diff --git a/CHANGES b/CHANGES index ab5b48250..7c57410a7 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,8 @@ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) RAND_pseudo_bytes has been deprecated. Users should use RAND bytes instead. + *) Added support for TLS extended master secret from draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an initial patch which was a great help during development. diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index ef4396681..27e785d31 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -173,7 +173,9 @@ static int ssleay_rand_seed(const void *buf, int num); static int ssleay_rand_add(const void *buf, int num, double add_entropy); static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo); static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num); +#ifndef OPENSSL_NO_DEPRECATED static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); +#endif static int ssleay_rand_status(void); static RAND_METHOD rand_ssleay_meth = { @@ -181,7 +183,11 @@ static RAND_METHOD rand_ssleay_meth = { ssleay_rand_nopseudo_bytes, ssleay_rand_cleanup, ssleay_rand_add, +#ifndef OPENSSL_NO_DEPRECATED ssleay_rand_pseudo_bytes, +#else + NULL, +#endif ssleay_rand_status }; @@ -601,6 +607,7 @@ static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num) return ssleay_rand_bytes(buf, num, 0); } +#ifndef OPENSSL_NO_DEPRECATED /* * pseudo-random bytes that are guaranteed to be unique but not unpredictable */ @@ -608,6 +615,7 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) { return ssleay_rand_bytes(buf, num, 1); } +#endif static int ssleay_rand_status(void) { diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h index 145edb2d8..14b479343 100644 --- a/crypto/rand/rand.h +++ b/crypto/rand/rand.h @@ -95,7 +95,9 @@ int RAND_set_rand_engine(ENGINE *engine); RAND_METHOD *RAND_SSLeay(void); void RAND_cleanup(void); int RAND_bytes(unsigned char *buf, int num); -int RAND_pseudo_bytes(unsigned char *buf, int num); +#ifdef OPENSSL_USE_DEPRECATED +DECLARE_DEPRECATED(int RAND_pseudo_bytes(unsigned char *buf, int num)); +#endif void RAND_seed(const void *buf, int num); void RAND_add(const void *buf, int num, double entropy); int RAND_load_file(const char *file, long max_bytes); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 2f4dc0915..0bbaf675e 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -159,6 +159,7 @@ int RAND_bytes(unsigned char *buf, int num) return (-1); } +#ifndef OPENSSL_NO_DEPRECATED int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); @@ -166,6 +167,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num) return meth->pseudorand(buf, num); return (-1); } +#endif int RAND_status(void) { diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod index 1a9b91e28..f3a5ed22f 100644 --- a/doc/crypto/RAND_bytes.pod +++ b/doc/crypto/RAND_bytes.pod @@ -10,6 +10,8 @@ RAND_bytes, RAND_pseudo_bytes - generate random data int RAND_bytes(unsigned char *buf, int num); +Deprecated: + int RAND_pseudo_bytes(unsigned char *buf, int num); =head1 DESCRIPTION @@ -18,6 +20,7 @@ RAND_bytes() puts B cryptographically strong pseudo-random bytes into B. An error occurs if the PRNG has not been seeded with enough randomness to ensure an unpredictable byte sequence. +RAND_pseudo_bytes() has been deprecated. Users should use RAND_bytes() instead. RAND_pseudo_bytes() puts B pseudo-random bytes into B. Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be unique if they are of sufficient length, but are not necessarily