mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 10:12:15 +01:00
Oops. It looks like there *was* an easy way to make openssl do what we wanted.
svn:r5370
This commit is contained in:
parent
669fdde91b
commit
887178e710
@ -1361,6 +1361,8 @@ init_dh_param(void)
|
|||||||
dh_param_g = g;
|
dh_param_g = g;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define DH_PRIVATE_KEY_BITS 320
|
||||||
|
|
||||||
/** Allocate and return a new DH object for a key exchange.
|
/** Allocate and return a new DH object for a key exchange.
|
||||||
*/
|
*/
|
||||||
crypto_dh_env_t *
|
crypto_dh_env_t *
|
||||||
@ -1382,6 +1384,8 @@ crypto_dh_new(void)
|
|||||||
if (!(res->dh->g = BN_dup(dh_param_g)))
|
if (!(res->dh->g = BN_dup(dh_param_g)))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
res->dh->length = DH_PRIVATE_KEY_BITS;
|
||||||
|
|
||||||
return res;
|
return res;
|
||||||
err:
|
err:
|
||||||
crypto_log_errors(LOG_WARN, "creating DH object");
|
crypto_log_errors(LOG_WARN, "creating DH object");
|
||||||
@ -1390,8 +1394,6 @@ crypto_dh_new(void)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define DH_PRIVATE_KEY_BITS 320
|
|
||||||
|
|
||||||
/** Return the length of the DH key in <b>dh</b>, in bytes.
|
/** Return the length of the DH key in <b>dh</b>, in bytes.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
@ -1407,22 +1409,7 @@ crypto_dh_get_bytes(crypto_dh_env_t *dh)
|
|||||||
int
|
int
|
||||||
crypto_dh_generate_public(crypto_dh_env_t *dh)
|
crypto_dh_generate_public(crypto_dh_env_t *dh)
|
||||||
{
|
{
|
||||||
int pk_bits = BN_num_bits(dh->dh->p);
|
|
||||||
if (pk_bits > DH_PRIVATE_KEY_BITS)
|
|
||||||
pk_bits = DH_PRIVATE_KEY_BITS;
|
|
||||||
again:
|
again:
|
||||||
if (!dh->dh->priv_key) {
|
|
||||||
dh->dh->priv_key = BN_new();
|
|
||||||
if (!dh->dh->priv_key) {
|
|
||||||
err(LD_MM, "Unable to allocate BN.");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* We generate the key ourselves so that we can get a 2-3x speedup by using
|
|
||||||
* a 320-bit x instead of a 1024-bit x. */
|
|
||||||
if (!BN_rand(dh->dh->priv_key, pk_bits, 0, 0)) {
|
|
||||||
crypto_log_errors(LOG_WARN, "Generating DH private key");
|
|
||||||
}
|
|
||||||
if (!DH_generate_key(dh->dh)) {
|
if (!DH_generate_key(dh->dh)) {
|
||||||
crypto_log_errors(LOG_WARN, "generating DH key");
|
crypto_log_errors(LOG_WARN, "generating DH key");
|
||||||
return -1;
|
return -1;
|
||||||
|
Loading…
Reference in New Issue
Block a user