git.ipfire.org Git - thirdparty/openssl.git/commit

author	Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
	Sat, 9 Nov 2024 21:32:48 +0000 (21:32 +0000)
committer	Neil Horman <nhorman@openssl.org>
	Tue, 25 Feb 2025 19:45:57 +0000 (14:45 -0500)
commit	aa5f1b4cf562d7f0b65ae7ef93179ebc1102fbeb
tree	13597ba43120268cfb66ae5f0cd6ae9f52eb72c6	tree
parent	395a83a617a09c1ae02e8040386f9acb356d13c1	commit \| diff

fips-jitter: Force use jitter entropy in the FIPS 3.0.9 provider callback

FIPS 3.0.9 provider does not honor runtime seed configuration, thus if
one desires to use JITTER entropy source with FIPS 3.0.9 provider
something like this needs to be applied to the core (libcrypto) build.

Not sure if this is at all suitable for upstream.

With fips-jitter (3.5+) config, also ensure that core<->provider
callback for entropy uses jitter entropy source, rather than os seed
(getrandom syscall).

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25930)

crypto/provider_core.c		diff \| blob \| blame \| history
providers/implementations/rands/seed_src_jitter.c		diff \| blob \| blame \| history