sl@0: /* crypto/bn/bn_rand.c */ sl@0: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) sl@0: * All rights reserved. sl@0: * sl@0: * This package is an SSL implementation written sl@0: * by Eric Young (eay@cryptsoft.com). sl@0: * The implementation was written so as to conform with Netscapes SSL. sl@0: * sl@0: * This library is free for commercial and non-commercial use as long as sl@0: * the following conditions are aheared to. The following conditions sl@0: * apply to all code found in this distribution, be it the RC4, RSA, sl@0: * lhash, DES, etc., code; not just the SSL code. The SSL documentation sl@0: * included with this distribution is covered by the same copyright terms sl@0: * except that the holder is Tim Hudson (tjh@cryptsoft.com). sl@0: * sl@0: * Copyright remains Eric Young's, and as such any Copyright notices in sl@0: * the code are not to be removed. sl@0: * If this package is used in a product, Eric Young should be given attribution sl@0: * as the author of the parts of the library used. sl@0: * This can be in the form of a textual message at program startup or sl@0: * in documentation (online or textual) provided with the package. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * 1. Redistributions of source code must retain the copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in the sl@0: * documentation and/or other materials provided with the distribution. sl@0: * 3. All advertising materials mentioning features or use of this software sl@0: * must display the following acknowledgement: sl@0: * "This product includes cryptographic software written by sl@0: * Eric Young (eay@cryptsoft.com)" sl@0: * The word 'cryptographic' can be left out if the rouines from the library sl@0: * being used are not cryptographic related :-). sl@0: * 4. If you include any Windows specific code (or a derivative thereof) from sl@0: * the apps directory (application code) you must include an acknowledgement: sl@0: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND sl@0: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE sl@0: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE sl@0: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL sl@0: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS sl@0: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT sl@0: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY sl@0: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF sl@0: * SUCH DAMAGE. sl@0: * sl@0: * The licence and distribution terms for any publically available version or sl@0: * derivative of this code cannot be changed. i.e. this code cannot simply be sl@0: * copied and put under another distribution licence sl@0: * [including the GNU Public Licence.] sl@0: */ sl@0: /* ==================================================================== sl@0: * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * sl@0: * 1. Redistributions of source code must retain the above copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in sl@0: * the documentation and/or other materials provided with the sl@0: * distribution. sl@0: * sl@0: * 3. All advertising materials mentioning features or use of this sl@0: * software must display the following acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" sl@0: * sl@0: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to sl@0: * endorse or promote products derived from this software without sl@0: * prior written permission. For written permission, please contact sl@0: * openssl-core@openssl.org. sl@0: * sl@0: * 5. Products derived from this software may not be called "OpenSSL" sl@0: * nor may "OpenSSL" appear in their names without prior written sl@0: * permission of the OpenSSL Project. sl@0: * sl@0: * 6. Redistributions of any form whatsoever must retain the following sl@0: * acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit (http://www.openssl.org/)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY sl@0: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR sl@0: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR sl@0: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, sl@0: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT sl@0: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; sl@0: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, sl@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) sl@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED sl@0: * OF THE POSSIBILITY OF SUCH DAMAGE. sl@0: * ==================================================================== sl@0: * sl@0: * This product includes cryptographic software written by Eric Young sl@0: * (eay@cryptsoft.com). This product includes software written by Tim sl@0: * Hudson (tjh@cryptsoft.com). sl@0: * sl@0: */ sl@0: sl@0: #include sl@0: #include sl@0: #include "cryptlib.h" sl@0: #include "bn_lcl.h" sl@0: #include sl@0: sl@0: static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) sl@0: { sl@0: unsigned char *buf=NULL; sl@0: int ret=0,bit,bytes,mask; sl@0: time_t tim; sl@0: sl@0: if (bits == 0) sl@0: { sl@0: BN_zero(rnd); sl@0: return 1; sl@0: } sl@0: sl@0: bytes=(bits+7)/8; sl@0: bit=(bits-1)%8; sl@0: mask=0xff<<(bit+1); sl@0: sl@0: buf=(unsigned char *)OPENSSL_malloc(bytes); sl@0: if (buf == NULL) sl@0: { sl@0: BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE); sl@0: goto err; sl@0: } sl@0: sl@0: /* make a random number and set the top and bottom bits */ sl@0: time(&tim); sl@0: RAND_add(&tim,sizeof(tim),0.0); sl@0: sl@0: if (pseudorand) sl@0: { sl@0: if (RAND_pseudo_bytes(buf, bytes) == -1) sl@0: goto err; sl@0: } sl@0: else sl@0: { sl@0: if (RAND_bytes(buf, bytes) <= 0) sl@0: goto err; sl@0: } sl@0: sl@0: #if 1 sl@0: if (pseudorand == 2) sl@0: { sl@0: /* generate patterns that are more likely to trigger BN sl@0: library bugs */ sl@0: int i; sl@0: unsigned char c; sl@0: sl@0: for (i = 0; i < bytes; i++) sl@0: { sl@0: RAND_pseudo_bytes(&c, 1); sl@0: if (c >= 128 && i > 0) sl@0: buf[i] = buf[i-1]; sl@0: else if (c < 42) sl@0: buf[i] = 0; sl@0: else if (c < 84) sl@0: buf[i] = 255; sl@0: } sl@0: } sl@0: #endif sl@0: sl@0: if (top != -1) sl@0: { sl@0: if (top) sl@0: { sl@0: if (bit == 0) sl@0: { sl@0: buf[0]=1; sl@0: buf[1]|=0x80; sl@0: } sl@0: else sl@0: { sl@0: buf[0]|=(3<<(bit-1)); sl@0: } sl@0: } sl@0: else sl@0: { sl@0: buf[0]|=(1<neg || BN_is_zero(range)) sl@0: { sl@0: BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); sl@0: return 0; sl@0: } sl@0: sl@0: n = BN_num_bits(range); /* n > 0 */ sl@0: sl@0: /* BN_is_bit_set(range, n - 1) always holds */ sl@0: sl@0: if (n == 1) sl@0: BN_zero(r); sl@0: else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) sl@0: { sl@0: /* range = 100..._2, sl@0: * so 3*range (= 11..._2) is exactly one bit longer than range */ sl@0: do sl@0: { sl@0: if (!bn_rand(r, n + 1, -1, 0)) return 0; sl@0: /* If r < 3*range, use r := r MOD range sl@0: * (which is either r, r - range, or r - 2*range). sl@0: * Otherwise, iterate once more. sl@0: * Since 3*range = 11..._2, each iteration succeeds with sl@0: * probability >= .75. */ sl@0: if (BN_cmp(r ,range) >= 0) sl@0: { sl@0: if (!BN_sub(r, r, range)) return 0; sl@0: if (BN_cmp(r, range) >= 0) sl@0: if (!BN_sub(r, r, range)) return 0; sl@0: } sl@0: sl@0: if (!--count) sl@0: { sl@0: BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); sl@0: return 0; sl@0: } sl@0: sl@0: } sl@0: while (BN_cmp(r, range) >= 0); sl@0: } sl@0: else sl@0: { sl@0: do sl@0: { sl@0: /* range = 11..._2 or range = 101..._2 */ sl@0: if (!bn_rand(r, n, -1, 0)) return 0; sl@0: sl@0: if (!--count) sl@0: { sl@0: BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); sl@0: return 0; sl@0: } sl@0: } sl@0: while (BN_cmp(r, range) >= 0); sl@0: } sl@0: sl@0: bn_check_top(r); sl@0: return 1; sl@0: } sl@0: sl@0: sl@0: EXPORT_C int BN_rand_range(BIGNUM *r, BIGNUM *range) sl@0: { sl@0: return bn_rand_range(0, r, range); sl@0: } sl@0: sl@0: EXPORT_C int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range) sl@0: { sl@0: return bn_rand_range(1, r, range); sl@0: }