// most likely, entropy sources are drained
}
-NOTE: Will throw error or invoke callback with error, if there is not enough
-accumulated entropy to generate cryptographically strong data. In other words,
-`crypto.randomBytes` without callback will not block even if all entropy sources
-are drained.
-
-## crypto.pseudoRandomBytes(size[, callback])
-
-Identical to `crypto.randomBytes` except that, instead of throwing an error when
-there is not enough accumulated entropy to generate cryptographically strong
-data, it will silently return **non**-cryptographically strong data.
+NOTE: This will block if there is insufficient entropy, although it should
+normally never take longer than a few milliseconds. The only time when this
+may conceivably block is right after boot, when the whole system is still
+low on entropy.
## Class: Certificate
try {
var binding = process.binding('crypto');
var randomBytes = binding.randomBytes;
- var pseudoRandomBytes = binding.pseudoRandomBytes;
var getCiphers = binding.getCiphers;
var getHashes = binding.getHashes;
} catch (e) {
return binding.setEngine(id, flags);
};
-exports.randomBytes = randomBytes;
-exports.pseudoRandomBytes = pseudoRandomBytes;
-
-exports.rng = randomBytes;
-exports.prng = pseudoRandomBytes;
+exports.randomBytes = exports.pseudoRandomBytes = randomBytes;
+exports.rng = exports.prng = randomBytes;
exports.getCiphers = function() {
return filterDuplicates(getCiphers.call(null, arguments));
};
-template <bool pseudoRandom>
void RandomBytesWork(uv_work_t* work_req) {
RandomBytesRequest* req =
ContainerOf(&RandomBytesRequest::work_req_, work_req);
- int r;
// Ensure that OpenSSL's PRNG is properly seeded.
CheckEntropy();
- if (pseudoRandom == true) {
- r = RAND_pseudo_bytes(reinterpret_cast<unsigned char*>(req->data()),
- req->size());
- } else {
- r = RAND_bytes(reinterpret_cast<unsigned char*>(req->data()), req->size());
- }
+ const int r = RAND_bytes(reinterpret_cast<unsigned char*>(req->data()),
+ req->size());
- // RAND_bytes() returns 0 on error. RAND_pseudo_bytes() returns 0 when the
- // result is not cryptographically strong - but that's not an error.
- if (r == 0 && pseudoRandom == false) {
+ // RAND_bytes() returns 0 on error.
+ if (r == 0) {
req->set_error(ERR_get_error());
} else if (r == -1) {
req->set_error(static_cast<unsigned long>(-1));
}
-template <bool pseudoRandom>
void RandomBytes(const FunctionCallbackInfo<Value>& args) {
Environment* env = Environment::GetCurrent(args);
obj->Set(env->domain_string(), env->domain_array()->Get(0));
uv_queue_work(env->event_loop(),
req->work_req(),
- RandomBytesWork<pseudoRandom>,
+ RandomBytesWork,
RandomBytesAfter);
args.GetReturnValue().Set(obj);
} else {
Local<Value> argv[2];
- RandomBytesWork<pseudoRandom>(req->work_req());
+ RandomBytesWork(req->work_req());
RandomBytesCheck(req, argv);
delete req;
env->SetMethod(target, "setEngine", SetEngine);
#endif // !OPENSSL_NO_ENGINE
env->SetMethod(target, "PBKDF2", PBKDF2);
- env->SetMethod(target, "randomBytes", RandomBytes<false>);
- env->SetMethod(target, "pseudoRandomBytes", RandomBytes<true>);
+ env->SetMethod(target, "randomBytes", RandomBytes);
env->SetMethod(target, "getSSLCiphers", GetSSLCiphers);
env->SetMethod(target, "getCiphers", GetCiphers);
env->SetMethod(target, "getHashes", GetHashes);