From 285bf989997b8dc94a0783e260fe73787c7ae767 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Thu, 26 May 2016 09:26:09 +0100 Subject: [PATCH] math/, pub/: Take a more consistent approach to prime-generation failures. * Don't have `strongprime_setup' assert just because the requested size is too small. * Fix `strongprime' itself, so that it leaves its destination in a predictable state (specifically, it's unmolested) if it fails. * Remove the retry loops from `bbs_gen' and `rsa_gen'. Now, downstream failures are consistently propagated. --- math/strongprime.c | 12 ++++++++---- pub/bbs-gen.c | 14 ++------------ pub/rsa-gen.c | 11 ++--------- 3 files changed, 12 insertions(+), 25 deletions(-) diff --git a/math/strongprime.c b/math/strongprime.c index 60a7cc75..a82bfad0 100644 --- a/math/strongprime.c +++ b/math/strongprime.c @@ -82,7 +82,7 @@ mp *strongprime_setup(const char *name, mp *d, pfilt *f, unsigned nbits, /* --- Choose two primes %$s$% and %$t$% of half the required size --- */ - assert(((void)"nbits too small in strongprime_setup", nbits/2 > BITSLOP)); + if (nbits/2 <= BITSLOP) return (0); nb = nbits/2 - BITSLOP; c.step = 1; @@ -188,16 +188,20 @@ fail_s: mp *strongprime(const char *name, mp *d, unsigned nbits, grand *r, unsigned n, pgen_proc *event, void *ectx) { + mp *p; pfilt f; pgen_jumpctx j; rabin rb; - d = strongprime_setup(name, d, &f, nbits, r, n, event, ectx); + if (d) mp_copy(d); + p = strongprime_setup(name, d, &f, nbits, r, n, event, ectx); + if (!p) { mp_drop(d); return (0); } j.j = &f; - d = pgen(name, d, d, event, ectx, n, pgen_jump, &j, + p = pgen(name, p, p, event, ectx, n, pgen_jump, &j, rabin_iters(nbits), pgen_test, &rb); pfilt_destroy(&f); - return (d); + mp_drop(d); + return (p); } /*----- That's all, folks -------------------------------------------------*/ diff --git a/pub/bbs-gen.c b/pub/bbs-gen.c index e9e6922e..f57683f1 100644 --- a/pub/bbs-gen.c +++ b/pub/bbs-gen.c @@ -69,18 +69,13 @@ int bbs_gen(bbs_priv *bp, unsigned nbits, grand *r, unsigned n, /* --- Generate @p@ --- */ -again: if ((x = strongprime_setup("p", x, &jp, nb, r, n, event, ectx)) == 0) goto fail_x; j.j = &jp; bp->p = pgen("p", MP_NEW, x, event, ectx, n, pgen_jump, &j, rabin_iters(nb), pgen_test, &rb); pfilt_destroy(&jp); - if (!bp->p) { - if (n) - goto fail_p; - goto again; - } + if (!bp->p) goto fail_p; /* --- Generate @q@ --- */ @@ -98,12 +93,7 @@ again: pfilt_destroy(&g.jp); mp_drop(g.r); mp_drop(g.g); - if (!bp->q) { - if (n) - goto fail_q; - mp_drop(bp->p); - goto again; - } + if (!bp->q) goto fail_q; /* --- Compute @n@ --- */ diff --git a/pub/rsa-gen.c b/pub/rsa-gen.c index c9a2da60..c12be18a 100644 --- a/pub/rsa-gen.c +++ b/pub/rsa-gen.c @@ -73,7 +73,6 @@ int rsa_gen(rsa_priv *rp, unsigned nbits, grand *r, unsigned n, * conservative about that sort of thing. */ -again: if ((rp->p = strongprime("p", MP_NEWSEC, nbits/2, r, n, event, ectx)) == 0) goto fail_p; @@ -106,10 +105,7 @@ again: mp_drop(g.r); if (!q) { mp_drop(g.g); - if (n) - goto fail_q; - mp_drop(rp->p); - goto again; + goto fail_q; } rp->q = q; } @@ -125,10 +121,7 @@ again: MP_LEN(phi) * 4 < MP_LEN(rp->q) * 3) { mp_drop(rp->p); mp_drop(g.g); - if (n) - goto fail_q; - mp_drop(rp->q); - goto again; + goto fail_q; } if (MP_NEGP(phi)) { -- 2.11.0