From: tb <tb@openbsd.org>
Date: Sat, 25 Mar 2023 11:02:26 +0000 (+0000)
Subject: Add checks to ensure the uint16_t array isn't overflowed when this
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=d49b38c561fac719cf1f7a40cc47a64e2a90032b;p=openbsd

Add checks to ensure the uint16_t array isn't overflowed when this
script is run. This is more of an issue with uint16_t now than it
was with prime_t aka BN_ULONG before r1.6.
---

diff --git a/lib/libcrypto/bn/bn_prime.pl b/lib/libcrypto/bn/bn_prime.pl
index bc85909bfb1..4692e7f419d 100644
--- a/lib/libcrypto/bn/bn_prime.pl
+++ b/lib/libcrypto/bn/bn_prime.pl
@@ -4,6 +4,9 @@
 $num=2048;
 $num=$ARGV[0] if ($#ARGV >= 0);
 
+# The 6543rd prime is 2^16 + 1.
+die "$num must be smaller than 6543" if $num >= 6543;
+
 push(@primes,2);
 $p=1;
 loop: while ($#primes < $num-1)
@@ -46,6 +49,7 @@ for ($i=0; $i <= $#primes; $i++)
 	} else {
 		printf(" ");
 	}
+	die "\$primes[$i] is too large: $primes[$i]" if $primes[$i] > 65535;
 	printf("%5d,",$primes[$i]);
 	}
 print "\n};\n";