generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Avoid integer overflow in entropy counter.

Browse Source 
Slightly clarify the RAND_... documentation.
This commit is contained in:
Bodo Möller 2000-01-21 19:54:22 +00:00
parent 60b5245360
commit 720b3598d6
3 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/rand/md_rand.c
View File

@ -138,7 +138,7 @@ static int state_num=0,state_index=0;
static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
static unsigned char md[MD_DIGEST_LENGTH];
static long md_count[2]={0,0};
static int entropy=0;
static unsigned entropy=0;
const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
@ -286,7 +286,8 @@ static void ssleay_rand_add(const void *buf, int num, int add)
#ifndef THREADS
assert(md_c[1] == md_count[1]);
#endif
entropy += add;
if (entropy < ENTROPY_NEEDED)
entropy += add;
}
static void ssleay_rand_seed(const void *buf, int num)

2
doc/crypto/RAND_add.pod
View File

@ -30,7 +30,7 @@ RAND_add() may be called with sensitive data such as user entered
passwords. The seed values cannot be recovered from the PRNG output.
OpenSSL makes sure that the PRNG state is unique for each thread. On
systems that provide C</dev/random>, the randomness device is used
systems that provide C</dev/urandom>, the randomness device is used
to seed the PRNG transparently. However, on all other systems, the
application is responsible for seeding the PRNG by calling RAND_add()
or RAND_load_file(3).

15
doc/crypto/RAND_bytes.pod
View File

@ -14,13 +14,16 @@ RAND_bytes, RAND_pseudo_bytes - Generate random data
=head1 DESCRIPTION
RAND_bytes() puts B<num> random bytes into B<buf>. An error occurs if
the PRNG has not been seeded with enough randomness.
RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
into B<buf>. An error occurs if the PRNG has not been seeded with
enough randomness to ensure an unpredictable byte sequence.
RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>. These
bytes are guaranteed to be unique, but not unpredictable. They can be
used for non-cryptographic purposes and for certain purposes in
cryptographic protocols, but not for key generation etc.
RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
unique if they are of sufficient length, but are not necessarily
unpredictable. They can be used for non-cryptographic purposes and for
certain purposes in cryptographic protocols, but usually not for key
generation etc.
=head1 RETURN VALUES