Ignore entropy from RAND_add()/RAND_seed() in FIPS mode [fixup]

author Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Sun, 12 May 2019 07:01:55 +0000 (17:01 +1000)

committer Pauli <paul.dale@oracle.com>

Sun, 12 May 2019 07:01:55 +0000 (17:01 +1000)
author Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Sun, 12 May 2019 07:01:55 +0000 (17:01 +1000)
committer Pauli <paul.dale@oracle.com>
Sun, 12 May 2019 07:01:55 +0000 (17:01 +1000)
diff --git a/doc/man7/RAND_DRBG.pod b/doc/man7/RAND_DRBG.pod

index 621f6ded5a34a515948db7738bd8a9b526420117..c51b8cb238c7d80bfe798f65ba2951718f5c1f96 100644 (file)
--- a/doc/man7/RAND_DRBG.pod
+++ b/doc/man7/RAND_DRBG.pod
@@ -265,9 +265,9 @@ from the trusted entropy sources.
  =back
  
  NOTE: Manual reseeding is *not allowed* in FIPS mode, because
-NIST SP-800-90A mandates that entropy *shall not* be provided by the
-consuming application, neither for instantiation, nor for reseeding.
-[NIST SP 800-90Ar1, Sections 9.1 and 9.2]. For that reason the B<randomness>
+[NIST SP-800-90Ar1] mandates that entropy *shall not* be provided by
+the consuming application for instantiation (Section 9.1) or
+reseeding (Section 9.2). For that reason, the B<randomness>
  argument is ignored and the random bytes provided by the L<RAND_add(3)> and
  L<RAND_seed(3)> calls are treated as additional data.
author	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
	Sun, 12 May 2019 07:01:55 +0000 (17:01 +1000)
committer	Pauli <paul.dale@oracle.com>
	Sun, 12 May 2019 07:01:55 +0000 (17:01 +1000)