From e2eaf3f2399f519f00d6624c4781f18a74571016 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 5 Dec 2024 19:34:46 +0000
Subject: Make the DSS_prime_checks macro internal

Rename it to DSA_prime_checks and add an XXX comment mentioning that
we could reduce the number of rounds thanks to BPSW. There are no
plans of changing that as DSA is on its way out.

discussed with miod
---
 src/lib/libcrypto/dsa/dsa.h     |  9 +--------
 src/lib/libcrypto/dsa/dsa_gen.c | 14 +++++++++++---
 2 files changed, 12 insertions(+), 11 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 63e5cedb1c..9f3d561239 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa.h,v 1.45 2024/12/05 19:29:08 tb Exp $ */
+/* $OpenBSD: dsa.h,v 1.46 2024/12/05 19:34:46 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -177,13 +177,6 @@ int	DSA_print(BIO *bp, const DSA *x, int off);
 int	DSAparams_print_fp(FILE *fp, const DSA *x);
 int	DSA_print_fp(FILE *bp, const DSA *x, int off);
 
-/*
- * Primality test according to FIPS PUB 186-4, Appendix C.3. Set the number
- * to 64 rounds of Miller-Rabin, which corresponds to 128 bits of security.
- * This is necessary for keys of size >= 3072.
- */
-#define DSS_prime_checks 64
-
 #ifndef OPENSSL_NO_DH
 /* Convert DSA structure (key or just parameters) into DH structure
  * (be careful to avoid small subgroup attacks when using this!) */
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index dc04eba032..a79d0f9e20 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_gen.c,v 1.32 2024/05/11 06:43:50 tb Exp $ */
+/* $OpenBSD: dsa_gen.c,v 1.33 2024/12/05 19:34:46 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -71,6 +71,14 @@
 #include "bn_local.h"
 #include "dsa_local.h"
 
+/*
+ * Primality test according to FIPS PUB 186-4, Appendix C.3. Set the number
+ * to 64 rounds of Miller-Rabin, which corresponds to 128 bits of security.
+ * This is necessary for keys of size >= 3072.
+ * XXX - now that we do BPSW the recommendation is to do 2 for p and 27 for q.
+ */
+#define DSA_prime_checks 64
+
 int
 DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in,
     int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
@@ -207,7 +215,7 @@ dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd,
 				goto err;
 
 			/* step 4 */
-			r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+			r = BN_is_prime_fasttest_ex(q, DSA_prime_checks, ctx,
 			    seed_is_random, cb);
 			if (r > 0)
 				break;
@@ -278,7 +286,7 @@ dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd,
 			/* step 10 */
 			if (BN_cmp(p, test) >= 0) {
 				/* step 11 */
-				r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
+				r = BN_is_prime_fasttest_ex(p, DSA_prime_checks,
 				    ctx, 1, cb);
 				if (r > 0)
 					goto end; /* found it */
-- 
cgit v1.2.3-55-g6feb