mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
1c90d36ab1
openssl/include
History
Pauli 6f20c6804e fips: continuous random bit generator tests 
For FIPS 140-3 the continuous tests specified in SP 800-90B need to be
included on the output of any entropy source.

They are implemented here as a replacement for the primary DRBG in the FIPS
provider.  This results in a setup that looks like this:

               +-------------+
               |             |
               | Seed Source |
               |             |
               +------+------+
                      |
                      |
                      v
               +-------------+
               |             |
               |  CRNG Test  |
               |             |
               ++----------+-+
                |          |
                |          |
                v          v
    +--------------+     +--------------+
    |              |     |              |
    | Public DRBG  |     | Private DRBG |
    |              |     |              |
    +--------------+     +--------------+

An additional benefit, that of avoiding DRBG chains, is also gained.
The current standards do not permit the output of one DRBG to be used
as the input for a second (i.e. a chain).

This also leaves open the future possibility of incorporating a seed
source inside the FIPS boundary.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25415)
2024-09-19 08:44:14 +10:00
..
crypto feat: add ossl_serial_number_print 2024-09-16 22:56:02 +02:00
internal fips: continuous random bit generator tests 2024-09-19 08:44:14 +10:00
openssl Add failed entropy continuous test error 2024-09-19 08:43:58 +10:00