Use faster primality testing in libtomcrypt

This can only be used if DSS is disabled
2025-01-31 02:46:58 +00:00 · 2022-11-10 11:52:55 +08:00 · 2022-11-10 11:52:55 +08:00 · 0e70732e1e
commit 0e70732e1e
parent cdaf52aead
2 changed files with 13 additions and 0 deletions
--- a/default_options.h
+++ b/default_options.h
@ -133,6 +133,10 @@ IMPORTANT: Some options will require "make clean" after changes */
 * is not recommended for new keys.
 * See: RSA_PRIV_FILENAME and DSS_PRIV_FILENAME */
 #define DROPBEAR_RSA 1
+/* RSA key generation will be faster with bundled libtommath
+ * if DROPBEAR_DSS is disabled.
+ * https://github.com/mkj/dropbear/issues/174#issuecomment-1267374858
+ */
 #define DROPBEAR_DSS 1
 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
 * code (either ECDSA or ECDH) increases binary size - around 30kB
--- a/sysoptions.h
+++ b/sysoptions.h
@ -164,6 +164,15 @@
 #define DROPBEAR_RSA_SHA256 DROPBEAR_RSA
 #endif

+/* Miller-Rabin primality testing is sufficient for RSA but not DSS.
+ * It's a compile-time setting for libtommath, we can get a speedup
+ * for key generation if DSS is disabled.
+ * https://github.com/mkj/dropbear/issues/174#issuecomment-1267374858
+ */
+#ifndef DROPBEAR_DSS
+#define LTM_USE_ONLY_MR 1
+#endif
+
 /* hashes which will be linked and registered */
 #define DROPBEAR_SHA1 (DROPBEAR_RSA_SHA1 || DROPBEAR_DSS \
 				|| DROPBEAR_SHA1_HMAC || DROPBEAR_SHA1_96_HMAC \