提交 · a35f607c9f9112c649b367d05639394fc1c30771 · OpenHarmony / Third Party Openssl

07 8月, 2017 1 次提交

由 Rich Salz 提交于 8月 06, 2017

Use atfork to count child forks, and reseed DRBG when the counts don't
match.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4101)

a35f607c

03 8月, 2017 3 次提交

Add RAND_priv_bytes() for private keys · ddc6a5c8

由 Rich Salz 提交于 8月 02, 2017

Add a new global DRBG for private keys used by RAND_priv_bytes.

Add BN_priv_rand() and BN_priv_rand_range() which use RAND_priv_bytes().
Change callers to use the appropriate BN_priv... function.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4076)

ddc6a5c8

Add a DRBG to each SSL object · ae3947de

由 Rich Salz 提交于 8月 03, 2017

Give each SSL object it's own DRBG, chained to the parent global
DRBG which is used only as a source of randomness into the per-SSL
DRBG.  This is used for all session, ticket, and pre-master secret keys.
It is NOT used for ECDH key generation which use only the global
DRBG. (Doing that without changing the API is tricky, if not impossible.)
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4050)

ae3947de

Switch from ossl_rand to DRBG rand · 75e2c877

由 Rich Salz 提交于 8月 03, 2017

If RAND_add wraps around, XOR with existing. Add test to drbgtest that
does the wrap-around.

Re-order seeding and stop after first success.

Add RAND_poll_ex()

Use the DF and therefore lower RANDOMNESS_NEEDED.  Also, for child DRBG's,
mix in the address as the personalization bits.

Centralize the entropy callbacks, from drbg_lib to rand_lib.
(Conceptually, entropy is part of the enclosing application.)
Thanks to Dr. Matthias St Pierre for the suggestion.

Various code cleanups:
    -Make state an enum; inline RANDerr calls.
    -Add RAND_POLL_RETRIES (thanks Pauli for the idea)
    -Remove most RAND_seed calls from rest of library
    -Rename DRBG_CTX to RAND_DRBG, etc.
    -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the
     implementation of NIST DRBG.
    -Remove blocklength
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4019)

75e2c877

20 7月, 2017 1 次提交

Add range-checking to RAND_DRBG_set_reseed_interval · 4c75ee85

由 Rich Salz 提交于 7月 19, 2017

As suggested by Kurt.
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3970)

4c75ee85

19 7月, 2017 1 次提交

Add DRBG random method · 12fb8c3d

由 Rich Salz 提交于 6月 27, 2017

Ported from the last FIPS release, with DUAL_EC and SHA1 and the
self-tests removed.  Since only AES-CTR is supported, other code
simplifications were done.  Removed the "entropy blocklen" concept.

Moved internal functions to new include/internal/rand.h.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3789)

12fb8c3d

OpenHarmony / Third Party Openssl 9 个月 前同步成功

OpenHarmony / Third Party Openssl
9 个月前同步成功