mirror of
https://github.com/XTLS/REALITY.git
synced 2025-08-23 06:58:39 +00:00
3833e8e2cb
In the process, replace out-of-module imports with their FIPS versions. For #69536 Change-Id: I83e900b7c38ecf760382e5dca7fd0b1eaa5a5589 Reviewed-on: https://go-review.googlesource.com/c/go/+/626879 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Russ Cox <rsc@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Michael Knyszek <mknyszek@google.com>
29 lines
1.3 KiB
Go
29 lines
1.3 KiB
Go
// Copyright 2024 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// Package entropy provides the passive entropy source for the FIPS 140-3
|
|
// module. It is only used in FIPS mode by [crypto/internal/fips140/drbg.Read].
|
|
//
|
|
// This complies with IG 9.3.A, Additional Comment 12, which until January 1,
|
|
// 2026 allows new modules to meet an [earlier version] of Resolution 2(b):
|
|
// "A software module that contains an approved DRBG that receives a LOAD
|
|
// command (or its logical equivalent) with entropy obtained from [...] inside
|
|
// the physical perimeter of the operational environment of the module [...]."
|
|
//
|
|
// Distributions that have their own SP 800-90B entropy source should replace
|
|
// this package with their own implementation.
|
|
//
|
|
// [earlier version]: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/IG%209.3.A%20Resolution%202b%5BMarch%2026%202024%5D.pdf
|
|
package entropy
|
|
|
|
// "github.com/xtls/reality/sysrand"
|
|
import "crypto/rand"
|
|
|
|
// Depleted notifies the entropy source that the entropy in the module is
|
|
// "depleted" and provides the callback for the LOAD command.
|
|
func Depleted(LOAD func(*[48]byte)) {
|
|
var entropy [48]byte
|
|
rand.Read(entropy[:])
|
|
LOAD(&entropy)
|
|
} |