From 746142d672255caf1c04e37d1da4717693c28e12 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Wed, 25 Jul 2001 17:48:40 +0000
Subject: [PATCH] DH key generation should not use a do ... while loop, or
 bogus DH parameters can be used for launching DOS attacks

---
 crypto/dh/dh_key.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index e9253eed80..ebb840f267 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -132,13 +132,8 @@ static int generate_key(DH *dh)
 
 	l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 
-	do
-		{
-		if (!BN_rand(priv_key, l, 0, 0)) goto err;
-		if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
-			goto err;
- 		}
-	while (BN_is_one(priv_key));
+	if (!BN_rand(priv_key, l, 0, 0)) goto err;
+	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
 		
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
-- 
2.25.1