document provider random bypass ability

author Pauli <ppzgs1@gmail.com>

Mon, 27 May 2024 04:26:45 +0000 (14:26 +1000)

committer Pauli <ppzgs1@gmail.com>

Tue, 4 Feb 2025 20:20:22 +0000 (07:20 +1100)
author Pauli <ppzgs1@gmail.com>
Mon, 27 May 2024 04:26:45 +0000 (14:26 +1000)
committer Pauli <ppzgs1@gmail.com>
Tue, 4 Feb 2025 20:20:22 +0000 (07:20 +1100)
diff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod

index c4a630856c58bdf629af710181cc15c7c76545de..ef48a492c4c37373465c3d536468807f46eda61f 100644 (file)
--- a/doc/man7/RAND.pod
+++ b/doc/man7/RAND.pod
@@ -54,6 +54,13 @@ only in exceptional cases and is not recommended, unless you have a profound
  knowledge of cryptographic principles and understand the implications of your
  changes.
  
+Finally, it is possible for a provider to bypass the default RAND setup for
+L<RAND_bytes(3)> and associated functions.  A provider can be specified as the
+single randomness source via the L<RAND_set1_random_provider(3)> function or via
+configuration using the B<random_provider> option in L<config(5)>.  Once specified,
+the nominated provider will be used directly when calling the L<RAND_bytes(3)>
+family of functions.
+
  =head1 DEFAULT SETUP
  
  The default OpenSSL RAND method is based on the EVP_RAND deterministic random
@@ -68,7 +75,9 @@ L<RAND_bytes(3)>,
  L<RAND_priv_bytes(3)>,
  L<EVP_RAND(3)>,
  L<RAND_get0_primary(3)>,
-L<EVP_RAND(7)>
+L<config(5)>,
+L<EVP_RAND(7)>,
+L<RAND_set1_random_provider(3)>.
  
  =head1 COPYRIGHT
author	Pauli <ppzgs1@gmail.com>
	Mon, 27 May 2024 04:26:45 +0000 (14:26 +1000)
committer	Pauli <ppzgs1@gmail.com>
	Tue, 4 Feb 2025 20:20:22 +0000 (07:20 +1100)