diff options
| -rw-r--r-- | src/lib/libcrypto/bn/bn_prime.c | 44 |
1 files changed, 20 insertions, 24 deletions
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c index c3cf5b8986..f44fbdf79a 100644 --- a/src/lib/libcrypto/bn/bn_prime.c +++ b/src/lib/libcrypto/bn/bn_prime.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_prime.c,v 1.24 2022/11/09 11:31:51 tb Exp $ */ | 1 | /* $OpenBSD: bn_prime.c,v 1.25 2022/11/09 15:33:13 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -160,11 +160,11 @@ int | |||
| 160 | BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, | 160 | BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, |
| 161 | const BIGNUM *rem, BN_GENCB *cb) | 161 | const BIGNUM *rem, BN_GENCB *cb) |
| 162 | { | 162 | { |
| 163 | BIGNUM *t; | ||
| 164 | int found = 0; | ||
| 165 | int loops = 0; | ||
| 166 | int j; | ||
| 167 | BN_CTX *ctx; | 163 | BN_CTX *ctx; |
| 164 | BIGNUM *p; | ||
| 165 | int is_prime; | ||
| 166 | int loops = 0; | ||
| 167 | int found = 0; | ||
| 168 | 168 | ||
| 169 | if (bits < 2 || (bits == 2 && safe)) { | 169 | if (bits < 2 || (bits == 2 && safe)) { |
| 170 | /* | 170 | /* |
| @@ -178,11 +178,11 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, | |||
| 178 | if ((ctx = BN_CTX_new()) == NULL) | 178 | if ((ctx = BN_CTX_new()) == NULL) |
| 179 | goto err; | 179 | goto err; |
| 180 | BN_CTX_start(ctx); | 180 | BN_CTX_start(ctx); |
| 181 | if ((t = BN_CTX_get(ctx)) == NULL) | 181 | if ((p = BN_CTX_get(ctx)) == NULL) |
| 182 | goto err; | 182 | goto err; |
| 183 | 183 | ||
| 184 | loop: | 184 | loop: |
| 185 | /* make a random number and set the top and bottom bits */ | 185 | /* Make a random number and set the top and bottom bits. */ |
| 186 | if (add == NULL) { | 186 | if (add == NULL) { |
| 187 | if (!probable_prime(ret, bits)) | 187 | if (!probable_prime(ret, bits)) |
| 188 | goto err; | 188 | goto err; |
| @@ -200,35 +200,31 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, | |||
| 200 | goto err; | 200 | goto err; |
| 201 | 201 | ||
| 202 | if (!safe) { | 202 | if (!safe) { |
| 203 | j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb); | 203 | if (!bn_is_prime_bpsw(&is_prime, ret, ctx)) |
| 204 | if (j == -1) | ||
| 205 | goto err; | 204 | goto err; |
| 206 | if (j == 0) | 205 | if (!is_prime) |
| 207 | goto loop; | 206 | goto loop; |
| 208 | } else { | 207 | } else { |
| 209 | /* for "safe prime" generation, | 208 | if (!bn_is_prime_bpsw(&is_prime, ret, ctx)) |
| 210 | * check that (p-1)/2 is prime. | ||
| 211 | * Since a prime is odd, We just | ||
| 212 | * need to divide by 2 */ | ||
| 213 | if (!BN_rshift1(t, ret)) | ||
| 214 | goto err; | 209 | goto err; |
| 210 | if (!is_prime) | ||
| 211 | goto loop; | ||
| 215 | 212 | ||
| 216 | j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb); | 213 | /* |
| 217 | if (j == -1) | 214 | * For safe prime generation, check that p = (ret-1)/2 is prime. |
| 215 | * Since this prime has >= 3 bits, it is odd, and we can simply | ||
| 216 | * divide by 2. | ||
| 217 | */ | ||
| 218 | if (!BN_rshift1(p, ret)) | ||
| 218 | goto err; | 219 | goto err; |
| 219 | if (j == 0) | ||
| 220 | goto loop; | ||
| 221 | 220 | ||
| 222 | j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb); | 221 | if (!bn_is_prime_bpsw(&is_prime, p, ctx)) |
| 223 | if (j == -1) | ||
| 224 | goto err; | 222 | goto err; |
| 225 | if (j == 0) | 223 | if (!is_prime) |
| 226 | goto loop; | 224 | goto loop; |
| 227 | 225 | ||
| 228 | if (!BN_GENCB_call(cb, 2, loops - 1)) | 226 | if (!BN_GENCB_call(cb, 2, loops - 1)) |
| 229 | goto err; | 227 | goto err; |
| 230 | |||
| 231 | /* We have a safe prime test pass */ | ||
| 232 | } | 228 | } |
| 233 | 229 | ||
| 234 | found = 1; | 230 | found = 1; |