[openssl] master update
Matt Caswell
matt at openssl.org
Mon Jul 15 10:20:27 UTC 2019
The branch master has been updated
via 2934be91349b365f1350fe9c30e4263be653c0f6 (commit)
from 753149d97f8474ff8745a66175b8e4a19fe50743 (commit)
- Log -----------------------------------------------------------------
commit 2934be91349b365f1350fe9c30e4263be653c0f6
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jul 4 15:41:17 2019 +0100
Make sure all BIGNUM operations work within the FIPS provider
The FIPS provider does not have a default OPENSSL_CTX so, where
necessary, we need to ensure we can always access an explicit
OPENSSL_CTX. We remove functions from the FIPS provider that use
the default OPENSSL_CTX, and fixup some places which were using
those removed functions.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9310)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_blind.c | 2 +-
crypto/bn/bn_ctx.c | 4 +++
crypto/bn/bn_err.c | 2 ++
crypto/bn/bn_gf2m.c | 7 +++--
crypto/bn/bn_prime.c | 67 +++++++++++++++++++++++++++---------------
crypto/bn/bn_rand.c | 8 +++++
crypto/bn/bn_rsa_fips186_4.c | 9 ++++--
crypto/bn/bn_sqrt.c | 2 +-
crypto/bn/bn_x931p.c | 9 +++---
crypto/err/openssl.txt | 1 +
doc/man3/BN_generate_prime.pod | 26 +++++++++++-----
include/openssl/bn.h | 3 ++
include/openssl/bnerr.h | 1 +
util/libcrypto.num | 1 +
14 files changed, 100 insertions(+), 42 deletions(-)
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index e003f9a..826f3f0 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -270,7 +270,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
do {
int rv;
- if (!BN_priv_rand_range(ret->A, ret->mod))
+ if (!BN_priv_rand_range_ex(ret->A, ret->mod, ctx))
goto err;
if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
break;
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index cc3c303..a60c744 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -143,10 +143,12 @@ BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
return ret;
}
+#ifndef FIPS_MODE
BN_CTX *BN_CTX_new(void)
{
return BN_CTX_new_ex(NULL);
}
+#endif
BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
{
@@ -157,10 +159,12 @@ BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
return ret;
}
+#ifndef FIPS_MODE
BN_CTX *BN_CTX_secure_new(void)
{
return BN_CTX_secure_new_ex(NULL);
}
+#endif
void BN_CTX_free(BN_CTX *ctx)
{
diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
index a28443c..9a59cfb 100644
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -40,6 +40,8 @@ static const ERR_STRING_DATA BN_str_functs[] = {
"BN_generate_dsa_nonce"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX, 0),
"BN_generate_prime_ex"},
+ {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX2, 0),
+ "BN_generate_prime_ex2"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD, 0), "BN_GF2m_mod"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_EXP, 0), "BN_GF2m_mod_exp"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_MUL, 0), "BN_GF2m_mod_mul"},
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
index 910f014..e025dae 100644
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -732,8 +732,8 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
/* generate blinding value */
do {
- if (!BN_priv_rand(b, BN_num_bits(p) - 1,
- BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+ if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1,
+ BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx))
goto err;
} while (BN_is_zero(b));
@@ -1031,7 +1031,8 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
if (tmp == NULL)
goto err;
do {
- if (!BN_priv_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+ if (!BN_priv_rand_ex(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY,
+ ctx))
goto err;
if (!BN_GF2m_mod_arr(rho, rho, p))
goto err;
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 47e2f23..1cfd953 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -19,7 +19,7 @@
*/
#include "bn_prime.h"
-static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods, BN_CTX *ctx);
static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
const BIGNUM *add, const BIGNUM *rem,
BN_CTX *ctx);
@@ -84,19 +84,19 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b)
return 0;
}
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
+int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
+ BN_CTX *ctx)
{
BIGNUM *t;
int found = 0;
int i, j, c1 = 0;
- BN_CTX *ctx = NULL;
prime_t *mods = NULL;
int checks = BN_prime_checks_for_size(bits);
if (bits < 2) {
/* There are no prime numbers this small. */
- BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+ BNerr(BN_F_BN_GENERATE_PRIME_EX2, BN_R_BITS_TOO_SMALL);
return 0;
} else if (add == NULL && safe && bits < 6 && bits != 3) {
/*
@@ -104,7 +104,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
* But the following two safe primes with less than 6 bits (11, 23)
* are unreachable for BN_rand with BN_RAND_TOP_TWO.
*/
- BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+ BNerr(BN_F_BN_GENERATE_PRIME_EX2, BN_R_BITS_TOO_SMALL);
return 0;
}
@@ -112,9 +112,6 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
if (mods == NULL)
goto err;
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
if (t == NULL)
@@ -122,7 +119,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
loop:
/* make a random number and set the top and bottom bits */
if (add == NULL) {
- if (!probable_prime(ret, bits, mods))
+ if (!probable_prime(ret, bits, mods, ctx))
goto err;
} else {
if (safe) {
@@ -175,11 +172,27 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
err:
OPENSSL_free(mods);
BN_CTX_end(ctx);
- BN_CTX_free(ctx);
bn_check_top(ret);
return found;
}
+#ifndef FIPS_MODE
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
+{
+ BN_CTX *ctx = BN_CTX_new();
+ int retval;
+
+ if (ctx == NULL)
+ return 0;
+
+ retval = BN_generate_prime_ex2(ret, bits, safe, add, rem, cb, ctx);
+
+ BN_CTX_free(ctx);
+ return retval;
+}
+#endif
+
int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
BN_GENCB *cb)
{
@@ -187,11 +200,17 @@ int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
}
/* See FIPS 186-4 C.3.1 Miller Rabin Probabilistic Primality Test. */
-int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx_passed,
+int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx,
int do_trial_division, BN_GENCB *cb)
{
int i, status, ret = -1;
- BN_CTX *ctx = NULL;
+#ifndef FIPS_MODE
+ BN_CTX *ctxlocal = NULL;
+#else
+
+ if (ctx == NULL)
+ return -1;
+#endif
/* w must be bigger than 1 */
if (BN_cmp(w, BN_value_one()) <= 0)
@@ -219,18 +238,19 @@ int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx_passed,
if (!BN_GENCB_call(cb, 1, -1))
return -1;
}
- if (ctx_passed != NULL)
- ctx = ctx_passed;
- else if ((ctx = BN_CTX_new()) == NULL)
+#ifndef FIPS_MODE
+ if (ctx == NULL && (ctxlocal = ctx = BN_CTX_new()) == NULL)
goto err;
+#endif
ret = bn_miller_rabin_is_prime(w, checks, ctx, cb, 0, &status);
if (!ret)
goto err;
ret = (status == BN_PRIMETEST_PROBABLY_PRIME);
err:
- if (ctx_passed == NULL)
- BN_CTX_free(ctx);
+#ifndef FIPS_MODE
+ BN_CTX_free(ctxlocal);
+#endif
return ret;
}
@@ -301,7 +321,8 @@ int bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx,
/* (Step 4) */
for (i = 0; i < iterations; ++i) {
/* (Step 4.1) obtain a Random string of bits b where 1 < b < w-1 */
- if (!BN_priv_rand_range(b, w3) || !BN_add_word(b, 2)) /* 1 < b < w-1 */
+ if (!BN_priv_rand_range_ex(b, w3, ctx)
+ || !BN_add_word(b, 2)) /* 1 < b < w-1 */
goto err;
if (enhanced) {
@@ -379,7 +400,7 @@ err:
return ret;
}
-static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods, BN_CTX *ctx)
{
int i;
BN_ULONG delta;
@@ -388,7 +409,7 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
again:
/* TODO: Not all primes are private */
- if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
+ if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, ctx))
return 0;
/* we now have a random number 'rnd' to test. */
for (i = 1; i < NUMPRIMES; i++) {
@@ -472,7 +493,7 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits,
if ((t1 = BN_CTX_get(ctx)) == NULL)
goto err;
- if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+ if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, ctx))
goto err;
/* we need ((rnd-rem) % add) == 0 */
@@ -528,7 +549,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
if (!BN_rshift1(qadd, padd))
goto err;
- if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+ if (!BN_rand_ex(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, ctx))
goto err;
/* we need ((rnd-rem) % add) == 0 */
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index a71e7d4..d1743dd 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -103,6 +103,7 @@ int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
{
return bnrand(NORMAL, rnd, bits, top, bottom, ctx);
}
+#ifndef FIPS_MODE
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(NORMAL, rnd, bits, top, bottom, NULL);
@@ -112,16 +113,19 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(TESTING, rnd, bits, top, bottom, NULL);
}
+#endif
int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
{
return bnrand(PRIVATE, rnd, bits, top, bottom, ctx);
}
+#ifndef FIPS_MODE
int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(PRIVATE, rnd, bits, top, bottom, NULL);
}
+#endif
/* random number r: 0 <= r < range */
static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
@@ -195,16 +199,19 @@ int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
return bnrand_range(NORMAL, r, range, ctx);
}
+#ifndef FIPS_MODE
int BN_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bnrand_range(NORMAL, r, range, NULL);
}
+#endif
int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
{
return bnrand_range(PRIVATE, r, range, ctx);
}
+#ifndef FIPS_MODE
int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bnrand_range(PRIVATE, r, range, NULL);
@@ -219,6 +226,7 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
{
return BN_rand_range(r, range);
}
+#endif
/*
* BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
index 261669d..9a3041e 100644
--- a/crypto/bn/bn_rsa_fips186_4.c
+++ b/crypto/bn/bn_rsa_fips186_4.c
@@ -193,13 +193,15 @@ int bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
/* (Steps 4.1/5.1): Randomly generate Xp1 if it is not passed in */
if (Xp1 == NULL) {
/* Set the top and bottom bits to make it odd and the correct size */
- if (!BN_priv_rand(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+ if (!BN_priv_rand_ex(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD,
+ ctx))
goto err;
}
/* (Steps 4.1/5.1): Randomly generate Xp2 if it is not passed in */
if (Xp2 == NULL) {
/* Set the top and bottom bits to make it odd and the correct size */
- if (!BN_priv_rand(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+ if (!BN_priv_rand_ex(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD,
+ ctx))
goto err;
}
@@ -305,7 +307,8 @@ int bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
* so largest number will have B5... as the top byte
* Setting the top 2 bits gives 0xC0.
*/
- if (!BN_priv_rand(X, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+ if (!BN_priv_rand_ex(X, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY,
+ ctx))
goto end;
}
/* (Step 4) Y = X + ((R - X) mod 2r1r2) */
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index 5981cd0..2107487 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -180,7 +180,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
if (!BN_set_word(y, i))
goto end;
} else {
- if (!BN_priv_rand(y, BN_num_bits(p), 0, 0))
+ if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, ctx))
goto end;
if (BN_ucmp(y, p) >= 0) {
if (!(p->neg ? BN_add : BN_sub) (y, y, p))
diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c
index 3599270..c79e427 100644
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -173,7 +173,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
* - 1. By setting the top two bits we ensure that the lower bound is
* exceeded.
*/
- if (!BN_priv_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+ if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, ctx))
goto err;
BN_CTX_start(ctx);
@@ -182,7 +182,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
goto err;
for (i = 0; i < 1000; i++) {
- if (!BN_priv_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+ if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY,
+ ctx))
goto err;
/* Check that |Xp - Xq| > 2^(nbits - 100) */
@@ -227,9 +228,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
if (Xp1 == NULL || Xp2 == NULL)
goto error;
- if (!BN_priv_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+ if (!BN_priv_rand_ex(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx))
goto error;
- if (!BN_priv_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+ if (!BN_priv_rand_ex(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx))
goto error;
if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
goto error;
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index ddff08c..a8f28dc 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -205,6 +205,7 @@ BN_F_BN_EXPAND_INTERNAL:120:bn_expand_internal
BN_F_BN_GENCB_NEW:143:BN_GENCB_new
BN_F_BN_GENERATE_DSA_NONCE:140:BN_generate_dsa_nonce
BN_F_BN_GENERATE_PRIME_EX:141:BN_generate_prime_ex
+BN_F_BN_GENERATE_PRIME_EX2:152:BN_generate_prime_ex2
BN_F_BN_GF2M_MOD:131:BN_GF2m_mod
BN_F_BN_GF2M_MOD_EXP:132:BN_GF2m_mod_exp
BN_F_BN_GF2M_MOD_MUL:133:BN_GF2m_mod_mul
diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod
index eb5d89a..5de646d 100644
--- a/doc/man3/BN_generate_prime.pod
+++ b/doc/man3/BN_generate_prime.pod
@@ -2,15 +2,19 @@
=head1 NAME
-BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call,
-BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg,
-BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test
-for primality
+BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex,
+BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free,
+BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime,
+BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality
=head1 SYNOPSIS
#include <openssl/bn.h>
+ int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
+ BN_CTX *ctx);
+
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
const BIGNUM *rem, BN_GENCB *cb);
@@ -50,9 +54,10 @@ L<openssl_user_macros(7)>:
=head1 DESCRIPTION
-BN_generate_prime_ex() generates a pseudo-random prime number of
-at least bit length B<bits>. The returned number is probably prime
-with a negligible error.
+BN_generate_prime_ex2() generates a pseudo-random prime number of
+at least bit length B<bits> using the BN_CTX provided in B<ctx>. The value of
+B<ctx> must not be NULL.
+The returned number is probably prime with a negligible error.
If B<ret> is not B<NULL>, it will be used to store the number.
@@ -94,6 +99,13 @@ that (p-1)/2 is also prime).
The random generator must be seeded prior to calling BN_generate_prime_ex().
If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
external circumstances (see L<RAND(7)>), the operation will fail.
+The random number generator configured for the OPENSSL_CTX associated with
+B<ctx> will be used.
+
+BN_generate_prime_ex() is the same as BN_generate_prime_ex2() except that no
+B<ctx> parameter is passed.
+In this case the random number generator associated with the default OPENSSL_CTX
+will be used.
BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number B<p> is
prime. The following tests are performed until one of them shows that
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 5c645d5..ca92c0e 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -348,6 +348,9 @@ DEPRECATEDIN_0_9_8(int
int do_trial_division))
/* Newer versions */
+int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
+ BN_CTX *ctx);
int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
const BIGNUM *rem, BN_GENCB *cb);
int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h
index ebbcd9a..b9958cb 100644
--- a/include/openssl/bnerr.h
+++ b/include/openssl/bnerr.h
@@ -44,6 +44,7 @@ int ERR_load_BN_strings(void);
# define BN_F_BN_GENCB_NEW 143
# define BN_F_BN_GENERATE_DSA_NONCE 140
# define BN_F_BN_GENERATE_PRIME_EX 141
+# define BN_F_BN_GENERATE_PRIME_EX2 152
# define BN_F_BN_GF2M_MOD 131
# define BN_F_BN_GF2M_MOD_EXP 132
# define BN_F_BN_GF2M_MOD_MUL 133
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 49d2f22..0ce8800 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4678,3 +4678,4 @@ BN_rand_ex 4783 3_0_0 EXIST::FUNCTION:
BN_priv_rand_ex 4784 3_0_0 EXIST::FUNCTION:
BN_rand_range_ex 4785 3_0_0 EXIST::FUNCTION:
BN_priv_rand_range_ex 4786 3_0_0 EXIST::FUNCTION:
+BN_generate_prime_ex2 4787 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list