generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Integrate my implementation of a countermeasure against

Browse Source 
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
This commit is contained in:
Bodo Möller
2001-02-08 12:20:25 +00:00
parent 813c7c415b
commit 07fc72fea1
5 changed files with 66 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/dsa/dsa_ossl.c
View File

@@ -179,7 +179,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
kinv=NULL;
/* Get random k */
if (!BN_rand_range(&k, BN_value_one(), dsa->q)) goto err;
do
if (!BN_rand_range(&k, NULL, dsa->q)) goto err;
while (BN_is_zero(&k));
if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
{