From 9fe67d92c844ca96428126668ee46195c6fdb009 Mon Sep 17 00:00:00 2001 From: tb <> Date: Mon, 5 Nov 2018 23:54:27 +0000 Subject: Make use of bn_rand_interval() where appropriate. ok beck jsing --- src/lib/libcrypto/dh/dh_key.c | 15 +++++++++------ src/lib/libcrypto/dsa/dsa_key.c | 8 +++----- src/lib/libcrypto/dsa/dsa_ossl.c | 17 +++++------------ src/lib/libcrypto/ec/ec_key.c | 9 ++++----- src/lib/libcrypto/ec/ecp_smpl.c | 8 +++----- 5 files changed, 24 insertions(+), 33 deletions(-) diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 2cbf128d80..17df620ec5 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_key.c,v 1.31 2018/11/05 23:50:05 tb Exp $ */ +/* $OpenBSD: dh_key.c,v 1.32 2018/11/05 23:54:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -106,7 +106,7 @@ generate_key(DH *dh) unsigned l; BN_CTX *ctx; BN_MONT_CTX *mont = NULL; - BIGNUM *pub_key = dh->pub_key, *priv_key = dh->priv_key; + BIGNUM *pub_key = dh->pub_key, *priv_key = dh->priv_key, *two = NULL; if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { DHerror(DH_R_MODULUS_TOO_LARGE); @@ -137,10 +137,12 @@ generate_key(DH *dh) if (generate_new_key) { if (dh->q) { - do { - if (!BN_rand_range(priv_key, dh->q)) - goto err; - } while (BN_is_zero(priv_key) || BN_is_one(priv_key)); + if ((two = BN_new()) == NULL) + goto err; + if (!BN_add(two, BN_value_one(), BN_value_one())) + goto err; + if (!bn_rand_interval(priv_key, two, dh->q)) + goto err; } else { /* secret exponent length */ l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; @@ -165,6 +167,7 @@ generate_key(DH *dh) if (dh->priv_key == NULL) BN_free(priv_key); BN_CTX_free(ctx); + BN_free(two); return ok; } diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index 520b980983..7ead1f30cc 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_key.c,v 1.25 2018/11/05 23:50:05 tb Exp $ */ +/* $OpenBSD: dsa_key.c,v 1.26 2018/11/05 23:54:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -92,10 +92,8 @@ dsa_builtin_keygen(DSA *dsa) goto err; } - do { - if (!BN_rand_range(priv_key, dsa->q)) - goto err; - } while (BN_is_zero(priv_key)); + if (!bn_rand_interval(priv_key, BN_value_one(), dsa->q)) + goto err; if (pub_key == NULL) { if ((pub_key = BN_new()) == NULL) diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index c9399573ab..cda750a0ed 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ossl.c,v 1.37 2018/06/14 18:34:50 jsing Exp $ */ +/* $OpenBSD: dsa_ossl.c,v 1.38 2018/11/05 23:54:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -150,13 +150,9 @@ dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) * * s = inv(k)inv(b)(bm + bxr) mod q * - * Where b is a random value in the range [1, q-1]. + * Where b is a random value in the range [1, q). */ - if (!BN_sub(&bm, dsa->q, BN_value_one())) - goto err; - if (!BN_rand_range(&b, &bm)) - goto err; - if (!BN_add(&b, &b, BN_value_one())) + if (!bn_rand_interval(&b, BN_value_one(), dsa->q)) goto err; if (BN_mod_inverse_ct(&binv, &b, dsa->q, ctx) == NULL) goto err; @@ -242,11 +238,8 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) !BN_set_bit(&m, q_bits)) goto err; - /* Get random k */ - do { - if (!BN_rand_range(&k, dsa->q)) - goto err; - } while (BN_is_zero(&k)); + if (!bn_rand_interval(&k, BN_value_one(), dsa->q)) + goto err; BN_set_flags(&k, BN_FLG_CONSTTIME); diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c index 966ebab4a5..8c6f3186ca 100644 --- a/src/lib/libcrypto/ec/ec_key.c +++ b/src/lib/libcrypto/ec/ec_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_key.c,v 1.18 2018/11/05 23:50:05 tb Exp $ */ +/* $OpenBSD: ec_key.c,v 1.19 2018/11/05 23:54:27 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -65,6 +65,7 @@ #include +#include "bn_lcl.h" #include "ec_lcl.h" #include @@ -231,10 +232,8 @@ EC_KEY_generate_key(EC_KEY *eckey) if (!EC_GROUP_get_order(eckey->group, order, ctx)) goto err; - do - if (!BN_rand_range(priv_key, order)) - goto err; - while (BN_is_zero(priv_key)); + if (!bn_rand_interval(priv_key, BN_value_one(), order)) + goto err; if (pub_key == NULL) { if ((pub_key = EC_POINT_new(eckey->group)) == NULL) diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c index fe935251d9..96c1e8a278 100644 --- a/src/lib/libcrypto/ec/ecp_smpl.c +++ b/src/lib/libcrypto/ec/ecp_smpl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_smpl.c,v 1.23 2018/11/05 20:18:21 tb Exp $ */ +/* $OpenBSD: ecp_smpl.c,v 1.24 2018/11/05 23:54:27 tb Exp $ */ /* Includes code written by Lenka Fibikova * for the OpenSSL project. * Includes code written by Bodo Moeller for the OpenSSL project. @@ -1434,10 +1434,8 @@ ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) goto err; /* Generate lambda in [1, group->field - 1] */ - do { - if (!BN_rand_range(lambda, &group->field)) - goto err; - } while (BN_is_zero(lambda)); + if (!bn_rand_interval(lambda, BN_value_one(), &group->field)) + goto err; if (group->meth->field_encode != NULL && !group->meth->field_encode(group, lambda, lambda, ctx)) -- cgit v1.2.3-55-g6feb