boringssl/crypto/fipsmodule/rsa
David Benjamin a2938719a4 Improve the RSA key generation failure probability.
The FIPS 186-4 algorithm we use includes a limit which hits a 2^-20
failure probability, assuming my math is right. We've observed roughly
2^-23. This is a little large at scale. (See b/77854769.)

To avoid modifying the FIPS algorithm, retry the whole thing four times
to bring the failure rate down to 2^-80. Along the way, now that I have
the derivation on hand, adjust
https://boringssl-review.googlesource.com/22584 to target the same
failure probability.

Along the way, fix an issue with RSA_generate_key where, if callers
don't check for failure, there may be half a key in there.

Change-Id: I0e1da98413ebd4ffa65fb74c67a58a0e0cd570ff
Reviewed-on: https://boringssl-review.googlesource.com/27288
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2018-04-20 21:34:05 +00:00
..
blinding.c Don't bother retrying in bn_blinding_create_param. 2018-03-05 20:48:41 +00:00
internal.h Replace rsa_greater_than_pow2 with BN_cmp. 2018-03-30 19:53:18 +00:00
padding.c
rsa_impl.c Improve the RSA key generation failure probability. 2018-04-20 21:34:05 +00:00
rsa.c Check d is mostly-reduced in RSA_check_key. 2018-03-30 19:54:10 +00:00