diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2019-10-06 17:21:16 +0200 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2019-10-14 22:54:02 +0200 |
commit | 42619397eb5db1a77d077250b0841b9c9f2b8984 (patch) | |
tree | d8afd9cabeedfe4cade8580206ed323bd6f4b9d0 /crypto/dh | |
parent | 6c4ae41f1ca857254fc9e27edead81ff2fd3f3fe (diff) | |
download | openssl-42619397eb5db1a77d077250b0841b9c9f2b8984.zip openssl-42619397eb5db1a77d077250b0841b9c9f2b8984.tar.gz openssl-42619397eb5db1a77d077250b0841b9c9f2b8984.tar.bz2 |
Add BN_check_prime()
Add a new API to test for primes that can't be misused, deprecated the
old APIs.
Suggested by Jake Massimo and Kenneth Paterson
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #9272
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh_check.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 45c699b..70f0836 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -12,8 +12,6 @@ #include <openssl/bn.h> #include "dh_local.h" -# define DH_NUMBER_ITERATIONS_FOR_PRIME 64 - /*- * Check that p and g are suitable enough * @@ -137,7 +135,7 @@ int DH_check(const DH *dh, int *ret) if (!BN_is_one(t1)) *ret |= DH_NOT_SUITABLE_GENERATOR; } - r = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL); + r = BN_check_prime(dh->q, ctx, NULL); if (r < 0) goto err; if (!r) @@ -151,7 +149,7 @@ int DH_check(const DH *dh, int *ret) *ret |= DH_CHECK_INVALID_J_VALUE; } - r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL); + r = BN_check_prime(dh->p, ctx, NULL); if (r < 0) goto err; if (!r) @@ -159,7 +157,7 @@ int DH_check(const DH *dh, int *ret) else if (!dh->q) { if (!BN_rshift1(t1, dh->p)) goto err; - r = BN_is_prime_ex(t1, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL); + r = BN_check_prime(t1, ctx, NULL); if (r < 0) goto err; if (!r) |