diff options
| author | Roger Dingledine <arma@torproject.org> | 2003-12-09 01:04:40 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2003-12-09 01:04:40 +0000 |
| commit | ea6c4f6348fba6b365f3fb479f2953ad4f30d393 (patch) | |
| tree | d358a1c6906e772b9bccebc514582fce2b49c9f8 /src | |
| parent | 48e42e9346209271f02fa6027919e261491340a4 (diff) | |
| download | tor-ea6c4f6348fba6b365f3fb479f2953ad4f30d393.tar tor-ea6c4f6348fba6b365f3fb479f2953ad4f30d393.tar.gz | |
our circuit symmetric key (for aes) is 127 bits, not 128 bits.
we accept that.
svn:r892
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/onion.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/or/onion.c b/src/or/onion.c index 51dd1d046..ca4f678f8 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -575,13 +575,13 @@ onion_skin_create(crypto_pk_env_t *dest_router_key, if (crypto_rand(16, pubkey)) goto err; - - /* XXXX You can't just run around RSA-encrypting any bitstream: if it's - * greater than the RSA key, then OpenSSL will happily encrypt, - * and later decrypt to the wrong value. So we set the first bit - * of 'pubkey' to 0. This means that our symmetric key is really only - * 127 bits long, but since it shouldn't be necessary to encrypt - * DH public keys values in the first place, we should be fine. + + /* You can't just run around RSA-encrypting any bitstream: if it's + * greater than the RSA key, then OpenSSL will happily encrypt, + * and later decrypt to the wrong value. So we set the first bit + * of 'pubkey' to 0. This means that our symmetric key is really only + * 127 bits long, but since it shouldn't be necessary to encrypt + * DH public keys values in the first place, we should be fine. */ pubkey[0] &= 0x7f; |