Update documentation to match the state of OpenSSL 0.9.6.
This commit is contained in:
Lutz Jänicke
parent
38b3a46ffa
commit
813c7c415b
1 changed files with 31 additions and 5 deletions
|
|
@ -9,10 +9,31 @@ RAND_egd - query entropy gathering daemon
|
|||
#include <openssl/rand.h>
|
||||
|
||||
int RAND_egd(const char *path);
|
||||
int RAND_egd_bytes(const char *path, int bytes);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
|
||||
It queries 255 bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
|
||||
OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for
|
||||
RAND_egd_bytes(path, 255);
|
||||
|
||||
RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>.
|
||||
It queries B<bytes> bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
|
||||
OpenSSL built-in PRNG.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
On systems without /dev/*random devices providing entropy from the kernel,
|
||||
the EGD entropy gathering daemon can be used to collect entropy. It provides
|
||||
a socket interface through which entropy can be gathered in chunks up to
|
||||
255 bytes. Several chunks can be queried during one connection.
|
||||
|
||||
While RAND_egd() is longer available (see HISTORY section), the
|
||||
RAND_egd_bytes() function is more flexible. When only one secret key must
|
||||
be generated, it is not needed to request the full amount 255 bytes from
|
||||
the EGD socket. This can be advantageous, since the amount of entropy
|
||||
that can be retrieved from EGD over time is limited.
|
||||
|
||||
EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
|
||||
Makefile.PL; make; make install> to install). It is run as B<egd>
|
||||
|
|
@ -21,22 +42,27 @@ RAND_egd() is called with that path as an argument, it tries to read
|
|||
random bytes that EGD has collected. The read is performed in
|
||||
non-blocking mode.
|
||||
|
||||
Alternatively, the EGD-compatible daemon PRNGD can be used. It is
|
||||
Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
|
||||
available from
|
||||
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html .
|
||||
PRNGD does employ an internal PRNG itself and can therefore never run
|
||||
out of entropy.
|
||||
|
||||
=head1 RETURN VALUE
|
||||
|
||||
RAND_egd() returns the number of bytes read from the daemon on
|
||||
success, and -1 if the connection failed or the daemon did not return
|
||||
enough data to fully seed the PRNG.
|
||||
RAND_egd() and RAND_egd_bytes() return the number of bytes read from the
|
||||
daemon on success, and -1 if the connection failed or the daemon did not
|
||||
return enough data to fully seed the PRNG.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
|
||||
L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>,
|
||||
L<RAND_cleanup(3)|RAND_cleanup(3)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
RAND_egd() is available since OpenSSL 0.9.5.
|
||||
|
||||
RAND_egd_bytes() is available since OpenSSL 0.9.6.
|
||||
|
||||
=cut
|
||||
|
|
|
|||
Loading…
Reference in a new issue