openssl/doc/crypto/BN_rand.pod

=pod

=head1 NAME

BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-random number

=head1 SYNOPSIS

 #include <openssl/bn.h>

 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);

 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);

 int BN_rand_range(BIGNUM *rnd, BIGNUM *range);

 int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);

=head1 DESCRIPTION

BN_rand() generates a cryptographically strong pseudo-random number of
B<bits> in length and stores it in B<rnd>. If B<top> is -1, the
most significant bit of the random number can be zero. If B<top> is 0,
it is set to 1, and if B<top> is 1, the two most significant bits of
the number will be set to 1, so that the product of two such random
numbers will always have 2*B<bits> length.  If B<bottom> is true, the
number will be odd. The value of B<bits> must be zero or greater. If B<bits> is
1 then B<top> cannot also be 1.

BN_pseudo_rand() does the same, but pseudo-random numbers generated by
this function are not necessarily unpredictable. They can be used for
non-cryptographic purposes and for certain purposes in cryptographic
protocols, but usually not for key generation etc.

BN_rand_range() generates a cryptographically strong pseudo-random
number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range>.
BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
and hence numbers generated by it are not necessarily unpredictable.

The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().

=head1 RETURN VALUES

The functions return 1 on success, 0 on error.
The error codes can be obtained by L<ERR_get_error(3)>.

=head1 SEE ALSO

L<bn(3)>, L<ERR_get_error(3)>, L<rand(3)>,
L<RAND_add(3)>, L<RAND_bytes(3)>

=cut

=head1 COPYRIGHT

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Document the BN library. 2000-01-23 22:06:24 +00:00			`=pod`

			`=head1 NAME`

Document updates from wiki. PR#3071 The primary changes made are: - Updates to the "NAME" section of many pages to correctly reflect the functions defined on those pages. This section is automatically parsed by the util/extract-names.pl script, so if it is not correct then running "man" will not correctly locate the right manual pages. - Updates to take account of where functions are now deprecated - Full documentation of the ec sub-library - A number of other typo corrections and other minor tweaks 2013-06-12 22:42:08 +00:00			`BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-random number`
Document the BN library. 2000-01-23 22:06:24 +00:00
			`=head1 SYNOPSIS`

			`#include <openssl/bn.h>`

			`int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);`

nicer manpages 2000-02-24 11:55:57 +00:00			`int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);`
Document DSA and SHA. New function BN_pseudo_rand(). Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when generating DSA primes (why not use BN_is_prime()?) 2000-01-27 19:31:26 +00:00
Simplify BN_rand_range 2001-02-10 00:34:02 +00:00			`int BN_rand_range(BIGNUM rnd, BIGNUM range);`
Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
Documentation bug corrected. PR: 70 2002-06-05 09:31:05 +00:00			`int BN_pseudo_rand_range(BIGNUM rnd, BIGNUM range);`
Use uniformly chosen witnesses for Miller-Rabin test (by using new BN_pseudo_rand_range function) 2001-09-03 12:58:16 +00:00
Document the BN library. 2000-01-23 22:06:24 +00:00			`=head1 DESCRIPTION`

			`BN_rand() generates a cryptographically strong pseudo-random number of`
Fix typos Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-10-08 12:40:42 +00:00			`B<bits> in length and stores it in B<rnd>. If B<top> is -1, the`
BN_rand_range() needs a BN_rand() variant that doesn't set the MSB. 2001-02-20 00:23:07 +00:00			`most significant bit of the random number can be zero. If B<top> is 0,`
			`it is set to 1, and if B<top> is 1, the two most significant bits of`
			`the number will be set to 1, so that the product of two such random`
			`numbers will always have 2*B<bits> length. If B<bottom> is true, the`
Fix off-by-one in BN_rand If BN_rand is called with \|bits\| set to 1 and \|top\| set to 1 then a 1 byte buffer overflow can occur. There are no such instances within the OpenSSL at the moment. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org> 2015-05-19 15:03:02 +00:00			`number will be odd. The value of B<bits> must be zero or greater. If B<bits> is`
			`1 then B<top> cannot also be 1.`
Document the BN library. 2000-01-23 22:06:24 +00:00
Document DSA and SHA. New function BN_pseudo_rand(). Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when generating DSA primes (why not use BN_is_prime()?) 2000-01-27 19:31:26 +00:00			`BN_pseudo_rand() does the same, but pseudo-random numbers generated by`
			`this function are not necessarily unpredictable. They can be used for`
			`non-cryptographic purposes and for certain purposes in cryptographic`
			`protocols, but usually not for key generation etc.`

Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00			`BN_rand_range() generates a cryptographically strong pseudo-random`
Fix author credit for e5c0bc6 Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-07-15 08:54:28 +00:00			`number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range>.`
Use uniformly chosen witnesses for Miller-Rabin test (by using new BN_pseudo_rand_range function) 2001-09-03 12:58:16 +00:00			`BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),`
			`and hence numbers generated by it are not necessarily unpredictable.`
Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
			`The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().`
Document the BN library. 2000-01-23 22:06:24 +00:00
			`=head1 RETURN VALUES`

Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00			`The functions return 1 on success, 0 on error.`
Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-08-17 19:21:33 +00:00			`The error codes can be obtained by L<ERR_get_error(3)>.`
Document the BN library. 2000-01-23 22:06:24 +00:00
			`=head1 SEE ALSO`

Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-08-17 19:21:33 +00:00			`L<bn(3)>, L<ERR_get_error(3)>, L<rand(3)>,`
			`L<RAND_add(3)>, L<RAND_bytes(3)>`
Document the BN library. 2000-01-23 22:06:24 +00:00
			`=cut`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 15:44:05 +00:00
			`=head1 COPYRIGHT`

			`Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.`

			`Licensed under the OpenSSL license (the "License"). You may not use`
			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`