EVP_RAND.7 - OpenGrok cross reference for /freebsd/secure/lib/libcrypto/man/man7/EVP

Lines Matching +full:three +full:- +full:state
1 .\" -*- mode: troff; coding: utf-8 -*-
58 .TH EVP_RAND 7ossl 2025-09-30 3.5.4 OpenSSL
64 EVP_RAND \- the random bit generator
74 non-deterministic inputs to other cryptographic algorithms.
81 A DRBG is a certain type of cryptographically-secure pseudo-random
83 [NIST SP 800\-90A Rev. 1].
101 Refer to \fBprovider\-rand\fR\|(7) for the implementation details to support adding
119 .SH "THE THREE SHARED DRBG INSTANCES"
120 .IX Header "THE THREE SHARED DRBG INSTANCES"
121 Currently, there are three shared DRBG instances,
124 DRBG are created per thread and accessed through thread-local storage.
127 the thread-local <public> and <private> DRBG instance, respectively.
144 It is \fInot\fR thread-safe to access the <primary> DRBG directly via the
146 The <public> and <private> DRBG are thread-local, i.e. there is an
152 Note that it is not allowed to store a pointer to one of the thread-local
161 instances on different threads is thread-safe, because the DRBG instance
169 \&               +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
171 \&               +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
173 \&                        v           +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
174 \&     RAND_add() ==> <primary>     <\-| shared DRBG (with locking)  |
175 \&                      /   \e         +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
176 \&                     /     \e              +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\…
177 \&              <public>     <private>   <\- | per\-thread DRBG instances |
178 \&                 |             |          +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
183 \&    +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+      +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-…
186 \&    +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+      +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-…
202 time using the \-\-with\-rand\-seed option. The following sections explain
209 \&\- the DRBG was not instantiated (=seeded) yet or has been uninstantiated.
211 \&\- the number of generate requests since the last reseeding exceeds a
215 \&\- the time elapsed since the last reseeding exceeds a certain time
219 \&\- the DRBG is in an error state.
221 \&\fBNote\fR: An error state is entered if the entropy source fails while
232 The document [NIST SP 800\-90C] describes prediction resistance requests
236 entropy from a live entropy source (section 5.5.2 of [NIST SP 800\-90C]).
240 For the three shared DRBGs (and only for these) there is another way to
261 setting \fB\-DOPENSSL_DEFAULT_SEED_SRC=SEED\-SRC\fR. If not set then
262 "SEED-SRC" is used. One can specify a third-party provider seed-source,
263 or \fB\-DOPENSSL_DEFAULT_SEED_SRC=JITTER\fR if available.
266 seed source used by "SEED-SRC" during configuration, using the
267 \&\-\-with\-rand\-seed option. For more information, see the INSTALL
283 The random bytes are mixed as additional input into the current state of
291 (resp. uninstantiated or in an error state).
299 [NIST SP\-800\-90Ar1] mandates that entropy *shall not* be provided by
310 the (re\-)seeding of the DRBG will fail. This corresponds to one and a half
324 Copyright 2017\-2024 The OpenSSL Project Authors. All Rights Reserved.