diff options
| -rw-r--r-- | crypto/err/openssl.txt | 1 | ||||
| -rw-r--r-- | crypto/rand/rand_err.c | 2 | ||||
| -rw-r--r-- | crypto/rand/rand_lib.c | 1 | ||||
| -rw-r--r-- | doc/man3/RAND_bytes.pod | 22 | ||||
| -rw-r--r-- | include/openssl/randerr.h | 1 |
5 files changed, 14 insertions, 13 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 37e31666be..e2cf2c561b 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2042,6 +2042,7 @@ PKCS7_R_UNSUPPORTED_CIPHER_TYPE:111:unsupported cipher type PKCS7_R_UNSUPPORTED_CONTENT_TYPE:112:unsupported content type PKCS7_R_WRONG_CONTENT_TYPE:113:wrong content type PKCS7_R_WRONG_PKCS7_TYPE:114:wrong pkcs7 type +RAND_R_FUNC_NOT_IMPLEMENTED:101:Function not implemented RAND_R_PRNG_NOT_SEEDED:100:PRNG not seeded RSA_R_ALGORITHM_MISMATCH:100:algorithm mismatch RSA_R_BAD_E_VALUE:101:bad e value diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index 177a109498..6888ed9d9b 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -19,6 +19,8 @@ static const ERR_STRING_DATA RAND_str_functs[] = { }; static const ERR_STRING_DATA RAND_str_reasons[] = { + {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FUNC_NOT_IMPLEMENTED), + "Function not implemented"}, {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, {0, NULL} }; diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 7ffd10bd78..84d6b5d6c7 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -137,6 +137,7 @@ int RAND_bytes(unsigned char *buf, int num) const RAND_METHOD *meth = RAND_get_rand_method(); if (meth && meth->bytes) return meth->bytes(buf, num); + RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED); return (-1); } diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index a12f86754d..58aa962572 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -22,24 +22,20 @@ RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes into B<buf>. An error occurs if the PRNG has not been seeded with enough randomness to ensure an unpredictable byte sequence. -RAND_pseudo_bytes() has been deprecated. Users should use RAND_bytes() instead. -RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>. -Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be -unique if they are of sufficient length, but are not necessarily -unpredictable. They can be used for non-cryptographic purposes and for -certain purposes in cryptographic protocols, but usually not for key -generation etc. +RAND_pseudo_bytes() has been deprecated; use RAND_bytes() instead. The contents of B<buf> is mixed into the entropy pool before retrieving the new pseudo-random bytes unless disabled at compile time (see FAQ). =head1 RETURN VALUES -RAND_bytes() returns 1 on success, 0 otherwise. The error code can be -obtained by L<ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the -bytes generated are cryptographically strong, 0 otherwise. Both -functions return -1 if they are not supported by the current RAND -method. +RAND_bytes() returns 1 on success, -1 if not supported by the current +RAND method, or 0 on other failure. The error code can be +obtained by L<ERR_get_error(3)>. + +=head HISTORY + +RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0. =head1 SEE ALSO @@ -48,7 +44,7 @@ L<RAND_add(3)> =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index 80f1a68939..5c9ab86507 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -27,6 +27,7 @@ int ERR_load_RAND_strings(void); /* * RAND reason codes. */ +# define RAND_R_FUNC_NOT_IMPLEMENTED 101 # define RAND_R_PRNG_NOT_SEEDED 100 #endif |