openssl/crypto/rand
Dr. Matthias St. Pierre 3a50a8a91a Ignore entropy from RAND_add()/RAND_seed() in FIPS mode
The functions RAND_add() and RAND_seed() provide a legacy API which
enables the application to seed the CSPRNG.

But NIST SP-800-90A clearly mandates that entropy *shall not* be provided
by the consuming application, neither for instantiation, nor for reseeding.

The provided random data will be mixed into the DRBG state as additional
data only, and no entropy will accounted for it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8722)
2019-05-10 07:22:05 +02:00
..
build.info Use vxRandLib for VxWorks7 2019-05-02 23:32:44 +02:00
drbg_ctr.c Reseeding without derivation function is not supported in FIPS mode. 2019-04-11 08:52:22 +10:00
drbg_hash.c Following the license change, modify the boilerplates in crypto/rand/ 2018-12-06 15:14:05 +01:00
drbg_hmac.c Following the license change, modify the boilerplates in crypto/rand/ 2018-12-06 15:14:05 +01:00
drbg_lib.c Ignore entropy from RAND_add()/RAND_seed() in FIPS mode 2019-05-10 07:22:05 +02:00
rand_crng_test.c Squashed commit of the following: 2019-04-30 13:43:19 +10:00
rand_egd.c Following the license change, modify the boilerplates in crypto/rand/ 2018-12-06 15:14:05 +01:00
rand_err.c Reseeding without derivation function is not supported in FIPS mode. 2019-04-11 08:52:22 +10:00
rand_lcl.h Squashed commit of the following: 2019-04-30 13:43:19 +10:00
rand_lib.c Add prediction resistance capability to the DRBG reseeding process. 2019-04-12 18:16:20 +10:00
rand_unix.c Use vxRandLib for VxWorks7 2019-05-02 23:32:44 +02:00
rand_vms.c Clear seed source structures. 2019-03-29 20:11:41 +10:00
rand_vxworks.c Use vxRandLib for VxWorks7 2019-05-02 23:32:44 +02:00
rand_win.c Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT" 2019-04-02 14:49:54 +02:00
randfile.c Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE. 2019-03-29 09:51:24 +00:00