Fix ecp_gen_keypair()

Too few tries caused failures for some curves (esp. secp224k1)
This commit is contained in:
Manuel Pégourié-Gonnard 2014-01-28 19:30:56 +01:00 committed by Paul Bakker
parent 2cb1a0c400
commit 6e8e34d61e
2 changed files with 15 additions and 1 deletions

View File

@ -1,5 +1,10 @@
PolarSSL ChangeLog (Sorted per branch, date) PolarSSL ChangeLog (Sorted per branch, date)
= PolarSSL 1.3 branch
Bugfix
* ecp_gen_keypair() does more tries to prevent failure because of
statistics
= PolarSSL 1.3.4 released on 2014-01-27 = PolarSSL 1.3.4 released on 2014-01-27
Features Features
* Support for the Koblitz curves: secp192k1, secp224k1, secp256k1 * Support for the Koblitz curves: secp192k1, secp224k1, secp256k1

View File

@ -1796,7 +1796,16 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
MPI_CHK( mpi_read_binary( d, rnd, n_size ) ); MPI_CHK( mpi_read_binary( d, rnd, n_size ) );
MPI_CHK( mpi_shift_r( d, 8 * n_size - grp->nbits ) ); MPI_CHK( mpi_shift_r( d, 8 * n_size - grp->nbits ) );
if( count++ > 10 ) /*
* Each try has at worst a probability 1/2 of failing (the msb has
* a probability 1/2 of being 0, and then the result will be < N),
* so after 30 tries failure probability is a most 2**(-30).
*
* For most curves, 1 try is enough with overwhelming probability,
* since N starts with a lot of 1s in binary, but some curves
* such as secp224k1 are actually very close to the worst case.
*/
if( ++count > 30 )
return( POLARSSL_ERR_ECP_RANDOM_FAILED ); return( POLARSSL_ERR_ECP_RANDOM_FAILED );
} }
while( mpi_cmp_int( d, 1 ) < 0 || while( mpi_cmp_int( d, 1 ) < 0 ||