ssh: adjust private key length for DH key generation

u3s · u3s · commit 93bb4b9071cc · 2025-11-17T19:21:19.000+01:00
- if calculated private key length is equal or exceeds number of bits
in P (PBits)
- use PBits - 1
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
@@ -2188,7 +2188,8 @@ dh_group('diffie-hellman-group18-sha512') -> ?dh_group18.
 parallell_gen_key(Ssh = #ssh{keyex_key = {x, {G, P}},
                              algorithms = Algs}) ->
     Sz = dh_bits(Algs),
-    {Public, Private} = generate_key(dh, [P,G,2*Sz]),
+    BitSize = fun(N) -> bit_size(binary:encode_unsigned(N)) end,
+    {Public, Private} = generate_key(dh, [P,G,min(BitSize(P)-1, 2*Sz)]),
     Ssh#ssh{keyex_key = {{Private, Public}, {G, P}}}.
 
 
