1*e7be843bSPierre Pronchery=pod 2*e7be843bSPierre Pronchery 3*e7be843bSPierre Pronchery=head1 NAME 4*e7be843bSPierre Pronchery 5*e7be843bSPierre ProncheryEVP_RAND-CRNG-TEST - The FIPS health testing EVP_RAND filter 6*e7be843bSPierre Pronchery 7*e7be843bSPierre Pronchery=head1 DESCRIPTION 8*e7be843bSPierre Pronchery 9*e7be843bSPierre ProncheryThis B<EVP_RAND> object acts as a filter between the entropy source 10*e7be843bSPierre Proncheryand its users. It performs CRNG health tests as defined in 11*e7be843bSPierre ProncheryL<SP 800-90B|https://csrc.nist.gov/pubs/sp/800/90/b/final> Section 4 "Health 12*e7be843bSPierre ProncheryTests". Most requests are forwarded to the entropy source, either via 13*e7be843bSPierre Proncheryits parent reference or via the provider entropy upcalls. 14*e7be843bSPierre Pronchery 15*e7be843bSPierre Pronchery=head2 Identity 16*e7be843bSPierre Pronchery 17*e7be843bSPierre Pronchery"CRNG-TEST" is the name for this implementation; it can be used with the 18*e7be843bSPierre ProncheryEVP_RAND_fetch() function. 19*e7be843bSPierre Pronchery 20*e7be843bSPierre Pronchery=head2 Supported parameters 21*e7be843bSPierre Pronchery 22*e7be843bSPierre ProncheryIf a parent EVP_RAND is specified on context creation, the parent's 23*e7be843bSPierre Proncheryparameters are supported because the request is forwarded to the parent 24*e7be843bSPierre Proncheryseed source for processing. 25*e7be843bSPierre Pronchery 26*e7be843bSPierre ProncheryIf no parent EVP_RAND is specified on context creation, the following parameters 27*e7be843bSPierre Proncheryare supported: 28*e7be843bSPierre Pronchery 29*e7be843bSPierre Pronchery=over 4 30*e7be843bSPierre Pronchery 31*e7be843bSPierre Pronchery=item "state" (B<OSSL_RAND_PARAM_STATE>) <integer> 32*e7be843bSPierre Pronchery 33*e7be843bSPierre Pronchery=item "strength" (B<OSSL_RAND_PARAM_STRENGTH>) <unsigned integer> 34*e7be843bSPierre Pronchery 35*e7be843bSPierre Pronchery=item "max_request" (B<OSSL_RAND_PARAM_MAX_REQUEST>) <unsigned integer> 36*e7be843bSPierre Pronchery 37*e7be843bSPierre ProncheryThese parameters work as described in L<EVP_RAND(3)/PARAMETERS>. 38*e7be843bSPierre Pronchery 39*e7be843bSPierre Pronchery=item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <integer> 40*e7be843bSPierre Pronchery 41*e7be843bSPierre ProncheryThis parameter works as described in L<provider-rand(7)/PARAMETERS>. 42*e7be843bSPierre Pronchery 43*e7be843bSPierre Pronchery=back 44*e7be843bSPierre Pronchery 45*e7be843bSPierre Pronchery=head1 NOTES 46*e7be843bSPierre Pronchery 47*e7be843bSPierre ProncheryThis EVP_RAND is only implemented by the OpenSSL FIPS provider. 48*e7be843bSPierre Pronchery 49*e7be843bSPierre ProncheryA context for a health test filter can be obtained by calling: 50*e7be843bSPierre Pronchery 51*e7be843bSPierre Pronchery EVP_RAND *parent = ...; 52*e7be843bSPierre Pronchery EVP_RAND *rand = EVP_RAND_fetch(NULL, "CRNG-TEST", NULL); 53*e7be843bSPierre Pronchery EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand, parent); 54*e7be843bSPierre Pronchery 55*e7be843bSPierre Pronchery=head1 SEE ALSO 56*e7be843bSPierre Pronchery 57*e7be843bSPierre ProncheryL<EVP_RAND(3)>, L<OSSL_PROVIDER-FIPS(7)> 58*e7be843bSPierre Pronchery 59*e7be843bSPierre Pronchery=head1 HISTORY 60*e7be843bSPierre Pronchery 61*e7be843bSPierre ProncheryThis functionality was added in OpenSSL 3.4. 62*e7be843bSPierre Pronchery 63*e7be843bSPierre Pronchery=head1 COPYRIGHT 64*e7be843bSPierre Pronchery 65*e7be843bSPierre ProncheryCopyright 2024 The OpenSSL Project Authors. All Rights Reserved. 66*e7be843bSPierre Pronchery 67*e7be843bSPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 68*e7be843bSPierre Proncherythis file except in compliance with the License. You can obtain a copy 69*e7be843bSPierre Proncheryin the file LICENSE in the source distribution or at 70*e7be843bSPierre ProncheryL<https://www.openssl.org/source/license.html>. 71*e7be843bSPierre Pronchery 72*e7be843bSPierre Pronchery=cut 73