From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 30 Apr 2024 09:46:26 +0000 (+0200)
Subject: Correct top for EC/DSA nonces if BN_DEBUG is on
X-Git-Tag: openssl-3.0.14~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d8f4038fee95af894ba642a6b8692f6499eb4197;p=thirdparty%2Fopenssl.git

Correct top for EC/DSA nonces if BN_DEBUG is on

Otherwise following operations would bail out in bn_check_top().

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>

(cherry picked from commit a380ae85be287045b1eaa64d23942101a426c080)

(Merged from https://github.com/openssl/openssl/pull/24317)

(cherry picked from commit 549208d1f1175aca5cc1ea989c4e9e4a41bc558c)
---

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 420909e0940..7fcd03a3cba 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -276,6 +276,10 @@ int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range,
             ossl_bn_mask_bits_fixed_top(r, n);
         }
         while (BN_ucmp(r, range) >= 0);
+#ifdef BN_DEBUG
+        /* With BN_DEBUG on a fixed top number cannot be returned */
+        bn_correct_top(r);
+#endif
     }
 
     return 1;
@@ -372,6 +376,10 @@ int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range,
 
         if (BN_ucmp(out, range) < 0) {
             ret = 1;
+#ifdef BN_DEBUG
+            /* With BN_DEBUG on a fixed top number cannot be returned */
+            bn_correct_top(out);
+#endif
             goto end;
         }
     }