diff options
-rw-r--r-- | CHANGES | 4 | ||||
-rwxr-xr-x | Configure | 35 | ||||
-rw-r--r-- | apps/speed.c | 157 | ||||
-rw-r--r-- | crypto/bn/bn_lcl.h | 5 | ||||
-rw-r--r-- | crypto/bn/bn_prime.c | 130 | ||||
-rw-r--r-- | crypto/bn/bntest.c | 38 | ||||
-rw-r--r-- | tools/primes.py | 21 |
7 files changed, 347 insertions, 43 deletions
@@ -4,6 +4,10 @@ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Experimental support for a new, fast, unbiased prime candidate generator, + bn_probable_prime_dh_coprime(). Not currently used by any prime generator. + [Felix Laurie von Massenbach <felix@erbridge.co.uk>] + *) New output format NSS in the sess_id command line tool. This allows exporting the session id and the master key in NSS keylog format. [Martin Kaiser <martin@kaiser.cx>] @@ -60,7 +60,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta # 386 generate 80386 code # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...) -# -<xxx> +<xxx> compiler options are passed through +# -<xxx> +<xxx> compiler options are passed through # # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items # provided to stack calls. Generates unique stack functions for @@ -101,7 +101,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta # AES_ASM ASE_[en|de]crypt is implemented in assembler # Minimum warning options... any contributions to OpenSSL should at least get -# past these. +# past these. my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; @@ -144,7 +144,7 @@ my $ppc32_asm=$ppc64_asm; my $no_asm=":::::::::::::::void"; # As for $BSDthreads. Idea is to maintain "collective" set of flags, -# which would cover all BSD flavors. -pthread applies to them all, +# which would cover all BSD flavors. -pthread applies to them all, # but is treated differently. OpenBSD expands is as -D_POSIX_THREAD # -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r, # which has to be accompanied by explicit -D_THREAD_SAFE and @@ -180,6 +180,7 @@ my %table=( "debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:$x86_64_asm:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-erbridge", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -224,7 +225,7 @@ my %table=( # compiler:-) # <appro@fy.chalmers.se> "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", - + #### Solaris x86 with Sun C setups "solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", @@ -249,7 +250,7 @@ my %table=( "solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SunOS configs, assuming sparc for the gcc one. #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", @@ -319,7 +320,7 @@ my %table=( "hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", # GCC builds... "hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", -"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", +"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", # Legacy HPUX 9.X configs... "hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -557,7 +558,7 @@ my %table=( # with itself, Applink is never engaged and can as well be omitted. "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", -# UWIN +# UWIN "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", # Cygwin @@ -636,7 +637,7 @@ my %table=( my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A debug-VC-WIN64I debug-VC-WIN64A VC-NT VC-CE VC-WIN32 debug-VC-WIN32 - BC-32 + BC-32 netware-clib netware-clib-bsdsock netware-libc netware-libc-bsdsock); @@ -836,7 +837,7 @@ PROCESS_ARGS: { $disabled{$1} = "option"; } - } + } } elsif (/^enable-(.+)$/ || /^experimental-(.+)$/) { @@ -1127,7 +1128,7 @@ foreach (sort (keys %disabled)) { $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n"; print " OPENSSL_NO_$ALGO"; - + if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; } elsif (/^asm$/) { $no_asm = 1; } } @@ -1395,7 +1396,7 @@ else # $thread_defines .= "#define $def\n"; # } # } - } + } $lflags="$libs$lflags" if ($libs ne ""); @@ -2014,8 +2015,8 @@ print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2; print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int; print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int; print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; -print "BF_PTR used\n" if $bf_ptr == 1; -print "BF_PTR2 used\n" if $bf_ptr == 2; +print "BF_PTR used\n" if $bf_ptr == 1; +print "BF_PTR2 used\n" if $bf_ptr == 2; if($IsMK1MF) { open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; @@ -2093,7 +2094,7 @@ BEGIN #if defined(FIPS) VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0" #endif - // Required: + // Required: VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" #if defined(FIPS) VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0" @@ -2129,7 +2130,7 @@ END EOF close(OUT); } - + print <<EOF; Configured for $target. @@ -2159,7 +2160,7 @@ generate a fipscanister.o object module for TESTING PURPOSES ONLY; that compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the OpenSSL FIPS Object Module as identified by the CMVP (http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS -140-2 validated software. +140-2 validated software. This is a test OpenSSL 2.0 FIPS module. @@ -2246,7 +2247,7 @@ sub print_table_entry my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag, my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags,my $multilib)= split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); - + print <<EOF *** $target diff --git a/apps/speed.c b/apps/speed.c index 92324186f4..619269bc69 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -74,9 +74,10 @@ #ifndef OPENSSL_NO_SPEED #undef SECONDS -#define SECONDS 3 -#define RSA_SECONDS 10 -#define DSA_SECONDS 10 +#define SECONDS 3 +#define PRIME_SECONDS 10 +#define RSA_SECONDS 10 +#define DSA_SECONDS 10 #define ECDSA_SECONDS 10 #define ECDH_SECONDS 10 @@ -191,6 +192,8 @@ #endif #include <openssl/modes.h> +#include "../crypto/bn/bn_lcl.h" + #ifndef HAVE_FORK # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE) # define HAVE_FORK 0 @@ -214,15 +217,18 @@ static int usertime=1; static double Time_F(int s); static void print_message(const char *s,long num,int length); +static void prime_print_message(const char *s, long num); static void pkey_print_message(const char *str, const char *str2, long num, int bits, int sec); static void print_result(int alg,int run_no,int count,double time_used); +static void prime_print_result(int alg, int count, double time_used); #ifndef NO_FORK static int do_multi(int multi); #endif #define ALGOR_NUM 30 #define SIZE_NUM 5 +#define PRIME_NUM 3 #define RSA_NUM 4 #define DSA_NUM 3 @@ -239,6 +245,8 @@ static const char *names[ALGOR_NUM]={ "aes-128 ige","aes-192 ige","aes-256 ige","ghash" }; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; +static const char *prime_names[PRIME_NUM]={ + "prime trial division", "prime trial division retry", "prime coprime" }; #ifndef OPENSSL_NO_RSA static double rsa_results[RSA_NUM][2]; #endif @@ -492,6 +500,12 @@ int MAIN(int argc, char **argv) #define D_GHASH 29 double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; + +#define D_PRIME_TRIAL_DIVISION 0 +#define D_PRIME_TRIAL_DIVISION_RETRY 1 +#define D_PRIME_COPRIME 2 + long prime_c[PRIME_NUM]; + #define R_DSA_512 0 #define R_DSA_1024 1 #define R_DSA_2048 2 @@ -605,6 +619,7 @@ int MAIN(int argc, char **argv) long ecdh_c[EC_NUM][2]; #endif + int prime_doit[PRIME_NUM]; int rsa_doit[RSA_NUM]; int dsa_doit[DSA_NUM]; #ifndef OPENSSL_NO_ECDSA @@ -685,6 +700,8 @@ int MAIN(int argc, char **argv) for (i=0; i<EC_NUM; i++) ecdh_doit[i]=0; #endif + for (i=0; i<PRIME_NUM; i++) + prime_doit[i]=0; j=0; @@ -974,7 +991,7 @@ int MAIN(int argc, char **argv) else #endif #ifndef OPENSSL_NO_ECDH - if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2; + if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2; else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2; else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2; else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2; @@ -997,6 +1014,18 @@ int MAIN(int argc, char **argv) } else #endif + if (strcmp(*argv,"prime-trial-division") == 0) + prime_doit[D_PRIME_TRIAL_DIVISION] = 1; + else if (strcmp(*argv,"prime-trial-division-retry") == 0) + prime_doit[D_PRIME_TRIAL_DIVISION_RETRY] = 1; + else if (strcmp(*argv,"prime-coprime") == 0) + prime_doit[D_PRIME_COPRIME] = 1; + else if (strcmp(*argv,"prime") == 0) + { + for (i=0; i < PRIME_NUM; i++) + prime_doit[i]=1; + } + else { BIO_printf(bio_err,"Error: bad option or value\n"); BIO_printf(bio_err,"\n"); @@ -1123,6 +1152,7 @@ int MAIN(int argc, char **argv) !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA) BIO_printf(bio_err,"\n"); #endif + BIO_printf(bio_err,"prime-trial-division prime-coprime\n"); BIO_printf(bio_err,"\n"); BIO_printf(bio_err,"Available options:\n"); @@ -1293,23 +1323,24 @@ int MAIN(int argc, char **argv) for (i=1; i<SIZE_NUM; i++) { - c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i]; - c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i]; - c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i]; - c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i]; - c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i]; - c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i]; - c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i]; - c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i]; - c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i]; - c[D_WHIRLPOOL][i]=c[D_WHIRLPOOL][0]*4*lengths[0]/lengths[i]; - } - for (i=1; i<SIZE_NUM; i++) - { long l0,l1; - l0=(long)lengths[i-1]; + l0=(long)lengths[0]; l1=(long)lengths[i]; + + c[D_MD2][i]=c[D_MD2][0]*4*l0/l1; + c[D_MDC2][i]=c[D_MDC2][0]*4*l0/l1; + c[D_MD4][i]=c[D_MD4][0]*4*l0/l1; + c[D_MD5][i]=c[D_MD5][0]*4*l0/l1; + c[D_HMAC][i]=c[D_HMAC][0]*4*l0/l1; + c[D_SHA1][i]=c[D_SHA1][0]*4*l0/l1; + c[D_RMD160][i]=c[D_RMD160][0]*4*l0/l1; + c[D_SHA256][i]=c[D_SHA256][0]*4*l0/l1; + c[D_SHA512][i]=c[D_SHA512][0]*4*l0/l1; + c[D_WHIRLPOOL][i]=c[D_WHIRLPOOL][0]*4*l0/l1; + + l0=(long)lengths[i-1]; + c[D_RC4][i]=c[D_RC4][i-1]*l0/l1; c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1; c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1; @@ -1329,6 +1360,11 @@ int MAIN(int argc, char **argv) c[D_IGE_192_AES][i]=c[D_IGE_192_AES][i-1]*l0/l1; c[D_IGE_256_AES][i]=c[D_IGE_256_AES][i-1]*l0/l1; } + + prime_c[D_PRIME_TRIAL_DIVISION]=count; + prime_c[D_PRIME_TRIAL_DIVISION_RETRY]=count; + prime_c[D_PRIME_COPRIME]=count; + #ifndef OPENSSL_NO_RSA rsa_c[R_RSA_512][0]=count/2000; rsa_c[R_RSA_512][1]=count/400; @@ -1995,6 +2031,66 @@ int MAIN(int argc, char **argv) print_result(D_EVP,j,count,d); } } + + if (prime_doit[D_PRIME_TRIAL_DIVISION]) + { + BIGNUM *rnd = BN_new(); + BIGNUM *add = BN_new(); + BN_CTX *ctx = BN_CTX_new(); + + BN_set_word(add, 2); + prime_print_message(prime_names[D_PRIME_TRIAL_DIVISION], + prime_c[D_PRIME_TRIAL_DIVISION]); + + Time_F(START); + for (count=0, run=1; COND(prime_c[D_PRIME_TRIAL_DIVISION]); count++) + if (!bn_probable_prime_dh(rnd, 1024, add, NULL, ctx)) count--; + + d=Time_F(STOP); + prime_print_result(D_PRIME_TRIAL_DIVISION, count, d); + + BN_CTX_free(ctx); + BN_free(add); + BN_free(rnd); + } + + if (prime_doit[D_PRIME_TRIAL_DIVISION_RETRY]) + { + BIGNUM *rnd = BN_new(); + BN_CTX *ctx = BN_CTX_new(); + + prime_print_message(prime_names[D_PRIME_TRIAL_DIVISION_RETRY], + prime_c[D_PRIME_TRIAL_DIVISION_RETRY]); + + Time_F(START); + for (count=0, run=1; COND(prime_c[D_PRIME_TRIAL_DIVISION_RETRY]); count++) + if (!bn_probable_prime_dh_retry(rnd, 1024, ctx)) count--; + + d=Time_F(STOP); + prime_print_result(D_PRIME_TRIAL_DIVISION_RETRY, count, d); + + BN_CTX_free(ctx); + BN_free(rnd); + } + + if (prime_doit[D_PRIME_COPRIME]) + { + BIGNUM *rnd = BN_new(); + BN_CTX *ctx = BN_CTX_new(); + + prime_print_message(prime_names[D_PRIME_COPRIME], + prime_c[D_PRIME_COPRIME]); + + Time_F(START); + for (count=0, run=1; COND(prime_c[D_PRIME_COPRIME]); count++) + if (!bn_probable_prime_dh_coprime(rnd, 1024, ctx)) count--; + + d=Time_F(STOP); + prime_print_result(D_PRIME_COPRIME, count, d); + + BN_CTX_free(ctx); + BN_free(rnd); + } RAND_pseudo_bytes(buf,36); #ifndef OPENSSL_NO_RSA @@ -2586,6 +2682,23 @@ static void print_message(const char *s, long num, int length) #endif } +static void prime_print_message(const char *s, long num) + { +#ifdef SIGALRM + BIO_printf(bio_err,mr ? "+DT:%s:%d\n" + : "Doing %s for %ds: ", s, PRIME_SECONDS); + (void)BIO_flush(bio_err); + alarm(PRIME_SECONDS); +#else + BIO_printf(bio_err,mr ? "+DN:%s:%ld\n" + : "Doing %s %ld times: ", s, num); + (void)BIO_flush(bio_err); +#endif +#ifdef LINT + num=num; +#endif + } + static void pkey_print_message(const char *str, const char *str2, long num, int bits, int tm) { @@ -2611,6 +2724,14 @@ static void print_result(int alg,int run_no,int count,double time_used) results[alg][run_no]=((double)count)/time_used*lengths[run_no]; } +static void prime_print_result(int alg, int count, double time_used) + { + BIO_printf(bio_err, + mr ? "+R:%d:%s:%f:%f\n" : "%d %s's in %.2fs (%.2f microseconds / run)\n", + count, prime_names[alg], time_used, + time_used / ((double)count) * 1000000); + } + #ifndef NO_FORK static char *sstrsep(char **string, const char *delim) { diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 90787e576e..3de1d4cde1 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -534,6 +534,11 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_U BIGNUM *int_bn_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, int *noinv); +int bn_probable_prime_dh(BIGNUM *rnd, int bits, + const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); +int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx); +int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx); + #ifdef __cplusplus } #endif diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 339dbec570..2d66b61f04 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -129,11 +129,54 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); static int probable_prime(BIGNUM *rnd, int bits); -static int probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); +static const int prime_offsets[480] = { + 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, + 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, + 167, 169, 173, 179, 181, 191, 193, 197, 199, 211, 221, 223, 227, 229, + 233, 239, 241, 247, 251, 257, 263, 269, 271, 277, 281, 283, 289, 293, + 299, 307, 311, 313, 317, 323, 331, 337, 347, 349, 353, 359, 361, 367, + 373, 377, 379, 383, 389, 391, 397, 401, 403, 409, 419, 421, 431, 433, + 437, 439, 443, 449, 457, 461, 463, 467, 479, 481, 487, 491, 493, 499, + 503, 509, 521, 523, 527, 529, 533, 541, 547, 551, 557, 559, 563, 569, + 571, 577, 587, 589, 593, 599, 601, 607, 611, 613, 617, 619, 629, 631, + 641, 643, 647, 653, 659, 661, 667, 673, 677, 683, 689, 691, 697, 701, + 703, 709, 713, 719, 727, 731, 733, 739, 743, 751, 757, 761, 767, 769, + 773, 779, 787, 793, 797, 799, 809, 811, 817, 821, 823, 827, 829, 839, + 841, 851, 853, 857, 859, 863, 871, 877, 881, 883, 887, 893, 899, 901, + 907, 911, 919, 923, 929, 937, 941, 943, 947, 949, 953, 961, 967, 971, + 977, 983, 989, 991, 997, 1003, 1007, 1009, 1013, 1019, 1021, 1027, 1031, + 1033, 1037, 1039, 1049, 1051, 1061, 1063, 1069, 1073, 1079, 1081, 1087, + 1091, 1093, 1097, 1103, 1109, 1117, 1121, 1123, 1129, 1139, 1147, 1151, + 1153, 1157, 1159, 1163, 1171, 1181, 1187, 1189, 1193, 1201, 1207, 1213, + 1217, 1219, 1223, 1229, 1231, 1237, 1241, 1247, 1249, 1259, 1261, 1271, + 1273, 1277, 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, 1313, 1319, + 1321, 1327, 1333, 1339, 1343, 1349, 1357, 1361, 1363, 1367, 1369, 1373, + 1381, 1387, 1391, 1399, 1403, 1409, 1411, 1417, 1423, 1427, 1429, 1433, + 1439, 1447, 1451, 1453, 1457, 1459, 1469, 1471, 1481, 1483, 1487, 1489, + 1493, 1499, 1501, 1511, 1513, 1517, 1523, 1531, 1537, 1541, 1543, 1549, + 1553, 1559, 1567, 1571, 1577, 1579, 1583, 1591, 1597, 1601, 1607, 1609, + 1613, 1619, 1621, 1627, 1633, 1637, 1643, 1649, 1651, 1657, 1663, 1667, + 1669, 1679, 1681, 1691, 1693, 1697, 1699, 1703, 1709, 1711, 1717, 1721, + 1723, 1733, 1739, 1741, 1747, 1751, 1753, 1759, 1763, 1769, 1777, 1781, + 1783, 1787, 1789, 1801, 1807, 1811, 1817, 1819, 1823, 1829, 1831, 1843, + 1847, 1849, 1853, 1861, 1867, 1871, 1873, 1877, 1879, 1889, 1891, 1901, + 1907, 1909, 1913, 1919, 1921, 1927, 1931, 1933, 1937, 1943, 1949, 1951, + 1957, 1961, 1963, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017, + 2021, 2027, 2029, 2033, 2039, 2041, 2047, 2053, 2059, 2063, 2069, 2071, + 2077, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2117, 2119, 2129, 2131, + 2137, 2141, 2143, 2147, 2153, 2159, 2161, 2171, 2173, 2179, 2183, 2197, + 2201, 2203, 2207, 2209, 2213, 2221, 2227, 2231, 2237, 2239, 2243, 2249, + 2251, 2257, 2263, 2267, 2269, 2273, 2279, 2281, 2287, 2291, 2293, 2297, + 2309, 2311 }; +static const int prime_offset_count = 480; +static const int prime_multiplier = 2310; +static const int prime_multiplier_bits = 11; /* 2^|prime_multiplier_bits| + <= |prime_multiplier| */ +static const int first_prime_index = 5; + int BN_GENCB_call(BN_GENCB *cb, int a, int b) { /* No callback means continue */ @@ -198,7 +241,7 @@ loop: } else { - if (!probable_prime_dh(ret,bits,add,rem,ctx)) + if (!bn_probable_prime_dh(ret,bits,add,rem,ctx)) goto err; } } @@ -362,6 +405,73 @@ err: return(ret); } +int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx) + { + int i; + int ret = 0; + +loop: + if (!BN_rand(rnd, bits, 0, 1)) goto err; + + /* we now have a random number 'rand' to test. */ + + for (i = 1; i < NUMPRIMES; i++) + { + /* check that rnd is a prime */ + if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) + { + goto loop; + } + } + ret=1; + +err: + bn_check_top(rnd); + return(ret); + } + +int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx) + { + int i; + BIGNUM *offset_index; + BIGNUM *offset_count; + int ret = 0; + + OPENSSL_assert(bits > prime_multiplier_bits); + + BN_CTX_start(ctx); + if ((offset_index = BN_CTX_get(ctx)) == NULL) goto err; + if ((offset_count = BN_CTX_get(ctx)) == NULL) goto err; + + BN_add_word(offset_count, prime_offset_count); + +loop: + if (!BN_rand(rnd, bits - prime_multiplier_bits, 0, 1)) goto err; + if (BN_is_bit_set(rnd, bits)) goto loop; + if (!BN_rand_range(offset_index, offset_count)) goto err; + + BN_mul_word(rnd, prime_multiplier); + BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)]); + + /* we now have a random number 'rand' to test. */ + + /* skip coprimes */ + for (i = first_prime_index; i < NUMPRIMES; i++) + { + /* check that rnd is a prime */ + if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) + { + goto loop; + } + } + ret = 1; + +err: + BN_CTX_end(ctx); + bn_check_top(rnd); + return ret; + } + static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont) { @@ -409,7 +519,7 @@ again: maxdelta = size_limit; } delta=0; - loop: +loop: if (is_single_word) { BN_ULONG rnd_word = BN_get_word(rnd); @@ -454,7 +564,7 @@ again: return(1); } -static int probable_prime_dh(BIGNUM *rnd, int bits, +int bn_probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) { int i,ret=0; @@ -476,7 +586,8 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, /* we now have a random number 'rand' to test. */ - loop: for (i=1; i<NUMPRIMES; i++) +loop: + for (i=1; i<NUMPRIMES; i++) { /* check that rnd is a prime */ if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1) @@ -486,6 +597,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, } } ret=1; + err: BN_CTX_end(ctx); bn_check_top(rnd); @@ -524,12 +636,13 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, if (!BN_lshift1(p,q)) goto err; if (!BN_add_word(p,1)) goto err; - loop: for (i=1; i<NUMPRIMES; i++) +loop: + for (i=1; i<NUMPRIMES; i++) { /* check that p and q are prime */ /* check that for p and q * gcd(p-1,primes) == 1 (except for 2) */ - if ( (BN_mod_word(p,(BN_ULONG)primes[i]) == 0) || + if ((BN_mod_word(p,(BN_ULONG)primes[i]) == 0) || (BN_mod_word(q,(BN_ULONG)primes[i]) == 0)) { if (!BN_add(p,p,padd)) goto err; @@ -538,6 +651,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, } } ret=1; + err: BN_CTX_end(ctx); bn_check_top(p); diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index d22c2d43d6..697d77a370 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -87,6 +87,8 @@ #include <openssl/x509.h> #include <openssl/err.h> +#include "../crypto/bn/bn_lcl.h" + const int num0 = 100; /* number of tests */ const int num1 = 50; /* additional tests for some functions */ const int num2 = 5; /* number of tests for slow functions */ @@ -121,6 +123,7 @@ int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx); int test_kron(BIO *bp,BN_CTX *ctx); int test_sqrt(BIO *bp,BN_CTX *ctx); int test_small_prime(BIO *bp,BN_CTX *ctx); +int test_probable_prime_coprime(BIO *bp,BN_CTX *ctx); int rand_neg(void); static int results=0; @@ -270,6 +273,10 @@ int main(int argc, char *argv[]) if (!test_small_prime(out,ctx)) goto err; (void)BIO_flush(out); + message(out,"Probable prime generation with coprimes"); + if (!test_probable_prime_coprime(out,ctx)) goto err; + (void)BIO_flush(out); + #ifndef OPENSSL_NO_EC2M message(out,"BN_GF2m_add"); if (!test_gf2m_add(out)) goto err; @@ -1923,6 +1930,37 @@ err: return ret; } +int test_probable_prime_coprime(BIO *bp, BN_CTX *ctx) + { + int i, j, ret = 0; + BIGNUM r; + BN_ULONG primes[5] = { 2, 3, 5, 7, 11 }; + + BN_init(&r); + + for (i = 0; i < 1000; i++) + { + if (!bn_probable_prime_dh_coprime(&r, 1024, ctx)) goto err; + + for (j = 0; j < 5; j++) + { + if (BN_mod_word(&r, primes[j]) == 0) + { + BIO_printf(bp, "Number generated is not coprime to %ld:\n", primes[j]); + BN_print_fp(stdout, &r); + BIO_printf(bp, "\n"); + goto err; + } + } + } + + ret = 1; + +err: + BN_clear(&r); + return ret; + } + int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_) { BIGNUM *a,*b,*c,*d; diff --git a/tools/primes.py b/tools/primes.py new file mode 100644 index 0000000000..61de99f000 --- /dev/null +++ b/tools/primes.py @@ -0,0 +1,21 @@ +primes = [2, 3, 5, 7, 11] +safe = False # Not sure if the period's right on safe primes. + +muliplier = 1 if not safe else 2 +for p in primes: + muliplier *= p + +offsets = [] +for x in range(3, muliplier + 3, 2): + prime = True + for p in primes: + if not x % p or (safe and not ((x - 1) / 2) % p): + prime = False + break + + if prime: + offsets.append(x) + +print(offsets) +print(len(offsets)) +print(muliplier) |