generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ensure that the addition mods[i]+delta cannot overflow in probable_prime().

Browse Source 
[Problem pointed out by Adam Young <adamy (at) acm.org>]
This commit is contained in:
Bodo Möller 2006-09-18 14:00:49 +00:00
parent 5d20c4fb35
commit a53cdc5b08
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/bn/bn_prime.c
View File

@ -378,13 +378,14 @@ static int probable_prime(BIGNUM *rnd, int bits)
{ {
int i; int i;
BN_ULONG mods[NUMPRIMES]; BN_ULONG mods[NUMPRIMES];
BN_ULONG delta,d; BN_ULONG delta,maxdelta;
again: again:
if (!BN_rand(rnd,bits,1,1)) return(0); if (!BN_rand(rnd,bits,1,1)) return(0);
/* we now have a random number 'rand' to test. */ /* we now have a random number 'rand' to test. */
for (i=1; i<NUMPRIMES; i++) for (i=1; i<NUMPRIMES; i++)
mods[i]=BN_mod_word(rnd,(BN_ULONG)primes[i]); mods[i]=BN_mod_word(rnd,(BN_ULONG)primes[i]);
maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
delta=0; delta=0;
loop: for (i=1; i<NUMPRIMES; i++) loop: for (i=1; i<NUMPRIMES; i++)
{ {
@ -392,12 +393,8 @@ again:
* that gcd(rnd-1,primes) == 1 (except for 2) */ * that gcd(rnd-1,primes) == 1 (except for 2) */
if (((mods[i]+delta)%primes[i]) <= 1) if (((mods[i]+delta)%primes[i]) <= 1)
{ {
d=delta;
delta+=2; delta+=2;
/* perhaps need to check for overflow of if (delta > maxdelta) goto again;
* delta (but delta can be up to 2^32)
* 21-May-98 eay - added overflow check */
if (delta < d) goto again;
goto loop; goto loop;
} }
} }