1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[ruby/openssl] bn: use BN_check_prime() in OpenSSL::BN#prime{,_fasttest}?

Browse Source 
In OpenSSL 3.0, BN_is_prime_ex() and BN_is_prime_fasttest_ex() are
deprecated in favor of BN_check_prime().

https://github.com/ruby/openssl/commit/90d51ef510
This commit is contained in:
Kazuki Yamaguchi 2020-02-22 06:37:00 +09:00
parent fa24e7a57e
commit cfa4fa636e
2 changed files with 22 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ext/openssl/extconf.rb
View File

@ -175,6 +175,7 @@ have_func("SSL_set0_tmp_dh_pkey")
have_func("ERR_get_error_all") have_func("ERR_get_error_all")
have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h") have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")
have_func("SSL_CTX_load_verify_file") have_func("SSL_CTX_load_verify_file")
have_func("BN_check_prime")
Logging::message "=== Checking done. ===\n" Logging::message "=== Checking done. ===\n"

70
ext/openssl/ossl_bn.c
View File

@ -1118,34 +1118,29 @@ ossl_bn_hash(VALUE self)
* bn.prime? => true | false * bn.prime? => true | false
* bn.prime?(checks) => true | false * bn.prime?(checks) => true | false
* *
* Performs a Miller-Rabin probabilistic primality test with _checks_ * Performs a Miller-Rabin probabilistic primality test for +bn+.
* iterations. If _checks_ is not specified, a number of iterations is used
* that yields a false positive rate of at most 2^-80 for random input.
* *
* === Parameters * <b>+checks+ parameter is deprecated in version 3.0.</b> It has no effect.
* * _checks_ - integer
*/ */
static VALUE static VALUE
ossl_bn_is_prime(int argc, VALUE *argv, VALUE self) ossl_bn_is_prime(int argc, VALUE *argv, VALUE self)
{ {
BIGNUM *bn; BIGNUM *bn;
VALUE vchecks; int ret;
int checks = BN_prime_checks;
if (rb_scan_args(argc, argv, "01", &vchecks) == 1) { rb_check_arity(argc, 0, 1);
checks = NUM2INT(vchecks);
}
GetBN(self, bn); GetBN(self, bn);
switch (BN_is_prime_ex(bn, checks, ossl_bn_ctx, NULL)) {
case 1: #ifdef HAVE_BN_CHECK_PRIME
return Qtrue; ret = BN_check_prime(bn, ossl_bn_ctx, NULL);
case 0: if (ret < 0)
return Qfalse; ossl_raise(eBNError, "BN_check_prime");
default: #else
ossl_raise(eBNError, NULL); ret = BN_is_prime_fasttest_ex(bn, BN_prime_checks, ossl_bn_ctx, 1, NULL);
} if (ret < 0)
/* not reachable */ ossl_raise(eBNError, "BN_is_prime_fasttest_ex");
return Qnil; #endif
return ret ? Qtrue : Qfalse;
} }
/* /*
@ -1154,40 +1149,17 @@ ossl_bn_is_prime(int argc, VALUE *argv, VALUE self)
* bn.prime_fasttest?(checks) => true | false * bn.prime_fasttest?(checks) => true | false
* bn.prime_fasttest?(checks, trial_div) => true | false * bn.prime_fasttest?(checks, trial_div) => true | false
* *
* Performs a Miller-Rabin primality test. This is same as #prime? except this * Performs a Miller-Rabin probabilistic primality test for +bn+.
* first attempts trial divisions with some small primes.
* *
* === Parameters * <b>Deprecated in version 3.0.</b> Use #prime? instead.
* * _checks_ - integer *
* * _trial_div_ - boolean * +checks+ and +trial_div+ parameters no longer have any effect.
*/ */
static VALUE static VALUE
ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self) ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self)
{ {
BIGNUM *bn; rb_check_arity(argc, 0, 2);
VALUE vchecks, vtrivdiv; return ossl_bn_is_prime(0, argv, self);
int checks = BN_prime_checks, do_trial_division = 1;
rb_scan_args(argc, argv, "02", &vchecks, &vtrivdiv);
if (!NIL_P(vchecks)) {
checks = NUM2INT(vchecks);
}
GetBN(self, bn);
/* handle true/false */
if (vtrivdiv == Qfalse) {
do_trial_division = 0;
}
switch (BN_is_prime_fasttest_ex(bn, checks, ossl_bn_ctx, do_trial_division, NULL)) {
case 1:
return Qtrue;
case 0:
return Qfalse;
default:
ossl_raise(eBNError, NULL);
}
/* not reachable */
return Qnil;
} }
/* /*