From 44ff07e01874ea8be0c72bf9d20cb7f13b76cca8 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 3 Aug 2023 18:53:56 +0000
Subject: Make the bn_rand_interval() API a bit more ergonomic

Provide bn_rand_in_range() which is a slightly tweaked version of what was
previously called bn_rand_range().

The way bn_rand_range() is called in libcrypto, the lower bound is always
expressible as a word. In fact, most of the time it is 1, the DH code uses
a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in
the Tonelli-Shanks implementation where we use 32. Converting these lower
bounds to BIGNUMs on the call site is annoying so let bn_rand_interval()
do that internally and route that through bn_rand_in_range(). This way we
can avoid using BN_sub_word().

Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the
only caller that uses actual BIGNUMs as lower bounds.

ok jsing
---
 src/lib/libcrypto/dsa/dsa_key.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/dsa/dsa_key.c')

diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index c378707e36..431748ab75 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_key.c,v 1.34 2023/07/08 14:28:15 beck Exp $ */
+/* $OpenBSD: dsa_key.c,v 1.35 2023/08/03 18:53:55 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -95,7 +95,7 @@ dsa_builtin_keygen(DSA *dsa)
 	if ((ctx = BN_CTX_new()) == NULL)
 		goto err;
 
-	if (!bn_rand_interval(priv_key, BN_value_one(), dsa->q))
+	if (!bn_rand_interval(priv_key, 1, dsa->q))
 		goto err;
 	if (!BN_mod_exp_ct(pub_key, dsa->g, priv_key, dsa->p, ctx))
 		goto err;
-- 
cgit v1.2.3-55-g6feb