From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 13 Mar 2018 11:13:47 +0000 (+0100)
Subject: diffie-hellman: Don't set exponent length for DH groups with prime order subgroups
X-Git-Tag: 5.6.3dr1~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b6f61574178b675d0e702db0b509286c0d635d3;p=thirdparty%2Fstrongswan.git

diffie-hellman: Don't set exponent length for DH groups with prime order subgroups

According to RFC 5114 the exponent length for these groups should always equal
the size of their prime order subgroup.
This was handled correctly before the initialization was done during
library initialization.

Fixes: 46184b07c163 ("diffie-hellman: Explicitly initialize DH exponent sizes during initialization")
---

diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 820b8d1d8f..8127340005 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -449,6 +449,12 @@ void diffie_hellman_init()
 	{
 		for (i = 0; i < countof(dh_params); i++)
 		{
+			/* according to RFC 5114 the size of the exponent for these DH
+			 * groups should equal the size of their prime order subgroup */
+			if (dh_params[i].public.subgroup.len)
+			{
+				continue;
+			}
 			dh_params[i].public.exp_len = dh_params[i].public.prime.len;
 		}
 	}