*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.21 2001/02/11 12:59:24 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.22 2001/03/05 17:17:20 markus Exp $");
#include <openssl/crypto.h>
#include <openssl/bio.h>
}
void
-dh_gen_key(DH *dh)
+dh_gen_key(DH *dh, int need)
{
- int tries = 0;
+ int i, bits_set = 0, tries = 0;
+ if (dh->p == NULL)
+ fatal("dh_gen_key: dh->p == NULL");
+ if (2*need >= BN_num_bits(dh->p))
+ fatal("dh_gen_key: group too small: %d (2*need %d)",
+ BN_num_bits(dh->p), 2*need);
do {
+ if (dh->priv_key != NULL)
+ BN_free(dh->priv_key);
+ dh->priv_key = BN_new();
+ if (dh->priv_key == NULL)
+ fatal("dh_gen_key: BN_new failed");
+ /* generate a 2*need bits random private exponent */
+ if (!BN_rand(dh->priv_key, 2*need, 0, 0))
+ fatal("dh_gen_key: BN_rand failed");
if (DH_generate_key(dh) == 0)
fatal("DH_generate_key");
+ for (i = 0; i <= BN_num_bits(dh->priv_key); i++)
+ if (BN_is_bit_set(dh->priv_key, i))
+ bits_set++;
+ debug("dh_gen_key: priv key bits set: %d/%d",
+ bits_set, BN_num_bits(dh->priv_key));
if (tries++ > 10)
- fatal("dh_new_group1: too many bad keys: giving up");
+ fatal("dh_gen_key: too many bad keys: giving up");
} while (!dh_pub_is_valid(dh, dh->pub_key));
}