summaryrefslogtreecommitdiff
path: root/src/lib/libc
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/bn/bn_bpsw.c63
1 files changed, 33 insertions, 30 deletions
diff --git a/src/lib/libcrypto/bn/bn_bpsw.c b/src/lib/libcrypto/bn/bn_bpsw.c
index a1acbbf1e9..82a4e87146 100644
--- a/src/lib/libcrypto/bn/bn_bpsw.c
+++ b/src/lib/libcrypto/bn/bn_bpsw.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_bpsw.c,v 1.9 2023/05/10 12:21:55 tb Exp $ */ 1/* $OpenBSD: bn_bpsw.c,v 1.10 2023/05/10 21:05:24 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2022 Martin Grenouilloux <martin.grenouilloux@lse.epita.fr> 3 * Copyright (c) 2022 Martin Grenouilloux <martin.grenouilloux@lse.epita.fr>
4 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@@ -156,7 +156,7 @@ bn_lucas(BIGNUM *U, BIGNUM *V, const BIGNUM *k, const BIGNUM *D,
156 */ 156 */
157 157
158static int 158static int
159bn_strong_lucas_test(int *is_prime, const BIGNUM *n, const BIGNUM *D, 159bn_strong_lucas_test(int *is_pseudoprime, const BIGNUM *n, const BIGNUM *D,
160 BN_CTX *ctx) 160 BN_CTX *ctx)
161{ 161{
162 BIGNUM *k, *U, *V; 162 BIGNUM *k, *U, *V;
@@ -194,7 +194,7 @@ bn_strong_lucas_test(int *is_prime, const BIGNUM *n, const BIGNUM *D,
194 goto err; 194 goto err;
195 195
196 if (BN_is_zero(U) || BN_is_zero(V)) { 196 if (BN_is_zero(U) || BN_is_zero(V)) {
197 *is_prime = 1; 197 *is_pseudoprime = 1;
198 goto done; 198 goto done;
199 } 199 }
200 200
@@ -208,7 +208,7 @@ bn_strong_lucas_test(int *is_prime, const BIGNUM *n, const BIGNUM *D,
208 goto err; 208 goto err;
209 209
210 if (BN_is_zero(V)) { 210 if (BN_is_zero(V)) {
211 *is_prime = 1; 211 *is_pseudoprime = 1;
212 goto done; 212 goto done;
213 } 213 }
214 } 214 }
@@ -217,7 +217,7 @@ bn_strong_lucas_test(int *is_prime, const BIGNUM *n, const BIGNUM *D,
217 * If we got here, n is definitely composite. 217 * If we got here, n is definitely composite.
218 */ 218 */
219 219
220 *is_prime = 0; 220 *is_pseudoprime = 0;
221 221
222 done: 222 done:
223 ret = 1; 223 ret = 1;
@@ -235,7 +235,7 @@ bn_strong_lucas_test(int *is_prime, const BIGNUM *n, const BIGNUM *D,
235 */ 235 */
236 236
237static int 237static int
238bn_strong_lucas_selfridge(int *is_prime, const BIGNUM *n, BN_CTX *ctx) 238bn_strong_lucas_selfridge(int *is_pseudoprime, const BIGNUM *n, BN_CTX *ctx)
239{ 239{
240 BIGNUM *D, *two; 240 BIGNUM *D, *two;
241 int is_perfect_square, jacobi_symbol, sign; 241 int is_perfect_square, jacobi_symbol, sign;
@@ -247,7 +247,7 @@ bn_strong_lucas_selfridge(int *is_prime, const BIGNUM *n, BN_CTX *ctx)
247 if (!bn_is_perfect_square(&is_perfect_square, n, ctx)) 247 if (!bn_is_perfect_square(&is_perfect_square, n, ctx))
248 goto err; 248 goto err;
249 if (is_perfect_square) { 249 if (is_perfect_square) {
250 *is_prime = 0; 250 *is_pseudoprime = 0;
251 goto done; 251 goto done;
252 } 252 }
253 253
@@ -278,7 +278,7 @@ bn_strong_lucas_selfridge(int *is_prime, const BIGNUM *n, BN_CTX *ctx)
278 278
279 /* n and D have prime factors in common. */ 279 /* n and D have prime factors in common. */
280 if (jacobi_symbol == 0) { 280 if (jacobi_symbol == 0) {
281 *is_prime = 0; 281 *is_pseudoprime = 0;
282 goto done; 282 goto done;
283 } 283 }
284 284
@@ -288,7 +288,7 @@ bn_strong_lucas_selfridge(int *is_prime, const BIGNUM *n, BN_CTX *ctx)
288 BN_set_negative(D, sign == -1); 288 BN_set_negative(D, sign == -1);
289 } 289 }
290 290
291 if (!bn_strong_lucas_test(is_prime, n, D, ctx)) 291 if (!bn_strong_lucas_test(is_pseudoprime, n, D, ctx))
292 goto err; 292 goto err;
293 293
294 done: 294 done:
@@ -318,7 +318,7 @@ bn_strong_lucas_selfridge(int *is_prime, const BIGNUM *n, BN_CTX *ctx)
318 */ 318 */
319 319
320static int 320static int
321bn_fermat(int *is_prime, const BIGNUM *n, const BIGNUM *n_minus_one, 321bn_fermat(int *is_pseudoprime, const BIGNUM *n, const BIGNUM *n_minus_one,
322 const BIGNUM *k, int s, const BIGNUM *base, BN_CTX *ctx, BN_MONT_CTX *mctx) 322 const BIGNUM *k, int s, const BIGNUM *base, BN_CTX *ctx, BN_MONT_CTX *mctx)
323{ 323{
324 BIGNUM *power; 324 BIGNUM *power;
@@ -338,7 +338,7 @@ bn_fermat(int *is_prime, const BIGNUM *n, const BIGNUM *n_minus_one,
338 goto err; 338 goto err;
339 339
340 if (BN_is_one(power) || BN_cmp(power, n_minus_one) == 0) { 340 if (BN_is_one(power) || BN_cmp(power, n_minus_one) == 0) {
341 *is_prime = 1; 341 *is_pseudoprime = 1;
342 goto done; 342 goto done;
343 } 343 }
344 344
@@ -349,13 +349,13 @@ bn_fermat(int *is_prime, const BIGNUM *n, const BIGNUM *n_minus_one,
349 349
350 /* n is a pseudoprime for base. */ 350 /* n is a pseudoprime for base. */
351 if (BN_cmp(power, n_minus_one) == 0) { 351 if (BN_cmp(power, n_minus_one) == 0) {
352 *is_prime = 1; 352 *is_pseudoprime = 1;
353 goto done; 353 goto done;
354 } 354 }
355 355
356 /* n is composite: there's a square root of unity != 1 or -1. */ 356 /* n is composite: there's a square root of unity != 1 or -1. */
357 if (BN_is_one(power)) { 357 if (BN_is_one(power)) {
358 *is_prime = 0; 358 *is_pseudoprime = 0;
359 goto done; 359 goto done;
360 } 360 }
361 } 361 }
@@ -364,7 +364,7 @@ bn_fermat(int *is_prime, const BIGNUM *n, const BIGNUM *n_minus_one,
364 * If we get here, n is definitely composite: base^(n-1) != 1. 364 * If we get here, n is definitely composite: base^(n-1) != 1.
365 */ 365 */
366 366
367 *is_prime = 0; 367 *is_pseudoprime = 0;
368 368
369 done: 369 done:
370 ret = 1; 370 ret = 1;
@@ -377,11 +377,12 @@ bn_fermat(int *is_prime, const BIGNUM *n, const BIGNUM *n_minus_one,
377 377
378/* 378/*
379 * Miller-Rabin primality test for base 2 and for |rounds| of random bases. 379 * Miller-Rabin primality test for base 2 and for |rounds| of random bases.
380 * On success: is_prime == 0 implies n is composite - the converse is false. 380 * On success: is_pseudoprime == 0 implies that n is composite.
381 */ 381 */
382 382
383static int 383static int
384bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds) 384bn_miller_rabin(int *is_pseudoprime, const BIGNUM *n, BN_CTX *ctx,
385 size_t rounds)
385{ 386{
386 BN_MONT_CTX *mctx = NULL; 387 BN_MONT_CTX *mctx = NULL;
387 BIGNUM *base, *k, *n_minus_one, *three; 388 BIGNUM *base, *k, *n_minus_one, *three;
@@ -401,12 +402,12 @@ bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds)
401 goto err; 402 goto err;
402 403
403 if (BN_is_word(n, 2) || BN_is_word(n, 3)) { 404 if (BN_is_word(n, 2) || BN_is_word(n, 3)) {
404 *is_prime = 1; 405 *is_pseudoprime = 1;
405 goto done; 406 goto done;
406 } 407 }
407 408
408 if (BN_cmp(n, BN_value_one()) <= 0 || !BN_is_odd(n)) { 409 if (BN_cmp(n, BN_value_one()) <= 0 || !BN_is_odd(n)) {
409 *is_prime = 0; 410 *is_pseudoprime = 0;
410 goto done; 411 goto done;
411 } 412 }
412 413
@@ -440,9 +441,9 @@ bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds)
440 if (!BN_set_word(base, 2)) 441 if (!BN_set_word(base, 2))
441 goto err; 442 goto err;
442 443
443 if (!bn_fermat(is_prime, n, n_minus_one, k, s, base, ctx, mctx)) 444 if (!bn_fermat(is_pseudoprime, n, n_minus_one, k, s, base, ctx, mctx))
444 goto err; 445 goto err;
445 if (!*is_prime) 446 if (!*is_pseudoprime)
446 goto done; 447 goto done;
447 448
448 /* 449 /*
@@ -457,9 +458,10 @@ bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds)
457 if (!bn_rand_interval(base, three, n_minus_one)) 458 if (!bn_rand_interval(base, three, n_minus_one))
458 goto err; 459 goto err;
459 460
460 if (!bn_fermat(is_prime, n, n_minus_one, k, s, base, ctx, mctx)) 461 if (!bn_fermat(is_pseudoprime, n, n_minus_one, k, s, base, ctx,
462 mctx))
461 goto err; 463 goto err;
462 if (!*is_prime) 464 if (!*is_pseudoprime)
463 goto done; 465 goto done;
464 } 466 }
465 467
@@ -467,7 +469,7 @@ bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds)
467 * If we got here, we have a Miller-Rabin pseudoprime. 469 * If we got here, we have a Miller-Rabin pseudoprime.
468 */ 470 */
469 471
470 *is_prime = 1; 472 *is_pseudoprime = 1;
471 473
472 done: 474 done:
473 ret = 1; 475 ret = 1;
@@ -485,7 +487,8 @@ bn_miller_rabin(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds)
485 */ 487 */
486 488
487int 489int
488bn_is_prime_bpsw(int *is_prime, const BIGNUM *n, BN_CTX *in_ctx, size_t rounds) 490bn_is_prime_bpsw(int *is_pseudoprime, const BIGNUM *n, BN_CTX *in_ctx,
491 size_t rounds)
489{ 492{
490 BN_CTX *ctx = NULL; 493 BN_CTX *ctx = NULL;
491 BN_ULONG mod; 494 BN_ULONG mod;
@@ -493,12 +496,12 @@ bn_is_prime_bpsw(int *is_prime, const BIGNUM *n, BN_CTX *in_ctx, size_t rounds)
493 int ret = 0; 496 int ret = 0;
494 497
495 if (BN_is_word(n, 2)) { 498 if (BN_is_word(n, 2)) {
496 *is_prime = 1; 499 *is_pseudoprime = 1;
497 goto done; 500 goto done;
498 } 501 }
499 502
500 if (BN_cmp(n, BN_value_one()) <= 0 || !BN_is_odd(n)) { 503 if (BN_cmp(n, BN_value_one()) <= 0 || !BN_is_odd(n)) {
501 *is_prime = 0; 504 *is_pseudoprime = 0;
502 goto done; 505 goto done;
503 } 506 }
504 507
@@ -507,7 +510,7 @@ bn_is_prime_bpsw(int *is_prime, const BIGNUM *n, BN_CTX *in_ctx, size_t rounds)
507 if ((mod = BN_mod_word(n, primes[i])) == (BN_ULONG)-1) 510 if ((mod = BN_mod_word(n, primes[i])) == (BN_ULONG)-1)
508 goto err; 511 goto err;
509 if (mod == 0) { 512 if (mod == 0) {
510 *is_prime = BN_is_word(n, primes[i]); 513 *is_pseudoprime = BN_is_word(n, primes[i]);
511 goto done; 514 goto done;
512 } 515 }
513 } 516 }
@@ -517,12 +520,12 @@ bn_is_prime_bpsw(int *is_prime, const BIGNUM *n, BN_CTX *in_ctx, size_t rounds)
517 if (ctx == NULL) 520 if (ctx == NULL)
518 goto err; 521 goto err;
519 522
520 if (!bn_miller_rabin(is_prime, n, ctx, rounds)) 523 if (!bn_miller_rabin(is_pseudoprime, n, ctx, rounds))
521 goto err; 524 goto err;
522 if (!*is_prime) 525 if (!*is_pseudoprime)
523 goto done; 526 goto done;
524 527
525 if (!bn_strong_lucas_selfridge(is_prime, n, ctx)) 528 if (!bn_strong_lucas_selfridge(is_pseudoprime, n, ctx))
526 goto err; 529 goto err;
527 530
528 done: 531 done:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-21 13:03:41 +0000