#
f8c510cd |
| 12-Jul-2024 |
Dimitri John Ledkov |
JITTER: implement error handling from jitter library Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/op
JITTER: implement error handling from jitter library Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24844)
show more ...
|
#
b28b3128 |
| 10-Jul-2024 |
Dimitri John Ledkov |
jitter: add a new provider containing a jitter entropy source alone This entropy source can be used instead of SEED-SRC. Sample openssl.cnf configuration is provided. It is built as a se
jitter: add a new provider containing a jitter entropy source alone This entropy source can be used instead of SEED-SRC. Sample openssl.cnf configuration is provided. It is built as a separate provider, because it is likely to require less frequent updates than fips provider. The same build likely can span multiple generations of FIPS 140 standard revisions. Note that rand-instances currently chain from public/private instances to primary, prior to consuming the seed. Thus currently a unique ESV needs to be obtained, and resue of jitterentropy.a certificate is not possible as is. Separately a patch will be sent to allow for unchaining public/private RAND instances for the purpose of reusing ESV. Also I do wonder if it makes sense to create a fips variant of stock SEED-SRC entropy source, which in addition to using getrandom() also verifies that the kernel is operating in FIPS mode and thus is likely a validated entropy source. As in on Linux, check that /proc/sys/crypto/fips_enabled is set to 1, and similar checks on Windows / MacOS and so on. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24844)
show more ...
|
#
da7db83c |
| 25-Oct-2022 |
Pauli |
rand: remove the ossl_rand_pool_add_additional_data() function. This function isn't called from anywhere and cannot easily be used by the current RNG infrastructure. Reviewed-by
rand: remove the ossl_rand_pool_add_additional_data() function. This function isn't called from anywhere and cannot easily be used by the current RNG infrastructure. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/19493)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
#
3c2bdd7d |
| 08-Apr-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14801)
|
Revision tags: OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
1335ca4b |
| 08-Mar-2021 |
Shane Lontis |
Add ossl_rand symbols Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
08edd447 |
| 30-Oct-2020 |
Pauli |
prov: move the entropy source out of the FIPS provider Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https
prov: move the entropy source out of the FIPS provider Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
show more ...
|
#
1dc188ba |
| 16-Nov-2020 |
Pauli |
Provide side RNG functions renamed to have an ossl_ prefix. These are: prov_crngt_cleanup_entropy(), prov_crngt_get_entropy(), prov_pool_acquire_entropy(), prov_pool_add_nonce_data(),
Provide side RNG functions renamed to have an ossl_ prefix. These are: prov_crngt_cleanup_entropy(), prov_crngt_get_entropy(), prov_pool_acquire_entropy(), prov_pool_add_nonce_data(), prov_rand_drbg_free() and prov_rand_drbg_new(). Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13417)
show more ...
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
bcdea3ba |
| 12-May-2020 |
Pauli |
share rand_pool between libcrypto and providers Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
|