diff options
| author | Kurt Roeckx <kurt@roeckx.be> | 2019-10-06 17:21:16 +0200 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2019-10-14 22:54:02 +0200 |
| commit | 42619397eb5db1a77d077250b0841b9c9f2b8984 (patch) | |
| tree | d8afd9cabeedfe4cade8580206ed323bd6f4b9d0 /apps | |
| parent | 6c4ae41f1ca857254fc9e27edead81ff2fd3f3fe (diff) | |
Add BN_check_prime()
Add a new API to test for primes that can't be misused, deprecated the
old APIs.
Suggested by Jake Massimo and Kenneth Paterson
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #9272
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/prime.c | 7 | ||||
| -rw-r--r-- | apps/s_client.c | 6 |
2 files changed, 6 insertions, 7 deletions
diff --git a/apps/prime.c b/apps/prime.c index e00a3084a1..55cdad81a0 100644 --- a/apps/prime.c +++ b/apps/prime.c @@ -35,7 +35,7 @@ const OPTIONS prime_options[] = { int prime_main(int argc, char **argv) { BIGNUM *bn = NULL; - int hex = 0, checks = 20, generate = 0, bits = 0, safe = 0, ret = 1; + int hex = 0, generate = 0, bits = 0, safe = 0, ret = 1; char *prog; OPTION_CHOICE o; @@ -64,7 +64,8 @@ opthelp: safe = 1; break; case OPT_CHECKS: - checks = atoi(opt_arg()); + /* ignore parameter and argument */ + opt_arg(); break; } } @@ -121,7 +122,7 @@ opthelp: BN_print(bio_out, bn); BIO_printf(bio_out, " (%s) %s prime\n", argv[0], - BN_is_prime_ex(bn, checks, NULL, NULL) + BN_check_prime(bn, NULL, NULL) ? "is" : "is not"); } } diff --git a/apps/s_client.c b/apps/s_client.c index 016df7c657..392ab02234 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -272,8 +272,6 @@ typedef struct srp_arg_st { int strength; /* minimal size for N */ } SRP_ARG; -# define SRP_NUMBER_ITERATIONS_FOR_PRIME 64 - static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g) { BN_CTX *bn_ctx = BN_CTX_new(); @@ -281,10 +279,10 @@ static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g) BIGNUM *r = BN_new(); int ret = g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && - BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 && + BN_check_prime(N, bn_ctx, NULL) == 1 && p != NULL && BN_rshift1(p, N) && /* p = (N-1)/2 */ - BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 && + BN_check_prime(p, bn_ctx, NULL) == 1 && r != NULL && /* verify g^((N-1)/2) == -1 (mod N) */ BN_mod_exp(r, g, p, N, bn_ctx) && |