On Fri, Feb 09, 2001 at 05:05:14PM +0100, Ulf Moeller wrote:
>> What about a combined version of BN_rand_range (see below)? Then
>> dsa_ossl.c needs just this:
>>
>> /* Get random k */
>> if (!BN_rand_range(&k, BN_value_one(), dsa->q, NULL)) goto err;
> That's better, but it makes for a quite confusing interface:
>
>> /* random number r: minimum + offset <= r < range + offset
Which becomes less confusing if the inequailities for the special
cases minimum = 0 are explicity given:
/* random number r: minimum + offset <= r < range + offset
* if minimum == NULL: offset <= r < range
* if offset == NULL: minimum <= r < range
* if both are NULL: 0 <= r < range
*/
> If you're worried about inefficiency for a large "minimum", the function
> should turn that into an offset internally rather than export the problem to
> the API.
>
> In the case that an app already has "range" and "offset" it seems more natural
> to add "offset" afterward than to have it combined with the random function.
So maybe we should have just one parameter, 'range'. The loop for
implementing 'minimum' is easier to implement in the application than
the addition for implementing 'offset' (BN_cmp() does not require error
handling, BN_add() does). Even with the initial BN_range version it
would have been advantegeous for the generation of DSA k to use
min=NULL and put the loop around the BN_rand_range() call instead
of using the loop in BN_rand_range(): the latter loop
has to use BN_cmp() for generality, but in the DSA case we can
use the BN_is_zero() macro.
--
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
