And BN_pseudo_rand_range is really BN_rand_range.
Document that we might deprecate those functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3743)
if (btmp == NULL)
return 0;
- if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+ if (!BN_rand(btmp, SERIAL_RAND_BITS, 0, 0))
goto error;
if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
goto error;
goto err;
for (i = 0; i < checks; i++) {
- if (!BN_pseudo_rand_range(check, A1))
+ if (!BN_rand_range(check, A1))
goto err;
if (!BN_add_word(check, 1))
goto err;
#include <openssl/rand.h>
#include <openssl/sha.h>
-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+static int bnrand(int testing, BIGNUM *rnd, int bits, int top, int bottom)
{
unsigned char *buf = NULL;
int ret = 0, bit, bytes, mask;
if (RAND_bytes(buf, bytes) <= 0)
goto err;
- if (pseudorand == 2) {
+ if (testing) {
/*
* generate patterns that are more likely to trigger BN library bugs
*/
return bnrand(0, rnd, bits, top, bottom);
}
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
-{
- return bnrand(1, rnd, bits, top, bottom);
-}
-
int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
- return bnrand(2, rnd, bits, top, bottom);
+ return bnrand(1, rnd, bits, top, bottom);
}
/* random number r: 0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
+int BN_rand_range(BIGNUM *r, const BIGNUM *range)
{
- int (*bn_rand) (BIGNUM *, int, int, int) =
- pseudo ? BN_pseudo_rand : BN_rand;
int n;
int count = 100;
* than range
*/
do {
- if (!bn_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+ if (!BN_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
return 0;
/*
* If r < 3*range, use r := r MOD range (which is either r, r -
} else {
do {
/* range = 11..._2 or range = 101..._2 */
- if (!bn_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+ if (!BN_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
return 0;
if (!--count) {
return 1;
}
-int BN_rand_range(BIGNUM *r, const BIGNUM *range)
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
- return bn_rand_range(0, r, range);
+ return BN_rand(rnd, bits, top, bottom);
}
int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
{
- return bn_rand_range(1, r, range);
+ return BN_rand_range(r, range);
}
/*
if (!BN_set_word(y, i))
goto end;
} else {
- if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
+ if (!BN_rand(y, BN_num_bits(p), 0, 0))
goto end;
if (BN_ucmp(y, p) >= 0) {
if (!(p->neg ? BN_add : BN_sub) (y, y, p))
is B<BN_RAND_BOTTOM_ANY> it can be odd or even.
If B<bits> is 1 then B<top> cannot also be B<BN_RAND_FLG_TOPTWO>.
-BN_pseudo_rand() does the same, but pseudo-random numbers generated by
-this function are not necessarily unpredictable. They can be used for
-non-cryptographic purposes and for certain purposes in cryptographic
-protocols, but usually not for key generation etc.
-
BN_rand_range() generates a cryptographically strong pseudo-random
number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range>.
-BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
-and hence numbers generated by it are not necessarily unpredictable.
The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
The functions return 1 on success, 0 on error.
The error codes can be obtained by L<ERR_get_error(3)>.
+=head1 HISTORY
+
+Starting with OpenSSL release 1.1.0,
+BN_pseudo_rand() has been identical to BN_rand()
+and
+BN_pseudo_rand_range() has been identical to BN_rand_range().
+The "pseudo" functions should not be used and may be deprecated in
+a future release.
+
=head1 SEE ALSO
L<ERR_get_error(3)>, L<RAND_add(3)>, L<RAND_bytes(3)>
into B<buf>. An error occurs if the PRNG has not been seeded with
enough randomness to ensure an unpredictable byte sequence.
-RAND_pseudo_bytes() has been deprecated; use RAND_bytes() instead.
-
=head1 RETURN VALUES
RAND_bytes() returns 1 on success, -1 if not supported by the current
=head1 HISTORY
-RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0.
+RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.
=head1 SEE ALSO
BIGNUM *BN_CTX_get(BN_CTX *ctx);
void BN_CTX_end(BN_CTX *ctx);
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG l);
# define OPENSSL_API_COMPAT OPENSSL_MIN_API
#endif
+#if OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
#if OPENSSL_API_COMPAT < 0x10100000L
# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
#else
|| !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx))
- || !TEST_true(BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+ || !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0))
|| !TEST_true(BN_add(z, z, y)))
goto err;
BN_set_negative(z, 1);
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P))
- || !TEST_true(BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+ || !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0))
|| !TEST_true(BN_add(z, x, y)))
goto err;
BN_set_negative(z, 1);
|| !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx)))
goto err;
- if (!TEST_true(BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+ if (!TEST_true(BN_rand(y, BN_num_bits(y), 0, 0))
|| !TEST_true(BN_add(z, z, y)))
goto err;
BN_set_negative(z, 1);
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
goto err;
- if (!TEST_true(BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+ if (!TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0))
|| !TEST_true(BN_add(z, x, y)))
goto err;
BN_set_negative(z, 1);
projects / oweals / openssl.git / commitdiff