1 // Copyright 2024 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4 5 // Package entropy provides the passive entropy source for the FIPS 140-3
6 // module. It is only used in FIPS mode by [crypto/internal/fips140/drbg.Read].
7 //
8 // This complies with IG 9.3.A, Additional Comment 12, which until January 1,
9 // 2026 allows new modules to meet an [earlier version] of Resolution 2(b):
10 // "A software module that contains an approved DRBG that receives a LOAD
11 // command (or its logical equivalent) with entropy obtained from [...] inside
12 // the physical perimeter of the operational environment of the module [...]."
13 //
14 // Distributions that have their own SP 800-90B entropy source should replace
15 // this package with their own implementation.
16 //
17 // [earlier version]: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/IG%209.3.A%20Resolution%202b%5BMarch%2026%202024%5D.pdf
18 package entropy
19 20 import "crypto/internal/sysrand"
21 22 // Depleted notifies the entropy source that the entropy in the module is
23 // "depleted" and provides the callback for the LOAD command.
24 func Depleted(LOAD func(*[48]byte)) {
25 var entropy [48]byte
26 sysrand.Read(entropy[:])
27 LOAD(&entropy)
28 }
29