From c1cd9b31174d2c148f5a1dedde49f456a97398d4 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 21 Nov 2025 08:25:43 +0000
Subject: openssl ts: simplify create_nonce()

Just your average dumb TS code. Instead of handrolling a random ASN.1
integer generator, we can use BN_rand() and convert the resulting bn to
an ASN1_INTEGER. All this then also works without reaching into ASN1_STRING.

ok kenjiro
---
 src/usr.bin/openssl/ts.c | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

(limited to 'src/usr.bin/openssl/ts.c')

diff --git a/src/usr.bin/openssl/ts.c b/src/usr.bin/openssl/ts.c
index 2bb35d84a4..29485bf7dc 100644
--- a/src/usr.bin/openssl/ts.c
+++ b/src/usr.bin/openssl/ts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.c,v 1.29 2024/08/26 18:40:50 tb Exp $ */
+/* $OpenBSD: ts.c,v 1.30 2025/11/21 08:25:43 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -736,33 +736,23 @@ create_digest(BIO *input, char *digest, const EVP_MD *md,
 static ASN1_INTEGER *
 create_nonce(int bits)
 {
-	unsigned char buf[20];
+	BIGNUM *bn;
 	ASN1_INTEGER *nonce = NULL;
-	int len = (bits - 1) / 8 + 1;
-	int i;
 
-	/* Generating random byte sequence. */
-	if (len > (int) sizeof(buf))
+	if ((bn = BN_new()) == NULL)
 		goto err;
-	arc4random_buf(buf, len);
-
-	/* Find the first non-zero byte and creating ASN1_INTEGER object. */
-	for (i = 0; i < len && !buf[i]; ++i)
-		;
-	if ((nonce = ASN1_INTEGER_new()) == NULL)
+	if (!BN_rand(bn, bits, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
 		goto err;
-	free(nonce->data);
-	/* Allocate at least one byte. */
-	nonce->length = len - i;
-	if ((nonce->data = malloc(nonce->length + 1)) == NULL)
+	if ((nonce = BN_to_ASN1_INTEGER(bn, NULL)) == NULL)
 		goto err;
-	memcpy(nonce->data, buf + i, nonce->length);
+	BN_free(bn);
 
 	return nonce;
 
  err:
 	BIO_printf(bio_err, "could not create nonce\n");
 	ASN1_INTEGER_free(nonce);
+	BN_free(bn);
 	return NULL;
 }
 
-- 
cgit v1.2.3-55-g6feb