+
+#ifdef PREDICT
+ if (rand_predictable)
+ {
+ static unsigned char val=0;
+
+ for (i=0; i<num; i++)
+ buf[i]=val++;
+ return(1);
+ }
+#endif
+
+ /*
+ * (Based on the rand(3) manpage:)
+ *
+ * For each group of 10 bytes (or less), we do the following:
+ *
+ * Input into the hash function the top 10 bytes from the
+ * local 'md' (which is initialized from the global 'md'
+ * before any bytes are generated), the bytes that are
+ * to be overwritten by the random bytes, and bytes from the
+ * 'state' (incrementing looping index). From this digest output
+ * (which is kept in 'md'), the top (up to) 10 bytes are
+ * returned to the caller and the bottom (up to) 10 bytes are xored
+ * into the 'state'.
+ * Finally, after we have finished 'num' random bytes for the
+ * caller, 'count' (which is incremented) and the local and global 'md'
+ * are fed into the hash function and the results are kept in the
+ * global 'md'.
+ */
+
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+ if (!initialized)
+ ssleay_rand_initialize();
+
+ ok = (entropy >= ENTROPY_NEEDED);
+ if (!ok)
+ {
+ /* If the PRNG state is not yet unpredictable, then seeing
+ * the PRNG output may help attackers to determine the new
+ * state; thus we have to decrease the entropy estimate.
+ * Once we've had enough initial seeding we don't bother to
+ * adjust the entropy count, though, because we're not ambitious
+ * to provide *information-theoretic* randomness.
+ */
+ entropy -= num;
+ if (entropy < 0)
+ entropy = 0;