Merge pull request #647 from Kr0emer/fix/bug-003-dsa-nonce-compareto

kjur · web-flow · commit ee4b01347836 · 2026-02-20T22:31:27.000+09:00
fix(crypto): correct compareTo checks in BigInteger RNG helpers
diff --git a/src/crypto-1.1.js b/src/crypto-1.1.js
@@ -391,7 +391,7 @@ KJUR.crypto.Util.getRandomBigIntegerZeroToMax = function(biMax) {
     var bitLenMax = biMax.bitLength();
     while (1) {
 	var biRand = KJUR.crypto.Util.getRandomBigIntegerOfNbits(bitLenMax);
-	if (biMax.compareTo(biRand) != -1) return biRand;
+	if (biMax.compareTo(biRand) >= 0) return biRand;
     }
 };
 
@@ -415,7 +415,7 @@ KJUR.crypto.Util.getRandomBigIntegerZeroToMax = function(biMax) {
  */
 KJUR.crypto.Util.getRandomBigIntegerMinToMax = function(biMin, biMax) {
     var flagCompare = biMin.compareTo(biMax);
-    if (flagCompare == 1) throw "biMin is greater than biMax";
+    if (flagCompare > 0) throw "biMin is greater than biMax";
     if (flagCompare == 0) return biMin;
 
     var biDiff = biMax.subtract(biMin);
diff --git a/test/qunit-do-crypto.html b/test/qunit-do-crypto.html
@@ -211,6 +211,22 @@
   equal(n, 1000, "1000 times success:" + n0 + ":" + n1 + ":" + n2 + ":" + n3);
 });
 
+test("Util.getRandomBigIntegerZeroToMax rejects out-of-range candidate", function() {
+  var fOrig = KJUR.crypto.Util.getRandomBigIntegerOfNbits;
+  var aBiRand = [new BigInteger("200", 10), new BigInteger("42", 10)];
+  var idx = 0;
+  KJUR.crypto.Util.getRandomBigIntegerOfNbits = function(n) {
+    return aBiRand[idx++];
+  };
+  try {
+    var bi = KJUR.crypto.Util.getRandomBigIntegerZeroToMax(new BigInteger("100", 10));
+    equal(bi.toString(10), "42", "returns in-range value");
+    equal(idx >= 2, true, "retries when out-of-range candidate appears");
+  } finally {
+    KJUR.crypto.Util.getRandomBigIntegerOfNbits = fOrig;
+  }
+});
+
 test("Util.getRandomBigIntegerMinToMax", function() {
   var bi15 = new BigInteger("15", 10);
   var bi18 = new BigInteger("18", 10);
@@ -270,6 +286,22 @@
   equal(new BigInteger("-13", 10).modInverse(biM2).toString(10), "82", "-13 mod 97");
 });
 
+test("Util.getRandomBigIntegerMinToMax throws for any positive compareTo", function() {
+  var biMin = {
+    compareTo: function(a) { return 2; }
+  };
+  var biMax = {
+    subtract: function(a) { throw "subtract must not be called"; }
+  };
+  var ex = null;
+  try {
+    KJUR.crypto.Util.getRandomBigIntegerMinToMax(biMin, biMax);
+  } catch (err) {
+    ex = err;
+  }
+  equal(ex, "biMin is greater than biMax", "throws before subtraction");
+});
+
 test("MessageDigest test", function() {
   expect(10);
   var md1 = new KJUR.crypto.MessageDigest({"alg": "sha1", "prov": "cryptojs"});
