diff options
| author | Matt Caswell <matt@openssl.org> | 2019-05-29 17:29:34 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-06-12 09:16:43 +0100 |
| commit | 9632bd0e1d80ac4d38a3add1de192386fe1a0fd4 (patch) | |
| tree | e8d40e9a3d626e693493aa8b3ba7504607910bab | |
| parent | 7bc081dda349a3473154d31f6094ee34545c4980 (diff) | |
Convert bn_rand.c to use EVP
Replace the low level SHA512_* function calls with EVP calls.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)
| -rw-r--r-- | crypto/bn/bn_rand.c | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 727c6957ed..f33c856eb5 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -12,7 +12,9 @@ #include "internal/cryptlib.h" #include "bn_lcl.h" #include <openssl/rand.h> +#include <openssl/rand_drbg.h> #include <openssl/sha.h> +#include <openssl/evp.h> typedef enum bnrand_flag_e { NORMAL, TESTING, PRIVATE @@ -206,7 +208,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv, const unsigned char *message, size_t message_len, BN_CTX *ctx) { - SHA512_CTX sha; + EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); /* * We use 512 bits of random data per iteration to ensure that we have at * least |range| bits of randomness. @@ -217,8 +219,14 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, /* We generate |range|+8 bytes of random output. */ const unsigned num_k_bytes = BN_num_bytes(range) + 8; unsigned char private_bytes[96]; - unsigned char *k_bytes; + unsigned char *k_bytes = NULL; int ret = 0; + EVP_MD *md = NULL; + OPENSSL_CTX *libctx = (ctx != NULL) ? bn_get_lib_ctx(ctx) : NULL; + RAND_DRBG *privdrbg = OPENSSL_CTX_get0_private_drbg(libctx); + + if (mdctx == NULL || privdrbg == NULL) + goto err; k_bytes = OPENSSL_malloc(num_k_bytes); if (k_bytes == NULL) @@ -238,15 +246,23 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, memcpy(private_bytes, priv->d, todo); memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); + md = EVP_MD_fetch(libctx, "SHA512", NULL); + if (md == NULL) { + BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_NO_SUITABLE_DIGEST); + goto err; + } for (done = 0; done < num_k_bytes;) { - if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1) + if (!RAND_DRBG_bytes(privdrbg, random_bytes, sizeof(random_bytes))) + goto err; + + if (!EVP_DigestInit_ex(mdctx, md, NULL) + || !EVP_DigestUpdate(mdctx, &done, sizeof(done)) + || !EVP_DigestUpdate(mdctx, private_bytes, + sizeof(private_bytes)) + || !EVP_DigestUpdate(mdctx, message, message_len) + || !EVP_DigestUpdate(mdctx, random_bytes, sizeof(random_bytes)) + || !EVP_DigestFinal_ex(mdctx, digest, NULL)) goto err; - SHA512_Init(&sha); - SHA512_Update(&sha, &done, sizeof(done)); - SHA512_Update(&sha, private_bytes, sizeof(private_bytes)); - SHA512_Update(&sha, message, message_len); - SHA512_Update(&sha, random_bytes, sizeof(random_bytes)); - SHA512_Final(digest, &sha); todo = num_k_bytes - done; if (todo > SHA512_DIGEST_LENGTH) @@ -262,6 +278,8 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, ret = 1; err: + EVP_MD_CTX_free(mdctx); + EVP_MD_meth_free(md); OPENSSL_free(k_bytes); OPENSSL_cleanse(private_bytes, sizeof(private_bytes)); return ret; |