Diffie-Hellman will be nice intermediate step on the way to getting NSS support. We'll need a way to convert to OpenSSL DH params for now, though, so we can have our TLS layer still work.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Child items ...
Show closed items
Linked items 0
Link issues together to show that they're related.
Learn more.
Thanks! Still looking over the patches. This branch, being based on the same branch as #26815 (moved) and #26816 (moved), has the same (hopefully minor) issues.
For CI purposes I've made a squashed and merged branch as nss_dh_squashed_merged. PR at https://github.com/torproject/tor/pull/258 . It includes this branch, and both of the branches it is based on.
For CI purposes I've made a squashed and merged branch as nss_dh_squashed_merged. PR at https://github.com/torproject/tor/pull/258 . It includes this branch, and both of the branches it is based on.
Thanks! Looks good so far. I've looked at all of the commits and nothing sticks out as obviously wrong. I want to try to check the memory management more closely in a few places if I can, though.
It looks like the SSL_SignatureMaxCount() prototype warning is still there. (Probably needs a warning disabled in src/lib/crypt_ops/crypto_nss_mgt.c.) Also the Rust build fails during make check due to a duplication of src/lib/crypt_ops/crypto_openssl_mgt.c in src_lib_libtor_crypt_ops_a_SOURCES.
Aug 08 14:45:44.396 [warn] router_compute_hash_final(): Bug: couldn't compute digest (on Tor 0.3.5.0-alpha-dev 56c3282fae496671)Aug 08 14:45:44.396 [info] dump_desc(): Unable to parse descriptor of type authority cert, and unable to even hash it!Aug 08 14:45:44.396 [warn] Unable to parse certificate in /home/tlyu/src/chutney/net/nodes/000a/keys/authority_certificateAug 08 14:45:44.396 [err] We're configured as a V3 authority, but we were unable to load our v3 authority keys and certificate! Use tor-gencert to generate them. Dying.Aug 08 14:45:44.396 [warn] options_act(): Bug: Error initializing keys; exiting (on Tor 0.3.5.0-alpha-dev 56c3282fae496671)Aug 08 14:45:44.396 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.3.5.0-alpha-dev 56c3282fae496671)Aug 08 14:45:44.396 [err] Reading config failed--see warnings above.
Hm. For me, test-network fails with rust or without.
I confirm. Sorry, my previous result seems to have been due to inconsistent use of --enable-nss between my rust and non-rust builds.
I've added an extra commit as 4f300d547d65e50ac1fd635f8b22714c1544ba33 in nss_dh_squashed_merged that calls crypto_postfork() after a nontrivial finish_daemon(). With this, test-network passes.