DH keys have an (until now) unused 'q' parameter. When creating
authorDr. Stephen Henson <steve@openssl.org>
Thu, 7 Apr 2011 15:01:48 +0000 (15:01 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 7 Apr 2011 15:01:48 +0000 (15:01 +0000)
from DSA copy q across and if q present generate DH key in the
correct range.

crypto/dh/dh_key.c
crypto/dsa/dsa_lib.c

index 6c7a45726706de542aa6117a0011b82e9b8f798c..50e8011c833a4afbbd79da434fa2e76f35e0cfa9 100644 (file)
@@ -166,8 +166,21 @@ static int generate_key(DH *dh)
 
        if (generate_new_key)
                {
-               l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
-               if (!BN_rand(priv_key, l, 0, 0)) goto err;
+               if (dh->q)
+                       {
+                       do
+                               {
+                               if (!BN_rand_range(priv_key, dh->q))
+                                       goto err;
+                               }
+                       while (BN_is_zero(priv_key) || BN_is_one(priv_key));
+                       }
+               else
+                       {
+                       /* secret exponent length */
+                       l = dh->length ? dh->length : BN_num_bits(dh->p)-1;
+                       if (!BN_rand(priv_key, l, 0, 0)) goto err;
+                       }
                }
 
        {
index e9b75902dbc25e21ab9565855c33ccdadbc1a272..12f83ed8482ec0f732d17c97f7f3a4ff3daa3769 100644 (file)
@@ -276,7 +276,8 @@ void *DSA_get_ex_data(DSA *d, int idx)
 DH *DSA_dup_DH(const DSA *r)
        {
        /* DSA has p, q, g, optional pub_key, optional priv_key.
-        * DH has p, optional length, g, optional pub_key, optional priv_key.
+        * DH has p, optional length, g, optional pub_key, optional priv_key,
+        * optional q.
         */ 
 
        DH *ret = NULL;
@@ -290,7 +291,11 @@ DH *DSA_dup_DH(const DSA *r)
                if ((ret->p = BN_dup(r->p)) == NULL)
                        goto err;
        if (r->q != NULL)
+               {
                ret->length = BN_num_bits(r->q);
+               if ((ret->q = BN_dup(r->q)) == NULL)
+                       goto err;
+               }
        if (r->g != NULL)
                if ((ret->g = BN_dup(r->g)) == NULL)
                        goto err;