#
eaf08794 |
| 28-Sep-2023 |
Pauli |
Coverity 1545174: calling risky function Remove the call to rand() and replace with an xor-shift RNG. There are no security implications to worry about here. This RNG is used during
Coverity 1545174: calling risky function Remove the call to rand() and replace with an xor-shift RNG. There are no security implications to worry about here. This RNG is used during testing only. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22211)
show more ...
|
#
fffa78c2 |
| 05-Sep-2023 |
Pauli |
fips selftest: avoid relying on a real RNG for self tests Rather than instantiate the private and primary DRBGs during the selftest, instead use a test RNG. This leaves the DRBG setup
fips selftest: avoid relying on a real RNG for self tests Rather than instantiate the private and primary DRBGs during the selftest, instead use a test RNG. This leaves the DRBG setup pristine and permits later replacement of the seed source despite the very early running power up self tests. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21964)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
1e6bd31e |
| 19-Apr-2023 |
Irak Rigia |
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20745)
show more ...
|
#
d4dfd983 |
| 25-Oct-2021 |
Pauli |
test-rand: return failure on not enough data, allow parent The test-rand RNG was returning success when it had some but insufficient data. Now, it returns failure and doesn't advance the
test-rand: return failure on not enough data, allow parent The test-rand RNG was returning success when it had some but insufficient data. Now, it returns failure and doesn't advance the data pointer. The test-rand RNG was failing when a parent was specified. This case is now ignored. Fixes #16785 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16905)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
20b8dc6f |
| 10-Mar-2021 |
Pauli |
update set_ctx_param DRBG calls to return 1 for a NULL params Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14383)
|
#
b98d550d |
| 26-Feb-2021 |
Pauli |
prov: update rand implementations to have a params argument for the instantiate call Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/p
prov: update rand implementations to have a params argument for the instantiate call Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
show more ...
|
#
a3f091fd |
| 22-Feb-2021 |
Pauli |
prov: update RNGs to support modified gettable/settable CTX params Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14240)
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
Revision tags: OpenSSL_1_1_1j |
|
#
e2730b84 |
| 12-Feb-2021 |
Pauli |
RNG test: add get_entropy hook for testing. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14162)
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
15f54941 |
| 04-Nov-2020 |
Pauli |
test RNG: set state to uninitialised as part of uninstantiate call. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merg
test RNG: set state to uninitialised as part of uninstantiate call. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
show more ...
|
#
1f50630a |
| 02-Nov-2020 |
Pauli |
disassociate test RNG from the DRBGs Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/open
disassociate test RNG from the DRBGs Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
show more ...
|
#
08edd447 |
| 30-Oct-2020 |
Pauli |
prov: move the entropy source out of the FIPS provider Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https
prov: move the entropy source out of the FIPS provider Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
show more ...
|
#
b24d6c33 |
| 16-Nov-2020 |
Pauli |
Rename internal drbg_ functions so they have an ossl_ prefix. These functions are: drbg_enable_locking(), drbg_get_ctx_params(), drbg_lock(), drbg_set_ctx_params() and drbg_unlock().
Rename internal drbg_ functions so they have an ossl_ prefix. These functions are: drbg_enable_locking(), drbg_get_ctx_params(), drbg_lock(), drbg_set_ctx_params() and drbg_unlock(). Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13417)
show more ...
|
#
1dc188ba |
| 16-Nov-2020 |
Pauli |
Provide side RNG functions renamed to have an ossl_ prefix. These are: prov_crngt_cleanup_entropy(), prov_crngt_get_entropy(), prov_pool_acquire_entropy(), prov_pool_add_nonce_data(),
Provide side RNG functions renamed to have an ossl_ prefix. These are: prov_crngt_cleanup_entropy(), prov_crngt_get_entropy(), prov_pool_acquire_entropy(), prov_pool_add_nonce_data(), prov_rand_drbg_free() and prov_rand_drbg_new(). Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13417)
show more ...
|
Revision tags: openssl-3.0.0-alpha7 |
|
#
7d6766cb |
| 28-Sep-2020 |
Pauli |
prov: prefix provider internal functions with ossl_ Also convert the names to lower case. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/open
prov: prefix provider internal functions with ossl_ Also convert the names to lower case. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13014)
show more ...
|
#
1be63951 |
| 28-Sep-2020 |
Pauli |
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levit
prov: prefix all OSSL_DISPATCH tables names with ossl_ This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
b0614f0a |
| 13-Sep-2020 |
Dr. Matthias St. Pierre |
drbg: revert renamings of the generate and reseed counter The original names were more intuitive: the generate_counter counts the number of generate requests, and the reseed_counter coun
drbg: revert renamings of the generate and reseed counter The original names were more intuitive: the generate_counter counts the number of generate requests, and the reseed_counter counts the number of reseedings (of the principal DRBG). reseed_gen_counter -> generate_counter reseed_prop_counter -> reseed_counter This is the anologue to commit 8380f453ec81 on the 1.1.1 stable branch. The only difference is that the second renaming has already been reverted on the master branch. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12941)
show more ...
|
#
1017ab21 |
| 07-Aug-2020 |
Pauli |
provider: add the unused paramater tag to the gettable and settable functions Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12603)
|
#
82a7b2fb |
| 07-Aug-2020 |
Dr. Matthias St. Pierre |
rand: fix typo in parameter name Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from ht
rand: fix typo in parameter name Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/12608)
show more ...
|
Revision tags: openssl-3.0.0-alpha6 |
|
#
af5e1e85 |
| 05-Aug-2020 |
Pauli |
gettables: provider changes to pass the provider context. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12581)
|
Revision tags: openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
#
363b1e5d |
| 20-Jun-2020 |
Dr. Matthias St. Pierre |
Make the naming scheme for dispatched functions more consistent The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all functions which are dispatched between the core a
Make the naming scheme for dispatched functions more consistent The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all functions which are dispatched between the core and providers. This change includes in particular all up- and downcalls, i.e., the dispatched functions passed from core to provider and vice versa. - OSSL_core_ -> OSSL_FUNC_core_ - OSSL_provider_ -> OSSL_FUNC_core_ For operations and their function dispatch tables, the following convention is used: Type | Name (evp_generic_fetch(3)) | ---------------------|-----------------------------------| operation | OSSL_OP_FOO | function id | OSSL_FUNC_FOO_FUNCTION_NAME | function "name" | OSSL_FUNC_foo_function_name | function typedef | OSSL_FUNC_foo_function_name_fn | function ptr getter | OSSL_FUNC_foo_function_name | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12222)
show more ...
|
Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
f000e828 |
| 08-May-2020 |
Pauli |
CTR, HASH and HMAC DRBGs in provider Move the three different DRBGs to the provider. As part of the move, the DRBG specific data was pulled out of a common structure and into th
CTR, HASH and HMAC DRBGs in provider Move the three different DRBGs to the provider. As part of the move, the DRBG specific data was pulled out of a common structure and into their own structures. Only these smaller structures are securely allocated. This saves quite a bit of secure memory: +-------------------------------+ | DRBG | Bytes | Secure | +--------------+-------+--------+ | HASH | 376 | 512 | | HMAC | 168 | 256 | | CTR | 176 | 256 | | Common (new) | 320 | 0 | | Common (old) | 592 | 1024 | +--------------+-------+--------+ Bytes is the structure size on the X86/64. Secure is the number of bytes of secure memory used (power of two allocator). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
show more ...
|
#
f3a25707 |
| 08-May-2020 |
Pauli |
test: add a test RNG. The test RNG can provide pre-canned entropy and nonces for testing other algorithms. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (M
test: add a test RNG. The test RNG can provide pre-canned entropy and nonces for testing other algorithms. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
show more ...
|