generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ensure that the addition mods[i]+delta cannot overflow in probable_prime().

Browse Source 
[Problem pointed out by Adam Young <adamy (at) acm.org>]
This commit is contained in:
Bodo Möller 2006-09-19 10:00:29 +00:00
parent ea43804bda
commit d9d294463e
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/bn/bn_prime.c
View File

@ -350,13 +350,14 @@ static int probable_prime(BIGNUM *rnd, int bits)
{
int i;
BN_ULONG mods[NUMPRIMES];
BN_ULONG delta,d;
BN_ULONG delta,maxdelta;
again:
if (!BN_rand(rnd,bits,1,1)) return(0);
/* we now have a random number 'rand' to test. */
for (i=1; i<NUMPRIMES; i++)
mods[i]=BN_mod_word(rnd,(BN_ULONG)primes[i]);
maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
delta=0;
loop: for (i=1; i<NUMPRIMES; i++)
{
@ -364,12 +365,8 @@ again:
* that gcd(rnd-1,primes) == 1 (except for 2) */
if (((mods[i]+delta)%primes[i]) <= 1)
{
d=delta;
delta+=2;
/* perhaps need to check for overflow of
* delta (but delta can be up to 2^32)
* 21-May-98 eay - added overflow check */
if (delta < d) goto again;
if (delta > maxdelta) goto again;
goto loop;
}
}