[crypto] Use ANS X9.82 Approved get_random_nz() for RSA

author Michael Brown <mcb30@ipxe.org>

Tue, 21 Feb 2012 12:40:27 +0000 (12:40 +0000)

committer Michael Brown <mcb30@ipxe.org>

Tue, 21 Feb 2012 12:43:03 +0000 (12:43 +0000)
author Michael Brown <mcb30@ipxe.org>
Tue, 21 Feb 2012 12:40:27 +0000 (12:40 +0000)
committer Michael Brown <mcb30@ipxe.org>
Tue, 21 Feb 2012 12:43:03 +0000 (12:43 +0000)
diff --git a/src/crypto/axtls/crypto.h b/src/crypto/axtls/crypto.h

index a9893cf35a60a231a22cb8daac17bc4ec81e21d7..b7af7c419ed6ae0d51590888ced27b0d349535a6 100644 (file)
--- a/src/crypto/axtls/crypto.h
+++ b/src/crypto/axtls/crypto.h
@@ -130,9 +130,16 @@ void RNG_terminate(void);
  void get_random(int num_rand_bytes, uint8_t *rand_data);
  //void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
  
-#include <string.h>
+#include <ipxe/random_nz.h>
  static inline void get_random_NZ(int num_rand_bytes, uint8_t *rand_data) {
-       memset ( rand_data, 0x01, num_rand_bytes );
+       /* AXTLS does not check for failures when generating random
+        * data.  Rely on the fact that get_random_nz() does not
+        * request prediction resistance (and so cannot introduce new
+        * failures) and therefore any potential failure must already
+        * have been encountered by e.g. tls_generate_random(), which
+        * does check for failures.
+        */
+       get_random_nz ( rand_data, num_rand_bytes );
  }
  
  /**************************************************************************
author	Michael Brown <mcb30@ipxe.org>
	Tue, 21 Feb 2012 12:40:27 +0000 (12:40 +0000)
committer	Michael Brown <mcb30@ipxe.org>
	Tue, 21 Feb 2012 12:43:03 +0000 (12:43 +0000)