diff options
author | Ulf Möller <ulf@openssl.org> | 2000-01-13 20:59:17 +0000 |
---|---|---|
committer | Ulf Möller <ulf@openssl.org> | 2000-01-13 20:59:17 +0000 |
commit | eb952088f0d5da59e569ae2aa33e9b96bc3b586d (patch) | |
tree | 1d722a423148a6b568a1e6d42f01943aed6cfb2a /crypto/rand/md_rand.c | |
parent | 22e219d90f1ea5d3b2f4abb72c846a436ea33eff (diff) | |
download | openssl-eb952088f0d5da59e569ae2aa33e9b96bc3b586d.zip openssl-eb952088f0d5da59e569ae2aa33e9b96bc3b586d.tar.gz openssl-eb952088f0d5da59e569ae2aa33e9b96bc3b586d.tar.bz2 |
Precautions against using the PRNG uninitialized: RAND_bytes() now
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
Diffstat (limited to 'crypto/rand/md_rand.c')
-rw-r--r-- | crypto/rand/md_rand.c | 39 |
1 files changed, 31 insertions, 8 deletions
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 98ad429..d727fff 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -56,6 +56,8 @@ * [including the GNU Public Licence.] */ +#define ENTROPY_NEEDED 32 /* require 128 bits of randomness */ + #ifndef MD_RAND_DEBUG # ifndef NDEBUG # define NDEBUG @@ -70,6 +72,7 @@ #include "openssl/e_os.h" #include <openssl/crypto.h> +#include <openssl/err.h> #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) #if !defined(NO_SHA) && !defined(NO_SHA1) @@ -135,17 +138,20 @@ static int state_num=0,state_index=0; static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; static unsigned char md[MD_DIGEST_LENGTH]; static long md_count[2]={0,0}; +static int entropy=0; const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT; static void ssleay_rand_cleanup(void); static void ssleay_rand_seed(const void *buf, int num); -static void ssleay_rand_bytes(unsigned char *buf, int num); +static void ssleay_rand_add(const void *buf, int num, int entropy); +static int ssleay_rand_bytes(unsigned char *buf, int num); RAND_METHOD rand_ssleay_meth={ ssleay_rand_seed, ssleay_rand_bytes, ssleay_rand_cleanup, + ssleay_rand_add, }; RAND_METHOD *RAND_SSLeay(void) @@ -161,9 +167,10 @@ static void ssleay_rand_cleanup(void) memset(md,0,MD_DIGEST_LENGTH); md_count[0]=0; md_count[1]=0; + entropy=0; } -static void ssleay_rand_seed(const void *buf, int num) +static void ssleay_rand_add(const void *buf, int num, int add) { int i,j,k,st_idx; long md_c[2]; @@ -276,11 +283,18 @@ static void ssleay_rand_seed(const void *buf, int num) #ifndef THREADS assert(md_c[1] == md_count[1]); #endif + entropy += add; + } + +static void ssleay_rand_seed(const void *buf, int num) + { + ssleay_rand_add(buf, num, num); } -static void ssleay_rand_bytes(unsigned char *buf, int num) +static int ssleay_rand_bytes(unsigned char *buf, int num) { int i,j,k,st_num,st_idx; + int ok; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; MD_CTX m; @@ -299,7 +313,7 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) for (i=0; i<num; i++) buf[i]=val++; - return; + return(1); } #endif @@ -326,15 +340,15 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); /* put in some default random data, we need more than * just this */ - RAND_seed(&m,sizeof(m)); + RAND_add(&m,sizeof(m),0); #ifndef GETPID_IS_MEANINGLESS l=curr_pid; - RAND_seed(&l,sizeof(l)); + RAND_add(&l,sizeof(l),0); l=getuid(); - RAND_seed(&l,sizeof(l)); + RAND_add(&l,sizeof(l),0); #endif l=time(NULL); - RAND_seed(&l,sizeof(l)); + RAND_add(&l,sizeof(l),0); #ifdef DEVRANDOM /* @@ -365,6 +379,8 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) init=0; } + ok = (entropy >= ENTROPY_NEEDED); + st_idx=state_index; st_num=state_num; md_c[0] = md_count[0]; @@ -426,6 +442,13 @@ static void ssleay_rand_bytes(unsigned char *buf, int num) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); memset(&m,0,sizeof(m)); + if (ok) + return(1); + else + { + RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED); + return(0); + } } #ifdef WINDOWS |