You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50 lines
1.5 KiB
Diff
50 lines
1.5 KiB
Diff
From eb595b3e3ab531645a5bde71cf6385335b7a4b95 Mon Sep 17 00:00:00 2001
|
|
From: Jouni Malinen <j@w1.fi>
|
|
Date: Sat, 16 May 2020 21:02:17 +0300
|
|
Subject: [PATCH 2/3] wolfssl: Fix crypto_bignum_rand() implementation
|
|
|
|
The previous implementation used mp_rand_prime() to generate a random
|
|
value in range 0..m. That is insanely slow way of generating a random
|
|
value since mp_rand_prime() is for generating a random _prime_ which is
|
|
not what is needed here. Replace that implementation with generationg of
|
|
a random value in the requested range without doing any kind of prime
|
|
number checks or loops to reject values that are not primes.
|
|
|
|
This speeds up SAE and EAP-pwd routines by couple of orders of
|
|
magnitude..
|
|
|
|
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
---
|
|
src/crypto/crypto_wolfssl.c | 12 +++++++-----
|
|
1 file changed, 7 insertions(+), 5 deletions(-)
|
|
|
|
--- a/src/crypto/crypto_wolfssl.c
|
|
+++ b/src/crypto/crypto_wolfssl.c
|
|
@@ -1084,19 +1084,21 @@ int crypto_bignum_rand(struct crypto_big
|
|
{
|
|
int ret = 0;
|
|
WC_RNG rng;
|
|
+ size_t len;
|
|
+ u8 *buf;
|
|
|
|
if (TEST_FAIL())
|
|
return -1;
|
|
if (wc_InitRng(&rng) != 0)
|
|
return -1;
|
|
- if (mp_rand_prime((mp_int *) r,
|
|
- (mp_count_bits((mp_int *) m) + 7) / 8 * 2,
|
|
- &rng, NULL) != 0)
|
|
- ret = -1;
|
|
- if (ret == 0 &&
|
|
+ len = (mp_count_bits((mp_int *) m) + 7) / 8;
|
|
+ buf = os_malloc(len);
|
|
+ if (!buf || wc_RNG_GenerateBlock(&rng, buf, len) != 0 ||
|
|
+ mp_read_unsigned_bin((mp_int *) r, buf, len) != MP_OKAY ||
|
|
mp_mod((mp_int *) r, (mp_int *) m, (mp_int *) r) != 0)
|
|
ret = -1;
|
|
wc_FreeRng(&rng);
|
|
+ bin_clear_free(buf, len);
|
|
return ret;
|
|
}
|
|
|