Commit b82717b2 authored by Nick Mathewson's avatar Nick Mathewson 🌉
Browse files

Stop re-checking our hardcoded dh parameters on every startup

Closes ticket 28851.
parent 94a79981
o Minor features (performance):
- Stop re-validating our hardcoded Diffie-Hellman parameters on every
startup. Doing this wasted time and cycles, especially on low-powered
devices. Closes ticket 28851.
......@@ -45,6 +45,8 @@ static BIGNUM *dh_param_p_tls = NULL;
/** Shared G parameter for our DH key exchanges. */
static BIGNUM *dh_param_g = NULL;
/* This function is disabled unless we change the DH parameters. */
#if 0
/** Validate a given set of Diffie-Hellman parameters. This is moderately
* computationally expensive (milliseconds), so should only be called when
* the DH parameters change. Returns 0 on success, * -1 on failure.
......@@ -98,6 +100,7 @@ crypto_validate_dh_params(const BIGNUM *p, const BIGNUM *g)
return ret;
* Helper: convert <b>hex<b> to a bignum, and return it. Assert that the
......@@ -151,8 +154,11 @@ crypto_dh_init_openssl(void)
dh_param_p = bignum_from_hex(OAKLEY_PRIME_2);
dh_param_p_tls = bignum_from_hex(TLS_DH_PRIME);
/* Checks below are disabled unless we change the hardcoded DH parameters. */
#if 0
tor_assert(0 == crypto_validate_dh_params(dh_param_p, dh_param_g));
tor_assert(0 == crypto_validate_dh_params(dh_param_p_tls, dh_param_g));
/** Number of bits to use when choosing the x or y value in a Diffie-Hellman
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment