OpenSSL/Random numbers

From Wikibooks, open books for an open world
< OpenSSL
Jump to: navigation, search

OpenSSL includes a Cryptographically secure pseudorandom number generator. The functions related to the random number generator begin with the prefix RAND_.

OpenSSL automatically seeds the random number generator from /dev/urandom (on UNIX) or CryptGenRandom (on Windows). So, seeding the random number generator is not necessary unless you are on an exotic platform, or wish to add additional entropy.

It's possible to check whether the random number generator has been successfully seeded by calling:

int RAND_status (void);

which returns 1 if the RNG is seeded or 0 if it is not.

The function RAND_poll() can be used to reseed the random number generator using the system entropy source (/dev/urandom or CryptGenRandom). RAND_poll() is called automatically the first time the random number generator is used, so it is not necessary to call it as part of initialization. (Even though many examples of using OpenSSL do so.) However, for a long-running process, it may be desirable to call RAND_poll() occasionally to reseed the random number generator with fresh entropy.