Add BN_check_prime()

Add a new API to test for primes that can't be misused, deprecated the
old APIs.

Suggested by Jake Massimo and Kenneth Paterson

Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #9272

1 files changed, 4 insertions, 6 deletions

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 00feba3..67551e5 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -154,8 +154,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
                 goto err;
 
             /* step 4 */
-            r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
-                                        use_random_seed, cb);
+            r = BN_check_prime(q, ctx, cb);
             if (r > 0)
                 break;
             if (r != 0)
@@ -226,7 +225,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
             /* step 10 */
             if (BN_cmp(p, test) >= 0) {
                 /* step 11 */
-                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+                r = BN_check_prime(p, ctx, cb);
                 if (r > 0)
                     goto end;   /* found it */
                 if (r != 0)
@@ -425,8 +424,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
                 goto err;
 
             /* step 4 */
-            r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
-                                        seed_in ? 1 : 0, cb);
+            r = BN_check_prime(q, ctx, cb);
             if (r > 0)
                 break;
             if (r != 0)
@@ -506,7 +504,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
             /* step 10 */
             if (BN_cmp(p, test) >= 0) {
                 /* step 11 */
-                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+                r = BN_check_prime(p, ctx, cb);
                 if (r > 0)
                     goto end;   /* found it */
                 if (r != 0)