URL:
https://github.com/SSSD/sssd/pull/838
Title: #838: FIPS140 compliant usage of PRNG
alexey-tikhonov commented:
"""
This is exactly the case with `sss_generate_csprng_buffer()`
function, which might be used in security relevant functionality, thus it fails if
`RAND_bytes()` fails.
But `sss_rand()` is not used in security relevant functionality. Hence, I just do not see
a reason to fail instead of fallback to `rand()`.
But I agree it might be good idea to put comments regarding usage restriction in the
header.
Done.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/838#issuecomment-507275540