diff options
| author | Kurt Roeckx <kurt@roeckx.be> | 2019-04-13 14:04:35 +0200 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2019-04-15 22:37:48 +0200 |
| commit | 3e3dcf9ab8a2fc0214502dad56d94fd95bcbbfd5 (patch) | |
| tree | 99458f2ea316ad4e3bca1e61886fa44fe0c84258 | |
| parent | 72eb100f8a38c5b3822d7751eddaa2f3f4576fa1 (diff) | |
Call RSA generation callback at the correct time.
The callback should be called with 1 when a Miller-Rabin round marked
the candidate as probably prime.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
GH: #8742
| -rw-r--r-- | crypto/bn/bn_prime.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 2c9f89d95d..03402c2cec 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -329,8 +329,6 @@ int bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx, if (BN_is_one(z)) goto composite; } - if (!BN_GENCB_call(cb, 1, i)) - goto err; /* At this point z = b^((w-1)/2) mod w */ /* (Steps 4.8 - 4.9) x = z, z = x^2 mod w */ if (!BN_copy(x, z) || !BN_mod_mul(z, x, x, w, ctx)) @@ -358,6 +356,8 @@ composite: goto err; outer_loop: ; /* (Step 4.1.5) */ + if (!BN_GENCB_call(cb, 1, i)) + goto err; } /* (Step 5) */ *status = BN_PRIMETEST_PROBABLY_PRIME; |