diff options
author | tb <> | 2023-08-03 18:53:56 +0000 |
---|---|---|
committer | tb <> | 2023-08-03 18:53:56 +0000 |
commit | e680fe5b2098d1406fab3bb3994254f026651090 (patch) | |
tree | 3779d2c9bdc12cd8a0d0eb7981bf515d6e27b344 /src/lib/libcrypto/dsa | |
parent | 9110c93cd11bc18d800c645352c10a57e2ceea4b (diff) | |
download | openbsd-e680fe5b2098d1406fab3bb3994254f026651090.tar.gz openbsd-e680fe5b2098d1406fab3bb3994254f026651090.tar.bz2 openbsd-e680fe5b2098d1406fab3bb3994254f026651090.zip |
Make the bn_rand_interval() API a bit more ergonomic
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing
Diffstat (limited to '')
-rw-r--r-- | src/lib/libcrypto/dsa/dsa_key.c | 4 | ||||
-rw-r--r-- | src/lib/libcrypto/dsa/dsa_ossl.c | 6 |
2 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index c378707e36..431748ab75 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dsa_key.c,v 1.34 2023/07/08 14:28:15 beck Exp $ */ | 1 | /* $OpenBSD: dsa_key.c,v 1.35 2023/08/03 18:53:55 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -95,7 +95,7 @@ dsa_builtin_keygen(DSA *dsa) | |||
95 | if ((ctx = BN_CTX_new()) == NULL) | 95 | if ((ctx = BN_CTX_new()) == NULL) |
96 | goto err; | 96 | goto err; |
97 | 97 | ||
98 | if (!bn_rand_interval(priv_key, BN_value_one(), dsa->q)) | 98 | if (!bn_rand_interval(priv_key, 1, dsa->q)) |
99 | goto err; | 99 | goto err; |
100 | if (!BN_mod_exp_ct(pub_key, dsa->g, priv_key, dsa->p, ctx)) | 100 | if (!BN_mod_exp_ct(pub_key, dsa->g, priv_key, dsa->p, ctx)) |
101 | goto err; | 101 | goto err; |
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 36b2a63462..b92d0b8cee 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dsa_ossl.c,v 1.52 2023/07/08 14:28:15 beck Exp $ */ | 1 | /* $OpenBSD: dsa_ossl.c,v 1.53 2023/08/03 18:53:55 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -172,7 +172,7 @@ dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |||
172 | * | 172 | * |
173 | * Where b is a random value in the range [1, q). | 173 | * Where b is a random value in the range [1, q). |
174 | */ | 174 | */ |
175 | if (!bn_rand_interval(b, BN_value_one(), dsa->q)) | 175 | if (!bn_rand_interval(b, 1, dsa->q)) |
176 | goto err; | 176 | goto err; |
177 | if (BN_mod_inverse_ct(binv, b, dsa->q, ctx) == NULL) | 177 | if (BN_mod_inverse_ct(binv, b, dsa->q, ctx) == NULL) |
178 | goto err; | 178 | goto err; |
@@ -261,7 +261,7 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
261 | !BN_set_bit(m, q_bits)) | 261 | !BN_set_bit(m, q_bits)) |
262 | goto err; | 262 | goto err; |
263 | 263 | ||
264 | if (!bn_rand_interval(k, BN_value_one(), dsa->q)) | 264 | if (!bn_rand_interval(k, 1, dsa->q)) |
265 | goto err; | 265 | goto err; |
266 | 266 | ||
267 | BN_set_flags(k, BN_FLG_CONSTTIME); | 267 | BN_set_flags(k, BN_FLG_CONSTTIME); |