]> granicus.if.org Git - openssl/commit
Ignore entropy from RAND_add()/RAND_seed() in FIPS mode
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Wed, 10 Apr 2019 22:06:37 +0000 (00:06 +0200)
committerDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Fri, 10 May 2019 05:22:05 +0000 (07:22 +0200)
commit3a50a8a91ad10e406544d16247957a17a5d5beac
tree65f9d74a00149f4d7b0e63792aa889d50c8cc2db
parentc5f7a99645aa1718e226e6d867efcd5cabcbd610
Ignore entropy from RAND_add()/RAND_seed() in FIPS mode

The functions RAND_add() and RAND_seed() provide a legacy API which
enables the application to seed the CSPRNG.

But NIST SP-800-90A clearly mandates that entropy *shall not* be provided
by the consuming application, neither for instantiation, nor for reseeding.

The provided random data will be mixed into the DRBG state as additional
data only, and no entropy will accounted for it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8722)
crypto/rand/drbg_lib.c
doc/man3/RAND_add.pod
doc/man7/RAND_DRBG.pod
test/drbgtest.c