From 61f032cc7b0692abfa608112dcd6d5ff1be2374c Mon Sep 17 00:00:00 2001 From: Pauli Date: Fri, 20 Sep 2024 08:58:12 +1000 Subject: Add configuration option to allow the FIPS provider to use the jitter source internally Enabling this breaks FIPS compliance unless an entropy assessment and a revalidation are undertaken. Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/25498) --- Configure | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'Configure') diff --git a/Configure b/Configure index fff97bd6fc..2b41c4f69f 100755 --- a/Configure +++ b/Configure @@ -472,6 +472,7 @@ my @disablables = ( "fips", "fips-securitychecks", "fips-post", + "fips-jitter", "fuzz-afl", "fuzz-libfuzzer", "gost", @@ -573,6 +574,7 @@ my %deprecated_disablables = ( our %disabled = ( # "what" => "comment" "fips" => "default", + "fips-jitter" => "default", "asan" => "default", "brotli" => "default", "brotli-dynamic" => "default", @@ -689,7 +691,8 @@ my @disable_cascades = ( "cmp" => [ "crmf" ], - "fips" => [ "fips-securitychecks", "fips-post", "acvp-tests" ], + "fips" => [ "fips-securitychecks", "fips-post", "acvp-tests", + "fips-jitter" ], "threads" => [ "thread-pool" ], "thread-pool" => [ "default-thread-pool" ], @@ -957,6 +960,11 @@ while (@argvcopy) { delete $disabled{"zstd"}; } + elsif ($1 eq "fips-jitter") + { + delete $disabled{"fips"}; + delete $disabled{"jitter"}; + } my $algo = $1; delete $disabled{$algo}; -- cgit v1.2.3