Looking at the DH_generate_parameters() in crypto/dh/dh_gen.c, the comment
says that if you use generator 5 then p mod 10 == 3 or 7, while for generator
2, p mod 24 == 11 and for generator 3, p mod 12 == 5. That means that using
5 should find a good p twice as fast, right?
Unfortunately the BN routines only take one modulo value, so there's no way
to look for 3 or 7. The comment in DH_generate_parameters() says
else if (generator == DH_GENERATOR_5)
{
BN_set_word(t1,10);
BN_set_word(t2,3);
/* BN_set_word(t3,7); just have to miss
* out on these ones :-( */
g=5;
}
A gold star to the first person to code up a new BN_generate_prime2()
function that'll take 2 modulo values!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
