diff options
author | Rich Salz <rsalz@openssl.org> | 2017-07-05 16:08:19 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-07-06 13:59:11 -0400 |
commit | 9ee344f5cd5e935c60d3bf7c3ce9ee21895069db (patch) | |
tree | 1ea4f471479184095329b3d8087e149081ea0918 /doc | |
parent | 60eba30f60de55e3c782469fa555eede82606099 (diff) |
Cleanup RAND_load_file,RAND_write_file
Document an internal assumption that these are only for use with files,
and return an error if not. That made the code much simpler.
Leave it as writing 1024 bytes, even though we don't need more than 256
from a security perspective. But the amount isn't specified, now, so we
can change it later if we want.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3864)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/RAND_load_file.pod | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/doc/man3/RAND_load_file.pod b/doc/man3/RAND_load_file.pod index eecaab94c0..8b5867ff89 100644 --- a/doc/man3/RAND_load_file.pod +++ b/doc/man3/RAND_load_file.pod @@ -8,51 +8,50 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file #include <openssl/rand.h> - const char *RAND_file_name(char *buf, size_t num); - int RAND_load_file(const char *filename, long max_bytes); int RAND_write_file(const char *filename); + const char *RAND_file_name(char *buf, size_t num); + =head1 DESCRIPTION +RAND_load_file() reads a number of bytes from file B<filename> and +adds them to the PRNG. If B<max_bytes> is non-negative, +up to B<max_bytes> are read; +if B<max_bytes> is -1, the complete file is read. + +RAND_write_file() writes a number of random bytes (currently 256) to +file B<filename> which can be used to initialize the PRNG by calling +RAND_load_file() in a later session. + RAND_file_name() generates a default path for the random seed file. B<buf> points to a buffer of size B<num> in which to store the filename. On all systems, if the environment variable B<RANDFILE> is set, its value will be used as the seed file name. - -Otherwise, the file is called ".rnd", found in platform dependent locations: +Otherwise, the file is called C<.rnd>, found in platform dependent locations: =over 4 =item On Windows (in order of preference) -%HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\ + %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\ =item On VMS -SYS$LOGIN: + SYS$LOGIN: =item On all other systems -$HOME + $HOME =back If C<$HOME> (on non-Windows and non-VMS system) is not set either, or B<num> is too small for the path name, an error occurs. -RAND_load_file() reads a number of bytes from file B<filename> and -adds them to the PRNG. If B<max_bytes> is non-negative, -up to B<max_bytes> are read; -if B<max_bytes> is -1, the complete file is read. - -RAND_write_file() writes a number of random bytes (currently 1024) to -file B<filename> which can be used to initialize the PRNG by calling -RAND_load_file() in a later session. - =head1 RETURN VALUES RAND_load_file() returns the number of bytes read. @@ -67,6 +66,13 @@ error. L<RAND_bytes(3)>, L<RAND_add(3)>, L<RAND_cleanup(3)> +=head1 HISTORY + +A comment in the source since at least OpenSSL version 1.0.2 said that +RAND_load_file() and RAND_write_file() were only intended for regular files, +and not really device special files such as C</dev/random>. This was +poorly enforced before OpenSSL version 1.1.1. + =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. |