Commit ffa9bff8 authored by Dr. Matthias St. Pierre's avatar Dr. Matthias St. Pierre Committed by Pauli
Browse files

Ignore entropy from RAND_add()/RAND_seed() in FIPS mode [fixup] 



Small correction to RAND_DRBG(7) (amends 3a50a8a9)

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8909)
parent 3a50a8a9

doc/man7/RAND_DRBG.pod

+3 −3
Original line number Diff line number Diff line
@@ -265,9 +265,9 @@ from the trusted entropy sources. 
=back



NOTE: Manual reseeding is *not allowed* in FIPS mode, because

NIST SP-800-90A mandates that entropy *shall not* be provided by the

consuming application, neither for instantiation, nor for reseeding.

[NIST SP 800-90Ar1, Sections 9.1 and 9.2]. For that reason the B<randomness>

[NIST SP-800-90Ar1] mandates that entropy *shall not* be provided by

the consuming application for instantiation (Section 9.1) or

reseeding (Section 9.2). For that reason, the B<randomness>

argument is ignored and the random bytes provided by the L<RAND_add(3)> and

L<RAND_seed(3)> calls are treated as additional data.