From 44ff07e01874ea8be0c72bf9d20cb7f13b76cca8 Mon Sep 17 00:00:00 2001 From: tb <> Date: Thu, 3 Aug 2023 18:53:56 +0000 Subject: Make the bn_rand_interval() API a bit more ergonomic Provide bn_rand_in_range() which is a slightly tweaked version of what was previously called bn_rand_range(). The way bn_rand_range() is called in libcrypto, the lower bound is always expressible as a word. In fact, most of the time it is 1, the DH code uses a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in the Tonelli-Shanks implementation where we use 32. Converting these lower bounds to BIGNUMs on the call site is annoying so let bn_rand_interval() do that internally and route that through bn_rand_in_range(). This way we can avoid using BN_sub_word(). Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the only caller that uses actual BIGNUMs as lower bounds. ok jsing --- src/lib/libcrypto/ecdsa/ecdsa.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/lib/libcrypto/ecdsa/ecdsa.c') diff --git a/src/lib/libcrypto/ecdsa/ecdsa.c b/src/lib/libcrypto/ecdsa/ecdsa.c index 1252ab2a43..8160014b3b 100644 --- a/src/lib/libcrypto/ecdsa/ecdsa.c +++ b/src/lib/libcrypto/ecdsa/ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsa.c,v 1.16 2023/07/28 09:18:10 tb Exp $ */ +/* $OpenBSD: ecdsa.c,v 1.17 2023/08/03 18:53:56 tb Exp $ */ /* ==================================================================== * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. * @@ -338,7 +338,7 @@ ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r) /* Step 11: repeat until r != 0. */ do { /* Step 3: generate random k. */ - if (!bn_rand_interval(k, BN_value_one(), order)) + if (!bn_rand_interval(k, 1, order)) goto err; /* @@ -472,7 +472,7 @@ ecdsa_compute_s(BIGNUM **out_s, const BIGNUM *e, const BIGNUM *kinv, goto err; } - if (!bn_rand_interval(b, BN_value_one(), order)) { + if (!bn_rand_interval(b, 1, order)) { ECerror(ERR_R_BN_LIB); goto err; } -- cgit v1.2.3-55-g6feb