X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=crypto%2Fdh%2Fdh_key.c;h=670727798e8c6b18dd4979f10f2769405366286a;hb=de3333bae446a185180287382b8abf25c4bac228;hp=7a0ace72f0d5f85755c3534489c09b30495fa8dc;hpb=12c2fe8d53fd43559ea862c9babfc2abf3c65299;p=openssl.git

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 7a0ace72f0..670727798e 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -101,17 +101,20 @@ const DH_METHOD *DH_OpenSSL(void)
 static int generate_key(DH *dh)
 	{
 	int ok=0;
-	BN_CTX ctx;
+	int generate_new_key=0;
+	unsigned l;
+	BN_CTX *ctx;
 	BN_MONT_CTX *mont;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
 
-	BN_CTX_init(&ctx);
+	ctx = BN_CTX_new();
+	if (ctx == NULL) goto err;
 
 	if (dh->priv_key == NULL)
 		{
 		priv_key=BN_new();
 		if (priv_key == NULL) goto err;
-		if (!BN_rand_range(priv_key, dh->p)) goto err;
+		generate_new_key=1;
 		}
 	else
 		priv_key=dh->priv_key;
@@ -128,13 +131,17 @@ static int generate_key(DH *dh)
 		{
 		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
 			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-				dh->p,&ctx)) goto err;
+				dh->p,ctx)) goto err;
 		}
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
 
+	if (generate_new_key)
+		{
+		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
+		if (!BN_rand(priv_key, l, 0, 0)) goto err;
+		}
 	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
-				priv_key,dh->p,&ctx,mont))
-		goto err;
+		priv_key,dh->p,ctx,mont)) goto err;
 		
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
@@ -145,20 +152,21 @@ err:
 
 	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
 	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
-	BN_CTX_free(&ctx);
+	BN_CTX_free(ctx);
 	return(ok);
 	}
 
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	{
-	BN_CTX ctx;
+	BN_CTX *ctx;
 	BN_MONT_CTX *mont;
 	BIGNUM *tmp;
 	int ret= -1;
 
-	BN_CTX_init(&ctx);
-	BN_CTX_start(&ctx);
-	tmp = BN_CTX_get(&ctx);
+	ctx = BN_CTX_new();
+	if (ctx == NULL) goto err;
+	BN_CTX_start(ctx);
+	tmp = BN_CTX_get(ctx);
 	
 	if (dh->priv_key == NULL)
 		{
@@ -169,12 +177,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 		{
 		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
 			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-				dh->p,&ctx)) goto err;
+				dh->p,ctx)) goto err;
 		}
 
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
 	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, tmp, pub_key,
-				dh->priv_key,dh->p,&ctx,mont))
+				dh->priv_key,dh->p,ctx,mont))
 		{
 		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
 		goto err;
@@ -182,8 +190,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 
 	ret=BN_bn2bin(tmp,key);
 err:
-	BN_CTX_end(&ctx);
-	BN_CTX_free(&ctx);
+	BN_CTX_end(ctx);
+	BN_CTX_free(ctx);
 	return(ret);
 	}