diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/RAND_add.pod | 6 | ||||
| -rw-r--r-- | doc/man7/RAND_DRBG.pod | 7 |
2 files changed, 13 insertions, 0 deletions
diff --git a/doc/man3/RAND_add.pod b/doc/man3/RAND_add.pod index ed7824db7f..192cfd6187 100644 --- a/doc/man3/RAND_add.pod +++ b/doc/man3/RAND_add.pod @@ -55,6 +55,11 @@ The content of B<buf> cannot be recovered from subsequent random generator outpu Applications that intend to save and restore random state in an external file should consider using L<RAND_load_file(3)> instead. +NOTE: In FIPS mode, random data provided by the application is not considered to +be a trusted entropy source. It is mixed into the internal state of the RNG as +additional data only and this does not count as a full reseed. +For more details, see L<RAND_DRBG(7)>. + RAND_seed() is equivalent to RAND_add() with B<randomness> set to B<num>. RAND_keep_random_devices_open() is used to control file descriptor @@ -86,6 +91,7 @@ L<RAND_bytes(3)>, L<RAND_egd(3)>, L<RAND_load_file(3)>, L<RAND(7)> +L<RAND_DRBG(7)> =head1 HISTORY diff --git a/doc/man7/RAND_DRBG.pod b/doc/man7/RAND_DRBG.pod index 48d4ace09c..621f6ded5a 100644 --- a/doc/man7/RAND_DRBG.pod +++ b/doc/man7/RAND_DRBG.pod @@ -264,6 +264,13 @@ from the trusted entropy sources. =back +NOTE: Manual reseeding is *not allowed* in FIPS mode, because +NIST SP-800-90A mandates that entropy *shall not* be provided by the +consuming application, neither for instantiation, nor for reseeding. +[NIST SP 800-90Ar1, Sections 9.1 and 9.2]. For that reason the B<randomness> +argument is ignored and the random bytes provided by the L<RAND_add(3)> and +L<RAND_seed(3)> calls are treated as additional data. + =head2 Reseeding the master DRBG with automatic seeding disabled Calling RAND_poll() will always fail. |