Sync code with last security fixes and improvements from OpenBSD

lib/libcrypto/man/BN_generate_prime.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: BN_generate_prime.3,v 1.20 2022/11/24 19:06:38 schwarze Exp $
+.\" $OpenBSD: BN_generate_prime.3,v 1.22 2023/04/30 20:17:59 tb Exp $
 .\" full merge up to: OpenSSL f987a4dd Jun 27 10:12:08 2019 +0200
 .\"
 .\" This file is a derived work.
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 24 2022 $
+.Dd $Mdocdate: April 30 2023 $
 .Dt BN_GENERATE_PRIME 3
 .Os
 .Sh NAME
@@ -79,10 +79,7 @@
 .Nm BN_GENCB_free ,
 .Nm BN_GENCB_set ,
 .Nm BN_GENCB_get_arg ,
-.Nm BN_GENCB_set_old ,
-.Nm BN_generate_prime ,
-.Nm BN_is_prime ,
-.Nm BN_is_prime_fasttest
+.Nm BN_GENCB_set_old
 .\" Nm BN_prime_checks_for_size is intentionally undocumented
 .\" because it is no longer used by LibreSSL.
 .Nd generate primes and test for primality
@@ -143,33 +140,6 @@ Deprecated:
 .Fa "void (*cb_fp)(int, int, void *)"
 .Fa "void *cb_arg"
 .Fc
-.Ft BIGNUM *
-.Fo BN_generate_prime
-.Fa "BIGNUM *ret"
-.Fa "int num"
-.Fa "int safe"
-.Fa "BIGNUM *modulus"
-.Fa "BIGNUM *remainder"
-.Fa "void (*cb_fp)(int, int, void *)"
-.Fa "void *cb_arg"
-.Fc
-.Ft int
-.Fo BN_is_prime
-.Fa "const BIGNUM *a"
-.Fa "int checks"
-.Fa "void (*cb_fp)(int, int, void *)"
-.Fa "BN_CTX *ctx"
-.Fa "void *cb_arg"
-.Fc
-.Ft int
-.Fo BN_is_prime_fasttest
-.Fa "const BIGNUM *a"
-.Fa "int checks"
-.Fa "void (*cb_fp)(int, int, void *)"
-.Fa "BN_CTX *ctx"
-.Fa "void *cb_arg"
-.Fa "int do_trial_division"
-.Fc
 .Sh DESCRIPTION
 .Fn BN_is_prime_ex
 and
@@ -325,36 +295,10 @@ to use the old-style callback function pointer
 .Fa cb_fp
 and the additional callback argument
 .Fa cb_arg .
-.Pp
-.Fn BN_generate_prime
-is a deprecated wrapper around
-.Fn BN_GENCB_set_old
-and
-.Fn BN_generate_prime_ex .
-In contrast to
-.Fn BN_generate_prime_ex ,
-if
-.Dv NULL
-is passed for the
-.Fa ret
-argument, a new
-.Vt BIGNUM
-object is allocated and returned.
-.Pp
-Similarly,
-.Fn BN_is_prime
-and
-.Fn BN_is_prime_fasttest
-are deprecated wrappers around
-.Fn BN_GENCB_set_old
-and
-.Fn BN_is_prime_ex .
 .Sh RETURN VALUES
-.Fn BN_is_prime_ex ,
-.Fn BN_is_prime_fasttest_ex ,
-.Fn BN_is_prime ,
+.Fn BN_is_prime_ex
 and
-.Fn BN_is_prime_fasttest
+.Fn BN_is_prime_fasttest_ex
 return 0 if the number is composite, 1 if it is prime with a very small
 error probability, or \-1 on error.
 .Pp
@@ -390,11 +334,6 @@ using
 or
 .Fn BN_GENCB_set_old .
 .Pp
-.Fn BN_generate_prime
-returns the prime number on success or
-.Dv NULL
-on failure.
-.Pp
 In some cases, error codes can be obtained by
 .Xr ERR_get_error 3 .
 .Sh SEE ALSO
@@ -403,26 +342,6 @@ In some cases, error codes can be obtained by
 .Xr DSA_generate_parameters 3 ,
 .Xr RSA_generate_key 3
 .Sh HISTORY
-.Fn BN_generate_prime
-and
-.Fn BN_is_prime
-first appeared in SSLeay 0.5.1 and had their
-.Fa cb_arg
-argument added in SSLeay 0.9.0.
-These two functions have been available since
-.Ox 2.4 .
-.Pp
-The
-.Fa ret
-argument to
-.Fn BN_generate_prime
-was added in SSLeay 0.9.1 and
-.Ox 2.6 .
-.Pp
-.Fn BN_is_prime_fasttest
-first appeared in OpenSSL 0.9.5 and has been available since
-.Ox 2.7 .
-.Pp
 .Fn BN_generate_prime_ex ,
 .Fn BN_is_prime_ex ,
 .Fn BN_is_prime_fasttest_ex ,