[openssl] master update

Dr. Paul Dale pauli at openssl.org
Sun May 12 07:02:20 UTC 2019


The branch master has been updated
       via  ffa9bff8a2024bc8e6322be2cbff7d17fb8d828d (commit)
      from  3a50a8a91ad10e406544d16247957a17a5d5beac (commit)


- Log -----------------------------------------------------------------
commit ffa9bff8a2024bc8e6322be2cbff7d17fb8d828d
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Sun May 12 17:01:55 2019 +1000

    Ignore entropy from RAND_add()/RAND_seed() in FIPS mode [fixup]
    
    Small correction to RAND_DRBG(7) (amends 3a50a8a91ad1)
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/8909)

-----------------------------------------------------------------------

Summary of changes:
 doc/man7/RAND_DRBG.pod | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/man7/RAND_DRBG.pod b/doc/man7/RAND_DRBG.pod
index 621f6de..c51b8cb 100644
--- a/doc/man7/RAND_DRBG.pod
+++ b/doc/man7/RAND_DRBG.pod
@@ -265,9 +265,9 @@ from the trusted entropy sources.
 =back
 
 NOTE: Manual reseeding is *not allowed* in FIPS mode, because
-NIST SP-800-90A mandates that entropy *shall not* be provided by the
-consuming application, neither for instantiation, nor for reseeding.
-[NIST SP 800-90Ar1, Sections 9.1 and 9.2]. For that reason the B<randomness>
+[NIST SP-800-90Ar1] mandates that entropy *shall not* be provided by
+the consuming application for instantiation (Section 9.1) or
+reseeding (Section 9.2). For that reason, the B<randomness>
 argument is ignored and the random bytes provided by the L<RAND_add(3)> and
 L<RAND_seed(3)> calls are treated as additional data.
 


More information about the openssl-commits mailing list