diff options
| author | David Benjamin <davidben@google.com> | 2016-06-24 11:05:48 -0400 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2016-06-25 11:01:30 +0200 |
| commit | 748e85308ef4f3e672975b3604ea2d76424fa404 (patch) | |
| tree | 4aae2407243c51b4a4fb490f1d48b4a31e8c5ad9 /crypto/dh | |
| parent | f08c8c1a195a29652c956f43eb9e0d97f6094b6f (diff) | |
Fix BN_is_prime* calls.
This function returns a tri-state -1 on error. See BoringSSL's
53409ee3d7595ed37da472bc73b010cd2c8a5ffd.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1251
Diffstat (limited to 'crypto/dh')
| -rw-r--r-- | crypto/dh/dh_check.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 523e31d05e..8d2e096c08 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -24,7 +24,7 @@ int DH_check(const DH *dh, int *ret) { - int ok = 0; + int ok = 0, r; BN_CTX *ctx = NULL; BN_ULONG l; BIGNUM *t1 = NULL, *t2 = NULL; @@ -53,7 +53,10 @@ int DH_check(const DH *dh, int *ret) if (!BN_is_one(t1)) *ret |= DH_NOT_SUITABLE_GENERATOR; } - if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL)) + r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); + if (r < 0) + goto err; + if (!r) *ret |= DH_CHECK_Q_NOT_PRIME; /* Check p == 1 mod q i.e. q divides p - 1 */ if (!BN_div(t1, t2, dh->p, dh->q, ctx)) @@ -74,12 +77,18 @@ int DH_check(const DH *dh, int *ret) } else *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) + r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); + if (r < 0) + goto err; + if (!r) *ret |= DH_CHECK_P_NOT_PRIME; else if (!dh->q) { if (!BN_rshift1(t1, dh->p)) goto err; - if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL)) + r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); + if (r < 0) + goto err; + if (!r) *ret |= DH_CHECK_P_NOT_SAFE_PRIME; } ok = 1; |