From 5ed73e3807d90dd0a3a2e5542f98a0a58374a066 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 24 Jan 2011 16:03:14 -0500
Subject: Make the DH parameter we use for TLS match the one from Apache's
 mod_ssl

Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged.  This is yet another small step on the path of
protocol fingerprinting resistance.
---
 src/or/onion.c       | 4 ++--
 src/or/rendclient.c  | 2 +-
 src/or/rendservice.c | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/or')

diff --git a/src/or/onion.c b/src/or/onion.c
index 323e0003e..9aa16d274 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -184,7 +184,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
   *handshake_state_out = NULL;
   memset(onion_skin_out, 0, ONIONSKIN_CHALLENGE_LEN);
 
-  if (!(dh = crypto_dh_new()))
+  if (!(dh = crypto_dh_new(DH_TYPE_CIRCUIT)))
     goto err;
 
   dhbytes = crypto_dh_get_bytes(dh);
@@ -258,7 +258,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
     goto err;
   }
 
-  dh = crypto_dh_new();
+  dh = crypto_dh_new(DH_TYPE_CIRCUIT);
   if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
     log_info(LD_GENERAL, "crypto_dh_get_public failed.");
     goto err;
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 1306fe071..ba5987c69 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -121,7 +121,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
     cpath = rendcirc->build_state->pending_final_cpath =
       tor_malloc_zero(sizeof(crypt_path_t));
     cpath->magic = CRYPT_PATH_MAGIC;
-    if (!(cpath->dh_handshake_state = crypto_dh_new())) {
+    if (!(cpath->dh_handshake_state = crypto_dh_new(DH_TYPE_REND))) {
       log_warn(LD_BUG, "Internal error: couldn't allocate DH.");
       goto err;
     }
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index f1480e0b7..45039822f 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1100,7 +1100,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   }
 
   /* Try DH handshake... */
-  dh = crypto_dh_new();
+  dh = crypto_dh_new(DH_TYPE_REND);
   if (!dh || crypto_dh_generate_public(dh)<0) {
     log_warn(LD_BUG,"Internal error: couldn't build DH state "
              "or generate public key.");
-- 
cgit v1.2.3