1RAND_DRBG_RESEED(3) OpenSSL RAND_DRBG_RESEED(3)
2
6 RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval,
7 RAND_DRBG_set_reseed_time_interval, RAND_DRBG_set_reseed_defaults -
8 reseed a RAND_DRBG instance
9
11 #include <openssl/rand_drbg.h>
12 int RAND_DRBG_reseed(RAND_DRBG *drbg,
14 const unsigned char *adin, size_t adinlen);
15 int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg,
17 unsigned int interval);
18 int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg,
20 time_t interval);
21 int RAND_DRBG_set_reseed_defaults(
23 unsigned int master_reseed_interval,
24 unsigned int slave_reseed_interval,
25 time_t master_reseed_time_interval,
26 time_t slave_reseed_time_interval
27 );
28
30 RAND_DRBG_reseed() reseeds the given drbg, obtaining entropy input from
31 its entropy source and mixing in the specified additional data provided
32 in the buffer adin of length adinlen. The additional data can be
33 omitted by setting adin to NULL and adinlen to 0.
34 RAND_DRBG_set_reseed_interval() sets the reseed interval of the drbg,
36 which is the maximum allowed number of generate requests between
37 consecutive reseedings. If interval > 0, then the drbg will reseed
38 automatically whenever the number of generate requests since its last
39 seeding exceeds the given reseed interval. If interval == 0, then this
40 feature is disabled.
41 RAND_DRBG_set_reseed_time_interval() sets the reseed time interval of
43 the drbg, which is the maximum allowed number of seconds between
44 consecutive reseedings. If interval > 0, then the drbg will reseed
45 automatically whenever the elapsed time since its last reseeding
46 exceeds the given reseed time interval. If interval == 0, then this
47 feature is disabled.
48 RAND_DRBG_set_reseed_defaults() sets the default values for the reseed
50 interval (master_reseed_interval and slave_reseed_interval) and the
51 reseed time interval (master_reseed_time_interval and
52 slave_reseed_tme_interval) of DRBG instances. The default values are
53 set independently for master DRBG instances (which don't have a parent)
54 and slave DRBG instances (which are chained to a parent DRBG).
55
57 RAND_DRBG_reseed(), RAND_DRBG_set_reseed_interval(), and
58 RAND_DRBG_set_reseed_time_interval(), return 1 on success, 0 on
59 failure.
60
62 The default OpenSSL random generator is already set up for automatic
63 reseeding, so in general it is not necessary to reseed it explicitly,
64 or to modify its reseeding thresholds.
65 Normally, the entropy input for seeding a DRBG is either obtained from
67 a trusted os entropy source or from a parent DRBG instance, which was
68 seeded (directly or indirectly) from a trusted os entropy source. In
69 exceptional cases it is possible to replace the reseeding mechanism
70 entirely by providing application defined callbacks using
71 RAND_DRBG_set_callbacks().
72 The reseeding default values are applied only during creation of a DRBG
74 instance. To ensure that they are applied to the global and thread-
75 local DRBG instances (<master>, resp. <public> and <private>), it is
76 necessary to call RAND_DRBG_set_reseed_defaults() before creating any
77 thread and before calling any
78 cryptographic routines that obtain random data directly or indirectly.
79
81 The RAND_DRBG functions were added in OpenSSL 1.1.1.
82
84 RAND_DRBG_generate(3), RAND_DRBG_bytes(3), RAND_DRBG_set_callbacks(3).
85 RAND_DRBG(7)
86
88 Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
89 Licensed under the OpenSSL license (the "License"). You may not use
91 this file except in compliance with the License. You can obtain a copy
92 in the file LICENSE in the source distribution or at
93 <https://www.openssl.org/source/license.html>.
941.1.1 2018-09-11 RAND_DRBG_RESEED(3)