From 3118c8826bbd954187931001902c4430de77e526 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 16 Mar 2018 15:55:45 -0600
Subject: [PATCH] check z against 1 in wc_DhAgree()

---
 wolfcrypt/src/dh.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index 5bb56c11f..928dd4266 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -1081,6 +1081,10 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
     if (ret == 0 && mp_exptmod(&y, &x, &key->p, &z) != MP_OKAY)
         ret = MP_EXPTMOD_E;
 
+    /* make sure z is not one (SP800-56A, 5.7.1.1) */
+    if (ret == 0 && (mp_cmp_d(&z, 1) == MP_EQ))
+        ret = MP_VAL;
+
     if (ret == 0 && mp_to_unsigned_bin(&z, agree) != MP_OKAY)
         ret = MP_TO_E;