From 0e70732e1ec4db875c93f2b5a6eeb4185384f163 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Thu, 10 Nov 2022 11:52:55 +0800
Subject: [PATCH] Use faster primality testing in libtomcrypt

This can only be used if DSS is disabled
---
 default_options.h | 4 ++++
 sysoptions.h      | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/default_options.h b/default_options.h
index da76a2c..43efcd2 100644
--- a/default_options.h
+++ b/default_options.h
@@ -133,6 +133,10 @@ IMPORTANT: Some options will require "make clean" after changes */
  * is not recommended for new keys.
  * See: RSA_PRIV_FILENAME and DSS_PRIV_FILENAME */
 #define DROPBEAR_RSA 1
+/* RSA key generation will be faster with bundled libtommath
+ * if DROPBEAR_DSS is disabled.
+ * https://github.com/mkj/dropbear/issues/174#issuecomment-1267374858
+ */
 #define DROPBEAR_DSS 1
 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
  * code (either ECDSA or ECDH) increases binary size - around 30kB
diff --git a/sysoptions.h b/sysoptions.h
index 89773e7..69018dd 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -164,6 +164,15 @@
 #define DROPBEAR_RSA_SHA256 DROPBEAR_RSA
 #endif
 
+/* Miller-Rabin primality testing is sufficient for RSA but not DSS.
+ * It's a compile-time setting for libtommath, we can get a speedup
+ * for key generation if DSS is disabled.
+ * https://github.com/mkj/dropbear/issues/174#issuecomment-1267374858
+ */
+#ifndef DROPBEAR_DSS
+#define LTM_USE_ONLY_MR 1
+#endif
+
 /* hashes which will be linked and registered */
 #define DROPBEAR_SHA1 (DROPBEAR_RSA_SHA1 || DROPBEAR_DSS \
 				|| DROPBEAR_SHA1_HMAC || DROPBEAR_SHA1_96_HMAC \