diff options
| author | tb <> | 2019-01-20 01:56:59 +0000 |
|---|---|---|
| committer | tb <> | 2019-01-20 01:56:59 +0000 |
| commit | d5dab9ba75c9c829a61151d8cec3e00e899ad4b6 (patch) | |
| tree | bfc6c5227373c64986b6ae8eff3cee860afaca04 /src | |
| parent | 671ab30bb97f4c2f8f2e37b40cd8456b45836c74 (diff) | |
| download | openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.tar.gz openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.tar.bz2 openbsd-d5dab9ba75c9c829a61151d8cec3e00e899ad4b6.zip | |
Fix BN_is_prime_* calls in libcrypto, the API returns -1 on error.
From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.
ok djm, jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_x931p.c | 30 | ||||
| -rw-r--r-- | src/lib/libcrypto/dh/dh_check.c | 17 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_ameth.c | 6 |
3 files changed, 35 insertions, 18 deletions
diff --git a/src/lib/libcrypto/bn/bn_x931p.c b/src/lib/libcrypto/bn/bn_x931p.c index 45b61c9128..55ca21c08c 100644 --- a/src/lib/libcrypto/bn/bn_x931p.c +++ b/src/lib/libcrypto/bn/bn_x931p.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_x931p.c,v 1.10 2017/01/25 06:15:44 beck Exp $ */ | 1 | /* $OpenBSD: bn_x931p.c,v 1.11 2019/01/20 01:56:59 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2005. | 3 | * project 2005. |
| 4 | */ | 4 | */ |
| @@ -71,7 +71,7 @@ | |||
| 71 | static int | 71 | static int |
| 72 | bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb) | 72 | bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb) |
| 73 | { | 73 | { |
| 74 | int i = 0; | 74 | int i = 0, is_prime; |
| 75 | 75 | ||
| 76 | if (!BN_copy(pi, Xpi)) | 76 | if (!BN_copy(pi, Xpi)) |
| 77 | return 0; | 77 | return 0; |
| @@ -81,7 +81,10 @@ bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb) | |||
| 81 | i++; | 81 | i++; |
| 82 | BN_GENCB_call(cb, 0, i); | 82 | BN_GENCB_call(cb, 0, i); |
| 83 | /* NB 27 MR is specificed in X9.31 */ | 83 | /* NB 27 MR is specificed in X9.31 */ |
| 84 | if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) | 84 | is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb); |
| 85 | if (is_prime < 0) | ||
| 86 | return 0; | ||
| 87 | if (is_prime == 1) | ||
| 85 | break; | 88 | break; |
| 86 | if (!BN_add_word(pi, 2)) | 89 | if (!BN_add_word(pi, 2)) |
| 87 | return 0; | 90 | return 0; |
| @@ -173,13 +176,20 @@ BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp, | |||
| 173 | goto err; | 176 | goto err; |
| 174 | if (!BN_gcd_ct(t, pm1, e, ctx)) | 177 | if (!BN_gcd_ct(t, pm1, e, ctx)) |
| 175 | goto err; | 178 | goto err; |
| 176 | if (BN_is_one(t) | 179 | if (BN_is_one(t)) { |
| 177 | /* X9.31 specifies 8 MR and 1 Lucas test or any prime test | 180 | int r; |
| 178 | * offering similar or better guarantees 50 MR is considerably | 181 | |
| 179 | * better. | 182 | /* |
| 180 | */ | 183 | * X9.31 specifies 8 MR and 1 Lucas test or any prime |
| 181 | && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) | 184 | * test offering similar or better guarantees 50 MR |
| 182 | break; | 185 | * is considerably better. |
| 186 | */ | ||
| 187 | r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb); | ||
| 188 | if (r < 0) | ||
| 189 | goto err; | ||
| 190 | if (r == 1) | ||
| 191 | break; | ||
| 192 | } | ||
| 183 | if (!BN_add(p, p, p1p2)) | 193 | if (!BN_add(p, p, p1p2)) |
| 184 | goto err; | 194 | goto err; |
| 185 | } | 195 | } |
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c index a6010f0a6d..a8227d31ca 100644 --- a/src/lib/libcrypto/dh/dh_check.c +++ b/src/lib/libcrypto/dh/dh_check.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh_check.c,v 1.16 2016/07/05 02:54:35 bcook Exp $ */ | 1 | /* $OpenBSD: dh_check.c,v 1.17 2019/01/20 01:56:59 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -74,7 +74,7 @@ | |||
| 74 | int | 74 | int |
| 75 | DH_check(const DH *dh, int *ret) | 75 | DH_check(const DH *dh, int *ret) |
| 76 | { | 76 | { |
| 77 | int ok = 0; | 77 | int is_prime, ok = 0; |
| 78 | BN_CTX *ctx = NULL; | 78 | BN_CTX *ctx = NULL; |
| 79 | BN_ULONG l; | 79 | BN_ULONG l; |
| 80 | BIGNUM *q = NULL; | 80 | BIGNUM *q = NULL; |
| @@ -102,16 +102,23 @@ DH_check(const DH *dh, int *ret) | |||
| 102 | } else | 102 | } else |
| 103 | *ret |= DH_UNABLE_TO_CHECK_GENERATOR; | 103 | *ret |= DH_UNABLE_TO_CHECK_GENERATOR; |
| 104 | 104 | ||
| 105 | if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) | 105 | is_prime = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); |
| 106 | if (is_prime < 0) | ||
| 107 | goto err; | ||
| 108 | if (is_prime == 0) | ||
| 106 | *ret |= DH_CHECK_P_NOT_PRIME; | 109 | *ret |= DH_CHECK_P_NOT_PRIME; |
| 107 | else { | 110 | else { |
| 108 | if (!BN_rshift1(q, dh->p)) | 111 | if (!BN_rshift1(q, dh->p)) |
| 109 | goto err; | 112 | goto err; |
| 110 | if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL)) | 113 | is_prime = BN_is_prime_ex(q, BN_prime_checks, ctx, NULL); |
| 114 | if (is_prime < 0) | ||
| 115 | goto err; | ||
| 116 | if (is_prime == 0) | ||
| 111 | *ret |= DH_CHECK_P_NOT_SAFE_PRIME; | 117 | *ret |= DH_CHECK_P_NOT_SAFE_PRIME; |
| 112 | } | 118 | } |
| 113 | ok = 1; | 119 | ok = 1; |
| 114 | err: | 120 | |
| 121 | err: | ||
| 115 | BN_CTX_free(ctx); | 122 | BN_CTX_free(ctx); |
| 116 | BN_free(q); | 123 | BN_free(q); |
| 117 | return ok; | 124 | return ok; |
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c index 26d81eed7b..85ef234bb9 100644 --- a/src/lib/libcrypto/dsa/dsa_ameth.c +++ b/src/lib/libcrypto/dsa/dsa_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_ameth.c,v 1.26 2018/08/24 20:22:15 tb Exp $ */ | 1 | /* $OpenBSD: dsa_ameth.c,v 1.27 2019/01/20 01:56:59 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -515,7 +515,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) | |||
| 515 | * Check that q is not a composite number. | 515 | * Check that q is not a composite number. |
| 516 | */ | 516 | */ |
| 517 | 517 | ||
| 518 | if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) == 0) { | 518 | if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) <= 0) { |
| 519 | DSAerror(DSA_R_BAD_Q_VALUE); | 519 | DSAerror(DSA_R_BAD_Q_VALUE); |
| 520 | goto err; | 520 | goto err; |
| 521 | } | 521 | } |
| @@ -525,7 +525,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) | |||
| 525 | EVP_PKEY_assign_DSA(pkey, dsa); | 525 | EVP_PKEY_assign_DSA(pkey, dsa); |
| 526 | return 1; | 526 | return 1; |
| 527 | 527 | ||
| 528 | err: | 528 | err: |
| 529 | BN_CTX_free(ctx); | 529 | BN_CTX_free(ctx); |
| 530 | DSA_free(dsa); | 530 | DSA_free(dsa); |
| 531 | return 0; | 531 | return 0; |