=head1 NAME
-RAND_egd - query entropy gathering daemon
+RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon
=head1 SYNOPSIS
RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>.
It queries B<bytes> bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
OpenSSL built-in PRNG.
+This function is more flexible than RAND_egd().
+When only one secret key must
+be generated, it is not necessary to request the full amount 255 bytes from
+the EGD socket. This can be advantageous, since the amount of entropy
+that can be retrieved from EGD over time is limited.
RAND_query_egd_bytes() performs the actual query of the EGD daemon on socket
B<path>. If B<buf> is given, B<bytes> bytes are queried and written into
a socket interface through which entropy can be gathered in chunks up to
255 bytes. Several chunks can be queried during one connection.
-While RAND_egd() is longer available (see HISTORY section), the
-RAND_egd_bytes() function is more flexible. When only one secret key must
-be generated, it is not needed to request the full amount 255 bytes from
-the EGD socket. This can be advantageous, since the amount of entropy
-that can be retrieved from EGD over time is limited.
-
EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
Makefile.PL; make; make install> to install). It is run as B<egd>
I<path>, where I<path> is an absolute path designating a socket. When
RAND_egd() is called with that path as an argument, it tries to read
-random bytes that EGD has collected. The read is performed in
-non-blocking mode.
+random bytes that EGD has collected. RAND_egd() retrieves entropy from the
+daemon using the daemon's "non-blocking read" command which shall
+be answered immediately by the daemon without waiting for additional
+entropy to be collected. The write and read socket operations in the
+communication are blocking.
Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
available from
-http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html .
+http://prngd.sourceforge.net/ .
PRNGD does employ an internal PRNG itself and can therefore never run
out of entropy.
+OpenSSL automatically queries EGD when entropy is requested via RAND_bytes()
+or the status is checked via RAND_status() for the first time, if the socket
+is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.
+
=head1 RETURN VALUE
RAND_egd() and RAND_egd_bytes() return the number of bytes read from the
RAND_query_egd_bytes() is available since OpenSSL 0.9.7.
+The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7.
+
=cut