* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
#include "bn_lcl.h"
#include <openssl/rand.h>
+/* NB: these functions have been "upgraded", the deprecated versions (which are
+ * compatibility wrappers using these functions) are in bn_depr.c.
+ * - Geoff
+ */
+
/* The quick sieve algorithm approach to weeding out primes is
* Philip Zimmermann's, as implemented in PGP. I have had a read of
* his comments and implemented my own version.
static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem,
- void (*callback)(int,int,void *), void *cb_arg)
+int BN_GENCB_call(BN_GENCB *cb, int a, int b)
+ {
+ /* No callback means continue */
+ if(!cb) return 1;
+ switch(cb->ver)
+ {
+ case 1:
+ /* Deprecated-style callbacks */
+ if(!cb->cb.cb_1)
+ return 1;
+ cb->cb.cb_1(a, b, cb->arg);
+ return 1;
+ case 2:
+ /* New-style callbacks */
+ return cb->cb.cb_2(a, b, cb);
+ default:
+ break;
+ }
+ /* Unrecognised callback type */
+ return 0;
+ }
+
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
{
- BIGNUM *rnd=NULL;
- BIGNUM t;
+ BIGNUM *t;
int found=0;
int i,j,c1=0;
BN_CTX *ctx;
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
- if (ret == NULL)
- {
- if ((rnd=BN_new()) == NULL) goto err;
- }
- else
- rnd=ret;
- BN_init(&t);
+ BN_CTX_start(ctx);
+ t = BN_CTX_get(ctx);
+ if(!t) goto err;
loop:
/* make a random number and set the top and bottom bits */
if (add == NULL)
{
- if (!probable_prime(rnd,bits)) goto err;
+ if (!probable_prime(ret,bits)) goto err;
}
else
{
if (safe)
{
- if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx))
+ if (!probable_prime_dh_safe(ret,bits,add,rem,ctx))
goto err;
}
else
{
- if (!probable_prime_dh(rnd,bits,add,rem,ctx))
+ if (!probable_prime_dh(ret,bits,add,rem,ctx))
goto err;
}
}
- /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
- if (callback != NULL) callback(0,c1++,cb_arg);
+ /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
+ if(!BN_GENCB_call(cb, 0, c1++))
+ /* aborted */
+ goto err;
if (!safe)
{
- i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0);
+ i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);
if (i == -1) goto err;
if (i == 0) goto loop;
}
* check that (p-1)/2 is prime.
* Since a prime is odd, We just
* need to divide by 2 */
- if (!BN_rshift1(&t,rnd)) goto err;
+ if (!BN_rshift1(t,ret)) goto err;
for (i=0; i<checks; i++)
{
- j=BN_is_prime_fasttest(rnd,1,callback,ctx,cb_arg,0);
+ j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb);
if (j == -1) goto err;
if (j == 0) goto loop;
- j=BN_is_prime_fasttest(&t,1,callback,ctx,cb_arg,0);
+ j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb);
if (j == -1) goto err;
if (j == 0) goto loop;
- if (callback != NULL) callback(2,c1-1,cb_arg);
+ if(!BN_GENCB_call(cb, 2, c1-1))
+ goto err;
/* We have a safe prime test pass */
}
}
/* we have a prime :-) */
found = 1;
err:
- if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
- BN_free(&t);
- if (ctx != NULL) BN_CTX_free(ctx);
- return(found ? rnd : NULL);
+ if (ctx != NULL)
+ {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ bn_check_top(ret);
+ return found;
}
-int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
- BN_CTX *ctx_passed, void *cb_arg)
+int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
{
- return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0);
+ return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
}
-int BN_is_prime_fasttest(const BIGNUM *a, int checks,
- void (*callback)(int,int,void *),
- BN_CTX *ctx_passed, void *cb_arg,
- int do_trial_division)
+int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+ int do_trial_division, BN_GENCB *cb)
{
int i, j, ret = -1;
int k;
BN_MONT_CTX *mont = NULL;
const BIGNUM *A = NULL;
- if (BN_cmp(a, BN_value_one) <= 0)
+ if (BN_cmp(a, BN_value_one()) <= 0)
return 0;
if (checks == BN_prime_checks)
/* first look for small factors */
if (!BN_is_odd(a))
- return 0;
+ /* a is even => a is prime if and only if a == 2 */
+ return BN_is_word(a, 2);
if (do_trial_division)
{
for (i = 1; i < NUMPRIMES; i++)
if (BN_mod_word(a, primes[i]) == 0)
return 0;
- if (callback != NULL) callback(1, -1, cb_arg);
+ if(!BN_GENCB_call(cb, 1, -1))
+ goto err;
}
if (ctx_passed != NULL)
ret=0;
goto err;
}
- if (callback != NULL) callback(1,i,cb_arg);
+ if(!BN_GENCB_call(cb, 1, i))
+ goto err;
}
ret=1;
err:
}
/* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
* and it is neither -1 nor +1 -- so 'a' cannot be prime */
+ bn_check_top(w);
return 1;
}
{
int i;
BN_ULONG mods[NUMPRIMES];
- BN_ULONG delta,d;
+ BN_ULONG delta,maxdelta;
again:
if (!BN_rand(rnd,bits,1,1)) return(0);
/* we now have a random number 'rand' to test. */
for (i=1; i<NUMPRIMES; i++)
mods[i]=BN_mod_word(rnd,(BN_ULONG)primes[i]);
+ maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
delta=0;
loop: for (i=1; i<NUMPRIMES; i++)
{
* that gcd(rnd-1,primes) == 1 (except for 2) */
if (((mods[i]+delta)%primes[i]) <= 1)
{
- d=delta;
delta+=2;
- /* perhaps need to check for overflow of
- * delta (but delta can be up to 2^32)
- * 21-May-98 eay - added overflow check */
- if (delta < d) goto again;
+ if (delta > maxdelta) goto again;
goto loop;
}
}
if (!BN_add_word(rnd,delta)) return(0);
+ bn_check_top(rnd);
return(1);
}
ret=1;
err:
BN_CTX_end(ctx);
+ bn_check_top(rnd);
return(ret);
}
ret=1;
err:
BN_CTX_end(ctx);
+ bn_check_top(p);
return(ret);
}
projects / openssl.git / blobdiff