diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-01-24 16:03:14 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-02-10 15:55:06 -0500 |
| commit | 50c259d763c7471588b4e1f242695d2652e4284b (patch) | |
| tree | 95018c9f25fde4fbf49338ecfb6af098b8558ecb /src/or | |
| parent | 5fc6967956610111d8cf24792ddf000bd83b4b86 (diff) | |
| download | tor-50c259d763c7471588b4e1f242695d2652e4284b.tar.gz tor-50c259d763c7471588b4e1f242695d2652e4284b.zip | |
Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
(Backport from 0.2.2's 5ed73e3807d90dd0a3)
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/onion.c | 4 | ||||
| -rw-r--r-- | src/or/rendclient.c | 2 | ||||
| -rw-r--r-- | src/or/rendservice.c | 2 | ||||
| -rw-r--r-- | src/or/test.c | 4 |
4 files changed, 6 insertions, 6 deletions
diff --git a/src/or/onion.c b/src/or/onion.c index bf72b4cab1..e455a52637 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -173,7 +173,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key, *handshake_state_out = NULL; memset(onion_skin_out, 0, ONIONSKIN_CHALLENGE_LEN); - if (!(dh = crypto_dh_new())) + if (!(dh = crypto_dh_new(DH_TYPE_CIRCUIT))) goto err; dhbytes = crypto_dh_get_bytes(dh); @@ -247,7 +247,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/ goto err; } - dh = crypto_dh_new(); + dh = crypto_dh_new(DH_TYPE_CIRCUIT); if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) { log_info(LD_GENERAL, "crypto_dh_get_public failed."); goto err; diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 95875465cb..783a66150e 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -130,7 +130,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc, cpath = rendcirc->build_state->pending_final_cpath = tor_malloc_zero(sizeof(crypt_path_t)); cpath->magic = CRYPT_PATH_MAGIC; - if (!(cpath->dh_handshake_state = crypto_dh_new())) { + if (!(cpath->dh_handshake_state = crypto_dh_new(DH_TYPE_REND))) { log_warn(LD_BUG, "Internal error: couldn't allocate DH."); goto err; } diff --git a/src/or/rendservice.c b/src/or/rendservice.c index a650eda405..33e8d3e7e9 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1151,7 +1151,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, } /* Try DH handshake... */ - dh = crypto_dh_new(); + dh = crypto_dh_new(DH_TYPE_REND); if (!dh || crypto_dh_generate_public(dh)<0) { log_warn(LD_BUG,"Internal error: couldn't build DH state " "or generate public key."); diff --git a/src/or/test.c b/src/or/test.c index 904ca69db1..b08f202c20 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -404,8 +404,8 @@ test_buffers(void) static void test_crypto_dh(void) { - crypto_dh_env_t *dh1 = crypto_dh_new(); - crypto_dh_env_t *dh2 = crypto_dh_new(); + crypto_dh_env_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT); + crypto_dh_env_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT); char p1[DH_BYTES]; char p2[DH_BYTES]; char s1[DH_BYTES]; |