/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
/* There are no prime numbers this small. */
BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
return 0;
- } else if (bits == 2 && safe) {
- /* The smallest safe prime (7) is three bits. */
+ } else if (add == NULL && safe && bits < 6 && bits != 3) {
+ /*
+ * The smallest safe prime (7) is three bits.
+ * But the following two safe primes with less than 6 bits (11, 23)
+ * are unreachable for BN_rand with BN_RAND_TOP_TWO.
+ */
BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
return 0;
}
found = 1;
err:
OPENSSL_free(mods);
- if (ctx != NULL)
- BN_CTX_end(ctx);
+ BN_CTX_end(ctx);
BN_CTX_free(ctx);
bn_check_top(ret);
return found;
int i, j, ret = -1;
int k;
BN_CTX *ctx = NULL;
- BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
+ BIGNUM *A1, *A1_odd, *A3, *check; /* taken from ctx */
BN_MONT_CTX *mont = NULL;
- if (BN_cmp(a, BN_value_one()) <= 0)
+ /* Take care of the really small primes 2 & 3 */
+ if (BN_is_word(a, 2) || BN_is_word(a, 3))
+ return 1;
+
+ /* Check odd and bigger than 1 */
+ if (!BN_is_odd(a) || BN_cmp(a, BN_value_one()) <= 0)
return 0;
if (checks == BN_prime_checks)
checks = BN_prime_checks_for_size(BN_num_bits(a));
/* first look for small factors */
- if (!BN_is_odd(a))
- /* a is even => a is prime if and only if a == 2 */
- return BN_is_word(a, 2);
if (do_trial_division) {
for (i = 1; i < NUMPRIMES; i++) {
BN_ULONG mod = BN_mod_word(a, primes[i]);
BN_CTX_start(ctx);
A1 = BN_CTX_get(ctx);
+ A3 = BN_CTX_get(ctx);
A1_odd = BN_CTX_get(ctx);
check = BN_CTX_get(ctx);
if (check == NULL)
goto err;
/* compute A1 := a - 1 */
- if (!BN_copy(A1, a))
- goto err;
- if (!BN_sub_word(A1, 1))
+ if (!BN_copy(A1, a) || !BN_sub_word(A1, 1))
goto err;
- if (BN_is_zero(A1)) {
- ret = 0;
+ /* compute A3 := a - 3 */
+ if (!BN_copy(A3, a) || !BN_sub_word(A3, 3))
goto err;
- }
/* write A1 as A1_odd * 2^k */
k = 1;
goto err;
for (i = 0; i < checks; i++) {
- if (!BN_priv_rand_range(check, A1))
- goto err;
- if (!BN_add_word(check, 1))
+ /* 1 < check < a-1 */
+ if (!BN_priv_rand_range(check, A3) || !BN_add_word(check, 2))
goto err;
- /* now 1 <= check < a */
j = witness(check, a, A1, A1_odd, k, ctx, mont);
if (j == -1)