[crypto] Use ANS X9.82 Approved get_random_nz() for RSA

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-02-21 12:40:27 +00:00 · 2012-02-21 12:40:27 +00:00 · 5a80c11062
commit 5a80c11062
parent 75090f2abf
1 changed files with 9 additions and 2 deletions
--- a/src/crypto/axtls/crypto.h
+++ b/src/crypto/axtls/crypto.h
@ -130,9 +130,16 @@ void RNG_terminate(void);
 void get_random(int num_rand_bytes, uint8_t *rand_data);
 //void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);

-#include <string.h>
+#include <ipxe/random_nz.h>
 static inline void get_random_NZ(int num_rand_bytes, uint8_t *rand_data) {
-	memset ( rand_data, 0x01, num_rand_bytes );
+	/* AXTLS does not check for failures when generating random
+	 * data.  Rely on the fact that get_random_nz() does not
+	 * request prediction resistance (and so cannot introduce new
+	 * failures) and therefore any potential failure must already
+	 * have been encountered by e.g. tls_generate_random(), which
+	 * does check for failures.
+	 */
+	get_random_nz ( rand_data, num_rand_bytes );
 }

 /**************************************************************************