diff options
| author | tb <> | 2023-08-03 18:53:56 +0000 |
|---|---|---|
| committer | tb <> | 2023-08-03 18:53:56 +0000 |
| commit | e680fe5b2098d1406fab3bb3994254f026651090 (patch) | |
| tree | 3779d2c9bdc12cd8a0d0eb7981bf515d6e27b344 /src/lib/libcrypto/bn/bn_mod_sqrt.c | |
| parent | 9110c93cd11bc18d800c645352c10a57e2ceea4b (diff) | |
| download | openbsd-e680fe5b2098d1406fab3bb3994254f026651090.tar.gz openbsd-e680fe5b2098d1406fab3bb3994254f026651090.tar.bz2 openbsd-e680fe5b2098d1406fab3bb3994254f026651090.zip | |
Make the bn_rand_interval() API a bit more ergonomic
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing
Diffstat (limited to 'src/lib/libcrypto/bn/bn_mod_sqrt.c')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_mod_sqrt.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/src/lib/libcrypto/bn/bn_mod_sqrt.c b/src/lib/libcrypto/bn/bn_mod_sqrt.c index bdd5b2cdba..280002cc48 100644 --- a/src/lib/libcrypto/bn/bn_mod_sqrt.c +++ b/src/lib/libcrypto/bn/bn_mod_sqrt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_mod_sqrt.c,v 1.2 2023/07/08 12:21:58 beck Exp $ */ | 1 | /* $OpenBSD: bn_mod_sqrt.c,v 1.3 2023/08/03 18:53:55 tb Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> |
| @@ -237,7 +237,7 @@ static int | |||
| 237 | bn_mod_sqrt_find_sylow_generator(BIGNUM *out_generator, const BIGNUM *p, | 237 | bn_mod_sqrt_find_sylow_generator(BIGNUM *out_generator, const BIGNUM *p, |
| 238 | const BIGNUM *q, BN_CTX *ctx) | 238 | const BIGNUM *q, BN_CTX *ctx) |
| 239 | { | 239 | { |
| 240 | BIGNUM *n, *p_abs, *thirty_two; | 240 | BIGNUM *n, *p_abs; |
| 241 | int i, is_non_residue; | 241 | int i, is_non_residue; |
| 242 | int ret = 0; | 242 | int ret = 0; |
| 243 | 243 | ||
| @@ -245,8 +245,6 @@ bn_mod_sqrt_find_sylow_generator(BIGNUM *out_generator, const BIGNUM *p, | |||
| 245 | 245 | ||
| 246 | if ((n = BN_CTX_get(ctx)) == NULL) | 246 | if ((n = BN_CTX_get(ctx)) == NULL) |
| 247 | goto err; | 247 | goto err; |
| 248 | if ((thirty_two = BN_CTX_get(ctx)) == NULL) | ||
| 249 | goto err; | ||
| 250 | if ((p_abs = BN_CTX_get(ctx)) == NULL) | 248 | if ((p_abs = BN_CTX_get(ctx)) == NULL) |
| 251 | goto err; | 249 | goto err; |
| 252 | 250 | ||
| @@ -259,14 +257,12 @@ bn_mod_sqrt_find_sylow_generator(BIGNUM *out_generator, const BIGNUM *p, | |||
| 259 | goto found; | 257 | goto found; |
| 260 | } | 258 | } |
| 261 | 259 | ||
| 262 | if (!BN_set_word(thirty_two, 32)) | ||
| 263 | goto err; | ||
| 264 | if (!bn_copy(p_abs, p)) | 260 | if (!bn_copy(p_abs, p)) |
| 265 | goto err; | 261 | goto err; |
| 266 | BN_set_negative(p_abs, 0); | 262 | BN_set_negative(p_abs, 0); |
| 267 | 263 | ||
| 268 | for (i = 0; i < 128; i++) { | 264 | for (i = 0; i < 128; i++) { |
| 269 | if (!bn_rand_interval(n, thirty_two, p_abs)) | 265 | if (!bn_rand_interval(n, 32, p_abs)) |
| 270 | goto err; | 266 | goto err; |
| 271 | if (!bn_mod_sqrt_n_is_non_residue(&is_non_residue, n, p, ctx)) | 267 | if (!bn_mod_sqrt_n_is_non_residue(&is_non_residue, n, p, ctx)) |
| 272 | goto err; | 268 | goto err; |