Add constants for BN_rand and use them.

See upstream's f67cbb74437842a0f88f84f43a0faa968ca77b35 and 2301d91dd58d9827865e360d616291f2549ec5bf. Change-Id: I3b79323847a7610143a9dfb9b5b45bf7a33d8690 Reviewed-on: https://boringssl-review.googlesource.com/10369 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
author: David Benjamin <davidben@google.com> 2016-08-16 17:03:45 +0300
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> 2016-08-18 21:18:31 +0300
commit: d224d52aba4b73fce82f8b703d6d6f0202da4391 (patch)
tree: 5115a2d37ee270a036d0fcd1438037fb7dcbc122 /crypto
parent: 8fcc755cf5a39149e135e561cb8349c513b5ae05 (diff)
4 files changed, 30 insertions, 20 deletions
diff --git a/crypto/bn/bn_test.cc b/crypto/bn/bn_test.cc
index b35e59bd..f55dee06 100644
--- a/crypto/bn/bn_test.cc
+++ b/crypto/bn/bn_test.cc
@@ -668,8 +668,7 @@ static bool TestBN2BinPadded(BN_CTX *ctx) {
 
   // Test a random numbers at various byte lengths.
   for (size_t bytes = 128 - 7; bytes <= 128; bytes++) {
-    if (!BN_rand(n.get(), bytes * 8, 0 /* make sure top bit is 1 */,
-                 0 /* don't modify bottom bit */)) {
+    if (!BN_rand(n.get(), bytes * 8, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) {
       ERR_print_errors_fp(stderr);
       return false;
     }
@@ -915,34 +914,34 @@ static bool TestRand() {
 
   // Test BN_rand accounts for degenerate cases with |top| and |bottom|
   // parameters.
-  if (!BN_rand(bn.get(), 0, 0 /* top */, 0 /* bottom */) ||
+  if (!BN_rand(bn.get(), 0, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY) ||
       !BN_is_zero(bn.get())) {
     fprintf(stderr, "BN_rand gave a bad result.\n");
     return false;
   }
-  if (!BN_rand(bn.get(), 0, 1 /* top */, 1 /* bottom */) ||
+  if (!BN_rand(bn.get(), 0, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD) ||
       !BN_is_zero(bn.get())) {
     fprintf(stderr, "BN_rand gave a bad result.\n");
     return false;
   }
 
-  if (!BN_rand(bn.get(), 1, 0 /* top */, 0 /* bottom */) ||
+  if (!BN_rand(bn.get(), 1, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY) ||
       !BN_is_word(bn.get(), 1)) {
     fprintf(stderr, "BN_rand gave a bad result.\n");
     return false;
   }
-  if (!BN_rand(bn.get(), 1, 1 /* top */, 0 /* bottom */) ||
+  if (!BN_rand(bn.get(), 1, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY) ||
       !BN_is_word(bn.get(), 1)) {
     fprintf(stderr, "BN_rand gave a bad result.\n");
     return false;
   }
-  if (!BN_rand(bn.get(), 1, -1 /* top */, 1 /* bottom */) ||
+  if (!BN_rand(bn.get(), 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ODD) ||
       !BN_is_word(bn.get(), 1)) {
     fprintf(stderr, "BN_rand gave a bad result.\n");
     return false;
   }
 
-  if (!BN_rand(bn.get(), 2, 1 /* top */, 0 /* bottom */) ||
+  if (!BN_rand(bn.get(), 2, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY) ||
       !BN_is_word(bn.get(), 3)) {
     fprintf(stderr, "BN_rand gave a bad result.\n");
     return false;
@@ -1291,7 +1290,8 @@ static bool TestBadModulus(BN_CTX *ctx) {
 // TestExpModZero tests that 1**0 mod 1 == 0.
 static bool TestExpModZero() {
   ScopedBIGNUM zero(BN_new()), a(BN_new()), r(BN_new());
-  if (!zero || !a || !r || !BN_rand(a.get(), 1024, 0, 0)) {
+  if (!zero || !a || !r ||
+      !BN_rand(a.get(), 1024, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) {
     return false;
   }
   BN_zero(zero.get());
diff --git a/crypto/bn/prime.c b/crypto/bn/prime.c
index 98a46a99..0f668d72 100644
--- a/crypto/bn/prime.c
+++ b/crypto/bn/prime.c
@@ -651,7 +651,7 @@ static int probable_prime(BIGNUM *rnd, int bits) {
   char is_single_word = bits <= BN_BITS2;
 
 again:
-  if (!BN_rand(rnd, bits, 1, 1)) {
+  if (!BN_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD)) {
     return 0;
   }
 
@@ -735,7 +735,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add,
     goto err;
   }
 
-  if (!BN_rand(rnd, bits, 0, 1)) {
+  if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) {
     goto err;
   }
 
@@ -798,7 +798,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
     goto err;
   }
 
-  if (!BN_rand(q, bits, 0, 1)) {
+  if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) {
     goto err;
   }
 
diff --git a/crypto/bn/random.c b/crypto/bn/random.c
index fb76f1dd..ecf43c16 100644
--- a/crypto/bn/random.c
+++ b/crypto/bn/random.c
@@ -123,6 +123,17 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) {
     return 0;
   }
 
+  if (top != BN_RAND_TOP_ANY && top != BN_RAND_TOP_ONE &&
+      top != BN_RAND_TOP_TWO) {
+    OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return 0;
+  }
+
+  if (bottom != BN_RAND_BOTTOM_ANY && bottom != BN_RAND_BOTTOM_ODD) {
+    OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return 0;
+  }
+
   if (bits == 0) {
     BN_zero(rnd);
     return 1;
@@ -143,8 +154,8 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) {
     goto err;
   }
 
-  if (top != -1) {
-    if (top && bits > 1) {
+  if (top != BN_RAND_TOP_ANY) {
+    if (top == BN_RAND_TOP_TWO && bits > 1) {
       if (bit == 0) {
         buf[0] = 1;
         buf[1] |= 0x80;
@@ -158,8 +169,8 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) {
 
   buf[0] &= ~mask;
 
-  /* set bottom bit if requested */
-  if (bottom)  {
+  /* Set the bottom bit if requested, */
+  if (bottom == BN_RAND_BOTTOM_ODD)  {
     buf[bytes - 1] |= 1;
   }
 
@@ -210,8 +221,7 @@ int BN_rand_range_ex(BIGNUM *r, BN_ULONG min_inclusive,
       /* range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer
        * than range. This is a common scenario when generating a random value
        * modulo an RSA public modulus, e.g. for RSA base blinding. */
-      if (!BN_rand(r, n + 1, -1 /* don't set most significant bits */,
-                   0 /* don't set least significant bits */)) {
+      if (!BN_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
         return 0;
       }
 
@@ -230,7 +240,7 @@ int BN_rand_range_ex(BIGNUM *r, BN_ULONG min_inclusive,
       }
     } else {
       /* range = 11..._2  or  range = 101..._2 */
-      if (!BN_rand(r, n, -1, 0)) {
+      if (!BN_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
         return 0;
       }
     }
diff --git a/crypto/dh/dh.c b/crypto/dh/dh.c
index ec297c44..75450713 100644
--- a/crypto/dh/dh.c
+++ b/crypto/dh/dh.c
@@ -311,7 +311,7 @@ int DH_generate_key(DH *dh) {
         priv_bits = p_bits - 1;
       }
 
-      if (!BN_rand(priv_key, priv_bits, 0, 0)) {
+      if (!BN_rand(priv_key, priv_bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) {
         goto err;
       }
     }
author	David Benjamin <davidben@google.com>	2016-08-16 17:03:45 +0300
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	2016-08-18 21:18:31 +0300
commit	d224d52aba4b73fce82f8b703d6d6f0202da4391 (patch)
tree	5115a2d37ee270a036d0fcd1438037fb7dcbc122 /crypto
parent	8fcc755cf5a39149e135e561cb8349c513b5ae05 (diff)