Rename BN_generate_dsa_nonce() to ossl_bn_gen_dsa_nonce_fixed_top()

And create a new BN_generate_dsa_nonce() that corrects the BIGNUM top. We do this to avoid leaking fixed top numbers via the public API. Also add a slight optimization in ossl_bn_gen_dsa_nonce_fixed_top() and make it LE/BE agnostic. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (cherry picked from commit 9c85f6cd2d6debe5ef6ef475ff4bf17e0985f7a2) (Merged from https://github.com/openssl/openssl/pull/24317)
author: Tomas Mraz <tomas@openssl.org> 2024-04-29 17:56:01 +0200
committer: Tomas Mraz <tomas@openssl.org> 2024-05-09 09:32:02 +0200
commit: fdc3efc371be43d5092bb19823e084f54541cbe3 (patch)
tree: d3811b04b8ff612b67e8891e27293a92af9b315d /crypto/ec/ecdsa_ossl.c
parent: a70ca93cdbc0ed36bf783b9eadc4cea35986b139 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
index 1d3ed66623..5d51ff9079 100644
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@@ -145,8 +145,8 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
         /* get random k */
         do {
             if (dgst != NULL) {
-                if (!BN_generate_dsa_nonce(k, order, priv_key,
-                                           dgst, dlen, ctx)) {
+                if (!ossl_bn_gen_dsa_nonce_fixed_top(k, order, priv_key,
+                                                     dgst, dlen, ctx)) {
                     ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
                     goto err;
                 }
author	Tomas Mraz <tomas@openssl.org>	2024-04-29 17:56:01 +0200
committer	Tomas Mraz <tomas@openssl.org>	2024-05-09 09:32:02 +0200
commit	fdc3efc371be43d5092bb19823e084f54541cbe3 (patch)
tree	d3811b04b8ff612b67e8891e27293a92af9b315d /crypto/ec/ecdsa_ossl.c
parent	a70ca93cdbc0ed36bf783b9eadc4cea35986b139 (diff)