Google Git
Sign in
boringssl / boringssl.git / 8267582590020ca2877592084f3a56b2f6e3209b^! / .
commit8267582590020ca2877592084f3a56b2f6e3209b[log] [tgz]
authorDavid Benjamin <davidben@google.com>Tue Jul 11 10:51:33 2023 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Jul 11 15:54:25 2023 +0000
tree3b69c8e623565491b54ed6369db1d839594b02eb
parent8f4daaf2664d2a9518106ce42cf5a5202e515645 [diff]
Update the documentation of RAND_cleanup

This function hasn't done anything since 2015, when
https://boringssl-review.googlesource.com/5792 made it a no-op.

Also move RAND_get_system_entropy_for_custom_prng under obscure
functions. It's usually not what you want.

Change-Id: Ica57552792acff3c5991e6db09c15112db09d133
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61505
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>

diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 586274d..6193c00 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h

@@ -29,20 +29,6 @@
 // event that sufficient random data can not be obtained, |abort| is called.
 OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len);
 
-// RAND_get_system_entropy_for_custom_prng writes |len| bytes of random data
-// from a system entropy source to |buf|. The maximum length of entropy which
-// may be requested is 256 bytes. If more than 256 bytes of data is requested,
-// or if sufficient random data can not be obtained, |abort| is called.
-// |RAND_bytes| should normally be used instead of this function. This function
-// should only be used for seed values or where |malloc| should not be called
-// from BoringSSL. This function is not FIPS compliant.
-OPENSSL_EXPORT void RAND_get_system_entropy_for_custom_prng(uint8_t *buf,
-                                                            size_t len);
-
-// RAND_cleanup frees any resources used by the RNG. This is not safe if other
-// threads might still be calling |RAND_bytes|.
-OPENSSL_EXPORT void RAND_cleanup(void);
-
 
 // Obscure functions.
 
@@ -65,6 +51,16 @@
 OPENSSL_EXPORT void RAND_reset_for_fuzzing(void);
 #endif
 
+// RAND_get_system_entropy_for_custom_prng writes |len| bytes of random data
+// from a system entropy source to |buf|. The maximum length of entropy which
+// may be requested is 256 bytes. If more than 256 bytes of data is requested,
+// or if sufficient random data can not be obtained, |abort| is called.
+// |RAND_bytes| should normally be used instead of this function. This function
+// should only be used for seed values or where |malloc| should not be called
+// from BoringSSL. This function is not FIPS compliant.
+OPENSSL_EXPORT void RAND_get_system_entropy_for_custom_prng(uint8_t *buf,
+                                                            size_t len);
+
 
 // Deprecated functions
 
@@ -93,6 +89,9 @@
 // RAND_status returns one.
 OPENSSL_EXPORT int RAND_status(void);
 
+// RAND_cleanup does nothing.
+OPENSSL_EXPORT void RAND_cleanup(void);
+
 // rand_meth_st is typedefed to |RAND_METHOD| in base.h. It isn't used; it
 // exists only to be the return type of |RAND_SSLeay|. It's
 // external so that variables of this type can be initialized.