openssh/upstream-Fix-BN_is_prime_-calls-in-SSH-the-API-retur.patch

From a36b0b14a12971086034d53c0c3dfbad07665abe Mon Sep 17 00:00:00 2001
From: "tb@openbsd.org" <tb@openbsd.org>
Date: Sun, 20 Jan 2019 02:01:59 +0000
Subject: [PATCH 185/294] upstream: Fix BN_is_prime_* calls in SSH, the API
 returns -1 on

error.

Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.

ok djm, dtucker

OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8
---
 moduli.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/moduli.c b/moduli.c
index 233cba8..48150da 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.32 2017/12/08 03:45:52 deraadt Exp $ */
+/* $OpenBSD: moduli.c,v 1.33 2019/01/20 02:01:59 tb Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -582,7 +582,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 	u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
 	unsigned long last_processed = 0, end_lineno;
 	time_t time_start, time_stop;
-	int res;
+	int res, is_prime;
 
 	if (trials < TRIAL_MINIMUM) {
 		error("Minimum primality trials is %d", TRIAL_MINIMUM);
@@ -753,7 +753,10 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 		 * that p is also prime. A single pass will weed out the
 		 * vast majority of composite q's.
 		 */
-		if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) {
+		is_prime = BN_is_prime_ex(q, 1, ctx, NULL);
+		if (is_prime < 0)
+			fatal("BN_is_prime_ex failed");
+		if (is_prime == 0) {
 			debug("%10u: q failed first possible prime test",
 			    count_in);
 			continue;
@@ -766,14 +769,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 		 * will show up on the first Rabin-Miller iteration so it
 		 * doesn't hurt to specify a high iteration count.
 		 */
-		if (!BN_is_prime_ex(p, trials, ctx, NULL)) {
+		is_prime = BN_is_prime_ex(p, trials, ctx, NULL);
+		if (is_prime < 0)
+			fatal("BN_is_prime_ex failed");
+		if (is_prime == 0) {
 			debug("%10u: p is not prime", count_in);
 			continue;
 		}
 		debug("%10u: p is almost certainly prime", count_in);
 
 		/* recheck q more rigorously */
-		if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) {
+		is_prime = BN_is_prime_ex(q, trials - 1, ctx, NULL);
+		if (is_prime < 0)
+			fatal("BN_is_prime_ex failed");
+		if (is_prime == 0) {
 			debug("%10u: q is not prime", count_in);
 			continue;
 		}
-- 
1.8.3.1
Package init 2019-09-30 11:10:51 -04:00			`From a36b0b14a12971086034d53c0c3dfbad07665abe Mon Sep 17 00:00:00 2001`
			`From: "tb@openbsd.org" <tb@openbsd.org>`
			`Date: Sun, 20 Jan 2019 02:01:59 +0000`
			`Subject: [PATCH 185/294] upstream: Fix BN_is_prime_* calls in SSH, the API`
			`returns -1 on`

			`error.`

			`Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd`
			`by David Benjamin.`

			`ok djm, dtucker`

			`OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8`
			`---`
			`moduli.c \| 19 ++++++++++++++-----`
			`1 file changed, 14 insertions(+), 5 deletions(-)`

			`diff --git a/moduli.c b/moduli.c`
			`index 233cba8..48150da 100644`
			`--- a/moduli.c`
			`+++ b/moduli.c`
			`@@ -1,4 +1,4 @@`
			`-/* $OpenBSD: moduli.c,v 1.32 2017/12/08 03:45:52 deraadt Exp $ */`
			`+/* $OpenBSD: moduli.c,v 1.33 2019/01/20 02:01:59 tb Exp $ */`
			`/*`
			`* Copyright 1994 Phil Karn <karn@qualcomm.com>`
			`* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>`
			`@@ -582,7 +582,7 @@ prime_test(FILE in, FILE out, u_int32_t trials, u_int32_t generator_wanted,`
			`u_int32_t generator_known, in_tests, in_tries, in_type, in_size;`
			`unsigned long last_processed = 0, end_lineno;`
			`time_t time_start, time_stop;`
			`- int res;`
			`+ int res, is_prime;`

			`if (trials < TRIAL_MINIMUM) {`
			`error("Minimum primality trials is %d", TRIAL_MINIMUM);`
			`@@ -753,7 +753,10 @@ prime_test(FILE in, FILE out, u_int32_t trials, u_int32_t generator_wanted,`
			`* that p is also prime. A single pass will weed out the`
			`* vast majority of composite q's.`
			`*/`
			`- if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) {`
			`+ is_prime = BN_is_prime_ex(q, 1, ctx, NULL);`
			`+ if (is_prime < 0)`
			`+ fatal("BN_is_prime_ex failed");`
			`+ if (is_prime == 0) {`
			`debug("%10u: q failed first possible prime test",`
			`count_in);`
			`continue;`
			`@@ -766,14 +769,20 @@ prime_test(FILE in, FILE out, u_int32_t trials, u_int32_t generator_wanted,`
			`* will show up on the first Rabin-Miller iteration so it`
			`* doesn't hurt to specify a high iteration count.`
			`*/`
			`- if (!BN_is_prime_ex(p, trials, ctx, NULL)) {`
			`+ is_prime = BN_is_prime_ex(p, trials, ctx, NULL);`
			`+ if (is_prime < 0)`
			`+ fatal("BN_is_prime_ex failed");`
			`+ if (is_prime == 0) {`
			`debug("%10u: p is not prime", count_in);`
			`continue;`
			`}`
			`debug("%10u: p is almost certainly prime", count_in);`

			`/* recheck q more rigorously */`
			`- if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) {`
			`+ is_prime = BN_is_prime_ex(q, trials - 1, ctx, NULL);`
			`+ if (is_prime < 0)`
			`+ fatal("BN_is_prime_ex failed");`
			`+ if (is_prime == 0) {`
			`debug("%10u: q is not prime", count_in);`
			`continue;`
			`}`
			`--`
			`1.8.3.1`