From 0a5b60db2066e4e62d2e9da387080c80201a08b4 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 5 Dec 2014 13:48:51 +0100 Subject: [PATCH] diffie-hellman: Handle dh_exponent_ansi_x9_42 as a boolean setting While it was always documented as boolean setting, the option is currently handled as integer value, for which yes/no values do not work. Instead the default of TRUE is used for a no value. The option has been moved a lot during the last years, and in some locations was handled as bool, in some as integer. In the latest codebase it congruently used integer, which is actually not what is documented and used in testing. Fixes #781. --- src/libstrongswan/crypto/diffie_hellman.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 87c9b21f8d..bada1c5299 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -439,7 +439,7 @@ void diffie_hellman_init() { int i; - if (lib->settings->get_int(lib->settings, + if (lib->settings->get_bool(lib->settings, "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns)) { for (i = 0; i < countof(dh_params); i++) @@ -463,7 +463,7 @@ diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group) if (!dh_params[i].public.exp_len) { if (!dh_params[i].public.subgroup.len && - lib->settings->get_int(lib->settings, + lib->settings->get_bool(lib->settings, "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns)) { dh_params[i].public.exp_len = dh_params[i].public.prime.len; -- 2.47.2