Ensure array length assumption agree

aws · Oct 13, 2023 · fa3e14b · fa3e14b
1 parent 8772d19
commit fa3e14b
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/crypto/fipsmodule/rand/rand.c b/crypto/fipsmodule/rand/rand.c
@@ -316,6 +316,12 @@ static int rdrand(uint8_t *buf, size_t len) {
 #if defined(BORINGSSL_FIPS)
 
 #if defined(FIPS_ENTROPY_SOURCE_PASSIVE)
+
+// Currently, we assume that the length of externally loaded entropy has the
+// same length as the seed used in the ctr-drbg.
+OPENSSL_STATIC_ASSERT(CTR_DRBG_ENTROPY_LEN == PASSIVE_ENTROPY_LOAD_LENGTH,
+  passive_entropy_load_length_different_from_ctr_drbg_seed_length)
+
 void RAND_load_entropy(uint8_t out_entropy[CTR_DRBG_ENTROPY_LEN],
                        uint8_t entropy[PASSIVE_ENTROPY_LOAD_LENGTH]) {
   OPENSSL_memcpy(out_entropy, entropy, CTR_DRBG_ENTROPY_LEN);