commit 7410689a301df1776258cd8d7171cf5e17f5ede5
author Adam Langley <agl@chromium.org> Mon Jun 23 14:32:42 2014 -0700
committer Adam Langley <agl@chromium.org> Mon Jun 23 15:41:44 2014 -0700
tree 72afb79986d3488962ebb8fb81c16dda3d674f98
parent d031f11596fd0bdfeb6333050a06be28dc64de41

Generate (EC)DSA nonces with truncate/test/reject.

Previously we generated a number that was 8 bytes too large and used a
modular reduction, which has a (tiny, tiny) bias towards zero.

Out of an excess of caution, instead truncate the generated nonce and
try again if it's out of range.

Change-Id: Ia9a7a57dd6d3e5f13d0b881b3e9b2e986d46e4ca