diff options
author | Ulf Möller <ulf@openssl.org> | 2001-02-20 00:23:07 +0000 |
---|---|---|
committer | Ulf Möller <ulf@openssl.org> | 2001-02-20 00:23:07 +0000 |
commit | 335c4f0966eda1374cd6f7ed646b6c2adc998885 (patch) | |
tree | 7c39b7d8e9192951f9ff7be6c351cbc465039cfb | |
parent | 5003a61b9f62d865bc1261af157dc283e7c31249 (diff) | |
download | openssl-335c4f0966eda1374cd6f7ed646b6c2adc998885.tar.gz |
BN_rand_range() needs a BN_rand() variant that doesn't set the MSB.
-rw-r--r-- | crypto/bn/bn_rand.c | 27 | ||||
-rw-r--r-- | doc/crypto/BN_rand.pod | 14 |
2 files changed, 23 insertions, 18 deletions
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 54d622e6b4..b8fbbc8386 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -121,24 +121,27 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } #endif - if (top) + if (top != -1) { - if (bit == 0) + if (top) { - buf[0]=1; - buf[1]|=0x80; + if (bit == 0) + { + buf[0]=1; + buf[1]|=0x80; + } + else + { + buf[0]|=(3<<(bit-1)); + buf[0]&= ~(mask<<1); + } } else { - buf[0]|=(3<<(bit-1)); + buf[0]|=(1<<bit); buf[0]&= ~(mask<<1); } } - else - { - buf[0]|=(1<<bit); - buf[0]&= ~(mask<<1); - } if (bottom) /* set bottom bits to whatever odd is */ buf[bytes-1]|=1; if (!BN_bin2bn(buf,bytes,rnd)) goto err; @@ -192,7 +195,7 @@ int BN_rand_range(BIGNUM *r, BIGNUM *range) do { /* range = 11..._2, so each iteration succeeds with probability >= .75 */ - if (!BN_rand(r, n, 0, 0)) return 0; + if (!BN_rand(r, n, -1, 0)) return 0; } while (BN_cmp(r, range) >= 0); } @@ -202,7 +205,7 @@ int BN_rand_range(BIGNUM *r, BIGNUM *range) * so 3*range (= 11..._2) is exactly one bit longer than range */ do { - if (!BN_rand(r, n + 1, 0, 0)) return 0; + if (!BN_rand(r, n + 1, -1, 0)) return 0; /* If r < 3*range, use r := r MOD range * (which is either r, r - range, or r - 2*range). * Otherwise, iterate once more. diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index 2a8bed5fed..cbae2fca97 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -17,10 +17,12 @@ BN_rand, BN_pseudo_rand - generate pseudo-random number =head1 DESCRIPTION BN_rand() generates a cryptographically strong pseudo-random number of -B<bits> bits in length and stores it in B<rnd>. If B<top> is true, the -two most significant bits of the number will be set to 1, so that the -product of two such random numbers will always have 2*B<bits> length. -If B<bottom> is true, the number will be odd. +B<bits> bits in length and stores it in B<rnd>. If B<top> is -1, the +most significant bit of the random number can be zero. If B<top> is 0, +it is set to 1, and if B<top> is 1, the two most significant bits of +the number will be set to 1, so that the product of two such random +numbers will always have 2*B<bits> length. If B<bottom> is true, the +number will be odd. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for @@ -45,7 +47,7 @@ L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)> =head1 HISTORY BN_rand() is available in all versions of SSLeay and OpenSSL. -BN_pseudo_rand() was added in OpenSSL 0.9.5, and BN_rand_range() -in OpenSSL 0.9.6a. +BN_pseudo_rand() was added in OpenSSL 0.9.5. The B<top> == -1 case +and the function BN_rand_range() were added in OpenSSL 0.9.6a. =cut |