mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 14:55:40 +01:00
Fix ecp_gen_keypair()
Too few tries caused failures for some curves (esp. secp224k1)
This commit is contained in:
parent
2cb1a0c400
commit
6e8e34d61e
@ -1,5 +1,10 @@
|
||||
PolarSSL ChangeLog (Sorted per branch, date)
|
||||
|
||||
= PolarSSL 1.3 branch
|
||||
Bugfix
|
||||
* ecp_gen_keypair() does more tries to prevent failure because of
|
||||
statistics
|
||||
|
||||
= PolarSSL 1.3.4 released on 2014-01-27
|
||||
Features
|
||||
* Support for the Koblitz curves: secp192k1, secp224k1, secp256k1
|
||||
|
@ -1796,7 +1796,16 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
|
||||
MPI_CHK( mpi_read_binary( d, rnd, n_size ) );
|
||||
MPI_CHK( mpi_shift_r( d, 8 * n_size - grp->nbits ) );
|
||||
|
||||
if( count++ > 10 )
|
||||
/*
|
||||
* Each try has at worst a probability 1/2 of failing (the msb has
|
||||
* a probability 1/2 of being 0, and then the result will be < N),
|
||||
* so after 30 tries failure probability is a most 2**(-30).
|
||||
*
|
||||
* For most curves, 1 try is enough with overwhelming probability,
|
||||
* since N starts with a lot of 1s in binary, but some curves
|
||||
* such as secp224k1 are actually very close to the worst case.
|
||||
*/
|
||||
if( ++count > 30 )
|
||||
return( POLARSSL_ERR_ECP_RANDOM_FAILED );
|
||||
}
|
||||
while( mpi_cmp_int( d, 1 ) < 0 ||
|
||||
|
Loading…
Reference in New Issue
Block a user