Mention BN_[pseudo_]rand with top=-1 in CHANGES.
*) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
Bleichenbacher's DSA attack.
+ Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+ to be set and top=0 forces the highest bit to be set; top=-1 is new
+ and leaves the highest bit random.
[Ulf Moeller]
*) In the NCONF_...-based implementations for CONF_... queries
bytes=(bits+7)/8;
bit=(bits-1)%8;
- mask=0xff<<bit;
+ mask=0xff<<(bit+1);
buf=(unsigned char *)OPENSSL_malloc(bytes);
if (buf == NULL)
{
if (top)
{
- if (bit == 0)
+ if (bit == 0)
{
buf[0]=1;
buf[1]|=0x80;
else
{
buf[0]|=(3<<(bit-1));
- buf[0]&= ~(mask<<1);
}
}
else
{
buf[0]|=(1<<bit);
- buf[0]&= ~(mask<<1);
}
}
- if (bottom) /* set bottom bits to whatever odd is */
+ buf[0] &= ~mask;
+ if (bottom) /* set bottom bit if requested */
buf[bytes-1]|=1;
if (!BN_bin2bn(buf,bytes,rnd)) goto err;
ret=1;
}
n = BN_num_bits(range); /* n > 0 */
-
+
if (n == 1)
{
if (!BN_zero(r)) return 0;
return 1;
}
-
projects / oweals / openssl.git / commitdiff