- 04 1月, 2018 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
The DRGB concept described in NIST SP 800-90A provides for having different algorithms to generate random output. In fact, the FIPS object module used to implement three of them, CTR DRBG, HASH DRBG and HMAC DRBG. When the FIPS code was ported to master in #4019, two of the three algorithms were dropped, and together with those the entire code that made RAND_DRBG generic was removed, since only one concrete implementation was left. This commit restores the original generic implementation of the DRBG, making it possible again to add additional implementations using different algorithms (like RAND_DRBG_CHACHA20) in the future. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4998)
-
- 18 12月, 2017 2 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Every DRBG now supports automatic reseeding not only after a given number of generate requests, but also after a specified time interval. Signed-off-by: NDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4402)
-
由 Dr. Matthias St. Pierre 提交于
A third shared DRBG is added, the so called master DRBG. Its sole purpose is to reseed the two other shared DRBGs, the public and the private DRBG. The randomness for the master DRBG is either pulled from the os entropy sources, or added by the application using the RAND_add() call. The master DRBG reseeds itself automatically after a given number of generate requests, but can also be reseeded using RAND_seed() or RAND_add(). A reseeding of the master DRBG is automatically propagated to the public and private DRBG. This construction fixes the problem, that up to now the randomness provided by RAND_add() was added only to the public and not to the private DRBG. Signed-off-by: NDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4402)
-
- 18 10月, 2017 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Reseeding is handled very differently by the classic RAND_METHOD API and the new RAND_DRBG api. These differences led to some problems when the new RAND_DRBG was made the default OpenSSL RNG. In particular, RAND_add() did not work as expected anymore. These issues are discussed on the thread '[openssl-dev] Plea for a new public OpenSSL RNG API' and in Pull Request #4328. This commit fixes the mentioned issues, introducing the following changes: - Replace the fixed size RAND_BYTES_BUFFER by a new RAND_POOL API which facilitates collecting entropy by the get_entropy() callback. - Don't use RAND_poll()/RAND_add() for collecting entropy from the get_entropy() callback anymore. Instead, replace RAND_poll() by RAND_POOL_acquire_entropy(). - Add a new function rand_drbg_restart() which tries to get the DRBG in an instantiated state by all means, regardless of the current state (uninstantiated, error, ...) the DRBG is in. If the caller provides entropy or additional input, it will be used for reseeding. - Restore the original documented behaviour of RAND_add() and RAND_poll() (namely to reseed the DRBG immediately) by a new implementation based on rand_drbg_restart(). - Add automatic error recovery from temporary failures of the entropy source to RAND_DRBG_generate() using the rand_drbg_restart() function. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4328)
-
- 28 8月, 2017 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Unlike the NIST DRBG standard, entropy counts are in bits and buffer lengths are in bytes. This has lead to some confusion and errors in the past, see my comment on PR 3789. To clarify the destinction between entropy counts and buffer lengths, a 'len' suffix has been added to all member names of RAND_DRBG which represent buffer lengths: - {min,max}_{entropy,adin,nonce,pers} + {min,max}_{entropy,adin,nonce,pers}len This change makes naming also more consistent, as can be seen in the diffs, for example: - else if (adinlen > drbg->max_adin) { + else if (adinlen > drbg->max_adinlen) { Also replaced all 'ent's by 'entropy's, following a suggestion of Paul Dale. Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4266)
-
- 22 8月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4217)
-
- 18 8月, 2017 1 次提交
-
-
由 Pauli 提交于
Apart from ssltest_old.c, the test suite relied on e_os.h for the OSSL_NELEM macro and nothing else. The ssltest_old.c also requires EXIT and some socket macros. Create a new header to define the OSSL_NELEM macro and use that instead. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4186)
-
- 16 8月, 2017 1 次提交
-
-
由 FdaSilvaYY 提交于
to halves MSVC warnings. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4172)
-
- 03 8月, 2017 1 次提交
-
-
由 Rich Salz 提交于
If RAND_add wraps around, XOR with existing. Add test to drbgtest that does the wrap-around. Re-order seeding and stop after first success. Add RAND_poll_ex() Use the DF and therefore lower RANDOMNESS_NEEDED. Also, for child DRBG's, mix in the address as the personalization bits. Centralize the entropy callbacks, from drbg_lib to rand_lib. (Conceptually, entropy is part of the enclosing application.) Thanks to Dr. Matthias St Pierre for the suggestion. Various code cleanups: -Make state an enum; inline RANDerr calls. -Add RAND_POLL_RETRIES (thanks Pauli for the idea) -Remove most RAND_seed calls from rest of library -Rename DRBG_CTX to RAND_DRBG, etc. -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the implementation of NIST DRBG. -Remove blocklength Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4019)
-
- 27 7月, 2017 1 次提交
-
-
由 Pauli 提交于
that needed test_main now works using the same infrastructure as tests that used register_tests. This meant: * renaming register_tests to setup_tests and giving it a success/failure return. * renaming the init_test function to setup_test_framework. * renaming the finish_test function to pulldown_test_framework. * adding a user provided global_init function that runs before the test frame work is initialised. It returns a failure indication that stops the stest. * adding helper functions that permit tests to access their command line args. * spliting the BIO initialisation and finalisation out from the test setup and teardown. * hiding some of the now test internal functions. * fix the comments in testutil.h Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3953)
-
- 21 7月, 2017 1 次提交
-
-
由 Benjamin Kaduk 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3971)
-
- 19 7月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Ported from the last FIPS release, with DUAL_EC and SHA1 and the self-tests removed. Since only AES-CTR is supported, other code simplifications were done. Removed the "entropy blocklen" concept. Moved internal functions to new include/internal/rand.h. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3789)
-