Integrate my implementation of a countermeasure against

  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent

     Bleichenbacher's DSA attack.

     [Ulf Moeller]

     [Ulf Moeller, Bodo Moeller]

  *) Update Rijndael code to version 3.0 and change EVP AES ciphers to

     handle the new API. Currently only ECB, CBC modes supported. Add new

void	BN_CTX_end(BN_CTX *ctx);

int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);

int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);

int	BN_rand_range(BIGNUM *rnd, BIGNUM *min, BIGNUM *max);

int	BN_rand_range(BIGNUM *rnd, BIGNUM *min, BIGNUM *range);

int	BN_num_bits(const BIGNUM *a);

int	BN_num_bits_word(BN_ULONG);

BIGNUM *BN_new(void);

#define BN_F_BN_MPI2BN					 112

#define BN_F_BN_NEW					 113

#define BN_F_BN_RAND					 114

#define BN_F_BN_RAND_RANGE				 122

#define BN_F_BN_USUB					 115

/* Reason codes. */

#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105

#define BN_R_INPUT_NOT_REDUCED				 110

#define BN_R_INVALID_LENGTH				 106

#define BN_R_INVALID_RANGE				 115

#define BN_R_NOT_A_SQUARE				 111

#define BN_R_NOT_INITIALIZED				 107

#define BN_R_NO_INVERSE					 108

{ERR_PACK(0,BN_F_BN_MPI2BN,0),	"BN_mpi2bn"},

{ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},

{ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},

{ERR_PACK(0,BN_F_BN_RAND_RANGE,0),	"BN_rand_range"},

{ERR_PACK(0,BN_F_BN_USUB,0),	"BN_usub"},

{0,NULL}

	};

{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA       ,"expand on static bignum data"},

{BN_R_INPUT_NOT_REDUCED                  ,"input not reduced"},

{BN_R_INVALID_LENGTH                     ,"invalid length"},

{BN_R_INVALID_RANGE                      ,"invalid range"},

{BN_R_NOT_A_SQUARE                       ,"not a square"},

{BN_R_NOT_INITIALIZED                    ,"not initialized"},

{BN_R_NO_INVERSE                         ,"no inverse"},

	}

#endif

/* random number r: min <= r < max */

int	BN_rand_range(BIGNUM *r, BIGNUM *min, BIGNUM *max)

/* random number r: min <= r < min+range */

int	BN_rand_range(BIGNUM *r, BIGNUM *min, BIGNUM *range)

	{

	int n;

	if (range->neg || BN_is_zero(range))

		{

		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);

		return 0;

		}

	n = BN_num_bits(range); /* n > 0 */

	if (n == 1)

		{

		if (!BN_zero(r)) return 0;

		}

	else if (BN_is_bit_set(range, n - 2))

		{

	int n = BN_num_bits(max);

		do

			{

			/* range = 11..._2, so each iteration succeeds with probability > .5 */

			if (!BN_rand(r, n, 0, 0)) return 0;

		} while ((min && BN_cmp(r, min) < 0) || BN_cmp(r, max) >= 0);

			fprintf(stderr, "?");

			}

		while (BN_cmp(r, range) >= 0);

		fprintf(stderr, "! (11...)\n");

		}

	else

		{

		/* range = 10..._2,

		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */

		do

			{

			if (!BN_rand(r, n + 1, 0, 0)) return 0;

			/* If  r < 3*range,  use  r := r MOD range

			 * (which is either  r, r - range,  or  r - 2*range).

			 * Otherwise, iterate once more.

			 * Since  3*range = 11..._2, each iteration succeeds with

			 * probability > .5. */

			if (BN_cmp(r ,range) >= 0)

				{

				if (!BN_sub(r, r, range)) return 0;

				if (BN_cmp(r, range) >= 0)

					if (!BN_sub(r, r, range)) return 0;

				}

			fprintf(stderr, "?");

			}

		while (BN_cmp(r, range) >= 0);

		fprintf(stderr, "! (10...)\n");

		}

	if (min != NULL)

		{

		if (!BN_add(r, r, min)) return 0;

		}

	return 1;

	}

	kinv=NULL;

	/* Get random k */

	if (!BN_rand_range(&k, BN_value_one(), dsa->q)) goto err;

	do

		if (!BN_rand_range(&k, NULL, dsa->q)) goto err;

	while (BN_is_zero(&k));

	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))

		{