Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Introduce the DynamicPrimes configuration option.

George Kadianakis 12 years ago
parent
edec9409e8
commit
659381e00d
9 changed files with 18 additions and 13 deletions
Split View Show Diff Stats
  1. 6 7
      src/common/crypto.c
  2. 2 1
      src/common/crypto.h
  3. 1 0
      src/or/config.c
  4. 2 1
      src/or/main.c
  5. 2 0
      src/or/or.h
  6. 2 1
      src/or/router.c
  7. 1 1
      src/test/test.c
  8. 1 1
      src/tools/tor-checkkey.c
  9. 1 1
      src/tools/tor-gencert.c

+ 6 - 7
src/common/crypto.c
View File 

@@ -224,13 +224,15 @@ try_load_engine(const char *path, const char *engine)
 
 /** Initialize the crypto library.  Return 0 on success, -1 on failure.
 
  */
 
 int
 
-crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
 
+crypto_global_init(int useAccel, const char *accelName, const char *accelDir,
 
+                   int DynamicPrimes)
 
 {
 
   if (!_crypto_global_initialized) {
 
     ERR_load_crypto_strings();
 
     OpenSSL_add_all_algorithms();
 
     _crypto_global_initialized = 1;
 
     setup_openssl_threading();
 
+    use_dynamic_primes = DynamicPrimes;
 
     if (useAccel > 0) {
 
 #ifdef DISABLE_ENGINES
 
       (void)accelName;
 
@@ -1815,6 +1817,8 @@ static BIGNUM *dh_param_p = NULL;
 
 static BIGNUM *dh_param_p_tls = NULL;
 
 /** Shared G parameter for our DH key exchanges. */
 
 static BIGNUM *dh_param_g = NULL;
 
+/** True if we use dynamic primes. */
 
+static int use_dynamic_primes = 0;
 
 
 /** Generate and return a reasonable and safe DH parameter p. */
 
 static BIGNUM *generate_rakshasa_prime(void)
 
@@ -1871,13 +1875,8 @@ init_dh_param(void)
 
   r = BN_set_word(g, generator);
 
   tor_assert(r);
 
 
-  /* Are we generating a random DH parameter?*/
 
-  log_notice(LD_OR, "Do we want to generate a Rakshasa prime?");
 
-  rakshasa = get_rakshasa();
 
-  log_notice(LD_OR, "We think: %i?", rakshasa);
 
-
 
   /* This implements the prime number strategy outlined in prop 179 */
 
-  if (rakshasa == 1) {
 
+  if (use_dynamic_primes) {
 
     rakshasa_prime = generate_rakshasa_prime();
 
   }

+ 2 - 1
src/common/crypto.h
View File 

@@ -87,7 +87,8 @@ typedef struct crypto_dh_env_t crypto_dh_env_t;
 
 /* global state */
 
 int crypto_global_init(int hardwareAccel,
 
                        const char *accelName,
 
-                       const char *accelPath);
 
+                       const char *accelPath,
 
+                       int DynamicPrimes);
 
 void crypto_thread_cleanup(void);
 
 int crypto_global_cleanup(void);

+ 1 - 0
src/or/config.c
View File 

@@ -247,6 +247,7 @@ static config_var_t _option_vars[] = {
 
   VAR("DirServer",               LINELIST, DirServers, NULL),
 
   V(DisableAllSwap,              BOOL,     "0"),
 
   V(DisableIOCP,                 BOOL,     "1"),
 
+  V(DynamicPrimes,               BOOL,     "1"),
 
   V(DNSPort,                     LINELIST, NULL),
 
   V(DNSListenAddress,            LINELIST, NULL),
 
   V(DownloadExtraInfo,           BOOL,     "0"),

+ 2 - 1
src/or/main.c
View File 

@@ -2275,7 +2275,8 @@ tor_init(int argc, char *argv[])
 
 
   if (crypto_global_init(get_options()->HardwareAccel,
 
                          get_options()->AccelName,
 
-                         get_options()->AccelDir)) {
 
+                         get_options()->AccelDir,
 
+                         get_options()->DynamicPrimes)) {
 
     log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
 
     return -1;
 
   }

+ 2 - 0
src/or/or.h
View File 

@@ -2873,6 +2873,8 @@ typedef struct {
 
   char *Address; /**< OR only: configured address for this onion router. */
 
   char *PidFile; /**< Where to store PID of Tor process. */
 
 
+  int DynamicPrimes; /**< Enable dynamic generation of primes for use in DH. */
 
+
 
   routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
 
                            * country codes and IP address patterns of ORs to
 
                            * consider as exits. */

+ 2 - 1
src/or/router.c
View File 

@@ -514,7 +514,8 @@ init_keys(void)
 
    * openssl to initialize itself. */
 
   if (crypto_global_init(get_options()->HardwareAccel,
 
                          get_options()->AccelName,
 
-                         get_options()->AccelDir)) {
 
+                         get_options()->AccelDir,
 
+                         get_options()->DynamicPrimes)) {
 
     log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
 
     return -1;
 
   }

+ 1 - 1
src/test/test.c
View File 

@@ -1903,7 +1903,7 @@ main(int c, const char **v)
 
   }
 
 
   options->command = CMD_RUN_UNITTESTS;
 
-  if (crypto_global_init(0, NULL, NULL)) {
 
+  if (crypto_global_init(0, NULL, NULL, 1)) {
 
     printf("Can't initialize crypto subsystem; exiting.\n");
 
     return 1;
 
   }

+ 1 - 1
src/tools/tor-checkkey.c
View File 

@@ -31,7 +31,7 @@ main(int c, char **v)
 
     return 1;
 
   }
 
 
-  if (crypto_global_init(0, NULL, NULL)) {
 
+  if (crypto_global_init(0, NULL, NULL, 0)) {
 
     fprintf(stderr, "Couldn't initialize crypto library.\n");
 
     return 1;
 
   }

+ 1 - 1
src/tools/tor-gencert.c
View File 

@@ -508,7 +508,7 @@ main(int argc, char **argv)
 
   init_logging();
 
 
   /* Don't bother using acceleration. */
 
-  if (crypto_global_init(0, NULL, NULL)) {
 
+  if (crypto_global_init(0, NULL, NULL, 0)) {
 
     fprintf(stderr, "Couldn't initialize crypto library.\n");
 
     return 1;
 
   }