(dh_limlee): Bug fix. Return @dp->q@ as the subgroup order, which isn't

necessarily the first factor.

diff --git a/dh-limlee.c b/dh-limlee.c
index 422cf96..2027617 100644 (file)
--- a/dh-limlee.c
+++ b/dh-limlee.c
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
- * $Id: dh-limlee.c,v 1.1 2000/07/29 10:01:31 mdw Exp $
+ * $Id: dh-limlee.c,v 1.2 2000/07/29 17:02:00 mdw Exp $
  *
  * Generate Diffie-Hellman parameters from Lim-Lee primes
  *
@@ -30,6 +30,10 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: dh-limlee.c,v $
+ * Revision 1.2  2000/07/29 17:02:00  mdw
+ * (dh_limlee): Bug fix.  Return @dp->q@ as the subgroup order, which isn't
+ * necessarily the first factor.
+ *
  * Revision 1.1  2000/07/29 10:01:31  mdw
  * Diffie-Hellman parameter generation based on Lim-Lee primes.
  *
@@ -90,18 +94,19 @@ int dh_limlee(dh_param *dp, unsigned ql, unsigned pl,
   if ((dp->p = limlee("p", MP_NEW, MP_NEW, ql, pl,
                      r, steps, oev, oec, iev, iec, &nff, &ff)) == 0)
     return (PGEN_FAIL);
-  dp->q = mp_copy(ff[0]);
 
   /* --- Now find a primitive element --- */
 
   mpmont_create(&pc.mm, dp->p);
   pp = mp_sub(MP_NEW, dp->p, MP_ONE);
   if (flags & DH_SUBGROUP) {
+    dp->q = mp_copy(ff[0]);
     pc.exp = MP_NEW;
     mp_div(&pc.exp, 0, pp, dp->q);
     pc.n = 0;
     pc.f = 0;
   } else {
+    dp->q = mp_lsr(MP_NEW, dp->p, 1);
     pc.exp = MP_TWO;
     pc.n = nff;
     pc.f = xmalloc(nff * sizeof(mp *));