diff options
author | Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk> | 2024-07-11 13:36:31 +0200 |
---|---|---|
committer | Pauli <ppzgs1@gmail.com> | 2024-07-31 06:44:51 +0200 |
commit | 1e7ff7be23c6fc8a88a698a57107a0e0c6db2435 (patch) | |
tree | 451afad843640338b14fef6d7995b3f2212e9f26 /doc | |
parent | JITTER: add documentation (diff) | |
download | openssl-1e7ff7be23c6fc8a88a698a57107a0e0c6db2435.tar.xz openssl-1e7ff7be23c6fc8a88a698a57107a0e0c6db2435.zip |
JITTER: excercise all tests in CI with JITTER seed source under certain build configuration
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24844)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/build.info | 12 | ||||
-rw-r--r-- | doc/man3/RAND_set_DRBG_type.pod | 10 | ||||
-rw-r--r-- | doc/man7/EVP_RAND-JITTER.pod | 8 | ||||
-rw-r--r-- | doc/man7/EVP_RAND.pod | 16 |
4 files changed, 32 insertions, 14 deletions
diff --git a/doc/build.info b/doc/build.info index 4b14fb393d..d47371e88a 100644 --- a/doc/build.info +++ b/doc/build.info @@ -4739,14 +4739,14 @@ DEPEND[html/man7/EVP_RAND-HMAC-DRBG.html]=man7/EVP_RAND-HMAC-DRBG.pod GENERATE[html/man7/EVP_RAND-HMAC-DRBG.html]=man7/EVP_RAND-HMAC-DRBG.pod DEPEND[man/man7/EVP_RAND-HMAC-DRBG.7]=man7/EVP_RAND-HMAC-DRBG.pod GENERATE[man/man7/EVP_RAND-HMAC-DRBG.7]=man7/EVP_RAND-HMAC-DRBG.pod -DEPEND[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod -GENERATE[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod -DEPEND[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod -GENERATE[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod DEPEND[html/man7/EVP_RAND-JITTER.html]=man7/EVP_RAND-JITTER.pod GENERATE[html/man7/EVP_RAND-JITTER.html]=man7/EVP_RAND-JITTER.pod DEPEND[man/man7/EVP_RAND-JITTER.7]=man7/EVP_RAND-JITTER.pod GENERATE[man/man7/EVP_RAND-JITTER.7]=man7/EVP_RAND-JITTER.pod +DEPEND[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod +GENERATE[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod +DEPEND[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod +GENERATE[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod DEPEND[html/man7/EVP_RAND-TEST-RAND.html]=man7/EVP_RAND-TEST-RAND.pod GENERATE[html/man7/EVP_RAND-TEST-RAND.html]=man7/EVP_RAND-TEST-RAND.pod DEPEND[man/man7/EVP_RAND-TEST-RAND.7]=man7/EVP_RAND-TEST-RAND.pod @@ -5112,8 +5112,8 @@ html/man7/EVP_PKEY-X25519.html \ html/man7/EVP_RAND-CTR-DRBG.html \ html/man7/EVP_RAND-HASH-DRBG.html \ html/man7/EVP_RAND-HMAC-DRBG.html \ -html/man7/EVP_RAND-SEED-SRC.html \ html/man7/EVP_RAND-JITTER.html \ +html/man7/EVP_RAND-SEED-SRC.html \ html/man7/EVP_RAND-TEST-RAND.html \ html/man7/EVP_RAND.html \ html/man7/EVP_SIGNATURE-DSA.html \ @@ -5258,8 +5258,8 @@ man/man7/EVP_PKEY-X25519.7 \ man/man7/EVP_RAND-CTR-DRBG.7 \ man/man7/EVP_RAND-HASH-DRBG.7 \ man/man7/EVP_RAND-HMAC-DRBG.7 \ -man/man7/EVP_RAND-SEED-SRC.7 \ man/man7/EVP_RAND-JITTER.7 \ +man/man7/EVP_RAND-SEED-SRC.7 \ man/man7/EVP_RAND-TEST-RAND.7 \ man/man7/EVP_RAND.7 \ man/man7/EVP_SIGNATURE-DSA.7 \ diff --git a/doc/man3/RAND_set_DRBG_type.pod b/doc/man3/RAND_set_DRBG_type.pod index f9bdbf780b..92fcaf74bd 100644 --- a/doc/man3/RAND_set_DRBG_type.pod +++ b/doc/man3/RAND_set_DRBG_type.pod @@ -41,7 +41,15 @@ is made too late. The default DRBG is "CTR-DRBG" using the "AES-256-CTR" cipher. -The default seed source is "SEED-SRC". +The default seed source can be configured when OpenSSL is compiled by +setting B<-DOPENSSL_DEFAULT_SEED_SRC='\"SEED-SRC\"'>. If not set then +"SEED-SRC" is used. + +=head1 EXAMPLES + + unsigned char bytes[100]; + RAND_set_seed_source_type(NULL, "JITTER", NULL); + RAND_bytes(bytes, 100); =head1 SEE ALSO diff --git a/doc/man7/EVP_RAND-JITTER.pod b/doc/man7/EVP_RAND-JITTER.pod index 01f7ea3ab9..e084b24d64 100644 --- a/doc/man7/EVP_RAND-JITTER.pod +++ b/doc/man7/EVP_RAND-JITTER.pod @@ -9,8 +9,12 @@ EVP_RAND-JITTER - The randomness seed source EVP_RAND implementation Support for deterministic random number generator seeding through the B<EVP_RAND> API. -The seed source comes from statically linked jitterentropy-library, -which produces randomness based on tiny CPU "jitter" fluctuations. +This software seed source produces randomness based on tiny CPU +"jitter" fluctuations. + +It is available when OpenSSL is compiled with B<enable-jitter> +option. When available it is listed in B<openssl list +-random-generators> and B<openssl info -seeds>. =head2 Identity diff --git a/doc/man7/EVP_RAND.pod b/doc/man7/EVP_RAND.pod index 08f48fdc45..05e494ceee 100644 --- a/doc/man7/EVP_RAND.pod +++ b/doc/man7/EVP_RAND.pod @@ -224,11 +224,17 @@ but also for every generate request. =head2 Configuring the Random Seed Source In most cases OpenSSL will automatically choose a suitable seed source -for automatically seeding and reseeding its <primary> DRBG. In some cases -however, it will be necessary to explicitly specify a seed source during -configuration, using the --with-rand-seed option. For more information, -see the INSTALL instructions. There are also operating systems where no -seed source is available and automatic reseeding is disabled by default. +for automatically seeding and reseeding its <primary> DRBG. The +default seed source can be configured when OpenSSL is compiled by +setting B<-DOPENSSL_DEFAULT_SEED_SRC='\"SEED-SRC\"'>. If not set then +"SEED-SRC" is used. One can specify third-party provider seed-source, +or B<-DOPENSSL_DEFAULT_SEED_SRC='\"JITTER\"'> if available. + +In some cases however, it will be necessary to explicitly specify a +seed source used by "SEED-SRC" during configuration, using the +--with-rand-seed option. For more information, see the INSTALL +instructions. There are also operating systems where no seed source is +available and automatic reseeding is disabled by default. The following two sections describe the reseeding process of the primary DRBG, depending on whether automatic reseeding is available or not. |