A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.8.0 2023-05-19T00:54:28+00:00 2023-05-19T00:54:28+00:00 deraadt 2023-05-19T00:54:28+00:00 urn:sha1:3dc51b1807e9a69624721300010e6e6ce16d5709 2023-05-17T07:42:38+00:00 tb 2023-05-17T07:42:38+00:00 urn:sha1:11b2caf2d2be047efd96d29f1a2278031692364a Now that this macro is available in a header, let's use that version rather than copies in several .c files. discussed with jsing 2023-05-10T21:05:24+00:00 tb 2023-05-10T21:05:24+00:00 urn:sha1:a71a6115c0cd290f9e5dd15d6c84d8d3dde57b59 This is more accurate and improves readability a bit. Apart from a comment tweak this is sed + knfmt (which resulted in four wrapped lines). Discussed with beck and jsing 2023-05-10T12:21:55+00:00 tb 2023-05-10T12:21:55+00:00 urn:sha1:536ed901af3f95bbdf5d437d3f0ad7d96659ee96 The behavior of the BPSW primality test for numbers > 2^64 is not very well understood. While there is no known composite that passes the test, there are heuristics that indicate that there are likely infinitely many. Therefore it seems appropriate to harden the test. Having a settable number of MR rounds before doing a version of BPSW is also the approach taken by Go's primality check in math/big. This adds a new implementation of the old MR test that runs before running the strong Lucas test. I like to imagine that it's slightly cleaner code. We're effectively at about twice the cost of what we had a year ago. In addition, it adds some non-determinism in case there actually are false positives for the BPSW test. The implementation is straightforward. It could easily be tweaked to use the additional gcds in the "enhanced" MR test of FIPS 186-5, but as long as we are only going to throw away the additional info, that's not worth much. This is a first step towards incorporating some of the considerations in "A performant misuse-resistant API for Primality Testing" by Massimo and Paterson. Further work will happen in tree. In particular, there are plans to crank the number of Miller-Rabin tests considerably so as to have a guaranteed baseline. The manual will be updated shortly. positive feedback beck ok jsing 2023-05-09T05:38:11+00:00 tb 2023-05-09T05:38:11+00:00 urn:sha1:d10ac5ed91efbdc49fc0b13ac24a411c020beaab Anything taken to the power of 0 is 1, and then reduced mod 1 or mod -1 it will be 0. If "anything" includes 0 or not is a matter of convention, but it should not depend on the sign of the modulus... Reported by Guido Vranken ok jsing (who had the same diff) 2023-05-09T05:15:55+00:00 jsing 2023-05-09T05:15:55+00:00 urn:sha1:eb5c4831ebe1fd7e22ce96c554a2521c81a1ea95 ok tb@ 2023-05-09T05:12:49+00:00 jsing 2023-05-09T05:12:49+00:00 urn:sha1:f82e79aa8805e5defba66b3e8dc6c86a6f1c5ae8 ok tb@ 2023-04-30T19:15:48+00:00 tb 2023-04-30T19:15:48+00:00 urn:sha1:f2f3a3e6551fa9a5a84a5e5d217b68f6440313eb 2023-04-30T05:21:20+00:00 tb 2023-04-30T05:21:20+00:00 urn:sha1:6f2f6dd47c5d8c196f6fe676be3e56cd9e572194 2023-04-27T06:48:47+00:00 tb 2023-04-27T06:48:47+00:00 urn:sha1:6d0c1e2ca3d7406df9e1f77ae7cc0d5464b31209