Oops. It looks like there *was* an easy way to make openssl do what we wanted.

svn:r5370
2024-11-10 21:23:58 +01:00 · 2005-11-14 19:18:31 +00:00 · 2005-11-14 19:18:31 +00:00 · 887178e710
commit 887178e710
parent 669fdde91b
1 changed files with 4 additions and 17 deletions
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@ -1361,6 +1361,8 @@ init_dh_param(void)
  dh_param_g = g;
 }

+#define DH_PRIVATE_KEY_BITS 320
+
 /** Allocate and return a new DH object for a key exchange.
 */
 crypto_dh_env_t *
@ -1382,6 +1384,8 @@ crypto_dh_new(void)
  if (!(res->dh->g = BN_dup(dh_param_g)))
    goto err;

+  res->dh->length = DH_PRIVATE_KEY_BITS;
+
  return res;
 err:
  crypto_log_errors(LOG_WARN, "creating DH object");
@ -1390,8 +1394,6 @@ crypto_dh_new(void)
  return NULL;
 }

-#define DH_PRIVATE_KEY_BITS 320
-
 /** Return the length of the DH key in <b>dh</b>, in bytes.
 */
 int
@ -1407,22 +1409,7 @@ crypto_dh_get_bytes(crypto_dh_env_t *dh)
 int
 crypto_dh_generate_public(crypto_dh_env_t *dh)
 {
-  int pk_bits = BN_num_bits(dh->dh->p);
-  if (pk_bits > DH_PRIVATE_KEY_BITS)
-    pk_bits = DH_PRIVATE_KEY_BITS;
 again:
-  if (!dh->dh->priv_key) {
-    dh->dh->priv_key = BN_new();
-    if (!dh->dh->priv_key) {
-      err(LD_MM, "Unable to allocate BN.");
-      return -1;
-    }
-  }
-  /* We generate the key ourselves so that we can get a 2-3x speedup by using
-   * a 320-bit x instead of a 1024-bit x. */
-  if (!BN_rand(dh->dh->priv_key, pk_bits, 0, 0)) {
-    crypto_log_errors(LOG_WARN, "Generating DH private key");
-  }
  if (!DH_generate_key(dh->dh)) {
    crypto_log_errors(LOG_WARN, "generating DH key");
    return -1;