Google Git
Sign in
boringssl/boringssl.git/6dfb479755a4a22960dc68efb65e9d061ce1f65f^!/.
commit
6dfb479755a4a22960dc68efb65e9d061ce1f65f
[log]
author
David Benjamin <davidben@google.com>
Sat Sep 14 12:44:12 2019 -0400
committer
Adam Langley <agl@google.com>
Mon Sep 30 18:03:08 2019 +0000
tree
e381666ccf97f6ab3c8b6e94030fcfe3e72ce39d
parent
bd522862a0b4c84a0ed8e37096d1c361dc6beaa9 [diff]
Be consistent about Miller-Rabin vs Rabin-Miller.

We mostly say Miller-Rabin but sometimes say Rabin-Miller. git log -S
suggests this is mostly my fault for picking the less common order.
Miller-Rabin is also the more common order according to the internet, so
use that.

Change-Id: Id18853469a641af6d1c37d3ec87c3110e01e6b71
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37784
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c
index 51dca7f..cb419c8 100644
--- a/crypto/dsa/dsa.c
+++ b/crypto/dsa/dsa.c

@@ -79,7 +79,7 @@
 #define OPENSSL_DSA_MAX_MODULUS_BITS 10000
 
 // Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
-// Rabin-Miller
+// Miller-Rabin.
 #define DSS_prime_checks 50
 
 static int dsa_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,

diff --git a/crypto/fipsmodule/bn/bn_test.cc b/crypto/fipsmodule/bn/bn_test.cc
index a61d6e1..b7427d5 100644
--- a/crypto/fipsmodule/bn/bn_test.cc
+++ b/crypto/fipsmodule/bn/bn_test.cc

@@ -2013,7 +2013,7 @@
   EXPECT_EQ(0, is_probably_prime_2);
 
   // The following composite numbers come from http://oeis.org/A014233 and are
-  // such that the first several primes are not a Rabin-Miller composite
+  // such that the first several primes are not a Miller-Rabin composite
   // witness.
   static const char *kA014233[] = {
       "2047",

diff --git a/crypto/fipsmodule/bn/prime.c b/crypto/fipsmodule/bn/prime.c
index 1f3510d..29eff26 100644
--- a/crypto/fipsmodule/bn/prime.c
+++ b/crypto/fipsmodule/bn/prime.c

@@ -691,9 +691,9 @@
   // discard out-of-range values. To avoid leaking information on |w|, we use
   // |bn_rand_secret_range| which, rather than discarding bad values, adjusts
   // them to be in range. Though not uniformly selected, these adjusted values
-  // are still usable as Rabin-Miller checks.
+  // are still usable as Miller-Rabin checks.
   //
-  // Rabin-Miller is already probabilistic, so we could reach the desired
+  // Miller-Rabin is already probabilistic, so we could reach the desired
   // confidence levels by just suitably increasing the iteration count. However,
   // to align with FIPS 186-4, we use a more pessimal analysis: we do not count
   // the non-uniform values towards the iteration count. As a result, this

diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c
index ab2abe9..39dc789 100644
--- a/crypto/fipsmodule/rsa/rsa_impl.c
+++ b/crypto/fipsmodule/rsa/rsa_impl.c

@@ -1035,7 +1035,7 @@
     }
 
     // RSA key generation's bottleneck is discarding composites. If it fails
-    // trial division, do not bother computing a GCD or performing Rabin-Miller.
+    // trial division, do not bother computing a GCD or performing Miller-Rabin.
     if (!bn_odd_number_is_obviously_composite(out)) {
       // Check gcd(out-1, e) is one (steps 4.5 and 5.6).
       int relatively_prime;