diff options
| author | miod <> | 2015-10-21 19:02:22 +0000 |
|---|---|---|
| committer | miod <> | 2015-10-21 19:02:22 +0000 |
| commit | 1b13b85f2919becc500ee7d56c766f99acca6f75 (patch) | |
| tree | 5ddf8c3dac23f792a949739928d1abaeec3376b7 /src | |
| parent | 8e683fccb8989afc1e9e74f5dc0a49b5a0275ec3 (diff) | |
| download | openbsd-1b13b85f2919becc500ee7d56c766f99acca6f75.tar.gz openbsd-1b13b85f2919becc500ee7d56c766f99acca6f75.tar.bz2 openbsd-1b13b85f2919becc500ee7d56c766f99acca6f75.zip | |
Reject too small bits value in BN_generate_prime_ex(), so that it does not risk
becoming negative in probable_prime_dh_safe(). Reported by Franck Denis who
noticed `openssl gendh 0' would segfault.
Fix adapted from OpenSSL RT#2701.
ok beck@ jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/bn/bn.h | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_err.c | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_prime.c | 18 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/bn/bn.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/bn/bn_err.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/bn/bn_prime.c | 18 |
6 files changed, 44 insertions, 8 deletions
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h index 33c6162874..2c648ba2ee 100644 --- a/src/lib/libcrypto/bn/bn.h +++ b/src/lib/libcrypto/bn/bn.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn.h,v 1.27 2015/10/16 12:41:29 beck Exp $ */ | 1 | /* $OpenBSD: bn.h,v 1.28 2015/10/21 19:02:22 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -768,6 +768,7 @@ void ERR_load_BN_strings(void); | |||
| 768 | #define BN_F_BN_DIV_RECP 130 | 768 | #define BN_F_BN_DIV_RECP 130 |
| 769 | #define BN_F_BN_EXP 123 | 769 | #define BN_F_BN_EXP 123 |
| 770 | #define BN_F_BN_EXPAND2 108 | 770 | #define BN_F_BN_EXPAND2 108 |
| 771 | #define BN_F_BN_GENERATE_PRIME_EX 140 | ||
| 771 | #define BN_F_BN_EXPAND_INTERNAL 120 | 772 | #define BN_F_BN_EXPAND_INTERNAL 120 |
| 772 | #define BN_F_BN_GF2M_MOD 131 | 773 | #define BN_F_BN_GF2M_MOD 131 |
| 773 | #define BN_F_BN_GF2M_MOD_EXP 132 | 774 | #define BN_F_BN_GF2M_MOD_EXP 132 |
| @@ -797,6 +798,7 @@ void ERR_load_BN_strings(void); | |||
| 797 | #define BN_R_ARG2_LT_ARG3 100 | 798 | #define BN_R_ARG2_LT_ARG3 100 |
| 798 | #define BN_R_BAD_RECIPROCAL 101 | 799 | #define BN_R_BAD_RECIPROCAL 101 |
| 799 | #define BN_R_BIGNUM_TOO_LONG 114 | 800 | #define BN_R_BIGNUM_TOO_LONG 114 |
| 801 | #define BN_R_BITS_TOO_SMALL 117 | ||
| 800 | #define BN_R_CALLED_WITH_EVEN_MODULUS 102 | 802 | #define BN_R_CALLED_WITH_EVEN_MODULUS 102 |
| 801 | #define BN_R_DIV_BY_ZERO 103 | 803 | #define BN_R_DIV_BY_ZERO 103 |
| 802 | #define BN_R_ENCODING_ERROR 104 | 804 | #define BN_R_ENCODING_ERROR 104 |
diff --git a/src/lib/libcrypto/bn/bn_err.c b/src/lib/libcrypto/bn/bn_err.c index 5a0f359d86..149e58eafc 100644 --- a/src/lib/libcrypto/bn/bn_err.c +++ b/src/lib/libcrypto/bn/bn_err.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_err.c,v 1.12 2014/07/10 22:45:56 jsing Exp $ */ | 1 | /* $OpenBSD: bn_err.c,v 1.13 2015/10/21 19:02:22 miod Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -89,6 +89,7 @@ static ERR_STRING_DATA BN_str_functs[]= { | |||
| 89 | {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, | 89 | {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, |
| 90 | {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, | 90 | {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, |
| 91 | {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, | 91 | {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, |
| 92 | {ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX), "BN_generate_prime_ex"}, | ||
| 92 | {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, | 93 | {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, |
| 93 | {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, | 94 | {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, |
| 94 | {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, | 95 | {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, |
| @@ -119,6 +120,7 @@ static ERR_STRING_DATA BN_str_reasons[]= { | |||
| 119 | {ERR_REASON(BN_R_ARG2_LT_ARG3) , "arg2 lt arg3"}, | 120 | {ERR_REASON(BN_R_ARG2_LT_ARG3) , "arg2 lt arg3"}, |
| 120 | {ERR_REASON(BN_R_BAD_RECIPROCAL) , "bad reciprocal"}, | 121 | {ERR_REASON(BN_R_BAD_RECIPROCAL) , "bad reciprocal"}, |
| 121 | {ERR_REASON(BN_R_BIGNUM_TOO_LONG) , "bignum too long"}, | 122 | {ERR_REASON(BN_R_BIGNUM_TOO_LONG) , "bignum too long"}, |
| 123 | {ERR_REASON(BN_R_BITS_TOO_SMALL) , "bits too small"}, | ||
| 122 | {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, | 124 | {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, |
| 123 | {ERR_REASON(BN_R_DIV_BY_ZERO) , "div by zero"}, | 125 | {ERR_REASON(BN_R_DIV_BY_ZERO) , "div by zero"}, |
| 124 | {ERR_REASON(BN_R_ENCODING_ERROR) , "encoding error"}, | 126 | {ERR_REASON(BN_R_ENCODING_ERROR) , "encoding error"}, |
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c index 02780d32e6..b1aba663df 100644 --- a/src/lib/libcrypto/bn/bn_prime.c +++ b/src/lib/libcrypto/bn/bn_prime.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_prime.c,v 1.13 2015/02/09 15:49:22 jsing Exp $ */ | 1 | /* $OpenBSD: bn_prime.c,v 1.14 2015/10/21 19:02:22 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -112,6 +112,8 @@ | |||
| 112 | #include <stdio.h> | 112 | #include <stdio.h> |
| 113 | #include <time.h> | 113 | #include <time.h> |
| 114 | 114 | ||
| 115 | #include <openssl/err.h> | ||
| 116 | |||
| 115 | #include "bn_lcl.h" | 117 | #include "bn_lcl.h" |
| 116 | 118 | ||
| 117 | /* NB: these functions have been "upgraded", the deprecated versions (which are | 119 | /* NB: these functions have been "upgraded", the deprecated versions (which are |
| @@ -164,7 +166,16 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, | |||
| 164 | int found = 0; | 166 | int found = 0; |
| 165 | int i, j, c1 = 0; | 167 | int i, j, c1 = 0; |
| 166 | BN_CTX *ctx; | 168 | BN_CTX *ctx; |
| 167 | int checks = BN_prime_checks_for_size(bits); | 169 | int checks; |
| 170 | |||
| 171 | if (bits < 2 || (bits == 2 && safe)) { | ||
| 172 | /* | ||
| 173 | * There are no prime numbers smaller than 2, and the smallest | ||
| 174 | * safe prime (7) spans three bits. | ||
| 175 | */ | ||
| 176 | BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); | ||
| 177 | return 0; | ||
| 178 | } | ||
| 168 | 179 | ||
| 169 | ctx = BN_CTX_new(); | 180 | ctx = BN_CTX_new(); |
| 170 | if (ctx == NULL) | 181 | if (ctx == NULL) |
| @@ -172,6 +183,9 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, | |||
| 172 | BN_CTX_start(ctx); | 183 | BN_CTX_start(ctx); |
| 173 | if ((t = BN_CTX_get(ctx)) == NULL) | 184 | if ((t = BN_CTX_get(ctx)) == NULL) |
| 174 | goto err; | 185 | goto err; |
| 186 | |||
| 187 | checks = BN_prime_checks_for_size(bits); | ||
| 188 | |||
| 175 | loop: | 189 | loop: |
| 176 | /* make a random number and set the top and bottom bits */ | 190 | /* make a random number and set the top and bottom bits */ |
| 177 | if (add == NULL) { | 191 | if (add == NULL) { |
diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h index 33c6162874..2c648ba2ee 100644 --- a/src/lib/libssl/src/crypto/bn/bn.h +++ b/src/lib/libssl/src/crypto/bn/bn.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn.h,v 1.27 2015/10/16 12:41:29 beck Exp $ */ | 1 | /* $OpenBSD: bn.h,v 1.28 2015/10/21 19:02:22 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -768,6 +768,7 @@ void ERR_load_BN_strings(void); | |||
| 768 | #define BN_F_BN_DIV_RECP 130 | 768 | #define BN_F_BN_DIV_RECP 130 |
| 769 | #define BN_F_BN_EXP 123 | 769 | #define BN_F_BN_EXP 123 |
| 770 | #define BN_F_BN_EXPAND2 108 | 770 | #define BN_F_BN_EXPAND2 108 |
| 771 | #define BN_F_BN_GENERATE_PRIME_EX 140 | ||
| 771 | #define BN_F_BN_EXPAND_INTERNAL 120 | 772 | #define BN_F_BN_EXPAND_INTERNAL 120 |
| 772 | #define BN_F_BN_GF2M_MOD 131 | 773 | #define BN_F_BN_GF2M_MOD 131 |
| 773 | #define BN_F_BN_GF2M_MOD_EXP 132 | 774 | #define BN_F_BN_GF2M_MOD_EXP 132 |
| @@ -797,6 +798,7 @@ void ERR_load_BN_strings(void); | |||
| 797 | #define BN_R_ARG2_LT_ARG3 100 | 798 | #define BN_R_ARG2_LT_ARG3 100 |
| 798 | #define BN_R_BAD_RECIPROCAL 101 | 799 | #define BN_R_BAD_RECIPROCAL 101 |
| 799 | #define BN_R_BIGNUM_TOO_LONG 114 | 800 | #define BN_R_BIGNUM_TOO_LONG 114 |
| 801 | #define BN_R_BITS_TOO_SMALL 117 | ||
| 800 | #define BN_R_CALLED_WITH_EVEN_MODULUS 102 | 802 | #define BN_R_CALLED_WITH_EVEN_MODULUS 102 |
| 801 | #define BN_R_DIV_BY_ZERO 103 | 803 | #define BN_R_DIV_BY_ZERO 103 |
| 802 | #define BN_R_ENCODING_ERROR 104 | 804 | #define BN_R_ENCODING_ERROR 104 |
diff --git a/src/lib/libssl/src/crypto/bn/bn_err.c b/src/lib/libssl/src/crypto/bn/bn_err.c index 5a0f359d86..149e58eafc 100644 --- a/src/lib/libssl/src/crypto/bn/bn_err.c +++ b/src/lib/libssl/src/crypto/bn/bn_err.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_err.c,v 1.12 2014/07/10 22:45:56 jsing Exp $ */ | 1 | /* $OpenBSD: bn_err.c,v 1.13 2015/10/21 19:02:22 miod Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -89,6 +89,7 @@ static ERR_STRING_DATA BN_str_functs[]= { | |||
| 89 | {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, | 89 | {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, |
| 90 | {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, | 90 | {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, |
| 91 | {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, | 91 | {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, |
| 92 | {ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX), "BN_generate_prime_ex"}, | ||
| 92 | {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, | 93 | {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, |
| 93 | {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, | 94 | {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, |
| 94 | {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, | 95 | {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, |
| @@ -119,6 +120,7 @@ static ERR_STRING_DATA BN_str_reasons[]= { | |||
| 119 | {ERR_REASON(BN_R_ARG2_LT_ARG3) , "arg2 lt arg3"}, | 120 | {ERR_REASON(BN_R_ARG2_LT_ARG3) , "arg2 lt arg3"}, |
| 120 | {ERR_REASON(BN_R_BAD_RECIPROCAL) , "bad reciprocal"}, | 121 | {ERR_REASON(BN_R_BAD_RECIPROCAL) , "bad reciprocal"}, |
| 121 | {ERR_REASON(BN_R_BIGNUM_TOO_LONG) , "bignum too long"}, | 122 | {ERR_REASON(BN_R_BIGNUM_TOO_LONG) , "bignum too long"}, |
| 123 | {ERR_REASON(BN_R_BITS_TOO_SMALL) , "bits too small"}, | ||
| 122 | {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, | 124 | {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, |
| 123 | {ERR_REASON(BN_R_DIV_BY_ZERO) , "div by zero"}, | 125 | {ERR_REASON(BN_R_DIV_BY_ZERO) , "div by zero"}, |
| 124 | {ERR_REASON(BN_R_ENCODING_ERROR) , "encoding error"}, | 126 | {ERR_REASON(BN_R_ENCODING_ERROR) , "encoding error"}, |
diff --git a/src/lib/libssl/src/crypto/bn/bn_prime.c b/src/lib/libssl/src/crypto/bn/bn_prime.c index 02780d32e6..b1aba663df 100644 --- a/src/lib/libssl/src/crypto/bn/bn_prime.c +++ b/src/lib/libssl/src/crypto/bn/bn_prime.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_prime.c,v 1.13 2015/02/09 15:49:22 jsing Exp $ */ | 1 | /* $OpenBSD: bn_prime.c,v 1.14 2015/10/21 19:02:22 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -112,6 +112,8 @@ | |||
| 112 | #include <stdio.h> | 112 | #include <stdio.h> |
| 113 | #include <time.h> | 113 | #include <time.h> |
| 114 | 114 | ||
| 115 | #include <openssl/err.h> | ||
| 116 | |||
| 115 | #include "bn_lcl.h" | 117 | #include "bn_lcl.h" |
| 116 | 118 | ||
| 117 | /* NB: these functions have been "upgraded", the deprecated versions (which are | 119 | /* NB: these functions have been "upgraded", the deprecated versions (which are |
| @@ -164,7 +166,16 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, | |||
| 164 | int found = 0; | 166 | int found = 0; |
| 165 | int i, j, c1 = 0; | 167 | int i, j, c1 = 0; |
| 166 | BN_CTX *ctx; | 168 | BN_CTX *ctx; |
| 167 | int checks = BN_prime_checks_for_size(bits); | 169 | int checks; |
| 170 | |||
| 171 | if (bits < 2 || (bits == 2 && safe)) { | ||
| 172 | /* | ||
| 173 | * There are no prime numbers smaller than 2, and the smallest | ||
| 174 | * safe prime (7) spans three bits. | ||
| 175 | */ | ||
| 176 | BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); | ||
| 177 | return 0; | ||
| 178 | } | ||
| 168 | 179 | ||
| 169 | ctx = BN_CTX_new(); | 180 | ctx = BN_CTX_new(); |
| 170 | if (ctx == NULL) | 181 | if (ctx == NULL) |
| @@ -172,6 +183,9 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, | |||
| 172 | BN_CTX_start(ctx); | 183 | BN_CTX_start(ctx); |
| 173 | if ((t = BN_CTX_get(ctx)) == NULL) | 184 | if ((t = BN_CTX_get(ctx)) == NULL) |
| 174 | goto err; | 185 | goto err; |
| 186 | |||
| 187 | checks = BN_prime_checks_for_size(bits); | ||
| 188 | |||
| 175 | loop: | 189 | loop: |
| 176 | /* make a random number and set the top and bottom bits */ | 190 | /* make a random number and set the top and bottom bits */ |
| 177 | if (add == NULL) { | 191 | if (add == NULL) { |