JITTER: add documentation

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24844)
2025-03-31 20:10:45 +08:00 · 2024-07-11 12:20:09 +01:00 · 2024-07-11 12:20:09 +01:00 · 8f3ebb7d60
commit 8f3ebb7d60
parent b28b312804
4 changed files with 101 additions and 4 deletions
--- a/doc/build.info
+++ b/doc/build.info
@ -4743,6 +4743,10 @@ DEPEND[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod
 GENERATE[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod
 DEPEND[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod
 GENERATE[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod
+DEPEND[html/man7/EVP_RAND-JITTER.html]=man7/EVP_RAND-JITTER.pod
+GENERATE[html/man7/EVP_RAND-JITTER.html]=man7/EVP_RAND-JITTER.pod
+DEPEND[man/man7/EVP_RAND-JITTER.7]=man7/EVP_RAND-JITTER.pod
+GENERATE[man/man7/EVP_RAND-JITTER.7]=man7/EVP_RAND-JITTER.pod
 DEPEND[html/man7/EVP_RAND-TEST-RAND.html]=man7/EVP_RAND-TEST-RAND.pod
 GENERATE[html/man7/EVP_RAND-TEST-RAND.html]=man7/EVP_RAND-TEST-RAND.pod
 DEPEND[man/man7/EVP_RAND-TEST-RAND.7]=man7/EVP_RAND-TEST-RAND.pod
@ -5109,6 +5113,7 @@ html/man7/EVP_RAND-CTR-DRBG.html \
 html/man7/EVP_RAND-HASH-DRBG.html \
 html/man7/EVP_RAND-HMAC-DRBG.html \
 html/man7/EVP_RAND-SEED-SRC.html \
+html/man7/EVP_RAND-JITTER.html \
 html/man7/EVP_RAND-TEST-RAND.html \
 html/man7/EVP_RAND.html \
 html/man7/EVP_SIGNATURE-DSA.html \
@ -5254,6 +5259,7 @@ man/man7/EVP_RAND-CTR-DRBG.7 \
 man/man7/EVP_RAND-HASH-DRBG.7 \
 man/man7/EVP_RAND-HMAC-DRBG.7 \
 man/man7/EVP_RAND-SEED-SRC.7 \
+man/man7/EVP_RAND-JITTER.7 \
 man/man7/EVP_RAND-TEST-RAND.7 \
 man/man7/EVP_RAND.7 \
 man/man7/EVP_SIGNATURE-DSA.7 \
--- a/doc/man7/EVP_RAND-JITTER.pod
+++ b/doc/man7/EVP_RAND-JITTER.pod
@ -0,0 +1,87 @@
+=pod
+
+=head1 NAME
+
+EVP_RAND-JITTER - The randomness seed source EVP_RAND implementation
+
+=head1 DESCRIPTION
+
+Support for deterministic random number generator seeding through the
+B<EVP_RAND> API.
+
+The seed source comes from statically linked jitterentropy-library,
+which produces randomness based on tiny CPU "jitter" fluctuations.
+
+=head2 Identity
+
+"JITTER" is the name for this implementation; it can be used with the
+EVP_RAND_fetch() function.
+
+=head2 Supported parameters
+
+The supported parameters are:
+
+=over 4
+
+=item "state" (B<OSSL_RAND_PARAM_STATE>) <integer>
+
+=item "strength" (B<OSSL_RAND_PARAM_STRENGTH>) <unsigned integer>
+
+=item "max_request" (B<OSSL_RAND_PARAM_MAX_REQUEST>) <unsigned integer>
+
+These parameters work as described in L<EVP_RAND(3)/PARAMETERS>.
+
+=back
+
+=head1 NOTES
+
+A context for the seed source can be obtained by calling:
+
+ EVP_RAND *rand = EVP_RAND_fetch(NULL, "JITTER", NULL);
+ EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand, NULL);
+
+=head1 EXAMPLES
+
+ EVP_RAND *rand;
+ EVP_RAND_CTX *seed, *rctx;
+ unsigned char bytes[100];
+ OSSL_PARAM params[2], *p = params;
+ unsigned int strength = 128;
+
+ /* Create and instantiate a seed source */
+ rand = EVP_RAND_fetch(NULL, "JITTER", NULL);
+ seed = EVP_RAND_CTX_new(rand, NULL);
+ EVP_RAND_instantiate(seed, strength, 0, NULL, 0, NULL);
+ EVP_RAND_free(rand);
+
+ /* Feed this into a DRBG */
+ rand = EVP_RAND_fetch(NULL, "CTR-DRBG", NULL);
+ rctx = EVP_RAND_CTX_new(rand, seed);
+ EVP_RAND_free(rand);
+
+ /* Configure the DRBG */
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
+                                         SN_aes_256_ctr, 0);
+ *p = OSSL_PARAM_construct_end();
+ EVP_RAND_instantiate(rctx, strength, 0, NULL, 0, params);
+
+ EVP_RAND_generate(rctx, bytes, sizeof(bytes), strength, 0, NULL, 0);
+
+ EVP_RAND_CTX_free(rctx);
+ EVP_RAND_CTX_free(seed);
+
+=head1 SEE ALSO
+
+L<EVP_RAND(3)>,
+L<EVP_RAND(3)/PARAMETERS>
+
+=head1 COPYRIGHT
+
+Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
--- a/doc/man7/OSSL_PROVIDER-base.pod
+++ b/doc/man7/OSSL_PROVIDER-base.pod
@ -63,10 +63,12 @@ The OpenSSL base provider supports these operations and algorithms:

 =item SEED-SRC,  see L<EVP_RAND-SEED-SRC(7)>

+=item JITTER,  see L<EVP_RAND-JITTER(7)>
+
 =back

-In addition to this provider, the "SEED-SRC" algorithm is also available in the
-default provider.
+In addition to this provider, the "SEED-SRC" and "JITTER" algorithms
+are also available in the default provider.

 =head2 Asymmetric Key Encoder

--- a/doc/man7/OSSL_PROVIDER-default.pod
+++ b/doc/man7/OSSL_PROVIDER-default.pod
@ -279,12 +279,14 @@ The OpenSSL default provider supports these operations and algorithms:

 =item SEED-SRC,  see L<EVP_RAND-SEED-SRC(7)>

+=item JITTER,  see L<EVP_RAND-JITTER(7)>
+
 =item TEST-RAND, see L<EVP_RAND-TEST-RAND(7)>

 =back

-In addition to this provider, the "SEED-SRC" algorithm is also available in the
-base provider.
+In addition to this provider, the "SEED-SRC" and "JITTER" algorithms
+are also available in the base provider.

 =head2 Asymmetric Key Encoder