Make the DH parameter we use for TLS match the one from Apache's mod_ssl

Our regular DH parameters that we use for circuit and rendezvous crypto are unchanged. This is yet another small step on the path of protocol fingerprinting resistance.
author: Nick Mathewson <nickm@torproject.org> 2011-01-24 16:03:14 -0500
committer: Nick Mathewson <nickm@torproject.org> 2011-01-24 16:50:11 -0500
commit: 5ed73e3807d90dd0a3a2e5542f98a0a58374a066 (patch)
tree: 7cd2519566d26786ae866f3c516e2b9a40643a6b /src/or/onion.c
parent: 13e9a2b19d4a65d9761256ac72f754c35c371b0b (diff)
download: tor-5ed73e3807d90dd0a3a2e5542f98a0a58374a066.tar
tor-5ed73e3807d90dd0a3a2e5542f98a0a58374a066.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/or/onion.c b/src/or/onion.c
index 323e0003e..9aa16d274 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -184,7 +184,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
   *handshake_state_out = NULL;
   memset(onion_skin_out, 0, ONIONSKIN_CHALLENGE_LEN);
 
-  if (!(dh = crypto_dh_new()))
+  if (!(dh = crypto_dh_new(DH_TYPE_CIRCUIT)))
     goto err;
 
   dhbytes = crypto_dh_get_bytes(dh);
@@ -258,7 +258,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
     goto err;
   }
 
-  dh = crypto_dh_new();
+  dh = crypto_dh_new(DH_TYPE_CIRCUIT);
   if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
     log_info(LD_GENERAL, "crypto_dh_get_public failed.");
     goto err;
author	Nick Mathewson <nickm@torproject.org>	2011-01-24 16:03:14 -0500
committer	Nick Mathewson <nickm@torproject.org>	2011-01-24 16:50:11 -0500
commit	5ed73e3807d90dd0a3a2e5542f98a0a58374a066 (patch)
tree	7cd2519566d26786ae866f3c516e2b9a40643a6b /src/or/onion.c
parent	13e9a2b19d4a65d9761256ac72f754c35c371b0b (diff)
download	tor-5ed73e3807d90dd0a3a2e5542f98a0a58374a066.tar tor-5ed73e3807d90dd0a3a2e5542f98a0a58374a066.tar.gz