Fix BN_is_prime_* calls in libcrypto, the API returns -1 on error.

From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, jsing
author: tb <> 2019-01-20 01:56:59 +0000
committer: tb <> 2019-01-20 01:56:59 +0000
commit: d5dab9ba75c9c829a61151d8cec3e00e899ad4b6 (patch)
tree: bfc6c5227373c64986b6ae8eff3cee860afaca04 /src/lib/libcrypto/dh/dh_check.c
parent: 671ab30bb97f4c2f8f2e37b40cd8456b45836c74 (diff)
download: openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.tar.gz
openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.tar.bz2
openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.zip
1 files changed, 12 insertions, 5 deletions
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index a6010f0a6d..a8227d31ca 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_check.c,v 1.16 2016/07/05 02:54:35 bcook Exp $ */
+/* $OpenBSD: dh_check.c,v 1.17 2019/01/20 01:56:59 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -74,7 +74,7 @@
 int
 DH_check(const DH *dh, int *ret)
 {
-        int ok = 0;
+        int is_prime, ok = 0;
        BN_CTX *ctx = NULL;
        BN_ULONG l;
        BIGNUM *q = NULL;
@@ -102,16 +102,23 @@ DH_check(const DH *dh, int *ret)
        } else
                *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
-        if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
+        is_prime = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL);
+        if (is_prime < 0)
+                goto err;
+        if (is_prime == 0)
                *ret |= DH_CHECK_P_NOT_PRIME;
        else {
                if (!BN_rshift1(q, dh->p))
                        goto err;
-                if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL))
+                is_prime = BN_is_prime_ex(q, BN_prime_checks, ctx, NULL);
+                if (is_prime < 0)
+                        goto err;
+                if (is_prime == 0)
                        *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
        }
        ok = 1;
-err:
+ err:
        BN_CTX_free(ctx);
        BN_free(q);
        return ok;
author	tb <>	2019-01-20 01:56:59 +0000
committer	tb <>	2019-01-20 01:56:59 +0000
commit	d5dab9ba75c9c829a61151d8cec3e00e899ad4b6 (patch)
tree	bfc6c5227373c64986b6ae8eff3cee860afaca04 /src/lib/libcrypto/dh/dh_check.c
parent	671ab30bb97f4c2f8f2e37b40cd8456b45836c74 (diff)
download	openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.tar.gz openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.tar.bz2 openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.zip

diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c index a6010f0a6d..a8227d31ca 100644 --- a/src/lib/libcrypto/dh/dh_check.c +++ b/src/lib/libcrypto/dh/dh_check.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh_check.c,v 1.16 2016/07/05 02:54:35 bcook Exp $ */	1	/* $OpenBSD: dh_check.c,v 1.17 2019/01/20 01:56:59 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -74,7 +74,7 @@
74	int	74	int
75	DH_check(const DH dh, int ret)	75	DH_check(const DH dh, int ret)
76	{	76	{
77	int ok = 0;	77	int is_prime, ok = 0;
78	BN_CTX *ctx = NULL;	78	BN_CTX *ctx = NULL;
79	BN_ULONG l;	79	BN_ULONG l;
80	BIGNUM *q = NULL;	80	BIGNUM *q = NULL;
@@ -102,16 +102,23 @@ DH_check(const DH dh, int ret)
102	} else	102	} else
103	*ret \|= DH_UNABLE_TO_CHECK_GENERATOR;	103	*ret \|= DH_UNABLE_TO_CHECK_GENERATOR;
104		104
105	if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))	105	is_prime = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL);
		106	if (is_prime < 0)
		107	goto err;
		108	if (is_prime == 0)
106	*ret \|= DH_CHECK_P_NOT_PRIME;	109	*ret \|= DH_CHECK_P_NOT_PRIME;
107	else {	110	else {
108	if (!BN_rshift1(q, dh->p))	111	if (!BN_rshift1(q, dh->p))
109	goto err;	112	goto err;
110	if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL))	113	is_prime = BN_is_prime_ex(q, BN_prime_checks, ctx, NULL);
		114	if (is_prime < 0)
		115	goto err;
		116	if (is_prime == 0)
111	*ret \|= DH_CHECK_P_NOT_SAFE_PRIME;	117	*ret \|= DH_CHECK_P_NOT_SAFE_PRIME;
112	}	118	}
113	ok = 1;	119	ok = 1;
114	err:	120
		121	err:
115	BN_CTX_free(ctx);	122	BN_CTX_free(ctx);
116	BN_free(q);	123	BN_free(q);
117	return ok;	124	return ok;