Make sure all BIGNUM operations work within the FIPS provider
The FIPS provider does not have a default OPENSSL_CTX so, where necessary, we need to ensure we can always access an explicit OPENSSL_CTX. We remove functions from the FIPS provider that use the default OPENSSL_CTX, and fixup some places which were using those removed functions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9310)
This commit is contained in:
Matt Caswell
parent
753149d97f
commit
2934be9134
14 changed files with 100 additions and 42 deletions
|
|
@ -270,7 +270,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
|
|||
|
||||
do {
|
||||
int rv;
|
||||
if (!BN_priv_rand_range(ret->A, ret->mod))
|
||||
if (!BN_priv_rand_range_ex(ret->A, ret->mod, ctx))
|
||||
goto err;
|
||||
if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -143,10 +143,12 @@ BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
|
|||
return ret;
|
||||
}
|
||||
|
||||
#ifndef FIPS_MODE
|
||||
BN_CTX *BN_CTX_new(void)
|
||||
{
|
||||
return BN_CTX_new_ex(NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
|
||||
{
|
||||
|
|
@ -157,10 +159,12 @@ BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
|
|||
return ret;
|
||||
}
|
||||
|
||||
#ifndef FIPS_MODE
|
||||
BN_CTX *BN_CTX_secure_new(void)
|
||||
{
|
||||
return BN_CTX_secure_new_ex(NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
void BN_CTX_free(BN_CTX *ctx)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -40,6 +40,8 @@ static const ERR_STRING_DATA BN_str_functs[] = {
|
|||
"BN_generate_dsa_nonce"},
|
||||
{ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX, 0),
|
||||
"BN_generate_prime_ex"},
|
||||
{ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX2, 0),
|
||||
"BN_generate_prime_ex2"},
|
||||
{ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD, 0), "BN_GF2m_mod"},
|
||||
{ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_EXP, 0), "BN_GF2m_mod_exp"},
|
||||
{ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_MUL, 0), "BN_GF2m_mod_mul"},
|
||||
|
|
|
|||
|
|
@ -732,8 +732,8 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
|||
|
||||
/* generate blinding value */
|
||||
do {
|
||||
if (!BN_priv_rand(b, BN_num_bits(p) - 1,
|
||||
BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
|
||||
if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1,
|
||||
BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx))
|
||||
goto err;
|
||||
} while (BN_is_zero(b));
|
||||
|
||||
|
|
@ -1031,7 +1031,8 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
|
|||
if (tmp == NULL)
|
||||
goto err;
|
||||
do {
|
||||
if (!BN_priv_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
|
||||
if (!BN_priv_rand_ex(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY,
|
||||
ctx))
|
||||
goto err;
|
||||
if (!BN_GF2m_mod_arr(rho, rho, p))
|
||||
goto err;
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
*/
|
||||
#include "bn_prime.h"
|
||||
|
||||
static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
|
||||
static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods, BN_CTX *ctx);
|
||||
static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
|
||||
const BIGNUM *add, const BIGNUM *rem,
|
||||
BN_CTX *ctx);
|
||||
|
|
@ -84,19 +84,19 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b)
|
|||
return 0;
|
||||
}
|
||||
|
||||
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
|
||||
const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
|
||||
int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
|
||||
const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
|
||||
BN_CTX *ctx)
|
||||
{
|
||||
BIGNUM *t;
|
||||
int found = 0;
|
||||
int i, j, c1 = 0;
|
||||
BN_CTX *ctx = NULL;
|
||||
prime_t *mods = NULL;
|
||||
int checks = BN_prime_checks_for_size(bits);
|
||||
|
||||
if (bits < 2) {
|
||||
/* There are no prime numbers this small. */
|
||||
BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
|
||||
BNerr(BN_F_BN_GENERATE_PRIME_EX2, BN_R_BITS_TOO_SMALL);
|
||||
return 0;
|
||||
} else if (add == NULL && safe && bits < 6 && bits != 3) {
|
||||
/*
|
||||
|
|
@ -104,7 +104,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
|
|||
* But the following two safe primes with less than 6 bits (11, 23)
|
||||
* are unreachable for BN_rand with BN_RAND_TOP_TWO.
|
||||
*/
|
||||
BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
|
||||
BNerr(BN_F_BN_GENERATE_PRIME_EX2, BN_R_BITS_TOO_SMALL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -112,9 +112,6 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
|
|||
if (mods == NULL)
|
||||
goto err;
|
||||
|
||||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
BN_CTX_start(ctx);
|
||||
t = BN_CTX_get(ctx);
|
||||
if (t == NULL)
|
||||
|
|
@ -122,7 +119,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
|
|||
loop:
|
||||
/* make a random number and set the top and bottom bits */
|
||||
if (add == NULL) {
|
||||
if (!probable_prime(ret, bits, mods))
|
||||
if (!probable_prime(ret, bits, mods, ctx))
|
||||
goto err;
|
||||
} else {
|
||||
if (safe) {
|
||||
|
|
@ -175,11 +172,27 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
|
|||
err:
|
||||
OPENSSL_free(mods);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
bn_check_top(ret);
|
||||
return found;
|
||||
}
|
||||
|
||||
#ifndef FIPS_MODE
|
||||
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
|
||||
const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
|
||||
{
|
||||
BN_CTX *ctx = BN_CTX_new();
|
||||
int retval;
|
||||
|
||||
if (ctx == NULL)
|
||||
return 0;
|
||||
|
||||
retval = BN_generate_prime_ex2(ret, bits, safe, add, rem, cb, ctx);
|
||||
|
||||
BN_CTX_free(ctx);
|
||||
return retval;
|
||||
}
|
||||
#endif
|
||||
|
||||
int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
|
||||
BN_GENCB *cb)
|
||||
{
|
||||
|
|
@ -187,11 +200,17 @@ int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
|
|||
}
|
||||
|
||||
/* See FIPS 186-4 C.3.1 Miller Rabin Probabilistic Primality Test. */
|
||||
int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx_passed,
|
||||
int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx,
|
||||
int do_trial_division, BN_GENCB *cb)
|
||||
{
|
||||
int i, status, ret = -1;
|
||||
BN_CTX *ctx = NULL;
|
||||
#ifndef FIPS_MODE
|
||||
BN_CTX *ctxlocal = NULL;
|
||||
#else
|
||||
|
||||
if (ctx == NULL)
|
||||
return -1;
|
||||
#endif
|
||||
|
||||
/* w must be bigger than 1 */
|
||||
if (BN_cmp(w, BN_value_one()) <= 0)
|
||||
|
|
@ -219,18 +238,19 @@ int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx_passed,
|
|||
if (!BN_GENCB_call(cb, 1, -1))
|
||||
return -1;
|
||||
}
|
||||
if (ctx_passed != NULL)
|
||||
ctx = ctx_passed;
|
||||
else if ((ctx = BN_CTX_new()) == NULL)
|
||||
#ifndef FIPS_MODE
|
||||
if (ctx == NULL && (ctxlocal = ctx = BN_CTX_new()) == NULL)
|
||||
goto err;
|
||||
#endif
|
||||
|
||||
ret = bn_miller_rabin_is_prime(w, checks, ctx, cb, 0, &status);
|
||||
if (!ret)
|
||||
goto err;
|
||||
ret = (status == BN_PRIMETEST_PROBABLY_PRIME);
|
||||
err:
|
||||
if (ctx_passed == NULL)
|
||||
BN_CTX_free(ctx);
|
||||
#ifndef FIPS_MODE
|
||||
BN_CTX_free(ctxlocal);
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -301,7 +321,8 @@ int bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx,
|
|||
/* (Step 4) */
|
||||
for (i = 0; i < iterations; ++i) {
|
||||
/* (Step 4.1) obtain a Random string of bits b where 1 < b < w-1 */
|
||||
if (!BN_priv_rand_range(b, w3) || !BN_add_word(b, 2)) /* 1 < b < w-1 */
|
||||
if (!BN_priv_rand_range_ex(b, w3, ctx)
|
||||
|| !BN_add_word(b, 2)) /* 1 < b < w-1 */
|
||||
goto err;
|
||||
|
||||
if (enhanced) {
|
||||
|
|
@ -379,7 +400,7 @@ err:
|
|||
return ret;
|
||||
}
|
||||
|
||||
static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
|
||||
static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods, BN_CTX *ctx)
|
||||
{
|
||||
int i;
|
||||
BN_ULONG delta;
|
||||
|
|
@ -388,7 +409,7 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
|
|||
|
||||
again:
|
||||
/* TODO: Not all primes are private */
|
||||
if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
|
||||
if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, ctx))
|
||||
return 0;
|
||||
/* we now have a random number 'rnd' to test. */
|
||||
for (i = 1; i < NUMPRIMES; i++) {
|
||||
|
|
@ -472,7 +493,7 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits,
|
|||
if ((t1 = BN_CTX_get(ctx)) == NULL)
|
||||
goto err;
|
||||
|
||||
if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
|
||||
if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, ctx))
|
||||
goto err;
|
||||
|
||||
/* we need ((rnd-rem) % add) == 0 */
|
||||
|
|
@ -528,7 +549,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
|
|||
if (!BN_rshift1(qadd, padd))
|
||||
goto err;
|
||||
|
||||
if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
|
||||
if (!BN_rand_ex(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, ctx))
|
||||
goto err;
|
||||
|
||||
/* we need ((rnd-rem) % add) == 0 */
|
||||
|
|
|
|||
|
|
@ -103,6 +103,7 @@ int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
|
|||
{
|
||||
return bnrand(NORMAL, rnd, bits, top, bottom, ctx);
|
||||
}
|
||||
#ifndef FIPS_MODE
|
||||
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
|
||||
{
|
||||
return bnrand(NORMAL, rnd, bits, top, bottom, NULL);
|
||||
|
|
@ -112,16 +113,19 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
|
|||
{
|
||||
return bnrand(TESTING, rnd, bits, top, bottom, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
|
||||
{
|
||||
return bnrand(PRIVATE, rnd, bits, top, bottom, ctx);
|
||||
}
|
||||
|
||||
#ifndef FIPS_MODE
|
||||
int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
|
||||
{
|
||||
return bnrand(PRIVATE, rnd, bits, top, bottom, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* random number r: 0 <= r < range */
|
||||
static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
|
||||
|
|
@ -195,16 +199,19 @@ int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
|
|||
return bnrand_range(NORMAL, r, range, ctx);
|
||||
}
|
||||
|
||||
#ifndef FIPS_MODE
|
||||
int BN_rand_range(BIGNUM *r, const BIGNUM *range)
|
||||
{
|
||||
return bnrand_range(NORMAL, r, range, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
|
||||
{
|
||||
return bnrand_range(PRIVATE, r, range, ctx);
|
||||
}
|
||||
|
||||
#ifndef FIPS_MODE
|
||||
int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
|
||||
{
|
||||
return bnrand_range(PRIVATE, r, range, NULL);
|
||||
|
|
@ -219,6 +226,7 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
|
|||
{
|
||||
return BN_rand_range(r, range);
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
|
||||
|
|
|
|||
|
|
@ -193,13 +193,15 @@ int bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
|
|||
/* (Steps 4.1/5.1): Randomly generate Xp1 if it is not passed in */
|
||||
if (Xp1 == NULL) {
|
||||
/* Set the top and bottom bits to make it odd and the correct size */
|
||||
if (!BN_priv_rand(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
|
||||
if (!BN_priv_rand_ex(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD,
|
||||
ctx))
|
||||
goto err;
|
||||
}
|
||||
/* (Steps 4.1/5.1): Randomly generate Xp2 if it is not passed in */
|
||||
if (Xp2 == NULL) {
|
||||
/* Set the top and bottom bits to make it odd and the correct size */
|
||||
if (!BN_priv_rand(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
|
||||
if (!BN_priv_rand_ex(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD,
|
||||
ctx))
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
|
@ -305,7 +307,8 @@ int bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
|
|||
* so largest number will have B5... as the top byte
|
||||
* Setting the top 2 bits gives 0xC0.
|
||||
*/
|
||||
if (!BN_priv_rand(X, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
|
||||
if (!BN_priv_rand_ex(X, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY,
|
||||
ctx))
|
||||
goto end;
|
||||
}
|
||||
/* (Step 4) Y = X + ((R - X) mod 2r1r2) */
|
||||
|
|
|
|||
|
|
@ -180,7 +180,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
|||
if (!BN_set_word(y, i))
|
||||
goto end;
|
||||
} else {
|
||||
if (!BN_priv_rand(y, BN_num_bits(p), 0, 0))
|
||||
if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, ctx))
|
||||
goto end;
|
||||
if (BN_ucmp(y, p) >= 0) {
|
||||
if (!(p->neg ? BN_add : BN_sub) (y, y, p))
|
||||
|
|
|
|||
|
|
@ -173,7 +173,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
|
|||
* - 1. By setting the top two bits we ensure that the lower bound is
|
||||
* exceeded.
|
||||
*/
|
||||
if (!BN_priv_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
|
||||
if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, ctx))
|
||||
goto err;
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
|
|
@ -182,7 +182,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
|
|||
goto err;
|
||||
|
||||
for (i = 0; i < 1000; i++) {
|
||||
if (!BN_priv_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
|
||||
if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY,
|
||||
ctx))
|
||||
goto err;
|
||||
|
||||
/* Check that |Xp - Xq| > 2^(nbits - 100) */
|
||||
|
|
@ -227,9 +228,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
|
|||
if (Xp1 == NULL || Xp2 == NULL)
|
||||
goto error;
|
||||
|
||||
if (!BN_priv_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
|
||||
if (!BN_priv_rand_ex(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx))
|
||||
goto error;
|
||||
if (!BN_priv_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
|
||||
if (!BN_priv_rand_ex(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx))
|
||||
goto error;
|
||||
if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
|
||||
goto error;
|
||||
|
|
|
|||
|
|
@ -205,6 +205,7 @@ BN_F_BN_EXPAND_INTERNAL:120:bn_expand_internal
|
|||
BN_F_BN_GENCB_NEW:143:BN_GENCB_new
|
||||
BN_F_BN_GENERATE_DSA_NONCE:140:BN_generate_dsa_nonce
|
||||
BN_F_BN_GENERATE_PRIME_EX:141:BN_generate_prime_ex
|
||||
BN_F_BN_GENERATE_PRIME_EX2:152:BN_generate_prime_ex2
|
||||
BN_F_BN_GF2M_MOD:131:BN_GF2m_mod
|
||||
BN_F_BN_GF2M_MOD_EXP:132:BN_GF2m_mod_exp
|
||||
BN_F_BN_GF2M_MOD_MUL:133:BN_GF2m_mod_mul
|
||||
|
|
|
|||
|
|
@ -2,15 +2,19 @@
|
|||
|
||||
=head1 NAME
|
||||
|
||||
BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call,
|
||||
BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg,
|
||||
BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test
|
||||
for primality
|
||||
BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex,
|
||||
BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free,
|
||||
BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime,
|
||||
BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
|
||||
const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
|
||||
BN_CTX *ctx);
|
||||
|
||||
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
|
||||
const BIGNUM *rem, BN_GENCB *cb);
|
||||
|
||||
|
|
@ -50,9 +54,10 @@ L<openssl_user_macros(7)>:
|
|||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
BN_generate_prime_ex() generates a pseudo-random prime number of
|
||||
at least bit length B<bits>. The returned number is probably prime
|
||||
with a negligible error.
|
||||
BN_generate_prime_ex2() generates a pseudo-random prime number of
|
||||
at least bit length B<bits> using the BN_CTX provided in B<ctx>. The value of
|
||||
B<ctx> must not be NULL.
|
||||
The returned number is probably prime with a negligible error.
|
||||
|
||||
If B<ret> is not B<NULL>, it will be used to store the number.
|
||||
|
||||
|
|
@ -94,6 +99,13 @@ that (p-1)/2 is also prime).
|
|||
The random generator must be seeded prior to calling BN_generate_prime_ex().
|
||||
If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
|
||||
external circumstances (see L<RAND(7)>), the operation will fail.
|
||||
The random number generator configured for the OPENSSL_CTX associated with
|
||||
B<ctx> will be used.
|
||||
|
||||
BN_generate_prime_ex() is the same as BN_generate_prime_ex2() except that no
|
||||
B<ctx> parameter is passed.
|
||||
In this case the random number generator associated with the default OPENSSL_CTX
|
||||
will be used.
|
||||
|
||||
BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number B<p> is
|
||||
prime. The following tests are performed until one of them shows that
|
||||
|
|
|
|||
|
|
@ -348,6 +348,9 @@ DEPRECATEDIN_0_9_8(int
|
|||
int do_trial_division))
|
||||
|
||||
/* Newer versions */
|
||||
int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
|
||||
const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
|
||||
BN_CTX *ctx);
|
||||
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
|
||||
const BIGNUM *rem, BN_GENCB *cb);
|
||||
int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ int ERR_load_BN_strings(void);
|
|||
# define BN_F_BN_GENCB_NEW 143
|
||||
# define BN_F_BN_GENERATE_DSA_NONCE 140
|
||||
# define BN_F_BN_GENERATE_PRIME_EX 141
|
||||
# define BN_F_BN_GENERATE_PRIME_EX2 152
|
||||
# define BN_F_BN_GF2M_MOD 131
|
||||
# define BN_F_BN_GF2M_MOD_EXP 132
|
||||
# define BN_F_BN_GF2M_MOD_MUL 133
|
||||
|
|
|
|||
|
|
@ -4678,3 +4678,4 @@ BN_rand_ex 4783 3_0_0 EXIST::FUNCTION:
|
|||
BN_priv_rand_ex 4784 3_0_0 EXIST::FUNCTION:
|
||||
BN_rand_range_ex 4785 3_0_0 EXIST::FUNCTION:
|
||||
BN_priv_rand_range_ex 4786 3_0_0 EXIST::FUNCTION:
|
||||
BN_generate_prime_ex2 4787 3_0_0 EXIST::FUNCTION:
|
||||
|
|
|
|||
Loading…
Reference in a new issue