Rename BN_generate_dsa_nonce() to ossl_bn_gen_dsa_nonce_fixed_top()

And create a new BN_generate_dsa_nonce() that corrects the BIGNUM top. We do this to avoid leaking fixed top numbers via the public API. Also add a slight optimization in ossl_bn_gen_dsa_nonce_fixed_top() and make it LE/BE agnostic. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (cherry picked from commit 9c85f6cd2d6debe5ef6ef475ff4bf17e0985f7a2) (Merged from https://github.com/openssl/openssl/pull/24317)
author: Tomas Mraz <tomas@openssl.org> 2024-04-29 17:56:01 +0200
committer: Tomas Mraz <tomas@openssl.org> 2024-05-09 09:32:02 +0200
commit: fdc3efc371be43d5092bb19823e084f54541cbe3 (patch)
tree: d3811b04b8ff612b67e8891e27293a92af9b315d /include/crypto/bn.h
parent: a70ca93cdbc0ed36bf783b9eadc4cea35986b139 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/include/crypto/bn.h b/include/crypto/bn.h
index 94a624f064..3180b993ab 100644
--- a/include/crypto/bn.h
+++ b/include/crypto/bn.h
@@ -91,6 +91,10 @@ int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n);
 int ossl_bn_is_word_fixed_top(const BIGNUM *a, BN_ULONG w);
 int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range,
                                       unsigned int strength, BN_CTX *ctx);
+int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range,
+                                    const BIGNUM *priv,
+                                    const unsigned char *message,
+                                    size_t message_len, BN_CTX *ctx);
 
 #define BN_PRIMETEST_COMPOSITE                    0
 #define BN_PRIMETEST_COMPOSITE_WITH_FACTOR        1
author	Tomas Mraz <tomas@openssl.org>	2024-04-29 17:56:01 +0200
committer	Tomas Mraz <tomas@openssl.org>	2024-05-09 09:32:02 +0200
commit	fdc3efc371be43d5092bb19823e084f54541cbe3 (patch)
tree	d3811b04b8ff612b67e8891e27293a92af9b315d /include/crypto/bn.h
parent	a70ca93cdbc0ed36bf783b9eadc4cea35986b139 (diff)