DH key generation should not use a do ... while loop,

or bogus DH parameters can be used for launching DOS attacks
author: Bodo Möller <bodo@openssl.org> 2001-07-25 19:48:51 +0200
committer: Bodo Möller <bodo@openssl.org> 2001-07-25 19:48:51 +0200
commit: e5cb2603652b868225adc1db3db531a07c13b562 (patch)
tree: 9c6d606adb209ab1dba5239751593c59f3dd1dd4 /crypto/dh/dh_key.c
parent: Don't preserve existing keys in DH_generate_key. (diff)
download: openssl-e5cb2603652b868225adc1db3db531a07c13b562.tar.xz
openssl-e5cb2603652b868225adc1db3db531a07c13b562.zip
1 files changed, 3 insertions, 7 deletions
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 718a9a481e..df0300402e 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -135,13 +135,9 @@ static int generate_key(DH *dh)
 
 	l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 
-	do
-		{
-		if (!BN_rand(priv_key, l, 0, 0)) goto err;
-		if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
-			priv_key,dh->p,ctx,mont)) goto err;
-		}
-	while (BN_is_one(priv_key));
+	if (!BN_rand(priv_key, l, 0, 0)) goto err;
+	if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
+		priv_key,dh->p,ctx,mont)) goto err;
 		
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
author	Bodo Möller <bodo@openssl.org>	2001-07-25 19:48:51 +0200
committer	Bodo Möller <bodo@openssl.org>	2001-07-25 19:48:51 +0200
commit	e5cb2603652b868225adc1db3db531a07c13b562 (patch)
tree	9c6d606adb209ab1dba5239751593c59f3dd1dd4 /crypto/dh/dh_key.c
parent	Don't preserve existing keys in DH_generate_key. (diff)
download	openssl-e5cb2603652b868225adc1db3db531a07c13b562.tar.xz openssl-e5cb2603652b868225adc1db3db531a07c13b562.zip