From: Nicola Tuveri Date: Mon, 18 Jun 2018 16:13:36 +0000 (+0300) Subject: Fix & update documentation about RAND_priv_bytes() X-Git-Tag: OpenSSL_1_1_1-pre8~7 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b26befb541f8bc7d4f4e0beead50248b16949932;p=oweals%2Fopenssl.git Fix & update documentation about RAND_priv_bytes() Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx Reviewed-by: Ben Kaduk Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6514) --- diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index 099dda47e9..eb0a6b1386 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -2,7 +2,9 @@ =head1 NAME -BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-random number +BN_rand, BN_priv_rand, BN_pseudo_rand, +BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range +- generate pseudo-random number =head1 SYNOPSIS @@ -10,10 +12,14 @@ BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-r int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_rand_range(BIGNUM *rnd, BIGNUM *range); + int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); + int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); =head1 DESCRIPTION @@ -37,7 +43,16 @@ If B is 1 then B cannot also be B. BN_rand_range() generates a cryptographically strong pseudo-random number B in the range 0 E= B E B. -The PRNG must be seeded prior to calling BN_rand() or BN_rand_range(). +BN_priv_rand() and BN_priv_rand_range() have the same semantics as +BN_rand() and BN_rand_range() respectively. They are intended to be +used for generating values that should remain private, and mirror the +same difference between L and L. + +=head1 NOTES + +Always check the error return value of these functions and do not take +randomness for granted: an error occurs if the CSPRNG has not been +seeded with enough randomness to ensure an unpredictable byte sequence. =head1 RETURN VALUES @@ -46,20 +61,34 @@ The error codes can be obtained by L. =head1 HISTORY -Starting with OpenSSL release 1.1.0, -BN_pseudo_rand() has been identical to BN_rand() -and -BN_pseudo_rand_range() has been identical to BN_rand_range(). +=over 2 + +=item * + +Starting with OpenSSL release 1.1.0, BN_pseudo_rand() has been identical +to BN_rand() and BN_pseudo_rand_range() has been identical to +BN_rand_range(). The "pseudo" functions should not be used and may be deprecated in a future release. +=item * + +BN_priv_rand() and BN_priv_rand_range() were added in OpenSSL 1.1.1. + +=back + =head1 SEE ALSO -L, L, L +L, +L, +L, +L, +L, +L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index 284b9dbe4d..fca1ad6961 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -20,13 +20,21 @@ Deprecated: =head1 DESCRIPTION RAND_bytes() puts B cryptographically strong pseudo-random bytes -into B. An error occurs if the CSPRNG has not been seeded with -enough randomness to ensure an unpredictable byte sequence. +into B. RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to -be used for generating long-term private keys. If using the default -RAND_METHOD, this function uses a separate instance of the PRNG so that -a compromise of the global generator will not affect such key generation. +be used for generating values that should remain private. If using the +default RAND_METHOD, this function uses a separate "private" PRNG +instance so that a compromise of the "public" PRNG instance will not +affect the secrecy of these private values, as described in L +and L. + +=head1 NOTES + +Always check the error return value of RAND_bytes() and +RAND_priv_bytes() and do not take randomness for granted: an error occurs +if the CSPRNG has not been seeded with enough randomness to ensure an +unpredictable byte sequence. =head1 RETURN VALUES @@ -37,14 +45,26 @@ obtained by L. =head1 HISTORY +=over 2 + +=item * + RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead. +=item * + +RAND_priv_bytes() was added in OpenSSL 1.1.1. + +=back + =head1 SEE ALSO L, L, +L, L, -L +L, +L =head1 COPYRIGHT diff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod index 578018feab..971b3cdb16 100644 --- a/doc/man7/RAND.pod +++ b/doc/man7/RAND.pod @@ -24,16 +24,19 @@ to be initialized ('seeded') explicitly. It seeds and reseeds itself automatically using trusted random sources provided by the operating system. -As a normal application developer, you don't have to worry about any details, +As a normal application developer, you do not have to worry about any details, just use L to obtain random data. Having said that, there is one important rule to obey: Always check the error -return value of L and don't take randomness for granted. +return value of L and do not take randomness for granted. -For long-term secrets, you can use L instead. +For values that should remain secret, you can use L +instead. This method does not provide 'better' randomness, it uses the same type of CSPRNG. -The intention behind using a dedicated CSPRNG exclusively for long-term secrets is -that none of its output should be visible to an attacker (e.g used as salt value), -in order to reveal as little information as possible about its internal state. +The intention behind using a dedicated CSPRNG exclusively for private +values is that none of its output should be visible to an attacker (e.g., +used as salt value), in order to reveal as little information as +possible about its internal state, and that a compromise of the "public" +CSPRNG instance will not affect the secrecy of these private values. In the rare case where the default implementation does not satisfy your special requirements, there are two options: @@ -61,10 +64,10 @@ of cryptographic principles and understand the implications of your changes. L, L, L, -L -L +L, +L, L, -L, +L =head1 COPYRIGHT