GENERATE[html/man7/EVP_PKEY-X25519.html]=man7/EVP_PKEY-X25519.pod
DEPEND[man/man7/EVP_PKEY-X25519.7]=man7/EVP_PKEY-X25519.pod
GENERATE[man/man7/EVP_PKEY-X25519.7]=man7/EVP_PKEY-X25519.pod
+DEPEND[html/man7/EVP_RAND-CRNG-TEST.html]=man7/EVP_RAND-CRNG-TEST.pod
+GENERATE[html/man7/EVP_RAND-CRNG-TEST.html]=man7/EVP_RAND-CRNG-TEST.pod
+DEPEND[man/man7/EVP_RAND-CRNG-TEST.7]=man7/EVP_RAND-CRNG-TEST.pod
+GENERATE[man/man7/EVP_RAND-CRNG-TEST.7]=man7/EVP_RAND-CRNG-TEST.pod
DEPEND[html/man7/EVP_RAND-CTR-DRBG.html]=man7/EVP_RAND-CTR-DRBG.pod
GENERATE[html/man7/EVP_RAND-CTR-DRBG.html]=man7/EVP_RAND-CTR-DRBG.pod
DEPEND[man/man7/EVP_RAND-CTR-DRBG.7]=man7/EVP_RAND-CTR-DRBG.pod
html/man7/EVP_PKEY-RSA.html \
html/man7/EVP_PKEY-SM2.html \
html/man7/EVP_PKEY-X25519.html \
+html/man7/EVP_RAND-CRNG-TEST.html \
html/man7/EVP_RAND-CTR-DRBG.html \
html/man7/EVP_RAND-HASH-DRBG.html \
html/man7/EVP_RAND-HMAC-DRBG.html \
man/man7/EVP_PKEY-RSA.7 \
man/man7/EVP_PKEY-SM2.7 \
man/man7/EVP_PKEY-X25519.7 \
+man/man7/EVP_RAND-CRNG-TEST.7 \
man/man7/EVP_RAND-CTR-DRBG.7 \
man/man7/EVP_RAND-HASH-DRBG.7 \
man/man7/EVP_RAND-HMAC-DRBG.7 \
--- /dev/null
+=pod
+
+=head1 NAME
+
+EVP_RAND-CRNG-TEST - The FIPS health testing EVP_RAND filter
+
+=head1 DESCRIPTION
+
+This B<EVP_RAND> object acts as a filter between the entropy source
+and its users. It performs CRNG health tests as defined in
+L<SP 800-90B|https://csrc.nist.gov/pubs/sp/800/90/b/final> Section 4 "Health
+Tests". Most requests are forwarded to the entropy source, either via
+its parent reference or via the provider entropy upcalls.
+
+=head2 Identity
+
+"CRNG-TEST" is the name for this implementation; it can be used with the
+EVP_RAND_fetch() function.
+
+=head2 Supported parameters
+
+If a parent EVP_RAND is specified on context creation, the parent's
+parameters are supported because the request is forwarded to the parent
+seed source for processing.
+
+If no parent EVP_RAND is specified on context creation, the following parameters
+are supported:
+
+=over 4
+
+=item "state" (B<OSSL_RAND_PARAM_STATE>) <integer>
+
+=item "strength" (B<OSSL_RAND_PARAM_STRENGTH>) <unsigned integer>
+
+=item "max_request" (B<OSSL_RAND_PARAM_MAX_REQUEST>) <unsigned integer>
+
+These parameters work as described in L<EVP_RAND(3)/PARAMETERS>.
+
+=item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
+
+This parameter works as described in L<provider-rand(7)/PARAMETERS>.
+
+=back
+
+=head1 NOTES
+
+This EVP_RAND is only implemented by the OpenSSL FIPS provider.
+
+A context for a health test filter can be obtained by calling:
+
+ EVP_RAND *parent = ...;
+ EVP_RAND *rand = EVP_RAND_fetch(NULL, "CRNG-TEST", NULL);
+ EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand, parent);
+
+=head1 SEE ALSO
+
+L<EVP_RAND(3)>, L<OSSL_PROVIDER-FIPS(7)>
+
+=head1 HISTORY
+
+This functionality was added in OpenSSL 3.4.
+
+=head1 COPYRIGHT
+
+Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
projects / thirdparty / openssl.git / commitdiff
