Make the bn_rand_interval() API a bit more ergonomic

Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().

The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().

Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.

ok jsing

1 files changed, 3 insertions, 3 deletions

diff --git a/src/lib/libcrypto/ecdsa/ecdsa.c b/src/lib/libcrypto/ecdsa/ecdsa.c
index 1252ab2a43..8160014b3b 100644
--- a/src/lib/libcrypto/ecdsa/ecdsa.c
+++ b/src/lib/libcrypto/ecdsa/ecdsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecdsa.c,v 1.16 2023/07/28 09:18:10 tb Exp $ */
+/* $OpenBSD: ecdsa.c,v 1.17 2023/08/03 18:53:56 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -338,7 +338,7 @@ ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r)
         /* Step 11: repeat until r != 0. */
         do {
                 /* Step 3: generate random k. */
-                if (!bn_rand_interval(k, BN_value_one(), order))
+                if (!bn_rand_interval(k, 1, order))
                         goto err;
 
                 /*
@@ -472,7 +472,7 @@ ecdsa_compute_s(BIGNUM **out_s, const BIGNUM *e, const BIGNUM *kinv,
                 goto err;
         }
 
-        if (!bn_rand_interval(b, BN_value_one(), order)) {
+        if (!bn_rand_interval(b, 1, order)) {
                 ECerror(ERR_R_BN_LIB);
                 goto err;
         }