Update copyright; generated files.

[openssl.git] / crypto / bn / bn_rand.c

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index de6028698e37fde296c527a84266a5037cb1542a..ce4a0e17d796df18090a608b6fbfd6110fe6fadb 100644 (file)
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -1,4 +1,3 @@
-/* crypto/bn/bn_rand.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -111,7 +110,7 @@
 
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include "bn_lcl.h"
 #include <openssl/rand.h>
 #include <openssl/sha.h>
@@ -122,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
     int ret = 0, bit, bytes, mask;
     time_t tim;
 
+    if (bits < 0 || (bits == 1 && top > 0)) {
+        BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
+        return 0;
+    }
+
     if (bits == 0) {
         BN_zero(rnd);
         return 1;
@@ -131,7 +135,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
     bit = (bits - 1) % 8;
     mask = 0xff << (bit + 1);
 
-    buf = (unsigned char *)OPENSSL_malloc(bytes);
+    buf = OPENSSL_malloc(bytes);
     if (buf == NULL) {
         BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -142,14 +146,13 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
     RAND_add(&tim, sizeof(tim), 0.0);
 
     if (pseudorand) {
-        if (RAND_pseudo_bytes(buf, bytes) == -1)
+        if (RAND_bytes(buf, bytes) <= 0)
             goto err;
     } else {
         if (RAND_bytes(buf, bytes) <= 0)
             goto err;
     }
 
-#if 1
     if (pseudorand == 2) {
         /*
          * generate patterns that are more likely to trigger BN library bugs
@@ -158,7 +161,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
         unsigned char c;
 
         for (i = 0; i < bytes; i++) {
-            RAND_pseudo_bytes(&c, 1);
+            if (RAND_bytes(&c, 1) <= 0)
+                goto err;
             if (c >= 128 && i > 0)
                 buf[i] = buf[i - 1];
             else if (c < 42)
@@ -167,9 +171,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
                 buf[i] = 255;
         }
     }
-#endif
 
-    if (top != -1) {
+    if (top >= 0) {
         if (top) {
             if (bit == 0) {
                 buf[0] = 1;
@@ -188,10 +191,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
         goto err;
     ret = 1;
  err:
-    if (buf != NULL) {
-        OPENSSL_cleanse(buf, bytes);
-        OPENSSL_free(buf);
-    }
+    OPENSSL_clear_free(buf, bytes);
     bn_check_top(rnd);
     return (ret);
 }
@@ -206,12 +206,10 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
     return bnrand(1, rnd, bits, top, bottom);
 }
 
-#if 1
 int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
     return bnrand(2, rnd, bits, top, bottom);
 }
-#endif
 
 /* random number r:  0 <= r < range */
 static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
@@ -289,7 +287,6 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
     return bn_rand_range(1, r, range);
 }
 
-#ifndef OPENSSL_NO_SHA512
 /*
  * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
  * BN_rand_range, it also includes the contents of |priv| and |message| in
@@ -317,7 +314,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
     int ret = 0;
 
     k_bytes = OPENSSL_malloc(num_k_bytes);
-    if (!k_bytes)
+    if (k_bytes == NULL)
         goto err;
 
     /* We copy |priv| into a local buffer to avoid exposing its length. */
@@ -358,8 +355,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
     ret = 1;
 
  err:
-    if (k_bytes)
-        OPENSSL_free(k_bytes);
+    OPENSSL_free(k_bytes);
     return ret;
 }
-#endif                          /* OPENSSL_NO_SHA512 */