mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 03:54:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

add news and changes entries for the internal jitter source in FIPS

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
This commit is contained in:
Pauli 2024-09-20 09:00:02 +10:00
parent fc5fb3c925
commit ed524da19a
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGES.md
View File

@ -30,7 +30,13 @@ OpenSSL 3.4
### Changes between 3.4 and 3.5 [xx XXX xxxx]
* none yet
* Optionally allow the FIPS provider to use the `JITTER` entropy source.
Note that using this option will require the resulting FIPS provider
to undergo entropy source validation [ESV] by the [CMVP], without this
the FIPS provider will not be FIPS compliant. Enable this using the
configuration option `enable-fips-jitter`.
*Paul Dale*
OpenSSL 3.4
-----------
@ -21062,3 +21068,5 @@ ndif
[CVE-2002-0657]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0657
[CVE-2002-0656]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0656
[CVE-2002-0655]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0655
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations

11
NEWS.md
View File

@ -37,7 +37,13 @@ changes:
This release adds the following new features:
* none yet
* Allow the FIPS provider to optionally use the `JITTER` seed source.
Because this seed source is not part of the OpenSSL FIPS validations,
it should only be enabled after the [jitterentropy-library] has been
assessed for entropy quality. Moreover, the FIPS provider including
this entropy source will need to obtain an [ESV] from the [CMVP] before
FIPS compliance can be claimed. Enable this using the configuration
option `enable-fips-jitter`.
OpenSSL 3.4
-----------
@ -2007,3 +2013,6 @@ OpenSSL 0.9.x
[CHANGES.md]: ./CHANGES.md
[README-QUIC.md]: ./README-QUIC.md
[issue tracker]: https://github.com/openssl/openssl/issues
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
[jitterentropy-library]: https://github.com/smuellerDD/jitterentropy-library