From 734dbdfa5510229b3acee29449c2938efccb6bd6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Wed, 26 May 2010 16:20:17 +0200
Subject: [PATCH] * bignum-random-prime.c (_nettle_generate_pocklington_prime):
 Also return the used r. Updated caller.

Rev: nettle/bignum-random-prime.c:1.5
Rev: nettle/bignum.h:1.6
---
 bignum-random-prime.c | 29 ++++++++++++++++++++---------
 bignum.h              |  2 +-
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/bignum-random-prime.c b/bignum-random-prime.c
index 1fa7ee4a..dd772bdd 100644
--- a/bignum-random-prime.c
+++ b/bignum-random-prime.c
@@ -257,18 +257,17 @@ miller_rabin_pocklington(mpz_t n, mpz_t nm1, mpz_t nm1dq, mpz_t a)
    p0 must be of size >= ceil(bits/2) + 1. The extra factor q can be
    omitted. */
 void
-_nettle_generate_pocklington_prime (mpz_t p, unsigned bits,
+_nettle_generate_pocklington_prime (mpz_t p, unsigned bits, mpz_t r,
 				    void *ctx, nettle_random_func random, 
 				    const mpz_t p0,
 				    const mpz_t q,
 				    const mpz_t p0q)
 {
-  mpz_t i, r, pm1,a;
+  mpz_t i, pm1,a;
   
   assert (2*mpz_sizeinbase (p0, 2) > bits + 1);
 
   mpz_init (i);
-  mpz_init (r);
   mpz_init (pm1);
   mpz_init (a);
 
@@ -304,13 +303,23 @@ _nettle_generate_pocklington_prime (mpz_t p, unsigned bits,
       mpz_set_ui (a, buf[0] + 2);
 
       if (q)
-	mpz_mul (r, r, q);
-      
-      if (miller_rabin_pocklington(p, pm1, r, a))
+	{
+	  mpz_t e;
+	  int is_prime;
+	  
+	  mpz_init (e);
+
+	  mpz_mul (e, r, q);
+	  is_prime = miller_rabin_pocklington(p, pm1, e, a);
+	  mpz_clear (e);
+
+	  if (is_prime)
+	    break;
+	}
+      else if (miller_rabin_pocklington(p, pm1, r, a))
 	break;
     }
   mpz_clear (i);
-  mpz_clear (r);
   mpz_clear (pm1);
   mpz_clear (a);
 }
@@ -362,18 +371,20 @@ nettle_random_prime(mpz_t p, unsigned bits,
     }
   else
     {
-      mpz_t q;
+      mpz_t q, r;
 
       mpz_init (q);
+      mpz_init (r);
 
      /* Bit size ceil(k/2) + 1, slightly larger than used in Alg. 4.62
 	in Handbook of Applied Cryptography (which seems to be
 	incorrect for odd k). */
       nettle_random_prime (q, (bits+3)/2, ctx, random);
 
-      _nettle_generate_pocklington_prime (p, bits, ctx, random,
+      _nettle_generate_pocklington_prime (p, bits, r, ctx, random,
 					  q, NULL, q);
       
       mpz_clear (q);
+      mpz_clear (r);
     }
 }
diff --git a/bignum.h b/bignum.h
index 9db38825..0c40815c 100644
--- a/bignum.h
+++ b/bignum.h
@@ -90,7 +90,7 @@ nettle_random_prime(mpz_t p, unsigned bits,
 		    void *ctx, nettle_random_func random);
 
 void
-_nettle_generate_pocklington_prime (mpz_t p, unsigned bits,
+_nettle_generate_pocklington_prime (mpz_t p, unsigned bits, mpz_t r,
 				    void *ctx, nettle_random_func random, 
 				    const mpz_t p0,
 				    const mpz_t q,
-- 
GitLab