aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2020-05-16 18:02:17 (GMT)
committerJouni Malinen <j@w1.fi>2020-05-16 18:02:17 (GMT)
commiteb595b3e3ab531645a5bde71cf6385335b7a4b95 (patch)
tree42f8993224311a8070ff1ab938d49743f910b0c2
parent6a28c4dbc102de3fed9db44637f47a10e7adfb78 (diff)
downloadhostap-eb595b3e3ab531645a5bde71cf6385335b7a4b95.zip
hostap-eb595b3e3ab531645a5bde71cf6385335b7a4b95.tar.gz
hostap-eb595b3e3ab531645a5bde71cf6385335b7a4b95.tar.bz2
wolfssl: Fix crypto_bignum_rand() implementation
The previous implementation used mp_rand_prime() to generate a random value in range 0..m. That is insanely slow way of generating a random value since mp_rand_prime() is for generating a random _prime_ which is not what is needed here. Replace that implementation with generationg of a random value in the requested range without doing any kind of prime number checks or loops to reject values that are not primes. This speeds up SAE and EAP-pwd routines by couple of orders of magnitude.. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/crypto/crypto_wolfssl.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index dc68bd6..2e4bf89 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -1104,19 +1104,21 @@ int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m)
{
int ret = 0;
WC_RNG rng;
+ size_t len;
+ u8 *buf;
if (TEST_FAIL())
return -1;
if (wc_InitRng(&rng) != 0)
return -1;
- if (mp_rand_prime((mp_int *) r,
- (mp_count_bits((mp_int *) m) + 7) / 8 * 2,
- &rng, NULL) != 0)
- ret = -1;
- if (ret == 0 &&
+ len = (mp_count_bits((mp_int *) m) + 7) / 8;
+ buf = os_malloc(len);
+ if (!buf || wc_RNG_GenerateBlock(&rng, buf, len) != 0 ||
+ mp_read_unsigned_bin((mp_int *) r, buf, len) != MP_OKAY ||
mp_mod((mp_int *) r, (mp_int *) m, (mp_int *) r) != 0)
ret = -1;
wc_FreeRng(&rng);
+ bin_clear_free(buf, len);
return ret;
}