X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=crypto%2Fbn%2Fbn_prime.c;h=57305c7273b5b271665a0d9d29e0453b2849d1d8;hb=76aa0ddc86772080db4f61821b9ff357e330c843;hp=0c85f70b59ccedb53cc3d174303a14f1f19b903c;hpb=58964a492275ca9a59a0cd9c8155cb2491b4b909;p=openssl.git

diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 0c85f70b59..57305c7273 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -60,7 +60,7 @@
 #include <time.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#include "rand.h"
+#include <openssl/rand.h>
 
 /* The quick seive algorithm approach to weeding out primes is
  * Philip Zimmermann's, as implemented in PGP.  I have had a read of
@@ -68,40 +68,31 @@
  */
 #include "bn_prime.h"
 
-#ifndef NOPROTO
 static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2,
 	BN_MONT_CTX *mont);
 static int probable_prime(BIGNUM *rnd, int bits);
 static int probable_prime_dh(BIGNUM *rnd, int bits,
 	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
-static int probable_prime_dh_strong(BIGNUM *rnd, int bits,
+static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
 	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
-#else
-static int witness();
-static int probable_prime();
-static int probable_prime_dh();
-static int probable_prime_dh_strong();
-#endif
-
-BIGNUM *BN_generate_prime(bits,strong,add,rem,callback,cb_arg)
-int bits;
-int strong;
-BIGNUM *add;
-BIGNUM *rem;
-void (*callback)(P_I_I_P); 
-char *cb_arg;
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, BIGNUM *add,
+	     BIGNUM *rem, void (*callback)(int,int,void *), void *cb_arg)
 	{
 	BIGNUM *rnd=NULL;
-	BIGNUM *ret=NULL;
-	BIGNUM *t=NULL;
+	BIGNUM t;
 	int i,j,c1=0;
 	BN_CTX *ctx;
+	int checks = BN_prime_checks(bits);
 
 	ctx=BN_CTX_new();
 	if (ctx == NULL) goto err;
-	if ((rnd=BN_new()) == NULL) goto err;
-	if (strong)
-		if ((t=BN_new()) == NULL) goto err;
+	if (ret == NULL)
+		{
+		if ((rnd=BN_new()) == NULL) goto err;
+		}
+	else
+		rnd=ret;
+	BN_init(&t);
 loop: 
 	/* make a random number and set the top and bottom bits */
 	if (add == NULL)
@@ -110,9 +101,9 @@ loop:
 		}
 	else
 		{
-		if (strong)
+		if (safe)
 			{
-			if (!probable_prime_dh_strong(rnd,bits,add,rem,ctx))
+			if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx))
 				 goto err;
 			}
 		else
@@ -124,49 +115,45 @@ loop:
 	/* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
 	if (callback != NULL) callback(0,c1++,cb_arg);
 
-	if (!strong)
+	if (!safe)
 		{
-		i=BN_is_prime(rnd,BN_prime_checks,callback,ctx,cb_arg);
+		i=BN_is_prime(rnd,checks,callback,ctx,cb_arg);
 		if (i == -1) goto err;
 		if (i == 0) goto loop;
 		}
 	else
 		{
-		/* for a strong prime generation,
+		/* for "safe prime" generation,
 		 * check that (p-1)/2 is prime.
 		 * Since a prime is odd, We just
 		 * need to divide by 2 */
-		if (!BN_rshift1(t,rnd)) goto err;
+		if (!BN_rshift1(&t,rnd)) goto err;
 
-		for (i=0; i<BN_prime_checks; i++)
+		for (i=0; i<checks; i++)
 			{
 			j=BN_is_prime(rnd,1,callback,ctx,cb_arg);
 			if (j == -1) goto err;
 			if (j == 0) goto loop;
 
-			j=BN_is_prime(t,1,callback,ctx,cb_arg);
+			j=BN_is_prime(&t,1,callback,ctx,cb_arg);
 			if (j == -1) goto err;
 			if (j == 0) goto loop;
 
 			if (callback != NULL) callback(2,c1-1,cb_arg);
-			/* We have a strong prime test pass */
+			/* We have a safe prime test pass */
 			}
 		}
 	/* we have a prime :-) */
 	ret=rnd;
 err:
 	if ((ret == NULL) && (rnd != NULL)) BN_free(rnd);
-	if (t != NULL) BN_free(t);
+	BN_free(&t);
 	if (ctx != NULL) BN_CTX_free(ctx);
 	return(ret);
 	}
 
-int BN_is_prime(a,checks,callback,ctx_passed,cb_arg)
-BIGNUM *a;
-int checks;
-void (*callback)(P_I_I_P);
-BN_CTX *ctx_passed;
-char *cb_arg;
+int BN_is_prime(BIGNUM *a, int checks, void (*callback)(int,int,void *),
+	     BN_CTX *ctx_passed, void *cb_arg)
 	{
 	int i,j,c2=0,ret= -1;
 	BIGNUM *check;
@@ -183,7 +170,7 @@ char *cb_arg;
 	if ((ctx2=BN_CTX_new()) == NULL) goto err;
 	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
 
-	check=ctx->bn[ctx->tos++];
+	check= &(ctx->bn[ctx->tos++]);
 
 	/* Setup the montgomery structure */
 	if (!BN_MONT_CTX_set(mont,a,ctx2)) goto err;
@@ -214,24 +201,21 @@ err:
 
 #define RECP_MUL_MOD
 
-static int witness(a,n,ctx,ctx2,mont)
-BIGNUM *a;
-BIGNUM *n;
-BN_CTX *ctx,*ctx2;
-BN_MONT_CTX *mont;
+static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx, BN_CTX *ctx2,
+	     BN_MONT_CTX *mont)
 	{
 	int k,i,ret= -1,good;
 	BIGNUM *d,*dd,*tmp,*d1,*d2,*n1;
 	BIGNUM *mont_one,*mont_n1,*mont_a;
 
-	d1=ctx->bn[ctx->tos];
-	d2=ctx->bn[ctx->tos+1];
-	n1=ctx->bn[ctx->tos+2];
+	d1= &(ctx->bn[ctx->tos]);
+	d2= &(ctx->bn[ctx->tos+1]);
+	n1= &(ctx->bn[ctx->tos+2]);
 	ctx->tos+=3;
 
-	mont_one=ctx2->bn[ctx2->tos];
-	mont_n1=ctx2->bn[ctx2->tos+1];
-	mont_a=ctx2->bn[ctx2->tos+2];
+	mont_one= &(ctx2->bn[ctx2->tos]);
+	mont_n1= &(ctx2->bn[ctx2->tos+1]);
+	mont_a= &(ctx2->bn[ctx2->tos+2]);
 	ctx2->tos+=3;
 
 	d=d1;
@@ -254,7 +238,7 @@ BN_MONT_CTX *mont;
 			good=0;
 
 		BN_mod_mul_montgomery(dd,d,d,mont,ctx2);
-		
+
 		if (good && (BN_cmp(dd,mont_one) == 0))
 			{
 			ret=1;
@@ -281,14 +265,13 @@ err:
 	return(ret);
 	}
 
-static int probable_prime(rnd, bits)
-BIGNUM *rnd;
-int bits;
+static int probable_prime(BIGNUM *rnd, int bits)
 	{
 	int i;
 	MS_STATIC BN_ULONG mods[NUMPRIMES];
-	BN_ULONG delta;
+	BN_ULONG delta,d;
 
+again:
 	if (!BN_rand(rnd,bits,1,1)) return(0);
 	/* we now have a random number 'rand' to test. */
 	for (i=1; i<NUMPRIMES; i++)
@@ -300,9 +283,12 @@ int bits;
 		 * that gcd(rnd-1,primes) == 1 (except for 2) */
 		if (((mods[i]+delta)%primes[i]) <= 1)
 			{
+			d=delta;
 			delta+=2;
 			/* perhaps need to check for overflow of
-			 * delta (but delta can be upto 2^32) */
+			 * delta (but delta can be upto 2^32)
+			 * 21-May-98 eay - added overflow check */
+			if (delta < d) goto again;
 			goto loop;
 			}
 		}
@@ -310,17 +296,13 @@ int bits;
 	return(1);
 	}
 
-static int probable_prime_dh(rnd, bits, add, rem,ctx)
-BIGNUM *rnd;
-int bits;
-BIGNUM *add;
-BIGNUM *rem;
-BN_CTX *ctx;
+static int probable_prime_dh(BIGNUM *rnd, int bits, BIGNUM *add, BIGNUM *rem,
+	     BN_CTX *ctx)
 	{
 	int i,ret=0;
 	BIGNUM *t1;
 
-	t1=ctx->bn[ctx->tos++];
+	t1= &(ctx->bn[ctx->tos++]);
 
 	if (!BN_rand(rnd,bits,0,1)) goto err;
 
@@ -338,7 +320,7 @@ BN_CTX *ctx;
 	loop: for (i=1; i<NUMPRIMES; i++)
 		{
 		/* check that rnd is a prime */
-		if (BN_mod_word(rnd,(BN_LONG)primes[i]) <= 1)
+		if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)
 			{
 			if (!BN_add(rnd,rnd,add)) goto err;
 			goto loop;
@@ -350,20 +332,16 @@ err:
 	return(ret);
 	}
 
-static int probable_prime_dh_strong(p, bits, padd, rem,ctx)
-BIGNUM *p;
-int bits;
-BIGNUM *padd;
-BIGNUM *rem;
-BN_CTX *ctx;
+static int probable_prime_dh_safe(BIGNUM *p, int bits, BIGNUM *padd,
+	     BIGNUM *rem, BN_CTX *ctx)
 	{
 	int i,ret=0;
 	BIGNUM *t1,*qadd=NULL,*q=NULL;
 
 	bits--;
-	t1=ctx->bn[ctx->tos++];
-	q=ctx->bn[ctx->tos++];
-	qadd=ctx->bn[ctx->tos++];
+	t1= &(ctx->bn[ctx->tos++]);
+	q= &(ctx->bn[ctx->tos++]);
+	qadd= &(ctx->bn[ctx->tos++]);
 
 	if (!BN_rshift1(qadd,padd)) goto err;
 		
@@ -389,8 +367,8 @@ BN_CTX *ctx;
 		/* check that p and q are prime */
 		/* check that for p and q
 		 * gcd(p-1,primes) == 1 (except for 2) */
-		if (	(BN_mod_word(p,(BN_LONG)primes[i]) == 0) ||
-			(BN_mod_word(q,(BN_LONG)primes[i]) == 0))
+		if (	(BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||
+			(BN_mod_word(q,(BN_ULONG)primes[i]) == 0))
 			{
 			if (!BN_add(p,p,padd)) goto err;
 			if (!BN_add(q,q,qadd)) goto err;
@@ -404,20 +382,17 @@ err:
 	}
 
 #if 0
-static int witness(a, n,ctx)
-BIGNUM *a;
-BIGNUM *n;
-BN_CTX *ctx;
+static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx)
 	{
 	int k,i,nb,ret= -1;
 	BIGNUM *d,*dd,*tmp;
 	BIGNUM *d1,*d2,*x,*n1,*inv;
 
-	d1=ctx->bn[ctx->tos];
-	d2=ctx->bn[ctx->tos+1];
-	x=ctx->bn[ctx->tos+2];
-	n1=ctx->bn[ctx->tos+3];
-	inv=ctx->bn[ctx->tos+4];
+	d1= &(ctx->bn[ctx->tos]);
+	d2= &(ctx->bn[ctx->tos+1]);
+	x=  &(ctx->bn[ctx->tos+2]);
+	n1= &(ctx->bn[ctx->tos+3]);
+	inv=&(ctx->bn[ctx->tos+4]);
 	ctx->tos+=5;
 
 	d=d1;