[tor-bugs] #13736 [Tor]: Kill the DynamicDHGroups feature

Tue Mar 24 22:22:15 UTC 2015

#13736: Kill the DynamicDHGroups feature
------------------------+---------------------------------------
     Reporter:  asn     |      Owner:  yawning
         Type:  defect  |     Status:  needs_review
     Priority:  minor   |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor tor-bridge easy lorax
Actual Points:          |  Parent ID:
       Points:          |
------------------------+---------------------------------------

Comment (by asn):

 Patch looks solid to me.

 Two quick comments:

 ----

 {{{
 +  /* Probably not needed any longer XXXX */
 +  crypto_set_tls_dh_prime();
 }}}

 This seeems removable, yes. `crypto_set_tls_dh_prime()` will be called
 eventually from `router.c:init_keys()`. Here is a backtrace for clients:
 {{{
 #0  crypto_set_tls_dh_prime () at src/common/crypto.c:1775
 #1  0x0000555555687d7a in init_dh_param () at src/common/crypto.c:1842
 #2  0x00005555556880a5 in crypto_dh_new (dh_type=3) at
 src/common/crypto.c:1863
 #3  0x00005555556906ec in tor_tls_context_new (is_client=<optimized out>,
 flags=<optimized out>, key_lifetime=<optimized out>, identity=<optimized
 out>) at src/common/tortls.c:1396
 #4  tor_tls_context_init_one (ppcontext=0x555555954bd0,
 ppcontext at entry=0x55555592bac0 <client_tls_context>,
 identity=0x555555954550, key_lifetime=0, flags=15, flags at entry=0,
 is_client=1) at src/common/tortls.c:1193
 #5  0x0000555555690988 in tor_tls_context_init (flags=0,
 client_identity=0x55555594d790, server_identity=<optimized out>,
 key_lifetime=17020799) at src/common/tortls.c:1169
 #6  0x00005555555c0366 in init_keys () at src/or/router.c:806
 #7  0x0000555555588f2d in do_main_loop () at src/or/main.c:1984
 #8  0x000055555558be85 in tor_main (argc=<optimized out>, argv=<optimized
 out>) at src/or/main.c:3078
 #9  0x00007ffff6875b45 in __libc_start_main (main=0x555555585570 <main>,
 argc=3, argv=0x7fffffffe538, init=<optimized out>, fini=<optimized out>,
 rtld_fini=<optimized out>, stack_end=0x7fffffffe528) at libc-start.c:287
 #10 0x00005555555855cb in _start ()
 }}}

 ----

 You added an `if (1) {` block in `crypto_set_tls_dh_prime()`. I think it's
 redundant.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13736#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online