 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/common/crypto.c
View File

@ -224,13 +224,15 @@ try_load_engine(const char *path, const char *engine)
/** Initialize the crypto library. Return 0 on success, -1 on failure. /** Initialize the crypto library. Return 0 on success, -1 on failure.
*/ */
int int
crypto_global_init(int useAccel, const char *accelName, const char *accelDir) crypto_global_init(int useAccel, const char *accelName, const char *accelDir,
int DynamicPrimes)
{ {
if (!_crypto_global_initialized) { if (!_crypto_global_initialized) {
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
_crypto_global_initialized = 1; _crypto_global_initialized = 1;
setup_openssl_threading(); setup_openssl_threading();
use_dynamic_primes = DynamicPrimes;
if (useAccel > 0) { if (useAccel > 0) {
#ifdef DISABLE_ENGINES #ifdef DISABLE_ENGINES
(void)accelName; (void)accelName;
@ -1815,6 +1817,8 @@ static BIGNUM *dh_param_p = NULL;
static BIGNUM *dh_param_p_tls = NULL; static BIGNUM *dh_param_p_tls = NULL;
/** Shared G parameter for our DH key exchanges. */ /** Shared G parameter for our DH key exchanges. */
static BIGNUM *dh_param_g = NULL; static BIGNUM *dh_param_g = NULL;
/** True if we use dynamic primes. */
static int use_dynamic_primes = 0;
/** Generate and return a reasonable and safe DH parameter p. */ /** Generate and return a reasonable and safe DH parameter p. */
static BIGNUM *generate_rakshasa_prime(void) static BIGNUM *generate_rakshasa_prime(void)
@ -1871,13 +1875,8 @@ init_dh_param(void)
r = BN_set_word(g, generator); r = BN_set_word(g, generator);
tor_assert(r); tor_assert(r);
/* Are we generating a random DH parameter?*/
log_notice(LD_OR, "Do we want to generate a Rakshasa prime?");
rakshasa = get_rakshasa();
log_notice(LD_OR, "We think: %i?", rakshasa);
/* This implements the prime number strategy outlined in prop 179 */ /* This implements the prime number strategy outlined in prop 179 */
if (rakshasa == 1) { if (use_dynamic_primes) {
rakshasa_prime = generate_rakshasa_prime(); rakshasa_prime = generate_rakshasa_prime();
} }

3
src/common/crypto.h
View File

@ -87,7 +87,8 @@ typedef struct crypto_dh_env_t crypto_dh_env_t;
/* global state */ /* global state */
int crypto_global_init(int hardwareAccel, int crypto_global_init(int hardwareAccel,
const char *accelName, const char *accelName,
const char *accelPath); const char *accelPath,
int DynamicPrimes);
void crypto_thread_cleanup(void); void crypto_thread_cleanup(void);
int crypto_global_cleanup(void); int crypto_global_cleanup(void);

1
src/or/config.c
View File

@ -247,6 +247,7 @@ static config_var_t _option_vars[] = {
VAR("DirServer", LINELIST, DirServers, NULL), VAR("DirServer", LINELIST, DirServers, NULL),
V(DisableAllSwap, BOOL, "0"), V(DisableAllSwap, BOOL, "0"),
V(DisableIOCP, BOOL, "1"), V(DisableIOCP, BOOL, "1"),
V(DynamicPrimes, BOOL, "1"),
V(DNSPort, LINELIST, NULL), V(DNSPort, LINELIST, NULL),
V(DNSListenAddress, LINELIST, NULL), V(DNSListenAddress, LINELIST, NULL),
V(DownloadExtraInfo, BOOL, "0"), V(DownloadExtraInfo, BOOL, "0"),

3
src/or/main.c
View File

@ -2275,7 +2275,8 @@ tor_init(int argc, char *argv[])
if (crypto_global_init(get_options()->HardwareAccel, if (crypto_global_init(get_options()->HardwareAccel,
get_options()->AccelName, get_options()->AccelName,
get_options()->AccelDir)) { get_options()->AccelDir,
get_options()->DynamicPrimes)) {
log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting."); log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
return -1; return -1;
} }

2
src/or/or.h
View File

@ -2873,6 +2873,8 @@ typedef struct {
char *Address; /**< OR only: configured address for this onion router. */ char *Address; /**< OR only: configured address for this onion router. */
char *PidFile; /**< Where to store PID of Tor process. */ char *PidFile; /**< Where to store PID of Tor process. */
int DynamicPrimes; /**< Enable dynamic generation of primes for use in DH. */
routerset_t *ExitNodes; /**< Structure containing nicknames, digests, routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
* country codes and IP address patterns of ORs to * country codes and IP address patterns of ORs to
* consider as exits. */ * consider as exits. */

3
src/or/router.c
View File

@ -514,7 +514,8 @@ init_keys(void)
* openssl to initialize itself. */ * openssl to initialize itself. */
if (crypto_global_init(get_options()->HardwareAccel, if (crypto_global_init(get_options()->HardwareAccel,
get_options()->AccelName, get_options()->AccelName,
get_options()->AccelDir)) { get_options()->AccelDir,
get_options()->DynamicPrimes)) {
log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting."); log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
return -1; return -1;
} }

2
src/test/test.c
View File

@ -1903,7 +1903,7 @@ main(int c, const char **v)
} }
options->command = CMD_RUN_UNITTESTS; options->command = CMD_RUN_UNITTESTS;
if (crypto_global_init(0, NULL, NULL)) { if (crypto_global_init(0, NULL, NULL, 1)) {
printf("Can't initialize crypto subsystem; exiting.\n"); printf("Can't initialize crypto subsystem; exiting.\n");
return 1; return 1;
} }

2
src/tools/tor-checkkey.c
View File

@ -31,7 +31,7 @@ main(int c, char **v)
return 1; return 1;
} }
if (crypto_global_init(0, NULL, NULL)) { if (crypto_global_init(0, NULL, NULL, 0)) {
fprintf(stderr, "Couldn't initialize crypto library.\n"); fprintf(stderr, "Couldn't initialize crypto library.\n");
return 1; return 1;
} }

2
src/tools/tor-gencert.c
View File

@ -508,7 +508,7 @@ main(int argc, char **argv)
init_logging(); init_logging();
/* Don't bother using acceleration. */ /* Don't bother using acceleration. */
if (crypto_global_init(0, NULL, NULL)) { if (crypto_global_init(0, NULL, NULL, 0)) {
fprintf(stderr, "Couldn't initialize crypto library.\n"); fprintf(stderr, "Couldn't initialize crypto library.\n");
return 1; return 1;
} }