X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/a901fe7a8d22fedac7b2567e05d47a30a7d71250..591d081bf68095a6a329240b2caf0bea32219498:/pub/dh-kcdsa.c

diff --git a/pub/dh-kcdsa.c b/pub/dh-kcdsa.c
index f4d0390d..d27bc7d8 100644
--- a/pub/dh-kcdsa.c
+++ b/pub/dh-kcdsa.c
@@ -70,6 +70,7 @@ int dh_kcdsagen(dh_param *dp, unsigned ql, unsigned pl,
 
   /* --- First trick: find %$v$% --- */
 
+retry:
   pf.step = 2;
   x = mprand(x, pl - ql - 1, r, 1);
   x = pgen("v", x, x, ev, ec,
@@ -95,6 +96,12 @@ int dh_kcdsagen(dh_param *dp, unsigned ql, unsigned pl,
   dp->p = sp[1].u.x;
   if (!dp->q)
     goto fail_1;
+  if (mp_bits(dp->q) != ql || mp_bits(dp->p) != pl) {
+    if (steps) goto fail_1;
+    MP_DROP(dp->p);
+    MP_DROP(dp->q);
+    goto retry;
+  }
 
   /* --- Third trick: find a generator --- */