diff options
| author | ndossche <niels.dossche@ugent.be> | 2023-02-13 15:27:25 +0100 |
|---|---|---|
| committer | Todd Short <todd.short@me.com> | 2023-02-20 10:19:58 -0500 |
| commit | 835b90a19cdb2901cdba8a26955ccaacf0d73062 (patch) | |
| tree | 093757e26f7528369c2cf3c7c15880ac0535b422 /crypto/bn | |
| parent | 1dbfd7fe24bcd50117bc57942b2046e483a3c5a5 (diff) | |
| download | openssl-new-835b90a19cdb2901cdba8a26955ccaacf0d73062.tar.gz | |
Fix incorrect error branch in ossl_bn_rsa_fips186_4_derive_prime()
BN_priv_rand_range_ex() and BN_add() both return a 0 on failure and a 1
on success. In case of failure, the algorithm should fail. However, the
branch that it goes through on failure is "goto end", not "goto err".
Therefore, the algorithm will return 1 which indicates success instead
of 0 for failure, leading to potential problems for the callers.
Fix it by changing the goto to "goto err" instead of "goto end".
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20279)
Diffstat (limited to 'crypto/bn')
| -rw-r--r-- | crypto/bn/bn_rsa_fips186_4.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c index 765ee250e7..1af3019005 100644 --- a/crypto/bn/bn_rsa_fips186_4.c +++ b/crypto/bn/bn_rsa_fips186_4.c @@ -357,7 +357,7 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin, * sqrt(2) * 2^(nlen/2-1) <= Random X <= (2^(nlen/2)) - 1. */ if (!BN_priv_rand_range_ex(X, range, 0, ctx) || !BN_add(X, X, base)) - goto end; + goto err; } /* (Step 4) Y = X + ((R - X) mod 2r1r2) */ if (!BN_mod_sub(Y, R, X, r1r2x2, ctx) || !BN_add(Y, Y, X)) |