Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
+ *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+ Bleichenbacher's DSA attack.
+ [Ulf Moeller]
+
*) Update Rijndael code to version 3.0 and change EVP AES ciphers to
handle the new API. Currently only ECB, CBC modes supported. Add new
AES OIDs. Add TLS AES ciphersuites as described in the "AES Ciphersuites
void BN_CTX_end(BN_CTX *ctx);
int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int BN_rand_range(BIGNUM *rnd, BIGNUM *min, BIGNUM *max);
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG);
BIGNUM *BN_new(void);
return bnrand(2, rnd, bits, top, bottom);
}
#endif
+
+/* random number r: min <= r < max */
+int BN_rand_range(BIGNUM *r, BIGNUM *min, BIGNUM *max)
+ {
+ int n = BN_num_bits(max);
+ do
+ {
+ if (!BN_rand(r, n, 0, 0)) return 0;
+ } while ((min && BN_cmp(r, min) < 0) || BN_cmp(r, max) >= 0);
+ return 1;
+ }
kinv=NULL;
/* Get random k */
- for (;;)
- {
- if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err;
- if (BN_cmp(&k,dsa->q) >= 0)
- BN_sub(&k,&k,dsa->q);
- if (!BN_is_zero(&k)) break;
- }
+ if (!BN_rand_range(&k, BN_value_one(), dsa->q)) goto err;
if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
{
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *min, BIGNUM *max);
+
=head1 DESCRIPTION
BN_rand() generates a cryptographically strong pseudo-random number of
non-cryptographic purposes and for certain purposes in cryptographic
protocols, but usually not for key generation etc.
-The PRNG must be seeded prior to calling BN_rand().
+BN_rand_range() generates a cryptographically strong pseudo-random
+number B<rnd> in the range B<min> E<lt>= B<rnd> E<lt> B<max>. B<min>
+may be NULL, in that case 0 E<lt>= B<rnd> E<lt> B<max>.
+
+The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
=head1 RETURN VALUES
-BN_rand() and BN_pseudo_rand() return 1 on success, 0 on error.
+The functions return 1 on success, 0 on error.
The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
=head1 HISTORY
BN_rand() is available in all versions of SSLeay and OpenSSL.
-BN_pseudo_rand() was added in OpenSSL 0.9.5.
+BN_pseudo_rand() was added in OpenSSL 0.9.5, and BN_rand_range()
+in OpenSSL 0.9.6a.
=cut
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *min, BIGNUM *max);
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
projects / openssl.git / commitdiff