Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)

Standard preamble:
========================================================================
..

..

.. Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is turned on, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{ . nr % 0 . nr F 2 . \} . \} .\} .rr rF
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================

Title "RAND_egd 3" For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
RAND_egd - query entropy gathering daemon Header "SYNOPSIS" .Vb 1 #include <openssl/rand.h> \& int RAND_egd(const char *path); int RAND_egd_bytes(const char *path, int bytes); \& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); .Ve Header "DESCRIPTION" \fIRAND_egd() queries the entropy gathering daemon \s-1EGD\s0 on socket path. It queries 255 bytes and uses RAND_add\|(3) to seed the OpenSSL built-in \s-1PRNG.\s0 RAND_egd(path) is a wrapper for RAND_egd_bytes(path, 255);

\fIRAND_egd_bytes() queries the entropy gathering daemon \s-1EGD\s0 on socket path. It queries bytes bytes and uses RAND_add\|(3) to seed the OpenSSL built-in \s-1PRNG.\s0 This function is more flexible than RAND_egd(). When only one secret key must be generated, it is not necessary to request the full amount 255 bytes from the \s-1EGD\s0 socket. This can be advantageous, since the amount of entropy that can be retrieved from \s-1EGD\s0 over time is limited.

\fIRAND_query_egd_bytes() performs the actual query of the \s-1EGD\s0 daemon on socket \fBpath. If buf is given, bytes bytes are queried and written into \fBbuf. If buf is \s-1NULL, \s0bytes bytes are queried and used to seed the OpenSSL built-in \s-1PRNG\s0 using RAND_add\|(3).

Header "NOTES" On systems without /dev/*random devices providing entropy from the kernel, the \s-1EGD\s0 entropy gathering daemon can be used to collect entropy. It provides a socket interface through which entropy can be gathered in chunks up to 255 bytes. Several chunks can be queried during one connection.

\s-1EGD\s0 is available from http://www.lothar.com/tech/crypto/ (\*(C`perl Makefile.PL; make; make install\*(C' to install). It is run as egd \fIpath, where path is an absolute path designating a socket. When \fIRAND_egd() is called with that path as an argument, it tries to read random bytes that \s-1EGD\s0 has collected. RAND_egd() retrieves entropy from the daemon using the daemon's \*(L"non-blocking read\*(R" command which shall be answered immediately by the daemon without waiting for additional entropy to be collected. The write and read socket operations in the communication are blocking.

Alternatively, the EGD-interface compatible daemon \s-1PRNGD\s0 can be used. It is available from http://prngd.sourceforge.net/ . \s-1PRNGD\s0 does employ an internal \s-1PRNG\s0 itself and can therefore never run out of entropy.

OpenSSL automatically queries \s-1EGD\s0 when entropy is requested via RAND_bytes() or the status is checked via RAND_status() for the first time, if the socket is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.

Header "RETURN VALUE" \fIRAND_egd() and RAND_egd_bytes() return the number of bytes read from the daemon on success, and -1 if the connection failed or the daemon did not return enough data to fully seed the \s-1PRNG.\s0

\fIRAND_query_egd_bytes() returns the number of bytes read from the daemon on success, and -1 if the connection failed. The \s-1PRNG\s0 state is not considered.

Header "SEE ALSO" \fIrand\|(3), RAND_add\|(3), \fIRAND_cleanup\|(3) Header "HISTORY" \fIRAND_egd() is available since OpenSSL 0.9.5.

\fIRAND_egd_bytes() is available since OpenSSL 0.9.6.

\fIRAND_query_egd_bytes() is available since OpenSSL 0.9.7.

The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7.