RAND_load_file(..., -1) now means "read the complete file";
this is what we now use to read $RANDFILE / $HOME/.rnd.
(Previously, after 'cat'ting lots of stuff into .rnd
only the first MB would be looked at.)
Bugfix for apps/enc.c: Continue if RAND_pseudo_bytes returns 0
(only -1 is an error).
diff --git a/apps/app_rand.c b/apps/app_rand.c
index 9e29e54..6384dd0 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -130,7 +130,7 @@
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
- if (file == NULL || !RAND_load_file(file, 1024L*1024L))
+ if (file == NULL || !RAND_load_file(file, -1))
{
if (!dont_warn)
{
diff --git a/apps/enc.c b/apps/enc.c
index 8420366..d5db3bf 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -448,7 +448,7 @@
"invalid hex salt value\n");
goto end;
}
- } else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) <= 0)
+ } else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0)
goto end;
/* If -P option then don't bother writing */
if((printkey != 2)
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 375c339..cea9f54 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -82,6 +82,9 @@
int RAND_load_file(const char *file, long bytes)
{
+ /* If bytes >= 0, read up to 'bytes' bytes.
+ * if bytes == -1, read complete file. */
+
MS_STATIC unsigned char buf[BUFSIZE];
struct stat sb;
int i,ret=0,n;
@@ -93,20 +96,26 @@
/* If the state fails, put some crap in anyway */
RAND_add(&sb,sizeof(sb),0);
if (i < 0) return(0);
- if (bytes <= 0) return(ret);
+ if (bytes == 0) return(ret);
in=fopen(file,"rb");
if (in == NULL) goto err;
for (;;)
{
- n=(bytes < BUFSIZE)?(int)bytes:BUFSIZE;
+ if (bytes > 0)
+ n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE;
+ else
+ n = BUFSIZE;
i=fread(buf,1,n,in);
if (i <= 0) break;
/* even if n != i, use the full array */
RAND_add(buf,n,i);
ret+=i;
- bytes-=n;
- if (bytes <= 0) break;
+ if (bytes > 0)
+ {
+ bytes-=n;
+ if (bytes == 0) break;
+ }
}
fclose(in);
memset(buf,0,BUFSIZE);
diff --git a/doc/crypto/RAND_load_file.pod b/doc/crypto/RAND_load_file.pod
index 8fc985e..c6a00a2 100644
--- a/doc/crypto/RAND_load_file.pod
+++ b/doc/crypto/RAND_load_file.pod
@@ -18,12 +18,14 @@
RAND_file_name() generates a default path for the random seed
file. B<buf> points to a buffer of size B<num> in which to store the
-filename. The seed file is $RANDFILE, if that environment variable is
-set, $HOME/.rand otherwise. If $HOME is not set either, or B<num> is
+filename. The seed file is $RANDFILE if that environment variable is
+set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
too small for the path name, an error occurs.
-RAND_load_file() reads up to B<max_bytes> from file B<filename> and
-adds them to the PRNG.
+RAND_load_file() reads a number of bytes from file B<filename> and
+adds them to the PRNG. If B<max_bytes> is non-negative,
+up to to B<max_bytes> are read; if B<max_bytes> is -1, the complete file
+is read.
RAND_write_file() writes a number of random bytes (currently 1024) to
file B<filename> which can be used to initialze the PRNG by calling
