diff options
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_ossl.c')
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_ossl.c | 64 |
1 files changed, 57 insertions, 7 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 96295dc24f..5cbbdddfb9 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c | |||
| @@ -66,6 +66,8 @@ | |||
| 66 | #include <openssl/asn1.h> | 66 | #include <openssl/asn1.h> |
| 67 | #include <openssl/engine.h> | 67 | #include <openssl/engine.h> |
| 68 | 68 | ||
| 69 | int __BN_rand_range(BIGNUM *r, BIGNUM *range); | ||
| 70 | |||
| 69 | static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); | 71 | static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); |
| 70 | static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); | 72 | static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); |
| 71 | static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | 73 | static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, |
| @@ -180,13 +182,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 180 | kinv=NULL; | 182 | kinv=NULL; |
| 181 | 183 | ||
| 182 | /* Get random k */ | 184 | /* Get random k */ |
| 183 | for (;;) | 185 | do |
| 184 | { | 186 | if (!__BN_rand_range(&k, dsa->q)) goto err; |
| 185 | if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err; | 187 | while (BN_is_zero(&k)); |
| 186 | if (BN_cmp(&k,dsa->q) >= 0) | ||
| 187 | BN_sub(&k,&k,dsa->q); | ||
| 188 | if (!BN_is_zero(&k)) break; | ||
| 189 | } | ||
| 190 | 188 | ||
| 191 | if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) | 189 | if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) |
| 192 | { | 190 | { |
| @@ -320,3 +318,55 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | |||
| 320 | { | 318 | { |
| 321 | return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); | 319 | return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); |
| 322 | } | 320 | } |
| 321 | |||
| 322 | |||
| 323 | /* random number r: 0 <= r < range */ | ||
| 324 | int __BN_rand_range(BIGNUM *r, BIGNUM *range) | ||
| 325 | { | ||
| 326 | int n; | ||
| 327 | |||
| 328 | if (range->neg || BN_is_zero(range)) | ||
| 329 | { | ||
| 330 | /* BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); */ | ||
| 331 | return 0; | ||
| 332 | } | ||
| 333 | |||
| 334 | n = BN_num_bits(range); /* n > 0 */ | ||
| 335 | |||
| 336 | if (n == 1) | ||
| 337 | { | ||
| 338 | if (!BN_zero(r)) return 0; | ||
| 339 | } | ||
| 340 | else if (BN_is_bit_set(range, n - 2)) | ||
| 341 | { | ||
| 342 | do | ||
| 343 | { | ||
| 344 | /* range = 11..._2, so each iteration succeeds with probability >= .75 */ | ||
| 345 | if (!BN_rand(r, n, -1, 0)) return 0; | ||
| 346 | } | ||
| 347 | while (BN_cmp(r, range) >= 0); | ||
| 348 | } | ||
| 349 | else | ||
| 350 | { | ||
| 351 | /* range = 10..._2, | ||
| 352 | * so 3*range (= 11..._2) is exactly one bit longer than range */ | ||
| 353 | do | ||
| 354 | { | ||
| 355 | if (!BN_rand(r, n + 1, -1, 0)) return 0; | ||
| 356 | /* If r < 3*range, use r := r MOD range | ||
| 357 | * (which is either r, r - range, or r - 2*range). | ||
| 358 | * Otherwise, iterate once more. | ||
| 359 | * Since 3*range = 11..._2, each iteration succeeds with | ||
| 360 | * probability >= .75. */ | ||
| 361 | if (BN_cmp(r ,range) >= 0) | ||
| 362 | { | ||
| 363 | if (!BN_sub(r, r, range)) return 0; | ||
| 364 | if (BN_cmp(r, range) >= 0) | ||
| 365 | if (!BN_sub(r, r, range)) return 0; | ||
| 366 | } | ||
| 367 | } | ||
| 368 | while (BN_cmp(r, range) >= 0); | ||
| 369 | } | ||
| 370 | |||
| 371 | return 1; | ||
| 372 | } | ||