mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

fips: mention the internal jitter source in the FIPS README

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
This commit is contained in:
Pauli 2024-09-20 08:59:40 +10:00
parent 3a01d5d65b
commit fc5fb3c925
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README-FIPS.md
View File

@ -167,6 +167,22 @@ manual page.
[fips_module(7)]: https://www.openssl.org/docs/manmaster/man7/fips_module.html [fips_module(7)]: https://www.openssl.org/docs/manmaster/man7/fips_module.html
Entropy Source
==============
The FIPS provider typically relies on an external entropy source,
specified during OpenSSL build configuration (default: `os`). However, by
enabling the `enable-fips-jitter` option during configuration, an internal
jitter entropy source will be used instead. Note that this will cause
the FIPS provider to operate in a non-compliant mode unless an entropy
assessment [ESV] and validation through the [CMVP] are additionally conducted.
Note that the `enable-fips-jitter` option is only available in OpenSSL
versions 3.5 and later.
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
3rd-Party Vendor Builds 3rd-Party Vendor Builds
===================================== =====================================