diff options
author | Tomas Mraz <tomas@openssl.org> | 2024-04-30 11:46:26 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-05-09 09:32:02 +0200 |
commit | 549208d1f1175aca5cc1ea989c4e9e4a41bc558c (patch) | |
tree | 0ddc0cb36e3f547734b7a95d009398ede7ce5621 | |
parent | 7ecd90a4fd1e500b1d751e7d4f400310ef279c8a (diff) |
Correct top for EC/DSA nonces if BN_DEBUG is on
Otherwise following operations would bail out in bn_check_top().
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(cherry picked from commit a380ae85be287045b1eaa64d23942101a426c080)
(Merged from https://github.com/openssl/openssl/pull/24317)
-rw-r--r-- | crypto/bn/bn_rand.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 420909e094..7fcd03a3cb 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -276,6 +276,10 @@ int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range, ossl_bn_mask_bits_fixed_top(r, n); } while (BN_ucmp(r, range) >= 0); +#ifdef BN_DEBUG + /* With BN_DEBUG on a fixed top number cannot be returned */ + bn_correct_top(r); +#endif } return 1; @@ -372,6 +376,10 @@ int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range, if (BN_ucmp(out, range) < 0) { ret = 1; +#ifdef BN_DEBUG + /* With BN_DEBUG on a fixed top number cannot be returned */ + bn_correct_top(out); +#endif goto end; } } |