static int dh_initialized = 0;
static SECKEYDHParams tls_dh_param, circuit_dh_param;
-static unsigned char tls_dh_prime_data[DH1024_KEY_LEN * 2];
+static unsigned char tls_dh_prime_data[DH2048_KEY_LEN];
static unsigned char circuit_dh_prime_data[DH1024_KEY_LEN];
static unsigned char dh_generator_data[1];
r = base16_decode((char*)tls_dh_prime_data,
sizeof(tls_dh_prime_data),
TLS_DH_PRIME, strlen(TLS_DH_PRIME));
- tor_assert(r == DH1024_KEY_LEN * 2);
+ tor_assert(r == DH2048_KEY_LEN);
r = base16_decode((char*)circuit_dh_prime_data,
sizeof(circuit_dh_prime_data),
OAKLEY_PRIME_2, strlen(OAKLEY_PRIME_2));
dh_generator_data[0] = DH_GENERATOR;
tls_dh_param.prime.data = tls_dh_prime_data;
- tls_dh_param.prime.len = DH1024_KEY_LEN * 2;
+ tls_dh_param.prime.len = DH2048_KEY_LEN;
tls_dh_param.base.data = dh_generator_data;
tls_dh_param.base.len = 1;
#ifndef TOR_DH_SIZES_H
#define TOR_DH_SIZES_H
-/** Length of our legacy DH keys. */
+/** Length of our legacy DH keys, in bytes. */
#define DH1024_KEY_LEN (1024/8)
+/** Length of our current TLS DH keys, in bytes. */
+#define DH2048_KEY_LEN (2048/8)
+
#endif /* !defined(TOR_DH_SIZES_H) */
crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
crypto_dh_t *dh1_dup = NULL;
crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
- char p1[DH1024_KEY_LEN * 2];
- char p2[DH1024_KEY_LEN * 2];
- char s1[DH1024_KEY_LEN * 2];
- char s2[DH1024_KEY_LEN * 2];
+ char p1[DH2048_KEY_LEN];
+ char p2[DH2048_KEY_LEN];
+ char s1[DH2048_KEY_LEN];
+ char s2[DH2048_KEY_LEN];
ssize_t s1len, s2len;
#ifdef ENABLE_OPENSSL
crypto_dh_t *dh3 = NULL;
projects / thirdparty / tor.git / commitdiff
