diff options
| -rw-r--r-- | crypto/bn/bn_rand.c | 7 | ||||
| -rw-r--r-- | doc/crypto/BN_rand.pod | 3 |
2 files changed, 8 insertions, 2 deletions
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 4dd3f924a7..2764c8a307 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -122,6 +122,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -168,7 +173,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } } - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index d6b975ccf6..bd6bc86323 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -24,7 +24,8 @@ most significant bit of the random number can be zero. If B<top> is 0, it is set to 1, and if B<top> is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*B<bits> length. If B<bottom> is true, the -number will be odd. +number will be odd. The value of B<bits> must be zero or greater. If B<bits> is +1 then B<top> cannot also be 1. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for |