DH key generation should not use a do ... while loop,

or bogus DH parameters can be used for launching DOS attacks

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index e9253eed80f8be244675bdf72f4fbf31640bc079..ebb840f267b10089182419eb300f5d9795d8c856 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -132,13 +132,8 @@ static int generate_key(DH *dh)
 
        l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 
-       do
-               {
-               if (!BN_rand(priv_key, l, 0, 0)) goto err;
-               if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
-                       goto err;
-               }
-       while (BN_is_one(priv_key));
+       if (!BN_rand(priv_key, l, 0, 0)) goto err;
+       if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
                
        dh->pub_key=pub_key;
        dh->priv_key=priv_key;