Rename BN_generate_dsa_nonce() to ossl_bn_gen_dsa_nonce_fixed_top()

And create a new BN_generate_dsa_nonce() that corrects the BIGNUM top. We do this to avoid leaking fixed top numbers via the public API. Also add a slight optimization in ossl_bn_gen_dsa_nonce_fixed_top() and make it LE/BE agnostic. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24265)
author: Tomas Mraz <tomas@openssl.org> 2024-04-29 17:56:01 +0200
committer: Tomas Mraz <tomas@openssl.org> 2024-05-02 09:21:30 +0200
commit: 9c85f6cd2d6debe5ef6ef475ff4bf17e0985f7a2 (patch)
tree: 4bc89d0b0f33d0e15631b9edbc5da0236f02405a /include
parent: 13b3ca5c998e6db4f7251a56c43541cb1a422bd0 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/include/crypto/bn.h b/include/crypto/bn.h
index 308cf57502..9a988a467d 100644
--- a/include/crypto/bn.h
+++ b/include/crypto/bn.h
@@ -91,6 +91,10 @@ int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n);
 int ossl_bn_is_word_fixed_top(const BIGNUM *a, BN_ULONG w);
 int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range,
                                       unsigned int strength, BN_CTX *ctx);
+int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range,
+                                    const BIGNUM *priv,
+                                    const unsigned char *message,
+                                    size_t message_len, BN_CTX *ctx);
 
 #define BN_PRIMETEST_COMPOSITE                    0
 #define BN_PRIMETEST_COMPOSITE_WITH_FACTOR        1
author	Tomas Mraz <tomas@openssl.org>	2024-04-29 17:56:01 +0200
committer	Tomas Mraz <tomas@openssl.org>	2024-05-02 09:21:30 +0200
commit	9c85f6cd2d6debe5ef6ef475ff4bf17e0985f7a2 (patch)
tree	4bc89d0b0f33d0e15631b9edbc5da0236f02405a /include
parent	13b3ca5c998e6db4f7251a56c43541cb1a422bd0 (diff)