Add the prediction_resistance flag to the documentation.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8678)
2019-04-05 14:43:18 +10:00 · 2019-04-05 14:43:18 +10:00 · c15ef410e1
commit c15ef410e1
parent 0cbfcc3904
1 changed files with 6 additions and 1 deletions
--- a/doc/man3/RAND_DRBG_reseed.pod
+++ b/doc/man3/RAND_DRBG_reseed.pod
@ -13,7 +13,8 @@ RAND_DRBG_set_reseed_defaults
 #include <openssl/rand_drbg.h>

 int RAND_DRBG_reseed(RAND_DRBG *drbg,
-                      const unsigned char *adin, size_t adinlen);
+                      const unsigned char *adin, size_t adinlen,
+                      int prediction_resistance);

 int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg,
                                   unsigned int interval);
@ -37,6 +38,10 @@ and mixing in the specified additional data provided in the buffer B<adin>
 of length B<adinlen>.
 The additional data can be omitted by setting B<adin> to NULL and B<adinlen>
 to 0.
+An immediate reseeding from a live entropy source can be requested by setting
+the B<prediction_resistance> flag to 1.
+This feature is not implemented yet, so reseeding with prediction resistance
+requested will always fail.

 RAND_DRBG_set_reseed_interval()
 sets the reseed interval of the B<drbg>, which is the maximum allowed number