our circuit symmetric key (for aes) is 127 bits, not 128 bits.

we accept that. svn:r892
2024-11-10 21:23:58 +01:00 · 2003-12-09 01:04:40 +00:00 · 2003-12-09 01:04:40 +00:00 · ea6c4f6348
commit ea6c4f6348
parent 48e42e9346
1 changed files with 7 additions and 7 deletions
--- a/src/or/onion.c
+++ b/src/or/onion.c
@ -575,13 +575,13 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,

  if (crypto_rand(16, pubkey))
    goto err;
-  
-  /* XXXX You can't just run around RSA-encrypting any bitstream: if it's
-   *      greater than the RSA key, then OpenSSL will happily encrypt,
-   *      and later decrypt to the wrong value.  So we set the first bit
-   *      of 'pubkey' to 0.  This means that our symmetric key is really only
-   *      127 bits long, but since it shouldn't be necessary to encrypt
-   *      DH public keys values in the first place, we should be fine.
+
+  /* You can't just run around RSA-encrypting any bitstream: if it's
+   * greater than the RSA key, then OpenSSL will happily encrypt,
+   * and later decrypt to the wrong value.  So we set the first bit
+   * of 'pubkey' to 0.  This means that our symmetric key is really only
+   * 127 bits long, but since it shouldn't be necessary to encrypt
+   * DH public keys values in the first place, we should be fine.
   */
  pubkey[0] &= 0x7f;