From 720b3598d6b5c6cac7807ef9121820d35bc0be1d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Fri, 21 Jan 2000 19:54:22 +0000 Subject: [PATCH] Avoid integer overflow in entropy counter. Slightly clarify the RAND_... documentation. --- crypto/rand/md_rand.c | 5 +++-- doc/crypto/RAND_add.pod | 2 +- doc/crypto/RAND_bytes.pod | 17 ++++++++++------- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 1a840220fc..18b8e8d922 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -138,7 +138,7 @@ static int state_num=0,state_index=0; static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; static unsigned char md[MD_DIGEST_LENGTH]; static long md_count[2]={0,0}; -static int entropy=0; +static unsigned entropy=0; const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT; @@ -286,7 +286,8 @@ static void ssleay_rand_add(const void *buf, int num, int add) #ifndef THREADS assert(md_c[1] == md_count[1]); #endif - entropy += add; + if (entropy < ENTROPY_NEEDED) + entropy += add; } static void ssleay_rand_seed(const void *buf, int num) diff --git a/doc/crypto/RAND_add.pod b/doc/crypto/RAND_add.pod index fe53919801..9eeb399377 100644 --- a/doc/crypto/RAND_add.pod +++ b/doc/crypto/RAND_add.pod @@ -30,7 +30,7 @@ RAND_add() may be called with sensitive data such as user entered passwords. The seed values cannot be recovered from the PRNG output. OpenSSL makes sure that the PRNG state is unique for each thread. On -systems that provide C, the randomness device is used +systems that provide C, the randomness device is used to seed the PRNG transparently. However, on all other systems, the application is responsible for seeding the PRNG by calling RAND_add() or RAND_load_file(3). diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod index 4abe93a832..aa89f3c27c 100644 --- a/doc/crypto/RAND_bytes.pod +++ b/doc/crypto/RAND_bytes.pod @@ -14,13 +14,16 @@ RAND_bytes, RAND_pseudo_bytes - Generate random data =head1 DESCRIPTION -RAND_bytes() puts B random bytes into B. An error occurs if -the PRNG has not been seeded with enough randomness. - -RAND_pseudo_bytes() puts B pseudo-random bytes into B. These -bytes are guaranteed to be unique, but not unpredictable. They can be -used for non-cryptographic purposes and for certain purposes in -cryptographic protocols, but not for key generation etc. +RAND_bytes() puts B cryptographically strong pseudo-random bytes +into B. An error occurs if the PRNG has not been seeded with +enough randomness to ensure an unpredictable byte sequence. + +RAND_pseudo_bytes() puts B pseudo-random bytes into B. +Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be +unique if they are of sufficient length, but are not necessarily +unpredictable. They can be used for non-cryptographic purposes and for +certain purposes in cryptographic protocols, but usually not for key +generation etc. =head1 RETURN VALUES -- 2.25.1