diff options
author | Pauli <pauli@openssl.org> | 2023-09-05 10:16:49 +1000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-09-27 17:22:54 +0100 |
commit | fffa78c2fd01accd97c9229018d4c380f7a20335 (patch) | |
tree | 2978f3f7b0bbf550f9824ec247cb3e01f723e1ef /include | |
parent | 54e60d2a05f86e947dface08e5c20b831be17bf8 (diff) |
fips selftest: avoid relying on a real RNG for self tests
Rather than instantiate the private and primary DRBGs during the
selftest, instead use a test RNG. This leaves the DRBG setup
pristine and permits later replacement of the seed source despite
the very early running power up self tests.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/rand.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/crypto/rand.h b/include/crypto/rand.h index 758aeed4af..7345bf625f 100644 --- a/include/crypto/rand.h +++ b/include/crypto/rand.h @@ -125,4 +125,8 @@ void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, size_t ossl_pool_acquire_entropy(RAND_POOL *pool); int ossl_pool_add_nonce_data(RAND_POOL *pool); +# ifdef FIPS_MODULE +EVP_RAND_CTX *ossl_rand_get0_private_noncreating(OSSL_LIB_CTX *ctx); +# endif + #endif |