diff options
Diffstat (limited to 'crypto/openssl/doc/man7/RAND.pod')
-rw-r--r-- | crypto/openssl/doc/man7/RAND.pod | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/openssl/doc/man7/RAND.pod b/crypto/openssl/doc/man7/RAND.pod index 971b3cdb16128..7ce44ad9b6bd3 100644 --- a/crypto/openssl/doc/man7/RAND.pod +++ b/crypto/openssl/doc/man7/RAND.pod @@ -28,6 +28,12 @@ As a normal application developer, you do not have to worry about any details, just use L<RAND_bytes(3)> to obtain random data. Having said that, there is one important rule to obey: Always check the error return value of L<RAND_bytes(3)> and do not take randomness for granted. +Although (re-)seeding is automatic, it can fail because no trusted random source +is available or the trusted source(s) temporarily fail to provide sufficient +random seed material. +In this case the CSPRNG enters an error state and ceases to provide output, +until it is able to recover from the error by reseeding itself. +For more details on reseeding and error recovery, see L<RAND_DRBG(7)>. For values that should remain secret, you can use L<RAND_priv_bytes(3)> instead. @@ -71,7 +77,7 @@ L<RAND_DRBG(7)> =head1 COPYRIGHT -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |