From: Pauli <ppzgs1@gmail.com>
Date: Mon, 27 May 2024 04:26:45 +0000 (+1000)
Subject: document provider random bypass ability
X-Git-Tag: openssl-3.5.0-alpha1~660
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=888073e2e83b944721f4b489562b3523298734e5;p=thirdparty%2Fopenssl.git

document provider random bypass ability

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24498)
---

diff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod
index c4a630856c5..ef48a492c4c 100644
--- a/doc/man7/RAND.pod
+++ b/doc/man7/RAND.pod
@@ -54,6 +54,13 @@ only in exceptional cases and is not recommended, unless you have a profound
 knowledge of cryptographic principles and understand the implications of your
 changes.
 
+Finally, it is possible for a provider to bypass the default RAND setup for
+L<RAND_bytes(3)> and associated functions.  A provider can be specified as the
+single randomness source via the L<RAND_set1_random_provider(3)> function or via
+configuration using the B<random_provider> option in L<config(5)>.  Once specified,
+the nominated provider will be used directly when calling the L<RAND_bytes(3)>
+family of functions.
+
 =head1 DEFAULT SETUP
 
 The default OpenSSL RAND method is based on the EVP_RAND deterministic random
@@ -68,7 +75,9 @@ L<RAND_bytes(3)>,
 L<RAND_priv_bytes(3)>,
 L<EVP_RAND(3)>,
 L<RAND_get0_primary(3)>,
-L<EVP_RAND(7)>
+L<config(5)>,
+L<EVP_RAND(7)>,
+L<RAND_set1_random_provider(3)>.
 
 =head1 COPYRIGHT