{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1750146634, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"f1aaf00e04e544f472a7468bec82a35c", "commit": {"type":"commit", "time": 1499486034, "time_ofs": 18446744073709551376, "oid_tree": { "oid": "3b0635241592576b172c7b6b1a69de5141108e20", "alias": []}, "oid":{ "oid": "04256277cb9dddedd77965f19107c6c3935e8b96", "alias": []}, "msg": "Update various RAND podpages", "sig_commit": { "git_time": { "time": 1499486034, "offset": -240 }, "name": "Rich Salz", "email": "rsalz@openssl.org", "md5": "3ed6b9cf7bbe83902a044f6590346d26" }, "sig_author": { "git_time": { "time": 1499460459, "offset": -240 }, "name": "Rich Salz", "email": "rsalz@openssl.org", "md5": "3ed6b9cf7bbe83902a044f6590346d26" }}, "body": "Update various RAND podpages\n\nReviewed-by: Tim Hudson \u003ctjh@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/3883)\n" , "diff": "diff --git a/doc/man3/RAND_add.pod b/doc/man3/RAND_add.pod\nindex c62d140..f5514f0 100644\n--- a/doc/man3/RAND_add.pod\n+++ b/doc/man3/RAND_add.pod\n@@ -35,15 +35,13 @@ can be found in the literature; for example IETF RFC 4086.\n RAND_add() may be called with sensitive data such as user entered\n passwords. The seed values cannot be recovered from the PRNG output.\n \n-OpenSSL makes sure that the PRNG state is unique for each thread. On\n-systems that provide C\u003c/dev/urandom\u003e, the randomness device is used\n-to seed the PRNG transparently. However, on all other systems, the\n-application is responsible for seeding the PRNG by calling RAND_add(),\n-L\u003cRAND_egd(3)\u003e\n-or L\u003cRAND_load_file(3)\u003e.\n-\n RAND_seed() is equivalent to RAND_add() with B\u003crandomness\u003e set to B\u003cnum\u003e.\n \n+On systems that provide C\u003c/dev/urandom\u003e or similar source of randomess,\n+it will be used\n+to seed the PRNG transparently. On older systems, however, it might\n+be necessary to use RAND_add(), L\u003cRAND_egd(3)\u003e or L\u003cRAND_load_file(3)\u003e.\n+\n RAND_event() and RAND_screen() are deprecated and should not be called.\n \n \u003dhead1 RETURN VALUES\n@@ -65,11 +63,11 @@ RAND_event() and RAND_screen() are deprecated since OpenSSL\n \u003dhead1 SEE ALSO\n \n L\u003cRAND_bytes(3)\u003e, L\u003cRAND_egd(3)\u003e,\n-L\u003cRAND_load_file(3)\u003e, L\u003cRAND_cleanup(3)\u003e\n+L\u003cRAND_load_file(3)\u003e\n \n \u003dhead1 COPYRIGHT\n \n-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.\n+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.\n \n Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n this file except in compliance with the License. You can obtain a copy\ndiff --git a/doc/man3/RAND_cleanup.pod b/doc/man3/RAND_cleanup.pod\nindex 31c90e7..90395d2 100644\n--- a/doc/man3/RAND_cleanup.pod\n+++ b/doc/man3/RAND_cleanup.pod\n@@ -14,9 +14,10 @@ RAND_cleanup - erase the PRNG state\n \n \u003dhead1 DESCRIPTION\n \n-Prior to OpenSSL 1.1.0 RAND_cleanup() erases the memory used by the PRNG. This\n-function is deprecated and as of version 1.1.0 does nothing. No explicit\n-initialisation or de-initialisation is necessary. See L\u003cOPENSSL_init_crypto(3)\u003e.\n+Prior to OpenSSL 1.1.0, RAND_cleanup() released all resources used by\n+the PRNG. As of version 1.1.0, it does nothing and should not be called,\n+since since no explicit initialisation or de-initialisation is necessary. See\n+L\u003cOPENSSL_init_crypto(3)\u003e.\n \n \u003dhead1 RETURN VALUE\n \n@@ -32,7 +33,7 @@ RAND_cleanup() was deprecated in OpenSSL 1.1.0.\n \n \u003dhead1 COPYRIGHT\n \n-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.\n+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.\n \n Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n this file except in compliance with the License. You can obtain a copy\ndiff --git a/doc/man3/RAND_egd.pod b/doc/man3/RAND_egd.pod\nindex 956362d..e2c7b3f 100644\n--- a/doc/man3/RAND_egd.pod\n+++ b/doc/man3/RAND_egd.pod\n@@ -8,76 +8,48 @@ RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon\n \n #include \u003copenssl/rand.h\u003e\n \n+ int RAND_egd_bytes(const char *path, int num);\n int RAND_egd(const char *path);\n- int RAND_egd_bytes(const char *path, int bytes);\n \n- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);\n+ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num);\n \n \u003dhead1 DESCRIPTION\n \n-RAND_egd() queries the Entropy Gathering Daemon (EGD) on socket B\u003cpath\u003e.\n-It queries 255 bytes and uses L\u003cRAND_add(3)\u003e to seed the\n-OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for\n-RAND_egd_bytes(path, 255);\n-\n-RAND_egd_bytes() queries EGD on socket B\u003cpath\u003e.\n-It queries B\u003cbytes\u003e bytes and uses L\u003cRAND_add(3)\u003e to seed the\n-OpenSSL built-in PRNG.\n-This function is more flexible than RAND_egd().\n-When only one secret key must\n-be generated, it is not necessary to request the full amount 255 bytes from\n-the EGD socket. This can be advantageous, since the amount of randomness\n-that can be retrieved from EGD over time is limited.\n-\n-RAND_query_egd_bytes() performs the actual query of the EGD daemon on socket\n-B\u003cpath\u003e. If B\u003cbuf\u003e is given, B\u003cbytes\u003e bytes are queried and written into\n-B\u003cbuf\u003e. If B\u003cbuf\u003e is NULL, B\u003cbytes\u003e bytes are queried and used to seed the\n-OpenSSL built-in PRNG using L\u003cRAND_add(3)\u003e.\n-\n-\u003dhead1 NOTES\n-\n-On systems without /dev/*random devices providing randomness from the kernel,\n-EGD provides\n-a socket interface through which randomness can be gathered in chunks up to\n-255 bytes. Several chunks can be queried during one connection.\n-\n-EGD is available from http://www.lothar.com/tech/crypto/ (C\u003cperl\n-Makefile.PL; make; make install\u003e to install). It is run as B\u003cegd\u003e\n-I\u003cpath\u003e, where I\u003cpath\u003e is an absolute path designating a socket. When\n-RAND_egd() is called with that path as an argument, it tries to read\n-random bytes that EGD has collected. RAND_egd() retrieves randomness from the\n-daemon using the daemon's \u0022non-blocking read\u0022 command which shall\n-be answered immediately by the daemon without waiting for additional\n-randomness to be collected. The write and read socket operations in the\n-communication are blocking.\n-\n-Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is\n-available from\n-http://prngd.sourceforge.net/ .\n-PRNGD does employ an internal PRNG itself and can therefore never run\n-out of randomness.\n-\n-OpenSSL automatically queries EGD when randomness is requested via RAND_bytes()\n-or the status is checked via RAND_status() for the first time, if the socket\n-is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.\n+On older platforms without a good source of randomness such as C\u003c/dev/urandom\u003e,\n+it is possible to query an Entropy Gathering Daemon (EGD) over a local\n+socket to obtain randomness and seed the OpenSSL RNG.\n+The protocol used is defined by the EGDs available at\n+L\u003chttp://egd.sourceforge.net/\u003e or L\u003chttp://prngd.sourceforge.net\u003e.\n+\n+RAND_egd_bytes() requests B\u003cnum\u003e bytes of randomness from an EGD at the\n+specified socket B\u003cpath\u003e, and passes the data it receives into RAND_add().\n+RAND_egd() is equivalent to RAND_egd_bytes() with B\u003cnum\u003e set to 255.\n+\n+RAND_query_egd_bytes() requests B\u003cnum\u003e bytes of randomness from an EGD at\n+the specified socket B\u003cpath\u003e.\n+If B\u003cbuf\u003e is B\u003cNULL\u003e, it is equivalent to RAND_egd_bytes().\n+If B\u003cbuf\u003e is not B\u003cNULL\u003e, then the data is copied to the buffer and\n+RAND_add() is not called.\n+\n+OpenSSL can be configured at build time to try to use the EGD for seeding\n+automatically.\n \n \u003dhead1 RETURN VALUE\n \n RAND_egd() and RAND_egd_bytes() return the number of bytes read from the\n-daemon on success, and -1 if the connection failed or the daemon did not\n+daemon on success, or -1 if the connection failed or the daemon did not\n return enough data to fully seed the PRNG.\n \n RAND_query_egd_bytes() returns the number of bytes read from the daemon on\n-success, and -1 if the connection failed. The PRNG state is not considered.\n+success, or -1 if the connection failed.\n \n \u003dhead1 SEE ALSO\n \n-L\u003cRAND_bytes(3)\u003e, L\u003cRAND_add(3)\u003e,\n-L\u003cRAND_cleanup(3)\u003e\n+L\u003cRAND_bytes(3)\u003e, L\u003cRAND_add(3)\u003e\n \n \u003dhead1 COPYRIGHT\n \n-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.\n+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.\n \n Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n this file except in compliance with the License. You can obtain a copy\ndiff --git a/doc/man3/RAND_load_file.pod b/doc/man3/RAND_load_file.pod\nindex 8b5867f..0a0c4bc 100644\n--- a/doc/man3/RAND_load_file.pod\n+++ b/doc/man3/RAND_load_file.pod\n@@ -64,7 +64,7 @@ error.\n \n \u003dhead1 SEE ALSO\n \n-L\u003cRAND_bytes(3)\u003e, L\u003cRAND_add(3)\u003e, L\u003cRAND_cleanup(3)\u003e\n+L\u003cRAND_bytes(3)\u003e, L\u003cRAND_add(3)\u003e\n \n \u003dhead1 HISTORY\n \n@@ -75,7 +75,7 @@ poorly enforced before OpenSSL version 1.1.1.\n \n \u003dhead1 COPYRIGHT\n \n-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.\n+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.\n \n Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n this file except in compliance with the License. You can obtain a copy\ndiff --git a/doc/man3/RAND_set_rand_method.pod b/doc/man3/RAND_set_rand_method.pod\nindex 12075d2..70c1b23 100644\n--- a/doc/man3/RAND_set_rand_method.pod\n+++ b/doc/man3/RAND_set_rand_method.pod\n@@ -8,35 +8,32 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL - select RAND method\n \n #include \u003copenssl/rand.h\u003e\n \n+ RAND_METHOD *RAND_OpenSSL(void);\n+\n void RAND_set_rand_method(const RAND_METHOD *meth);\n \n const RAND_METHOD *RAND_get_rand_method(void);\n \n- RAND_METHOD *RAND_OpenSSL(void);\n-\n \u003dhead1 DESCRIPTION\n \n A B\u003cRAND_METHOD\u003e specifies the functions that OpenSSL uses for random number\n-generation. By modifying the method, alternative implementations such as\n-hardware RNGs may be used. IMPORTANT: See the NOTES section for important\n-information about how these RAND API functions are affected by the use of\n-B\u003cENGINE\u003e API calls.\n+generation.\n \n-Initially, the default RAND_METHOD is the OpenSSL internal implementation, as\n-returned by RAND_OpenSSL().\n+Initially, the default B\u003cRAND_METHOD\u003e is the OpenSSL internal implementation,\n+as returned by RAND_OpenSSL().\n+This implementation ensures that the PRNG state is unique for each thread.\n \n-RAND_set_default_method() makes B\u003cmeth\u003e the method for PRNG use. B\u003cNB\u003e: This is\n-true only whilst no ENGINE has been set as a default for RAND, so this function\n-is no longer recommended.\n+If an B\u003cENGINE\u003e is loaded that provides the RAND API, however, it will\n+be used instead of the method returned by RAND_OpenSSL().\n \n-RAND_get_default_method() returns a pointer to the current RAND_METHOD.\n-However, the meaningfulness of this result is dependent on whether the ENGINE\n-API is being used, so this function is no longer recommended.\n+RAND_set_rand_method() makes B\u003cmeth\u003e the method for PRNG use. If an\n+ENGINE was providing the method, it will be released first.\n+\n+RAND_get_rand_method() returns a pointer to the current B\u003cRAND_METHOD\u003e.\n \n \u003dhead1 THE RAND_METHOD STRUCTURE\n \n- typedef struct rand_meth_st\n- {\n+ typedef struct rand_meth_st {\n void (*seed)(const void *buf, int num);\n int (*bytes)(unsigned char *buf, int num);\n void (*cleanup)(void);\n@@ -45,33 +42,23 @@ API is being used, so this function is no longer recommended.\n int (*status)(void);\n } RAND_METHOD;\n \n-The components point to method implementations used by (or called by), in order,\n+The fields point to functions that are used by, in order,\n RAND_seed(), RAND_bytes(), internal RAND cleanup, RAND_add(), RAND_pseudo_rand()\n and RAND_status().\n-Each component may be NULL if the function is not implemented.\n+Each pointer may be NULL if the function is not implemented.\n \n \u003dhead1 RETURN VALUES\n \n RAND_set_rand_method() returns no value. RAND_get_rand_method() and\n RAND_OpenSSL() return pointers to the respective methods.\n \n-\u003dhead1 NOTES\n-\n-RAND_METHOD implementations are grouped together with other\n-algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B\u003cENGINE\u003e modules. If a\n-default ENGINE is specified for RAND functionality using an ENGINE API function,\n-that will override any RAND defaults set using the RAND API (ie.\n-RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way\n-to control default implementations for use in RAND and other cryptographic\n-algorithms.\n-\n \u003dhead1 SEE ALSO\n \n L\u003cRAND_bytes(3)\u003e, L\u003cENGINE_by_id(3)\u003e\n \n \u003dhead1 COPYRIGHT\n \n-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.\n+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.\n \n Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n this file except in compliance with the License. You can obtain a copy\n","s":{"c":1750023229,"u": 43105}} ],"g": 1366,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "7d0a"}