openssl/doc/man3/RAND_bytes.pod

=pod

=head1 NAME

RAND_bytes, RAND_pseudo_bytes - generate random data

=head1 SYNOPSIS

 #include <openssl/rand.h>

 int RAND_bytes(unsigned char *buf, int num);

Deprecated:

 #if OPENSSL_API_COMPAT < 0x10100000L
 int RAND_pseudo_bytes(unsigned char *buf, int num);
 #endif

=head1 DESCRIPTION

RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
into B<buf>. An error occurs if the PRNG has not been seeded with
enough randomness to ensure an unpredictable byte sequence.

RAND_pseudo_bytes() has been deprecated; use RAND_bytes() instead.

=head1 RETURN VALUES

RAND_bytes() returns 1 on success, -1 if not supported by the current
RAND method, or 0 on other failure. The error code can be
obtained by L<ERR_get_error(3)>.

=head1 HISTORY

RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0.

=head1 SEE ALSO

L<RAND_bytes(3)>, L<ERR_get_error(3)>,
L<RAND_add(3)>

=head1 COPYRIGHT

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Document RAND library. 2000-01-21 17:50:27 +00:00			`=pod`

			`=head1 NAME`

nicer manpages 2000-02-24 11:55:57 +00:00			`RAND_bytes, RAND_pseudo_bytes - generate random data`
Document RAND library. 2000-01-21 17:50:27 +00:00
			`=head1 SYNOPSIS`

			`#include <openssl/rand.h>`

			`int RAND_bytes(unsigned char *buf, int num);`

Deprecate RAND_pseudo_bytes The justification for RAND_pseudo_bytes is somewhat dubious, and the reality is that it is frequently being misused. RAND_bytes and RAND_pseudo_bytes in the default implementation both end up calling ssleay_rand_bytes. Both may return -1 in an error condition. If there is insufficient entropy then both will return 0, but RAND_bytes will additionally add an error to the error queue. They both return 1 on success. Therefore the fundamental difference between the two is that one will add an error to the error queue with insufficient entory whilst the other will not. Frequently there are constructions of this form: if(RAND_pseudo_bytes(...) <= 1) goto err; In the above form insufficient entropy is treated as an error anyway, so RAND_bytes is probably the better form to use. This form is also seen: if(!RAND_pseudo_bytes(...)) goto err; This is technically not correct at all since a -1 return value is incorrectly handled - but this form will also treat insufficient entropy as an error. Within libssl it is required that you have correctly seeded your entropy pool and so there seems little benefit in using RAND_pseudo_bytes. Similarly in libcrypto many operations also require a correctly seeded entropy pool and so in most interesting cases you would be better off using RAND_bytes anyway. There is a significant risk of RAND_pseudo_bytes being incorrectly used in scenarios where security can be compromised by insufficient entropy. If you are not using the default implementation, then most engines use the same function to implement RAND_bytes and RAND_pseudo_bytes in any case. Given its misuse, limited benefit, and potential to compromise security, RAND_pseudo_bytes has been deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-02-26 13:52:30 +00:00			`Deprecated:`

Backwards-compatibility subject to OPENSSL_API_COMPAT Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-01-05 04:00:33 +00:00			`#if OPENSSL_API_COMPAT < 0x10100000L`
Document RAND library. 2000-01-21 17:50:27 +00:00			`int RAND_pseudo_bytes(unsigned char *buf, int num);`
Backwards-compatibility subject to OPENSSL_API_COMPAT Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-01-05 04:00:33 +00:00			`#endif`
Document RAND library. 2000-01-21 17:50:27 +00:00
			`=head1 DESCRIPTION`

Avoid integer overflow in entropy counter. Slightly clarify the RAND_... documentation. 2000-01-21 19:54:22 +00:00			`RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes`
			`into B<buf>. An error occurs if the PRNG has not been seeded with`
			`enough randomness to ensure an unpredictable byte sequence.`

Add RAND_UNIMPLEMENTED error code See old GitHub PR 38. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3714) 2017-06-19 16:58:06 +00:00			`RAND_pseudo_bytes() has been deprecated; use RAND_bytes() instead.`
Document RAND library. 2000-01-21 17:50:27 +00:00
			`=head1 RETURN VALUES`

Add RAND_UNIMPLEMENTED error code See old GitHub PR 38. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3714) 2017-06-19 16:58:06 +00:00			`RAND_bytes() returns 1 on success, -1 if not supported by the current`
			`RAND method, or 0 on other failure. The error code can be`
			`obtained by L<ERR_get_error(3)>.`

Various doc fixes Fix a =head1 section name Fix a typo in POD label Remove a spurious =back Add a missing blank line Avoid 'legacy' -- use 'deprecated' if still needed if we cannot just reword. Always do strict checking Do not warn about missing "RETURN VALUES" unless -s is set. Change OpenSSL version 1.1 -> 1.1.0 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3830) 2017-07-02 16:16:38 +00:00			`=head1 HISTORY`
Add RAND_UNIMPLEMENTED error code See old GitHub PR 38. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3714) 2017-06-19 16:58:06 +00:00
			`RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0.`
Document RAND library. 2000-01-21 17:50:27 +00:00
			`=head1 SEE ALSO`

Fix referenses in section 3 manuals Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1900) 2016-11-11 08:33:09 +00:00			`L<RAND_bytes(3)>, L<ERR_get_error(3)>,`
Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org> 2015-08-17 19:21:33 +00:00			`L<RAND_add(3)>`
Document RAND library. 2000-01-21 17:50:27 +00:00
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 15:44:05 +00:00			`=head1 COPYRIGHT`

Add RAND_UNIMPLEMENTED error code See old GitHub PR 38. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3714) 2017-06-19 16:58:06 +00:00			`Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 15:44:05 +00:00
			`Licensed under the OpenSSL license (the "License"). You may not use`
			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`