• Adam Langley's avatar
    crypto/elliptic: resample private keys if out of range. · f740d717
    Adam Langley authored
    The orders of the curves in crypto/elliptic are all very close to a
    power of two. None the less, there is a tiny bias in the private key
    selection.
    
    This change makes the distribution uniform by resampling in the case
    that a private key is >= to the order of the curve. (It also switches
    from using BitSize to Params().N.BitLen() because, although they're the
    same value here, the latter is technically the correct thing to do.)
    
    The private key sampling and nonce sampling in crypto/ecdsa don't have
    this issue.
    
    Fixes #11082.
    
    Change-Id: Ie2aad563209a529fa1cab522abaf5fd505c7269a
    Reviewed-on: https://go-review.googlesource.com/17460Reviewed-by: 's avatarBrad Fitzpatrick <bradfitz@golang.org>
    Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
    Reviewed-by: 's avatarRuss Cox <rsc@golang.org>
    f740d717
Name
Last commit
Last update
..
aes Loading commit data...
cipher Loading commit data...
des Loading commit data...
dsa Loading commit data...
ecdsa Loading commit data...
elliptic Loading commit data...
hmac Loading commit data...
md5 Loading commit data...
rand Loading commit data...
rc4 Loading commit data...
rsa Loading commit data...
sha1 Loading commit data...
sha256 Loading commit data...
sha512 Loading commit data...
subtle Loading commit data...
tls Loading commit data...
x509 Loading commit data...
crypto.go Loading commit data...