Source file src/crypto/internal/entropy/entropy.go
1 // Copyright 2024 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package entropy provides the passive entropy source for the FIPS 140-3 6 // module. It is only used in FIPS mode by [crypto/internal/fips140/drbg.Read]. 7 // 8 // This complies with IG 9.3.A, Additional Comment 12, which until January 1, 9 // 2026 allows new modules to meet an [earlier version] of Resolution 2(b): 10 // "A software module that contains an approved DRBG that receives a LOAD 11 // command (or its logical equivalent) with entropy obtained from [...] inside 12 // the physical perimeter of the operational environment of the module [...]." 13 // 14 // Distributions that have their own SP 800-90B entropy source should replace 15 // this package with their own implementation. 16 // 17 // [earlier version]: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/IG%209.3.A%20Resolution%202b%5BMarch%2026%202024%5D.pdf 18 package entropy 19 20 import "crypto/internal/sysrand" 21 22 // Depleted notifies the entropy source that the entropy in the module is 23 // "depleted" and provides the callback for the LOAD command. 24 func Depleted(LOAD func(*[48]byte)) { 25 var entropy [48]byte 26 sysrand.Read(entropy[:]) 27 LOAD(&entropy) 28 } 29