ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

diffie-hellman: Don't set exponent length for DH groups with prime order subgroups 

According to RFC 5114 the exponent length for these groups should always equal
the size of their prime order subgroup.
This was handled correctly before the initialization was done during
library initialization.

Fixes: 46184b07c1 ("diffie-hellman: Explicitly initialize DH exponent sizes during initialization")
This commit is contained in:
Tobias Brunner 2018-03-13 12:13:47 +01:00
parent ee019ab321
commit 8b6f615741
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libstrongswan/crypto/diffie_hellman.c
View File

@ -449,6 +449,12 @@ void diffie_hellman_init()
{
for (i = 0; i < countof(dh_params); i++)
{
/* according to RFC 5114 the size of the exponent for these DH
* groups should equal the size of their prime order subgroup */
if (dh_params[i].public.subgroup.len)
{
continue;
}
dh_params[i].public.exp_len = dh_params[i].public.prime.len;
}
}