mirror of
https://github.com/openssl/openssl.git
synced 2025-01-06 13:26:43 +08:00
7d615e2178
The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509)
82 lines
1.7 KiB
Plaintext
82 lines
1.7 KiB
Plaintext
=pod
|
|
{- OpenSSL::safe::output_do_not_edit_headers(); -}
|
|
|
|
=head1 NAME
|
|
|
|
openssl-rand - generate pseudo-random bytes
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
B<openssl rand>
|
|
[B<-help>]
|
|
[B<-out> I<file>]
|
|
[B<-base64>]
|
|
[B<-hex>]
|
|
{- $OpenSSL::safe::opt_engine_synopsis -}
|
|
{- $OpenSSL::safe::opt_r_synopsis -}
|
|
{- $OpenSSL::safe::opt_provider_synopsis -}
|
|
I<num>
|
|
|
|
=for openssl ifdef engine
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
This command generates I<num> random bytes using a cryptographically
|
|
secure pseudo random number generator (CSPRNG).
|
|
|
|
The random bytes are generated using the L<RAND_bytes(3)> function,
|
|
which provides a security level of 256 bits, provided it managed to
|
|
seed itself successfully from a trusted operating system entropy source.
|
|
Otherwise, the command will fail with a nonzero error code.
|
|
For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<EVP_RAND(7)>.
|
|
|
|
=head1 OPTIONS
|
|
|
|
=over 4
|
|
|
|
=item B<-help>
|
|
|
|
Print out a usage message.
|
|
|
|
=item B<-out> I<file>
|
|
|
|
Write to I<file> instead of standard output.
|
|
|
|
=item B<-base64>
|
|
|
|
Perform base64 encoding on the output.
|
|
|
|
=item B<-hex>
|
|
|
|
Show the output as a hex string.
|
|
|
|
{- $OpenSSL::safe::opt_engine_item -}
|
|
|
|
{- $OpenSSL::safe::opt_r_item -}
|
|
|
|
{- $OpenSSL::safe::opt_provider_item -}
|
|
|
|
=back
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<openssl(1)>,
|
|
L<RAND_bytes(3)>,
|
|
L<RAND(7)>,
|
|
L<EVP_RAND(7)>
|
|
|
|
=head1 HISTORY
|
|
|
|
The B<-engine> option was deprecated in OpenSSL 3.0.
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|