X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=include%2Fopenssl%2Fbn.h;h=69cd1276985b15e859786cb7bcedc296ae51edde;hp=0fcf843314eccfc81ed5f1b7a3b60b13b630aac4;hb=5ce87e11de21835255ea11cc330ebf9931e21329;hpb=74924dcb3802640d7e2ae2e80ca6515d0a53de7a diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 0fcf843314..69cd127698 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -1,262 +1,59 @@ -/* crypto/bn/bn.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the Eric Young open source - * license provided above. - * - * The binary polynomial arithmetic software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BN_H -# define HEADER_BN_H +#ifndef OPENSSL_BN_H +# define OPENSSL_BN_H +# pragma once + +# include +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define HEADER_BN_H +# endif # include # ifndef OPENSSL_NO_STDIO -# include /* FILE */ +# include # endif -# include +# include +# include # include +# include #ifdef __cplusplus extern "C" { #endif /* - * These preprocessor symbols control various aspects of the bignum headers - * and library code. They're not defined by any "normal" configuration, as - * they are intended for development and testing purposes. NB: defining all - * three can be useful for debugging application code as well as openssl - * itself. BN_DEBUG - turn on various debugging alterations to the bignum - * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up - * mismanagement of bignum internals. You must also define BN_DEBUG. - */ -/* #define BN_DEBUG */ -/* #define BN_DEBUG_RAND */ - -# ifndef OPENSSL_SMALL_FOOTPRINT -# define BN_MUL_COMBA -# define BN_SQR_COMBA -# define BN_RECURSION -# endif - -/* - * This next option uses the C libraries (2 word)/(1 word) function. If it is - * not defined, I use my C version (which is slower). The reason for this - * flag is that when the particular C compiler library routine is used, and - * the library is linked with a different compiler, the library is missing. - * This mostly happens when the library is built with gcc and then linked - * using normal cc. This would be a common occurrence because gcc normally - * produces code that is 2 times faster than system compilers for the big - * number stuff. For machines with only one compiler (or shared libraries), - * this should be on. Again this in only really a problem on machines using - * "long long's", are 32bit, and are not using my assembler code. - */ -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ - defined(OPENSSL_SYS_WIN32) || defined(linux) -# ifndef BN_DIV2W -# define BN_DIV2W -# endif -# endif - -/* - * assuming long is 64bit - this is the DEC Alpha unsigned long long is only - * 64 bits :-(, don't define BN_LLONG for the DEC Alpha + * 64-bit processor with LP64 ABI */ # ifdef SIXTY_FOUR_BIT_LONG -# define BN_ULLONG unsigned long long # define BN_ULONG unsigned long -# define BN_LONG long -# define BN_BITS 128 # define BN_BYTES 8 -# define BN_BITS2 64 -# define BN_BITS4 32 -# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) -# define BN_MASK2 (0xffffffffffffffffL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000L) -# define BN_MASK2h1 (0xffffffff80000000L) -# define BN_TBIT (0x8000000000000000L) -# define BN_DEC_CONV (10000000000000000000UL) -# define BN_DEC_FMT1 "%lu" -# define BN_DEC_FMT2 "%019lu" -# define BN_DEC_NUM 19 -# define BN_HEX_FMT1 "%lX" -# define BN_HEX_FMT2 "%016lX" # endif /* - * This is where the long long data type is 64 bits, but long is 32. For - * machines where there are 64bit registers, this is the mode to use. IRIX, - * on R4000 and above should use this mode, along with the relevant assembler - * code :-). Do NOT define BN_LLONG. + * 64-bit processor other than LP64 ABI */ # ifdef SIXTY_FOUR_BIT -# undef BN_LLONG -# undef BN_ULLONG # define BN_ULONG unsigned long long -# define BN_LONG long long -# define BN_BITS 128 # define BN_BYTES 8 -# define BN_BITS2 64 -# define BN_BITS4 32 -# define BN_MASK2 (0xffffffffffffffffLL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000LL) -# define BN_MASK2h1 (0xffffffff80000000LL) -# define BN_TBIT (0x8000000000000000LL) -# define BN_DEC_CONV (10000000000000000000ULL) -# define BN_DEC_FMT1 "%llu" -# define BN_DEC_FMT2 "%019llu" -# define BN_DEC_NUM 19 -# define BN_HEX_FMT1 "%llX" -# define BN_HEX_FMT2 "%016llX" # endif # ifdef THIRTY_TWO_BIT -# ifdef BN_LLONG -# if defined(_WIN32) && !defined(__GNUC__) -# define BN_ULLONG unsigned __int64 -# define BN_MASK (0xffffffffffffffffI64) -# else -# define BN_ULLONG unsigned long long -# define BN_MASK (0xffffffffffffffffLL) -# endif -# endif # define BN_ULONG unsigned int -# define BN_LONG int -# define BN_BITS 64 # define BN_BYTES 4 -# define BN_BITS2 32 -# define BN_BITS4 16 -# define BN_MASK2 (0xffffffffL) -# define BN_MASK2l (0xffff) -# define BN_MASK2h1 (0xffff8000L) -# define BN_MASK2h (0xffff0000L) -# define BN_TBIT (0x80000000L) -# define BN_DEC_CONV (1000000000L) -# define BN_DEC_FMT1 "%u" -# define BN_DEC_FMT2 "%09u" -# define BN_DEC_NUM 9 -# define BN_HEX_FMT1 "%X" -# define BN_HEX_FMT2 "%08X" # endif -# define BN_DEFAULT_BITS 1280 +# define BN_BITS2 (BN_BYTES * 8) +# define BN_BITS (BN_BITS2 * 2) +# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) # define BN_FLG_MALLOCED 0x01 # define BN_FLG_STATIC_DATA 0x02 @@ -270,26 +67,33 @@ extern "C" { # define BN_FLG_CONSTTIME 0x04 # define BN_FLG_SECURE 0x08 -# ifdef OPENSSL_USE_DEPRECATED +# ifndef OPENSSL_NO_DEPRECATED_0_9_8 /* deprecated name for the flag */ # define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME -# endif - -# ifdef OPENSSL_USE_DEPRECATED -# define BN_FLG_FREE 0x8000 - /* used for debuging */ +# define BN_FLG_FREE 0x8000 /* used for debugging */ # endif void BN_set_flags(BIGNUM *b, int n); int BN_get_flags(const BIGNUM *b, int n); +/* Values for |top| in BN_rand() */ +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 + +/* Values for |bottom| in BN_rand() */ +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 + /* * get a clone of a BIGNUM with changed flags, for *temporary* use only (the - * two BIGNUMs cannot not be used in parallel!) + * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The + * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that + * has not been otherwise initialised or used. */ -void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int n); +void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); -/* Wrapper function to make using BN_GENCB easier, */ +/* Wrapper function to make using BN_GENCB easier */ int BN_GENCB_call(BN_GENCB *cb, int a, int b); BN_GENCB *BN_GENCB_new(void); @@ -305,29 +109,82 @@ void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), void *BN_GENCB_get_arg(BN_GENCB *cb); -# define BN_prime_checks 0 /* default: select number of iterations based - * on the size of the number */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ /* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit */ -# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ - (b) >= 450 ? 6 : \ - (b) >= 400 ? 7 : \ - (b) >= 350 ? 8 : \ - (b) >= 300 ? 9 : \ - (b) >= 250 ? 12 : \ - (b) >= 200 ? 15 : \ - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) +# endif # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) @@ -341,7 +198,7 @@ int BN_is_odd(const BIGNUM *a); void BN_zero_ex(BIGNUM *a); -# ifndef OPENSSL_USE_DEPRECATED +# if OPENSSL_API_LEVEL > 908 # define BN_zero(a) BN_zero_ex(a) # else # define BN_zero(a) (BN_set_word((a),0)) @@ -349,15 +206,23 @@ void BN_zero_ex(BIGNUM *a); const BIGNUM *BN_value_one(void); char *BN_options(void); +BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx); BN_CTX *BN_CTX_new(void); +BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx); BN_CTX *BN_CTX_secure_new(void); void BN_CTX_free(BN_CTX *c); void BN_CTX_start(BN_CTX *ctx); BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); +int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); -int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); +int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx); int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx); +int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG l); @@ -369,6 +234,11 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); void BN_swap(BIGNUM *a, BIGNUM *b); BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen); BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2mpi(const BIGNUM *a, unsigned char *to); int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); @@ -383,7 +253,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); */ void BN_set_negative(BIGNUM *b, int n); /** BN_is_negative returns 1 if the BIGNUM is negative - * \param a pointer to the BIGNUM object + * \param b pointer to the BIGNUM object * \return 1 if a < 0 and 0 otherwise */ int BN_is_negative(const BIGNUM *b); @@ -443,11 +313,7 @@ int BN_mask_bits(BIGNUM *a, int n); # ifndef OPENSSL_NO_STDIO int BN_print_fp(FILE *fp, const BIGNUM *a); # endif -# ifdef HEADER_BIO_H -int BN_print(BIO *fp, const BIGNUM *a); -# else -int BN_print(void *fp, const BIGNUM *a); -# endif +int BN_print(BIO *bio, const BIGNUM *a); int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); int BN_rshift1(BIGNUM *r, const BIGNUM *a); @@ -473,30 +339,32 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret, void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); /* Deprecated versions */ -# ifdef OPENSSL_USE_DEPRECATED -DECLARE_DEPRECATED(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, +DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, void (*callback) (int, int, void *), - void *cb_arg)); -DECLARE_DEPRECATED(int + void *cb_arg)) +DEPRECATEDIN_0_9_8(int BN_is_prime(const BIGNUM *p, int nchecks, void (*callback) (int, int, void *), - BN_CTX *ctx, void *cb_arg)); -DECLARE_DEPRECATED(int + BN_CTX *ctx, void *cb_arg)) +DEPRECATEDIN_0_9_8(int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, void (*callback) (int, int, void *), BN_CTX *ctx, void *cb_arg, - int do_trial_division)); -# endif /* defined(OPENSSL_USE_DEPRECATED) */ + int do_trial_division)) +DEPRECATEDIN_3_0(int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb)) +DEPRECATEDIN_3_0(int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb)) /* Newer versions */ +int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, + BN_CTX *ctx); int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb); -int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); -int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb); +int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb); int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); @@ -518,7 +386,7 @@ int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, void BN_MONT_CTX_free(BN_MONT_CTX *mont); int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); -BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, const BIGNUM *mod, BN_CTX *ctx); /* BN_BLINDING flags */ @@ -533,13 +401,12 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); -# ifdef OPENSSL_USE_DEPRECATED -DECLARE_DEPRECATED(unsigned long - BN_BLINDING_get_thread_id(const BN_BLINDING *)); -DECLARE_DEPRECATED(void - BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long)); -# endif -CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); + +int BN_BLINDING_is_current_thread(BN_BLINDING *b); +void BN_BLINDING_set_current_thread(BN_BLINDING *b); +int BN_BLINDING_lock(BN_BLINDING *b); +int BN_BLINDING_unlock(BN_BLINDING *b); + unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, @@ -552,11 +419,9 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx); -# ifdef OPENSSL_USE_DEPRECATED -DECLARE_DEPRECATED(void BN_set_params(int mul, int high, int low, int mont)); -DECLARE_DEPRECATED(int BN_get_params(int which)); /* 0, mul, 1 high, 2 low, 3 - * mont */ -# endif +DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) +DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 + * mont */ BN_RECP_CTX *BN_RECP_CTX_new(void); void BN_RECP_CTX_free(BN_RECP_CTX *recp); @@ -662,101 +527,35 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv, const unsigned char *message, size_t message_len, BN_CTX *ctx); +# ifndef OPENSSL_NO_DH /* Primes from RFC 2409 */ -BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); -BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); /* Primes from RFC 3526 */ -BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); -BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); -BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); -BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); -BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); -BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); + +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 +# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 +# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 +# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 +# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 +# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 +# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 +# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 +# endif +# endif int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_BN_strings(void); - -/* Error codes for the BN functions. */ - -/* Function codes. */ -# define BN_F_BNRAND 127 -# define BN_F_BN_BLINDING_CONVERT_EX 100 -# define BN_F_BN_BLINDING_CREATE_PARAM 128 -# define BN_F_BN_BLINDING_INVERT_EX 101 -# define BN_F_BN_BLINDING_NEW 102 -# define BN_F_BN_BLINDING_UPDATE 103 -# define BN_F_BN_BN2DEC 104 -# define BN_F_BN_BN2HEX 105 -# define BN_F_BN_COMPUTE_WNAF 142 -# define BN_F_BN_CTX_GET 116 -# define BN_F_BN_CTX_NEW 106 -# define BN_F_BN_CTX_START 129 -# define BN_F_BN_DIV 107 -# define BN_F_BN_DIV_NO_BRANCH 138 -# define BN_F_BN_DIV_RECP 130 -# define BN_F_BN_EXP 123 -# define BN_F_BN_EXPAND2 108 -# define BN_F_BN_EXPAND_INTERNAL 120 -# define BN_F_BN_GENCB_NEW 143 -# define BN_F_BN_GENERATE_DSA_NONCE 140 -# define BN_F_BN_GENERATE_PRIME_EX 141 -# define BN_F_BN_GF2M_MOD 131 -# define BN_F_BN_GF2M_MOD_EXP 132 -# define BN_F_BN_GF2M_MOD_MUL 133 -# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 -# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 -# define BN_F_BN_GF2M_MOD_SQR 136 -# define BN_F_BN_GF2M_MOD_SQRT 137 -# define BN_F_BN_LSHIFT 145 -# define BN_F_BN_MOD_EXP2_MONT 118 -# define BN_F_BN_MOD_EXP_MONT 109 -# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 -# define BN_F_BN_MOD_EXP_MONT_WORD 117 -# define BN_F_BN_MOD_EXP_RECP 125 -# define BN_F_BN_MOD_EXP_SIMPLE 126 -# define BN_F_BN_MOD_INVERSE 110 -# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 -# define BN_F_BN_MOD_LSHIFT_QUICK 119 -# define BN_F_BN_MOD_MUL_RECIPROCAL 111 -# define BN_F_BN_MOD_SQRT 121 -# define BN_F_BN_MPI2BN 112 -# define BN_F_BN_NEW 113 -# define BN_F_BN_RAND 114 -# define BN_F_BN_RAND_RANGE 122 -# define BN_F_BN_RSHIFT 146 -# define BN_F_BN_SET_WORDS 144 -# define BN_F_BN_USUB 115 - -/* Reason codes. */ -# define BN_R_ARG2_LT_ARG3 100 -# define BN_R_BAD_RECIPROCAL 101 -# define BN_R_BIGNUM_TOO_LONG 114 -# define BN_R_BITS_TOO_SMALL 118 -# define BN_R_CALLED_WITH_EVEN_MODULUS 102 -# define BN_R_DIV_BY_ZERO 103 -# define BN_R_ENCODING_ERROR 104 -# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 -# define BN_R_INPUT_NOT_REDUCED 110 -# define BN_R_INVALID_LENGTH 106 -# define BN_R_INVALID_RANGE 115 -# define BN_R_INVALID_SHIFT 119 -# define BN_R_NOT_A_SQUARE 111 -# define BN_R_NOT_INITIALIZED 107 -# define BN_R_NO_INVERSE 108 -# define BN_R_NO_SOLUTION 116 -# define BN_R_PRIVATE_KEY_TOO_LARGE 117 -# define BN_R_P_IS_NOT_PRIME 112 -# define BN_R_TOO_MANY_ITERATIONS 113 -# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 -#ifdef __cplusplus +# ifdef __cplusplus } -#endif +# endif #endif