diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/RAND_bytes.3')
| -rw-r--r-- | secure/lib/libcrypto/man/man3/RAND_bytes.3 | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/secure/lib/libcrypto/man/man3/RAND_bytes.3 b/secure/lib/libcrypto/man/man3/RAND_bytes.3 index a90138882f5d..5863c381a42d 100644 --- a/secure/lib/libcrypto/man/man3/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/man3/RAND_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_BYTES 3" -.TH RAND_BYTES 3 "2019-09-10" "1.1.1d" "OpenSSL" +.TH RAND_BYTES 3 "2020-03-17" "1.1.1e" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,8 +158,8 @@ Deprecated: .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes -into \fBbuf\fR. +\&\fBRAND_bytes()\fR generates \fBnum\fR random bytes using a cryptographically +secure pseudo random generator (\s-1CSPRNG\s0) and stores them in \fBbuf\fR. .PP \&\fBRAND_priv_bytes()\fR has the same semantics as \fBRAND_bytes()\fR. It is intended to be used for generating values that should remain private. If using the @@ -169,10 +169,22 @@ affect the secrecy of these private values, as described in \s-1\fBRAND\s0\fR\|( and \s-1\fBRAND_DRBG\s0\fR\|(7). .SH "NOTES" .IX Header "NOTES" -Always check the error return value of \fBRAND_bytes()\fR and -\&\fBRAND_priv_bytes()\fR and do not take randomness for granted: an error occurs -if the \s-1CSPRNG\s0 has not been seeded with enough randomness to ensure an -unpredictable byte sequence. +By default, the OpenSSL \s-1CSPRNG\s0 supports a security level of 256 bits, provided it +was able to seed itself from a trusted entropy source. +On all major platforms supported by OpenSSL (including the Unix-like platforms +and Windows), OpenSSL is configured to automatically seed the \s-1CSPRNG\s0 on first use +using the operating systems's random generator. +.PP +If the entropy source fails or is not available, the \s-1CSPRNG\s0 will enter an +error state and refuse to generate random bytes. For that reason, it is important +to always check the error return value of \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR and +not take randomness for granted. +.PP +On other platforms, there might not be a trusted entropy source available +or OpenSSL might have been explicitly configured to use different entropy sources. +If you are in doubt about the quality of the entropy source, don't hesitate to ask +your operating system vendor or post a question on GitHub or the openssl-users +mailing list. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR @@ -195,7 +207,7 @@ obtained by \fBERR_get_error\fR\|(3). The \fBRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy |