Setting upperbound limits to some questions.

* metadata prompts some warnings now, for dummy informations in certificate,
 plus keylength deprecations.
* p-1 is upper-bounded to 1000 primes now, as with the first primes list;
* p+1 is upper-bounded to 1000 primes now, as with the first primes list;
* standard version of pollard's ρ is no more listed.

src/questions/allquestions.c

@@ -103,7 +103,7 @@ void select_all_questions(void)
   /* REGISTER_QUESTION(ExampleQuestion); */
   REGISTER_QUESTION(DixonQuestion);
   REGISTER_QUESTION(PollardBrentRhoQuestion);
-  REGISTER_QUESTION(PollardRhoQuestion);
+  /* REGISTER_QUESTION(PollardRhoQuestion); */
   REGISTER_QUESTION(WilliamsQuestion);
   REGISTER_QUESTION(PollardQuestion);
   REGISTER_QUESTION(FermatQuestion);

src/questions/metadata.c

@@ -3,6 +3,7 @@
  * \brief Certificate Metadata Probe.
  *
  */
+#include <string.h>
 
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
@@ -91,6 +92,13 @@ metadata_question_ask_crt(X509* crt)
   /* Note: debian builds withouth sslv2 support
    * <https://lists.debian.org/debian-devel/2011/04/msg00049.html> */
 
+  /* brands and trivial sanity check for defaults */
+  if (strstr(sbuf, "localhost")  ||
+      strstr(sbuf, "none") ||
+      strstr(sbuf, "test"))
+    fprintf(stderr,
+            "The certificate contains dummy informations.\n");
+
   OPENSSL_free(sserial);
   BN_free(serial);
   EVP_PKEY_free(pkey);
@@ -114,6 +122,14 @@ RSA *metadata_question_ask_rsa(const RSA* rsa)
              EBITLEN, BN_num_bits(rsa->e),
              NBITLEN, BN_num_bits(rsa->n));
 
+
+  if (BN_num_bits(rsa->n) < 2048)
+    fprintf(stdout,
+            "RSA keys < 2048 are disallowed after 2013.\n"
+            "For more informations, see "
+            "<http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf>\n");
+
+
   OPENSSL_free(s);
   OPENSSL_free(t);
   return NULL;

src/questions/pollard.c

@@ -30,6 +30,8 @@
 #include "qa/questions/qarith.h"
 #include "qa/questions/qpollard.h"
 
+/* limits of primes. NOT used in cluster. */
+#define PRIMES_LIM 1000
 
 /**
  * \brief Pollard (p-1) factorization.
@@ -64,9 +66,17 @@ pollard1_question_ask_rsa(const RSA* rsa)
 
   BN_one(g);
   BN_one(q);
+#ifdef HAVE_OPENMPI
   for (it = primes_init();
        BN_is_one(g) && primes_next(it, p);
-       )  {
+       ) {
+#else
+  it = primes_init();
+  for (int lim=PRIMES_LIM;
+       lim && BN_is_one(g) && primes_next(it, p);
+       lim--) {
+#endif
+
     e = BN_num_bits(rsa->n) / BN_num_bits(p) + 1;
     for (k = 0; k < e && BN_is_one(g); k += m) {
       for (j = (m > e) ? e : m; j; j--) {
@@ -87,7 +97,9 @@ pollard1_question_ask_rsa(const RSA* rsa)
 
   /* replay latest epoch */
   if (!BN_cmp(g, rsa->n)) {
+#ifdef DEBUG
     fprintf(stderr, "rollback!\n");
+#endif
     BN_copy(p, back.p);
     BN_one(g);
     BN_copy(b, back.b);

src/questions/pollardrho.c

@@ -12,6 +12,7 @@
 #include <qa/questions/qarith.h>
 #include <qa/questions/questions.h>
 
+#define ATTEMPTS 20
 
 static inline void f(BIGNUM *y, BIGNUM *n, BN_CTX *ctx)
 {
@@ -44,7 +45,7 @@ pollardbrent_question_ask_rsa(const RSA *rsa)
     *k = BN_new(),
     *diff = BN_new();
   BN_CTX *ctx = BN_CTX_new();
-
+  int lim;
 
   BN_one(r);
   BN_one(q);
@@ -52,7 +53,7 @@ pollardbrent_question_ask_rsa(const RSA *rsa)
   BN_dec2bn(&m, "100");
   BN_pseudo_rand_range(y, rsa->n);
 
-  while (BN_is_one(g)) {
+  for (lim = ATTEMPTS; BN_is_one(g) && lim; lim--) {
     BN_copy(x, y);
     for (BN_copy(i, r);
          !BN_is_zero(i);
@@ -85,7 +86,7 @@ pollardbrent_question_ask_rsa(const RSA *rsa)
       BN_gcd(g, diff, rsa->n, ctx);
     } while (BN_is_one(g));
 
-  if (BN_cmp(g, rsa->n))
+  if (!BN_is_one(g) && BN_cmp(g, rsa->n))
     ret = qa_RSA_recover(rsa, g, ctx);
 
 

src/questions/williams+1.c

@@ -20,6 +20,7 @@
 
 
 #define MAX_ATTEMPTS 10
+#define PRIMES_LIM 1000
 
 /**
  * \brief Lucas Sequence Multiplier.
@@ -92,9 +93,17 @@ williams_factorize(BIGNUM *n, BIGNUM *v, BN_CTX *ctx)
 
   BN_one(g);
   BN_one(q);
+#ifdef HAVE_OPENMPI
   for (pit = primes_init();
        BN_is_one(g) && primes_next(pit, p);
        ) {
+#else
+  pit = primes_init();
+  for (int lim=PRIMES_LIM;
+       lim && BN_is_one(g) && primes_next(pit, p);
+       lim--) {
+#endif
+
 #ifdef DEBUG
     fprintf(stderr, "Testing prime: ");
     BN_print_fp(stderr, p);