{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1752650821, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"000c5e287ec7925efe20c186bc3da23d", "commit": {"type":"commit", "time": 1529420798, "time_ofs": 120, "oid_tree": { "oid": "3c32dde09c1c122a6a40f4240b53edb30c87443e", "alias": []}, "oid":{ "oid": "b26befb541f8bc7d4f4e0beead50248b16949932", "alias": []}, "msg": "Fix \u0026 update documentation about RAND_priv_bytes()", "sig_commit": { "git_time": { "time": 1529420798, "offset": 120 }, "name": "Dr. Matthias St. Pierre", "email": "Matthias.St.Pierre@ncp-e.com", "md5": "7d700d548b38974b2492f8ff219793b3" }, "sig_author": { "git_time": { "time": 1529338416, "offset": 180 }, "name": "Nicola Tuveri", "email": "nic.tuv@gmail.com", "md5": "0f1463251f0d945ac93a8ec7bae99db5" }}, "body": "Fix \u0026 update documentation about RAND_priv_bytes()\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\nReviewed-by: Kurt Roeckx \u003ckurt@roeckx.be\u003e\nReviewed-by: Ben Kaduk \u003ckaduk@mit.edu\u003e\nReviewed-by: Matthias St. Pierre \u003cMatthias.St.Pierre@ncp-e.com\u003e\n(Merged from https://github.com/openssl/openssl/pull/6514)\n" , "diff": "diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod\nindex 099dda4..eb0a6b1 100644\n--- a/doc/man3/BN_rand.pod\n+++ b/doc/man3/BN_rand.pod\n@@ -2,7 +2,9 @@\n \n \u003dhead1 NAME\n \n-BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-random number\n+BN_rand, BN_priv_rand, BN_pseudo_rand,\n+BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range\n+- generate pseudo-random number\n \n \u003dhead1 SYNOPSIS\n \n@@ -10,10 +12,14 @@ BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-r\n \n int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);\n \n+ int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);\n+\n int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);\n \n int BN_rand_range(BIGNUM *rnd, BIGNUM *range);\n \n+ int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range);\n+\n int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);\n \n \u003dhead1 DESCRIPTION\n@@ -37,7 +43,16 @@ If B\u003cbits\u003e is 1 then B\u003ctop\u003e cannot also be B\u003cBN_RAND_FLG_TOPTWO\u003e.\n BN_rand_range() generates a cryptographically strong pseudo-random\n number B\u003crnd\u003e in the range 0 E\u003clt\u003e\u003d B\u003crnd\u003e E\u003clt\u003e B\u003crange\u003e.\n \n-The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().\n+BN_priv_rand() and BN_priv_rand_range() have the same semantics as\n+BN_rand() and BN_rand_range() respectively. They are intended to be\n+used for generating values that should remain private, and mirror the\n+same difference between L\u003cRAND_bytes(3)\u003e and L\u003cRAND_priv_bytes(3)\u003e.\n+\n+\u003dhead1 NOTES\n+\n+Always check the error return value of these functions and do not take\n+randomness for granted: an error occurs if the CSPRNG has not been\n+seeded with enough randomness to ensure an unpredictable byte sequence.\n \n \u003dhead1 RETURN VALUES\n \n@@ -46,20 +61,34 @@ The error codes can be obtained by L\u003cERR_get_error(3)\u003e.\n \n \u003dhead1 HISTORY\n \n-Starting with OpenSSL release 1.1.0,\n-BN_pseudo_rand() has been identical to BN_rand()\n-and\n-BN_pseudo_rand_range() has been identical to BN_rand_range().\n+\u003dover 2\n+\n+\u003ditem *\n+\n+Starting with OpenSSL release 1.1.0, BN_pseudo_rand() has been identical\n+to BN_rand() and BN_pseudo_rand_range() has been identical to\n+BN_rand_range().\n The \u0022pseudo\u0022 functions should not be used and may be deprecated in\n a future release.\n \n+\u003ditem *\n+\n+BN_priv_rand() and BN_priv_rand_range() were added in OpenSSL 1.1.1.\n+\n+\u003dback\n+\n \u003dhead1 SEE ALSO\n \n-L\u003cERR_get_error(3)\u003e, L\u003cRAND_add(3)\u003e, L\u003cRAND_bytes(3)\u003e\n+L\u003cERR_get_error(3)\u003e,\n+L\u003cRAND_add(3)\u003e,\n+L\u003cRAND_bytes(3)\u003e,\n+L\u003cRAND_priv_bytes(3)\u003e,\n+L\u003cRAND(7)\u003e,\n+L\u003cRAND_DRBG(7)\u003e\n \n \u003dhead1 COPYRIGHT\n \n-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.\n+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.\n \n Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n this file except in compliance with the License. You can obtain a copy\ndiff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod\nindex 284b9db..fca1ad6 100644\n--- a/doc/man3/RAND_bytes.pod\n+++ b/doc/man3/RAND_bytes.pod\n@@ -20,13 +20,21 @@ Deprecated:\n \u003dhead1 DESCRIPTION\n \n RAND_bytes() puts B\u003cnum\u003e cryptographically strong pseudo-random bytes\n-into B\u003cbuf\u003e. An error occurs if the CSPRNG has not been seeded with\n-enough randomness to ensure an unpredictable byte sequence.\n+into B\u003cbuf\u003e.\n \n RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to\n-be used for generating long-term private keys. If using the default\n-RAND_METHOD, this function uses a separate instance of the PRNG so that\n-a compromise of the global generator will not affect such key generation.\n+be used for generating values that should remain private. If using the\n+default RAND_METHOD, this function uses a separate \u0022private\u0022 PRNG\n+instance so that a compromise of the \u0022public\u0022 PRNG instance will not\n+affect the secrecy of these private values, as described in L\u003cRAND(7)\u003e\n+and L\u003cRAND_DRBG(7)\u003e.\n+\n+\u003dhead1 NOTES\n+\n+Always check the error return value of RAND_bytes() and\n+RAND_priv_bytes() and do not take randomness for granted: an error occurs\n+if the CSPRNG has not been seeded with enough randomness to ensure an\n+unpredictable byte sequence.\n \n \u003dhead1 RETURN VALUES\n \n@@ -37,14 +45,26 @@ obtained by L\u003cERR_get_error(3)\u003e.\n \n \u003dhead1 HISTORY\n \n+\u003dover 2\n+\n+\u003ditem *\n+\n RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead.\n \n+\u003ditem *\n+\n+RAND_priv_bytes() was added in OpenSSL 1.1.1.\n+\n+\u003dback\n+\n \u003dhead1 SEE ALSO\n \n L\u003cRAND_add(3)\u003e,\n L\u003cRAND_bytes(3)\u003e,\n+L\u003cRAND_priv_bytes(3)\u003e,\n L\u003cERR_get_error(3)\u003e,\n-L\u003cRAND(7)\u003e\n+L\u003cRAND(7)\u003e,\n+L\u003cRAND_DRBG(7)\u003e\n \n \u003dhead1 COPYRIGHT\n \ndiff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod\nindex 578018f..971b3cd 100644\n--- a/doc/man7/RAND.pod\n+++ b/doc/man7/RAND.pod\n@@ -24,16 +24,19 @@ to be initialized ('seeded') explicitly.\n It seeds and reseeds itself automatically using trusted random sources\n provided by the operating system.\n \n-As a normal application developer, you don't have to worry about any details,\n+As a normal application developer, you do not have to worry about any details,\n just use L\u003cRAND_bytes(3)\u003e to obtain random data.\n Having said that, there is one important rule to obey: Always check the error\n-return value of L\u003cRAND_bytes(3)\u003e and don't take randomness for granted.\n+return value of L\u003cRAND_bytes(3)\u003e and do not take randomness for granted.\n \n-For long-term secrets, you can use L\u003cRAND_priv_bytes(3)\u003e instead.\n+For values that should remain secret, you can use L\u003cRAND_priv_bytes(3)\u003e\n+instead.\n This method does not provide 'better' randomness, it uses the same type of CSPRNG.\n-The intention behind using a dedicated CSPRNG exclusively for long-term secrets is\n-that none of its output should be visible to an attacker (e.g used as salt value),\n-in order to reveal as little information as possible about its internal state.\n+The intention behind using a dedicated CSPRNG exclusively for private\n+values is that none of its output should be visible to an attacker (e.g.,\n+used as salt value), in order to reveal as little information as\n+possible about its internal state, and that a compromise of the \u0022public\u0022\n+CSPRNG instance will not affect the secrecy of these private values.\n \n In the rare case where the default implementation does not satisfy your special\n requirements, there are two options:\n@@ -61,10 +64,10 @@ of cryptographic principles and understand the implications of your changes.\n L\u003cRAND_add(3)\u003e,\n L\u003cRAND_bytes(3)\u003e,\n L\u003cRAND_priv_bytes(3)\u003e,\n-L\u003cRAND_get_rand_method(3)\u003e\n-L\u003cRAND_set_rand_method(3)\u003e\n+L\u003cRAND_get_rand_method(3)\u003e,\n+L\u003cRAND_set_rand_method(3)\u003e,\n L\u003cRAND_OpenSSL(3)\u003e,\n-L\u003cRAND_DRBG(7)\u003e,\n+L\u003cRAND_DRBG(7)\u003e\n \n \u003dhead1 COPYRIGHT\n \n","s":{"c":1752650821,"u": 36011}} ],"g": 38369,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}