diff options
Diffstat (limited to 'src/lib/libcrypto/bn/bn_prime.c')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_prime.c | 126 |
1 files changed, 50 insertions, 76 deletions
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c index 0c85f70b59..6fa0f9be1e 100644 --- a/src/lib/libcrypto/bn/bn_prime.c +++ b/src/lib/libcrypto/bn/bn_prime.c | |||
| @@ -60,7 +60,7 @@ | |||
| 60 | #include <time.h> | 60 | #include <time.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "bn_lcl.h" | 62 | #include "bn_lcl.h" |
| 63 | #include "rand.h" | 63 | #include <openssl/rand.h> |
| 64 | 64 | ||
| 65 | /* The quick seive algorithm approach to weeding out primes is | 65 | /* The quick seive algorithm approach to weeding out primes is |
| 66 | * Philip Zimmermann's, as implemented in PGP. I have had a read of | 66 | * Philip Zimmermann's, as implemented in PGP. I have had a read of |
| @@ -68,7 +68,6 @@ | |||
| 68 | */ | 68 | */ |
| 69 | #include "bn_prime.h" | 69 | #include "bn_prime.h" |
| 70 | 70 | ||
| 71 | #ifndef NOPROTO | ||
| 72 | static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2, | 71 | static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2, |
| 73 | BN_MONT_CTX *mont); | 72 | BN_MONT_CTX *mont); |
| 74 | static int probable_prime(BIGNUM *rnd, int bits); | 73 | static int probable_prime(BIGNUM *rnd, int bits); |
| @@ -76,32 +75,23 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, | |||
| 76 | BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); | 75 | BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); |
| 77 | static int probable_prime_dh_strong(BIGNUM *rnd, int bits, | 76 | static int probable_prime_dh_strong(BIGNUM *rnd, int bits, |
| 78 | BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); | 77 | BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); |
| 79 | #else | 78 | BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int strong, BIGNUM *add, |
| 80 | static int witness(); | 79 | BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg) |
| 81 | static int probable_prime(); | ||
| 82 | static int probable_prime_dh(); | ||
| 83 | static int probable_prime_dh_strong(); | ||
| 84 | #endif | ||
| 85 | |||
| 86 | BIGNUM *BN_generate_prime(bits,strong,add,rem,callback,cb_arg) | ||
| 87 | int bits; | ||
| 88 | int strong; | ||
| 89 | BIGNUM *add; | ||
| 90 | BIGNUM *rem; | ||
| 91 | void (*callback)(P_I_I_P); | ||
| 92 | char *cb_arg; | ||
| 93 | { | 80 | { |
| 94 | BIGNUM *rnd=NULL; | 81 | BIGNUM *rnd=NULL; |
| 95 | BIGNUM *ret=NULL; | 82 | BIGNUM t; |
| 96 | BIGNUM *t=NULL; | ||
| 97 | int i,j,c1=0; | 83 | int i,j,c1=0; |
| 98 | BN_CTX *ctx; | 84 | BN_CTX *ctx; |
| 99 | 85 | ||
| 100 | ctx=BN_CTX_new(); | 86 | ctx=BN_CTX_new(); |
| 101 | if (ctx == NULL) goto err; | 87 | if (ctx == NULL) goto err; |
| 102 | if ((rnd=BN_new()) == NULL) goto err; | 88 | if (ret == NULL) |
| 103 | if (strong) | 89 | { |
| 104 | if ((t=BN_new()) == NULL) goto err; | 90 | if ((rnd=BN_new()) == NULL) goto err; |
| 91 | } | ||
| 92 | else | ||
| 93 | rnd=ret; | ||
| 94 | BN_init(&t); | ||
| 105 | loop: | 95 | loop: |
| 106 | /* make a random number and set the top and bottom bits */ | 96 | /* make a random number and set the top and bottom bits */ |
| 107 | if (add == NULL) | 97 | if (add == NULL) |
| @@ -136,7 +126,7 @@ loop: | |||
| 136 | * check that (p-1)/2 is prime. | 126 | * check that (p-1)/2 is prime. |
| 137 | * Since a prime is odd, We just | 127 | * Since a prime is odd, We just |
| 138 | * need to divide by 2 */ | 128 | * need to divide by 2 */ |
| 139 | if (!BN_rshift1(t,rnd)) goto err; | 129 | if (!BN_rshift1(&t,rnd)) goto err; |
| 140 | 130 | ||
| 141 | for (i=0; i<BN_prime_checks; i++) | 131 | for (i=0; i<BN_prime_checks; i++) |
| 142 | { | 132 | { |
| @@ -144,7 +134,7 @@ loop: | |||
| 144 | if (j == -1) goto err; | 134 | if (j == -1) goto err; |
| 145 | if (j == 0) goto loop; | 135 | if (j == 0) goto loop; |
| 146 | 136 | ||
| 147 | j=BN_is_prime(t,1,callback,ctx,cb_arg); | 137 | j=BN_is_prime(&t,1,callback,ctx,cb_arg); |
| 148 | if (j == -1) goto err; | 138 | if (j == -1) goto err; |
| 149 | if (j == 0) goto loop; | 139 | if (j == 0) goto loop; |
| 150 | 140 | ||
| @@ -156,17 +146,13 @@ loop: | |||
| 156 | ret=rnd; | 146 | ret=rnd; |
| 157 | err: | 147 | err: |
| 158 | if ((ret == NULL) && (rnd != NULL)) BN_free(rnd); | 148 | if ((ret == NULL) && (rnd != NULL)) BN_free(rnd); |
| 159 | if (t != NULL) BN_free(t); | 149 | BN_free(&t); |
| 160 | if (ctx != NULL) BN_CTX_free(ctx); | 150 | if (ctx != NULL) BN_CTX_free(ctx); |
| 161 | return(ret); | 151 | return(ret); |
| 162 | } | 152 | } |
| 163 | 153 | ||
| 164 | int BN_is_prime(a,checks,callback,ctx_passed,cb_arg) | 154 | int BN_is_prime(BIGNUM *a, int checks, void (*callback)(int,int,void *), |
| 165 | BIGNUM *a; | 155 | BN_CTX *ctx_passed, void *cb_arg) |
| 166 | int checks; | ||
| 167 | void (*callback)(P_I_I_P); | ||
| 168 | BN_CTX *ctx_passed; | ||
| 169 | char *cb_arg; | ||
| 170 | { | 156 | { |
| 171 | int i,j,c2=0,ret= -1; | 157 | int i,j,c2=0,ret= -1; |
| 172 | BIGNUM *check; | 158 | BIGNUM *check; |
| @@ -183,7 +169,7 @@ char *cb_arg; | |||
| 183 | if ((ctx2=BN_CTX_new()) == NULL) goto err; | 169 | if ((ctx2=BN_CTX_new()) == NULL) goto err; |
| 184 | if ((mont=BN_MONT_CTX_new()) == NULL) goto err; | 170 | if ((mont=BN_MONT_CTX_new()) == NULL) goto err; |
| 185 | 171 | ||
| 186 | check=ctx->bn[ctx->tos++]; | 172 | check= &(ctx->bn[ctx->tos++]); |
| 187 | 173 | ||
| 188 | /* Setup the montgomery structure */ | 174 | /* Setup the montgomery structure */ |
| 189 | if (!BN_MONT_CTX_set(mont,a,ctx2)) goto err; | 175 | if (!BN_MONT_CTX_set(mont,a,ctx2)) goto err; |
| @@ -214,24 +200,21 @@ err: | |||
| 214 | 200 | ||
| 215 | #define RECP_MUL_MOD | 201 | #define RECP_MUL_MOD |
| 216 | 202 | ||
| 217 | static int witness(a,n,ctx,ctx2,mont) | 203 | static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx, BN_CTX *ctx2, |
| 218 | BIGNUM *a; | 204 | BN_MONT_CTX *mont) |
| 219 | BIGNUM *n; | ||
| 220 | BN_CTX *ctx,*ctx2; | ||
| 221 | BN_MONT_CTX *mont; | ||
| 222 | { | 205 | { |
| 223 | int k,i,ret= -1,good; | 206 | int k,i,ret= -1,good; |
| 224 | BIGNUM *d,*dd,*tmp,*d1,*d2,*n1; | 207 | BIGNUM *d,*dd,*tmp,*d1,*d2,*n1; |
| 225 | BIGNUM *mont_one,*mont_n1,*mont_a; | 208 | BIGNUM *mont_one,*mont_n1,*mont_a; |
| 226 | 209 | ||
| 227 | d1=ctx->bn[ctx->tos]; | 210 | d1= &(ctx->bn[ctx->tos]); |
| 228 | d2=ctx->bn[ctx->tos+1]; | 211 | d2= &(ctx->bn[ctx->tos+1]); |
| 229 | n1=ctx->bn[ctx->tos+2]; | 212 | n1= &(ctx->bn[ctx->tos+2]); |
| 230 | ctx->tos+=3; | 213 | ctx->tos+=3; |
| 231 | 214 | ||
| 232 | mont_one=ctx2->bn[ctx2->tos]; | 215 | mont_one= &(ctx2->bn[ctx2->tos]); |
| 233 | mont_n1=ctx2->bn[ctx2->tos+1]; | 216 | mont_n1= &(ctx2->bn[ctx2->tos+1]); |
| 234 | mont_a=ctx2->bn[ctx2->tos+2]; | 217 | mont_a= &(ctx2->bn[ctx2->tos+2]); |
| 235 | ctx2->tos+=3; | 218 | ctx2->tos+=3; |
| 236 | 219 | ||
| 237 | d=d1; | 220 | d=d1; |
| @@ -254,7 +237,7 @@ BN_MONT_CTX *mont; | |||
| 254 | good=0; | 237 | good=0; |
| 255 | 238 | ||
| 256 | BN_mod_mul_montgomery(dd,d,d,mont,ctx2); | 239 | BN_mod_mul_montgomery(dd,d,d,mont,ctx2); |
| 257 | 240 | ||
| 258 | if (good && (BN_cmp(dd,mont_one) == 0)) | 241 | if (good && (BN_cmp(dd,mont_one) == 0)) |
| 259 | { | 242 | { |
| 260 | ret=1; | 243 | ret=1; |
| @@ -281,14 +264,13 @@ err: | |||
| 281 | return(ret); | 264 | return(ret); |
| 282 | } | 265 | } |
| 283 | 266 | ||
| 284 | static int probable_prime(rnd, bits) | 267 | static int probable_prime(BIGNUM *rnd, int bits) |
| 285 | BIGNUM *rnd; | ||
| 286 | int bits; | ||
| 287 | { | 268 | { |
| 288 | int i; | 269 | int i; |
| 289 | MS_STATIC BN_ULONG mods[NUMPRIMES]; | 270 | MS_STATIC BN_ULONG mods[NUMPRIMES]; |
| 290 | BN_ULONG delta; | 271 | BN_ULONG delta,d; |
| 291 | 272 | ||
| 273 | again: | ||
| 292 | if (!BN_rand(rnd,bits,1,1)) return(0); | 274 | if (!BN_rand(rnd,bits,1,1)) return(0); |
| 293 | /* we now have a random number 'rand' to test. */ | 275 | /* we now have a random number 'rand' to test. */ |
| 294 | for (i=1; i<NUMPRIMES; i++) | 276 | for (i=1; i<NUMPRIMES; i++) |
| @@ -300,9 +282,12 @@ int bits; | |||
| 300 | * that gcd(rnd-1,primes) == 1 (except for 2) */ | 282 | * that gcd(rnd-1,primes) == 1 (except for 2) */ |
| 301 | if (((mods[i]+delta)%primes[i]) <= 1) | 283 | if (((mods[i]+delta)%primes[i]) <= 1) |
| 302 | { | 284 | { |
| 285 | d=delta; | ||
| 303 | delta+=2; | 286 | delta+=2; |
| 304 | /* perhaps need to check for overflow of | 287 | /* perhaps need to check for overflow of |
| 305 | * delta (but delta can be upto 2^32) */ | 288 | * delta (but delta can be upto 2^32) |
| 289 | * 21-May-98 eay - added overflow check */ | ||
| 290 | if (delta < d) goto again; | ||
| 306 | goto loop; | 291 | goto loop; |
| 307 | } | 292 | } |
| 308 | } | 293 | } |
| @@ -310,17 +295,13 @@ int bits; | |||
| 310 | return(1); | 295 | return(1); |
| 311 | } | 296 | } |
| 312 | 297 | ||
| 313 | static int probable_prime_dh(rnd, bits, add, rem,ctx) | 298 | static int probable_prime_dh(BIGNUM *rnd, int bits, BIGNUM *add, BIGNUM *rem, |
| 314 | BIGNUM *rnd; | 299 | BN_CTX *ctx) |
| 315 | int bits; | ||
| 316 | BIGNUM *add; | ||
| 317 | BIGNUM *rem; | ||
| 318 | BN_CTX *ctx; | ||
| 319 | { | 300 | { |
| 320 | int i,ret=0; | 301 | int i,ret=0; |
| 321 | BIGNUM *t1; | 302 | BIGNUM *t1; |
| 322 | 303 | ||
| 323 | t1=ctx->bn[ctx->tos++]; | 304 | t1= &(ctx->bn[ctx->tos++]); |
| 324 | 305 | ||
| 325 | if (!BN_rand(rnd,bits,0,1)) goto err; | 306 | if (!BN_rand(rnd,bits,0,1)) goto err; |
| 326 | 307 | ||
| @@ -338,7 +319,7 @@ BN_CTX *ctx; | |||
| 338 | loop: for (i=1; i<NUMPRIMES; i++) | 319 | loop: for (i=1; i<NUMPRIMES; i++) |
| 339 | { | 320 | { |
| 340 | /* check that rnd is a prime */ | 321 | /* check that rnd is a prime */ |
| 341 | if (BN_mod_word(rnd,(BN_LONG)primes[i]) <= 1) | 322 | if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1) |
| 342 | { | 323 | { |
| 343 | if (!BN_add(rnd,rnd,add)) goto err; | 324 | if (!BN_add(rnd,rnd,add)) goto err; |
| 344 | goto loop; | 325 | goto loop; |
| @@ -350,20 +331,16 @@ err: | |||
| 350 | return(ret); | 331 | return(ret); |
| 351 | } | 332 | } |
| 352 | 333 | ||
| 353 | static int probable_prime_dh_strong(p, bits, padd, rem,ctx) | 334 | static int probable_prime_dh_strong(BIGNUM *p, int bits, BIGNUM *padd, |
| 354 | BIGNUM *p; | 335 | BIGNUM *rem, BN_CTX *ctx) |
| 355 | int bits; | ||
| 356 | BIGNUM *padd; | ||
| 357 | BIGNUM *rem; | ||
| 358 | BN_CTX *ctx; | ||
| 359 | { | 336 | { |
| 360 | int i,ret=0; | 337 | int i,ret=0; |
| 361 | BIGNUM *t1,*qadd=NULL,*q=NULL; | 338 | BIGNUM *t1,*qadd=NULL,*q=NULL; |
| 362 | 339 | ||
| 363 | bits--; | 340 | bits--; |
| 364 | t1=ctx->bn[ctx->tos++]; | 341 | t1= &(ctx->bn[ctx->tos++]); |
| 365 | q=ctx->bn[ctx->tos++]; | 342 | q= &(ctx->bn[ctx->tos++]); |
| 366 | qadd=ctx->bn[ctx->tos++]; | 343 | qadd= &(ctx->bn[ctx->tos++]); |
| 367 | 344 | ||
| 368 | if (!BN_rshift1(qadd,padd)) goto err; | 345 | if (!BN_rshift1(qadd,padd)) goto err; |
| 369 | 346 | ||
| @@ -389,8 +366,8 @@ BN_CTX *ctx; | |||
| 389 | /* check that p and q are prime */ | 366 | /* check that p and q are prime */ |
| 390 | /* check that for p and q | 367 | /* check that for p and q |
| 391 | * gcd(p-1,primes) == 1 (except for 2) */ | 368 | * gcd(p-1,primes) == 1 (except for 2) */ |
| 392 | if ( (BN_mod_word(p,(BN_LONG)primes[i]) == 0) || | 369 | if ( (BN_mod_word(p,(BN_ULONG)primes[i]) == 0) || |
| 393 | (BN_mod_word(q,(BN_LONG)primes[i]) == 0)) | 370 | (BN_mod_word(q,(BN_ULONG)primes[i]) == 0)) |
| 394 | { | 371 | { |
| 395 | if (!BN_add(p,p,padd)) goto err; | 372 | if (!BN_add(p,p,padd)) goto err; |
| 396 | if (!BN_add(q,q,qadd)) goto err; | 373 | if (!BN_add(q,q,qadd)) goto err; |
| @@ -404,20 +381,17 @@ err: | |||
| 404 | } | 381 | } |
| 405 | 382 | ||
| 406 | #if 0 | 383 | #if 0 |
| 407 | static int witness(a, n,ctx) | 384 | static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx) |
| 408 | BIGNUM *a; | ||
| 409 | BIGNUM *n; | ||
| 410 | BN_CTX *ctx; | ||
| 411 | { | 385 | { |
| 412 | int k,i,nb,ret= -1; | 386 | int k,i,nb,ret= -1; |
| 413 | BIGNUM *d,*dd,*tmp; | 387 | BIGNUM *d,*dd,*tmp; |
| 414 | BIGNUM *d1,*d2,*x,*n1,*inv; | 388 | BIGNUM *d1,*d2,*x,*n1,*inv; |
| 415 | 389 | ||
| 416 | d1=ctx->bn[ctx->tos]; | 390 | d1= &(ctx->bn[ctx->tos]); |
| 417 | d2=ctx->bn[ctx->tos+1]; | 391 | d2= &(ctx->bn[ctx->tos+1]); |
| 418 | x=ctx->bn[ctx->tos+2]; | 392 | x= &(ctx->bn[ctx->tos+2]); |
| 419 | n1=ctx->bn[ctx->tos+3]; | 393 | n1= &(ctx->bn[ctx->tos+3]); |
| 420 | inv=ctx->bn[ctx->tos+4]; | 394 | inv=&(ctx->bn[ctx->tos+4]); |
| 421 | ctx->tos+=5; | 395 | ctx->tos+=5; |
| 422 | 396 | ||
| 423 | d=d1; | 397 | d=d1; |