[or-cvs] our circuit symmetric key (for aes) is 127 bits, not 128 bi...
Roger Dingledine
arma at seul.org
Tue Dec 9 01:04:42 UTC 2003
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/or
Modified Files:
onion.c
Log Message:
our circuit symmetric key (for aes) is 127 bits, not 128 bits.
we accept that.
Index: onion.c
===================================================================
RCS file: /home/or/cvsroot/src/or/onion.c,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -d -r1.103 -r1.104
--- onion.c 7 Dec 2003 22:03:47 -0000 1.103
+++ onion.c 9 Dec 2003 01:04:40 -0000 1.104
@@ -575,13 +575,13 @@
if (crypto_rand(16, pubkey))
goto err;
-
- /* XXXX You can't just run around RSA-encrypting any bitstream: if it's
- * greater than the RSA key, then OpenSSL will happily encrypt,
- * and later decrypt to the wrong value. So we set the first bit
- * of 'pubkey' to 0. This means that our symmetric key is really only
- * 127 bits long, but since it shouldn't be necessary to encrypt
- * DH public keys values in the first place, we should be fine.
+
+ /* You can't just run around RSA-encrypting any bitstream: if it's
+ * greater than the RSA key, then OpenSSL will happily encrypt,
+ * and later decrypt to the wrong value. So we set the first bit
+ * of 'pubkey' to 0. This means that our symmetric key is really only
+ * 127 bits long, but since it shouldn't be necessary to encrypt
+ * DH public keys values in the first place, we should be fine.
*/
pubkey[0] &= 0x7f;
More information about the tor-commits
mailing list