summaryrefslogtreecommitdiff
path: root/src/include/openssl/bn.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/openssl/bn.h')
-rw-r--r--src/include/openssl/bn.h27
1 files changed, 17 insertions, 10 deletions
diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h
index 0a844ed3..16180221 100644
--- a/src/include/openssl/bn.h
+++ b/src/include/openssl/bn.h
@@ -701,12 +701,15 @@ enum bn_primality_result_t {
// Miller-Rabin tests primality for odd integers greater than 3, returning
// |bn_probably_prime| if the number is probably prime,
// |bn_non_prime_power_composite| if the number is a composite that is not the
-// power of a single prime, and |bn_composite| otherwise. If |iterations| is
-// |BN_prime_checks|, then a value that results in a false positive rate lower
-// than the number-field sieve security level of |w| is used. It returns one on
+// power of a single prime, and |bn_composite| otherwise. It returns one on
// success and zero on failure. If |cb| is not NULL, then it is called during
// each iteration of the primality test.
-int BN_enhanced_miller_rabin_primality_test(
+//
+// If |iterations| is |BN_prime_checks|, then a value that results in a false
+// positive rate lower than the number-field sieve security level of |w| is
+// used, provided |w| was generated randomly. |BN_prime_checks| is not suitable
+// for inputs potentially crafted by an adversary.
+OPENSSL_EXPORT int BN_enhanced_miller_rabin_primality_test(
enum bn_primality_result_t *out_result, const BIGNUM *w, int iterations,
BN_CTX *ctx, BN_GENCB *cb);
@@ -718,13 +721,14 @@ int BN_enhanced_miller_rabin_primality_test(
// list of small primes before Miller-Rabin tests. The probability of this
// function returning a false positive is 2^{2*checks}. If |checks| is
// |BN_prime_checks| then a value that results in a false positive rate lower
-// than the number-field sieve security level of |candidate| is used. If |cb| is
-// not NULL then it is called during the checking process. See the comment above
-// |BN_GENCB|.
+// than the number-field sieve security level of |candidate| is used, provided
+// |candidate| was generated randomly. |BN_prime_checks| is not suitable for
+// inputs potentially crafted by an adversary.
//
-// The function returns one on success and zero on error.
+// If |cb| is not NULL then it is called during the checking process. See the
+// comment above |BN_GENCB|.
//
-// (If you are unsure whether you want |do_trial_division|, don't set it.)
+// The function returns one on success and zero on error.
OPENSSL_EXPORT int BN_primality_test(int *is_probably_prime,
const BIGNUM *candidate, int checks,
BN_CTX *ctx, int do_trial_division,
@@ -737,7 +741,10 @@ OPENSSL_EXPORT int BN_primality_test(int *is_probably_prime,
// list of small primes before Miller-Rabin tests. The probability of this
// function returning one when |candidate| is composite is 2^{2*checks}. If
// |checks| is |BN_prime_checks| then a value that results in a false positive
-// rate lower than the number-field sieve security level of |candidate| is used.
+// rate lower than the number-field sieve security level of |candidate| is used,
+// provided |candidate| was generated randomly. |BN_prime_checks| is not
+// suitable for inputs potentially crafted by an adversary.
+//
// If |cb| is not NULL then it is called during the checking process. See the
// comment above |BN_GENCB|.
//
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-26 13:46:37 +0000