DH keys have an (until now) unused 'q' parameter. When creating

[openssl.git] / crypto / dh / dh_key.c

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 6c7a45726706de542aa6117a0011b82e9b8f798c..50e8011c833a4afbbd79da434fa2e76f35e0cfa9 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -166,8 +166,21 @@ static int generate_key(DH *dh)
 
        if (generate_new_key)
                {
-               l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
-               if (!BN_rand(priv_key, l, 0, 0)) goto err;
+               if (dh->q)
+                       {
+                       do
+                               {
+                               if (!BN_rand_range(priv_key, dh->q))
+                                       goto err;
+                               }
+                       while (BN_is_zero(priv_key) || BN_is_one(priv_key));
+                       }
+               else
+                       {
+                       /* secret exponent length */
+                       l = dh->length ? dh->length : BN_num_bits(dh->p)-1;
+                       if (!BN_rand(priv_key, l, 0, 0)) goto err;
+                       }
                }
 
        {