From 748e85308ef4f3e672975b3604ea2d76424fa404 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 24 Jun 2016 11:05:48 -0400 Subject: Fix BN_is_prime* calls. This function returns a tri-state -1 on error. See BoringSSL's 53409ee3d7595ed37da472bc73b010cd2c8a5ffd. Signed-off-by: Kurt Roeckx Reviewed-by: Rich Salz GH: #1251 --- crypto/dh/dh_check.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'crypto/dh') diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 523e31d05e..8d2e096c08 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -24,7 +24,7 @@ int DH_check(const DH *dh, int *ret) { - int ok = 0; + int ok = 0, r; BN_CTX *ctx = NULL; BN_ULONG l; BIGNUM *t1 = NULL, *t2 = NULL; @@ -53,7 +53,10 @@ int DH_check(const DH *dh, int *ret) if (!BN_is_one(t1)) *ret |= DH_NOT_SUITABLE_GENERATOR; } - if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL)) + r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); + if (r < 0) + goto err; + if (!r) *ret |= DH_CHECK_Q_NOT_PRIME; /* Check p == 1 mod q i.e. q divides p - 1 */ if (!BN_div(t1, t2, dh->p, dh->q, ctx)) @@ -74,12 +77,18 @@ int DH_check(const DH *dh, int *ret) } else *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) + r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); + if (r < 0) + goto err; + if (!r) *ret |= DH_CHECK_P_NOT_PRIME; else if (!dh->q) { if (!BN_rshift1(t1, dh->p)) goto err; - if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL)) + r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); + if (r < 0) + goto err; + if (!r) *ret |= DH_CHECK_P_NOT_SAFE_PRIME; } ok = 1; -- cgit v1.2.3