]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: aa487e6) | patch
crypto/elliptic: resample private keys if out of range.
authorAdam Langley <agl@golang.org>
Fri, 4 Dec 2015 22:17:03 +0000 (14:17 -0800)
committerRuss Cox <rsc@golang.org>
Tue, 8 Dec 2015 17:39:09 +0000 (17:39 +0000)
commitf740d717bd31e1a4b8281072b5cb3dfeb26f3273
treea1d22aeeda0e35b6c0b39a1b23ceac820ded40ddtree
parentaa487e66f869785837275ee20441a53888a51bb2commit | diff
crypto/elliptic: resample private keys if out of range.

The orders of the curves in crypto/elliptic are all very close to a
power of two. None the less, there is a tiny bias in the private key
selection.

This change makes the distribution uniform by resampling in the case
that a private key is >= to the order of the curve. (It also switches
from using BitSize to Params().N.BitLen() because, although they're the
same value here, the latter is technically the correct thing to do.)

The private key sampling and nonce sampling in crypto/ecdsa don't have
this issue.

Fixes #11082.

Change-Id: Ie2aad563209a529fa1cab522abaf5fd505c7269a
Reviewed-on: https://go-review.googlesource.com/17460
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
src/crypto/elliptic/elliptic.go diff | blob | history
Go GOST TLS 1.3