 Nick Mathewson
|
f14743a975
Note that much of check_dh_key is voodoo; make x in DH be only 320 bits for DH speed improvement: this wants auditing. [We have blessing from Ian on this.] (Note that DH in SSL is not yet affected.)
|
vor 19 Jahren |
|
Nick Mathewson
|
3c36a14ba6
Call ERR_remove_state() on the main thread on shutdown,too
|
vor 19 Jahren |
|
Nick Mathewson
|
9492424d3f
Per comments at the bottom of openssl/FAQ, call even more functions to
|
vor 19 Jahren |
|
Nick Mathewson
|
edf5698474
Start dividing log messages into logging domains. No, LD_ is not the best of identifiers. src/or has not been converted yet. Domains dont do anything yet.
|
vor 19 Jahren |
 Peter Palfrader
|
0d9aedfcea
Downgrade a few INFO level logs to DEBUG again. Also add two or three new
|
vor 19 Jahren |
|
Nick Mathewson
|
9bc2467626
Okay, try to use RAND_poll() from OpenSSL where available.
|
vor 19 Jahren |
 Roger Dingledine
|
c4757e0705
LOG_ERR is for when we know we're going to exit. use LOG_WARN in other
|
vor 19 Jahren |
|
Nick Mathewson
|
150e5ac098
disable RAND_poll() for the alpha of the day; at least 24 hours of testing is in order for something like that.
|
vor 19 Jahren |
|
Nick Mathewson
|
a53ecc94f9
Add half our entropy from RAND_poll in OpenSSL. These know how to use egd (if present) openbsd weirdness (if present), vms/os2 weirdness (if we ever port there), and more in the future.
|
vor 19 Jahren |
|
Nick Mathewson
|
a89daaeca9
Once an hour (not just on startup) give OpenSSL some more entropy.
|
vor 19 Jahren |
|
Nick Mathewson
|
cc35e1720f
Using RAND_pseudo_bytes instead of RAND_bytes is an accident waiting to happen, and does not really speed us up much when we do it. So stop doing it.
|
vor 19 Jahren |
|
Nick Mathewson
|
ba24193ab5
Make doxygen marginally happier
|
vor 19 Jahren |
|
Nick Mathewson
|
f8c07e1f33
free EVP cipher information on shutdown to remove some spurious dmalloc complaints.
|
vor 19 Jahren |
|
Nick Mathewson
|
de198d800b
Never call free() on tor_malloc()d memory. This is unlikely to be our current leak, but it may help dmalloc work.
|
vor 19 Jahren |
|
Nick Mathewson
|
26e7a05725
even better function start checks; give dmalloc a chance of working.
|
vor 19 Jahren |
|
Nick Mathewson
|
92451f74a8
Reformat inconsistent function declarations.
|
vor 19 Jahren |
|
Nick Mathewson
|
5c53545d81
Add a bunch more warnings to out warning suite; resolve them; pack structs a little better.
|
vor 19 Jahren |
|
Nick Mathewson
|
f8a80e8d59
Helper functions to perform our truncated base64 encoding on hexdigests.
|
vor 19 Jahren |
|
Nick Mathewson
|
6b479b3cfa
Only do openssl accel stuff if version is at least 0.9.7
|
vor 19 Jahren |
|
Roger Dingledine
|
fa507c63e8
put quotes around user-supplied strings so they are more likely to
|
vor 19 Jahren |
|
Roger Dingledine
|
121ea4dd93
a url for better reference
|
vor 19 Jahren |
|
Nick Mathewson
|
943ef5256b
fix whitespace issues
|
vor 19 Jahren |
|
Nick Mathewson
|
9345323b18
far far cleaner implementation of handshake checking logic. Backport candidate.
|
vor 19 Jahren |
|
Roger Dingledine
|
bfe65db284
ok, so now it was just redundant. nick, do you recall what rfc
|
vor 19 Jahren |
|
Roger Dingledine
|
b9a7482c02
note another potential security problem with generating key material
|
vor 19 Jahren |
|
Roger Dingledine
|
261bf4c4d4
rfc 3536 "provides a glossary of terms used in the IETF when discussing
|
vor 19 Jahren |
|
Nick Mathewson
|
224fecb281
Appease insane windows compiler. (Oh no, an extra semi, the sky is falling!)
|
vor 19 Jahren |
|
Nick Mathewson
|
197eb2b2cb
fix harmless copy-and-paste error
|
vor 19 Jahren |
|
Nick Mathewson
|
ea2aa107a7
cover a few more cases; needs testing and once-over
|
vor 19 Jahren |
|
Nick Mathewson
|
3fa821d911
oops, that array got bigger
|
vor 19 Jahren |
