* [including the GNU Public Licence.]
*/
-#define ENTROPY_NEEDED 32 /* require 128 bits of randomness */
+#define ENTROPY_NEEDED 16 /* require 128 bits = 16 bytes of randomness */
#ifndef MD_RAND_DEBUG
# ifndef NDEBUG
static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
static unsigned char md[MD_DIGEST_LENGTH];
static long md_count[2]={0,0};
-static unsigned entropy=0;
+static double entropy=0;
const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
static void ssleay_rand_cleanup(void);
static void ssleay_rand_seed(const void *buf, int num);
-static void ssleay_rand_add(const void *buf, int num, int add_entropy);
+static void ssleay_rand_add(const void *buf, int num, double add_entropy);
static int ssleay_rand_bytes(unsigned char *buf, int num);
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
entropy=0;
}
-static void ssleay_rand_add(const void *buf, int num, int add)
+static void ssleay_rand_add(const void *buf, int num, double add)
{
int i,j,k,st_idx;
long md_c[2];
/*
* (Based on the rand(3) manpage)
*
- * The input is chopped up into units of 16 bytes (or less for
+ * The input is chopped up into units of 20 bytes (or less for
* the last block). Each of these blocks is run through the hash
- * function as follow: The data passed to the hash function
+ * function as follows: The data passed to the hash function
* is the current 'md', the same number of bytes from the 'state'
* (the location determined by in incremented looping index) as
* the current 'block', the new key data 'block', and 'count'
#ifndef THREADS
assert(md_c[1] == md_count[1]);
#endif
- if (entropy < ENTROPY_NEEDED)
+ if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
entropy += add;
}
/*
* (Based on the rand(3) manpage:)
*
- * For each group of 8 bytes (or less), we do the following:
+ * For each group of 10 bytes (or less), we do the following:
*
- * Input into the hash function the top 8 bytes from 'md', the bytes
- * that are to be overwritten by the random bytes, and bytes from the
+ * Input into the hash function the top 10 bytes from the
+ * local 'md' (which is initialized from the global 'md'
+ * before any bytes are generated), the bytes that are
+ * to be overwritten by the random bytes, and bytes from the
* 'state' (incrementing looping index). From this digest output
- * (which is kept in 'md'), the top (upto) 8 bytes are
- * returned to the caller and the bottom (upto) 8 bytes are xored
+ * (which is kept in 'md'), the top (up to) 10 bytes are
+ * returned to the caller and the bottom (up to) 10 bytes are xored
* into the 'state'.
* Finally, after we have finished 'num' random bytes for the
* caller, 'count' (which is incremented) and the local and global 'md'
*/
/*
* I have modified the loading of bytes via RAND_seed() mechanism since
- * the origional would have been very very CPU intensive since RAND_seed()
+ * the original would have been very very CPU intensive since RAND_seed()
* does an MD5 per 16 bytes of input. The cost to digest 16 bytes is the same
* as that to digest 56 bytes. So under the old system, a screen of
- * 1024*768*256 would have been CPU cost of approximatly 49,000 56 byte MD5
+ * 1024*768*256 would have been CPU cost of approximately 49,000 56 byte MD5
* digests or digesting 2.7 mbytes. What I have put in place would
- * be 48 16k MD5 digests, or efectivly 48*16+48 MD5 bytes or 816 kbytes
+ * be 48 16k MD5 digests, or effectively 48*16+48 MD5 bytes or 816 kbytes
* or about 3.5 times as much.
* - eric
*/
projects / openssl.git / blobdiff