]>
Commit | Line | Data |
---|---|---|
a73d990e DMSP |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | RAND_DRBG_generate, | |
6 | RAND_DRBG_bytes | |
7 | - generate random bytes using the given drbg instance | |
8 | ||
9 | =head1 SYNOPSIS | |
10 | ||
11 | #include <openssl/rand_drbg.h> | |
12 | ||
13 | int RAND_DRBG_generate(RAND_DRBG *drbg, | |
14 | unsigned char *out, size_t outlen, | |
15 | int prediction_resistance, | |
16 | const unsigned char *adin, size_t adinlen); | |
17 | ||
18 | int RAND_DRBG_bytes(RAND_DRBG *drbg, | |
19 | unsigned char *out, size_t outlen); | |
20 | ||
21 | ||
22 | =head1 DESCRIPTION | |
23 | ||
24 | RAND_DRBG_generate() generates B<outlen> random bytes using the given | |
25 | DRBG instance B<drbg> and stores them in the buffer at B<out>. | |
26 | ||
27 | Before generating the output, the DRBG instance checks whether the maximum | |
28 | number of generate requests (I<reseed interval>) or the maximum timespan | |
29 | (I<reseed time interval>) since its last seeding have been reached. | |
30 | If this is the case, the DRBG reseeds automatically. | |
31 | Additionally, an immediate reseeding can be requested by setting the | |
65175163 P |
32 | B<prediction_resistance> flag to 1. |
33 | Requesting prediction resistance is a relative expensive operation. | |
34 | See NOTES section for more details. | |
a73d990e DMSP |
35 | |
36 | The caller can optionally provide additional data to be used for reseeding | |
37 | by passing a pointer B<adin> to a buffer of length B<adinlen>. | |
38 | This additional data is mixed into the internal state of the random | |
39 | generator but does not contribute to the entropy count. | |
40 | The additional data can be omitted by setting B<adin> to NULL and | |
41 | B<adinlen> to 0; | |
42 | ||
43 | RAND_DRBG_bytes() generates B<outlen> random bytes using the given | |
44 | DRBG instance B<drbg> and stores them in the buffer at B<out>. | |
45 | This function is a wrapper around the RAND_DRBG_generate() call, | |
46 | which collects some additional data from low entropy sources | |
47 | (e.g., a high resolution timer) and calls | |
48 | RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). | |
49 | ||
50 | ||
51 | =head1 RETURN VALUES | |
52 | ||
53 | RAND_DRBG_generate() and RAND_DRBG_bytes() return 1 on success, | |
54 | and 0 on failure. | |
55 | ||
56 | =head1 NOTES | |
57 | ||
58 | The I<reseed interval> and I<reseed time interval> of the B<drbg> are set to | |
59 | reasonable default values, which in general do not have to be adjusted. | |
60 | If necessary, they can be changed using L<RAND_DRBG_set_reseed_interval(3)> | |
61 | and L<RAND_DRBG_set_reseed_time_interval(3)>, respectively. | |
62 | ||
63 | A request for prediction resistance can only be satisfied by pulling fresh | |
65175163 P |
64 | entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). |
65 | It is up to the user to ensure that a live entropy source is configured | |
66 | and is being used. | |
a73d990e | 67 | |
a73d990e DMSP |
68 | =head1 SEE ALSO |
69 | ||
70 | L<RAND_bytes(3)>, | |
71 | L<RAND_DRBG_set_reseed_interval(3)>, | |
72 | L<RAND_DRBG_set_reseed_time_interval(3)>, | |
73 | L<RAND_DRBG(7)> | |
74 | ||
b5c4bbbe JL |
75 | =head1 HISTORY |
76 | ||
77 | The RAND_DRBG functions were added in OpenSSL 1.1.1. | |
78 | ||
4674aaf4 | 79 | Prediction resistance is supported from OpenSSL 3.0. |
b5c4bbbe | 80 | |
a73d990e DMSP |
81 | =head1 COPYRIGHT |
82 | ||
b5c4bbbe | 83 | Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. |
a73d990e | 84 | |
4746f25a | 85 | Licensed under the Apache License 2.0 (the "License"). You may not use |
a73d990e DMSP |
86 | this file except in compliance with the License. You can obtain a copy |
87 | in the file LICENSE in the source distribution or at | |
88 | L<https://www.openssl.org/source/license.html>. | |
89 | ||
90 | =cut |