1 files changed, 0 insertions, 333 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
deleted file mode 100644
index b5e5ec06e5..0000000000
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/* crypto/dsa/dsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#undef GENUINE_DSA
-#ifdef GENUINE_DSA
-#define HASH    SHA
-#else
-#define HASH    SHA1
-#endif 
-#ifndef NO_SHA
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/sha.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
-             int *counter_ret, unsigned long *h_ret, void (*callback)(),
-             char *cb_arg)
-        {
-        int ok=0;
-        unsigned char seed[SHA_DIGEST_LENGTH];
-        unsigned char md[SHA_DIGEST_LENGTH];
-        unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
-        BIGNUM *r0,*W,*X,*c,*test;
-        BIGNUM *g=NULL,*q=NULL,*p=NULL;
-        BN_MONT_CTX *mont=NULL;
-        int k,n=0,i,b,m=0;
-        int counter=0;
-        BN_CTX *ctx=NULL,*ctx2=NULL;
-        unsigned int h=2;
-        DSA *ret=NULL;
-        if (bits < 512) bits=512;
-        bits=(bits+63)/64*64;
-        if ((seed_in != NULL) && (seed_len == 20))
-                memcpy(seed,seed_in,seed_len);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        if ((ctx2=BN_CTX_new()) == NULL) goto err;
-        if ((ret=DSA_new()) == NULL) goto err;
-        if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-        r0= &(ctx2->bn[0]);
-        g= &(ctx2->bn[1]);
-        W= &(ctx2->bn[2]);
-        q= &(ctx2->bn[3]);
-        X= &(ctx2->bn[4]);
-        c= &(ctx2->bn[5]);
-        p= &(ctx2->bn[6]);
-        test= &(ctx2->bn[7]);
-        BN_lshift(test,BN_value_one(),bits-1);
-        for (;;)
-                {
-                for (;;)
-                        {
-                        /* step 1 */
-                        if (callback != NULL) callback(0,m++,cb_arg);
-                        if (!seed_len)
-                                RAND_bytes(seed,SHA_DIGEST_LENGTH);
-                        else
-                                seed_len=0;
-                        memcpy(buf,seed,SHA_DIGEST_LENGTH);
-                        memcpy(buf2,seed,SHA_DIGEST_LENGTH);
-                        for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
-                                {
-                                buf[i]++;
-                                if (buf[i] != 0) break;
-                                }
-                        /* step 2 */
-                        HASH(seed,SHA_DIGEST_LENGTH,md);
-                        HASH(buf,SHA_DIGEST_LENGTH,buf2);
-                        for (i=0; i<SHA_DIGEST_LENGTH; i++)
-                                md[i]^=buf2[i];
-                        /* step 3 */
-                        md[0]|=0x80;
-                        md[SHA_DIGEST_LENGTH-1]|=0x01;
-                        if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort();
-                        /* step 4 */
-                        if (DSA_is_prime(q,callback,cb_arg) > 0) break;
-                        /* do a callback call */
-                        /* step 5 */
-                        }
-                if (callback != NULL) callback(2,0,cb_arg);
-                if (callback != NULL) callback(3,0,cb_arg);
-                /* step 6 */
-                counter=0;
-                n=(bits-1)/160;
-                b=(bits-1)-n*160;
-                for (;;)
-                        {
-                        /* step 7 */
-                        BN_zero(W);
-                        for (k=0; k<=n; k++)
-                                {
-                                for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
-                                        {
-                                        buf[i]++;
-                                        if (buf[i] != 0) break;
-                                        }
-                                HASH(buf,SHA_DIGEST_LENGTH,md);
-                                /* step 8 */
-                                if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort();
-                                BN_lshift(r0,r0,160*k);
-                                BN_add(W,W,r0);
-                                }
-                        /* more of step 8 */
-                        BN_mask_bits(W,bits-1);
-                        BN_copy(X,W); /* this should be ok */
-                        BN_add(X,X,test); /* this should be ok */
-                        /* step 9 */
-                        BN_lshift1(r0,q);
-                        BN_mod(c,X,r0,ctx);
-                        BN_sub(r0,c,BN_value_one());
-                        BN_sub(p,X,r0);
-                        /* step 10 */
-                        if (BN_cmp(p,test) >= 0)
-                                {
-                                /* step 11 */
-                                if (DSA_is_prime(p,callback,cb_arg) > 0)
-                                        goto end;
-                                }
-                        /* step 13 */
-                        counter++;
-                        /* step 14 */
-                        if (counter >= 4096) break;
-                        if (callback != NULL) callback(0,counter,cb_arg);
-                        }
-                }
-end:
-        if (callback != NULL) callback(2,1,cb_arg);
-        /* We now need to gernerate g */
-        /* Set r0=(p-1)/q */
-        BN_sub(test,p,BN_value_one());
-        BN_div(r0,NULL,test,q,ctx);
-        BN_set_word(test,h);
-        BN_MONT_CTX_set(mont,p,ctx);
-        for (;;)
-                {
-                /* g=test^r0%p */
-                BN_mod_exp_mont(g,test,r0,p,ctx,mont);
-                if (!BN_is_one(g)) break;
-                BN_add(test,test,BN_value_one());
-                h++;
-                }
-        if (callback != NULL) callback(3,1,cb_arg);
-        ok=1;
-err:
-        if (!ok)
-                {
-                if (ret != NULL) DSA_free(ret);
-                }
-        else
-                {
-                ret->p=BN_dup(p);
-                ret->q=BN_dup(q);
-                ret->g=BN_dup(g);
-                if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
-                if (counter_ret != NULL) *counter_ret=counter;
-                if (h_ret != NULL) *h_ret=h;
-                }
-        if (ctx != NULL) BN_CTX_free(ctx);
-        if (ctx != NULL) BN_CTX_free(ctx2);
-        if (mont != NULL) BN_MONT_CTX_free(mont);
-        return(ok?ret:NULL);
-        }
-int DSA_is_prime(BIGNUM *w, void (*callback)(), char *cb_arg)
-        {
-        int ok= -1,j,i,n;
-        BN_CTX *ctx=NULL,*ctx2=NULL;
-        BIGNUM *w_1,*b,*m,*z,*tmp,*mont_1;
-        int a;
-        BN_MONT_CTX *mont=NULL;
-        if (!BN_is_bit_set(w,0)) return(0);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        if ((ctx2=BN_CTX_new()) == NULL) goto err;
-        if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-        m=   &(ctx2->bn[2]);
-        b=   &(ctx2->bn[3]);
-        z=   &(ctx2->bn[4]);
-        w_1= &(ctx2->bn[5]);
-        tmp= &(ctx2->bn[6]);
-        mont_1= &(ctx2->bn[7]);
-        /* step 1 */
-        n=50;
-        /* step 2 */
-        if (!BN_sub(w_1,w,BN_value_one())) goto err;
-        for (a=1; !BN_is_bit_set(w_1,a); a++)
-                ;
-        if (!BN_rshift(m,w_1,a)) goto err;
-        BN_MONT_CTX_set(mont,w,ctx);
-        BN_to_montgomery(mont_1,BN_value_one(),mont,ctx);
-        BN_to_montgomery(w_1,w_1,mont,ctx);
-        for (i=1; i < n; i++)
-                {
-                /* step 3 */
-                BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0);
-                /* BN_set_word(b,0x10001L); */
-                /* step 4 */
-                j=0;
-                if (!BN_mod_exp_mont(z,b,m,w,ctx,mont)) goto err;
-                if (!BN_to_montgomery(z,z,mont,ctx)) goto err;
-                /* step 5 */
-                for (;;)
-                        {
-                        if (((j == 0) && (BN_cmp(z,mont_1) == 0)) ||
-                                (BN_cmp(z,w_1) == 0))
-                                break;
-                        /* step 6 */
-                        if ((j > 0) && (BN_cmp(z,mont_1) == 0))
-                                {
-                                ok=0;
-                                goto err;
-                                }
-                        j++;
-                        if (j >= a)
-                                {
-                                ok=0;
-                                goto err;
-                                }
-                        if (!BN_mod_mul_montgomery(z,z,z,mont,ctx)) goto err;
-                        if (callback != NULL) callback(1,j,cb_arg);
-                        }
-                }
-        ok=1;
-err:
-        if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
-        BN_CTX_free(ctx);
-        BN_CTX_free(ctx2);
-        BN_MONT_CTX_free(mont);
-        
-        return(ok);
-        }
-#endif

diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c deleted file mode 100644 index b5e5ec06e5..0000000000 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ /dev/null
@@ -1,333 +0,0 @@
1	/* crypto/dsa/dsa_gen.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#undef GENUINE_DSA
60
61	#ifdef GENUINE_DSA
62	#define HASH SHA
63	#else
64	#define HASH SHA1
65	#endif
66
67	#ifndef NO_SHA
68	#include <stdio.h>
69	#include <time.h>
70	#include "cryptlib.h"
71	#include <openssl/sha.h>
72	#include <openssl/bn.h>
73	#include <openssl/dsa.h>
74	#include <openssl/rand.h>
75
76	DSA DSA_generate_parameters(int bits, unsigned char seed_in, int seed_len,
77	int counter_ret, unsigned long h_ret, void (*callback)(),
78	char *cb_arg)
79	{
80	int ok=0;
81	unsigned char seed[SHA_DIGEST_LENGTH];
82	unsigned char md[SHA_DIGEST_LENGTH];
83	unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
84	BIGNUM r0,W,X,c,*test;
85	BIGNUM g=NULL,q=NULL,*p=NULL;
86	BN_MONT_CTX *mont=NULL;
87	int k,n=0,i,b,m=0;
88	int counter=0;
89	BN_CTX ctx=NULL,ctx2=NULL;
90	unsigned int h=2;
91	DSA *ret=NULL;
92
93	if (bits < 512) bits=512;
94	bits=(bits+63)/64*64;
95
96	if ((seed_in != NULL) && (seed_len == 20))
97	memcpy(seed,seed_in,seed_len);
98
99	if ((ctx=BN_CTX_new()) == NULL) goto err;
100	if ((ctx2=BN_CTX_new()) == NULL) goto err;
101	if ((ret=DSA_new()) == NULL) goto err;
102
103	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
104
105	r0= &(ctx2->bn[0]);
106	g= &(ctx2->bn[1]);
107	W= &(ctx2->bn[2]);
108	q= &(ctx2->bn[3]);
109	X= &(ctx2->bn[4]);
110	c= &(ctx2->bn[5]);
111	p= &(ctx2->bn[6]);
112	test= &(ctx2->bn[7]);
113
114	BN_lshift(test,BN_value_one(),bits-1);
115
116	for (;;)
117	{
118	for (;;)
119	{
120	/* step 1 */
121	if (callback != NULL) callback(0,m++,cb_arg);
122
123	if (!seed_len)
124	RAND_bytes(seed,SHA_DIGEST_LENGTH);
125	else
126	seed_len=0;
127
128	memcpy(buf,seed,SHA_DIGEST_LENGTH);
129	memcpy(buf2,seed,SHA_DIGEST_LENGTH);
130	for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
131	{
132	buf[i]++;
133	if (buf[i] != 0) break;
134	}
135
136	/* step 2 */
137	HASH(seed,SHA_DIGEST_LENGTH,md);
138	HASH(buf,SHA_DIGEST_LENGTH,buf2);
139	for (i=0; i<SHA_DIGEST_LENGTH; i++)
140	md[i]^=buf2[i];
141
142	/* step 3 */
143	md[0]\|=0x80;
144	md[SHA_DIGEST_LENGTH-1]\|=0x01;
145	if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort();
146
147	/* step 4 */
148	if (DSA_is_prime(q,callback,cb_arg) > 0) break;
149	/* do a callback call */
150	/* step 5 */
151	}
152
153	if (callback != NULL) callback(2,0,cb_arg);
154	if (callback != NULL) callback(3,0,cb_arg);
155
156	/* step 6 */
157	counter=0;
158
159	n=(bits-1)/160;
160	b=(bits-1)-n*160;
161
162	for (;;)
163	{
164	/* step 7 */
165	BN_zero(W);
166	for (k=0; k<=n; k++)
167	{
168	for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
169	{
170	buf[i]++;
171	if (buf[i] != 0) break;
172	}
173
174	HASH(buf,SHA_DIGEST_LENGTH,md);
175
176	/* step 8 */
177	if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort();
178	BN_lshift(r0,r0,160*k);
179	BN_add(W,W,r0);
180	}
181
182	/* more of step 8 */
183	BN_mask_bits(W,bits-1);
184	BN_copy(X,W); /* this should be ok */
185	BN_add(X,X,test); /* this should be ok */
186
187	/* step 9 */
188	BN_lshift1(r0,q);
189	BN_mod(c,X,r0,ctx);
190	BN_sub(r0,c,BN_value_one());
191	BN_sub(p,X,r0);
192
193	/* step 10 */
194	if (BN_cmp(p,test) >= 0)
195	{
196	/* step 11 */
197	if (DSA_is_prime(p,callback,cb_arg) > 0)
198	goto end;
199	}
200
201	/* step 13 */
202	counter++;
203
204	/* step 14 */
205	if (counter >= 4096) break;
206
207	if (callback != NULL) callback(0,counter,cb_arg);
208	}
209	}
210	end:
211	if (callback != NULL) callback(2,1,cb_arg);
212
213	/* We now need to gernerate g */
214	/* Set r0=(p-1)/q */
215	BN_sub(test,p,BN_value_one());
216	BN_div(r0,NULL,test,q,ctx);
217
218	BN_set_word(test,h);
219	BN_MONT_CTX_set(mont,p,ctx);
220
221	for (;;)
222	{
223	/* g=test^r0%p */
224	BN_mod_exp_mont(g,test,r0,p,ctx,mont);
225	if (!BN_is_one(g)) break;
226	BN_add(test,test,BN_value_one());
227	h++;
228	}
229
230	if (callback != NULL) callback(3,1,cb_arg);
231
232	ok=1;
233	err:
234	if (!ok)
235	{
236	if (ret != NULL) DSA_free(ret);
237	}
238	else
239	{
240	ret->p=BN_dup(p);
241	ret->q=BN_dup(q);
242	ret->g=BN_dup(g);
243	if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
244	if (counter_ret != NULL) *counter_ret=counter;
245	if (h_ret != NULL) *h_ret=h;
246	}
247	if (ctx != NULL) BN_CTX_free(ctx);
248	if (ctx != NULL) BN_CTX_free(ctx2);
249	if (mont != NULL) BN_MONT_CTX_free(mont);
250	return(ok?ret:NULL);
251	}
252
253	int DSA_is_prime(BIGNUM w, void (callback)(), char *cb_arg)
254	{
255	int ok= -1,j,i,n;
256	BN_CTX ctx=NULL,ctx2=NULL;
257	BIGNUM w_1,b,m,z,tmp,mont_1;
258	int a;
259	BN_MONT_CTX *mont=NULL;
260
261	if (!BN_is_bit_set(w,0)) return(0);
262
263	if ((ctx=BN_CTX_new()) == NULL) goto err;
264	if ((ctx2=BN_CTX_new()) == NULL) goto err;
265	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
266
267	m= &(ctx2->bn[2]);
268	b= &(ctx2->bn[3]);
269	z= &(ctx2->bn[4]);
270	w_1= &(ctx2->bn[5]);
271	tmp= &(ctx2->bn[6]);
272	mont_1= &(ctx2->bn[7]);
273
274	/* step 1 */
275	n=50;
276
277	/* step 2 */
278	if (!BN_sub(w_1,w,BN_value_one())) goto err;
279	for (a=1; !BN_is_bit_set(w_1,a); a++)
280	;
281	if (!BN_rshift(m,w_1,a)) goto err;
282
283	BN_MONT_CTX_set(mont,w,ctx);
284	BN_to_montgomery(mont_1,BN_value_one(),mont,ctx);
285	BN_to_montgomery(w_1,w_1,mont,ctx);
286	for (i=1; i < n; i++)
287	{
288	/* step 3 */
289	BN_rand(b,BN_num_bits(w)-2/-1/,0,0);
290	/* BN_set_word(b,0x10001L); */
291
292	/* step 4 */
293	j=0;
294	if (!BN_mod_exp_mont(z,b,m,w,ctx,mont)) goto err;
295
296	if (!BN_to_montgomery(z,z,mont,ctx)) goto err;
297
298	/* step 5 */
299	for (;;)
300	{
301	if (((j == 0) && (BN_cmp(z,mont_1) == 0)) \|\|
302	(BN_cmp(z,w_1) == 0))
303	break;
304
305	/* step 6 */
306	if ((j > 0) && (BN_cmp(z,mont_1) == 0))
307	{
308	ok=0;
309	goto err;
310	}
311
312	j++;
313	if (j >= a)
314	{
315	ok=0;
316	goto err;
317	}
318
319	if (!BN_mod_mul_montgomery(z,z,z,mont,ctx)) goto err;
320	if (callback != NULL) callback(1,j,cb_arg);
321	}
322	}
323
324	ok=1;
325	err:
326	if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
327	BN_CTX_free(ctx);
328	BN_CTX_free(ctx2);
329	BN_MONT_CTX_free(mont);
330
331	return(ok);
332	}
333	#endif