diff options
author | Ulf Möller <ulf@openssl.org> | 2000-01-27 19:31:26 +0000 |
---|---|---|
committer | Ulf Möller <ulf@openssl.org> | 2000-01-27 19:31:26 +0000 |
commit | 38e33cef15e7965ad9fd9db4b08fb2f5dc1bc573 (patch) | |
tree | 27216af3df8adcdc381475ca7011f43fcf34e7fe /crypto/bn/bn_prime.c | |
parent | 0c23524963064a3bf8206b28c97f88e157d29fa7 (diff) |
Document DSA and SHA.
New function BN_pseudo_rand().
Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
generating DSA primes (why not use BN_is_prime()?)
Diffstat (limited to 'crypto/bn/bn_prime.c')
-rw-r--r-- | crypto/bn/bn_prime.c | 20 |
1 files changed, 1 insertions, 19 deletions
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index e22851ddf4..84f0699b9b 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -68,24 +68,6 @@ */ #include "bn_prime.h" -/* number of Miller-Rabin iterations for an error rate of less than 2^-80 - * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook - * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error estimates - * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */ -#define BN_prime_checks_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ - (b) >= 450 ? 6 : \ - (b) >= 400 ? 7 : \ - (b) >= 350 ? 8 : \ - (b) >= 300 ? 9 : \ - (b) >= 250 ? 12 : \ - (b) >= 200 ? 15 : \ - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) - static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2, BN_MONT_CTX *mont); static int probable_prime(BIGNUM *rnd, int bits); @@ -203,7 +185,7 @@ int BN_is_prime(BIGNUM *a, int checks, void (*callback)(int,int,void *), for (i=0; i<checks; i++) { - if (!BN_rand(check,BN_num_bits(a)-1,0,0)) goto err; + if (!BN_pseudo_rand(check,BN_num_bits(a)-1,0,0)) goto err; j=witness(check,a,ctx,ctx2,mont); if (j == -1) goto err; if (j) |