diff options
| author | tb@openbsd.org <tb@openbsd.org> | 2019-01-20 02:01:59 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-01-21 10:46:04 +1100 |
| commit | a36b0b14a12971086034d53c0c3dfbad07665abe (patch) | |
| tree | 9de6a03d0f0252501c6f2dcf015a1bab972558f3 /moduli.c | |
| parent | ec4776bb01dd8d61fddc7d2a31ab10bf3d3d829a (diff) | |
upstream: Fix BN_is_prime_* calls in SSH, the API returns -1 on
error.
Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.
ok djm, dtucker
OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8
Diffstat (limited to 'moduli.c')
| -rw-r--r-- | moduli.c | 19 |
1 files changed, 14 insertions, 5 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: moduli.c,v 1.32 2017/12/08 03:45:52 deraadt Exp $ */ | 1 | /* $OpenBSD: moduli.c,v 1.33 2019/01/20 02:01:59 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> | 3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> |
| 4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> | 4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> |
| @@ -582,7 +582,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, | |||
| 582 | u_int32_t generator_known, in_tests, in_tries, in_type, in_size; | 582 | u_int32_t generator_known, in_tests, in_tries, in_type, in_size; |
| 583 | unsigned long last_processed = 0, end_lineno; | 583 | unsigned long last_processed = 0, end_lineno; |
| 584 | time_t time_start, time_stop; | 584 | time_t time_start, time_stop; |
| 585 | int res; | 585 | int res, is_prime; |
| 586 | 586 | ||
| 587 | if (trials < TRIAL_MINIMUM) { | 587 | if (trials < TRIAL_MINIMUM) { |
| 588 | error("Minimum primality trials is %d", TRIAL_MINIMUM); | 588 | error("Minimum primality trials is %d", TRIAL_MINIMUM); |
| @@ -753,7 +753,10 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, | |||
| 753 | * that p is also prime. A single pass will weed out the | 753 | * that p is also prime. A single pass will weed out the |
| 754 | * vast majority of composite q's. | 754 | * vast majority of composite q's. |
| 755 | */ | 755 | */ |
| 756 | if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) { | 756 | is_prime = BN_is_prime_ex(q, 1, ctx, NULL); |
| 757 | if (is_prime < 0) | ||
| 758 | fatal("BN_is_prime_ex failed"); | ||
| 759 | if (is_prime == 0) { | ||
| 757 | debug("%10u: q failed first possible prime test", | 760 | debug("%10u: q failed first possible prime test", |
| 758 | count_in); | 761 | count_in); |
| 759 | continue; | 762 | continue; |
| @@ -766,14 +769,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, | |||
| 766 | * will show up on the first Rabin-Miller iteration so it | 769 | * will show up on the first Rabin-Miller iteration so it |
| 767 | * doesn't hurt to specify a high iteration count. | 770 | * doesn't hurt to specify a high iteration count. |
| 768 | */ | 771 | */ |
| 769 | if (!BN_is_prime_ex(p, trials, ctx, NULL)) { | 772 | is_prime = BN_is_prime_ex(p, trials, ctx, NULL); |
| 773 | if (is_prime < 0) | ||
| 774 | fatal("BN_is_prime_ex failed"); | ||
| 775 | if (is_prime == 0) { | ||
| 770 | debug("%10u: p is not prime", count_in); | 776 | debug("%10u: p is not prime", count_in); |
| 771 | continue; | 777 | continue; |
| 772 | } | 778 | } |
| 773 | debug("%10u: p is almost certainly prime", count_in); | 779 | debug("%10u: p is almost certainly prime", count_in); |
| 774 | 780 | ||
| 775 | /* recheck q more rigorously */ | 781 | /* recheck q more rigorously */ |
| 776 | if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) { | 782 | is_prime = BN_is_prime_ex(q, trials - 1, ctx, NULL); |
| 783 | if (is_prime < 0) | ||
| 784 | fatal("BN_is_prime_ex failed"); | ||
| 785 | if (is_prime == 0) { | ||
| 777 | debug("%10u: q is not prime", count_in); | 786 | debug("%10u: q is not prime", count_in); |
| 778 | continue; | 787 | continue; |
| 779 | } | 788 | } |