fips selftest: avoid relying on a real RNG for self tests

Rather than instantiate the private and primary DRBGs during the selftest, instead use a test RNG. This leaves the DRBG setup pristine and permits later replacement of the seed source despite the very early running power up self tests. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)
author: Pauli <pauli@openssl.org> 2023-09-05 10:16:49 +1000
committer: Matt Caswell <matt@openssl.org> 2023-09-27 17:22:54 +0100
commit: fffa78c2fd01accd97c9229018d4c380f7a20335 (patch)
tree: 2978f3f7b0bbf550f9824ec247cb3e01f723e1ef /include
parent: 54e60d2a05f86e947dface08e5c20b831be17bf8 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/include/crypto/rand.h b/include/crypto/rand.h
index 758aeed4af..7345bf625f 100644
--- a/include/crypto/rand.h
+++ b/include/crypto/rand.h
@@ -125,4 +125,8 @@ void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle,
 size_t ossl_pool_acquire_entropy(RAND_POOL *pool);
 int ossl_pool_add_nonce_data(RAND_POOL *pool);
 
+# ifdef FIPS_MODULE
+EVP_RAND_CTX *ossl_rand_get0_private_noncreating(OSSL_LIB_CTX *ctx);
+# endif
+
 #endif
author	Pauli <pauli@openssl.org>	2023-09-05 10:16:49 +1000
committer	Matt Caswell <matt@openssl.org>	2023-09-27 17:22:54 +0100
commit	fffa78c2fd01accd97c9229018d4c380f7a20335 (patch)
tree	2978f3f7b0bbf550f9824ec247cb3e01f723e1ef /include
parent	54e60d2a05f86e947dface08e5c20b831be17bf8 (diff)