From c88a900fa1348a47d69a13da7bb1205178a3472d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Sat, 22 Jan 2000 23:11:13 +0000
Subject: [PATCH] update PRNG documentation/comments

---
 crypto/rand/md_rand.c            | 14 ++++++++------
 doc/crypto/BN_generate_prime.pod |  2 +-
 doc/crypto/rand.pod              | 20 +++++++++++---------
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 2836a4d409..88095b109d 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -186,7 +186,7 @@ static void ssleay_rand_add(const void *buf, int num, int add)
 	/*
 	 * (Based on the rand(3) manpage)
 	 *
-	 * The input is chopped up into units of 16 bytes (or less for
+	 * The input is chopped up into units of 20 bytes (or less for
 	 * the last block).  Each of these blocks is run through the hash
 	 * function as follows:  The data passed to the hash function
 	 * is the current 'md', the same number of bytes from the 'state'
@@ -324,13 +324,15 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 	/*
 	 * (Based on the rand(3) manpage:)
 	 *
-	 * For each group of 8 bytes (or less), we do the following:
+	 * For each group of 10 bytes (or less), we do the following:
 	 *
-	 * Input into the hash function the top 8 bytes from 'md', the bytes
-	 * that are to be overwritten by the random bytes, and bytes from the
+	 * Input into the hash function the top 10 bytes from the
+	 * local 'md' (which is initialized from the global 'md'
+	 * before any bytes are generated), the bytes that are
+	 * to be overwritten by the random bytes, and bytes from the
 	 * 'state' (incrementing looping index).  From this digest output
-	 * (which is kept in 'md'), the top (upto) 8 bytes are
-	 * returned to the caller and the bottom (upto) 8 bytes are xored
+	 * (which is kept in 'md'), the top (up to) 10 bytes are
+	 * returned to the caller and the bottom (up to) 10 bytes are xored
 	 * into the 'state'.
 	 * Finally, after we have finished 'num' random bytes for the
 	 * caller, 'count' (which is incremented) and the local and global 'md'
diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod
index 6744d5d815..768149efe8 100644
--- a/doc/crypto/BN_generate_prime.pod
+++ b/doc/crypto/BN_generate_prime.pod
@@ -55,7 +55,7 @@ The prime number generation has a negligible error probability.
 
 BN_is_prime() tests if the number B<a> is prime. This is done by
 performing a Miller-Rabin probabilistic primality test with B<checks>
-iterations. If B<checks == BN_prime_check>, it uses the minimal number
+iterations. If B<checks == BN_prime_check>, it uses a number
 of iterations that yields a false positive rate of at most 2^-80 for
 random input.
 
diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod
index a6dbf516b3..b357f76ac3 100644
--- a/doc/crypto/rand.pod
+++ b/doc/crypto/rand.pod
@@ -101,12 +101,12 @@ the RNG state or the next random number.
 The algorithm is as follows.
 
 There is global state made up of a 1023 byte buffer (the 'state'), a
-working hash function ('md') and a counter ('count').
+working hash value ('md'), and a counter ('count').
 
 Whenever seed data is added, it is inserted into the 'state' as
 follows.
 
-The input is chopped up into units of 16 bytes (or less for
+The input is chopped up into units of 20 bytes (or less for
 the last block).  Each of these blocks is run through the hash
 function as follows:  The data passed to the hash function
 is the current 'md', the same number of bytes from the 'state'
@@ -121,13 +121,15 @@ SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
 function and xor).
 
 When bytes are extracted from the RNG, the following process is used.
-For each group of 8 bytes (or less), we do the following,
+For each group of 10 bytes (or less), we do the following:
 
-Input into the hash function the top 8 bytes from 'md', the bytes that
-are to be overwritten by the random bytes, and bytes from the 'state'
-(incrementing looping index).  From this hash function output (which
-is kept in 'md'), the top (upto) 8 bytes are returned to the caller
-and the bottom (upto) 8 bytes are xored into the 'state'.
+Input into the hash function the top 10 bytes from the local 'md'
+(which is initialized from the global 'md' before any bytes are
+generated), the bytes that are to be overwritten by the random bytes,
+and bytes from the 'state' (incrementing looping index). From this
+digest output (which is kept in 'md'), the top (up to) 10 bytes are
+returned to the caller and the bottom (up to) 10 bytes are xored into
+the 'state'.
 
 Finally, after we have finished 'num' random bytes for the caller,
 'count' (which is incremented) and the local and global 'md' are fed
@@ -135,7 +137,7 @@ into the hash function and the results are kept in the global 'md'.
 
 I believe the above addressed points 1 (use of SHA-1), 6 (by hashing
 into the 'state' the 'old' data from the caller that is about to be
-overwritten) and 7 (by not using the 8 bytes given to the caller to
+overwritten) and 7 (by not using the 10 bytes given to the caller to
 update the 'state', but they are used to update 'md').
 
 So of the points raised, only 2 is not addressed (but see
-- 
2.25.1