diff options
author | Pauli <paul.dale@oracle.com> | 2020-09-21 16:07:34 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-09-23 15:28:29 +1000 |
commit | 44d2482ba62bf7fc2fd4cfc250ad09e0feaa42da (patch) | |
tree | 968b0231029d09c71040c76e66554fbbc0d9ca08 /doc | |
parent | 11b93a1c82f2cb2be67b2d08cac4168a16555364 (diff) |
Add a "random" configuration section.
This permits the default trio of DRBGs to have their type and parameters set
using configuration.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/internal/man3/ossl_random_add_conf_module.pod | 42 | ||||
-rw-r--r-- | doc/man5/config.pod | 51 |
2 files changed, 93 insertions, 0 deletions
diff --git a/doc/internal/man3/ossl_random_add_conf_module.pod b/doc/internal/man3/ossl_random_add_conf_module.pod new file mode 100644 index 0000000000..6d4f5810dc --- /dev/null +++ b/doc/internal/man3/ossl_random_add_conf_module.pod @@ -0,0 +1,42 @@ +=pod + +=head1 NAME + +ossl_random_add_conf_module - internal random configuration module + +=head1 SYNOPSIS + + #include "crypto/rand.h" + + /* Configuration */ + void ossl_random_add_conf_module(void); + +=head1 DESCRIPTION + +ossl_random_add_conf_module() adds the random configuration module +for providers. +This allows the type and parameters of the stardard setup of random number +generators to be configured with an OpenSSL L<config(5)> file. + +=head1 RETURN VALUES + +ossl_random_add_conf_module() doesn't return any value. + +=head1 SEE ALSO + +L<OSSL_PROVIDER(3)>, L<ossl_provider_new(3)>, L<provider-rand(7)> + +=head1 HISTORY + +The functions described here were all added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 46d60f6ced..0a28f4ea4b 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -175,6 +175,7 @@ production. alg_section = evp_properties ssl_conf = ssl_configuration engines = engines + random = random [oids] ... new oids here ... @@ -191,6 +192,9 @@ production. [engines] ... engine properties here ... + [random] + ... random properties here ... + The semantics of each module are described below. The phrase "in the initialization section" refers to the section identified by the B<openssl_conf> or other name (given as B<openssl_init> in the @@ -389,6 +393,53 @@ For example: default_algorithms = ALL other_ctrl = EMPTY +=head2 Random Configuration + +The name B<random> in the initialization section names the section +containing the random number generater settings. + +Within the random section, the following names have meaning: + +=over 4 + +=item B<random> + +This is used to specify the random bit generator. +For example: + + [random] + random = CTR-DRBG + +The available random bit generators are: + +=over 4 + +=item B<CTR-DRBG> + +=item B<HASH-DRBG> + +=item B<HMAC-DRBG> + +=back + +=item B<cipher> + +This specifies what cipher a B<CTR-DRBG> random bit generator will use. +Other random bit generators ignore this name. +The default value is B<AES-256-CTR>. + +=item B<digest> + +This specifies what digest the B<HASH-DRBG> or B<HMAC-DRBG> random bit +generators will use. Other random bit generators ignore this name. + +=item B<properties> + +This sets the property query used when fetching the random bit generator and +any underlying algorithms. + +=back + =head1 EXAMPLES This example shows how to use quoting and escaping. |