ssleay_rand_pseudo_bytes(): /* pseudo-random bytes that are guaranteed to be unique but not unpredictable */ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) { int ret; unsigned long err;
ret = RAND_bytes(buf, num); if (ret == 0) { err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_RAND && ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) ERR_clear_error(); } return (ret); } RAND_bytes(): int RAND_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); if (meth && meth->bytes) return meth->bytes(buf,num); return(-1); } So, basically, if no engine is being used, then RAND_pseudo_bytes() will only ever return cryptographically strong random bytes or no bytes at all? If that's correct then are there any engines that behave differently? That can return random bytes that aren't cryptographically strong? On Wed, Feb 17, 2010 at 5:20 PM, Mounir IDRASSI <mounir.idra...@idrix.net> wrote: > Hi, > > If you are not using an engine, then pseudorand is implemented in md_rand.c > : function ssleay_rand_pseudo_bytes (line 524). > > Cheers, > > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > > > On 2/17/2010 8:10 PM, Thomas Anderson wrote: >> >> According to<http://www.openssl.org/docs/crypto/RAND_bytes.html>, >> "RAND_bytes() returns 1 on success, 0 otherwise. The error code can be >> obtained by ERR_get_error(3). RAND_pseudo_bytes() returns 1 if the >> bytes generated are cryptographically strong, 0 otherwise. Both >> functions return -1 if they are not supported by the current RAND >> method. " >> >> From<http://cvs.openssl.org/fileview?f=openssl/crypto/rand/ >> rand_lib.c&v=1.20>: >> >> int RAND_pseudo_bytes(unsigned char *buf, int num) >> { >> const RAND_METHOD *meth = RAND_get_rand_method(); >> if (meth&& meth->pseudorand) >> return meth->pseudorand(buf,num); >> return(-1); >> } >> >> Where is pseudorand defined? I figured maybe each of the rand_win.c, >> rand_unix.c, etc, would define it, but the string "pseudorand" doesn't >> appear to occur in any of those files. >> >> Any ideas? >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List openssl-dev@openssl.org >> Automated List Manager majord...@openssl.org >> > > -- > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org