|
Packit |
e3b616 |
package Crypt::OpenSSL::Random;
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
use strict;
|
|
Packit |
e3b616 |
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK);
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
use XSLoader;
|
|
Packit |
e3b616 |
require Exporter;
|
|
Packit |
e3b616 |
@ISA = qw(Exporter);
|
|
Packit |
e3b616 |
@EXPORT_OK = qw( random_bytes random_pseudo_bytes random_seed
|
|
Packit |
e3b616 |
random_egd random_status );
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
$VERSION = '0.15';
|
|
Packit |
e3b616 |
XSLoader::load( __PACKAGE__, $VERSION );
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
1;
|
|
Packit |
e3b616 |
__END__
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=head1 NAME
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
Crypt::OpenSSL::Random - OpenSSL/LibreSSL pseudo-random number generator access
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=head1 SYNOPSIS
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
use Crypt::OpenSSL::Random;
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
Crypt::OpenSSL::Random::random_seed($good_random_data);
|
|
Packit |
e3b616 |
Crypt::OpenSSL::Random::random_egd("/tmp/entropy");
|
|
Packit |
e3b616 |
Crypt::OpenSSL::Random::random_status() or
|
|
Packit |
e3b616 |
die "Unable to sufficiently seed the random number generator".
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
my $ten_good_random_bytes = Crypt::OpenSSL::Random::random_bytes(10);
|
|
Packit |
e3b616 |
my $ten_ok_random_bytes = Crypt::OpenSSL::Random::random_pseudo_bytes(10);
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=head1 DESCRIPTION
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
C<Crypt::OpenSSL::Random> provides the ability to seed and query the
|
|
Packit |
e3b616 |
B<OpenSSL> and B<LibreSSL> library's pseudo-random number generators.
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
Note: On B<LibreSSL> C<random_egd()> is not defined.
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=head2 EXPORT
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
None by default.
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=head1 Static Methods
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=over
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=item random_bytes (IV num_bytes)
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
This function, returns a specified number of cryptographically strong
|
|
Packit |
e3b616 |
pseudo-random bytes from the PRNG. If the PRNG has not been seeded
|
|
Packit |
e3b616 |
with enough randomness to ensure an unpredictable byte sequence, then
|
|
Packit |
e3b616 |
a false value is returned.
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=item random_pseudo_bytes (IV num_bytes)
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
This function, is similar to C<random_bytes>, but the resulting
|
|
Packit |
e3b616 |
sequence of bytes are not necessarily unpredictable. They can be used
|
|
Packit |
e3b616 |
for non-cryptographic purposes and for certain purposes in
|
|
Packit |
e3b616 |
cryptographic protocols, but usually not for key generation etc.
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=item random_seed (PV random_bytes_string)
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
This function seeds the PRNG with a supplied string of bytes. It
|
|
Packit |
e3b616 |
returns true if the PRNG has sufficient seeding. Note: calling this
|
|
Packit |
e3b616 |
function with non-random bytes is of limited value at best!
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=item random_egd (PV egd_string)
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
This function seeds the PRNG with data from the specified entropy
|
|
Packit |
e3b616 |
gathering daemon. Returns the number of bytes read from the daemon on
|
|
Packit |
e3b616 |
success, or C<-1> if not enough bytes were read, or if the connection to
|
|
Packit |
e3b616 |
the daemon failed.
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
C<libressl> considers this function insecure, so with libressl this
|
|
Packit |
e3b616 |
function does not exist.
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=item random_status ()
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
This function returns true if the PRNG has sufficient seeding.
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=back
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=head1 BUGS
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
Because of the internal workings of OpenSSL's random library, the
|
|
Packit |
e3b616 |
pseudo-random number generator (PRNG) accessed by
|
|
Packit |
e3b616 |
Crypt::OpenSSL::Random will be different than the one accessed by any
|
|
Packit |
e3b616 |
other perl module. Hence, to use a module such as
|
|
Packit |
e3b616 |
Crypt::OpenSSL::Random, you will need to seed the PRNG used there from
|
|
Packit |
e3b616 |
one used here. This class is still advantageous, however, as it
|
|
Packit |
e3b616 |
centralizes other methods, such as C<random_egd>, in one place.
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=head1 AUTHOR
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
Ian Robertson, C<iroberts@cpan.com>
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
Now maintained by Reini Urban, C<rurban@cpan.org>
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=head1 LICENSE
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
This module is available under the same licences as perl, the Artistic
|
|
Packit |
e3b616 |
license and the GPL.
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=head1 SEE ALSO
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
perl(1), rand(3), RAND_add(3), RAND_egd(3), RAND_bytes(3).
|
|
Packit |
e3b616 |
|
|
Packit |
e3b616 |
=cut
|