static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
static unsigned char md[MD_DIGEST_LENGTH];
static long md_count[2]={0,0};
-static int entropy=0;
+static unsigned entropy=0;
const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
#ifndef THREADS
assert(md_c[1] == md_count[1]);
#endif
- entropy += add;
+ if (entropy < ENTROPY_NEEDED)
+ entropy += add;
}
static void ssleay_rand_seed(const void *buf, int num)
passwords. The seed values cannot be recovered from the PRNG output.
OpenSSL makes sure that the PRNG state is unique for each thread. On
-systems that provide C</dev/random>, the randomness device is used
+systems that provide C</dev/urandom>, the randomness device is used
to seed the PRNG transparently. However, on all other systems, the
application is responsible for seeding the PRNG by calling RAND_add()
or RAND_load_file(3).
=head1 DESCRIPTION
-RAND_bytes() puts B<num> random bytes into B<buf>. An error occurs if
-the PRNG has not been seeded with enough randomness.
-
-RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>. These
-bytes are guaranteed to be unique, but not unpredictable. They can be
-used for non-cryptographic purposes and for certain purposes in
-cryptographic protocols, but not for key generation etc.
+RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
+into B<buf>. An error occurs if the PRNG has not been seeded with
+enough randomness to ensure an unpredictable byte sequence.
+
+RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
+Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
+unique if they are of sufficient length, but are not necessarily
+unpredictable. They can be used for non-cryptographic purposes and for
+certain purposes in cryptographic protocols, but usually not for key
+generation etc.
=head1 RETURN VALUES
projects / openssl.git / commitdiff