projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 965a469) | patch
DRBG: restrict the digests that can be used with HMAC and Hash DRBGs.
authorPauli <pauli@openssl.org>
Thu, 16 Mar 2023 03:12:09 +0000 (14:12 +1100)
committerPauli <pauli@openssl.org>
Tue, 28 Mar 2023 22:29:21 +0000 (09:29 +1100)
commit2d574892fee144f2307b5fb9c5b19d3cbe9ad99e
tree27370e1236e2430a87483307caf3d7b6175e8c36tree | snapshot
parent965a469529ab521d6cc4c09b0596e102691d8971commit | diff
DRBG: restrict the digests that can be used with HMAC and Hash DRBGs.

According to FIP 140-3 IG D.R: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf

Outside of FIPS, there remains no restriction other than not allowing
XOF digests.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20521)

(cherry picked from commit f553c0f0dd24f037f31d971a99a1ffe7a11f64e6)
providers/implementations/rands/drbg.c diff | blob | history
providers/implementations/rands/drbg_hash.c diff | blob | history
providers/implementations/rands/drbg_hmac.c diff | blob | history
providers/implementations/rands/drbg_local.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.