Lines Matching +full:can +full:- +full:primary
5 EVP_RAND - the random bit generator
15 non-deterministic inputs to other cryptographic algorithms.
22 A DRBG is a certain type of cryptographically-secure pseudo-random
24 [NIST SP 800-90A Rev. 1].
50 Refer to L<provider-rand(7)> for the implementation details to support adding
63 An EVP_RAND instance can be used as the entropy source of another
78 the <primary>, <public>, and <private> DRBG.
79 While the <primary> DRBG is a single global instance, the <public> and <private>
80 DRBG are created per thread and accessed through thread-local storage.
83 the thread-local <public> and <private> DRBG instance, respectively.
85 =head2 The <primary> DRBG instance
87 The <primary> DRBG is not used directly by the application, only for reseeding
103 The <primary> DRBG is intended to be accessed concurrently for reseeding
105 It is I<not> thread-safe to access the <primary> DRBG directly via the
107 The <public> and <private> DRBG are thread-local, i.e. there is an
108 instance of each per thread. So they can safely be accessed without
111 Pointers to these DRBG instances can be obtained using
113 Note that it is not allowed to store a pointer to one of the thread-local
121 thread. Using the <primary> DRBG as entropy source for multiple DRBG
122 instances on different threads is thread-safe, because the DRBG instance
123 will lock the <primary> DRBG automatically for obtaining random input.
130 +--------------------+
132 +--------------------+
134 v +-----------------------------+
135 RAND_add() ==> <primary> <-| shared DRBG (with locking) |
136 / \ +-----------------------------+
137 / \ +---------------------------+
138 <public> <private> <- | per-thread DRBG instances |
139 | | +---------------------------+
144 +------------------+ +------------------------------------+
147 +------------------+ +------------------------------------+
159 its entropy source. The entropy source can be either a trusted operating
164 time using the --with-rand-seed option. The following sections explain
172 - the DRBG was not instantiated (=seeded) yet or has been uninstantiated.
174 - the number of generate requests since the last reseeding exceeds a
176 This behaviour can be disabled by setting the I<reseed_interval> to 0.
178 - the time elapsed since the last reseeding exceeds a certain time
180 This can be disabled by setting the I<reseed_time_interval> to 0.
182 - the DRBG is in an error state.
191 In addition to automatic reseeding, the caller can request an immediate
196 The document [NIST SP 800-90C] describes prediction resistance requests
199 A request for prediction resistance can only be satisfied by pulling fresh
200 entropy from a live entropy source (section 5.5.2 of [NIST SP 800-90C]).
207 (or L<RAND_seed(3)>), then this will immediately reseed the <primary> DRBG.
209 call and reseed, pulling randomness from <primary>.
219 which can optionally be added by the user and is considered untrusted.
227 for automatically seeding and reseeding its <primary> DRBG. In some cases
229 configuration, using the --with-rand-seed option. For more information,
233 The following two sections describe the reseeding process of the primary
237 =head2 Reseeding the primary DRBG with automatic seeding enabled
243 RAND_add() can be used to add both kinds of random input, depending on the
270 [NIST SP-800-90Ar1] mandates that entropy *shall not* be provided by
276 =head2 Reseeding the primary DRBG with automatic seeding disabled
282 the (re-)seeding of the DRBG will fail. This corresponds to one and a half
299 Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
302 this file except in compliance with the License. You can obtain a copy