diff options
author | Bodo Möller <bodo@openssl.org> | 2001-02-20 08:10:38 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2001-02-20 08:10:38 +0000 |
commit | f2bc668429fa2abdc77db0db861a9bb2be0c3a85 (patch) | |
tree | b0a8edbe78585f3704d88c9cddbf3bfd548a1fe2 | |
parent | 8120813066728ab4bd2d5c6d058f528e5cc627fc (diff) |
Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | crypto/bn/bn_rand.c | 7 |
2 files changed, 6 insertions, 4 deletions
@@ -113,6 +113,9 @@ *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent Bleichenbacher's DSA attack. + Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits + to be set and top=0 forces the highest bit to be set; top=-1 is new + and leaves the highest bit random. [Ulf Moeller, Bodo Moeller] *) Update Rijndael code to version 3.0 and change EVP AES ciphers to diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index b8fbbc8386..fb583fb358 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -76,7 +76,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) bytes=(bits+7)/8; bit=(bits-1)%8; - mask=0xff<<bit; + mask=0xff<<(bit+1); buf=(unsigned char *)OPENSSL_malloc(bytes); if (buf == NULL) @@ -133,16 +133,15 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) else { buf[0]|=(3<<(bit-1)); - buf[0]&= ~(mask<<1); } } else { buf[0]|=(1<<bit); - buf[0]&= ~(mask<<1); } } - if (bottom) /* set bottom bits to whatever odd is */ + buf[0] &= ~mask; + if (bottom) /* set bottom bit if requested */ buf[bytes-1]|=1; if (!BN_bin2bn(buf,bytes,rnd)) goto err; ret=1; |