diff options
| author | David Benjamin <davidben@google.com> | 2016-06-23 23:02:21 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2016-06-24 00:22:33 +0300 |
| commit | 53409ee3d7595ed37da472bc73b010cd2c8a5ffd (patch) | |
| tree | c200aac060e90f2cd666119896fc2faebcc998fb /crypto/dh | |
| parent | ff594ca8c818db5e682c9f9bf5abcc88d49c36c4 (diff) | |
Fix BN_is_prime* calls.
This function returns a tri-state -1 on error. We should check this.
Change-Id: I6fe130c11d10690923aac5ac7a6dfe3e3ff3f5e9
Reviewed-on: https://boringssl-review.googlesource.com/8490
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/dh')
| -rw-r--r-- | crypto/dh/check.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/crypto/dh/check.c b/crypto/dh/check.c index d27fdf15..fbe58a50 100644 --- a/crypto/dh/check.c +++ b/crypto/dh/check.c @@ -120,7 +120,7 @@ int DH_check(const DH *dh, int *ret) { * for 5, p mod 10 == 3 or 7 * should hold. */ - int ok = 0; + int ok = 0, r; BN_CTX *ctx = NULL; BN_ULONG l; BIGNUM *t1 = NULL, *t2 = NULL; @@ -154,7 +154,11 @@ int DH_check(const DH *dh, int *ret) { *ret |= DH_CHECK_NOT_SUITABLE_GENERATOR; } } - if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL)) { + r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); + if (r < 0) { + goto err; + } + if (!r) { *ret |= DH_CHECK_Q_NOT_PRIME; } /* Check p == 1 mod q i.e. q divides p - 1 */ @@ -181,13 +185,21 @@ int DH_check(const DH *dh, int *ret) { *ret |= DH_CHECK_UNABLE_TO_CHECK_GENERATOR; } - if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) { + r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); + if (r < 0) { + goto err; + } + if (!r) { *ret |= DH_CHECK_P_NOT_PRIME; } else if (!dh->q) { if (!BN_rshift1(t1, dh->p)) { goto err; } - if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL)) { + r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); + if (r < 0) { + goto err; + } + if (!r) { *ret |= DH_CHECK_P_NOT_SAFE_PRIME; } } |