hcrypto: trim number of trials in prime number generation

Reduce the number of trials when generating RSA keys by calling
mp_prime_rabin_miller_trials() with the number of desired bits.

See libtom/libtommath#482.

diff --git a/lib/hcrypto/rsa-ltm.c b/lib/hcrypto/rsa-ltm.c
index 803da1d23a8f3943067d9ee278b496aba05d6c12..82ca33b583abfa174a60c97550e105a5cb83ff94 100644 (file)
--- a/lib/hcrypto/rsa-ltm.c
+++ b/lib/hcrypto/rsa-ltm.c
@@ -534,9 +534,11 @@ ltm_rsa_generate_key(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
     /* generate p and q so that p != q and bits(pq) ~ bits */
     counter = 0;
     do {
+       int trials = mp_prime_rabin_miller_trials(bitsp);
+
        BN_GENCB_call(cb, 2, counter++);
        CHECK(random_num(&p, bitsp), 0);
-       CHECK(mp_prime_next_prime(&p,128,0), MP_OKAY);
+       CHECK(mp_prime_next_prime(&p, trials, 0), MP_OKAY);
 
        mp_sub_d(&p, 1, &t1);
        mp_gcd(&t1, &el, &t2);
@@ -546,9 +548,11 @@ ltm_rsa_generate_key(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
 
     counter = 0;
     do {
+       int trials = mp_prime_rabin_miller_trials(bits - bitsp);
+
        BN_GENCB_call(cb, 2, counter++);
        CHECK(random_num(&q, bits - bitsp), 0);
-       CHECK(mp_prime_next_prime(&q,128,0), MP_OKAY);
+       CHECK(mp_prime_next_prime(&q, trials, 0), MP_OKAY);
 
        if (mp_cmp(&p, &q) == 0) /* don't let p and q be the same */
            continue;