doc/man7/EVP_RAND-CRNG-TEST.pod

=pod

=head1 NAME

EVP_RAND-CRNG-TEST - The FIPS health testing EVP_RAND filter

=head1 DESCRIPTION

This B<EVP_RAND> object acts as a filter between the entropy source
and its users.  It performs CRNG health tests as defined in
L<SP 800-90B|https://csrc.nist.gov/pubs/sp/800/90/b/final> Section 4 "Health
Tests".  Most requests are forwarded to the entropy source, either via
its parent reference or via the provider entropy upcalls.

=head2 Identity

"CRNG-TEST" is the name for this implementation; it can be used with the
EVP_RAND_fetch() function.

=head2 Supported parameters

If a parent EVP_RAND is specified on context creation, the parent's
parameters are supported because the request is forwarded to the parent
seed source for processing.

If no parent EVP_RAND is specified on context creation, the following parameters
are supported:

=over 4

=item "state" (B<OSSL_RAND_PARAM_STATE>) <integer>

=item "strength" (B<OSSL_RAND_PARAM_STRENGTH>) <unsigned integer>

=item "max_request" (B<OSSL_RAND_PARAM_MAX_REQUEST>) <unsigned integer>

These parameters work as described in L<EVP_RAND(3)/PARAMETERS>.

=item "fips-indicator" (B<OSSL_DRBG_PARAM_FIPS_APPROVED_INDICATOR>) <integer>

This parameter works as described in L<provider-rand(7)/PARAMETERS>.

=back

=head1 NOTES

This EVP_RAND is only implemented by the OpenSSL FIPS provider.

A context for a health test filter can be obtained by calling:

 EVP_RAND *parent = ...;
 EVP_RAND *rand = EVP_RAND_fetch(NULL, "CRNG-TEST", NULL);
 EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand, parent);

=head1 SEE ALSO

L<EVP_RAND(3)>, L<OSSL_PROVIDER-FIPS(7)>

=head1 HISTORY

This functionality was added in OpenSSL 3.4.

=head1 COPYRIGHT

Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut