From d2399d8cd29f56e6614f0b3db4e7e563a745902a Mon Sep 17 00:00:00 2001 From: slontis Date: Mon, 30 May 2022 18:07:40 +1000 Subject: [PATCH] RSA keygen update: Raise an error if no prime candidate q is found. Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18429) --- crypto/bn/bn_err.c | 3 ++- crypto/bn/bn_rsa_fips186_4.c | 6 +++++- crypto/err/openssl.txt | 1 + include/crypto/bnerr.h | 2 +- include/openssl/bnerr.h | 3 ++- 5 files changed, 11 insertions(+), 4 deletions(-) diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index 67095a83c04..953be9ed471 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,6 +32,7 @@ static const ERR_STRING_DATA BN_str_reasons[] = { {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "not a square"}, {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse"}, + {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_PRIME_CANDIDATE), "no prime candidate"}, {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution"}, {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SUITABLE_DIGEST), "no suitable digest"}, {ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE), diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c index a451576bf9e..770ae4d1fac 100644 --- a/crypto/bn/bn_rsa_fips186_4.c +++ b/crypto/bn/bn_rsa_fips186_4.c @@ -349,7 +349,11 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin, goto err; } /* (Step 8-10) */ - if (++i >= imax || !BN_add(Y, Y, r1r2x2)) + if (++i >= imax) { + ERR_raise(ERR_LIB_BN, BN_R_NO_PRIME_CANDIDATE); + goto err; + } + if (!BN_add(Y, Y, r1r2x2)) goto err; } } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a6c8142a3ef..7c9a516c137 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -184,6 +184,7 @@ BN_R_INVALID_SHIFT:119:invalid shift BN_R_NOT_A_SQUARE:111:not a square BN_R_NOT_INITIALIZED:107:not initialized BN_R_NO_INVERSE:108:no inverse +BN_R_NO_PRIME_CANDIDATE:121:no prime candidate BN_R_NO_SOLUTION:116:no solution BN_R_NO_SUITABLE_DIGEST:120:no suitable digest BN_R_PRIVATE_KEY_TOO_LARGE:117:private key too large diff --git a/include/crypto/bnerr.h b/include/crypto/bnerr.h index 7282c915d64..131e30fa71d 100644 --- a/include/crypto/bnerr.h +++ b/include/crypto/bnerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h index 847d326b092..7c3f6ef3d4b 100644 --- a/include/openssl/bnerr.h +++ b/include/openssl/bnerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -36,6 +36,7 @@ # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 +# define BN_R_NO_PRIME_CANDIDATE 121 # define BN_R_NO_SOLUTION 116 # define BN_R_NO_SUITABLE_DIGEST 120 # define BN_R_PRIVATE_KEY_TOO_LARGE 117 -- 2.47.2