Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
This commit is contained in:
parent
8120813066
commit
f2bc668429
3
CHANGES
3
CHANGES
@ -113,6 +113,9 @@
|
||||
|
||||
*) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
|
||||
Bleichenbacher's DSA attack.
|
||||
Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
|
||||
to be set and top=0 forces the highest bit to be set; top=-1 is new
|
||||
and leaves the highest bit random.
|
||||
[Ulf Moeller, Bodo Moeller]
|
||||
|
||||
*) Update Rijndael code to version 3.0 and change EVP AES ciphers to
|
||||
|
@ -76,7 +76,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
|
||||
|
||||
bytes=(bits+7)/8;
|
||||
bit=(bits-1)%8;
|
||||
mask=0xff<<bit;
|
||||
mask=0xff<<(bit+1);
|
||||
|
||||
buf=(unsigned char *)OPENSSL_malloc(bytes);
|
||||
if (buf == NULL)
|
||||
@ -133,16 +133,15 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
|
||||
else
|
||||
{
|
||||
buf[0]|=(3<<(bit-1));
|
||||
buf[0]&= ~(mask<<1);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
buf[0]|=(1<<bit);
|
||||
buf[0]&= ~(mask<<1);
|
||||
}
|
||||
}
|
||||
if (bottom) /* set bottom bits to whatever odd is */
|
||||
buf[0] &= ~mask;
|
||||
if (bottom) /* set bottom bit if requested */
|
||||
buf[bytes-1]|=1;
|
||||
if (!BN_bin2bn(buf,bytes,rnd)) goto err;
|
||||
ret=1;
|
||||
|
Loading…
Reference in New Issue
Block a user