commit | 7410689a301df1776258cd8d7171cf5e17f5ede5 | [log] [tgz] |
---|---|---|
author | Adam Langley <agl@chromium.org> | Mon Jun 23 14:32:42 2014 -0700 |
committer | Adam Langley <agl@chromium.org> | Mon Jun 23 15:41:44 2014 -0700 |
tree | 72afb79986d3488962ebb8fb81c16dda3d674f98 | |
parent | d031f11596fd0bdfeb6333050a06be28dc64de41 [diff] |
Generate (EC)DSA nonces with truncate/test/reject. Previously we generated a number that was 8 bytes too large and used a modular reduction, which has a (tiny, tiny) bias towards zero. Out of an excess of caution, instead truncate the generated nonce and try again if it's out of range. Change-Id: Ia9a7a57dd6d3e5f13d0b881b3e9b2e986d46e4ca