RSA keygen update: Raise an error if no prime candidate q is found.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18429)

diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
index 67095a83c049ede1d0745da845d2dbffda5cc799..953be9ed47172a000ede98ae71a2c591a72ec458 100644 (file)
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -32,6 +32,7 @@ static const ERR_STRING_DATA BN_str_reasons[] = {
     {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "not a square"},
     {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized"},
     {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_PRIME_CANDIDATE), "no prime candidate"},
     {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution"},
     {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SUITABLE_DIGEST), "no suitable digest"},
     {ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE),

diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
index a451576bf9e31d709cb4c83d01ace24ffb92c89b..770ae4d1fac0e274dda2928c179846e19bd32ee2 100644 (file)
--- a/crypto/bn/bn_rsa_fips186_4.c
+++ b/crypto/bn/bn_rsa_fips186_4.c
@@ -349,7 +349,11 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
                     goto err;
             }
             /* (Step 8-10) */
-            if (++i >= imax || !BN_add(Y, Y, r1r2x2))
+            if (++i >= imax) {
+                ERR_raise(ERR_LIB_BN, BN_R_NO_PRIME_CANDIDATE);
+                goto err;
+            }
+            if (!BN_add(Y, Y, r1r2x2))
                 goto err;
         }
     }

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index a6c8142a3ef6be86f9ff4d48c7e0f7719a79a07e..7c9a516c137a185d468d784d86dba3724b59c9b8 100644 (file)
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -184,6 +184,7 @@ BN_R_INVALID_SHIFT:119:invalid shift
 BN_R_NOT_A_SQUARE:111:not a square
 BN_R_NOT_INITIALIZED:107:not initialized
 BN_R_NO_INVERSE:108:no inverse
+BN_R_NO_PRIME_CANDIDATE:121:no prime candidate
 BN_R_NO_SOLUTION:116:no solution
 BN_R_NO_SUITABLE_DIGEST:120:no suitable digest
 BN_R_PRIVATE_KEY_TOO_LARGE:117:private key too large

diff --git a/include/crypto/bnerr.h b/include/crypto/bnerr.h
index 7282c915d64ad649fa3cf7d861663b1ef05f49f5..131e30fa71dfee0e769a5c0974b86a90e84884af 100644 (file)
--- a/include/crypto/bnerr.h
+++ b/include/crypto/bnerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy

diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h
index 847d326b0925e05c50006f0a9314ce64fd6181d8..7c3f6ef3d4ba50ba60a18028cf929e3409bc5369 100644 (file)
--- a/include/openssl/bnerr.h
+++ b/include/openssl/bnerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -36,6 +36,7 @@
 # define BN_R_NOT_A_SQUARE                                111
 # define BN_R_NOT_INITIALIZED                             107
 # define BN_R_NO_INVERSE                                  108
+# define BN_R_NO_PRIME_CANDIDATE                          121
 # define BN_R_NO_SOLUTION                                 116
 # define BN_R_NO_SUITABLE_DIGEST                          120
 # define BN_R_PRIVATE_KEY_TOO_LARGE                       117