pub/bbs-gen.c, pub/rsa-gen.c: Remove the lower-bounding on q.

It's unnecessary.  It was a bad idea because it biases q quite heavily,
but now `strongprime' generates primes in the right interval so that
getting the right bit length isn't a problem.

diff --git a/pub/bbs-gen.c b/pub/bbs-gen.c
index fcba8288965555a716e8ed3a055ce51989f7fffd..6ec65e2d10cb8f4813dfa79253eaa50fd2717af3 100644 (file)
--- a/pub/bbs-gen.c
+++ b/pub/bbs-gen.c
@@ -65,7 +65,7 @@ int bbs_gen(bbs_priv *bp, unsigned nbits, grand *r, unsigned n,
   pgen_jumpctx j;
   pgen_gcdstepctx g;
   unsigned nb = nbits/2;
-  mp *x = MP_NEWSEC, *t = MP_NEW;
+  mp *x = MP_NEWSEC;
 
   /* --- Generate @p@ --- */
 
@@ -88,15 +88,11 @@ int bbs_gen(bbs_priv *bp, unsigned nbits, grand *r, unsigned n,
   g.r = mp_lsr(MP_NEW, bp->p, 1);
   g.g = MP_NEW;
   g.max = MP_ONE;
-  t = mp_lsl(t, MP_ONE, nbits - 1);
-  mp_div(&t, 0, t, bp->p);
-  if (MP_CMP(x, <, t)) x = mp_leastcongruent(x, t, x, g.jp.m);
   bp->q = pgen("q", MP_NEWSEC, x, event, ectx, n, pgen_gcdstep, &g,
               rabin_iters(nb), pgen_test, &rb);
   pfilt_destroy(&g.jp);
   mp_drop(g.r);
   mp_drop(g.g);
-  mp_drop(t);
   if (!bp->q) goto fail_q;
 
   /* --- Compute @n@ --- */

diff --git a/pub/rsa-gen.c b/pub/rsa-gen.c
index de97644c4d73708080a3f65ccb41c3501a6a2897..3b5334b8e3189a488c86d5e127ba482f548d55ab 100644 (file)
--- a/pub/rsa-gen.c
+++ b/pub/rsa-gen.c
@@ -84,17 +84,11 @@ int rsa_gen(rsa_priv *rp, unsigned nbits, grand *r, unsigned n,
 
   {
     mp *q;
-    mp *t = MP_NEW, *u = MP_NEW;
     rabin rb;
 
     if ((q = strongprime_setup("q", MP_NEWSEC, &g.jp, nbits / 2,
                               r, n, event, ectx)) == 0)
       goto fail_q;
-    t = mp_lsl(t, MP_ONE, nbits - 1);
-    mp_div(&t, &u, t, rp->p);
-    if (!MP_ZEROP(u)) t = mp_add(t, t, MP_ONE);
-    if (MP_CMP(q, <, t)) q = mp_leastcongruent(q, t, q, g.jp.m);
-    mp_drop(t);
 
     g.r = mp_lsr(MP_NEW, rp->p, 1);
     g.g = MP_NEW;