DH keys have an (until now) unused 'q' parameter. When creating

from DSA copy q across and if q present generate DH key in the correct range.
author: Dr. Stephen Henson <steve@openssl.org> 2011-04-07 15:01:48 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-04-07 15:01:48 +0000
commit: 31360957fb866264a82d0aa63a18a76740c32cb0 (patch)
tree: 1a717ae14dc5c81b32579fc384851274fe2a9e26 /crypto/dh
parent: d80399a3571e58a2c96da68c4fc6c95fb555902e (diff)
1 files changed, 15 insertions, 2 deletions
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 6c7a457267..50e8011c83 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -166,8 +166,21 @@ static int generate_key(DH *dh)
 
 	if (generate_new_key)
 		{
-		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
-		if (!BN_rand(priv_key, l, 0, 0)) goto err;
+		if (dh->q)
+			{
+			do
+				{
+				if (!BN_rand_range(priv_key, dh->q))
+					goto err;
+				}
+			while (BN_is_zero(priv_key) || BN_is_one(priv_key));
+			}
+		else
+			{
+			/* secret exponent length */
+			l = dh->length ? dh->length : BN_num_bits(dh->p)-1;
+			if (!BN_rand(priv_key, l, 0, 0)) goto err;
+			}
 		}
 
 	{
author	Dr. Stephen Henson <steve@openssl.org>	2011-04-07 15:01:48 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-04-07 15:01:48 +0000
commit	31360957fb866264a82d0aa63a18a76740c32cb0 (patch)
tree	1a717ae14dc5c81b32579fc384851274fe2a9e26 /crypto/dh
parent	d80399a3571e58a2c96da68c4fc6c95fb555902e (diff)