From f67cbb74437842a0f88f84f43a0faa968ca77b35 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Mon, 8 Aug 2016 15:25:16 -0400
Subject: [PATCH 1/1] Add #defines for magic numbers in API.

Binary- and backward-compatible.  Just better.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
---
 doc/crypto/BN_rand.pod | 17 +++++++++++------
 include/openssl/bn.h   |  9 +++++++++
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod
index c612c50a81..ba505e1e64 100644
--- a/doc/crypto/BN_rand.pod
+++ b/doc/crypto/BN_rand.pod
@@ -19,13 +19,18 @@ BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-r
 =head1 DESCRIPTION
 
 BN_rand() generates a cryptographically strong pseudo-random number of
-B<bits> in length and stores it in B<rnd>. If B<top> is -1, the
-most significant bit of the random number can be zero. If B<top> is 0,
-it is set to 1, and if B<top> is 1, the two most significant bits of
+B<bits> in length and stores it in B<rnd>.
+The value of B<bits> must be zero or greater.
+The B<top> parameters specifies
+requirements on the most significant bit of the generated number.
+If it is B<BN_RAND_TOP_ANY>, there is no constraint.
+If it is B<BN_RAND_TOP_ONE>, the top bit must be one.
+If it is B<BN_RAND_TOP_TWO>, the two most significant bits of
 the number will be set to 1, so that the product of two such random
-numbers will always have 2*B<bits> length.  If B<bottom> is true, the
-number will be odd. The value of B<bits> must be zero or greater. If B<bits> is
-1 then B<top> cannot also be 1.
+numbers will always have 2*B<bits> length.
+If B<bottom> is B<BN_RAND_BOTTOM_ODD>, the number will be odd; if it
+is B<BN_RAND_BOTTOM_ANY> it can be odd or even.
+If B<bits> is 1 then B<top> cannot also be B<BN_RAND_FLG_TOPTWO>.
 
 BN_pseudo_rand() does the same, but pseudo-random numbers generated by
 this function are not necessarily unpredictable. They can be used for
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 4dc2abd838..17bd52136c 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -82,6 +82,15 @@ extern "C" {
 void BN_set_flags(BIGNUM *b, int n);
 int BN_get_flags(const BIGNUM *b, int n);
 
+/* Values for |top| in BN_rand() */
+#define BN_RAND_TOP_ANY    -1
+#define BN_RAND_TOP_ONE     0
+#define BN_RAND_TOP_TWO     1
+
+/* Values for |bottom| in BN_rand() */
+#define BN_RAND_BOTTOM_ANY  0
+#define BN_RAND_BOTTOM_ODD  1
+
 /*
  * get a clone of a BIGNUM with changed flags, for *temporary* use only (the
  * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The
-- 
2.34.1