From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 6 May 2025 22:40:39 +0000 (-0400)
Subject: Define a DH2048_KEY_LEN.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82fa55dbb1ec417655225ab25578c57e6341fe39;p=thirdparty%2Ftor.git

Define a DH2048_KEY_LEN.
---

diff --git a/src/lib/crypt_ops/crypto_dh_nss.c b/src/lib/crypt_ops/crypto_dh_nss.c
index a0378077d6..99d49e96e4 100644
--- a/src/lib/crypt_ops/crypto_dh_nss.c
+++ b/src/lib/crypt_ops/crypto_dh_nss.c
@@ -25,7 +25,7 @@ ENABLE_GCC_WARNING("-Wstrict-prototypes")
 
 static int dh_initialized = 0;
 static SECKEYDHParams tls_dh_param, circuit_dh_param;
-static unsigned char tls_dh_prime_data[DH1024_KEY_LEN * 2];
+static unsigned char tls_dh_prime_data[DH2048_KEY_LEN];
 static unsigned char circuit_dh_prime_data[DH1024_KEY_LEN];
 static unsigned char dh_generator_data[1];
 
@@ -39,7 +39,7 @@ crypto_dh_init_nss(void)
   r = base16_decode((char*)tls_dh_prime_data,
                     sizeof(tls_dh_prime_data),
                     TLS_DH_PRIME, strlen(TLS_DH_PRIME));
-  tor_assert(r == DH1024_KEY_LEN * 2);
+  tor_assert(r == DH2048_KEY_LEN);
   r = base16_decode((char*)circuit_dh_prime_data,
                     sizeof(circuit_dh_prime_data),
                     OAKLEY_PRIME_2, strlen(OAKLEY_PRIME_2));
@@ -47,7 +47,7 @@ crypto_dh_init_nss(void)
   dh_generator_data[0] = DH_GENERATOR;
 
   tls_dh_param.prime.data = tls_dh_prime_data;
-  tls_dh_param.prime.len = DH1024_KEY_LEN * 2;
+  tls_dh_param.prime.len = DH2048_KEY_LEN;
   tls_dh_param.base.data = dh_generator_data;
   tls_dh_param.base.len = 1;
 
diff --git a/src/lib/defs/dh_sizes.h b/src/lib/defs/dh_sizes.h
index 4fc85cf3bd..46b3f5ea3a 100644
--- a/src/lib/defs/dh_sizes.h
+++ b/src/lib/defs/dh_sizes.h
@@ -16,7 +16,10 @@
 #ifndef TOR_DH_SIZES_H
 #define TOR_DH_SIZES_H
 
-/** Length of our legacy DH keys. */
+/** Length of our legacy DH keys, in bytes. */
 #define DH1024_KEY_LEN (1024/8)
 
+/** Length of our current TLS DH keys, in bytes. */
+#define DH2048_KEY_LEN (2048/8)
+
 #endif /* !defined(TOR_DH_SIZES_H) */
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index 20556be25d..a421f6533e 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -43,10 +43,10 @@ test_crypto_dh(void *arg)
   crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
   crypto_dh_t *dh1_dup = NULL;
   crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
-  char p1[DH1024_KEY_LEN * 2];
-  char p2[DH1024_KEY_LEN * 2];
-  char s1[DH1024_KEY_LEN * 2];
-  char s2[DH1024_KEY_LEN * 2];
+  char p1[DH2048_KEY_LEN];
+  char p2[DH2048_KEY_LEN];
+  char s1[DH2048_KEY_LEN];
+  char s2[DH2048_KEY_LEN];
   ssize_t s1len, s2len;
 #ifdef ENABLE_OPENSSL
   crypto_dh_t *dh3 = NULL;