EVP_RAND.pod - OpenGrok cross reference for /third_party/openssl/doc/man7/EVP

Lines Matching +full:fips +full:- +full:sources
5 EVP_RAND - the random bit generator
15 non-deterministic inputs to other cryptographic algorithms.
20 systems's entropy sources and providing access to deterministic random
22 A DRBG is a certain type of cryptographically-secure pseudo-random
24 [NIST SP 800-90A Rev. 1].
50 Refer to L<provider-rand(7)> for the implementation details to support adding
51 randomness sources to EVP_RAND.
80 DRBG are created per thread and accessed through thread-local storage.
83 the thread-local <public> and <private> DRBG instance, respectively.
89 either from os entropy sources or by consuming randomness which was added
105 It is I<not> thread-safe to access the <primary> DRBG directly via the
107 The <public> and <private> DRBG are thread-local, i.e. there is an
113 Note that it is not allowed to store a pointer to one of the thread-local
122 instances on different threads is thread-safe, because the DRBG instance
130                +--------------------+
131                | os entropy sources |
132                +--------------------+
134                         v           +-----------------------------+
135      RAND_add() ==> <primary>     <-| shared DRBG (with locking)  |
136                       /   \         +-----------------------------+
137                      /     \              +---------------------------+
138               <public>     <private>   <- | per-thread DRBG instances |
139                  |             |          +---------------------------+
144     +------------------+      +------------------------------------+
147     +------------------+      +------------------------------------+
163 The selection of the trusted entropy sources is configured at build
164 time using the --with-rand-seed option. The following sections explain
172 - the DRBG was not instantiated (=seeded) yet or has been uninstantiated.
174 - the number of generate requests since the last reseeding exceeds a
178 - the time elapsed since the last reseeding exceeds a certain time
182 - the DRBG is in an error state.
196 The document [NIST SP 800-90C] describes prediction resistance requests
197 in detail and imposes strict conditions on the entropy sources that are
200 entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]).
229 configuration, using the --with-rand-seed option. For more information,
265 from the trusted entropy sources.
269 NOTE: Manual reseeding is *not allowed* in FIPS mode, because
270 [NIST SP-800-90Ar1] mandates that entropy *shall not* be provided by
282 the (re-)seeding of the DRBG will fail. This corresponds to one and a half
299 Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.