Add BN_check_prime()

Add a new API to test for primes that can't be misused, deprecated the old APIs. Suggested by Jake Massimo and Kenneth Paterson Reviewed-by: Paul Dale <paul.dale@oracle.com> GH: #9272
author: Kurt Roeckx <kurt@roeckx.be> 2019-10-06 17:21:16 +0200
committer: Kurt Roeckx <kurt@roeckx.be> 2019-10-14 22:54:02 +0200
commit: 42619397eb5db1a77d077250b0841b9c9f2b8984 (patch)
tree: d8afd9cabeedfe4cade8580206ed323bd6f4b9d0 /apps/s_client.c
parent: 6c4ae41f1ca857254fc9e27edead81ff2fd3f3fe (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index 016df7c657..392ab02234 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -272,8 +272,6 @@ typedef struct srp_arg_st {
     int strength;               /* minimal size for N */
 } SRP_ARG;
 
-# define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
-
 static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
 {
     BN_CTX *bn_ctx = BN_CTX_new();
@@ -281,10 +279,10 @@ static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
     BIGNUM *r = BN_new();
     int ret =
         g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
-        BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
+        BN_check_prime(N, bn_ctx, NULL) == 1 &&
         p != NULL && BN_rshift1(p, N) &&
         /* p = (N-1)/2 */
-        BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
+        BN_check_prime(p, bn_ctx, NULL) == 1 &&
         r != NULL &&
         /* verify g^((N-1)/2) == -1 (mod N) */
         BN_mod_exp(r, g, p, N, bn_ctx) &&
author	Kurt Roeckx <kurt@roeckx.be>	2019-10-06 17:21:16 +0200
committer	Kurt Roeckx <kurt@roeckx.be>	2019-10-14 22:54:02 +0200
commit	42619397eb5db1a77d077250b0841b9c9f2b8984 (patch)
tree	d8afd9cabeedfe4cade8580206ed323bd6f4b9d0 /apps/s_client.c
parent	6c4ae41f1ca857254fc9e27edead81ff2fd3f3fe (diff)