X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fbn%2Fbn_rand.c;h=ce4a0e17d796df18090a608b6fbfd6110fe6fadb;hp=10964646f27ff9b1b830bffa071204d23bc3dc34;hb=3fb2cf1ad19feaf6f7c571b49bd9e320eb4daf31;hpb=b196e7d936fb377d9c5b305748ac25ff0e53ef6d diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 10964646f2..ce4a0e17d7 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -1,4 +1,3 @@ -/* crypto/bn/bn_rand.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -111,7 +110,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #include #include @@ -122,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -168,7 +172,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } } - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; @@ -187,10 +191,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) goto err; ret = 1; err: - if (buf != NULL) { - OPENSSL_cleanse(buf, bytes); - OPENSSL_free(buf); - } + OPENSSL_clear_free(buf, bytes); bn_check_top(rnd); return (ret); } @@ -313,7 +314,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, int ret = 0; k_bytes = OPENSSL_malloc(num_k_bytes); - if (!k_bytes) + if (k_bytes == NULL) goto err; /* We copy |priv| into a local buffer to avoid exposing its length. */ @@ -354,7 +355,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, ret = 1; err: - if (k_bytes) - OPENSSL_free(k_bytes); + OPENSSL_free(k_bytes); return ret; }