diff options
Diffstat (limited to 'kex.c')
| -rw-r--r-- | kex.c | 26 |
1 files changed, 22 insertions, 4 deletions
@@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.21 2001/02/11 12:59:24 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.22 2001/03/05 17:17:20 markus Exp $"); #include <openssl/crypto.h> #include <openssl/bio.h> @@ -138,15 +138,33 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) } void -dh_gen_key(DH *dh) +dh_gen_key(DH *dh, int need) { - int tries = 0; + int i, bits_set = 0, tries = 0; + if (dh->p == NULL) + fatal("dh_gen_key: dh->p == NULL"); + if (2*need >= BN_num_bits(dh->p)) + fatal("dh_gen_key: group too small: %d (2*need %d)", + BN_num_bits(dh->p), 2*need); do { + if (dh->priv_key != NULL) + BN_free(dh->priv_key); + dh->priv_key = BN_new(); + if (dh->priv_key == NULL) + fatal("dh_gen_key: BN_new failed"); + /* generate a 2*need bits random private exponent */ + if (!BN_rand(dh->priv_key, 2*need, 0, 0)) + fatal("dh_gen_key: BN_rand failed"); if (DH_generate_key(dh) == 0) fatal("DH_generate_key"); + for (i = 0; i <= BN_num_bits(dh->priv_key); i++) + if (BN_is_bit_set(dh->priv_key, i)) + bits_set++; + debug("dh_gen_key: priv key bits set: %d/%d", + bits_set, BN_num_bits(dh->priv_key)); if (tries++ > 10) - fatal("dh_new_group1: too many bad keys: giving up"); + fatal("dh_gen_key: too many bad keys: giving up"); } while (!dh_pub_is_valid(dh, dh->pub_key)); } |