err:
if (buf != NULL)
{
- memset(buf,0,bytes);
+ OPENSSL_cleanse(buf,bytes);
OPENSSL_free(buf);
}
return(ret);
{
int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
int n;
+ int count = 100;
if (range->neg || BN_is_zero(range))
{
n = BN_num_bits(range); /* n > 0 */
+ /* BN_is_bit_set(range, n - 1) always holds */
+
if (n == 1)
{
if (!BN_zero(r)) return 0;
}
- else if (BN_is_bit_set(range, n - 2))
- {
- do
- {
- /* range = 11..._2, so each iteration succeeds with probability >= .75 */
- if (!bn_rand(r, n, -1, 0)) return 0;
- }
- while (BN_cmp(r, range) >= 0);
- }
- else
+ else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
{
- /* range = 10..._2,
+ /* range = 100..._2,
* so 3*range (= 11..._2) is exactly one bit longer than range */
do
{
if (BN_cmp(r, range) >= 0)
if (!BN_sub(r, r, range)) return 0;
}
+
+ if (!--count)
+ {
+ BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+ return 0;
+ }
+
+ }
+ while (BN_cmp(r, range) >= 0);
+ }
+ else
+ {
+ do
+ {
+ /* range = 11..._2 or range = 101..._2 */
+ if (!bn_rand(r, n, -1, 0)) return 0;
+
+ if (!--count)
+ {
+ BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+ return 0;
+ }
}
while (BN_cmp(r, range) >= 0);
}
projects / oweals / openssl.git / blobdiff