From 8b6f61574178b675d0e702db0b509286c0d635d3 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 13 Mar 2018 12:13:47 +0100 Subject: [PATCH] diffie-hellman: Don't set exponent length for DH groups with prime order subgroups According to RFC 5114 the exponent length for these groups should always equal the size of their prime order subgroup. This was handled correctly before the initialization was done during library initialization. Fixes: 46184b07c163 ("diffie-hellman: Explicitly initialize DH exponent sizes during initialization") --- src/libstrongswan/crypto/diffie_hellman.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 820b8d1d8f..8127340005 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -449,6 +449,12 @@ void diffie_hellman_init() { for (i = 0; i < countof(dh_params); i++) { + /* according to RFC 5114 the size of the exponent for these DH + * groups should equal the size of their prime order subgroup */ + if (dh_params[i].public.subgroup.len) + { + continue; + } dh_params[i].public.exp_len = dh_params[i].public.prime.len; } } -- 2.47.2