1 files changed, 20 insertions, 10 deletions
diff --git a/src/lib/libcrypto/bn/bn_x931p.c b/src/lib/libcrypto/bn/bn_x931p.c
index 45b61c9128..55ca21c08c 100644
--- a/src/lib/libcrypto/bn/bn_x931p.c
+++ b/src/lib/libcrypto/bn/bn_x931p.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_x931p.c,v 1.10 2017/01/25 06:15:44 beck Exp $ */
+/* $OpenBSD: bn_x931p.c,v 1.11 2019/01/20 01:56:59 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2005.
 */
@@ -71,7 +71,7 @@
 static int
 bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb)
 {
-        int i = 0;
+        int i = 0, is_prime;
        if (!BN_copy(pi, Xpi))
                return 0;
@@ -81,7 +81,10 @@ bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb)
                i++;
                BN_GENCB_call(cb, 0, i);
                /* NB 27 MR is specificed in X9.31 */
-                if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
+                is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb);
+                if (is_prime < 0)
+                        return 0;
+                if (is_prime == 1)
                        break;
                if (!BN_add_word(pi, 2))
                        return 0;
@@ -173,13 +176,20 @@ BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp,
                        goto err;
                if (!BN_gcd_ct(t, pm1, e, ctx))
                        goto err;
-                if (BN_is_one(t)
+                if (BN_is_one(t)) {
-                /* X9.31 specifies 8 MR and 1 Lucas test or any prime test
+                        int r;
-                 * offering similar or better guarantees 50 MR is considerably
-                 * better.
+                        /*
-                 */
+                         * X9.31 specifies 8 MR and 1 Lucas test or any prime
-                    && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
+                         * test offering similar or better guarantees 50 MR
-                        break;
+                         * is considerably better.
+                         */
+                        r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb);
+                        if (r < 0)
+                                goto err;
+                        if (r == 1)
+                                break;
+                }
                if (!BN_add(p, p, p1p2))
                        goto err;
        }

diff --git a/src/lib/libcrypto/bn/bn_x931p.c b/src/lib/libcrypto/bn/bn_x931p.c index 45b61c9128..55ca21c08c 100644 --- a/src/lib/libcrypto/bn/bn_x931p.c +++ b/src/lib/libcrypto/bn/bn_x931p.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_x931p.c,v 1.10 2017/01/25 06:15:44 beck Exp $ */	1	/* $OpenBSD: bn_x931p.c,v 1.11 2019/01/20 01:56:59 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2005.	3	* project 2005.
4	*/	4	*/
@@ -71,7 +71,7 @@
71	static int	71	static int
72	bn_x931_derive_pi(BIGNUM pi, const BIGNUM Xpi, BN_CTX ctx, BN_GENCB cb)	72	bn_x931_derive_pi(BIGNUM pi, const BIGNUM Xpi, BN_CTX ctx, BN_GENCB cb)
73	{	73	{
74	int i = 0;	74	int i = 0, is_prime;
75		75
76	if (!BN_copy(pi, Xpi))	76	if (!BN_copy(pi, Xpi))
77	return 0;	77	return 0;
@@ -81,7 +81,10 @@ bn_x931_derive_pi(BIGNUM pi, const BIGNUM Xpi, BN_CTX ctx, BN_GENCB cb)
81	i++;	81	i++;
82	BN_GENCB_call(cb, 0, i);	82	BN_GENCB_call(cb, 0, i);
83	/* NB 27 MR is specificed in X9.31 */	83	/* NB 27 MR is specificed in X9.31 */
84	if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))	84	is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb);
		85	if (is_prime < 0)
		86	return 0;
		87	if (is_prime == 1)
85	break;	88	break;
86	if (!BN_add_word(pi, 2))	89	if (!BN_add_word(pi, 2))
87	return 0;	90	return 0;
@@ -173,13 +176,20 @@ BN_X931_derive_prime_ex(BIGNUM p, BIGNUM p1, BIGNUM p2, const BIGNUM Xp,
173	goto err;	176	goto err;
174	if (!BN_gcd_ct(t, pm1, e, ctx))	177	if (!BN_gcd_ct(t, pm1, e, ctx))
175	goto err;	178	goto err;
176	if (BN_is_one(t)	179	if (BN_is_one(t)) {
177	/* X9.31 specifies 8 MR and 1 Lucas test or any prime test	180	int r;
178	* offering similar or better guarantees 50 MR is considerably	181
179	* better.	182	/*
180	*/	183	* X9.31 specifies 8 MR and 1 Lucas test or any prime
181	&& BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))	184	* test offering similar or better guarantees 50 MR
182	break;	185	* is considerably better.
		186	*/
		187	r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb);
		188	if (r < 0)
		189	goto err;
		190	if (r == 1)
		191	break;
		192	}
183	if (!BN_add(p, p, p1p2))	193	if (!BN_add(p, p, p1p2))
184	goto err;	194	goto err;
185	}	195	}