[openssl] master update

Matt Caswell matt at openssl.org
Mon Jul 15 10:20:27 UTC 2019


The branch master has been updated
       via  2934be91349b365f1350fe9c30e4263be653c0f6 (commit)
      from  753149d97f8474ff8745a66175b8e4a19fe50743 (commit)


- Log -----------------------------------------------------------------
commit 2934be91349b365f1350fe9c30e4263be653c0f6
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Jul 4 15:41:17 2019 +0100

    Make sure all BIGNUM operations work within the FIPS provider
    
    The FIPS provider does not have a default OPENSSL_CTX so, where
    necessary, we need to ensure we can always access an explicit
    OPENSSL_CTX. We remove functions from the FIPS provider that use
    the default OPENSSL_CTX, and fixup some places which were using
    those removed functions.
    
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/9310)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_blind.c           |  2 +-
 crypto/bn/bn_ctx.c             |  4 +++
 crypto/bn/bn_err.c             |  2 ++
 crypto/bn/bn_gf2m.c            |  7 +++--
 crypto/bn/bn_prime.c           | 67 +++++++++++++++++++++++++++---------------
 crypto/bn/bn_rand.c            |  8 +++++
 crypto/bn/bn_rsa_fips186_4.c   |  9 ++++--
 crypto/bn/bn_sqrt.c            |  2 +-
 crypto/bn/bn_x931p.c           |  9 +++---
 crypto/err/openssl.txt         |  1 +
 doc/man3/BN_generate_prime.pod | 26 +++++++++++-----
 include/openssl/bn.h           |  3 ++
 include/openssl/bnerr.h        |  1 +
 util/libcrypto.num             |  1 +
 14 files changed, 100 insertions(+), 42 deletions(-)

diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index e003f9a..826f3f0 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -270,7 +270,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
 
     do {
         int rv;
-        if (!BN_priv_rand_range(ret->A, ret->mod))
+        if (!BN_priv_rand_range_ex(ret->A, ret->mod, ctx))
             goto err;
         if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
             break;
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index cc3c303..a60c744 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -143,10 +143,12 @@ BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
     return ret;
 }
 
+#ifndef FIPS_MODE
 BN_CTX *BN_CTX_new(void)
 {
     return BN_CTX_new_ex(NULL);
 }
+#endif
 
 BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
 {
@@ -157,10 +159,12 @@ BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
     return ret;
 }
 
+#ifndef FIPS_MODE
 BN_CTX *BN_CTX_secure_new(void)
 {
     return BN_CTX_secure_new_ex(NULL);
 }
+#endif
 
 void BN_CTX_free(BN_CTX *ctx)
 {
diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
index a28443c..9a59cfb 100644
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -40,6 +40,8 @@ static const ERR_STRING_DATA BN_str_functs[] = {
      "BN_generate_dsa_nonce"},
     {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX, 0),
      "BN_generate_prime_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX2, 0),
+     "BN_generate_prime_ex2"},
     {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD, 0), "BN_GF2m_mod"},
     {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_EXP, 0), "BN_GF2m_mod_exp"},
     {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_MUL, 0), "BN_GF2m_mod_mul"},
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
index 910f014..e025dae 100644
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -732,8 +732,8 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 
     /* generate blinding value */
     do {
-        if (!BN_priv_rand(b, BN_num_bits(p) - 1,
-                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+        if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1,
+                             BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx))
             goto err;
     } while (BN_is_zero(b));
 
@@ -1031,7 +1031,8 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
         if (tmp == NULL)
             goto err;
         do {
-            if (!BN_priv_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+            if (!BN_priv_rand_ex(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY,
+                                 ctx))
                 goto err;
             if (!BN_GF2m_mod_arr(rho, rho, p))
                 goto err;
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 47e2f23..1cfd953 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -19,7 +19,7 @@
  */
 #include "bn_prime.h"
 
-static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods, BN_CTX *ctx);
 static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
                                   const BIGNUM *add, const BIGNUM *rem,
                                   BN_CTX *ctx);
@@ -84,19 +84,19 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b)
     return 0;
 }
 
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
-                         const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
+int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
+                          const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
+                          BN_CTX *ctx)
 {
     BIGNUM *t;
     int found = 0;
     int i, j, c1 = 0;
-    BN_CTX *ctx = NULL;
     prime_t *mods = NULL;
     int checks = BN_prime_checks_for_size(bits);
 
     if (bits < 2) {
         /* There are no prime numbers this small. */
-        BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+        BNerr(BN_F_BN_GENERATE_PRIME_EX2, BN_R_BITS_TOO_SMALL);
         return 0;
     } else if (add == NULL && safe && bits < 6 && bits != 3) {
         /*
@@ -104,7 +104,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
          * But the following two safe primes with less than 6 bits (11, 23)
          * are unreachable for BN_rand with BN_RAND_TOP_TWO.
          */
-        BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+        BNerr(BN_F_BN_GENERATE_PRIME_EX2, BN_R_BITS_TOO_SMALL);
         return 0;
     }
 
@@ -112,9 +112,6 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
     if (mods == NULL)
         goto err;
 
-    ctx = BN_CTX_new();
-    if (ctx == NULL)
-        goto err;
     BN_CTX_start(ctx);
     t = BN_CTX_get(ctx);
     if (t == NULL)
@@ -122,7 +119,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
  loop:
     /* make a random number and set the top and bottom bits */
     if (add == NULL) {
-        if (!probable_prime(ret, bits, mods))
+        if (!probable_prime(ret, bits, mods, ctx))
             goto err;
     } else {
         if (safe) {
@@ -175,11 +172,27 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
  err:
     OPENSSL_free(mods);
     BN_CTX_end(ctx);
-    BN_CTX_free(ctx);
     bn_check_top(ret);
     return found;
 }
 
+#ifndef FIPS_MODE
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+                         const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
+{
+    BN_CTX *ctx = BN_CTX_new();
+    int retval;
+
+    if (ctx == NULL)
+        return 0;
+
+    retval = BN_generate_prime_ex2(ret, bits, safe, add, rem, cb, ctx);
+
+    BN_CTX_free(ctx);
+    return retval;
+}
+#endif
+
 int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
                    BN_GENCB *cb)
 {
@@ -187,11 +200,17 @@ int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
 }
 
 /* See FIPS 186-4 C.3.1 Miller Rabin Probabilistic Primality Test. */
-int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx_passed,
+int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx,
                             int do_trial_division, BN_GENCB *cb)
 {
     int i, status, ret = -1;
-    BN_CTX *ctx = NULL;
+#ifndef FIPS_MODE
+    BN_CTX *ctxlocal = NULL;
+#else
+
+    if (ctx == NULL)
+        return -1;
+#endif
 
     /* w must be bigger than 1 */
     if (BN_cmp(w, BN_value_one()) <= 0)
@@ -219,18 +238,19 @@ int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx_passed,
         if (!BN_GENCB_call(cb, 1, -1))
             return -1;
     }
-    if (ctx_passed != NULL)
-        ctx = ctx_passed;
-    else if ((ctx = BN_CTX_new()) == NULL)
+#ifndef FIPS_MODE
+    if (ctx == NULL && (ctxlocal = ctx = BN_CTX_new()) == NULL)
         goto err;
+#endif
 
     ret = bn_miller_rabin_is_prime(w, checks, ctx, cb, 0, &status);
     if (!ret)
         goto err;
     ret = (status == BN_PRIMETEST_PROBABLY_PRIME);
 err:
-    if (ctx_passed == NULL)
-        BN_CTX_free(ctx);
+#ifndef FIPS_MODE
+    BN_CTX_free(ctxlocal);
+#endif
     return ret;
 }
 
@@ -301,7 +321,8 @@ int bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx,
     /* (Step 4) */
     for (i = 0; i < iterations; ++i) {
         /* (Step 4.1) obtain a Random string of bits b where 1 < b < w-1 */
-        if (!BN_priv_rand_range(b, w3) || !BN_add_word(b, 2)) /* 1 < b < w-1 */
+        if (!BN_priv_rand_range_ex(b, w3, ctx)
+                || !BN_add_word(b, 2)) /* 1 < b < w-1 */
             goto err;
 
         if (enhanced) {
@@ -379,7 +400,7 @@ err:
     return ret;
 }
 
-static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods, BN_CTX *ctx)
 {
     int i;
     BN_ULONG delta;
@@ -388,7 +409,7 @@ static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
 
  again:
     /* TODO: Not all primes are private */
-    if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
+    if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, ctx))
         return 0;
     /* we now have a random number 'rnd' to test. */
     for (i = 1; i < NUMPRIMES; i++) {
@@ -472,7 +493,7 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits,
     if ((t1 = BN_CTX_get(ctx)) == NULL)
         goto err;
 
-    if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+    if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, ctx))
         goto err;
 
     /* we need ((rnd-rem) % add) == 0 */
@@ -528,7 +549,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
     if (!BN_rshift1(qadd, padd))
         goto err;
 
-    if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+    if (!BN_rand_ex(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, ctx))
         goto err;
 
     /* we need ((rnd-rem) % add) == 0 */
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index a71e7d4..d1743dd 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -103,6 +103,7 @@ int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
 {
     return bnrand(NORMAL, rnd, bits, top, bottom, ctx);
 }
+#ifndef FIPS_MODE
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
     return bnrand(NORMAL, rnd, bits, top, bottom, NULL);
@@ -112,16 +113,19 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
     return bnrand(TESTING, rnd, bits, top, bottom, NULL);
 }
+#endif
 
 int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
 {
     return bnrand(PRIVATE, rnd, bits, top, bottom, ctx);
 }
 
+#ifndef FIPS_MODE
 int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
     return bnrand(PRIVATE, rnd, bits, top, bottom, NULL);
 }
+#endif
 
 /* random number r:  0 <= r < range */
 static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
@@ -195,16 +199,19 @@ int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
     return bnrand_range(NORMAL, r, range, ctx);
 }
 
+#ifndef FIPS_MODE
 int BN_rand_range(BIGNUM *r, const BIGNUM *range)
 {
     return bnrand_range(NORMAL, r, range, NULL);
 }
+#endif
 
 int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
 {
     return bnrand_range(PRIVATE, r, range, ctx);
 }
 
+#ifndef FIPS_MODE
 int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
 {
     return bnrand_range(PRIVATE, r, range, NULL);
@@ -219,6 +226,7 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
 {
     return BN_rand_range(r, range);
 }
+#endif
 
 /*
  * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
index 261669d..9a3041e 100644
--- a/crypto/bn/bn_rsa_fips186_4.c
+++ b/crypto/bn/bn_rsa_fips186_4.c
@@ -193,13 +193,15 @@ int bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
     /* (Steps 4.1/5.1): Randomly generate Xp1 if it is not passed in */
     if (Xp1 == NULL) {
         /* Set the top and bottom bits to make it odd and the correct size */
-        if (!BN_priv_rand(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+        if (!BN_priv_rand_ex(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD,
+                             ctx))
             goto err;
     }
     /* (Steps 4.1/5.1): Randomly generate Xp2 if it is not passed in */
     if (Xp2 == NULL) {
         /* Set the top and bottom bits to make it odd and the correct size */
-        if (!BN_priv_rand(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+        if (!BN_priv_rand_ex(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD,
+                             ctx))
             goto err;
     }
 
@@ -305,7 +307,8 @@ int bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
              *   so largest number will have B5... as the top byte
              *   Setting the top 2 bits gives 0xC0.
              */
-            if (!BN_priv_rand(X, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+            if (!BN_priv_rand_ex(X, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY,
+                                 ctx))
                 goto end;
         }
         /* (Step 4) Y = X + ((R - X) mod 2r1r2) */
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index 5981cd0..2107487 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -180,7 +180,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
             if (!BN_set_word(y, i))
                 goto end;
         } else {
-            if (!BN_priv_rand(y, BN_num_bits(p), 0, 0))
+            if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, ctx))
                 goto end;
             if (BN_ucmp(y, p) >= 0) {
                 if (!(p->neg ? BN_add : BN_sub) (y, y, p))
diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c
index 3599270..c79e427 100644
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -173,7 +173,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
      * - 1. By setting the top two bits we ensure that the lower bound is
      * exceeded.
      */
-    if (!BN_priv_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+    if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, ctx))
         goto err;
 
     BN_CTX_start(ctx);
@@ -182,7 +182,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
         goto err;
 
     for (i = 0; i < 1000; i++) {
-        if (!BN_priv_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+        if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY,
+                             ctx))
             goto err;
 
         /* Check that |Xp - Xq| > 2^(nbits - 100) */
@@ -227,9 +228,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
     if (Xp1 == NULL || Xp2 == NULL)
         goto error;
 
-    if (!BN_priv_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+    if (!BN_priv_rand_ex(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx))
         goto error;
-    if (!BN_priv_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+    if (!BN_priv_rand_ex(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx))
         goto error;
     if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
         goto error;
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index ddff08c..a8f28dc 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -205,6 +205,7 @@ BN_F_BN_EXPAND_INTERNAL:120:bn_expand_internal
 BN_F_BN_GENCB_NEW:143:BN_GENCB_new
 BN_F_BN_GENERATE_DSA_NONCE:140:BN_generate_dsa_nonce
 BN_F_BN_GENERATE_PRIME_EX:141:BN_generate_prime_ex
+BN_F_BN_GENERATE_PRIME_EX2:152:BN_generate_prime_ex2
 BN_F_BN_GF2M_MOD:131:BN_GF2m_mod
 BN_F_BN_GF2M_MOD_EXP:132:BN_GF2m_mod_exp
 BN_F_BN_GF2M_MOD_MUL:133:BN_GF2m_mod_mul
diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod
index eb5d89a..5de646d 100644
--- a/doc/man3/BN_generate_prime.pod
+++ b/doc/man3/BN_generate_prime.pod
@@ -2,15 +2,19 @@
 
 =head1 NAME
 
-BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call,
-BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg,
-BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test
-for primality
+BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex,
+BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free,
+BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime,
+BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality
 
 =head1 SYNOPSIS
 
  #include <openssl/bn.h>
 
+ int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
+                           const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
+                           BN_CTX *ctx);
+
  int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
                           const BIGNUM *rem, BN_GENCB *cb);
 
@@ -50,9 +54,10 @@ L<openssl_user_macros(7)>:
 
 =head1 DESCRIPTION
 
-BN_generate_prime_ex() generates a pseudo-random prime number of
-at least bit length B<bits>. The returned number is probably prime
-with a negligible error.
+BN_generate_prime_ex2() generates a pseudo-random prime number of
+at least bit length B<bits> using the BN_CTX provided in B<ctx>. The value of
+B<ctx> must not be NULL.
+The returned number is probably prime with a negligible error.
 
 If B<ret> is not B<NULL>, it will be used to store the number.
 
@@ -94,6 +99,13 @@ that (p-1)/2 is also prime).
 The random generator must be seeded prior to calling BN_generate_prime_ex().
 If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
 external circumstances (see L<RAND(7)>), the operation will fail.
+The random number generator configured for the OPENSSL_CTX associated with
+B<ctx> will be used.
+
+BN_generate_prime_ex() is the same as BN_generate_prime_ex2() except that no
+B<ctx> parameter is passed.
+In this case the random number generator associated with the default OPENSSL_CTX
+will be used.
 
 BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number B<p> is
 prime.  The following tests are performed until one of them shows that
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 5c645d5..ca92c0e 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -348,6 +348,9 @@ DEPRECATEDIN_0_9_8(int
                                         int do_trial_division))
 
 /* Newer versions */
+int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe,
+                         const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb,
+                         BN_CTX *ctx);
 int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
                          const BIGNUM *rem, BN_GENCB *cb);
 int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h
index ebbcd9a..b9958cb 100644
--- a/include/openssl/bnerr.h
+++ b/include/openssl/bnerr.h
@@ -44,6 +44,7 @@ int ERR_load_BN_strings(void);
 # define BN_F_BN_GENCB_NEW                                143
 # define BN_F_BN_GENERATE_DSA_NONCE                       140
 # define BN_F_BN_GENERATE_PRIME_EX                        141
+# define BN_F_BN_GENERATE_PRIME_EX2                       152
 # define BN_F_BN_GF2M_MOD                                 131
 # define BN_F_BN_GF2M_MOD_EXP                             132
 # define BN_F_BN_GF2M_MOD_MUL                             133
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 49d2f22..0ce8800 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4678,3 +4678,4 @@ BN_rand_ex                              4783	3_0_0	EXIST::FUNCTION:
 BN_priv_rand_ex                         4784	3_0_0	EXIST::FUNCTION:
 BN_rand_range_ex                        4785	3_0_0	EXIST::FUNCTION:
 BN_priv_rand_range_ex                   4786	3_0_0	EXIST::FUNCTION:
+BN_generate_prime_ex2                   4787	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list