Loading CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] *) Support EGD <http://www.lothar.com/tech/crypto/>. New functions RAND_egd() and RAND_status(). In the command line application, the EGD socket can be specified like a seed file using RANDFILE or -rand. [Ulf Möller] *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. Some CAs (e.g. Verisign) distribute certificates in this form. [Steve Henson] Loading apps/app_rand.c +12 −3 Original line number Diff line number Diff line Loading @@ -115,6 +115,7 @@ static int seeded = 0; static int egdsocket = 0; int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) { Loading @@ -130,12 +131,19 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) if (file == NULL) file = RAND_file_name(buffer, sizeof buffer); else if (RAND_egd(file) > 0) { /* we try if the given filename is an EGD socket. if it is, we don't write anything back to the file. */ egdsocket = 1; return 1; } if (file == NULL || !RAND_load_file(file, -1)) { if (!dont_warn) if (RAND_status() == 0 && !dont_warn) { BIO_printf(bio_e,"unable to load 'random state'\n"); BIO_printf(bio_e,"What this means is that the random number generator has not been seeded\n"); BIO_printf(bio_e,"This means that the random number generator has not been seeded\n"); BIO_printf(bio_e,"with much random data.\n"); if (consider_randfile) /* explanation does not apply when a file is explicitly named */ { Loading Loading @@ -165,6 +173,7 @@ long app_RAND_load_files(char *name) name=p+1; if (*n == '\0') break; tot+=RAND_egd(n); tot+=RAND_load_file(n,1024L*1024L); if (last) break; } Loading @@ -177,7 +186,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e) { char buffer[200]; if (!seeded) if (egdsocket || !seeded) /* If we did not manage to read the seed file, * we should not write a low-entropy seed file back -- * it would suppress a crucial warning the next time Loading crypto/rand/Makefile.ssl +2 −2 Original line number Diff line number Diff line Loading @@ -22,8 +22,8 @@ TEST= randtest.c APPS= LIB=$(TOP)/libcrypto.a LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o SRC= $(LIBSRC) Loading crypto/rand/md_rand.c +55 −46 Original line number Diff line number Diff line Loading @@ -139,6 +139,7 @@ static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; static unsigned char md[MD_DIGEST_LENGTH]; static long md_count[2]={0,0}; static double entropy=0; static int initialized=0; const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT; Loading Loading @@ -295,6 +296,51 @@ static void ssleay_rand_seed(const void *buf, int num) ssleay_rand_add(buf, num, num); } static void ssleay_rand_initialize(void) { unsigned long l; #ifndef GETPID_IS_MEANINGLESS pid_t curr_pid = getpid(); #endif #ifdef DEVRANDOM FILE *fh; #endif CRYPTO_w_unlock(CRYPTO_LOCK_RAND); /* put in some default random data, we need more than just this */ #ifndef GETPID_IS_MEANINGLESS l=curr_pid; RAND_add(&l,sizeof(l),0); l=getuid(); RAND_add(&l,sizeof(l),0); #endif l=time(NULL); RAND_add(&l,sizeof(l),0); #ifdef DEVRANDOM /* Use a random entropy pool device. Linux and FreeBSD have * this. Use /dev/urandom if you can as /dev/random will block * if it runs out of random entries. */ if ((fh = fopen(DEVRANDOM, "r")) != NULL) { unsigned char tmpbuf[ENTROPY_NEEDED]; int n; n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh); fclose(fh); RAND_add(tmpbuf,sizeof tmpbuf,n); memset(tmpbuf,0,n); } #endif #ifdef PURIFY memset(state,0,STATE_SIZE); memset(md,0,MD_DIGEST_LENGTH); #endif CRYPTO_w_lock(CRYPTO_LOCK_RAND); initialized=1; } static int ssleay_rand_bytes(unsigned char *buf, int num) { int i,j,k,st_num,st_idx; Loading @@ -302,14 +348,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; MD_CTX m; static int init=1; unsigned long l; #ifndef GETPID_IS_MEANINGLESS pid_t curr_pid = getpid(); #endif #ifdef DEVRANDOM FILE *fh; #endif #ifdef PREDICT { Loading Loading @@ -342,47 +383,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) CRYPTO_w_lock(CRYPTO_LOCK_RAND); if (init) { CRYPTO_w_unlock(CRYPTO_LOCK_RAND); /* put in some default random data, we need more than * just this */ RAND_add(&m,sizeof(m),0); #ifndef GETPID_IS_MEANINGLESS l=curr_pid; RAND_add(&l,sizeof(l),0); l=getuid(); RAND_add(&l,sizeof(l),0); #endif l=time(NULL); RAND_add(&l,sizeof(l),0); #ifdef DEVRANDOM /* * Use a random entropy pool device. * Linux 1.3.x and FreeBSD-Current has * this. Use /dev/urandom if you can * as /dev/random will block if it runs out * of random entries. */ if ((fh = fopen(DEVRANDOM, "r")) != NULL) { unsigned char tmpbuf[ENTROPY_NEEDED]; int n; n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh); fclose(fh); RAND_add(tmpbuf,sizeof tmpbuf,n); memset(tmpbuf,0,n); } #endif #ifdef PURIFY memset(state,0,STATE_SIZE); memset(md,0,MD_DIGEST_LENGTH); #endif CRYPTO_w_lock(CRYPTO_LOCK_RAND); init=0; } if (!initialized) ssleay_rand_initialize(); ok = (entropy >= ENTROPY_NEEDED); Loading Loading @@ -473,6 +475,13 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) return (ret); } int RAND_status(void) { if (!initialized) ssleay_rand_initialize(); return (entropy >= ENTROPY_NEEDED); } #ifdef WINDOWS #include <windows.h> #include <openssl/rand.h> Loading crypto/rand/rand.h +2 −0 Original line number Diff line number Diff line Loading @@ -83,6 +83,8 @@ void RAND_add(const void *buf,int num,double entropy); int RAND_load_file(const char *file,long max_bytes); int RAND_write_file(const char *file); const char *RAND_file_name(char *file,int num); int RAND_status(void); int RAND_egd(const char *path); #ifdef WINDOWS void RAND_screen(void); #endif Loading Loading
CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,12 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] *) Support EGD <http://www.lothar.com/tech/crypto/>. New functions RAND_egd() and RAND_status(). In the command line application, the EGD socket can be specified like a seed file using RANDFILE or -rand. [Ulf Möller] *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. Some CAs (e.g. Verisign) distribute certificates in this form. [Steve Henson] Loading
apps/app_rand.c +12 −3 Original line number Diff line number Diff line Loading @@ -115,6 +115,7 @@ static int seeded = 0; static int egdsocket = 0; int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) { Loading @@ -130,12 +131,19 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) if (file == NULL) file = RAND_file_name(buffer, sizeof buffer); else if (RAND_egd(file) > 0) { /* we try if the given filename is an EGD socket. if it is, we don't write anything back to the file. */ egdsocket = 1; return 1; } if (file == NULL || !RAND_load_file(file, -1)) { if (!dont_warn) if (RAND_status() == 0 && !dont_warn) { BIO_printf(bio_e,"unable to load 'random state'\n"); BIO_printf(bio_e,"What this means is that the random number generator has not been seeded\n"); BIO_printf(bio_e,"This means that the random number generator has not been seeded\n"); BIO_printf(bio_e,"with much random data.\n"); if (consider_randfile) /* explanation does not apply when a file is explicitly named */ { Loading Loading @@ -165,6 +173,7 @@ long app_RAND_load_files(char *name) name=p+1; if (*n == '\0') break; tot+=RAND_egd(n); tot+=RAND_load_file(n,1024L*1024L); if (last) break; } Loading @@ -177,7 +186,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e) { char buffer[200]; if (!seeded) if (egdsocket || !seeded) /* If we did not manage to read the seed file, * we should not write a low-entropy seed file back -- * it would suppress a crucial warning the next time Loading
crypto/rand/Makefile.ssl +2 −2 Original line number Diff line number Diff line Loading @@ -22,8 +22,8 @@ TEST= randtest.c APPS= LIB=$(TOP)/libcrypto.a LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o SRC= $(LIBSRC) Loading
crypto/rand/md_rand.c +55 −46 Original line number Diff line number Diff line Loading @@ -139,6 +139,7 @@ static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; static unsigned char md[MD_DIGEST_LENGTH]; static long md_count[2]={0,0}; static double entropy=0; static int initialized=0; const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT; Loading Loading @@ -295,6 +296,51 @@ static void ssleay_rand_seed(const void *buf, int num) ssleay_rand_add(buf, num, num); } static void ssleay_rand_initialize(void) { unsigned long l; #ifndef GETPID_IS_MEANINGLESS pid_t curr_pid = getpid(); #endif #ifdef DEVRANDOM FILE *fh; #endif CRYPTO_w_unlock(CRYPTO_LOCK_RAND); /* put in some default random data, we need more than just this */ #ifndef GETPID_IS_MEANINGLESS l=curr_pid; RAND_add(&l,sizeof(l),0); l=getuid(); RAND_add(&l,sizeof(l),0); #endif l=time(NULL); RAND_add(&l,sizeof(l),0); #ifdef DEVRANDOM /* Use a random entropy pool device. Linux and FreeBSD have * this. Use /dev/urandom if you can as /dev/random will block * if it runs out of random entries. */ if ((fh = fopen(DEVRANDOM, "r")) != NULL) { unsigned char tmpbuf[ENTROPY_NEEDED]; int n; n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh); fclose(fh); RAND_add(tmpbuf,sizeof tmpbuf,n); memset(tmpbuf,0,n); } #endif #ifdef PURIFY memset(state,0,STATE_SIZE); memset(md,0,MD_DIGEST_LENGTH); #endif CRYPTO_w_lock(CRYPTO_LOCK_RAND); initialized=1; } static int ssleay_rand_bytes(unsigned char *buf, int num) { int i,j,k,st_num,st_idx; Loading @@ -302,14 +348,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; MD_CTX m; static int init=1; unsigned long l; #ifndef GETPID_IS_MEANINGLESS pid_t curr_pid = getpid(); #endif #ifdef DEVRANDOM FILE *fh; #endif #ifdef PREDICT { Loading Loading @@ -342,47 +383,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) CRYPTO_w_lock(CRYPTO_LOCK_RAND); if (init) { CRYPTO_w_unlock(CRYPTO_LOCK_RAND); /* put in some default random data, we need more than * just this */ RAND_add(&m,sizeof(m),0); #ifndef GETPID_IS_MEANINGLESS l=curr_pid; RAND_add(&l,sizeof(l),0); l=getuid(); RAND_add(&l,sizeof(l),0); #endif l=time(NULL); RAND_add(&l,sizeof(l),0); #ifdef DEVRANDOM /* * Use a random entropy pool device. * Linux 1.3.x and FreeBSD-Current has * this. Use /dev/urandom if you can * as /dev/random will block if it runs out * of random entries. */ if ((fh = fopen(DEVRANDOM, "r")) != NULL) { unsigned char tmpbuf[ENTROPY_NEEDED]; int n; n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh); fclose(fh); RAND_add(tmpbuf,sizeof tmpbuf,n); memset(tmpbuf,0,n); } #endif #ifdef PURIFY memset(state,0,STATE_SIZE); memset(md,0,MD_DIGEST_LENGTH); #endif CRYPTO_w_lock(CRYPTO_LOCK_RAND); init=0; } if (!initialized) ssleay_rand_initialize(); ok = (entropy >= ENTROPY_NEEDED); Loading Loading @@ -473,6 +475,13 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) return (ret); } int RAND_status(void) { if (!initialized) ssleay_rand_initialize(); return (entropy >= ENTROPY_NEEDED); } #ifdef WINDOWS #include <windows.h> #include <openssl/rand.h> Loading
crypto/rand/rand.h +2 −0 Original line number Diff line number Diff line Loading @@ -83,6 +83,8 @@ void RAND_add(const void *buf,int num,double entropy); int RAND_load_file(const char *file,long max_bytes); int RAND_write_file(const char *file); const char *RAND_file_name(char *file,int num); int RAND_status(void); int RAND_egd(const char *path); #ifdef WINDOWS void RAND_screen(void); #endif Loading
