1. 23 7月, 2019 1 次提交
  2. 17 10月, 2018 1 次提交
    • D
      DRBG: fix reseeding via RAND_add()/RAND_seed() with large input · dbf0a496
      Dr. Matthias St. Pierre 提交于
      In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed()
      was implemented by buffering the data in a random pool where it is
      picked up later by the rand_drbg_get_entropy() callback. This buffer
      was limited to the size of 4096 bytes.
      
      When a larger input was added via RAND_add() or RAND_seed() to the DRBG,
      the reseeding failed, but the error returned by the DRBG was ignored
      by the two calling functions, which both don't return an error code.
      As a consequence, the data provided by the application was effectively
      ignored.
      
      This commit fixes the problem by a more efficient implementation which
      does not copy the data in memory and by raising the buffer the size limit
      to INT32_MAX (2 gigabytes). This is less than the NIST limit of 2^35 bits
      but it was chosen intentionally to avoid platform dependent problems
      like integer sizes and/or signed/unsigned conversion.
      
      Additionally, the DRBG is now less permissive on errors: In addition to
      pushing a message to the openssl error stack, it enters the error state,
      which forces a reinstantiation on next call.
      
      Thanks go to Dr. Falko Strenzke for reporting this issue to the
      openssl-security mailing list. After internal discussion the issue
      has been categorized as not being security relevant, because the DRBG
      reseeds automatically and is fully functional even without additional
      randomness provided by the application.
      
      Fixes #7381
      Reviewed-by: NPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7382)
      
      (cherry picked from commit 3064b55134434a0b2850f07eff57120f35bb269a)
      dbf0a496
  3. 14 4月, 2018 1 次提交
  4. 04 4月, 2018 1 次提交
  5. 17 3月, 2018 2 次提交
  6. 16 3月, 2018 1 次提交
  7. 07 3月, 2018 1 次提交
  8. 15 2月, 2018 1 次提交
    • D
      DRBG: make locking api truly private · 812b1537
      Dr. Matthias St. Pierre 提交于
      In PR #5295 it was decided that the locking api should remain private
      and used only inside libcrypto. However, the locking functions were added
      back to `libcrypto.num` by `mkdef.pl`, because the function prototypes
      were still listed in `internal/rand.h`. (This header contains functions
      which are internal, but shared between libcrypto and libssl.)
      
      This commit moves the prototypes to `rand_lcl.h` and changes the names
      to lowercase, following the convention therein. It also corrects an
      outdated documenting comment.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5375)
      812b1537
  9. 14 2月, 2018 1 次提交
    • D
      DRBG: add locking api · 3ce1c27b
      Dr. Matthias St. Pierre 提交于
      This commit adds three new accessors to the internal DRBG lock
      
         int RAND_DRBG_lock(RAND_DRBG *drbg)
         int RAND_DRBG_unlock(RAND_DRBG *drbg)
         int RAND_DRBG_enable_locking(RAND_DRBG *drbg)
      
      The three shared DRBGs are intended to be used concurrently, so they
      have locking enabled by default. It is the callers responsibility to
      guard access to the shared DRBGs by calls to RAND_DRBG_lock() and
      RAND_DRBG_unlock().
      
      All other DRBG instances don't have locking enabled by default, because
      they are intendended to be used by a single thread. If it is desired,
      locking can be enabled by using RAND_DRBG_enable_locking().
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5294)
      3ce1c27b
  10. 19 1月, 2018 1 次提交
  11. 04 1月, 2018 1 次提交
    • D
      crypto/rand: restore the generic DRBG implementation · 8212d505
      Dr. Matthias St. Pierre 提交于
      The DRGB concept described in NIST SP 800-90A provides for having different
      algorithms to generate random output. In fact, the FIPS object module used to
      implement three of them, CTR DRBG, HASH DRBG and HMAC DRBG.
      
      When the FIPS code was ported to master in #4019, two of the three algorithms
      were dropped, and together with those the entire code that made RAND_DRBG
      generic was removed, since only one concrete implementation was left.
      
      This commit restores the original generic implementation of the DRBG, making it
      possible again to add additional implementations using different algorithms
      (like RAND_DRBG_CHACHA20) in the future.
      Reviewed-by: NPaul Dale <paul.dale@oracle.com>
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4998)
      8212d505
  12. 18 10月, 2017 1 次提交
    • D
      Fix reseeding issues of the public RAND_DRBG · c16de9d8
      Dr. Matthias St. Pierre 提交于
      Reseeding is handled very differently by the classic RAND_METHOD API
      and the new RAND_DRBG api. These differences led to some problems when
      the new RAND_DRBG was made the default OpenSSL RNG. In particular,
      RAND_add() did not work as expected anymore. These issues are discussed
      on the thread '[openssl-dev] Plea for a new public OpenSSL RNG API'
      and in Pull Request #4328. This commit fixes the mentioned issues,
      introducing the following changes:
      
      - Replace the fixed size RAND_BYTES_BUFFER by a new RAND_POOL API which
        facilitates collecting entropy by the get_entropy() callback.
      - Don't use RAND_poll()/RAND_add() for collecting entropy from the
        get_entropy() callback anymore. Instead, replace RAND_poll() by
        RAND_POOL_acquire_entropy().
      - Add a new function rand_drbg_restart() which tries to get the DRBG
        in an instantiated state by all means, regardless of the current
        state (uninstantiated, error, ...) the DRBG is in. If the caller
        provides entropy or additional input, it will be used for reseeding.
      - Restore the original documented behaviour of RAND_add() and RAND_poll()
        (namely to reseed the DRBG immediately) by a new implementation based
        on rand_drbg_restart().
      - Add automatic error recovery from temporary failures of the entropy
        source to RAND_DRBG_generate() using the rand_drbg_restart() function.
      Reviewed-by: NPaul Dale <paul.dale@oracle.com>
      Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      Reviewed-by: NBen Kaduk <kaduk@mit.edu>
      (Merged from https://github.com/openssl/openssl/pull/4328)
      c16de9d8
  13. 19 7月, 2017 1 次提交
  14. 07 7月, 2017 1 次提交
  15. 20 6月, 2017 1 次提交
  16. 08 6月, 2017 1 次提交
    • R
      make error tables const and separate header file · 52df25cf
      Rich Salz 提交于
      Run perltidy on util/mkerr
      Change some mkerr flags, write some doc comments
      Make generated tables "const" when genearting lib-internal ones.
      Add "state" file for mkerr
      Renerate error tables and headers
      Rationalize declaration of ERR_load_XXX_strings
      Fix out-of-tree build
      Add -static; sort flags/vars for options.
      Also tweak code output
      Moved engines/afalg to engines (from master)
      Use -static flag
      Standard engine #include's of errors
      Don't linewrap err string tables unless necessary
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/3392)
      52df25cf
  17. 21 7月, 2016 1 次提交
  18. 24 5月, 2016 1 次提交
  19. 18 5月, 2016 1 次提交
  20. 27 1月, 2016 1 次提交
    • R
      Remove /* foo.c */ comments · 34980760
      Rich Salz 提交于
      This was done by the following
              find . -name '*.[ch]' | /tmp/pl
      where /tmp/pl is the following three-line script:
              print unless $. == 1 && m@/\* .*\.[ch] \*/@;
              close ARGV if eof; # Close file to reset $.
      
      And then some hand-editing of other files.
      Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      34980760
  21. 31 10月, 2015 1 次提交
  22. 22 1月, 2015 1 次提交
  23. 05 4月, 2011 1 次提交
  24. 26 1月, 2011 1 次提交
  25. 22 11月, 2006 1 次提交
  26. 13 4月, 2005 1 次提交
  27. 30 4月, 2001 1 次提交
  28. 20 2月, 2001 1 次提交
    • R
      Make all configuration macros available for application by making · cf1b7d96
      Richard Levitte 提交于
      sure they are available in opensslconf.h, by giving them names starting
      with "OPENSSL_" to avoid conflicts with other packages and by making
      sure e_os2.h will cover all platform-specific cases together with
      opensslconf.h.
      
      I've checked fairly well that nothing breaks with this (apart from
      external software that will adapt if they have used something like
      NO_KRB5), but I can't guarantee it completely, so a review of this
      change would be a good thing.
      cf1b7d96
  29. 05 3月, 2000 2 次提交
  30. 20 1月, 2000 1 次提交
  31. 14 1月, 2000 1 次提交
  32. 25 4月, 1999 1 次提交
  33. 24 4月, 1999 2 次提交
  34. 20 4月, 1999 1 次提交
  35. 27 2月, 1999 1 次提交
  36. 21 12月, 1998 2 次提交