use 512 bits of entropy for secret DH exponents

2 files changed, 4 insertions, 1 deletions

diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
index 4c5ffc6aa..4d978f97c 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@@ -282,6 +282,8 @@ static u_int8_t group18_modulus[] = {
 	0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
 };
 
+#define DH_EXPONENT_ENTROPY		64	/* bytes = 512 bits */
+
 typedef struct modulus_entry_t modulus_entry_t;
 
 /** 
@@ -567,7 +569,7 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
 		destroy(this);
 		return NULL;
 	}
-	rng->allocate_bytes(rng, this->p_len, &random);
+	rng->allocate_bytes(rng, DH_EXPONENT_ENTROPY_SIZE / BITS_PER_BYTE, &random);
 	rng->destroy(rng);
 	mpz_import(this->xa, random.len, 1, 1, 1, 0, random.ptr);
 	chunk_free(&random);
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index d3e54919a..217b1aa55 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -217,6 +217,7 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g
 		free(this);
 		return NULL;
 	}
+	this->dh->length = DH_EXPONENT_ENTROPY_SIZE;
 	
 	this->group = group;
 	this->computed = FALSE;