Mercurial > dropbear

diff gendss.c @ 1733:d529a52b2f7c coverity coverity

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge coverity from main
author Matt Johnston <matt@ucc.asn.au>
date Fri, 26 Jun 2020 21:07:34 +0800
parents f52919ffd3b1
children
line wrap: on
line diff
--- a/gendss.c	Thu Mar 21 23:28:59 2019 +0800
+++ b/gendss.c	Fri Jun 26 21:07:34 2020 +0800
@@ -68,6 +68,7 @@
 static void getq(const dropbear_dss_key *key) {
 
 	unsigned char buf[QSIZE];
+	int trials;
 
 	/* 160 bit prime */
 	genrandom(buf, QSIZE);
@@ -76,8 +77,9 @@
 
 	bytes_to_mp(key->q, buf, QSIZE);
 
-	/* 18 rounds are required according to HAC */
-	if (mp_prime_next_prime(key->q, 18, 0) != MP_OKAY) {
+	/* ask FIPS 186.4 how many Rabin-Miller trials are required */
+	trials = mp_prime_rabin_miller_trials(mp_count_bits(key->q));
+	if (mp_prime_next_prime(key->q, trials, 0) != MP_OKAY) {
 		fprintf(stderr, "DSS key generation failed\n");
 		exit(1);
 	}
@@ -89,7 +91,7 @@
 	DEF_MP_INT(tempC);
 	DEF_MP_INT(tempP);
 	DEF_MP_INT(temp2q);
-	int result;
+	int result, trials;
 	unsigned char *buf;
 
 	m_mp_init_multi(&tempX, &tempC, &tempP, &temp2q, NULL);
@@ -129,9 +131,10 @@
 			exit(1);
 		}
 
-		/* now check for prime, 5 rounds is enough according to HAC */
+		/* ask FIPS 186.4 how many Rabin-Miller trials are required */
+		trials = mp_prime_rabin_miller_trials(mp_count_bits(key->p));
 		/* result == 1  =>  p is prime */
-		if (mp_prime_is_prime(key->p, 5, &result) != MP_OKAY) {
+		if (mp_prime_is_prime(key->p, trials, &result) != MP_OKAY) {
 			fprintf(stderr, "DSS key generation failed\n");
 			exit(1);
 		}