diff options
| author | Pauli <ppzgs1@gmail.com> | 2024-09-20 00:59:40 +0200 |
|---|---|---|
| committer | Pauli <ppzgs1@gmail.com> | 2024-10-09 04:53:10 +0200 |
| commit | fc5fb3c925258eb85c8802ea965ec4a5d389775c (patch) | |
| tree | dde09ea71d01fae2ccc691d0b4f53abc8a72b26e /README-FIPS.md | |
| parent | jitter: support an internal jitter entropy source in the FIPS provider (diff) | |
| download | openssl-fc5fb3c925258eb85c8802ea965ec4a5d389775c.tar.xz openssl-fc5fb3c925258eb85c8802ea965ec4a5d389775c.zip | |
fips: mention the internal jitter source in the FIPS README
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
Diffstat (limited to 'README-FIPS.md')
| -rw-r--r-- | README-FIPS.md | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/README-FIPS.md b/README-FIPS.md index d8ca3c482d..c15cbad67c 100644 --- a/README-FIPS.md +++ b/README-FIPS.md @@ -167,6 +167,22 @@ manual page. [fips_module(7)]: https://www.openssl.org/docs/manmaster/man7/fips_module.html +Entropy Source +============== + +The FIPS provider typically relies on an external entropy source, +specified during OpenSSL build configuration (default: `os`). However, by +enabling the `enable-fips-jitter` option during configuration, an internal +jitter entropy source will be used instead. Note that this will cause +the FIPS provider to operate in a non-compliant mode unless an entropy +assessment [ESV] and validation through the [CMVP] are additionally conducted. + +Note that the `enable-fips-jitter` option is only available in OpenSSL +versions 3.5 and later. + + [CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program + [ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations + 3rd-Party Vendor Builds ===================================== |