projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 83ccf81) | patch
DRBG: restrict the digests that can be used with HMAC and Hash DRBGs.
authorPauli <pauli@openssl.org>
Thu, 16 Mar 2023 03:12:09 +0000 (14:12 +1100)
committerPauli <pauli@openssl.org>
Tue, 28 Mar 2023 22:25:19 +0000 (09:25 +1100)
commitf553c0f0dd24f037f31d971a99a1ffe7a11f64e6
tree1bbc151f1e2e9f56177a7999c65f99b63adee8e7tree | snapshot
parent83ccf81b1dd8886d54c570354ef8c532af4c514fcommit | diff
DRBG: restrict the digests that can be used with HMAC and Hash DRBGs.

According to FIP 140-3 IG D.R: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf

Outside of FIPS, there remains no restriction other than not allowing
XOF digests.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20521)
providers/implementations/rands/drbg.c diff | blob | history
providers/implementations/rands/drbg_hash.c diff | blob | history
providers/implementations/rands/drbg_hmac.c diff | blob | history
providers/implementations/rands/drbg_local.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.