Add a "random" configuration section.

This permits the default trio of DRBGs to have their type and parameters set
using configuration.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)

1 files changed, 51 insertions, 0 deletions

diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 46d60f6ced..0a28f4ea4b 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -175,6 +175,7 @@ production.
  alg_section = evp_properties
  ssl_conf = ssl_configuration
  engines = engines
+ random = random
 
  [oids]
  ... new oids here ...
@@ -191,6 +192,9 @@ production.
  [engines]
  ... engine properties here ...
 
+ [random]
+ ... random properties here ...
+
 The semantics of each module are described below. The phrase "in the
 initialization section" refers to the section identified by the
 B<openssl_conf> or other name (given as B<openssl_init> in the
@@ -389,6 +393,53 @@ For example:
  default_algorithms = ALL
  other_ctrl = EMPTY
 
+=head2 Random Configuration
+
+The name B<random> in the initialization section names the section
+containing the random number generater settings.
+
+Within the random section, the following names have meaning:
+
+=over 4
+
+=item B<random>
+
+This is used to specify the random bit generator.
+For example:
+
+ [random]
+ random = CTR-DRBG
+
+The available random bit generators are:
+
+=over 4
+
+=item B<CTR-DRBG>
+
+=item B<HASH-DRBG>
+
+=item B<HMAC-DRBG>
+
+=back
+
+=item B<cipher>
+
+This specifies what cipher a B<CTR-DRBG> random bit generator will use.
+Other random bit generators ignore this name.
+The default value is B<AES-256-CTR>.
+
+=item B<digest>
+
+This specifies what digest the B<HASH-DRBG> or B<HMAC-DRBG> random bit
+generators will use.  Other random bit generators ignore this name.
+
+=item B<properties>
+
+This sets the property query used when fetching the random bit generator and
+any underlying algorithms.
+
+=back
+
 =head1 EXAMPLES
 
 This example shows how to use quoting and escaping.