Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
[openssl.git] / crypto / bn / bn_rand.c
index e3530a5..fb583fb 100644 (file)
@@ -1,5 +1,5 @@
 /* crypto/bn/bn_rand.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
 #include <time.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#include "rand.h"
+#include <openssl/rand.h>
 
-int BN_rand(rnd, bits, top, bottom)
-BIGNUM *rnd;
-int bits;
-int top;
-int bottom;
+static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
        {
        unsigned char *buf=NULL;
        int ret=0,bit,bytes,mask;
        time_t tim;
 
+       if (bits == 0)
+               {
+               BN_zero(rnd);
+               return 1;
+               }
+
        bytes=(bits+7)/8;
        bit=(bits-1)%8;
-       mask=0xff<<bit;
+       mask=0xff<<(bit+1);
 
-       buf=(unsigned char *)Malloc(bytes);
+       buf=(unsigned char *)OPENSSL_malloc(bytes);
        if (buf == NULL)
                {
                BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE);
@@ -85,28 +87,61 @@ int bottom;
 
        /* make a random number and set the top and bottom bits */
        time(&tim);
-       RAND_seed((unsigned char *)&tim,sizeof(tim));
+       RAND_add(&tim,sizeof(tim),0);
+
+       if (pseudorand)
+               {
+               if (RAND_pseudo_bytes(buf, bytes) == -1)
+                       goto err;
+               }
+       else
+               {
+               if (RAND_bytes(buf, bytes) <= 0)
+                       goto err;
+               }
+
+#if 1
+       if (pseudorand == 2)
+               {
+               /* generate patterns that are more likely to trigger BN
+                  library bugs */
+               int i;
+               unsigned char c;
+
+               for (i = 0; i < bytes; i++)
+                       {
+                       RAND_pseudo_bytes(&c, 1);
+                       if (c >= 128 && i > 0)
+                               buf[i] = buf[i-1];
+                       else if (c < 42)
+                               buf[i] = 0;
+                       else if (c < 84)
+                               buf[i] = 255;
+                       }
+               }
+#endif
 
-       RAND_bytes(buf,(int)bytes);
-       if (top)
+       if (top != -1)
                {
-               if (bit == 0)
+               if (top)
                        {
-                       buf[0]=1;
-                       buf[1]|=0x80;
+                       if (bit == 0)
+                               {
+                               buf[0]=1;
+                               buf[1]|=0x80;
+                               }
+                       else
+                               {
+                               buf[0]|=(3<<(bit-1));
+                               }
                        }
                else
                        {
-                       buf[0]|=(3<<(bit-1));
-                       buf[0]&= ~(mask<<1);
+                       buf[0]|=(1<<bit);
                        }
                }
-       else
-               {
-               buf[0]|=(1<<bit);
-               buf[0]&= ~(mask<<1);
-               }
-       if (bottom) /* set bottom bits to whatever odd is */
+       buf[0] &= ~mask;
+       if (bottom) /* set bottom bit if requested */
                buf[bytes-1]|=1;
        if (!BN_bin2bn(buf,bytes,rnd)) goto err;
        ret=1;
@@ -114,8 +149,76 @@ err:
        if (buf != NULL)
                {
                memset(buf,0,bytes);
-               Free(buf);
+               OPENSSL_free(buf);
                }
        return(ret);
        }
 
+int     BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+       {
+       return bnrand(0, rnd, bits, top, bottom);
+       }
+
+int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+       {
+       return bnrand(1, rnd, bits, top, bottom);
+       }
+
+#if 1
+int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+       {
+       return bnrand(2, rnd, bits, top, bottom);
+       }
+#endif
+
+
+/* random number r:  0 <= r < range */
+int    BN_rand_range(BIGNUM *r, BIGNUM *range)
+       {
+       int n;
+
+       if (range->neg || BN_is_zero(range))
+               {
+               BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+               return 0;
+               }
+
+       n = BN_num_bits(range); /* n > 0 */
+
+       if (n == 1)
+               {
+               if (!BN_zero(r)) return 0;
+               }
+       else if (BN_is_bit_set(range, n - 2))
+               {
+               do
+                       {
+                       /* range = 11..._2, so each iteration succeeds with probability >= .75 */
+                       if (!BN_rand(r, n, -1, 0)) return 0;
+                       }
+               while (BN_cmp(r, range) >= 0);
+               }
+       else
+               {
+               /* range = 10..._2,
+                * so  3*range (= 11..._2)  is exactly one bit longer than  range */
+               do
+                       {
+                       if (!BN_rand(r, n + 1, -1, 0)) return 0;
+                       /* If  r < 3*range,  use  r := r MOD range
+                        * (which is either  r, r - range,  or  r - 2*range).
+                        * Otherwise, iterate once more.
+                        * Since  3*range = 11..._2, each iteration succeeds with
+                        * probability >= .75. */
+                       if (BN_cmp(r ,range) >= 0)
+                               {
+                               if (!BN_sub(r, r, range)) return 0;
+                               if (BN_cmp(r, range) >= 0)
+                                       if (!BN_sub(r, r, range)) return 0;
+                               }
+                       }
+               while (BN_cmp(r, range) >= 0);
+               }
+
+       return 1;
+       }