Commit 38e33cef authored by Ulf Möller's avatar Ulf Möller
Browse files

Document DSA and SHA. 

New function BN_pseudo_rand().
Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
generating DSA primes (why not use BN_is_prime()?)
parent 0c235249

CHANGES

+8 −1
Original line number Diff line number Diff line
@@ -2,7 +2,14 @@ 
 OpenSSL CHANGES

 _______________



 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

 Changes between 0.9.4 and 0.9.5  [xx XXX 2000]



  *) Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when

     generating DSA primes.

     [Ulf Möller]



  *) New function BN_pseudo_rand().

     [Ulf Möller]



  *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)

     bignum version of BN_from_montgomery() with the working code from

crypto/bn/bn.h

+19 −0
Original line number Diff line number Diff line
@@ -286,6 +286,25 @@ typedef struct bn_recp_ctx_st 
#define BN_prime_checks 0 /* default: select number of iterations

			     based on the size of the number */





/* number of Miller-Rabin iterations for an error rate  of less than 2^-80

 * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook

 * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];

 * original paper: Damgaard, Landrock, Pomerance: Average case error estimates

 * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */

#define BN_prime_checks_size(b) ((b) >= 1300 ?  2 : \

                                (b) >=  850 ?  3 : \

                                (b) >=  650 ?  4 : \

                                (b) >=  550 ?  5 : \

                                (b) >=  450 ?  6 : \

                                (b) >=  400 ?  7 : \

                                (b) >=  350 ?  8 : \

                                (b) >=  300 ?  9 : \

                                (b) >=  250 ? 12 : \

                                (b) >=  200 ? 15 : \

                                (b) >=  150 ? 18 : \

                                /* b >= 100 */ 27)



#define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)

#define BN_is_word(a,w)	(((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))

#define BN_is_zero(a)	(((a)->top == 0) || BN_is_word(a,0))

crypto/bn/bn_prime.c

+1 −19
Original line number Diff line number Diff line
@@ -68,24 +68,6 @@ 
 */

#include "bn_prime.h"



/* number of Miller-Rabin iterations for an error rate  of less than 2^-80

 * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook

 * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];

 * original paper: Damgaard, Landrock, Pomerance: Average case error estimates

 * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */

#define BN_prime_checks_size(b) ((b) >= 1300 ?  2 : \

                                (b) >=  850 ?  3 : \

                                (b) >=  650 ?  4 : \

                                (b) >=  550 ?  5 : \

                                (b) >=  450 ?  6 : \

                                (b) >=  400 ?  7 : \

                                (b) >=  350 ?  8 : \

                                (b) >=  300 ?  9 : \

                                (b) >=  250 ? 12 : \

                                (b) >=  200 ? 15 : \

                                (b) >=  150 ? 18 : \

                                /* b >= 100 */ 27)



static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2,

	BN_MONT_CTX *mont);

static int probable_prime(BIGNUM *rnd, int bits);
@@ -203,7 +185,7 @@ int BN_is_prime(BIGNUM *a, int checks, void (*callback)(int,int,void *), 


	for (i=0; i<checks; i++)

		{

		if (!BN_rand(check,BN_num_bits(a)-1,0,0)) goto err;

		if (!BN_pseudo_rand(check,BN_num_bits(a)-1,0,0)) goto err;

		j=witness(check,a,ctx,ctx2,mont);

		if (j == -1) goto err;

		if (j)

crypto/bn/bn_rand.c

+21 −3
Original line number Diff line number Diff line
@@ -62,7 +62,7 @@ 
#include "bn_lcl.h"

#include <openssl/rand.h>



int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)

static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)

	{

	unsigned char *buf=NULL;

	int ret=0,bit,bytes,mask;
@@ -83,8 +83,17 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) 
	time(&tim);

	RAND_add(&tim,sizeof(tim),0);



	if (RAND_bytes(buf,(int)bytes) <= 0)

	if (pseudorand)

		{

		if (RAND_pseudo_bytes(buf, bytes) == -1)

			goto err;

		}

	else

		{

		if (RAND_bytes(buf, bytes) <= 0)

			goto err;

		}



	if (top)

		{

		if (bit == 0)
@@ -116,3 +125,12 @@ err: 
	return(ret);

	}



int     BN_rand(BIGNUM *rnd, int bits, int top, int bottom)

	{

	return bnrand(1, rnd, bits, top, bottom);

	}



int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)

	{

	return bnrand(0, rnd, bits, top, bottom);

	}

crypto/dsa/dsa.h

+2 −2
Original line number Diff line number Diff line
@@ -182,7 +182,7 @@ DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); 
DSA * 	d2i_DSAparams(DSA **a, unsigned char **pp, long length);

DSA *	DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,

		int *counter_ret, unsigned long *h_ret,void

		(*callback)(),char *cb_arg);

		(*callback)(),void *cb_arg);

int	DSA_generate_key(DSA *a);

int	i2d_DSAPublicKey(DSA *a, unsigned char **pp);

int 	i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
@@ -197,7 +197,7 @@ int DSAparams_print_fp(FILE *fp, DSA *x); 
int	DSA_print_fp(FILE *bp, DSA *x, int off);

#endif



int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg);

int DSA_is_prime(BIGNUM *q,void (*callback)(),void *cb_arg);



#ifndef NO_DH

/* Convert DSA structure (key or just parameters) into DH structure