It appears that t1 and t2 are never initialized in crypto/dh/dh_gen.c unless
the generator is 2 or 5. AFAICT, this would lead to the prime generator
requiring p%t1=t2 for random t1 and t2, which would be bad news. Generator
checking for other than 2 and 5 should really be done as well; if we're
generating safe primes, it should be quite easy, if a little slower.
I can attack both of these issues.
-J
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
