are not guaranteed to be unpredictable.
*) Precautions against using the PRNG uninitialized: RAND_bytes() now
has a return value which indicates the quality of the random data
(1 = ok, 0 = not seeded). Also an error is recorded on the thread's
- error queue.
+ error queue. New function RAND_pseudo_bytes() generates output that is
+ guaranteed to be unique but not unpredictable.
(TO DO: always check the result of RAND_bytes when it is used in the
- library, because leaving the error in the error queue but reporting
- success in a function that uses RAND_bytes could confuse things
- considerably.)
+ library, or use RAND_pseudo_bytes instead, because leaving the
+ error in the error queue but reporting success in a function that
+ uses RAND_bytes could confuse things considerably.)
[Ulf Möller]
*) Do more iterations of Rabin-Miller probable prime test (specifically,
}
#endif
- RAND_bytes(buf,36);
+ RAND_pseudo_bytes(buf,36);
#ifndef NO_RSA
for (j=0; j<RSA_NUM; j++)
{
}
#endif
- RAND_bytes(buf,20);
+ RAND_pseudo_bytes(buf,20);
#ifndef NO_DSA
for (j=0; j<DSA_NUM; j++)
{
if((flags & PKCS7_DETACHED) && data) {
/* We want multipart/signed */
/* Generate a random boundary */
- RAND_bytes((unsigned char *)bound, 32);
+ RAND_pseudo_bytes((unsigned char *)bound, 32);
for(i = 0; i < 32; i++) {
c = bound[i] & 0xf;
if(c < 10) c += '0';
static void ssleay_rand_seed(const void *buf, int num);
static void ssleay_rand_add(const void *buf, int num, int add_entropy);
static int ssleay_rand_bytes(unsigned char *buf, int num);
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
RAND_METHOD rand_ssleay_meth={
ssleay_rand_seed,
ssleay_rand_bytes,
ssleay_rand_cleanup,
ssleay_rand_add,
+ ssleay_rand_pseudo_bytes,
};
RAND_METHOD *RAND_SSLeay(void)
}
}
+/* pseudo-random bytes that are guaranteed to be unique but not
+ unpredictable */
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
+ {
+ int ret, err;
+
+ ret = RAND_bytes(buf, num);
+ if (ret == 0)
+ {
+ err = ERR_peek_error();
+ if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
+ ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
+ (void)ERR_get_error();
+ }
+ return (ret);
+ }
+
#ifdef WINDOWS
#include <windows.h>
#include <openssl/rand.h>
int (*bytes)(unsigned char *buf, int num);
void (*cleanup)(void);
void (*add)(const void *buf, int num, int entropy);
+ int (*pseudorand)(unsigned char *buf, int num);
} RAND_METHOD;
void RAND_set_rand_method(RAND_METHOD *meth);
RAND_METHOD *RAND_SSLeay(void);
void RAND_cleanup(void );
int RAND_bytes(unsigned char *buf,int num);
+int RAND_pseudo_bytes(unsigned char *buf,int num);
void RAND_seed(const void *buf,int num);
void RAND_add(const void *buf,int num,int entropy);
int RAND_load_file(const char *file,long max_bytes);
return(-1);
}
+int RAND_pseudo_bytes(unsigned char *buf, int num)
+ {
+ if (rand_meth != NULL)
+ return rand_meth->pseudorand(buf,num);
+ return(-1);
+ }
/*double d; */
long d;
- RAND_bytes(buf,2500);
+ RAND_pseudo_bytes(buf,2500);
n1=0;
for (i=0; i<16; i++) n2[i]=0;
#ifndef DEVRANDOM
/* set this to your 'random' device if you have one.
* My default, we will try to read this file */
-#define DEVRANDOM "/dev/urandom"
+#define DEVRANDOM "/gibtsnich/dev/urandom"
#endif
#if defined(__MWERKS__) && defined(macintosh)
projects / openssl.git / commitdiff