| #
a9483b8a |
| 25-Sep-2023 |
Pauli |
rand: add extra error code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
|
| #
4e6fa801 |
| 16-Jul-2021 |
Pauli |
err: remove the derivation function is mandatory for FIPS error message since it's no longer used and newly introduced
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from ht
err: remove the derivation function is mandatory for FIPS error message since it's no longer used and newly introduced
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16096)
show more ...
|
| #
38fc02a7 |
| 17-Jun-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15801)
|
| #
b93f6c2d |
| 25-May-2021 |
Pauli |
err: rename err_load_xxx_strings_int functions
The new names are ossl_err_load_xxx_strings.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@ope
err: rename err_load_xxx_strings_int functions
The new names are ossl_err_load_xxx_strings.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15446)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
| #
14a6c6a4 |
| 12-Nov-2020 |
Richard Levitte |
ERR: Rebuild all generated error headers and source files
This is the result of 'make errors ERROR_REBUILD=-rebuild'
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from ht
ERR: Rebuild all generated error headers and source files
This is the result of 'make errors ERROR_REBUILD=-rebuild'
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13390)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha8 |
|
| #
08edd447 |
| 30-Oct-2020 |
Pauli |
prov: move the entropy source out of the FIPS provider
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https
prov: move the entropy source out of the FIPS provider
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13226)
show more ...
|
| #
03bede0c |
| 30-Oct-2020 |
Pauli |
rand: move the entropy source out of the FIPS provider
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https
rand: move the entropy source out of the FIPS provider
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13226)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6 |
|
| #
7d615e21 |
| 22-Jul-2020 |
Pauli |
rand_drbg: remove RAND_DRBG.
The RAND_DRBG API did not fit well into the new provider concept as
implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
RAND_DRBG API i
rand_drbg: remove RAND_DRBG.
The RAND_DRBG API did not fit well into the new provider concept as
implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
RAND_DRBG API is a mixture of 'front end' and 'back end' API calls
and some of its API calls are rather low-level. This holds in particular
for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG
type changing mechanism (RAND_DRBG_set()).
Adding a compatibility layer to continue supporting the RAND_DRBG API as
a legacy API for a regular deprecation period turned out to come at the
price of complicating the new provider API unnecessarily. Since the
RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC
to drop it entirely.
Other related changes:
Use RNG instead of DRBG in EVP_RAND documentation. The documentation was
using DRBG in places where it should have been RNG or CSRNG.
Move the RAND_DRBG(7) documentation to EVP_RAND(7).
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12509)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
| #
15dfa092 |
| 30-Apr-2020 |
Pauli |
rand: core APIs for provider friendly random.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
|
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
| #
75ff4f74 |
| 17-Feb-2020 |
Dr. Matthias St. Pierre |
DRBG: delay initialization of DRBG method until instantiation
Previously, the initialization was done immediately in RAND_DRBG_set(),
which is also called in RAND_DRBG_uninstantiate().
DRBG: delay initialization of DRBG method until instantiation
Previously, the initialization was done immediately in RAND_DRBG_set(),
which is also called in RAND_DRBG_uninstantiate().
This made it difficult for the FIPS DRBG self test to verify that the
internal state had been zeroized, because it had the side effect that
the drbg->data structure was reinitialized immediately.
To solve the problem, RAND_DRBG_set() has been split in two parts
static int rand_drbg_set(RAND_DRBG *drbg, int type, unsigned int flags);
static int rand_drbg_init_method(RAND_DRBG *drbg);
and only the first part is called from RAND_DRBG_uninstantiate().
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11111)
show more ...
|
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
| #
0cd1b144 |
| 04-Sep-2019 |
Richard Levitte |
util/mkerr.pl: make it not depend on the function code
The output C code was made to use ERR_func_error_string() to see if a
string table was already loaded or not. Since this function
util/mkerr.pl: make it not depend on the function code
The output C code was made to use ERR_func_error_string() to see if a
string table was already loaded or not. Since this function returns
NULL always, this check became useless.
Change it to use ERR_reason_error_string() instead, as there's no
reason to believe we will get rid of reason strings, ever.
To top it off, we rebuild all affected C sources.
Fixes #9756
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9756)
show more ...
|
| #
cbfa5b03 |
| 11-Jul-2019 |
Rich Salz |
Regenerate mkerr files
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9058)
|
| #
6694e51d |
| 28-Jun-2019 |
Matt Caswell |
Provide rand_bytes_ex and rand_priv_bytes_ex
We provider internal versions of RAND_bytes() and RAND_priv_bytes() which
have the addition of taking an OPENSSL_CTX as a parameter.
Provide rand_bytes_ex and rand_priv_bytes_ex
We provider internal versions of RAND_bytes() and RAND_priv_bytes() which
have the addition of taking an OPENSSL_CTX as a parameter.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)
show more ...
|
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
| #
6c7d80ab |
| 10-Apr-2019 |
Pauli |
Reseeding without derivation function is not supported in FIPS mode.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/
Reseeding without derivation function is not supported in FIPS mode.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8648)
show more ...
|
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
| #
0db63de9 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/rand/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull
Following the license change, modify the boilerplates in crypto/rand/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7811)
show more ...
|
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
| #
3064b551 |
| 09-Oct-2018 |
Dr. Matthias St. Pierre |
DRBG: fix reseeding via RAND_add()/RAND_seed() with large input
In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed()
was implemented by buffering the data in a random
DRBG: fix reseeding via RAND_add()/RAND_seed() with large input
In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed()
was implemented by buffering the data in a random pool where it is
picked up later by the rand_drbg_get_entropy() callback. This buffer
was limited to the size of 4096 bytes.
When a larger input was added via RAND_add() or RAND_seed() to the DRBG,
the reseeding failed, but the error returned by the DRBG was ignored
by the two calling functions, which both don't return an error code.
As a consequence, the data provided by the application was effectively
ignored.
This commit fixes the problem by a more efficient implementation which
does not copy the data in memory and by raising the buffer the size limit
to INT32_MAX (2 gigabytes). This is less than the NIST limit of 2^35 bits
but it was chosen intentionally to avoid platform dependent problems
like integer sizes and/or signed/unsigned conversion.
Additionally, the DRBG is now less permissive on errors: In addition to
pushing a message to the openssl error stack, it enters the error state,
which forces a reinstantiation on next call.
Thanks go to Dr. Falko Strenzke for reporting this issue to the
openssl-security mailing list. After internal discussion the issue
has been categorized as not being security relevant, because the DRBG
reseeds automatically and is fully functional even without additional
randomness provided by the application.
Fixes #7381
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7382)
show more ...
|
|
Revision tags: OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5 |
|
| #
560096f8 |
| 13-Apr-2018 |
Richard Levitte |
make update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5948)
|
| #
fc1d73bb |
| 03-Apr-2018 |
Richard Levitte |
VMS: stricter acquisition of entropy for the pool
Fail harshly (in debug builds) when rand_pool_acquire_entropy isn't
delivering the required amount of entropy. In release builds, this
VMS: stricter acquisition of entropy for the pool
Fail harshly (in debug builds) when rand_pool_acquire_entropy isn't
delivering the required amount of entropy. In release builds, this
produces an error with details.
We also take the opportunity to modernise the types used.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5857)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2 |
|
| #
311276ff |
| 18-Feb-2018 |
Kurt Roeckx |
Return error when trying to use prediction resistance
There is a requirements of having access to a live entropy source
which we can't do with the default callbacks. If you need predicti
Return error when trying to use prediction resistance
There is a requirements of having access to a live entropy source
which we can't do with the default callbacks. If you need prediction
resistance you need to set up your own callbacks that follow the
requirements of NIST SP 800-90C.
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5402
show more ...
|
| #
31393fd9 |
| 15-Mar-2018 |
Dr. Matthias St. Pierre |
RAND_DRBG: add a function for setting the default DRBG type and flags
This commit adds a new api RAND_DRBG_set_defaults() which sets the
default type and flags for new DRBG instances. Se
RAND_DRBG: add a function for setting the default DRBG type and flags
This commit adds a new api RAND_DRBG_set_defaults() which sets the
default type and flags for new DRBG instances. See also #5576.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5632)
show more ...
|
| #
6decf943 |
| 05-Mar-2018 |
Dr. Matthias St. Pierre |
Publish the RAND_DRBG API
Fixes #4403
This commit moves the internal header file "internal/rand.h" to
<openssl/rand_drbg.h>, making the RAND_DRBG API public.
The RAND_POOL A
Publish the RAND_DRBG API
Fixes #4403
This commit moves the internal header file "internal/rand.h" to
<openssl/rand_drbg.h>, making the RAND_DRBG API public.
The RAND_POOL API remains private, its function prototypes were
moved to "internal/rand_int.h" and converted to lowercase.
Documentation for the new API is work in progress on GitHub #5461.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5462)
show more ...
|
| #
35503b7c |
| 04-Mar-2018 |
Kurt Roeckx |
Check the parent DRBG's strength
We currently don't support the algorithm from NIST SP 800-90C
10.1.2 to use a weaker DRBG as source
Reviewed-by: Dr. Matthias St. Pierre <Matthi
Check the parent DRBG's strength
We currently don't support the algorithm from NIST SP 800-90C
10.1.2 to use a weaker DRBG as source
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5506
show more ...
|
| #
812b1537 |
| 15-Feb-2018 |
Dr. Matthias St. Pierre |
DRBG: make locking api truly private
In PR #5295 it was decided that the locking api should remain private
and used only inside libcrypto. However, the locking functions were added
b
DRBG: make locking api truly private
In PR #5295 it was decided that the locking api should remain private
and used only inside libcrypto. However, the locking functions were added
back to `libcrypto.num` by `mkdef.pl`, because the function prototypes
were still listed in `internal/rand.h`. (This header contains functions
which are internal, but shared between libcrypto and libssl.)
This commit moves the prototypes to `rand_lcl.h` and changes the names
to lowercase, following the convention therein. It also corrects an
outdated documenting comment.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5375)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre1 |
|
| #
3ce1c27b |
| 08-Feb-2018 |
Dr. Matthias St. Pierre |
DRBG: add locking api
This commit adds three new accessors to the internal DRBG lock
int RAND_DRBG_lock(RAND_DRBG *drbg)
int RAND_DRBG_unlock(RAND_DRBG *drbg)
int R
DRBG: add locking api
This commit adds three new accessors to the internal DRBG lock
int RAND_DRBG_lock(RAND_DRBG *drbg)
int RAND_DRBG_unlock(RAND_DRBG *drbg)
int RAND_DRBG_enable_locking(RAND_DRBG *drbg)
The three shared DRBGs are intended to be used concurrently, so they
have locking enabled by default. It is the callers responsibility to
guard access to the shared DRBGs by calls to RAND_DRBG_lock() and
RAND_DRBG_unlock().
All other DRBG instances don't have locking enabled by default, because
they are intendended to be used by a single thread. If it is desired,
locking can be enabled by using RAND_DRBG_enable_locking().
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5294)
show more ...
|
| #
48e5119a |
| 19-Jan-2018 |
Richard Levitte |
Copyright update of more files that have changed this year
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5110)
|
