generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update PRNG documentation/comments

Browse Source
This commit is contained in:
Bodo Möller 2000-01-22 23:11:13 +00:00
parent 2a99e8b9df
commit c88a900fa1
3 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
crypto/rand/md_rand.c
View File

@ -186,7 +186,7 @@ static void ssleay_rand_add(const void *buf, int num, int add)
/* /*
* (Based on the rand(3) manpage) * (Based on the rand(3) manpage)
* *
* The input is chopped up into units of 16 bytes (or less for * The input is chopped up into units of 20 bytes (or less for
* the last block). Each of these blocks is run through the hash * the last block). Each of these blocks is run through the hash
* function as follows: The data passed to the hash function * function as follows: The data passed to the hash function
* is the current 'md', the same number of bytes from the 'state' * is the current 'md', the same number of bytes from the 'state'
@ -324,13 +324,15 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
/* /*
* (Based on the rand(3) manpage:) * (Based on the rand(3) manpage:)
* *
* For each group of 8 bytes (or less), we do the following: * For each group of 10 bytes (or less), we do the following:
* *
* Input into the hash function the top 8 bytes from 'md', the bytes * Input into the hash function the top 10 bytes from the
* that are to be overwritten by the random bytes, and bytes from the * local 'md' (which is initialized from the global 'md'
* before any bytes are generated), the bytes that are
* to be overwritten by the random bytes, and bytes from the
* 'state' (incrementing looping index). From this digest output * 'state' (incrementing looping index). From this digest output
* (which is kept in 'md'), the top (upto) 8 bytes are * (which is kept in 'md'), the top (up to) 10 bytes are
* returned to the caller and the bottom (upto) 8 bytes are xored * returned to the caller and the bottom (up to) 10 bytes are xored
* into the 'state'. * into the 'state'.
* Finally, after we have finished 'num' random bytes for the * Finally, after we have finished 'num' random bytes for the
* caller, 'count' (which is incremented) and the local and global 'md' * caller, 'count' (which is incremented) and the local and global 'md'

2
doc/crypto/BN_generate_prime.pod
View File

@ -55,7 +55,7 @@ The prime number generation has a negligible error probability.
BN_is_prime() tests if the number B<a> is prime. This is done by BN_is_prime() tests if the number B<a> is prime. This is done by
performing a Miller-Rabin probabilistic primality test with B<checks> performing a Miller-Rabin probabilistic primality test with B<checks>
iterations. If B<checks == BN_prime_check>, it uses the minimal number iterations. If B<checks == BN_prime_check>, it uses a number
of iterations that yields a false positive rate of at most 2^-80 for of iterations that yields a false positive rate of at most 2^-80 for
random input. random input.

20
doc/crypto/rand.pod
View File

@ -101,12 +101,12 @@ the RNG state or the next random number.
The algorithm is as follows. The algorithm is as follows.
There is global state made up of a 1023 byte buffer (the 'state'), a There is global state made up of a 1023 byte buffer (the 'state'), a
working hash function ('md') and a counter ('count'). working hash value ('md'), and a counter ('count').
Whenever seed data is added, it is inserted into the 'state' as Whenever seed data is added, it is inserted into the 'state' as
follows. follows.
The input is chopped up into units of 16 bytes (or less for The input is chopped up into units of 20 bytes (or less for
the last block). Each of these blocks is run through the hash the last block). Each of these blocks is run through the hash
function as follows: The data passed to the hash function function as follows: The data passed to the hash function
is the current 'md', the same number of bytes from the 'state' is the current 'md', the same number of bytes from the 'state'
@ -121,13 +121,15 @@ SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
function and xor). function and xor).
When bytes are extracted from the RNG, the following process is used. When bytes are extracted from the RNG, the following process is used.
For each group of 8 bytes (or less), we do the following, For each group of 10 bytes (or less), we do the following:
Input into the hash function the top 8 bytes from 'md', the bytes that Input into the hash function the top 10 bytes from the local 'md'
are to be overwritten by the random bytes, and bytes from the 'state' (which is initialized from the global 'md' before any bytes are
(incrementing looping index). From this hash function output (which generated), the bytes that are to be overwritten by the random bytes,
is kept in 'md'), the top (upto) 8 bytes are returned to the caller and bytes from the 'state' (incrementing looping index). From this
and the bottom (upto) 8 bytes are xored into the 'state'. digest output (which is kept in 'md'), the top (up to) 10 bytes are
returned to the caller and the bottom (up to) 10 bytes are xored into
the 'state'.
Finally, after we have finished 'num' random bytes for the caller, Finally, after we have finished 'num' random bytes for the caller,
'count' (which is incremented) and the local and global 'md' are fed 'count' (which is incremented) and the local and global 'md' are fed
@ -135,7 +137,7 @@ into the hash function and the results are kept in the global 'md'.
I believe the above addressed points 1 (use of SHA-1), 6 (by hashing I believe the above addressed points 1 (use of SHA-1), 6 (by hashing
into the 'state' the 'old' data from the caller that is about to be into the 'state' the 'old' data from the caller that is about to be
overwritten) and 7 (by not using the 8 bytes given to the caller to overwritten) and 7 (by not using the 10 bytes given to the caller to
update the 'state', but they are used to update 'md'). update the 'state', but they are used to update 'md').
So of the points raised, only 2 is not addressed (but see So of the points raised, only 2 is not addressed (but see