Skip to content

Commit 47b5d34

Browse files
authored
[refactor] improve performance of Diffie-Hellman key exchange (#272)
Improve performance of Diffie-Hellman key exchange by generating a cryptographically strong random number instead of a probable prime. RFC 4419 does not require or suggest x (private key) be prime.
1 parent 02fb2ff commit 47b5d34

File tree

1 file changed

+1
-5
lines changed

1 file changed

+1
-5
lines changed

src/main/java/org/jruby/ext/openssl/PKeyDH.java

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -202,9 +202,6 @@ public static BigInteger generateX(BigInteger p, int limit) {
202202
BigInteger x;
203203
SecureRandom secureRandom = new SecureRandom();
204204
// adapting algorithm from org.bouncycastle.crypto.generators.DHKeyGeneratorHelper,
205-
// which seems a little stronger (?) than OpenSSL's (OSSL just generates a random,
206-
// while BC generates a random potential prime [for limit > 0], though it's not
207-
// subject to Miller-Rabin [certainty = 0], but is subject to other constraints)
208205
// see also [ossl]/crypto/dh/dh_key.c #generate_key
209206
if (limit == 0) {
210207
final BigInteger pSub2 = p.subtract(TWO);
@@ -213,8 +210,7 @@ public static BigInteger generateX(BigInteger p, int limit) {
213210
} while (x.equals(BigInteger.ZERO));
214211
} else {
215212
do {
216-
// generate potential prime, though with 0 certainty (no Miller-Rabin tests)
217-
x = new BigInteger(limit, 0, secureRandom);
213+
x = new BigInteger(limit, secureRandom);
218214
} while (x.equals(BigInteger.ZERO));
219215
}
220216
return x;

0 commit comments

Comments
 (0)