aboutsummaryrefslogtreecommitdiff
path: root/libgo/go/crypto/elliptic/elliptic.go
diff options
context:
space:
mode:
Diffstat (limited to 'libgo/go/crypto/elliptic/elliptic.go')
-rw-r--r--libgo/go/crypto/elliptic/elliptic.go9
1 files changed, 8 insertions, 1 deletions
diff --git a/libgo/go/crypto/elliptic/elliptic.go b/libgo/go/crypto/elliptic/elliptic.go
index e6b59c5..c02df45 100644
--- a/libgo/go/crypto/elliptic/elliptic.go
+++ b/libgo/go/crypto/elliptic/elliptic.go
@@ -274,7 +274,8 @@ var mask = []byte{0xff, 0x1, 0x3, 0x7, 0xf, 0x1f, 0x3f, 0x7f}
// GenerateKey returns a public/private key pair. The private key is
// generated using the given reader, which must return random data.
func GenerateKey(curve Curve, rand io.Reader) (priv []byte, x, y *big.Int, err error) {
- bitSize := curve.Params().BitSize
+ N := curve.Params().N
+ bitSize := N.BitLen()
byteLen := (bitSize + 7) >> 3
priv = make([]byte, byteLen)
@@ -289,6 +290,12 @@ func GenerateKey(curve Curve, rand io.Reader) (priv []byte, x, y *big.Int, err e
// This is because, in tests, rand will return all zeros and we don't
// want to get the point at infinity and loop forever.
priv[1] ^= 0x42
+
+ // If the scalar is out of range, sample another random number.
+ if new(big.Int).SetBytes(priv).Cmp(N) >= 0 {
+ continue
+ }
+
x, y = curve.ScalarBaseMult(priv)
}
return
generated by cgit v1.1 at 2025-04-10 13:53:53 +0000