diff options
| -rw-r--r-- | crypto/bn/bn.h | 1 | ||||
| -rw-r--r-- | crypto/bn/bn_err.c | 3 | ||||
| -rw-r--r-- | crypto/bn/bn_rand.c | 7 | ||||
| -rw-r--r-- | doc/crypto/BN_rand.pod | 3 |
4 files changed, 11 insertions, 3 deletions
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 95dab585e8..fa3520b368 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -894,6 +894,7 @@ void ERR_load_BN_strings(void); # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index a9b7f5193b..e7a703826e 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -119,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, + {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 7ac71ec8ed..72308bcb9f 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -168,7 +173,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } #endif - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index 81f93c2eb3..3b2796c5df 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -24,7 +24,8 @@ most significant bit of the random number can be zero. If B<top> is 0, it is set to 1, and if B<top> is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*B<bits> length. If B<bottom> is true, the -number will be odd. +number will be odd. The value of B<bits> must be zero or greater. If B<bits> is +1 then B<top> cannot also be 1. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for |