From: Pauli Date: Mon, 9 Sep 2024 00:46:05 +0000 (+1000) Subject: doc: document the health test EVP_RAND X-Git-Tag: openssl-3.5.0-alpha1~1100 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39dc3c0f347cb4155d6336f9484d0d646b306671;p=thirdparty%2Fopenssl.git doc: document the health test EVP_RAND Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25415) --- diff --git a/doc/build.info b/doc/build.info index 8131a0aa98c..490422b5597 100644 --- a/doc/build.info +++ b/doc/build.info @@ -4745,6 +4745,10 @@ DEPEND[html/man7/EVP_PKEY-X25519.html]=man7/EVP_PKEY-X25519.pod GENERATE[html/man7/EVP_PKEY-X25519.html]=man7/EVP_PKEY-X25519.pod DEPEND[man/man7/EVP_PKEY-X25519.7]=man7/EVP_PKEY-X25519.pod GENERATE[man/man7/EVP_PKEY-X25519.7]=man7/EVP_PKEY-X25519.pod +DEPEND[html/man7/EVP_RAND-CRNG-TEST.html]=man7/EVP_RAND-CRNG-TEST.pod +GENERATE[html/man7/EVP_RAND-CRNG-TEST.html]=man7/EVP_RAND-CRNG-TEST.pod +DEPEND[man/man7/EVP_RAND-CRNG-TEST.7]=man7/EVP_RAND-CRNG-TEST.pod +GENERATE[man/man7/EVP_RAND-CRNG-TEST.7]=man7/EVP_RAND-CRNG-TEST.pod DEPEND[html/man7/EVP_RAND-CTR-DRBG.html]=man7/EVP_RAND-CTR-DRBG.pod GENERATE[html/man7/EVP_RAND-CTR-DRBG.html]=man7/EVP_RAND-CTR-DRBG.pod DEPEND[man/man7/EVP_RAND-CTR-DRBG.7]=man7/EVP_RAND-CTR-DRBG.pod @@ -5127,6 +5131,7 @@ html/man7/EVP_PKEY-HMAC.html \ html/man7/EVP_PKEY-RSA.html \ html/man7/EVP_PKEY-SM2.html \ html/man7/EVP_PKEY-X25519.html \ +html/man7/EVP_RAND-CRNG-TEST.html \ html/man7/EVP_RAND-CTR-DRBG.html \ html/man7/EVP_RAND-HASH-DRBG.html \ html/man7/EVP_RAND-HMAC-DRBG.html \ @@ -5273,6 +5278,7 @@ man/man7/EVP_PKEY-HMAC.7 \ man/man7/EVP_PKEY-RSA.7 \ man/man7/EVP_PKEY-SM2.7 \ man/man7/EVP_PKEY-X25519.7 \ +man/man7/EVP_RAND-CRNG-TEST.7 \ man/man7/EVP_RAND-CTR-DRBG.7 \ man/man7/EVP_RAND-HASH-DRBG.7 \ man/man7/EVP_RAND-HMAC-DRBG.7 \ diff --git a/doc/man7/EVP_RAND-CRNG-TEST.pod b/doc/man7/EVP_RAND-CRNG-TEST.pod new file mode 100644 index 00000000000..943ec049bc8 --- /dev/null +++ b/doc/man7/EVP_RAND-CRNG-TEST.pod @@ -0,0 +1,72 @@ +=pod + +=head1 NAME + +EVP_RAND-CRNG-TEST - The FIPS health testing EVP_RAND filter + +=head1 DESCRIPTION + +This B object acts a filter between the entropy source +and its users. It performs CRNG health tests as defined in +L Section 4 "Health +Tests". Most requests are forwarded to the entropy source, either via +its parent reference or via the provider entropy upcalls. + +=head2 Identity + +"CRNG-TEST" is the name for this implementation; it can be used with the +EVP_RAND_fetch() function. + +=head2 Supported parameters + +If a parent EVP_RAND is specified on context creation, the parent's +parameters are supported because the request is forwarded to the parent +seed source for processing. + +If no parent EVP_RAND is specified on context creation, the following parameters +are supported: + +=over 4 + +=item "state" (B) + +=item "strength" (B) + +=item "max_request" (B) + +These parameters work as described in L. + +=item "fips-indicator" (B) + +This parameter works as described in L. + +=back + +=head1 NOTES + +This EVP_RAND is only implemented by the OpenSSL FIPS provider. + +A context for a health test filter can be obtained by calling: + + EVP_RAND *parent = ...; + EVP_RAND *rand = EVP_RAND_fetch(NULL, "CRNG-TEST", NULL); + EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand, parent); + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +This functionality was added in OpenSSL 3.5. + +=head1 COPYRIGHT + +Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index b9560def0dd..c943289da17 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -232,6 +232,8 @@ This is an unapproved algorithm. =over 4 +=item CRNG-TEST, see L + =item CTR-DRBG, see L =item HASH-DRBG, see L