diff --git a/sshdh.c b/sshdh.c index 84035c0a..dabed52a 100644 --- a/sshdh.c +++ b/sshdh.c @@ -68,33 +68,14 @@ Bignum dh_create_e(void) { x = newbn(Q[0]); - tryagain: - - /* - * Create a potential x, by ANDing a string of random bytes - * with Qmask. - */ - for (i = 1; i <= x[0]; i++) - x[i] = ((random_byte() << 8) + random_byte()) & Qmask[i]; - - /* - * If x <= 1, go round again. - */ - for (i = 2; i <= x[0]; i++) - if (x[i] != 0) - break; - if (i > x[0] && x[1] <= 1) - goto tryagain; - - /* - * If x >= q, go round again. - */ - for (i = x[0]; i > 0; i--) { - if (x[i] > Q[i]) - goto tryagain; - if (x[i] < Q[i]) - break; - } + do { + /* + * Create a potential x, by ANDing a string of random bytes + * with Qmask. + */ + for (i = 1; i <= x[0]; i++) + x[i] = ((random_byte() << 8) + random_byte()) & Qmask[i]; + } while (bignum_cmp(x, One) <= 0 || bignum_cmp(x, Q) >= 0); /* * Done. Now compute e = g^x mod p. @@ -108,7 +89,5 @@ Bignum dh_create_e(void) { * DH stage 2: given a number f, compute K = f^x mod p. */ Bignum dh_find_K(Bignum f) { - Bignum K = newbn(P[0]); - K = modpow(f, x, P); - return K; + return modpow(f, x, P); }