12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 |
- =pod
- =head1 NAME
- RAND_egd - query entropy gathering daemon
- =head1 SYNOPSIS
- #include <openssl/rand.h>
- int RAND_egd(const char *path);
- int RAND_egd_bytes(const char *path, int bytes);
- =head1 DESCRIPTION
- RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
- It queries 255 bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
- OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for
- RAND_egd_bytes(path, 255);
- RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>.
- It queries B<bytes> bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
- OpenSSL built-in PRNG.
- This function is more flexible than RAND_egd().
- When only one secret key must
- be generated, it is not necessary to request the full amount 255 bytes from
- the EGD socket. This can be advantageous, since the amount of entropy
- that can be retrieved from EGD over time is limited.
- =head1 NOTES
- On systems without /dev/*random devices providing entropy from the kernel,
- the EGD entropy gathering daemon can be used to collect entropy. It provides
- a socket interface through which entropy can be gathered in chunks up to
- 255 bytes. Several chunks can be queried during one connection.
- EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
- Makefile.PL; make; make install> to install). It is run as B<egd>
- I<path>, where I<path> is an absolute path designating a socket. When
- RAND_egd() is called with that path as an argument, it tries to read
- random bytes that EGD has collected. The read is performed in
- non-blocking mode.
- Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
- available from
- http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html .
- PRNGD does employ an internal PRNG itself and can therefore never run
- out of entropy.
- =head1 RETURN VALUE
- RAND_egd() and RAND_egd_bytes() return the number of bytes read from the
- daemon on success, and -1 if the connection failed or the daemon did not
- return enough data to fully seed the PRNG.
- =head1 SEE ALSO
- L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>,
- L<RAND_cleanup(3)|RAND_cleanup(3)>
- =head1 HISTORY
- RAND_egd() is available since OpenSSL 0.9.5.
- RAND_egd_bytes() is available since OpenSSL 0.9.6.
- =cut
|