Browse Source

[crypto] Use ANS X9.82 Approved get_random_nz() for RSA

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 13 years ago
parent
commit
5a80c11062
1 changed files with 9 additions and 2 deletions
  1. 9
    2
      src/crypto/axtls/crypto.h

+ 9
- 2
src/crypto/axtls/crypto.h View File

@@ -130,9 +130,16 @@ void RNG_terminate(void);
130 130
 void get_random(int num_rand_bytes, uint8_t *rand_data);
131 131
 //void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
132 132
 
133
-#include <string.h>
133
+#include <ipxe/random_nz.h>
134 134
 static inline void get_random_NZ(int num_rand_bytes, uint8_t *rand_data) {
135
-	memset ( rand_data, 0x01, num_rand_bytes );
135
+	/* AXTLS does not check for failures when generating random
136
+	 * data.  Rely on the fact that get_random_nz() does not
137
+	 * request prediction resistance (and so cannot introduce new
138
+	 * failures) and therefore any potential failure must already
139
+	 * have been encountered by e.g. tls_generate_random(), which
140
+	 * does check for failures.
141
+	 */
142
+	get_random_nz ( rand_data, num_rand_bytes );
136 143
 }
137 144
 
138 145
 /**************************************************************************

Loading…
Cancel
Save