diff options
| author | Pauli <ppzgs1@gmail.com> | 2024-09-05 02:24:07 +0200 |
|---|---|---|
| committer | Pauli <ppzgs1@gmail.com> | 2024-09-19 00:44:14 +0200 |
| commit | 6f20c6804e639230a2228810be0f682d452743e0 (patch) | |
| tree | 62f7f0aa03be08ef768dc1b3eb9b5a27e807f434 /include | |
| parent | rand: remove unused field in DRBG structure (diff) | |
| download | openssl-6f20c6804e639230a2228810be0f682d452743e0.tar.xz openssl-6f20c6804e639230a2228810be0f682d452743e0.zip | |
fips: continuous random bit generator tests
For FIPS 140-3 the continuous tests specified in SP 800-90B need to be
included on the output of any entropy source.
They are implemented here as a replacement for the primary DRBG in the FIPS
provider. This results in a setup that looks like this:
+-------------+
| |
| Seed Source |
| |
+------+------+
|
|
v
+-------------+
| |
| CRNG Test |
| |
++----------+-+
| |
| |
v v
+--------------+ +--------------+
| | | |
| Public DRBG | | Private DRBG |
| | | |
+--------------+ +--------------+
An additional benefit, that of avoiding DRBG chains, is also gained.
The current standards do not permit the output of one DRBG to be used
as the input for a second (i.e. a chain).
This also leaves open the future possibility of incorporating a seed
source inside the FIPS boundary.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25415)
Diffstat (limited to 'include')
| -rw-r--r-- | include/internal/cryptlib.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 6b90b729e3..3227f9fcf9 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -100,7 +100,7 @@ typedef struct ossl_ex_data_global_st { # define OSSL_LIB_CTX_NAMEMAP_INDEX 4 # define OSSL_LIB_CTX_DRBG_INDEX 5 # define OSSL_LIB_CTX_DRBG_NONCE_INDEX 6 -# define OSSL_LIB_CTX_RAND_CRNGT_INDEX 7 +/* slot 7 unused, was CRNG test data and can be reused */ # ifdef FIPS_MODULE # define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX 8 # endif |