diff options
author | Bodo Möller <bodo@openssl.org> | 2001-09-03 12:58:16 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2001-09-03 12:58:16 +0000 |
commit | 983495c4b215b7418dc3470fa8bc9c919c09c683 (patch) | |
tree | 1f22a7ae4ac1c0f6d82eb0e7745c3371f14df091 /crypto | |
parent | 931a23a5a55d153db9a0a76ee27e28af90be86e6 (diff) |
Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/bn/bn.h | 1 | ||||
-rw-r--r-- | crypto/bn/bn_prime.c | 10 | ||||
-rw-r--r-- | crypto/bn/bn_rand.c | 71 |
3 files changed, 74 insertions, 8 deletions
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 7e4234339b..573666769f 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -321,6 +321,7 @@ void BN_CTX_end(BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); int BN_rand_range(BIGNUM *rnd, BIGNUM *range); +int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG); BIGNUM *BN_new(void); diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index b75e58c6ae..5bfc0b682b 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -226,12 +226,15 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, BN_MONT_CTX *mont = NULL; const BIGNUM *A = NULL; + if (BN_cmp(a, BN_value_one) <= 0) + return 0; + if (checks == BN_prime_checks) checks = BN_prime_checks_for_size(BN_num_bits(a)); /* first look for small factors */ if (!BN_is_odd(a)) - return(0); + return 0; if (do_trial_division) { for (i = 1; i < NUMPRIMES; i++) @@ -290,11 +293,8 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, for (i = 0; i < checks; i++) { - if (!BN_pseudo_rand(check, BN_num_bits(A1), 0, 0)) + if (!BN_pseudo_rand_range(check, A1)) goto err; - if (BN_cmp(check, A1) >= 0) - if (!BN_sub(check, check, A1)) - goto err; if (!BN_add_word(check, 1)) goto err; /* now 1 <= check < A */ diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index fb583fb358..b9ce9e5d3f 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include <stdio.h> #include <time.h> @@ -173,8 +226,9 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) /* random number r: 0 <= r < range */ -int BN_rand_range(BIGNUM *r, BIGNUM *range) +static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) { + int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand; int n; if (range->neg || BN_is_zero(range)) @@ -194,7 +248,7 @@ int BN_rand_range(BIGNUM *r, BIGNUM *range) do { /* range = 11..._2, so each iteration succeeds with probability >= .75 */ - if (!BN_rand(r, n, -1, 0)) return 0; + if (!bn_rand(r, n, -1, 0)) return 0; } while (BN_cmp(r, range) >= 0); } @@ -204,7 +258,7 @@ int BN_rand_range(BIGNUM *r, BIGNUM *range) * so 3*range (= 11..._2) is exactly one bit longer than range */ do { - if (!BN_rand(r, n + 1, -1, 0)) return 0; + if (!bn_rand(r, n + 1, -1, 0)) return 0; /* If r < 3*range, use r := r MOD range * (which is either r, r - range, or r - 2*range). * Otherwise, iterate once more. @@ -222,3 +276,14 @@ int BN_rand_range(BIGNUM *r, BIGNUM *range) return 1; } + + +int BN_rand_range(BIGNUM *r, BIGNUM *range) + { + return bn_rand_range(0, r, range); + } + +int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range) + { + return bn_rand_range(1, r, range); + } |