Make the bn_rand_interval() API a bit more ergonomic

Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().

The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().

Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.

ok jsing

1 files changed, 2 insertions, 2 deletions

diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index e5ff189803..d9ddd5d797 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.36 2023/07/07 13:54:45 beck Exp $ */
+/* $OpenBSD: ec_key.c,v 1.37 2023/08/03 18:53:56 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -269,7 +269,7 @@ ec_key_gen(EC_KEY *eckey)
 
         if ((order = EC_GROUP_get0_order(eckey->group)) == NULL)
                 goto err;
-        if (!bn_rand_interval(priv_key, BN_value_one(), order))
+        if (!bn_rand_interval(priv_key, 1, order))
                 goto err;
         if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, NULL))
                 goto err;