DH key generation should not use a do ... while loop,
authorBodo Möller <bodo@openssl.org>
Wed, 25 Jul 2001 17:48:51 +0000 (17:48 +0000)
committerBodo Möller <bodo@openssl.org>
Wed, 25 Jul 2001 17:48:51 +0000 (17:48 +0000)
or bogus DH parameters can be used for launching DOS attacks

crypto/dh/dh_key.c

index 718a9a481e7e8d4c1bab3e1127ad6dd052af15e4..df0300402e2dc54113b373c26f7cd2b869ed8154 100644 (file)
@@ -135,13 +135,9 @@ static int generate_key(DH *dh)
 
        l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 
 
        l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 
-       do
-               {
-               if (!BN_rand(priv_key, l, 0, 0)) goto err;
-               if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
-                       priv_key,dh->p,ctx,mont)) goto err;
-               }
-       while (BN_is_one(priv_key));
+       if (!BN_rand(priv_key, l, 0, 0)) goto err;
+       if (!ENGINE_get_DH(dh->engine)->bn_mod_exp(dh, pub_key, dh->g,
+               priv_key,dh->p,ctx,mont)) goto err;
                
        dh->pub_key=pub_key;
        dh->priv_key=priv_key;
                
        dh->pub_key=pub_key;
        dh->priv_key=priv_key;