X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman7%2FRAND_DRBG.pod;h=48d4ace09c86caa1a495a30d668e46631cfd681c;hp=a4c58c1889bd2143b4dfe9af50bd43038fea7320;hb=65175163247fe0f56c894c9ac7baf93f4386cebe;hpb=a73d990e2b6b1a406b1c85837a176bf7525d3914 diff --git a/doc/man7/RAND_DRBG.pod b/doc/man7/RAND_DRBG.pod index a4c58c1889..48d4ace09c 100644 --- a/doc/man7/RAND_DRBG.pod +++ b/doc/man7/RAND_DRBG.pod @@ -37,8 +37,7 @@ Typical examples for such special use cases are the following: =item * -You want to use your own private DRBG instances, similar to how it -is currently done in the ssl library. +You want to use your own private DRBG instances. Multiple DRBG instances which are accessed only by a single thread provide additional security (because their internal states are independent) and better scalability in multithreaded applications (because they don't need @@ -80,8 +79,8 @@ the thread-local and DRBG instance, respectively. =head2 The DRBG instance The DRBG is not used directly by the application, only for reseeding -the two other two DRBG instances. It reseeds itself by obtaining randomness -either from os entropy sources or by consuming randomness which was added +the two other two DRBG instances. It reseeds itself by obtaining randomness +either from os entropy sources or by consuming randomness which was added previously by L. =head2 The DRBG instance @@ -144,10 +143,12 @@ together and are being used. +------------------+ +------------------------------------+ - -The method L is a convenience method wrapping the -L function, which serves the actual request for -random data. +The usual way to obtain random bytes is to call RAND_bytes(...) or +RAND_priv_bytes(...). These calls are roughly equivalent to calling +RAND_DRBG_bytes(, ...) and RAND_DRBG_bytes(, ...), +respectively. The method L is a convenience method +wrapping the L function, which serves the actual +request for random data. =head1 RESEEDING @@ -188,12 +189,13 @@ In addition to automatic reseeding, the caller can request an immediate reseeding of the DRBG with fresh entropy by setting the I parameter to 1 when calling L. -The dcoument [NIST SP 800-90C] describes prediction resistance requests +The document [NIST SP 800-90C] describes prediction resistance requests in detail and imposes strict conditions on the entropy sources that are approved for providing prediction resistance. -Since the default DRBG implementation does not have access to such an approved -entropy source, a request for prediction resistance will currently always fail. -In other words, prediction resistance is currently not supported yet by the DRBG. +A request for prediction resistance can only be satisfied by pulling fresh +entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]). +It is up to the user to ensure that a live entropy source is configured +and is being used. For the three shared DRBGs (and only for these) there is another way to @@ -221,7 +223,7 @@ This is in fact done automatically by L. In most cases OpenSSL will automatically choose a suitable seed source for automatically seeding and reseeding its DRBG. In some cases -however, it will be necessary to explicitely specify a seed source during +however, it will be necessary to explicitly specify a seed source during configuration, using the --with-rand-seed option. For more information, see the INSTALL instructions. There are also operating systems where no seed source is available and automatic reseeding is disabled by default. @@ -292,7 +294,7 @@ L, Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. -Licensed under the OpenSSL license (the "License"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L.