fix BN_rand_range

2001-12-14 10:09:01 +00:00 · 2001-12-14 10:09:01 +00:00 · 865ce8abcb
commit 865ce8abcb
parent a69b3e94f3
2 changed files with 19 additions and 11 deletions
--- a/6
+++ b/6
@ -4,6 +4,12 @@

 Changes between 0.9.6b and 0.9.6c  [XX xxx XXXX]

+  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
+     <Dominikus.Scherkl@biodata.com>.  (The previous implementation
+     worked incorrectly for those cases where  range = 10..._2  and
+     3*range  is two bits longer than  range.)
+     [Bodo Moeller]
+
  *) Only add signing time to PKCS7 structures if it is not already
     present.
     [Steve Henson]
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@ -238,22 +238,15 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)

 	n = BN_num_bits(range); /* n > 0 */

+	/* BN_is_bit_set(range, n - 1) always holds */
+
 	if (n == 1)
 		{
 		if (!BN_zero(r)) return 0;
 		}
-	else if (BN_is_bit_set(range, n - 2))
+	else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
 		{
-		do
-			{
-			/* range = 11..._2, so each iteration succeeds with probability >= .75 */
-			if (!bn_rand(r, n, -1, 0)) return 0;
-			}
-		while (BN_cmp(r, range) >= 0);
-		}
-	else
-		{
-		/* range = 10..._2,
+		/* range = 100..._2,
 		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
 		do
 			{
@ -272,6 +265,15 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
 			}
 		while (BN_cmp(r, range) >= 0);
 		}
+	else
+		{
+		do
+			{
+			/* range = 11..._2  or  range = 101..._2 */
+			if (!bn_rand(r, n, -1, 0)) return 0;
+			}
+		while (BN_cmp(r, range) >= 0);
+		}

 	return 1;
 	}