Not 100% sure that this "fix" is valid, but here goes anyway... I was trying to write unit tests for the EC test vectors in RFC 4753. To do this, I need to specify the private key before proceeding with the key exchange, so I tried preceding EC_KEY_generate_key(key) with a call to EC_KEY_set_private_key(key, priv_key). However, EC_KEY_generate_key() always (re)generates a random private key because of this code:
do if (!BN_rand_range(priv_key, order)) goto err; while (BN_is_zero(priv_key)); I was able to fix this by only generating a new value if priv_key == 0: while (BN_is_zero(priv_key)) if (!BN_rand_range(priv_key, order)) goto err; ... this also makes the EC code consistent with the DH equivalent, but I'm not sure if there's some underlying reason that the EC code regenerates the key. Patch is attached. John Fitzgibbon
Not 100% sure that this "fix" is valid, but here goes anyway...
I was trying to write unit tests for the EC test vectors in RFC 4753. To do this, I need to specify the private key before proceeding with the key exchange, so I tried preceding EC_KEY_generate_key(key) with a call to EC_KEY_set_private_key(key, priv_key). However, EC_KEY_generate_key() always (re)generates a random private key because of this code:
do
if (!BN_rand_range(priv_key, order))
goto err;
while (BN_is_zero(priv_key));
I was able to fix this by only generating a new value if priv_key == 0:if (!BN_rand_range(priv_key, order))
goto err;
while (BN_is_zero(priv_key));
while (BN_is_zero(priv_key))
if (!BN_rand_range(priv_key, order))
goto err;
... this also makes the EC code consistent with the DH equivalent, but I'm not sure if there's some underlying reason that the EC code regenerates the key.
Patch is attached.
John Fitzgibbon
openssl_1.0.1_beta2_ec_key.patch
Description: Binary data
