diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-04 17:56:23 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-07 08:07:25 +0200 |
commit | 9fd44200fe39542c31188de6f3469b438acf39b2 (patch) | |
tree | a0a833dcb64ab228a9dfaaba8205a38c17614e28 /crypto | |
parent | 78af3f6f95cb8327fb423a609586c3c2b0d9c5f9 (diff) |
Fix an endless loop in BN_generate_prime_ex
Happens when trying to generate 4 or 5 bit safe primes.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9311)
(cherry picked from commit 291f616ced45c924d639d97fc9ca2cbeaad096cf)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/bn/bn_prime.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 4bbd7c8810..19b081f38e 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -63,8 +63,12 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, /* There are no prime numbers this small. */ BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); return 0; - } else if (bits == 2 && safe) { - /* The smallest safe prime (7) is three bits. */ + } else if (add == NULL && safe && bits < 6 && bits != 3) { + /* + * The smallest safe prime (7) is three bits. + * But the following two safe primes with less than 6 bits (11, 23) + * are unreachable for BN_rand with BN_RAND_TOP_TWO. + */ BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); return 0; } |