With fips-jitter build time option, jitter can be inside FIPS
boundary.
Calls to jent_read_entropy() can return permanent failures for
Repetitive Count Test (RTC), Adaptive Proportion Test (APT), LAG
prediction test.
Ensure the module enters error state upon permanent jitter failures.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25957)
#include <openssl/err.h>
#include <openssl/randerr.h>
#include <openssl/proverr.h>
+#include <openssl/self_test.h>
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
#include "crypto/rand.h"
#include "crypto/rand_pool.h"
/*
* Permanent Failure
- * https://github.com/smuellerDD/jitterentropy-library/issues/118
+ * https://github.com/smuellerDD/jitterentropy-library/blob/master/doc/jitterentropy.3#L234
*/
- if (result < -5)
+ if (result < -5) {
+ ossl_set_error_state(OSSL_SELF_TEST_TYPE_CRNG);
break;
+ }
/* Success */
if (result >= 0 && (size_t)result == len)
projects / thirdparty / openssl.git / commitdiff
