From 5289a806818bb8067a91ed55e7e1e46b338373d7 Mon Sep 17 00:00:00 2001 From: tb Date: Tue, 19 Jul 2022 16:19:19 +0000 Subject: [PATCH] Avoid unnecessary loops in BN_generate_prime_ex() Since there is nothing randomized in bn_is_prime_bpsw(), the concept of rounds makes no sense. Apply a minimal change for now that avoids expensive loops that won't change the outcome in case we found a probable prime. ok jsing --- lib/libcrypto/bn/bn_prime.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/libcrypto/bn/bn_prime.c b/lib/libcrypto/bn/bn_prime.c index 0b1d672fcf6..e9a7335861d 100644 --- a/lib/libcrypto/bn/bn_prime.c +++ b/lib/libcrypto/bn/bn_prime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_prime.c,v 1.21 2022/07/13 06:38:02 tb Exp $ */ +/* $OpenBSD: bn_prime.c,v 1.22 2022/07/19 16:19:19 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -116,6 +116,8 @@ #include "bn_lcl.h" +#define LIBRESSL_HAS_BPSW + /* NB: these functions have been "upgraded", the deprecated versions (which are * compatibility wrappers using these functions) are in bn_depr.c. * - Geoff @@ -166,7 +168,7 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, int found = 0; int i, j, c1 = 0; BN_CTX *ctx; - int checks; + int checks = 1; if (bits < 2 || (bits == 2 && safe)) { /* @@ -184,7 +186,9 @@ BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, if ((t = BN_CTX_get(ctx)) == NULL) goto err; +#ifndef LIBRESSL_HAS_BPSW checks = BN_prime_checks_for_size(bits); +#endif loop: /* make a random number and set the top and bottom bits */ @@ -255,8 +259,6 @@ BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb) return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb); } -#define LIBRESSL_HAS_BPSW - int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, int do_trial_division, BN_GENCB *cb) -- 2.20.1