[openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Tue Mar 3 09:56:18 UTC 2020

The branch master has been updated
       via  88398d2a358fe41e33c61ac02f23ffaeacddcff0 (commit)
      from  a24e62f54b48d01832fd0b80f97115927a777a0f (commit)

- Log -----------------------------------------------------------------
commit 88398d2a358fe41e33c61ac02f23ffaeacddcff0
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Mon Mar 2 00:25:29 2020 +0100

    doc: document that 'openssl rand' is cryptographically secure
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/11213)


Summary of changes:
 doc/man1/openssl-rand.pod.in | 14 +++++++++++---
 doc/man3/RAND_bytes.pod      | 24 ++++++++++++++++++------
 2 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/doc/man1/openssl-rand.pod.in b/doc/man1/openssl-rand.pod.in
index 61c74df466..b8a01750c8 100644
--- a/doc/man1/openssl-rand.pod.in
+++ b/doc/man1/openssl-rand.pod.in
@@ -20,8 +20,14 @@ I<num>
-This command outputs I<num> pseudo-random bytes after seeding
-the random number generator once.
+This command generates I<num> random bytes using a cryptographically
+secure pseudo random number generator (CSPRNG).
+The random bytes are generated using the L<RAND_bytes(3)> function,
+which provides a security level of 256 bits, provided it managed to
+seed itself successfully from a trusted operating system entropy source.
+Otherwise, the command will fail with a non-zero error code.
+For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<RAND_DRBG(7)>.
 =head1 OPTIONS
@@ -52,7 +58,9 @@ Show the output as a hex string.
 =head1 SEE ALSO
diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod
index 5da4692520..525b5694fe 100644
--- a/doc/man3/RAND_bytes.pod
+++ b/doc/man3/RAND_bytes.pod
@@ -23,8 +23,8 @@ L<openssl_user_macros(7)>:
-RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
-into B<buf>.
+RAND_bytes() generates B<num> random bytes using a cryptographically
+secure pseudo random generator (CSPRNG) and stores them in B<buf>.
 RAND_priv_bytes() has the same semantics as RAND_bytes().  It is intended to
 be used for generating values that should remain private. If using the
@@ -44,10 +44,22 @@ ignored.
 =head1 NOTES
-Always check the error return value of RAND_bytes() and
-RAND_priv_bytes() and do not take randomness for granted: an error occurs
-if the CSPRNG has not been seeded with enough randomness to ensure an
-unpredictable byte sequence.
+By default, the OpenSSL CSPRNG supports a security level of 256 bits, provided it
+was able to seed itself from a trusted entropy source.
+On all major platforms supported by OpenSSL (including the Unix-like platforms
+and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use
+using the operating systems's random generator.
+If the entropy source fails or is not available, the CSPRNG will enter an
+error state and refuse to generate random bytes. For that reason, it is important
+to always check the error return value of RAND_bytes() and RAND_priv_bytes() and
+not take randomness for granted.
+On other platforms, there might not be a trusted entropy source available
+or OpenSSL might have been explicitly configured to use different entropy sources.
+If you are in doubt about the quality of the entropy source, don't hesitate to ask
+your operating system vendor or post a question on GitHub or the openssl-users
+mailing list.

More information about the openssl-commits mailing list