diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2001-02-08 10:42:01 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2001-02-08 10:42:01 +0000 |
commit | 420125f996a5984a739db1fd35f0bd20be132414 (patch) | |
tree | c25dd2f653559bbb29b5f0a235b811a10129ca82 /doc | |
parent | 57e7d3ce1546fc6026ffe3f1f243c54d0bb59d3e (diff) | |
download | openssl-420125f996a5984a739db1fd35f0bd20be132414.tar.gz |
Update documentation to match the state at 0.9.6 _and_ the recent changes.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/crypto/RAND_egd.pod | 48 |
1 files changed, 43 insertions, 5 deletions
diff --git a/doc/crypto/RAND_egd.pod b/doc/crypto/RAND_egd.pod index 40241e2df8..f66c3091b9 100644 --- a/doc/crypto/RAND_egd.pod +++ b/doc/crypto/RAND_egd.pod @@ -9,10 +9,38 @@ RAND_egd - query entropy gathering daemon #include <openssl/rand.h> int RAND_egd(const char *path); + int RAND_egd_bytes(const char *path, int bytes); + + int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); =head1 DESCRIPTION RAND_egd() queries the entropy gathering daemon EGD on socket B<path>. +It queries 255 bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the +OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for +RAND_egd_bytes(path, 255); + +RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>. +It queries B<bytes> bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the +OpenSSL built-in PRNG. + +RAND_query_egd_bytes() performs the actual query of the EGD daemon on socket +B<path>. If B<buf> is given, B<bytes> bytes are queried and written into +B<buf>. If B<buf> is NULL, B<bytes> bytes are queried and used to seed the +OpenSSL built-in PRNG using L<RAND_add(3)|RAND_add(3)>. + +=head1 NOTES + +On systems without /dev/*random devices providing entropy from the kernel, +the EGD entropy gathering daemon can be used to collect entropy. It provides +a socket interface through which entropy can be gathered in chunks up to +255 bytes. Several chunks can be queried during one connection. + +While RAND_egd() is longer available (see HISTORY section), the +RAND_egd_bytes() function is more flexible. When only one secret key must +be generated, it is not needed to request the full amount 255 bytes from +the EGD socket. This can be advantageous, since the amount of entropy +that can be retrieved from EGD over time is limited. EGD is available from http://www.lothar.com/tech/crypto/ (C<perl Makefile.PL; make; make install> to install). It is run as B<egd> @@ -21,22 +49,32 @@ RAND_egd() is called with that path as an argument, it tries to read random bytes that EGD has collected. The read is performed in non-blocking mode. -Alternatively, the EGD-compatible daemon PRNGD can be used. It is +Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is available from http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html . +PRNGD does employ an internal PRNG itself and can therefore never run +out of entropy. =head1 RETURN VALUE -RAND_egd() returns the number of bytes read from the daemon on -success, and -1 if the connection failed or the daemon did not return -enough data to fully seed the PRNG. +RAND_egd() and RAND_egd_bytes() return the number of bytes read from the +daemon on success, and -1 if the connection failed or the daemon did not +return enough data to fully seed the PRNG. + +RAND_query_egd_bytes() returns the number of bytes read from the daemon on +success, and -1 if the connection failed. The PRNG state is not considered. =head1 SEE ALSO -L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> +L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, +L<RAND_cleanup(3)|RAND_cleanup(3)> =head1 HISTORY RAND_egd() is available since OpenSSL 0.9.5. +RAND_egd_bytes() is available since OpenSSL 0.9.6. + +RAND_query_egd_bytes() is available since OpenSSL 0.9.7. + =cut |