diff options
| author | Matt Caswell <matt@openssl.org> | 2019-07-04 15:41:17 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-07-15 11:03:44 +0100 |
| commit | 2934be91349b365f1350fe9c30e4263be653c0f6 (patch) | |
| tree | 926db8537c403e61baf0c228800fb88bcec37005 /doc | |
| parent | 753149d97f8474ff8745a66175b8e4a19fe50743 (diff) | |
Make sure all BIGNUM operations work within the FIPS provider
The FIPS provider does not have a default OPENSSL_CTX so, where
necessary, we need to ensure we can always access an explicit
OPENSSL_CTX. We remove functions from the FIPS provider that use
the default OPENSSL_CTX, and fixup some places which were using
those removed functions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9310)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/BN_generate_prime.pod | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index eb5d89a3dc..5de646d916 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -2,15 +2,19 @@ =head1 NAME -BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, -BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, -BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test -for primality +BN_generate_prime_ex2, BN_generate_prime_ex, BN_is_prime_ex, +BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, +BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, +BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality =head1 SYNOPSIS #include <openssl/bn.h> + int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, + BN_CTX *ctx); + int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb); @@ -50,9 +54,10 @@ L<openssl_user_macros(7)>: =head1 DESCRIPTION -BN_generate_prime_ex() generates a pseudo-random prime number of -at least bit length B<bits>. The returned number is probably prime -with a negligible error. +BN_generate_prime_ex2() generates a pseudo-random prime number of +at least bit length B<bits> using the BN_CTX provided in B<ctx>. The value of +B<ctx> must not be NULL. +The returned number is probably prime with a negligible error. If B<ret> is not B<NULL>, it will be used to store the number. @@ -94,6 +99,13 @@ that (p-1)/2 is also prime). The random generator must be seeded prior to calling BN_generate_prime_ex(). If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to external circumstances (see L<RAND(7)>), the operation will fail. +The random number generator configured for the OPENSSL_CTX associated with +B<ctx> will be used. + +BN_generate_prime_ex() is the same as BN_generate_prime_ex2() except that no +B<ctx> parameter is passed. +In this case the random number generator associated with the default OPENSSL_CTX +will be used. BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number B<p> is prime. The following tests are performed until one of them shows that |