summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorDimitri John Ledkov <dimitri.ledkov@surgut.co.uk>2024-07-11 13:36:31 +0200
committerPauli <ppzgs1@gmail.com>2024-07-31 06:44:51 +0200
commit1e7ff7be23c6fc8a88a698a57107a0e0c6db2435 (patch)
tree451afad843640338b14fef6d7995b3f2212e9f26 /doc
parentJITTER: add documentation (diff)
downloadopenssl-1e7ff7be23c6fc8a88a698a57107a0e0c6db2435.tar.xz
openssl-1e7ff7be23c6fc8a88a698a57107a0e0c6db2435.zip
JITTER: excercise all tests in CI with JITTER seed source under certain build configuration
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24844)
Diffstat (limited to 'doc')
-rw-r--r--doc/build.info12
-rw-r--r--doc/man3/RAND_set_DRBG_type.pod10
-rw-r--r--doc/man7/EVP_RAND-JITTER.pod8
-rw-r--r--doc/man7/EVP_RAND.pod16
4 files changed, 32 insertions, 14 deletions
diff --git a/doc/build.info b/doc/build.info
index 4b14fb393d..d47371e88a 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -4739,14 +4739,14 @@ DEPEND[html/man7/EVP_RAND-HMAC-DRBG.html]=man7/EVP_RAND-HMAC-DRBG.pod
GENERATE[html/man7/EVP_RAND-HMAC-DRBG.html]=man7/EVP_RAND-HMAC-DRBG.pod
DEPEND[man/man7/EVP_RAND-HMAC-DRBG.7]=man7/EVP_RAND-HMAC-DRBG.pod
GENERATE[man/man7/EVP_RAND-HMAC-DRBG.7]=man7/EVP_RAND-HMAC-DRBG.pod
-DEPEND[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod
-GENERATE[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod
-DEPEND[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod
-GENERATE[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod
DEPEND[html/man7/EVP_RAND-JITTER.html]=man7/EVP_RAND-JITTER.pod
GENERATE[html/man7/EVP_RAND-JITTER.html]=man7/EVP_RAND-JITTER.pod
DEPEND[man/man7/EVP_RAND-JITTER.7]=man7/EVP_RAND-JITTER.pod
GENERATE[man/man7/EVP_RAND-JITTER.7]=man7/EVP_RAND-JITTER.pod
+DEPEND[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod
+GENERATE[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod
+DEPEND[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod
+GENERATE[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod
DEPEND[html/man7/EVP_RAND-TEST-RAND.html]=man7/EVP_RAND-TEST-RAND.pod
GENERATE[html/man7/EVP_RAND-TEST-RAND.html]=man7/EVP_RAND-TEST-RAND.pod
DEPEND[man/man7/EVP_RAND-TEST-RAND.7]=man7/EVP_RAND-TEST-RAND.pod
@@ -5112,8 +5112,8 @@ html/man7/EVP_PKEY-X25519.html \
html/man7/EVP_RAND-CTR-DRBG.html \
html/man7/EVP_RAND-HASH-DRBG.html \
html/man7/EVP_RAND-HMAC-DRBG.html \
-html/man7/EVP_RAND-SEED-SRC.html \
html/man7/EVP_RAND-JITTER.html \
+html/man7/EVP_RAND-SEED-SRC.html \
html/man7/EVP_RAND-TEST-RAND.html \
html/man7/EVP_RAND.html \
html/man7/EVP_SIGNATURE-DSA.html \
@@ -5258,8 +5258,8 @@ man/man7/EVP_PKEY-X25519.7 \
man/man7/EVP_RAND-CTR-DRBG.7 \
man/man7/EVP_RAND-HASH-DRBG.7 \
man/man7/EVP_RAND-HMAC-DRBG.7 \
-man/man7/EVP_RAND-SEED-SRC.7 \
man/man7/EVP_RAND-JITTER.7 \
+man/man7/EVP_RAND-SEED-SRC.7 \
man/man7/EVP_RAND-TEST-RAND.7 \
man/man7/EVP_RAND.7 \
man/man7/EVP_SIGNATURE-DSA.7 \
diff --git a/doc/man3/RAND_set_DRBG_type.pod b/doc/man3/RAND_set_DRBG_type.pod
index f9bdbf780b..92fcaf74bd 100644
--- a/doc/man3/RAND_set_DRBG_type.pod
+++ b/doc/man3/RAND_set_DRBG_type.pod
@@ -41,7 +41,15 @@ is made too late.
The default DRBG is "CTR-DRBG" using the "AES-256-CTR" cipher.
-The default seed source is "SEED-SRC".
+The default seed source can be configured when OpenSSL is compiled by
+setting B<-DOPENSSL_DEFAULT_SEED_SRC='\"SEED-SRC\"'>. If not set then
+"SEED-SRC" is used.
+
+=head1 EXAMPLES
+
+ unsigned char bytes[100];
+ RAND_set_seed_source_type(NULL, "JITTER", NULL);
+ RAND_bytes(bytes, 100);
=head1 SEE ALSO
diff --git a/doc/man7/EVP_RAND-JITTER.pod b/doc/man7/EVP_RAND-JITTER.pod
index 01f7ea3ab9..e084b24d64 100644
--- a/doc/man7/EVP_RAND-JITTER.pod
+++ b/doc/man7/EVP_RAND-JITTER.pod
@@ -9,8 +9,12 @@ EVP_RAND-JITTER - The randomness seed source EVP_RAND implementation
Support for deterministic random number generator seeding through the
B<EVP_RAND> API.
-The seed source comes from statically linked jitterentropy-library,
-which produces randomness based on tiny CPU "jitter" fluctuations.
+This software seed source produces randomness based on tiny CPU
+"jitter" fluctuations.
+
+It is available when OpenSSL is compiled with B<enable-jitter>
+option. When available it is listed in B<openssl list
+-random-generators> and B<openssl info -seeds>.
=head2 Identity
diff --git a/doc/man7/EVP_RAND.pod b/doc/man7/EVP_RAND.pod
index 08f48fdc45..05e494ceee 100644
--- a/doc/man7/EVP_RAND.pod
+++ b/doc/man7/EVP_RAND.pod
@@ -224,11 +224,17 @@ but also for every generate request.
=head2 Configuring the Random Seed Source
In most cases OpenSSL will automatically choose a suitable seed source
-for automatically seeding and reseeding its <primary> DRBG. In some cases
-however, it will be necessary to explicitly specify a seed source during
-configuration, using the --with-rand-seed option. For more information,
-see the INSTALL instructions. There are also operating systems where no
-seed source is available and automatic reseeding is disabled by default.
+for automatically seeding and reseeding its <primary> DRBG. The
+default seed source can be configured when OpenSSL is compiled by
+setting B<-DOPENSSL_DEFAULT_SEED_SRC='\"SEED-SRC\"'>. If not set then
+"SEED-SRC" is used. One can specify third-party provider seed-source,
+or B<-DOPENSSL_DEFAULT_SEED_SRC='\"JITTER\"'> if available.
+
+In some cases however, it will be necessary to explicitly specify a
+seed source used by "SEED-SRC" during configuration, using the
+--with-rand-seed option. For more information, see the INSTALL
+instructions. There are also operating systems where no seed source is
+available and automatic reseeding is disabled by default.
The following two sections describe the reseeding process of the primary
DRBG, depending on whether automatic reseeding is available or not.