Fix an endless loop in BN_generate_prime_ex

Happens when trying to generate 4 or 5 bit safe primes. [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9311)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-07-04 17:56:23 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-07-07 08:05:33 +0200
commit: 291f616ced45c924d639d97fc9ca2cbeaad096cf (patch)
tree: 86fbc3f0f65398c02bbad3f975f5d36bd69c2a06 /crypto/bn
parent: 2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 03402c2cec..47e2f2357a 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -98,8 +98,12 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
         /* There are no prime numbers this small. */
         BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
         return 0;
-    } else if (bits == 2 && safe) {
-        /* The smallest safe prime (7) is three bits. */
+    } else if (add == NULL && safe && bits < 6 && bits != 3) {
+        /*
+         * The smallest safe prime (7) is three bits.
+         * But the following two safe primes with less than 6 bits (11, 23)
+         * are unreachable for BN_rand with BN_RAND_TOP_TWO.
+         */
         BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
         return 0;
     }
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-07-04 17:56:23 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-07-07 08:05:33 +0200
commit	291f616ced45c924d639d97fc9ca2cbeaad096cf (patch)
tree	86fbc3f0f65398c02bbad3f975f5d36bd69c2a06 /crypto/bn
parent	2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852 (diff)