[tor-commits] [tor/master] Introduce the DynamicPrimes configuration option.
nickm at torproject.org
nickm at torproject.org
Tue Nov 29 23:33:59 UTC 2011
commit 659381e00dc09deb4fb342d9f45cfae0b65aa33f
Author: George Kadianakis <desnacked at gmail.com>
Date: Tue Nov 22 04:53:43 2011 +0100
Introduce the DynamicPrimes configuration option.
---
src/common/crypto.c | 13 ++++++-------
src/common/crypto.h | 3 ++-
src/or/config.c | 1 +
src/or/main.c | 3 ++-
src/or/or.h | 2 ++
src/or/router.c | 3 ++-
src/test/test.c | 2 +-
src/tools/tor-checkkey.c | 2 +-
src/tools/tor-gencert.c | 2 +-
9 files changed, 18 insertions(+), 13 deletions(-)
diff --git a/src/common/crypto.c b/src/common/crypto.c
index aeaabaf..790ea16 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -224,13 +224,15 @@ try_load_engine(const char *path, const char *engine)
/** Initialize the crypto library. Return 0 on success, -1 on failure.
*/
int
-crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
+crypto_global_init(int useAccel, const char *accelName, const char *accelDir,
+ int DynamicPrimes)
{
if (!_crypto_global_initialized) {
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
_crypto_global_initialized = 1;
setup_openssl_threading();
+ use_dynamic_primes = DynamicPrimes;
if (useAccel > 0) {
#ifdef DISABLE_ENGINES
(void)accelName;
@@ -1815,6 +1817,8 @@ static BIGNUM *dh_param_p = NULL;
static BIGNUM *dh_param_p_tls = NULL;
/** Shared G parameter for our DH key exchanges. */
static BIGNUM *dh_param_g = NULL;
+/** True if we use dynamic primes. */
+static int use_dynamic_primes = 0;
/** Generate and return a reasonable and safe DH parameter p. */
static BIGNUM *generate_rakshasa_prime(void)
@@ -1871,13 +1875,8 @@ init_dh_param(void)
r = BN_set_word(g, generator);
tor_assert(r);
- /* Are we generating a random DH parameter?*/
- log_notice(LD_OR, "Do we want to generate a Rakshasa prime?");
- rakshasa = get_rakshasa();
- log_notice(LD_OR, "We think: %i?", rakshasa);
-
/* This implements the prime number strategy outlined in prop 179 */
- if (rakshasa == 1) {
+ if (use_dynamic_primes) {
rakshasa_prime = generate_rakshasa_prime();
}
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 2929a2e..99c52b1 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -87,7 +87,8 @@ typedef struct crypto_dh_env_t crypto_dh_env_t;
/* global state */
int crypto_global_init(int hardwareAccel,
const char *accelName,
- const char *accelPath);
+ const char *accelPath,
+ int DynamicPrimes);
void crypto_thread_cleanup(void);
int crypto_global_cleanup(void);
diff --git a/src/or/config.c b/src/or/config.c
index 06d7d5c..4766b24 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -247,6 +247,7 @@ static config_var_t _option_vars[] = {
VAR("DirServer", LINELIST, DirServers, NULL),
V(DisableAllSwap, BOOL, "0"),
V(DisableIOCP, BOOL, "1"),
+ V(DynamicPrimes, BOOL, "1"),
V(DNSPort, LINELIST, NULL),
V(DNSListenAddress, LINELIST, NULL),
V(DownloadExtraInfo, BOOL, "0"),
diff --git a/src/or/main.c b/src/or/main.c
index 7008d38..3c75e1c 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2275,7 +2275,8 @@ tor_init(int argc, char *argv[])
if (crypto_global_init(get_options()->HardwareAccel,
get_options()->AccelName,
- get_options()->AccelDir)) {
+ get_options()->AccelDir,
+ get_options()->DynamicPrimes)) {
log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
return -1;
}
diff --git a/src/or/or.h b/src/or/or.h
index 67ba62b..b2ea3bc 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2873,6 +2873,8 @@ typedef struct {
char *Address; /**< OR only: configured address for this onion router. */
char *PidFile; /**< Where to store PID of Tor process. */
+ int DynamicPrimes; /**< Enable dynamic generation of primes for use in DH. */
+
routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
* country codes and IP address patterns of ORs to
* consider as exits. */
diff --git a/src/or/router.c b/src/or/router.c
index b6b96a5..414d346 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -514,7 +514,8 @@ init_keys(void)
* openssl to initialize itself. */
if (crypto_global_init(get_options()->HardwareAccel,
get_options()->AccelName,
- get_options()->AccelDir)) {
+ get_options()->AccelDir,
+ get_options()->DynamicPrimes)) {
log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting.");
return -1;
}
diff --git a/src/test/test.c b/src/test/test.c
index d4edf14..26a55d1 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -1903,7 +1903,7 @@ main(int c, const char **v)
}
options->command = CMD_RUN_UNITTESTS;
- if (crypto_global_init(0, NULL, NULL)) {
+ if (crypto_global_init(0, NULL, NULL, 1)) {
printf("Can't initialize crypto subsystem; exiting.\n");
return 1;
}
diff --git a/src/tools/tor-checkkey.c b/src/tools/tor-checkkey.c
index 94c8cbd..55480b4 100644
--- a/src/tools/tor-checkkey.c
+++ b/src/tools/tor-checkkey.c
@@ -31,7 +31,7 @@ main(int c, char **v)
return 1;
}
- if (crypto_global_init(0, NULL, NULL)) {
+ if (crypto_global_init(0, NULL, NULL, 0)) {
fprintf(stderr, "Couldn't initialize crypto library.\n");
return 1;
}
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index 974a58b..b9f16d9 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -508,7 +508,7 @@ main(int argc, char **argv)
init_logging();
/* Don't bother using acceleration. */
- if (crypto_global_init(0, NULL, NULL)) {
+ if (crypto_global_init(0, NULL, NULL, 0)) {
fprintf(stderr, "Couldn't initialize crypto library.\n");
return 1;
}
More information about the tor-commits
mailing list