From 63569101089cbba78ffa6d2b7ab83e719262f5f0 Mon Sep 17 00:00:00 2001 From: tb <> Date: Tue, 6 Nov 2018 07:02:33 +0000 Subject: unrevert the use of bn_rand_interval(). ok beck jsing --- src/lib/libcrypto/dh/dh_key.c | 15 +++++++++------ src/lib/libcrypto/dsa/dsa_key.c | 8 +++----- src/lib/libcrypto/dsa/dsa_ossl.c | 17 +++++------------ src/lib/libcrypto/ec/ec_key.c | 9 ++++----- src/lib/libcrypto/ec/ec_lib.c | 4 ++-- src/lib/libcrypto/ec/ecp_smpl.c | 8 +++----- 6 files changed, 26 insertions(+), 35 deletions(-) diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 3da2413666..790b706134 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_key.c,v 1.33 2018/11/06 02:14:39 tb Exp $ */ +/* $OpenBSD: dh_key.c,v 1.34 2018/11/06 07:02:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -106,7 +106,7 @@ generate_key(DH *dh) unsigned l; BN_CTX *ctx; BN_MONT_CTX *mont = NULL; - BIGNUM *pub_key = dh->pub_key, *priv_key = dh->priv_key; + BIGNUM *pub_key = dh->pub_key, *priv_key = dh->priv_key, *two = NULL; if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { DHerror(DH_R_MODULUS_TOO_LARGE); @@ -137,10 +137,12 @@ generate_key(DH *dh) if (generate_new_key) { if (dh->q) { - do { - if (!BN_rand_range(priv_key, dh->q)) - goto err; - } while (BN_is_zero(priv_key) || BN_is_one(priv_key)); + if ((two = BN_new()) == NULL) + goto err; + if (!BN_add(two, BN_value_one(), BN_value_one())) + goto err; + if (!bn_rand_interval(priv_key, two, dh->q)) + goto err; } else { /* secret exponent length */ l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; @@ -165,6 +167,7 @@ generate_key(DH *dh) if (dh->priv_key == NULL) BN_free(priv_key); BN_CTX_free(ctx); + BN_free(two); return ok; } diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index 4039fbf407..54c6550fef 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_key.c,v 1.27 2018/11/06 02:14:39 tb Exp $ */ +/* $OpenBSD: dsa_key.c,v 1.28 2018/11/06 07:02:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -92,10 +92,8 @@ dsa_builtin_keygen(DSA *dsa) goto err; } - do { - if (!BN_rand_range(priv_key, dsa->q)) - goto err; - } while (BN_is_zero(priv_key)); + if (!bn_rand_interval(priv_key, BN_value_one(), dsa->q)) + goto err; if (pub_key == NULL) { if ((pub_key = BN_new()) == NULL) diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 6eb391ddeb..fd56e8feee 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ossl.c,v 1.39 2018/11/06 02:14:39 tb Exp $ */ +/* $OpenBSD: dsa_ossl.c,v 1.40 2018/11/06 07:02:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -150,13 +150,9 @@ dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) * * s = inv(k)inv(b)(bm + bxr) mod q * - * Where b is a random value in the range [1, q-1]. + * Where b is a random value in the range [1, q). */ - if (!BN_sub(&bm, dsa->q, BN_value_one())) - goto err; - if (!BN_rand_range(&b, &bm)) - goto err; - if (!BN_add(&b, &b, BN_value_one())) + if (!bn_rand_interval(&b, BN_value_one(), dsa->q)) goto err; if (BN_mod_inverse_ct(&binv, &b, dsa->q, ctx) == NULL) goto err; @@ -242,11 +238,8 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) !BN_set_bit(&m, q_bits)) goto err; - /* Get random k */ - do { - if (!BN_rand_range(&k, dsa->q)) - goto err; - } while (BN_is_zero(&k)); + if (!bn_rand_interval(&k, BN_value_one(), dsa->q)) + goto err; BN_set_flags(&k, BN_FLG_CONSTTIME); diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c index ca49c7676e..6ab4d3c9a4 100644 --- a/src/lib/libcrypto/ec/ec_key.c +++ b/src/lib/libcrypto/ec/ec_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_key.c,v 1.20 2018/11/06 02:14:39 tb Exp $ */ +/* $OpenBSD: ec_key.c,v 1.21 2018/11/06 07:02:33 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -65,6 +65,7 @@ #include +#include "bn_lcl.h" #include "ec_lcl.h" #include @@ -231,10 +232,8 @@ EC_KEY_generate_key(EC_KEY *eckey) if (!EC_GROUP_get_order(eckey->group, order, ctx)) goto err; - do - if (!BN_rand_range(priv_key, order)) - goto err; - while (BN_is_zero(priv_key)); + if (!bn_rand_interval(priv_key, BN_value_one(), order)) + goto err; if (pub_key == NULL) { if ((pub_key = EC_POINT_new(eckey->group)) == NULL) diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c index bf2f652fc7..e5d9620a00 100644 --- a/src/lib/libcrypto/ec/ec_lib.c +++ b/src/lib/libcrypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.30 2018/11/05 20:18:21 tb Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.31 2018/11/06 07:02:33 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -547,7 +547,7 @@ ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) { if (group->meth->blind_coordinates == NULL) return 1; - + return group->meth->blind_coordinates(group, p, ctx); } diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c index e379a74fb1..c64c41130a 100644 --- a/src/lib/libcrypto/ec/ecp_smpl.c +++ b/src/lib/libcrypto/ec/ecp_smpl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_smpl.c,v 1.27 2018/11/06 06:59:25 tb Exp $ */ +/* $OpenBSD: ecp_smpl.c,v 1.28 2018/11/06 07:02:33 tb Exp $ */ /* Includes code written by Lenka Fibikova * for the OpenSSL project. * Includes code written by Bodo Moeller for the OpenSSL project. @@ -1434,10 +1434,8 @@ ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) goto err; /* Generate lambda in [1, group->field - 1] */ - do { - if (!BN_rand_range(lambda, &group->field)) - goto err; - } while (BN_is_zero(lambda)); + if (!bn_rand_interval(lambda, BN_value_one(), &group->field)) + goto err; if (group->meth->field_encode != NULL && !group->meth->field_encode(group, lambda, lambda, ctx)) -- cgit v1.2.3-55-g6feb