From ddc6a5c8f5900959bdbdfee79e1625a3f7808acd Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Wed, 2 Aug 2017 14:00:52 -0400
Subject: Add RAND_priv_bytes() for private keys

Add a new global DRBG for private keys used by RAND_priv_bytes.

Add BN_priv_rand() and BN_priv_rand_range() which use RAND_priv_bytes().
Change callers to use the appropriate BN_priv... function.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4076)
---
 include/openssl/bn.h    | 2 ++
 include/openssl/bnerr.h | 1 +
 include/openssl/rand.h  | 1 +
 3 files changed, 4 insertions(+)

(limited to 'include')

diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 7e04b83..f77b4b9 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -154,7 +154,9 @@ void BN_CTX_start(BN_CTX *ctx);
 BIGNUM *BN_CTX_get(BN_CTX *ctx);
 void BN_CTX_end(BN_CTX *ctx);
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
 int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
 int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
 int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
 int BN_num_bits(const BIGNUM *a);
diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h
index 0578473..b63af9d 100644
--- a/include/openssl/bnerr.h
+++ b/include/openssl/bnerr.h
@@ -23,6 +23,7 @@ int ERR_load_BN_strings(void);
  * BN function codes.
  */
 # define BN_F_BNRAND                                      127
+# define BN_F_BNRAND_RANGE                                138
 # define BN_F_BN_BLINDING_CONVERT_EX                      100
 # define BN_F_BN_BLINDING_CREATE_PARAM                    128
 # define BN_F_BN_BLINDING_INVERT_EX                       101
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 2aecbb7..a8c1943 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -40,6 +40,7 @@ RAND_METHOD *RAND_OpenSSL(void);
 #   define RAND_cleanup() while(0) continue
 # endif
 int RAND_bytes(unsigned char *buf, int num);
+int RAND_priv_bytes(unsigned char *buf, int num);
 DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
 
 void RAND_seed(const void *buf, int num);
-- 
cgit v1.1