summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/bn/bn_x931p.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/bn/bn_x931p.c')
-rw-r--r--src/lib/libcrypto/bn/bn_x931p.c30
1 files changed, 20 insertions, 10 deletions
diff --git a/src/lib/libcrypto/bn/bn_x931p.c b/src/lib/libcrypto/bn/bn_x931p.c
index 45b61c9128..55ca21c08c 100644
--- a/src/lib/libcrypto/bn/bn_x931p.c
+++ b/src/lib/libcrypto/bn/bn_x931p.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_x931p.c,v 1.10 2017/01/25 06:15:44 beck Exp $ */ 1/* $OpenBSD: bn_x931p.c,v 1.11 2019/01/20 01:56:59 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2005. 3 * project 2005.
4 */ 4 */
@@ -71,7 +71,7 @@
71static int 71static int
72bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb) 72bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb)
73{ 73{
74 int i = 0; 74 int i = 0, is_prime;
75 75
76 if (!BN_copy(pi, Xpi)) 76 if (!BN_copy(pi, Xpi))
77 return 0; 77 return 0;
@@ -81,7 +81,10 @@ bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb)
81 i++; 81 i++;
82 BN_GENCB_call(cb, 0, i); 82 BN_GENCB_call(cb, 0, i);
83 /* NB 27 MR is specificed in X9.31 */ 83 /* NB 27 MR is specificed in X9.31 */
84 if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) 84 is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb);
85 if (is_prime < 0)
86 return 0;
87 if (is_prime == 1)
85 break; 88 break;
86 if (!BN_add_word(pi, 2)) 89 if (!BN_add_word(pi, 2))
87 return 0; 90 return 0;
@@ -173,13 +176,20 @@ BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp,
173 goto err; 176 goto err;
174 if (!BN_gcd_ct(t, pm1, e, ctx)) 177 if (!BN_gcd_ct(t, pm1, e, ctx))
175 goto err; 178 goto err;
176 if (BN_is_one(t) 179 if (BN_is_one(t)) {
177 /* X9.31 specifies 8 MR and 1 Lucas test or any prime test 180 int r;
178 * offering similar or better guarantees 50 MR is considerably 181
179 * better. 182 /*
180 */ 183 * X9.31 specifies 8 MR and 1 Lucas test or any prime
181 && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) 184 * test offering similar or better guarantees 50 MR
182 break; 185 * is considerably better.
186 */
187 r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb);
188 if (r < 0)
189 goto err;
190 if (r == 1)
191 break;
192 }
183 if (!BN_add(p, p, p1p2)) 193 if (!BN_add(p, p, p1p2))
184 goto err; 194 goto err;
185 } 195 }