aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/rand/rand.h
Commit message (Collapse)AuthorAgeFilesLines
* Stop symlinking, move files to intended directoryRichard Levitte2015-03-311-153/+0
| | | | | | | | | | | | | Rather than making include/openssl/foo.h a symlink to crypto/foo/foo.h, this change moves the file to include/openssl/foo.h once and for all. Likewise, move crypto/foo/footest.c to test/footest.c, instead of symlinking it there. Originally-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Deprecate RAND_pseudo_bytesMatt Caswell2015-03-251-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The justification for RAND_pseudo_bytes is somewhat dubious, and the reality is that it is frequently being misused. RAND_bytes and RAND_pseudo_bytes in the default implementation both end up calling ssleay_rand_bytes. Both may return -1 in an error condition. If there is insufficient entropy then both will return 0, but RAND_bytes will additionally add an error to the error queue. They both return 1 on success. Therefore the fundamental difference between the two is that one will add an error to the error queue with insufficient entory whilst the other will not. Frequently there are constructions of this form: if(RAND_pseudo_bytes(...) <= 1) goto err; In the above form insufficient entropy is treated as an error anyway, so RAND_bytes is probably the better form to use. This form is also seen: if(!RAND_pseudo_bytes(...)) goto err; This is technically not correct at all since a -1 return value is incorrectly handled - but this form will also treat insufficient entropy as an error. Within libssl it is required that you have correctly seeded your entropy pool and so there seems little benefit in using RAND_pseudo_bytes. Similarly in libcrypto many operations also require a correctly seeded entropy pool and so in most interesting cases you would be better off using RAND_bytes anyway. There is a significant risk of RAND_pseudo_bytes being incorrectly used in scenarios where security can be compromised by insufficient entropy. If you are not using the default implementation, then most engines use the same function to implement RAND_bytes and RAND_pseudo_bytes in any case. Given its misuse, limited benefit, and potential to compromise security, RAND_pseudo_bytes has been deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-55/+55
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* remove FIPS_*_SIZE_TDr. Stephen Henson2014-12-081-4/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Extensive reorganisation of PRNG handling in FIPS module: all callsDr. Stephen Henson2011-04-051-1/+6
| | | | | | | | | now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it. Initial OpenSSL RAND_init_fips() function that will setup the DRBG for the "FIPS capable OpenSSL".
* Add FIPS support to the WIN32 build system.Dr. Stephen Henson2011-02-031-1/+1
|
* add new RAND errorsDr. Stephen Henson2011-01-261-0/+10
|
* Audit libcrypto for unchecked return values: fix all cases enounteredDr. Stephen Henson2009-09-231-2/+2
|
* Revert the size_t modifications from HEAD that had led to moreGeoff Thorpe2008-11-121-10/+10
| | | | | | knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD.
* More size_tification.Ben Laurie2008-11-011-10/+10
|
* Make reservations for FIPS code in HEAD branch, so that the moment FIPSAndy Polyakov2004-05-171-0/+4
| | | | comes in we have required macros in place.
* Reduce header interdependencies, initially in engine.h (the rest of theGeoff Thorpe2004-04-191-2/+5
| | | | | | | | | changes are the fallout). As this could break source code that doesn't directly include headers for interfaces it uses, changes to recursive includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to define this when building and using openssl, and then adapt code where necessary - this is how to stay current. However the mechanism exists for the lethargic.
* Add the possibility to build without the ENGINE framework.Richard Levitte2003-01-301-0/+2
| | | | PR: 287
* OPENSSL_SYS_WIN32 is important so util/mkdef.pl can detect itRichard Levitte2002-07-181-1/+1
|
* opensslconf.h doesn't define what we want, e_os2.h does.Richard Levitte2002-06-271-1/+1
| | | | PR 123
* When compiling for Windows, make sure we have the windows definitions declared.Richard Levitte2002-06-271-1/+6
| | | | Part of PR 123
* Because there's chances we clash with the system's types.h, rename ourRichard Levitte2001-10-041-1/+1
| | | | types.h to ossl_typ.h.
* This commits changes to various parts of libcrypto required by the recentGeoff Thorpe2001-09-251-4/+4
| | | | | | | | | | | ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE pointers to manage their hooking with ENGINE. Previously their use of "method" pointers was replaced by use of ENGINE references. See crypto/engine/README for details. Also, remove the ENGINE iterations from evp_test - even when the cipher/digest code is committed in, this functionality would require a different set of API calls.
* In RSA, DSA, DH, and RAND - if the "***_new()" function fails because theGeoff Thorpe2001-04-301-2/+2
| | | | ENGINE code does not return a default, set an error.
* Some more tweaks from ENGINE code.Geoff Thorpe2001-04-181-1/+1
| | | | | | | | | | | | Previously RAND_get_rand_method was returning a non-const pointer, but it should be const. As with all other such cases, METHOD pointers are stored and returned as "const". The only methods one should be able to alter are methods "local" to the relevant code, in which case a non-const handle to the methods should already exist. This change has been forced by the constifying of the ENGINE code (before which RAND_METHOD was the only method pointer in an ENGINE structure that was not constant).
* Use stdlib.h to get size_t.Richard Levitte2001-03-211-7/+1
|
* Move ec.h to ec2.h because it is not compatible with what we will use.Bodo Möller2001-03-051-4/+3
| | | | | | | Add EC vaporware: change relevant Makefiles and add some empty source files. "make update".
* Since RAND_file_name() uses strlen, make sure the number that'sRichard Levitte2001-02-221-11/+9
| | | | | compared to it has the type size_t. Included the needed headers to make that happen.
* Make all configuration macros available for application by makingRichard Levitte2001-02-191-1/+3
| | | | | | | | | | | | sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.
* Add automatic query of EGD sockets to RAND_poll(). The EGD sockets areLutz Jänicke2001-01-091-0/+1
| | | | | | | only queried when the /dev/[u]random devices did not return enough entropy. Only the amount of entropy missing to reach the required minimum is queried, as EGD may be drained. Queried locations are: /etc/entropy, /var/run/egd-pool
* Merge the engine branch into the main trunk. All conflicts resolved.Richard Levitte2000-10-261-1/+3
| | | | At the same time, add VMS support for Rijndael.
* Fix warnings.Dr. Stephen Henson2000-07-261-1/+1
| | | | | | In crypto/err/err.c need to initialise p to NULL in case thread_hash is NULL. Otherwise p will be uninitialized.
* Randomness polling function for Win9x.Ulf Möller2000-07-191-1/+2
|
* EVP constification.Ben Laurie2000-06-031-0/+1
|
* In Message-ID: <003201bfb332$14a07520$0801a8c0@janm.transactionsite.com>,Richard Levitte2000-05-021-4/+15
| | | | | | "Jan Mikkelsen" <janm@transactionsite.com> correctly states that the OpenSSL header files have #include's and extern "C"'s in an incorrect order. Thusly fixed.
* New function RAND_event() collects entropy from Windows events.Ulf Möller2000-03-191-0/+2
|
* Use RAND_METHOD for implementing RAND_status.Bodo Möller2000-03-021-0/+1
|
* Fix for non-monolithic build.Ulf Möller2000-02-281-1/+5
| | | | Submitted by: Andrew Gray <agray@iconsinc.com>
* Support EGD.Ulf Möller2000-02-241-0/+2
|
* Allow for higher granularity of entropy estimates by using 'double'Bodo Möller2000-02-191-2/+2
| | | | | | | instead of 'unsigned' counters. Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp. Partially submitted by Yoram Meroz <yoram@mail.idrive.com>.
* Source code cleanups: Use void * rather than char * in lhash,Ulf Möller2000-01-301-1/+1
| | | | eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
* New function RAND_pseudo_bytes() generated pseudorandom numbers thatUlf Möller2000-01-161-0/+2
| | | | are not guaranteed to be unpredictable.
* Precautions against using the PRNG uninitialized: RAND_bytes() nowUlf Möller2000-01-131-3/+20
| | | | | | returns int (1 = ok, 0 = not seeded). New function RAND_add() is the same as RAND_seed() but takes an estimate of the entropy as an additional argument.
* Remove NOPROTO definitions and error code comments.Ulf Möller1999-04-261-22/+0
|
* More exactitude with function arguments.Ben Laurie1999-02-091-3/+3
|
* Minor constification.Ben Laurie1999-01-241-2/+2
|
* Import of old SSLeay release: SSLeay 0.9.1b (unreleased)Ralf S. Engelschall1998-12-211-0/+19
|
* Import of old SSLeay release: SSLeay 0.9.0bRalf S. Engelschall1998-12-211-1/+1
|
* Import of old SSLeay release: SSLeay 0.8.1bRalf S. Engelschall1998-12-211-0/+92
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-14 02:37:00 +0000