Fix off-by one bug in mprand_range. Probably security critical: the old

code generated numbers between zero and the highest power of 2 less than
the given range.

diff --git a/mprand.c b/mprand.c
index d4acbb3..46e603c 100644 (file)
--- a/mprand.c
+++ b/mprand.c
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
- * $Id: mprand.c,v 1.3 2000/06/17 11:45:09 mdw Exp $
+ * $Id: mprand.c,v 1.4 2001/05/07 17:31:19 mdw Exp $
  *
  * Generate a random multiprecision integer
  *
@@ -30,6 +30,11 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: mprand.c,v $
+ * Revision 1.4  2001/05/07 17:31:19  mdw
+ * Fix off-by one bug in mprand_range.  Probably security critical: the old
+ * code generated numbers between zero and the highest power of 2 less than
+ * the given range.
+ *
  * Revision 1.3  2000/06/17 11:45:09  mdw
  * Major memory management overhaul.  Added arena support.  Use the secure
  * arena for secret integers.  Replace and improve the MP management macros
@@ -137,7 +142,7 @@ mp *mprand_range(mp *d, mp *l, grand *r, mpw or)
    * As usual, the number of iterations expected is two.
    */
 
-  b = (b - 1) & 7;
+  b = ((b - 1) & 7) + 1;
   m = (1 << b) - 1;
   do {
     r->ops->fill(r, v, sz);