Make BN_generate_dsa_nonce() constant time and non-biased

Co-authored-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24265) (cherry picked from commit d7d1bdcb6aa3d5000bf7f5ebc5518be5c91fd5a5)
author: Tomas Mraz <tomas@openssl.org> 2024-04-11 13:10:09 +0200
committer: Tomas Mraz <tomas@openssl.org> 2024-05-02 09:23:19 +0200
commit: 4688a4507956c9686dfa80b8dd25f4b06e3d7ff8 (patch)
tree: 5bfce5c54b70ed42fa6c4273fd1bf56f98a9438a /include
parent: d735f108d9319840ce79409825bd7f06b4f21077 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/include/internal/constant_time.h b/include/internal/constant_time.h
index 0ed6f823c1..e8244cd57b 100644
--- a/include/internal/constant_time.h
+++ b/include/internal/constant_time.h
@@ -140,6 +140,18 @@ static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b)
     return constant_time_msb_64(a ^ ((a ^ b) | ((a - b) ^ b)));
 }
 
+#ifdef BN_ULONG
+static ossl_inline BN_ULONG constant_time_msb_bn(BN_ULONG a)
+{
+    return 0 - (a >> (sizeof(a) * 8 - 1));
+}
+
+static ossl_inline BN_ULONG constant_time_lt_bn(BN_ULONG a, BN_ULONG b)
+{
+    return constant_time_msb_bn(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+#endif
+
 static ossl_inline unsigned int constant_time_ge(unsigned int a,
                                                  unsigned int b)
 {
author	Tomas Mraz <tomas@openssl.org>	2024-04-11 13:10:09 +0200
committer	Tomas Mraz <tomas@openssl.org>	2024-05-02 09:23:19 +0200
commit	4688a4507956c9686dfa80b8dd25f4b06e3d7ff8 (patch)
tree	5bfce5c54b70ed42fa6c4273fd1bf56f98a9438a /include
parent	d735f108d9319840ce79409825bd7f06b4f21077 (diff)