Skip to content

Commit

Permalink
[refactor] improve performance of Diffie-Hellman key exchange (#272)
Browse files Browse the repository at this point in the history
Improve performance of Diffie-Hellman key exchange by generating a cryptographically strong random number instead of a probable prime. RFC 4419 does not require or suggest x (private key) be prime.
  • Loading branch information
steerlink authored Jan 16, 2023
1 parent 02fb2ff commit 47b5d34
Showing 1 changed file with 1 addition and 5 deletions.
6 changes: 1 addition & 5 deletions src/main/java/org/jruby/ext/openssl/PKeyDH.java
Original file line number Diff line number Diff line change
Expand Up @@ -202,9 +202,6 @@ public static BigInteger generateX(BigInteger p, int limit) {
BigInteger x;
SecureRandom secureRandom = new SecureRandom();
// adapting algorithm from org.bouncycastle.crypto.generators.DHKeyGeneratorHelper,
// which seems a little stronger (?) than OpenSSL's (OSSL just generates a random,
// while BC generates a random potential prime [for limit > 0], though it's not
// subject to Miller-Rabin [certainty = 0], but is subject to other constraints)
// see also [ossl]/crypto/dh/dh_key.c #generate_key
if (limit == 0) {
final BigInteger pSub2 = p.subtract(TWO);
Expand All @@ -213,8 +210,7 @@ public static BigInteger generateX(BigInteger p, int limit) {
} while (x.equals(BigInteger.ZERO));
} else {
do {
// generate potential prime, though with 0 certainty (no Miller-Rabin tests)
x = new BigInteger(limit, 0, secureRandom);
x = new BigInteger(limit, secureRandom);
} while (x.equals(BigInteger.ZERO));
}
return x;
Expand Down

0 comments on commit 47b5d34

Please sign in to comment.