wolfssl: Fix crypto_bignum_rand() implementation

The previous implementation used mp_rand_prime() to generate a random
value in range 0..m. That is insanely slow way of generating a random
value since mp_rand_prime() is for generating a random _prime_ which is
not what is needed here. Replace that implementation with generationg of
a random value in the requested range without doing any kind of prime
number checks or loops to reject values that are not primes.

This speeds up SAE and EAP-pwd routines by couple of orders of
magnitude..

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-05-16 21:02:17 +03:00
parent 6a28c4dbc1
commit eb595b3e3a

View file

@ -1104,19 +1104,21 @@ int crypto_bignum_rand(struct crypto_bignum *r, const struct crypto_bignum *m)
{ {
int ret = 0; int ret = 0;
WC_RNG rng; WC_RNG rng;
size_t len;
u8 *buf;
if (TEST_FAIL()) if (TEST_FAIL())
return -1; return -1;
if (wc_InitRng(&rng) != 0) if (wc_InitRng(&rng) != 0)
return -1; return -1;
if (mp_rand_prime((mp_int *) r, len = (mp_count_bits((mp_int *) m) + 7) / 8;
(mp_count_bits((mp_int *) m) + 7) / 8 * 2, buf = os_malloc(len);
&rng, NULL) != 0) if (!buf || wc_RNG_GenerateBlock(&rng, buf, len) != 0 ||
ret = -1; mp_read_unsigned_bin((mp_int *) r, buf, len) != MP_OKAY ||
if (ret == 0 &&
mp_mod((mp_int *) r, (mp_int *) m, (mp_int *) r) != 0) mp_mod((mp_int *) r, (mp_int *) m, (mp_int *) r) != 0)
ret = -1; ret = -1;
wc_FreeRng(&rng); wc_FreeRng(&rng);
bin_clear_free(buf, len);
return ret; return ret;
} }