1. 19 4月, 2018 3 次提交
  2. 18 4月, 2018 11 次提交
  3. 17 4月, 2018 16 次提交
  4. 16 4月, 2018 3 次提交
  5. 15 4月, 2018 4 次提交
  6. 14 4月, 2018 3 次提交
    • M
      openssl#5668: corrections after compiling with -qinfo=all:als. · d47eb76c
      Matthias Kraft 提交于
      The ongoing discussion about casting or not in PR #5626 had me compiling
      again with above mentioned flags. Indeed the compiler had to say something
      about it and I did these changes to silence it again.
      Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5943)
      d47eb76c
    • R
      make update · 560096f8
      Richard Levitte 提交于
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5948)
      560096f8
    • D
      DRBG: implement a get_nonce() callback · 5bc6bcf8
      Dr. Matthias St. Pierre 提交于
      Fixes #5849
      
      In pull request #5503 a fallback was added which adds a random nonce of
      security_strength/2 bits if no nonce callback is provided. This change raised
      the entropy requirements form 256 to 384 bit, which can cause problems on some
      platforms (e.g. VMS, see issue #5849).
      
      The requirements for the nonce are given in section 8.6.7 of NIST SP 800-90Ar1:
      
        A nonce may be required in the construction of a seed during instantiation
        in order to provide a security cushion to block certain attacks.
        The nonce shall be either:
      
        a) A value with at least (security_strength/2) bits of entropy, or
      
        b) A value that is expected to repeat no more often than a
           (security_strength/2)-bit random string would be expected to repeat.
      
        Each nonce shall be unique to the cryptographic module in which instantiation
        is performed, but need not be secret. When used, the nonce shall be considered
        to be a critical security parameter.
      
      This commit implements a nonce of type b) in order to lower the entropy
      requirements during instantiation back to 256 bits.
      
      The formulation "shall be unique to the cryptographic module" above implies
      that the nonce needs to be unique among (with high probability) among all
      DRBG instances in "space" and "time". We try to achieve this goal by creating a
      nonce of the following form
      
          nonce = app-specific-data || high-resolution-utc-timestamp || counter
      
      Where || denotes concatenation. The application specific data can be something
      like the process or group id of the application. A utc timestamp is used because
      it increases monotonically, provided the system time is synchronized. This approach
      may not be perfect yet for a FIPS evaluation, but it should be good enough for the
      moment.
      
      This commit also harmonizes the implementation of the get_nonce() and the
      get_additional_data() callbacks and moves the platform specific parts from
      rand_lib.c into rand_unix.c, rand_win.c, and rand_vms.c.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5920)
      5bc6bcf8