Integrate my implementation of a countermeasure against

Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)

1 files changed, 3 insertions, 3 deletions

diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod
index dc93949246..e4c94e3d12 100644
--- a/doc/crypto/BN_rand.pod
+++ b/doc/crypto/BN_rand.pod
@@ -12,7 +12,7 @@ BN_rand, BN_pseudo_rand - generate pseudo-random number
 
  int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
 
- int BN_rand_range(BIGNUM *rnd, BIGNUM *min, BIGNUM *max);
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *min, BIGNUM *range);
 
 =head1 DESCRIPTION
 
@@ -28,8 +28,8 @@ non-cryptographic purposes and for certain purposes in cryptographic
 protocols, but usually not for key generation etc.
 
 BN_rand_range() generates a cryptographically strong pseudo-random
-number B<rnd> in the range B<min> E<lt>= B<rnd> E<lt> B<max>. B<min>
-may be NULL, in that case 0 E<lt>= B<rnd> E<lt> B<max>.
+number B<rnd> in the range B<min> E<lt>= B<rnd> E<lt> B<min> + B<range>.
+B<min> may be NULL, in that case 0 E<lt>= B<rnd> E<lt> B<range>.
 
 The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().