Changes between 0.9.6 and 0.9.6a [xx XXX 2001]
+ *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+ Bleichenbacher's DSA attack.
+ [Ulf Moeller]
+
*) In the NCONF_...-based implementations for CONF_... queries
(crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
a temporary CONF structure with the data component set to NULL
void BN_CTX_end(BN_CTX *ctx);
int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int BN_rand_range(BIGNUM *rnd, BIGNUM *min, BIGNUM *max);
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG);
BIGNUM *BN_new(void);
{
return bnrand(1, rnd, bits, top, bottom);
}
+
+/* random number r: min <= r < max */
+int BN_rand_range(BIGNUM *r, BIGNUM *min, BIGNUM *max)
+ {
+ int n = BN_num_bits(max);
+ do
+ {
+ if (!BN_rand(r, n, 0, 0)) return 0;
+ } while ((min && BN_cmp(r, min) < 0) || BN_cmp(r, max) >= 0);
+ return 1;
+ }
+
kinv=NULL;
/* Get random k */
- for (;;)
- {
- if (!BN_rand(&k, BN_num_bits(dsa->q), 0, 0)) goto err;
- if (BN_cmp(&k,dsa->q) >= 0)
- BN_sub(&k,&k,dsa->q);
- if (!BN_is_zero(&k)) break;
- }
+ if (!BN_rand_range(&k, BN_value_one(), dsa->q)) goto err;
if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
{
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *min, BIGNUM *max);
+
=head1 DESCRIPTION
BN_rand() generates a cryptographically strong pseudo-random number of
non-cryptographic purposes and for certain purposes in cryptographic
protocols, but usually not for key generation etc.
-The PRNG must be seeded prior to calling BN_rand().
+BN_rand_range() generates a cryptographically strong pseudo-random
+number B<rnd> in the range B<min> E<lt>= B<rnd> E<lt> B<max>. B<min>
+may be NULL, in that case 0 E<lt>= B<rnd> E<lt> B<max>.
+
+The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
=head1 RETURN VALUES
-BN_rand() and BN_pseudo_rand() return 1 on success, 0 on error.
+The functions return 1 on success, 0 on error.
The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
=head1 HISTORY
BN_rand() is available in all versions of SSLeay and OpenSSL.
-BN_pseudo_rand() was added in OpenSSL 0.9.5.
+BN_pseudo_rand() was added in OpenSSL 0.9.5, and BN_rand_range()
+in OpenSSL 0.9.6a.
=cut
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *min, BIGNUM *max);
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);