2
0

RAND_DRBG_reseed.pod 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
  1. =pod
  2. =head1 NAME
  3. RAND_DRBG_reseed,
  4. RAND_DRBG_set_reseed_interval,
  5. RAND_DRBG_set_reseed_time_interval,
  6. RAND_DRBG_set_reseed_defaults
  7. - reseed a RAND_DRBG instance
  8. =head1 SYNOPSIS
  9. #include <openssl/rand_drbg.h>
  10. int RAND_DRBG_reseed(RAND_DRBG *drbg,
  11. const unsigned char *adin, size_t adinlen,
  12. int prediction_resistance);
  13. int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg,
  14. unsigned int interval);
  15. int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg,
  16. time_t interval);
  17. int RAND_DRBG_set_reseed_defaults(
  18. unsigned int primary_reseed_interval,
  19. unsigned int secondary_reseed_interval,
  20. time_t primary_reseed_time_interval,
  21. time_t secondary_reseed_time_interval
  22. );
  23. =head1 DESCRIPTION
  24. RAND_DRBG_reseed()
  25. reseeds the given B<drbg>, obtaining entropy input from its entropy source
  26. and mixing in the specified additional data provided in the buffer B<adin>
  27. of length B<adinlen>.
  28. The additional data can be omitted by setting B<adin> to NULL and B<adinlen>
  29. to 0.
  30. An immediate reseeding can be requested by setting the
  31. B<prediction_resistance> flag to 1.
  32. Requesting prediction resistance is a relative expensive operation.
  33. See NOTES section for more details.
  34. RAND_DRBG_set_reseed_interval()
  35. sets the reseed interval of the B<drbg>, which is the maximum allowed number
  36. of generate requests between consecutive reseedings.
  37. If B<interval> > 0, then the B<drbg> will reseed automatically whenever the
  38. number of generate requests since its last seeding exceeds the given reseed
  39. interval.
  40. If B<interval> == 0, then this feature is disabled.
  41. RAND_DRBG_set_reseed_time_interval()
  42. sets the reseed time interval of the B<drbg>, which is the maximum allowed
  43. number of seconds between consecutive reseedings.
  44. If B<interval> > 0, then the B<drbg> will reseed automatically whenever the
  45. elapsed time since its last reseeding exceeds the given reseed time interval.
  46. If B<interval> == 0, then this feature is disabled.
  47. RAND_DRBG_set_reseed_defaults() sets the default values for the reseed interval
  48. (B<primary_reseed_interval> and B<secondary_reseed_interval>)
  49. and the reseed time interval
  50. (B<primary_reseed_time_interval> and B<secondary_reseed_tme_interval>)
  51. of DRBG instances.
  52. The default values are set independently for primary DRBG instances (which don't
  53. have a parent) and secondary DRBG instances (which are chained to a parent
  54. DRBG).
  55. =head1 RETURN VALUES
  56. RAND_DRBG_reseed(),
  57. RAND_DRBG_set_reseed_interval(), and
  58. RAND_DRBG_set_reseed_time_interval(),
  59. return 1 on success, 0 on failure.
  60. =head1 NOTES
  61. The default OpenSSL random generator is already set up for automatic reseeding,
  62. so in general it is not necessary to reseed it explicitly, or to modify
  63. its reseeding thresholds.
  64. Normally, the entropy input for seeding a DRBG is either obtained from a
  65. trusted os entropy source or from a parent DRBG instance, which was seeded
  66. (directly or indirectly) from a trusted os entropy source.
  67. In exceptional cases it is possible to replace the reseeding mechanism entirely
  68. by providing application defined callbacks using RAND_DRBG_set_callbacks().
  69. The reseeding default values are applied only during creation of a DRBG instance.
  70. To ensure that they are applied to the global and thread-local DRBG instances
  71. (<primary>, resp. <public> and <private>), it is necessary to call
  72. RAND_DRBG_set_reseed_defaults() before creating any thread and before calling
  73. any cryptographic routines that obtain random data directly or indirectly.
  74. =head1 SEE ALSO
  75. L<RAND_DRBG_generate(3)>,
  76. L<RAND_DRBG_bytes(3)>,
  77. L<RAND_DRBG_set_callbacks(3)>.
  78. L<RAND_DRBG(7)>
  79. =head1 HISTORY
  80. The RAND_DRBG functions were added in OpenSSL 1.1.1.
  81. Prediction resistance is supported from OpenSSL 3.0.
  82. =head1 COPYRIGHT
  83. Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
  84. Licensed under the Apache License 2.0 (the "License"). You may not use
  85. this file except in compliance with the License. You can obtain a copy
  86. in the file LICENSE in the source distribution or at
  87. L<https://www.openssl.org/source/license.html>.
  88. =cut