summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/bn/bn_x931p.c30
-rw-r--r--src/lib/libcrypto/dh/dh_check.c17
-rw-r--r--src/lib/libcrypto/dsa/dsa_ameth.c6
3 files changed, 35 insertions, 18 deletions
diff --git a/src/lib/libcrypto/bn/bn_x931p.c b/src/lib/libcrypto/bn/bn_x931p.c
index 45b61c9128..55ca21c08c 100644
--- a/src/lib/libcrypto/bn/bn_x931p.c
+++ b/src/lib/libcrypto/bn/bn_x931p.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_x931p.c,v 1.10 2017/01/25 06:15:44 beck Exp $ */ 1/* $OpenBSD: bn_x931p.c,v 1.11 2019/01/20 01:56:59 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2005. 3 * project 2005.
4 */ 4 */
@@ -71,7 +71,7 @@
71static int 71static int
72bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb) 72bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb)
73{ 73{
74 int i = 0; 74 int i = 0, is_prime;
75 75
76 if (!BN_copy(pi, Xpi)) 76 if (!BN_copy(pi, Xpi))
77 return 0; 77 return 0;
@@ -81,7 +81,10 @@ bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb)
81 i++; 81 i++;
82 BN_GENCB_call(cb, 0, i); 82 BN_GENCB_call(cb, 0, i);
83 /* NB 27 MR is specificed in X9.31 */ 83 /* NB 27 MR is specificed in X9.31 */
84 if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) 84 is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb);
85 if (is_prime < 0)
86 return 0;
87 if (is_prime == 1)
85 break; 88 break;
86 if (!BN_add_word(pi, 2)) 89 if (!BN_add_word(pi, 2))
87 return 0; 90 return 0;
@@ -173,13 +176,20 @@ BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp,
173 goto err; 176 goto err;
174 if (!BN_gcd_ct(t, pm1, e, ctx)) 177 if (!BN_gcd_ct(t, pm1, e, ctx))
175 goto err; 178 goto err;
176 if (BN_is_one(t) 179 if (BN_is_one(t)) {
177 /* X9.31 specifies 8 MR and 1 Lucas test or any prime test 180 int r;
178 * offering similar or better guarantees 50 MR is considerably 181
179 * better. 182 /*
180 */ 183 * X9.31 specifies 8 MR and 1 Lucas test or any prime
181 && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) 184 * test offering similar or better guarantees 50 MR
182 break; 185 * is considerably better.
186 */
187 r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb);
188 if (r < 0)
189 goto err;
190 if (r == 1)
191 break;
192 }
183 if (!BN_add(p, p, p1p2)) 193 if (!BN_add(p, p, p1p2))
184 goto err; 194 goto err;
185 } 195 }
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index a6010f0a6d..a8227d31ca 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_check.c,v 1.16 2016/07/05 02:54:35 bcook Exp $ */ 1/* $OpenBSD: dh_check.c,v 1.17 2019/01/20 01:56:59 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -74,7 +74,7 @@
74int 74int
75DH_check(const DH *dh, int *ret) 75DH_check(const DH *dh, int *ret)
76{ 76{
77 int ok = 0; 77 int is_prime, ok = 0;
78 BN_CTX *ctx = NULL; 78 BN_CTX *ctx = NULL;
79 BN_ULONG l; 79 BN_ULONG l;
80 BIGNUM *q = NULL; 80 BIGNUM *q = NULL;
@@ -102,16 +102,23 @@ DH_check(const DH *dh, int *ret)
102 } else 102 } else
103 *ret |= DH_UNABLE_TO_CHECK_GENERATOR; 103 *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
104 104
105 if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) 105 is_prime = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL);
106 if (is_prime < 0)
107 goto err;
108 if (is_prime == 0)
106 *ret |= DH_CHECK_P_NOT_PRIME; 109 *ret |= DH_CHECK_P_NOT_PRIME;
107 else { 110 else {
108 if (!BN_rshift1(q, dh->p)) 111 if (!BN_rshift1(q, dh->p))
109 goto err; 112 goto err;
110 if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL)) 113 is_prime = BN_is_prime_ex(q, BN_prime_checks, ctx, NULL);
114 if (is_prime < 0)
115 goto err;
116 if (is_prime == 0)
111 *ret |= DH_CHECK_P_NOT_SAFE_PRIME; 117 *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
112 } 118 }
113 ok = 1; 119 ok = 1;
114err: 120
121 err:
115 BN_CTX_free(ctx); 122 BN_CTX_free(ctx);
116 BN_free(q); 123 BN_free(q);
117 return ok; 124 return ok;
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 26d81eed7b..85ef234bb9 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_ameth.c,v 1.26 2018/08/24 20:22:15 tb Exp $ */ 1/* $OpenBSD: dsa_ameth.c,v 1.27 2019/01/20 01:56:59 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -515,7 +515,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
515 * Check that q is not a composite number. 515 * Check that q is not a composite number.
516 */ 516 */
517 517
518 if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) == 0) { 518 if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) <= 0) {
519 DSAerror(DSA_R_BAD_Q_VALUE); 519 DSAerror(DSA_R_BAD_Q_VALUE);
520 goto err; 520 goto err;
521 } 521 }
@@ -525,7 +525,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
525 EVP_PKEY_assign_DSA(pkey, dsa); 525 EVP_PKEY_assign_DSA(pkey, dsa);
526 return 1; 526 return 1;
527 527
528err: 528 err:
529 BN_CTX_free(ctx); 529 BN_CTX_free(ctx);
530 DSA_free(dsa); 530 DSA_free(dsa);
531 return 0; 531 return 0;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 19:47:17 +0000