diff options
| author | tb <> | 2023-08-03 18:53:56 +0000 |
|---|---|---|
| committer | tb <> | 2023-08-03 18:53:56 +0000 |
| commit | 44ff07e01874ea8be0c72bf9d20cb7f13b76cca8 (patch) | |
| tree | 3779d2c9bdc12cd8a0d0eb7981bf515d6e27b344 /src/lib/libcrypto/ec | |
| parent | 6ce6cf23a77a446252150319206f0075eb6267cf (diff) | |
| download | openbsd-44ff07e01874ea8be0c72bf9d20cb7f13b76cca8.tar.gz openbsd-44ff07e01874ea8be0c72bf9d20cb7f13b76cca8.tar.bz2 openbsd-44ff07e01874ea8be0c72bf9d20cb7f13b76cca8.zip | |
Make the bn_rand_interval() API a bit more ergonomic
Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().
The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().
Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.
ok jsing
Diffstat (limited to 'src/lib/libcrypto/ec')
| -rw-r--r-- | src/lib/libcrypto/ec/ec_key.c | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/ec/ecp_smpl.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c index e5ff189803..d9ddd5d797 100644 --- a/src/lib/libcrypto/ec/ec_key.c +++ b/src/lib/libcrypto/ec/ec_key.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_key.c,v 1.36 2023/07/07 13:54:45 beck Exp $ */ | 1 | /* $OpenBSD: ec_key.c,v 1.37 2023/08/03 18:53:56 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Nils Larsch for the OpenSSL project. | 3 | * Written by Nils Larsch for the OpenSSL project. |
| 4 | */ | 4 | */ |
| @@ -269,7 +269,7 @@ ec_key_gen(EC_KEY *eckey) | |||
| 269 | 269 | ||
| 270 | if ((order = EC_GROUP_get0_order(eckey->group)) == NULL) | 270 | if ((order = EC_GROUP_get0_order(eckey->group)) == NULL) |
| 271 | goto err; | 271 | goto err; |
| 272 | if (!bn_rand_interval(priv_key, BN_value_one(), order)) | 272 | if (!bn_rand_interval(priv_key, 1, order)) |
| 273 | goto err; | 273 | goto err; |
| 274 | if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, NULL)) | 274 | if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, NULL)) |
| 275 | goto err; | 275 | goto err; |
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c index de1f9a3472..018aedfd4e 100644 --- a/src/lib/libcrypto/ec/ecp_smpl.c +++ b/src/lib/libcrypto/ec/ecp_smpl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecp_smpl.c,v 1.55 2023/07/26 17:15:25 tb Exp $ */ | 1 | /* $OpenBSD: ecp_smpl.c,v 1.56 2023/08/03 18:53:56 tb Exp $ */ |
| 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> | 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> |
| 3 | * for the OpenSSL project. | 3 | * for the OpenSSL project. |
| 4 | * Includes code written by Bodo Moeller for the OpenSSL project. | 4 | * Includes code written by Bodo Moeller for the OpenSSL project. |
| @@ -1227,7 +1227,7 @@ ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) | |||
| 1227 | goto err; | 1227 | goto err; |
| 1228 | 1228 | ||
| 1229 | /* Generate lambda in [1, group->field). */ | 1229 | /* Generate lambda in [1, group->field). */ |
| 1230 | if (!bn_rand_interval(lambda, BN_value_one(), &group->field)) | 1230 | if (!bn_rand_interval(lambda, 1, &group->field)) |
| 1231 | goto err; | 1231 | goto err; |
| 1232 | 1232 | ||
| 1233 | if (group->meth->field_encode != NULL && | 1233 | if (group->meth->field_encode != NULL && |