2
0

RAND_DRBG_new.pod 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172
  1. =pod
  2. =head1 NAME
  3. RAND_DRBG_new_ex,
  4. RAND_DRBG_new,
  5. RAND_DRBG_secure_new_ex,
  6. RAND_DRBG_secure_new,
  7. RAND_DRBG_set,
  8. RAND_DRBG_set_defaults,
  9. RAND_DRBG_instantiate,
  10. RAND_DRBG_uninstantiate,
  11. RAND_DRBG_free
  12. - initialize and cleanup a RAND_DRBG instance
  13. =head1 SYNOPSIS
  14. #include <openssl/rand_drbg.h>
  15. RAND_DRBG *RAND_DRBG_new_ex(OPENSSL_CTX *ctx,
  16. int type,
  17. unsigned int flags,
  18. RAND_DRBG *parent);
  19. RAND_DRBG *RAND_DRBG_new(int type,
  20. unsigned int flags,
  21. RAND_DRBG *parent);
  22. RAND_DRBG *RAND_DRBG_secure_new_ex(OPENSSL_CTX *ctx,
  23. int type,
  24. unsigned int flags,
  25. RAND_DRBG *parent);
  26. RAND_DRBG *RAND_DRBG_secure_new(int type,
  27. unsigned int flags,
  28. RAND_DRBG *parent);
  29. int RAND_DRBG_set(RAND_DRBG *drbg,
  30. int type, unsigned int flags);
  31. int RAND_DRBG_set_defaults(int type, unsigned int flags);
  32. int RAND_DRBG_instantiate(RAND_DRBG *drbg,
  33. const unsigned char *pers, size_t perslen);
  34. int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
  35. void RAND_DRBG_free(RAND_DRBG *drbg);
  36. =head1 DESCRIPTION
  37. RAND_DRBG_new_ex() and RAND_DRBG_secure_new_ex()
  38. create a new DRBG instance of the given B<type>, allocated from the heap resp.
  39. the secure heap, for the given OPENSSL_CTX <ctx>
  40. (using OPENSSL_zalloc() resp. OPENSSL_secure_zalloc()). The <ctx> parameter can
  41. be NULL in which case the default OPENSSL_CTX is used. RAND_DRBG_new() and
  42. RAND_DRBG_secure_new() are the same as RAND_DRBG_new_ex() and
  43. RAND_DRBG_secure_new_ex() except that the default OPENSSL_CTX is always used.
  44. RAND_DRBG_set() initializes the B<drbg> with the given B<type> and B<flags>.
  45. RAND_DRBG_set_defaults() sets the default B<type> and B<flags> for new DRBG
  46. instances.
  47. The DRBG types are AES-CTR, HMAC and HASH so B<type> can be one of the
  48. following values:
  49. NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr, NID_sha1, NID_sha224,
  50. NID_sha256, NID_sha384, NID_sha512, NID_sha512_224, NID_sha512_256,
  51. NID_sha3_224, NID_sha3_256, NID_sha3_384 or NID_sha3_512.
  52. If this method is not called then the default type is given by NID_aes_256_ctr
  53. and the default flags are zero.
  54. Before the DRBG can be used to generate random bits, it is necessary to set
  55. its type and to instantiate it.
  56. The optional B<flags> argument specifies a set of bit flags which can be
  57. joined using the | operator. The supported flags are:
  58. =over 4
  59. =item RAND_DRBG_FLAG_CTR_NO_DF
  60. Disables the use of the derivation function ctr_df. For an explanation,
  61. see [NIST SP 800-90A Rev. 1].
  62. =item RAND_DRBG_FLAG_HMAC
  63. Enables use of HMAC instead of the HASH DRBG.
  64. =item RAND_DRBG_FLAG_MASTER
  65. =item RAND_DRBG_FLAG_PUBLIC
  66. =item RAND_DRBG_FLAG_PRIVATE
  67. These 3 flags can be used to set the individual DRBG types created. Multiple
  68. calls are required to set the types to different values. If none of these 3
  69. flags are used, then the same type and flags are used for all 3 DRBGs in the
  70. B<drbg> chain (<master>, <public> and <private>).
  71. =back
  72. If a B<parent> instance is specified then this will be used instead of
  73. the default entropy source for reseeding the B<drbg>. It is said that the
  74. B<drbg> is I<chained> to its B<parent>.
  75. For more information, see the NOTES section.
  76. RAND_DRBG_instantiate()
  77. seeds the B<drbg> instance using random input from trusted entropy sources.
  78. Optionally, a personalization string B<pers> of length B<perslen> can be
  79. specified.
  80. To omit the personalization string, set B<pers>=NULL and B<perslen>=0;
  81. RAND_DRBG_uninstantiate()
  82. clears the internal state of the B<drbg> and puts it back in the
  83. uninstantiated state.
  84. =head1 RETURN VALUES
  85. RAND_DRBG_new_ex(), RAND_DRBG_new(), RAND_DRBG_secure_new_ex() and
  86. RAND_DRBG_secure_new() return a pointer to a DRBG instance allocated on the
  87. heap, resp. secure heap.
  88. RAND_DRBG_set(),
  89. RAND_DRBG_instantiate(), and
  90. RAND_DRBG_uninstantiate()
  91. return 1 on success, and 0 on failure.
  92. RAND_DRBG_free() does not return a value.
  93. =head1 NOTES
  94. The DRBG design supports I<chaining>, which means that a DRBG instance can
  95. use another B<parent> DRBG instance instead of the default entropy source
  96. to obtain fresh random input for reseeding, provided that B<parent> DRBG
  97. instance was properly instantiated, either from a trusted entropy source,
  98. or from yet another parent DRBG instance.
  99. For a detailed description of the reseeding process, see L<RAND_DRBG(7)>.
  100. The default DRBG type and flags are applied only during creation of a DRBG
  101. instance.
  102. To ensure that they are applied to the global and thread-local DRBG instances
  103. (<master>, resp. <public> and <private>), it is necessary to call
  104. RAND_DRBG_set_defaults() before creating any thread and before calling any
  105. cryptographic routines that obtain random data directly or indirectly.
  106. =head1 SEE ALSO
  107. L<OPENSSL_zalloc(3)>,
  108. L<OPENSSL_secure_zalloc(3)>,
  109. L<RAND_DRBG_generate(3)>,
  110. L<RAND_DRBG(7)>
  111. =head1 HISTORY
  112. The RAND_DRBG functions were added in OpenSSL 1.1.1.
  113. =head1 COPYRIGHT
  114. Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
  115. Licensed under the Apache License 2.0 (the "License"). You may not use
  116. this file except in compliance with the License. You can obtain a copy
  117. in the file LICENSE in the source distribution or at
  118. L<https://www.openssl.org/source/license.html>.
  119. =cut