diff options
author | Pauli <pauli@openssl.org> | 2023-09-05 10:16:49 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-10-03 18:54:03 +1100 |
commit | bc347a35d025b989abfeb8ef556f895cb1ee9381 (patch) | |
tree | bed1fe9df817b292be9d7f71de913c8eecb9f957 /include | |
parent | 3b804c513d8d586ba8df064ee7893c10f0a0759c (diff) |
fips selftest: avoid relying on a real RNG for self tests
Rather than instantiate the private and primary DRBGs during the
selftest, instead use a test RNG. This leaves the DRBG setup
pristine and permits later replacement of the seed source despite
the very early running power up self tests.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22210)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/rand.h | 4 | ||||
-rw-r--r-- | include/openssl/core_names.h | 1 |
2 files changed, 5 insertions, 0 deletions
diff --git a/include/crypto/rand.h b/include/crypto/rand.h index 6a71a339c8..3b6ccecc06 100644 --- a/include/crypto/rand.h +++ b/include/crypto/rand.h @@ -125,4 +125,8 @@ void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, size_t ossl_pool_acquire_entropy(RAND_POOL *pool); int ossl_pool_add_nonce_data(RAND_POOL *pool); +# ifdef FIPS_MODULE +EVP_RAND_CTX *ossl_rand_get0_private_noncreating(OSSL_LIB_CTX *ctx); +# endif + #endif diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 5e3c132f5b..0a6ec1bbba 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -248,6 +248,7 @@ extern "C" { #define OSSL_RAND_PARAM_MAX_REQUEST "max_request" #define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy" #define OSSL_RAND_PARAM_TEST_NONCE "test_nonce" +#define OSSL_RAND_PARAM_GENERATE "generate" /* RAND/DRBG names */ #define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests" |