From a901fe7a8d22fedac7b2567e05d47a30a7d71250 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Wed, 23 Oct 2019 04:11:55 +0100 Subject: [PATCH] pub/dh-kcdsa.c: Choose the starting point for the right result size. And try again until it's actually likely to work. --- pub/dh-kcdsa.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pub/dh-kcdsa.c b/pub/dh-kcdsa.c index e366a16e..f4d0390d 100644 --- a/pub/dh-kcdsa.c +++ b/pub/dh-kcdsa.c @@ -66,7 +66,7 @@ int dh_kcdsagen(dh_param *dp, unsigned ql, unsigned pl, rabin rb; int rc = PGEN_ABORT; int i; - mp *x = MP_NEW; + mp *x = MP_NEW, *t = MP_NEW; /* --- First trick: find %$v$% --- */ @@ -84,7 +84,10 @@ int dh_kcdsagen(dh_param *dp, unsigned ql, unsigned pl, sp[0].add = MP_ZERO; sp[0].mul = MP_ONE; sp[0].f = 0; sp[1].add = MP_ONE; sp[1].mul = x; sp[1].f = PGENF_KEEP; x = MP_NEW; ss.step = MP_TWO; ss.v = sp; ss.n = N(sp); - x = mprand(x, ql, r, 1); + do { + x = mprand(x, ql, r, 1); + t = mp_mul(t, x, sp[1].mul); + } while (mp_bits(t) != pl); dp->q = pgen("p", MP_NEW, x, ev, ec, steps, pgen_simulstep, &ss, rabin_iters(ql), pgen_simultest, &ss); @@ -117,6 +120,7 @@ fail_1: fail_0: done: mp_drop(x); + mp_drop(t); return (rc); } -- 2.11.0