summaryrefslogtreecommitdiff
path: root/crypto/openssl/doc/man7/RAND.pod
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/doc/man7/RAND.pod')
-rw-r--r--crypto/openssl/doc/man7/RAND.pod8
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/openssl/doc/man7/RAND.pod b/crypto/openssl/doc/man7/RAND.pod
index 971b3cdb16128..7ce44ad9b6bd3 100644
--- a/crypto/openssl/doc/man7/RAND.pod
+++ b/crypto/openssl/doc/man7/RAND.pod
@@ -28,6 +28,12 @@ As a normal application developer, you do not have to worry about any details,
just use L<RAND_bytes(3)> to obtain random data.
Having said that, there is one important rule to obey: Always check the error
return value of L<RAND_bytes(3)> and do not take randomness for granted.
+Although (re-)seeding is automatic, it can fail because no trusted random source
+is available or the trusted source(s) temporarily fail to provide sufficient
+random seed material.
+In this case the CSPRNG enters an error state and ceases to provide output,
+until it is able to recover from the error by reseeding itself.
+For more details on reseeding and error recovery, see L<RAND_DRBG(7)>.
For values that should remain secret, you can use L<RAND_priv_bytes(3)>
instead.
@@ -71,7 +77,7 @@ L<RAND_DRBG(7)>
=head1 COPYRIGHT
-Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 07:06:24 +0000