diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/rand.1')
-rw-r--r-- | secure/usr.bin/openssl/man/rand.1 | 38 |
1 files changed, 28 insertions, 10 deletions
diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index 5da74f19e933..1cb35a02048a 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2019-09-10" "1.1.1d" "OpenSSL" +.TH RAND 1 "2020-03-17" "1.1.1e" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -152,12 +152,14 @@ openssl\-rand, rand \- generate pseudo\-random bytes \&\fInum\fR .SH "DESCRIPTION" .IX Header "DESCRIPTION" -The \fBrand\fR command outputs \fInum\fR pseudo-random bytes after seeding -the random number generator once. As in other \fBopenssl\fR command -line tools, \s-1PRNG\s0 seeding uses the file \fI\f(CI$HOME\fI/\fR\fB.rnd\fR or \fB.rnd\fR -in addition to the files given in the \fB\-rand\fR option. A new -\&\fI\f(CI$HOME\fI\fR/\fB.rnd\fR or \fB.rnd\fR file will be written back if enough -seeding was obtained from these sources. +This command generates \fInum\fR random bytes using a cryptographically +secure pseudo random number generator (\s-1CSPRNG\s0). +.PP +The random bytes are generated using the \fBRAND_bytes\fR\|(3) function, +which provides a security level of 256 bits, provided it managed to +seed itself successfully from a trusted operating system entropy source. +Otherwise, the command will fail with a nonzero error code. +For more details, see \fBRAND_bytes\fR\|(3), \s-1\fBRAND\s0\fR\|(7), and \s-1\fBRAND_DRBG\s0\fR\|(7). .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-help\fR" 4 @@ -173,6 +175,8 @@ generator. Multiple files can be specified separated by an OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. +Explicitly specifying a seed file is in general not necessary, see the +\&\*(L"\s-1NOTES\*(R"\s0 section for more information. .IP "[\fB\-writerand file\fR]" 4 .IX Item "[-writerand file]" Writes random data to the specified \fIfile\fR upon exit. @@ -183,12 +187,26 @@ Perform base64 encoding on the output. .IP "\fB\-hex\fR" 4 .IX Item "-hex" Show the output as a hex string. +.SH "NOTES" +.IX Header "NOTES" +Prior to OpenSSL 1.1.1, it was common for applications to store information +about the state of the random-number generator in a file that was loaded +at startup and rewritten upon exit. On modern operating systems, this is +generally no longer necessary as OpenSSL will seed itself from a trusted +entropy source provided by the operating system. The \fB\-rand\fR and +\&\fB\-writerand\fR flags are still supported for special platforms or +circumstances that might require them. +.PP +It is generally an error to use the same seed file more than once and +every use of \fB\-rand\fR should be paired with \fB\-writerand\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBRAND_bytes\fR\|(3) +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy |