1RAND_DRBG_RESEED(3)                 OpenSSL                RAND_DRBG_RESEED(3)
2
3
4

NAME

6       RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval,
7       RAND_DRBG_set_reseed_time_interval, RAND_DRBG_set_reseed_defaults -
8       reseed a RAND_DRBG instance
9

SYNOPSIS

11        #include <openssl/rand_drbg.h>
12
13        int RAND_DRBG_reseed(RAND_DRBG *drbg,
14                             const unsigned char *adin, size_t adinlen,
15                             int prediction_resistance);
16
17        int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg,
18                                          unsigned int interval);
19
20        int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg,
21                                               time_t interval);
22
23        int RAND_DRBG_set_reseed_defaults(
24                                          unsigned int master_reseed_interval,
25                                          unsigned int slave_reseed_interval,
26                                          time_t master_reseed_time_interval,
27                                          time_t slave_reseed_time_interval
28                                          );
29

DESCRIPTION

31       RAND_DRBG_reseed() reseeds the given drbg, obtaining entropy input from
32       its entropy source and mixing in the specified additional data provided
33       in the buffer adin of length adinlen.  The additional data can be
34       omitted by setting adin to NULL and adinlen to 0.  An immediate
35       reseeding from a live entropy source can be requested by setting the
36       prediction_resistance flag to 1.  This feature is not implemented yet,
37       so reseeding with prediction resistance requested will always fail.
38
39       RAND_DRBG_set_reseed_interval() sets the reseed interval of the drbg,
40       which is the maximum allowed number of generate requests between
41       consecutive reseedings.  If interval > 0, then the drbg will reseed
42       automatically whenever the number of generate requests since its last
43       seeding exceeds the given reseed interval.  If interval == 0, then this
44       feature is disabled.
45
46       RAND_DRBG_set_reseed_time_interval() sets the reseed time interval of
47       the drbg, which is the maximum allowed number of seconds between
48       consecutive reseedings.  If interval > 0, then the drbg will reseed
49       automatically whenever the elapsed time since its last reseeding
50       exceeds the given reseed time interval.  If interval == 0, then this
51       feature is disabled.
52
53       RAND_DRBG_set_reseed_defaults() sets the default values for the reseed
54       interval (master_reseed_interval and slave_reseed_interval) and the
55       reseed time interval (master_reseed_time_interval and
56       slave_reseed_tme_interval) of DRBG instances.  The default values are
57       set independently for master DRBG instances (which don't have a parent)
58       and slave DRBG instances (which are chained to a parent DRBG).
59

RETURN VALUES

61       RAND_DRBG_reseed(), RAND_DRBG_set_reseed_interval(), and
62       RAND_DRBG_set_reseed_time_interval(), return 1 on success, 0 on
63       failure.
64

NOTES

66       The default OpenSSL random generator is already set up for automatic
67       reseeding, so in general it is not necessary to reseed it explicitly,
68       or to modify its reseeding thresholds.
69
70       Normally, the entropy input for seeding a DRBG is either obtained from
71       a trusted os entropy source or from a parent DRBG instance, which was
72       seeded (directly or indirectly) from a trusted os entropy source.  In
73       exceptional cases it is possible to replace the reseeding mechanism
74       entirely by providing application defined callbacks using
75       RAND_DRBG_set_callbacks().
76
77       The reseeding default values are applied only during creation of a DRBG
78       instance.  To ensure that they are applied to the global and thread-
79       local DRBG instances (<master>, resp. <public> and <private>), it is
80       necessary to call RAND_DRBG_set_reseed_defaults() before creating any
81       thread and before calling any
82        cryptographic routines that obtain random data directly or indirectly.
83

SEE ALSO

85       RAND_DRBG_generate(3), RAND_DRBG_bytes(3), RAND_DRBG_set_callbacks(3).
86       RAND_DRBG(7)
87

HISTORY

89       The RAND_DRBG functions were added in OpenSSL 1.1.1.
90
92       Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
93
94       Licensed under the OpenSSL license (the "License").  You may not use
95       this file except in compliance with the License.  You can obtain a copy
96       in the file LICENSE in the source distribution or at
97       <https://www.openssl.org/source/license.html>.
98
99
100
1011.1.1g                            2020-04-23               RAND_DRBG_RESEED(3)
Impressum