提交 f367ac2b 编写于 作者: R Rich Salz

Use randomness not entropy

Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3773)
上级 c91ec013
......@@ -93,13 +93,14 @@ int app_RAND_write_file(const char *file)
{
char buffer[200];
if (egdsocket || !seeded)
if (egdsocket || !seeded) {
/*
* If we did not manage to read the seed file, we should not write a
* low-entropy seed file back -- it would suppress a crucial warning
* the next time we want to use it.
* If we didn't manage to read the seed file, don't write a
* file out -- it would suppress a crucial warning the next
* time we want to use it.
*/
return 0;
}
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
......
......@@ -249,7 +249,7 @@ static double ecdh_results[EC_NUM][1];
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
"string to make the random number generator think it has randomness";
#endif
#ifdef SIGALRM
......
......@@ -16,7 +16,7 @@ OPENSSL_instrument_bus, OPENSSL_instrument_bus2 - instrument references to memor
It was empirically found that timings of references to primary memory
are subject to irregular, apparently non-deterministic variations. The
subroutines in question instrument these references for purposes of
gathering entropy for random number generator. In order to make it
gathering randomness for random number generator. In order to make it
bus-bound a 'flush cache line' instruction is used between probes. In
addition probes are added to B<vector> elements in atomic or
interlocked manner, which should contribute additional noise on
......
......@@ -3,7 +3,7 @@
=head1 NAME
RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
entropy to the PRNG
randomness to the PRNG
=head1 SYNOPSIS
......@@ -11,7 +11,7 @@ entropy to the PRNG
void RAND_seed(const void *buf, int num);
void RAND_add(const void *buf, int num, double entropy);
void RAND_add(const void *buf, int num, double randomness);
int RAND_status(void);
......@@ -27,10 +27,10 @@ if the data at B<buf> are unpredictable to an adversary, this
increases the uncertainty about the state and makes the PRNG output
less predictable. Suitable input comes from user interaction (random
key presses, mouse movements) and certain hardware events. The
B<entropy> argument is (the lower bound of) an estimate of how much
randomness is contained in B<buf>, measured in bytes. Details about
sources of randomness and how to estimate their entropy can be found
in the literature, e.g. RFC 1750.
B<randomness> argument is an estimate of how much randomness is contained in
B<buf>, in bytes, and should be a number between zero and B<num>.
Details about sources of randomness and how to estimate their randomness
can be found in the literature; for example IETF RFC 4086.
RAND_add() may be called with sensitive data such as user entered
passwords. The seed values cannot be recovered from the PRNG output.
......@@ -42,7 +42,7 @@ application is responsible for seeding the PRNG by calling RAND_add(),
L<RAND_egd(3)>
or L<RAND_load_file(3)>.
RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
RAND_seed() is equivalent to RAND_add() with B<randomness> set to B<num>.
RAND_event() and RAND_screen() are deprecated and should not be called.
......
......@@ -24,9 +24,6 @@ enough randomness to ensure an unpredictable byte sequence.
RAND_pseudo_bytes() has been deprecated; use RAND_bytes() instead.
The contents of B<buf> is mixed into the entropy pool before retrieving
the new pseudo-random bytes unless disabled at compile time (see FAQ).
=head1 RETURN VALUES
RAND_bytes() returns 1 on success, -1 if not supported by the current
......
......@@ -15,18 +15,18 @@ RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon
=head1 DESCRIPTION
RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
RAND_egd() queries the Entropy Gathering Daemon (EGD) on socket B<path>.
It queries 255 bytes and uses L<RAND_add(3)> to seed the
OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for
RAND_egd_bytes(path, 255);
RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>.
RAND_egd_bytes() queries EGD on socket B<path>.
It queries B<bytes> bytes and uses L<RAND_add(3)> to seed the
OpenSSL built-in PRNG.
This function is more flexible than RAND_egd().
When only one secret key must
be generated, it is not necessary to request the full amount 255 bytes from
the EGD socket. This can be advantageous, since the amount of entropy
the EGD socket. This can be advantageous, since the amount of randomness
that can be retrieved from EGD over time is limited.
RAND_query_egd_bytes() performs the actual query of the EGD daemon on socket
......@@ -36,28 +36,28 @@ OpenSSL built-in PRNG using L<RAND_add(3)>.
=head1 NOTES
On systems without /dev/*random devices providing entropy from the kernel,
the EGD entropy gathering daemon can be used to collect entropy. It provides
a socket interface through which entropy can be gathered in chunks up to
On systems without /dev/*random devices providing randomness from the kernel,
EGD provides
a socket interface through which randomness can be gathered in chunks up to
255 bytes. Several chunks can be queried during one connection.
EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
Makefile.PL; make; make install> to install). It is run as B<egd>
I<path>, where I<path> is an absolute path designating a socket. When
RAND_egd() is called with that path as an argument, it tries to read
random bytes that EGD has collected. RAND_egd() retrieves entropy from the
random bytes that EGD has collected. RAND_egd() retrieves randomness from the
daemon using the daemon's "non-blocking read" command which shall
be answered immediately by the daemon without waiting for additional
entropy to be collected. The write and read socket operations in the
randomness to be collected. The write and read socket operations in the
communication are blocking.
Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
available from
http://prngd.sourceforge.net/ .
PRNGD does employ an internal PRNG itself and can therefore never run
out of entropy.
out of randomness.
OpenSSL automatically queries EGD when entropy is requested via RAND_bytes()
OpenSSL automatically queries EGD when randomness is requested via RAND_bytes()
or the status is checked via RAND_status() for the first time, if the socket
is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.
......
......@@ -40,7 +40,7 @@ API is being used, so this function is no longer recommended.
void (*seed)(const void *buf, int num);
int (*bytes)(unsigned char *buf, int num);
void (*cleanup)(void);
void (*add)(const void *buf, int num, int entropy);
void (*add)(const void *buf, int num, int randomness);
int (*pseudorand)(unsigned char *buf, int num);
int (*status)(void);
} RAND_METHOD;
......
......@@ -75,7 +75,7 @@ extern "C" {
# ifndef DEVRANDOM
/*
* set this to a comma-separated list of 'random' device files to try out. My
* set this to a comma-separated list of 'random' device files to try out. By
* default, we will try to read at least one of these files
*/
# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
......@@ -84,7 +84,7 @@ extern "C" {
/*
* set this to a comma-separated list of 'egd' sockets to try out. These
* sockets will be tried in the order listed in case accessing the device
* files listed in DEVRANDOM did not return enough entropy.
* files listed in DEVRANDOM did not return enough randomness.
*/
# define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
# endif
......
......@@ -19,14 +19,11 @@
extern "C" {
#endif
/* Already defined in ossl_typ.h */
/* typedef struct rand_meth_st RAND_METHOD; */
struct rand_meth_st {
int (*seed) (const void *buf, int num);
int (*bytes) (unsigned char *buf, int num);
void (*cleanup) (void);
int (*add) (const void *buf, int num, double entropy);
int (*add) (const void *buf, int num, double randomness);
int (*pseudorand) (unsigned char *buf, int num);
int (*status) (void);
};
......@@ -50,7 +47,7 @@ void RAND_seed(const void *buf, int num);
#if defined(__ANDROID__) && defined(__NDK_FPABI__)
__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */
#endif
void RAND_add(const void *buf, int num, double entropy);
void RAND_add(const void *buf, int num, double randomness);
int RAND_load_file(const char *file, long max_bytes);
int RAND_write_file(const char *file);
const char *RAND_file_name(char *file, size_t num);
......
......@@ -31,7 +31,7 @@ int main(int argc, char *argv[])
static int cb(int p, int n, BN_GENCB *arg);
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
"string to make the random number generator think it has randomness";
static int dh_test(void)
{
......
......@@ -64,7 +64,7 @@ static unsigned char out_g[] = {
static const unsigned char str1[] = "12345678901234567890";
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
"string to make the random number generator think it has randomness";
static int dsa_test(void)
{
......
......@@ -28,8 +28,8 @@
# include <openssl/rand.h>
# include "testutil.h"
static const char rnd_seed[] = "string to make the random number generator "
"think it has entropy";
static const char rnd_seed[] =
"string to make the random number generator think it has randomness";
/* functions to change the RAND_METHOD */
......
......@@ -1427,7 +1427,7 @@ static int parameter_test(void)
}
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
"string to make the random number generator think it has randomness";
#endif
int test_main(int argc, char *argv[])
......
......@@ -20,7 +20,7 @@ plan tests => 4;
require_ok(srctop_file('test','recipes','tconversion.pl'));
open RND, ">>", ".rnd";
print RND "string to make the random number generator think it has entropy";
print RND "string to make the random number generator think it has randomness";
close RND;
subtest "generating certificate requests" => sub {
my @req_new;
......
......@@ -101,7 +101,7 @@ testssl("keyU.ss", $Ucert, $CAcert);
# subtest functions
sub testss {
open RND, ">>", ".rnd";
print RND "string to make the random number generator think it has entropy";
print RND "string to make the random number generator think it has randomness";
close RND;
my @req_dsa = ("-newkey",
......
......@@ -614,7 +614,7 @@ static char *cipher = NULL;
static int verbose = 0;
static int debug = 0;
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
"string to make the random number generator think it has randomness";
int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
long bytes, clock_t *s_time, clock_t *c_time);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册