diff options
Diffstat (limited to 'src/lib/libcrypto/bn/bn_x931p.c')
-rw-r--r-- | src/lib/libcrypto/bn/bn_x931p.c | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/src/lib/libcrypto/bn/bn_x931p.c b/src/lib/libcrypto/bn/bn_x931p.c index 45b61c9128..55ca21c08c 100644 --- a/src/lib/libcrypto/bn/bn_x931p.c +++ b/src/lib/libcrypto/bn/bn_x931p.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bn_x931p.c,v 1.10 2017/01/25 06:15:44 beck Exp $ */ | 1 | /* $OpenBSD: bn_x931p.c,v 1.11 2019/01/20 01:56:59 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 2005. | 3 | * project 2005. |
4 | */ | 4 | */ |
@@ -71,7 +71,7 @@ | |||
71 | static int | 71 | static int |
72 | bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb) | 72 | bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb) |
73 | { | 73 | { |
74 | int i = 0; | 74 | int i = 0, is_prime; |
75 | 75 | ||
76 | if (!BN_copy(pi, Xpi)) | 76 | if (!BN_copy(pi, Xpi)) |
77 | return 0; | 77 | return 0; |
@@ -81,7 +81,10 @@ bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb) | |||
81 | i++; | 81 | i++; |
82 | BN_GENCB_call(cb, 0, i); | 82 | BN_GENCB_call(cb, 0, i); |
83 | /* NB 27 MR is specificed in X9.31 */ | 83 | /* NB 27 MR is specificed in X9.31 */ |
84 | if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) | 84 | is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb); |
85 | if (is_prime < 0) | ||
86 | return 0; | ||
87 | if (is_prime == 1) | ||
85 | break; | 88 | break; |
86 | if (!BN_add_word(pi, 2)) | 89 | if (!BN_add_word(pi, 2)) |
87 | return 0; | 90 | return 0; |
@@ -173,13 +176,20 @@ BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp, | |||
173 | goto err; | 176 | goto err; |
174 | if (!BN_gcd_ct(t, pm1, e, ctx)) | 177 | if (!BN_gcd_ct(t, pm1, e, ctx)) |
175 | goto err; | 178 | goto err; |
176 | if (BN_is_one(t) | 179 | if (BN_is_one(t)) { |
177 | /* X9.31 specifies 8 MR and 1 Lucas test or any prime test | 180 | int r; |
178 | * offering similar or better guarantees 50 MR is considerably | 181 | |
179 | * better. | 182 | /* |
180 | */ | 183 | * X9.31 specifies 8 MR and 1 Lucas test or any prime |
181 | && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) | 184 | * test offering similar or better guarantees 50 MR |
182 | break; | 185 | * is considerably better. |
186 | */ | ||
187 | r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb); | ||
188 | if (r < 0) | ||
189 | goto err; | ||
190 | if (r == 1) | ||
191 | break; | ||
192 | } | ||
183 | if (!BN_add(p, p, p1p2)) | 193 | if (!BN_add(p, p, p1p2)) |
184 | goto err; | 194 | goto err; |
185 | } | 195 | } |