From a36b0b14a12971086034d53c0c3dfbad07665abe Mon Sep 17 00:00:00 2001
From: "tb@openbsd.org" <tb@openbsd.org>
Date: Sun, 20 Jan 2019 02:01:59 +0000
Subject: upstream: Fix BN_is_prime_* calls in SSH, the API returns -1 on

error.

Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.

ok djm, dtucker

OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8
---
 moduli.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'moduli.c')

diff --git a/moduli.c b/moduli.c
index 233cba8e..48150dab 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.32 2017/12/08 03:45:52 deraadt Exp $ */
+/* $OpenBSD: moduli.c,v 1.33 2019/01/20 02:01:59 tb Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -582,7 +582,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 	u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
 	unsigned long last_processed = 0, end_lineno;
 	time_t time_start, time_stop;
-	int res;
+	int res, is_prime;
 
 	if (trials < TRIAL_MINIMUM) {
 		error("Minimum primality trials is %d", TRIAL_MINIMUM);
@@ -753,7 +753,10 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 		 * that p is also prime. A single pass will weed out the
 		 * vast majority of composite q's.
 		 */
-		if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) {
+		is_prime = BN_is_prime_ex(q, 1, ctx, NULL);
+		if (is_prime < 0)
+			fatal("BN_is_prime_ex failed");
+		if (is_prime == 0) {
 			debug("%10u: q failed first possible prime test",
 			    count_in);
 			continue;
@@ -766,14 +769,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 		 * will show up on the first Rabin-Miller iteration so it
 		 * doesn't hurt to specify a high iteration count.
 		 */
-		if (!BN_is_prime_ex(p, trials, ctx, NULL)) {
+		is_prime = BN_is_prime_ex(p, trials, ctx, NULL);
+		if (is_prime < 0)
+			fatal("BN_is_prime_ex failed");
+		if (is_prime == 0) {
 			debug("%10u: p is not prime", count_in);
 			continue;
 		}
 		debug("%10u: p is almost certainly prime", count_in);
 
 		/* recheck q more rigorously */
-		if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) {
+		is_prime = BN_is_prime_ex(q, trials - 1, ctx, NULL);
+		if (is_prime < 0)
+			fatal("BN_is_prime_ex failed");
+		if (is_prime == 0) {
 			debug("%10u: q is not prime", count_in);
 			continue;
 		}
-- 
cgit v1.2.1