=pod =head1 NAME RAND_DRBG_generate, RAND_DRBG_bytes - generate random bytes using the given drbg instance =head1 SYNOPSIS #include <openssl/rand_drbg.h> int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, int prediction_resistance, const unsigned char *adin, size_t adinlen); int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen); =head1 DESCRIPTION RAND_DRBG_generate() generates B<outlen> random bytes using the given DRBG instance B<drbg> and stores them in the buffer at B<out>. Before generating the output, the DRBG instance checks whether the maximum number of generate requests (I<reseed interval>) or the maximum timespan (I<reseed time interval>) since its last seeding have been reached. If this is the case, the DRBG reseeds automatically. Additionally, an immediate reseeding can be requested by setting the B<prediction_resistance> flag to 1. See NOTES section for more details. The caller can optionally provide additional data to be used for reseeding by passing a pointer B<adin> to a buffer of length B<adinlen>. This additional data is mixed into the internal state of the random generator but does not contribute to the entropy count. The additional data can be omitted by setting B<adin> to NULL and B<adinlen> to 0; RAND_DRBG_bytes() generates B<outlen> random bytes using the given DRBG instance B<drbg> and stores them in the buffer at B<out>. This function is a wrapper around the RAND_DRBG_generate() call, which collects some additional data from low entropy sources (e.g., a high resolution timer) and calls RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). =head1 RETURN VALUES RAND_DRBG_generate() and RAND_DRBG_bytes() return 1 on success, and 0 on failure. =head1 NOTES The I<reseed interval> and I<reseed time interval> of the B<drbg> are set to reasonable default values, which in general do not have to be adjusted. If necessary, they can be changed using L<RAND_DRBG_set_reseed_interval(3)> and L<RAND_DRBG_set_reseed_time_interval(3)>, respectively. A request for prediction resistance can only be satisfied by pulling fresh entropy from one of the approved entropy sources listed in section 5.5.2 of [NIST SP 800-90C]. Since the default DRBG implementation does not have access to such an approved entropy source, a request for prediction resistance will always fail. In other words, prediction resistance is currently not supported yet by the DRBG. =head1 SEE ALSO L<RAND_bytes(3)>, L<RAND_DRBG_set_reseed_interval(3)>, L<RAND_DRBG_set_reseed_time_interval(3)>, L<RAND_DRBG(7)> =head1 HISTORY The RAND_DRBG functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L<https://www.openssl.org/source/license.html>. =cut