When bytes are extracted from the RNG, the following process is used.
For each group of 8 bytes (or less), we do the following,
-Input into the hash function, the top 8 bytes from 'md', the byte that
-are to be overwritten by the random bytes and bytes from the 'state'
+Input into the hash function the top 8 bytes from 'md', the bytes that
+are to be overwritten by the random bytes, and bytes from the 'state'
(incrementing looping index). From this hash function output (which
is kept in 'md'), the top (upto) 8 bytes are returned to the caller
and the bottom (upto) 8 bytes are xored into the 'state'.
-Finally, after we have finished 'generation' random bytes for the
-called, 'count' (which is incremented) and 'md' are fed into the hash
-function and the results are kept in 'md'. I believe the above
-addressed points 1 (use of SHA-1), 6 (by hashing into the 'state' the
-'old' data from the caller that is about to be overwritten) and 7 (by
-not using the 8 bytes given to the caller to update the 'state', but
-they are used to update 'md').
+Finally, after we have finished 'num' random bytes for the caller,
+'count' (which is incremented) and the local and global 'md' are fed
+into the hash function and the results are kept in the global 'md'.
+
+I believe the above addressed points 1 (use of SHA-1), 6 (by hashing
+into the 'state' the 'old' data from the caller that is about to be
+overwritten) and 7 (by not using the 8 bytes given to the caller to
+update the 'state', but they are used to update 'md').
So of the points raised, only 2 is not addressed (but see
L<RAND_add()>).
projects / oweals / openssl.git / commitdiff