Add constants for BN_rand and use them.
See upstream's f67cbb74437842a0f88f84f43a0faa968ca77b35 and
2301d91dd58d9827865e360d616291f2549ec5bf.
Change-Id: I3b79323847a7610143a9dfb9b5b45bf7a33d8690
Reviewed-on: https://boringssl-review.googlesource.com/10369
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/bn/bn_test.cc b/crypto/bn/bn_test.cc
index b35e59b..f55dee0 100644
--- a/crypto/bn/bn_test.cc
+++ b/crypto/bn/bn_test.cc
@@ -668,8 +668,7 @@
// Test a random numbers at various byte lengths.
for (size_t bytes = 128 - 7; bytes <= 128; bytes++) {
- if (!BN_rand(n.get(), bytes * 8, 0 /* make sure top bit is 1 */,
- 0 /* don't modify bottom bit */)) {
+ if (!BN_rand(n.get(), bytes * 8, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) {
ERR_print_errors_fp(stderr);
return false;
}
@@ -915,34 +914,34 @@
// Test BN_rand accounts for degenerate cases with |top| and |bottom|
// parameters.
- if (!BN_rand(bn.get(), 0, 0 /* top */, 0 /* bottom */) ||
+ if (!BN_rand(bn.get(), 0, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY) ||
!BN_is_zero(bn.get())) {
fprintf(stderr, "BN_rand gave a bad result.\n");
return false;
}
- if (!BN_rand(bn.get(), 0, 1 /* top */, 1 /* bottom */) ||
+ if (!BN_rand(bn.get(), 0, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD) ||
!BN_is_zero(bn.get())) {
fprintf(stderr, "BN_rand gave a bad result.\n");
return false;
}
- if (!BN_rand(bn.get(), 1, 0 /* top */, 0 /* bottom */) ||
+ if (!BN_rand(bn.get(), 1, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY) ||
!BN_is_word(bn.get(), 1)) {
fprintf(stderr, "BN_rand gave a bad result.\n");
return false;
}
- if (!BN_rand(bn.get(), 1, 1 /* top */, 0 /* bottom */) ||
+ if (!BN_rand(bn.get(), 1, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY) ||
!BN_is_word(bn.get(), 1)) {
fprintf(stderr, "BN_rand gave a bad result.\n");
return false;
}
- if (!BN_rand(bn.get(), 1, -1 /* top */, 1 /* bottom */) ||
+ if (!BN_rand(bn.get(), 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ODD) ||
!BN_is_word(bn.get(), 1)) {
fprintf(stderr, "BN_rand gave a bad result.\n");
return false;
}
- if (!BN_rand(bn.get(), 2, 1 /* top */, 0 /* bottom */) ||
+ if (!BN_rand(bn.get(), 2, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY) ||
!BN_is_word(bn.get(), 3)) {
fprintf(stderr, "BN_rand gave a bad result.\n");
return false;
@@ -1291,7 +1290,8 @@
// TestExpModZero tests that 1**0 mod 1 == 0.
static bool TestExpModZero() {
ScopedBIGNUM zero(BN_new()), a(BN_new()), r(BN_new());
- if (!zero || !a || !r || !BN_rand(a.get(), 1024, 0, 0)) {
+ if (!zero || !a || !r ||
+ !BN_rand(a.get(), 1024, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) {
return false;
}
BN_zero(zero.get());
diff --git a/crypto/bn/prime.c b/crypto/bn/prime.c
index 98a46a9..0f668d7 100644
--- a/crypto/bn/prime.c
+++ b/crypto/bn/prime.c
@@ -651,7 +651,7 @@
char is_single_word = bits <= BN_BITS2;
again:
- if (!BN_rand(rnd, bits, 1, 1)) {
+ if (!BN_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD)) {
return 0;
}
@@ -735,7 +735,7 @@
goto err;
}
- if (!BN_rand(rnd, bits, 0, 1)) {
+ if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) {
goto err;
}
@@ -798,7 +798,7 @@
goto err;
}
- if (!BN_rand(q, bits, 0, 1)) {
+ if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) {
goto err;
}
diff --git a/crypto/bn/random.c b/crypto/bn/random.c
index fb76f1d..ecf43c1 100644
--- a/crypto/bn/random.c
+++ b/crypto/bn/random.c
@@ -123,6 +123,17 @@
return 0;
}
+ if (top != BN_RAND_TOP_ANY && top != BN_RAND_TOP_ONE &&
+ top != BN_RAND_TOP_TWO) {
+ OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+
+ if (bottom != BN_RAND_BOTTOM_ANY && bottom != BN_RAND_BOTTOM_ODD) {
+ OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+
if (bits == 0) {
BN_zero(rnd);
return 1;
@@ -143,8 +154,8 @@
goto err;
}
- if (top != -1) {
- if (top && bits > 1) {
+ if (top != BN_RAND_TOP_ANY) {
+ if (top == BN_RAND_TOP_TWO && bits > 1) {
if (bit == 0) {
buf[0] = 1;
buf[1] |= 0x80;
@@ -158,8 +169,8 @@
buf[0] &= ~mask;
- /* set bottom bit if requested */
- if (bottom) {
+ /* Set the bottom bit if requested, */
+ if (bottom == BN_RAND_BOTTOM_ODD) {
buf[bytes - 1] |= 1;
}
@@ -210,8 +221,7 @@
/* range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer
* than range. This is a common scenario when generating a random value
* modulo an RSA public modulus, e.g. for RSA base blinding. */
- if (!BN_rand(r, n + 1, -1 /* don't set most significant bits */,
- 0 /* don't set least significant bits */)) {
+ if (!BN_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
return 0;
}
@@ -230,7 +240,7 @@
}
} else {
/* range = 11..._2 or range = 101..._2 */
- if (!BN_rand(r, n, -1, 0)) {
+ if (!BN_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
return 0;
}
}
diff --git a/crypto/dh/dh.c b/crypto/dh/dh.c
index ec297c4..7545071 100644
--- a/crypto/dh/dh.c
+++ b/crypto/dh/dh.c
@@ -311,7 +311,7 @@
priv_bits = p_bits - 1;
}
- if (!BN_rand(priv_key, priv_bits, 0, 0)) {
+ if (!BN_rand(priv_key, priv_bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) {
goto err;
}
}
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index ff9d680..f84362d 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -577,15 +577,27 @@
/* Random and prime number generation. */
-/* BN_rand sets |rnd| to a random number of length |bits|. If |top| is zero, the
- * most-significant bit, if any, will be set. If |top| is one, the two most
- * significant bits, if any, will be set.
+/* The following are values for the |top| parameter of |BN_rand|. */
+#define BN_RAND_TOP_ANY -1
+#define BN_RAND_TOP_ONE 0
+#define BN_RAND_TOP_TWO 1
+
+/* The following are values for the |bottom| parameter of |BN_rand|. */
+#define BN_RAND_BOTTOM_ANY 0
+#define BN_RAND_BOTTOM_ODD 1
+
+/* BN_rand sets |rnd| to a random number of length |bits|. It returns one on
+ * success and zero otherwise.
*
- * If |top| is -1 then no extra action will be taken and |BN_num_bits(rnd)| may
- * not equal |bits| if the most significant bits randomly ended up as zeros.
+ * |top| must be one of the |BN_RAND_TOP_*| values. If |BN_RAND_TOP_ONE|, the
+ * most-significant bit, if any, will be set. If |BN_RAND_TOP_TWO|, the two
+ * most significant bits, if any, will be set. If |BN_RAND_TOP_ANY|, no extra
+ * action will be taken and |BN_num_bits(rnd)| may not equal |bits| if the most
+ * significant bits randomly ended up as zeros.
*
- * If |bottom| is non-zero, the least-significant bit, if any, will be set. The
- * function returns one on success or zero otherwise. */
+ * |bottom| must be one of the |BN_RAND_BOTTOM_*| values. If
+ * |BN_RAND_BOTTOM_ODD|, the least-significant bit, if any, will be set. If
+ * |BN_RAND_BOTTOM_ANY|, no extra action will be taken. */
OPENSSL_EXPORT int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
/* BN_pseudo_rand is an alias for |BN_rand|. */