revert changes to DH param gen. MPI does compute q=2p+1 for strong primes, but returns q not p. #ifdef in rsa for testing mp_exptmod_d vs. mp_exptmod, mp_exptmod is considerably faster.

security/nss/lib/freebl/dh.c

@@ -48,7 +48,7 @@ DH_GenParam(int primeLen, DHParams **params)
 {
     PRArenaPool *arena;
     DHParams *dhparams;
-    unsigned char *qb = NULL;
+    unsigned char *pb = NULL;
     unsigned char *ab = NULL;
     unsigned long counter = 0;
     mp_int p, q, a, h, psub1, test;
@@ -83,15 +83,15 @@ DH_GenParam(int primeLen, DHParams **params)
     CHECK_MPI_OK( mp_init(&psub1) );
     CHECK_MPI_OK( mp_init(&test) );
     /* generate prime with MPI, uses Miller-Rabin to generate strong prime. */
-    qb = PORT_Alloc(primeLen);
-    CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(qb, primeLen) );
-    qb[0]          |= 0x80; /* set high-order bit */
-    qb[primeLen-1] |= 0x01; /* set low-order bit  */
-    CHECK_MPI_OK( mp_read_unsigned_octets(&q, qb, primeLen) );
-    CHECK_MPI_OK( mpp_make_prime(&q, primeLen * 8, PR_TRUE, &counter) );
-    /* construct Sophie-Germain prime p = 2q + 1. */
-    CHECK_MPI_OK( mp_mul_2(&q, &psub1)    );
-    CHECK_MPI_OK( mp_add_d(&psub1, 1, &p) );
+    pb = PORT_Alloc(primeLen);
+    CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) );
+    pb[0]          |= 0x80; /* set high-order bit */
+    pb[primeLen-1] |= 0x01; /* set low-order bit  */
+    CHECK_MPI_OK( mp_read_unsigned_octets(&p, pb, primeLen) );
+    CHECK_MPI_OK( mpp_make_prime(&p, primeLen * 8, PR_TRUE, &counter) );
+    /* construct Sophie-Germain prime q = (p-1)/2. */
+    CHECK_MPI_OK( mp_sub_d(&p, 1, &psub1) );
+    CHECK_MPI_OK( mp_div_2(&psub1, &q)    );
     /* construct a generator from the prime. */
     ab = PORT_Alloc(primeLen);
     do {
@@ -116,7 +116,7 @@ cleanup:
     mp_clear(&h);
     mp_clear(&psub1);
     mp_clear(&test);
-    if (qb) PORT_ZFree(qb, primeLen);
+    if (pb) PORT_ZFree(pb, primeLen);
     if (ab) PORT_ZFree(ab, primeLen);
     if (err) {
 	MP_TO_SEC_ERROR(err);

security/nss/lib/freebl/manifest.mn

@@ -77,3 +77,4 @@ CSRCS = \
 	$(NULL)
 endif
 
+#DEFINES += -DUSE_MPI_EXPT_D

security/nss/lib/freebl/rsa.c

@@ -30,7 +30,7 @@
  * may use your version of this file under either the MPL or the
  * GPL.
  *
- * $Id: rsa.c,v 1.14 2000-09-19 06:18:04 mcgreer%netscape.com Exp $
+ * $Id: rsa.c,v 1.15 2000-09-22 16:24:16 mcgreer%netscape.com Exp $
  */
 
 #include "secerr.h"
@@ -275,20 +275,17 @@ RSA_PublicKeyOp(RSAPublicKey  *key,
     modLen = rsa_modulusLen(&key->modulus);
     /* 1.  Obtain public key (n, e) */
     SECITEM_TO_MPINT(key->modulus, &n);
-#ifdef USE_MPI_EXPT_D
-    /* XXX convert exponent to mp_digit */
-#else
     SECITEM_TO_MPINT(key->publicExponent, &e);
-#endif
     /* 2.  Represent message as integer in range [0..n-1] */
     CHECK_MPI_OK( mp_read_unsigned_octets(&m, input, modLen) );
     /* 3.  Compute c = m**e mod n */
 #ifdef USE_MPI_EXPT_D
     /* XXX see which is faster */
-    CHECK_MPI_OK( mp_exptmod_d(&m, exp, &n, &c) );
-#else
-    CHECK_MPI_OK( mp_exptmod(&m, &e, &n, &c) );
+    if (MP_USED(&e) == 1) {
+	CHECK_MPI_OK( mp_exptmod_d(&m, MP_DIGIT(&e, 0), &n, &c) );
+    } else
 #endif
+    CHECK_MPI_OK( mp_exptmod(&m, &e, &n, &c) );
     /* 4.  result c is ciphertext */
     err = mp_to_fixlen_octets(&c, output, modLen);
     if (err >= 0) err = MP_OKAY;