New function RAND_pseudo_bytes() generated pseudorandom numbers that

are not guaranteed to be unpredictable.

New function RAND_pseudo_bytes() generated pseudorandom numbers that
are not guaranteed to be unpredictable.
373b575f · Ulf Möller · e1798f85 · 373b575f · 373b575f · 373b575f
8 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -7,11 +7,12 @@
  *) Precautions against using the PRNG uninitialized: RAND_bytes() now
     has a return value which indicates the quality of the random data
     (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's
-     error queue.
+     error queue. New function RAND_pseudo_bytes() generates output that is
+     guaranteed to be unique but not unpredictable.
     (TO DO: always check the result of RAND_bytes when it is used in the
-     library, because leaving the error in the error queue but reporting
-     success in a function that uses RAND_bytes could confuse things
-     considerably.)
+     library, or use RAND_pseudo_bytes instead, because leaving the
+     error in the error queue but reporting success in a function that
+     uses RAND_bytes could confuse things considerably.)
     [Ulf Möller]

  *) Do more iterations of Rabin-Miller probable prime test (specifically,

--- a/apps/speed.c
+++ b/apps/speed.c
@@ -965,7 +965,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-	RAND_bytes(buf,36);
+	RAND_pseudo_bytes(buf,36);
 #ifndef NO_RSA
 	for (j=0; j<RSA_NUM; j++)
 		{
@@ -1026,7 +1026,7 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-	RAND_bytes(buf,20);
+	RAND_pseudo_bytes(buf,20);
 #ifndef NO_DSA
 	for (j=0; j<DSA_NUM; j++)
 		{

--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -149,7 +149,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 	if((flags & PKCS7_DETACHED) && data) {
 	/* We want multipart/signed */
 		/* Generate a random boundary */
-		RAND_bytes((unsigned char *)bound, 32);
+		RAND_pseudo_bytes((unsigned char *)bound, 32);
 		for(i = 0; i < 32; i++) {
 			c = bound[i] & 0xf;
 			if(c < 10) c += '0';

--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -146,12 +146,14 @@ static void ssleay_rand_cleanup(void);
 static void ssleay_rand_seed(const void *buf, int num);
 static void ssleay_rand_add(const void *buf, int num, int add_entropy);
 static int ssleay_rand_bytes(unsigned char *buf, int num);
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);

 RAND_METHOD rand_ssleay_meth={
 	ssleay_rand_seed,
 	ssleay_rand_bytes,
 	ssleay_rand_cleanup,
 	ssleay_rand_add,
+	ssleay_rand_pseudo_bytes,
 	}; 

 RAND_METHOD *RAND_SSLeay(void)
@@ -449,6 +451,23 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 		}
 	}

+/* pseudo-random bytes that are guaranteed to be unique but not
+   unpredictable */
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
+	{
+	int ret, err;
+
+	ret = RAND_bytes(buf, num);
+	if (ret == 0)
+		{
+		err = ERR_peek_error();
+		if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
+		    ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
+			(void)ERR_get_error();
+		}
+	return (ret);
+	}
+
 #ifdef WINDOWS
 #include <windows.h>
 #include <openssl/rand.h>

--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -69,6 +69,7 @@ typedef struct rand_meth_st
 	int (*bytes)(unsigned char *buf, int num);
 	void (*cleanup)(void);
 	void (*add)(const void *buf, int num, int entropy);
+	int (*pseudorand)(unsigned char *buf, int num);
 	} RAND_METHOD;

 void RAND_set_rand_method(RAND_METHOD *meth);
@@ -76,6 +77,7 @@ RAND_METHOD *RAND_get_rand_method(void );
 RAND_METHOD *RAND_SSLeay(void);
 void RAND_cleanup(void );
 int  RAND_bytes(unsigned char *buf,int num);
+int  RAND_pseudo_bytes(unsigned char *buf,int num);
 void RAND_seed(const void *buf,int num);
 void RAND_add(const void *buf,int num,int entropy);
 int  RAND_load_file(const char *file,long max_bytes);

--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -102,3 +102,9 @@ int RAND_bytes(unsigned char *buf, int num)
 	return(-1);
 	}

+int RAND_pseudo_bytes(unsigned char *buf, int num)
+	{
+	if (rand_meth != NULL)
+		return rand_meth->pseudorand(buf,num);
+	return(-1);
+	}
--- a/crypto/rand/randtest.c
+++ b/crypto/rand/randtest.c
@@ -73,7 +73,7 @@ int main()
 	/*double d; */
 	long d;

-	RAND_bytes(buf,2500);
+	RAND_pseudo_bytes(buf,2500);

 	n1=0;
 	for (i=0; i<16; i++) n2[i]=0;

--- a/e_os.h
+++ b/e_os.h
@@ -79,7 +79,7 @@ extern "C" {
 #ifndef DEVRANDOM
 /* set this to your 'random' device if you have one.
 * My default, we will try to read this file */
-#define DEVRANDOM "/dev/urandom"
+#define DEVRANDOM "/gibtsnich/dev/urandom"
 #endif

 #if defined(__MWERKS__) && defined(macintosh)