diff options
| author | Pauli <ppzgs1@gmail.com> | 2024-09-20 00:58:12 +0200 |
|---|---|---|
| committer | Pauli <ppzgs1@gmail.com> | 2024-10-09 04:53:10 +0200 |
| commit | 61f032cc7b0692abfa608112dcd6d5ff1be2374c (patch) | |
| tree | 61a068a2200d886d74e7db82d3e52cdf09f86def /Configure | |
| parent | jitter: avoid a signed vs unsigned comparison (diff) | |
| download | openssl-61f032cc7b0692abfa608112dcd6d5ff1be2374c.tar.xz openssl-61f032cc7b0692abfa608112dcd6d5ff1be2374c.zip | |
Add configuration option to allow the FIPS provider to use the jitter source internally
Enabling this breaks FIPS compliance unless an entropy assessment and a revalidation
are undertaken.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
Diffstat (limited to 'Configure')
| -rwxr-xr-x | Configure | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -472,6 +472,7 @@ my @disablables = ( "fips", "fips-securitychecks", "fips-post", + "fips-jitter", "fuzz-afl", "fuzz-libfuzzer", "gost", @@ -573,6 +574,7 @@ my %deprecated_disablables = ( our %disabled = ( # "what" => "comment" "fips" => "default", + "fips-jitter" => "default", "asan" => "default", "brotli" => "default", "brotli-dynamic" => "default", @@ -689,7 +691,8 @@ my @disable_cascades = ( "cmp" => [ "crmf" ], - "fips" => [ "fips-securitychecks", "fips-post", "acvp-tests" ], + "fips" => [ "fips-securitychecks", "fips-post", "acvp-tests", + "fips-jitter" ], "threads" => [ "thread-pool" ], "thread-pool" => [ "default-thread-pool" ], @@ -957,6 +960,11 @@ while (@argvcopy) { delete $disabled{"zstd"}; } + elsif ($1 eq "fips-jitter") + { + delete $disabled{"fips"}; + delete $disabled{"jitter"}; + } my $algo = $1; delete $disabled{$algo}; |