diff options
author | Rich Salz <rsalz@openssl.org> | 2017-08-03 09:23:28 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-08-03 09:23:28 -0400 |
commit | 75e2c877650444fb829547bdb58d46eb1297bc1a (patch) | |
tree | 67ad6280bccdca4ae95cc269b1994ea4c1557aa7 /util | |
parent | 67dc995eaf538ea309c6292a1a5073465201f55b (diff) | |
download | openssl-75e2c877650444fb829547bdb58d46eb1297bc1a.tar.gz |
Switch from ossl_rand to DRBG rand
If RAND_add wraps around, XOR with existing. Add test to drbgtest that
does the wrap-around.
Re-order seeding and stop after first success.
Add RAND_poll_ex()
Use the DF and therefore lower RANDOMNESS_NEEDED. Also, for child DRBG's,
mix in the address as the personalization bits.
Centralize the entropy callbacks, from drbg_lib to rand_lib.
(Conceptually, entropy is part of the enclosing application.)
Thanks to Dr. Matthias St Pierre for the suggestion.
Various code cleanups:
-Make state an enum; inline RANDerr calls.
-Add RAND_POLL_RETRIES (thanks Pauli for the idea)
-Remove most RAND_seed calls from rest of library
-Rename DRBG_CTX to RAND_DRBG, etc.
-Move some code from drbg_lib to drbg_rand; drbg_lib is now only the
implementation of NIST DRBG.
-Remove blocklength
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4019)
Diffstat (limited to 'util')
-rw-r--r-- | util/libcrypto.num | 3 | ||||
-rw-r--r-- | util/private.num | 1 |
2 files changed, 2 insertions, 2 deletions
diff --git a/util/libcrypto.num b/util/libcrypto.num index 170745917e..023b64908d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4345,10 +4345,8 @@ OSSL_STORE_LOADER_get0_engine 4287 1_1_1 EXIST::FUNCTION: OPENSSL_fork_prepare 4288 1_1_1 EXIST:UNIX:FUNCTION: OPENSSL_fork_parent 4289 1_1_1 EXIST:UNIX:FUNCTION: OPENSSL_fork_child 4290 1_1_1 EXIST:UNIX:FUNCTION: -RAND_drbg 4291 1_1_1 EXIST::FUNCTION: RAND_DRBG_instantiate 4292 1_1_1 EXIST::FUNCTION: RAND_DRBG_uninstantiate 4293 1_1_1 EXIST::FUNCTION: -RAND_DRBG_get_default 4294 1_1_1 EXIST::FUNCTION: RAND_DRBG_set 4295 1_1_1 EXIST::FUNCTION: RAND_DRBG_set_callbacks 4296 1_1_1 EXIST::FUNCTION: RAND_DRBG_new 4297 1_1_1 EXIST::FUNCTION: @@ -4373,3 +4371,4 @@ SCRYPT_PARAMS_it 4314 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION: CRYPTO_secure_clear_free 4315 1_1_0g EXIST::FUNCTION: EVP_PKEY_meth_get0 4316 1_1_1 EXIST::FUNCTION: EVP_PKEY_meth_get_count 4317 1_1_1 EXIST::FUNCTION: +RAND_poll_ex 4318 1_1_1 EXIST::FUNCTION: diff --git a/util/private.num b/util/private.num index a586a9bb1d..a25f47a59c 100644 --- a/util/private.num +++ b/util/private.num @@ -32,6 +32,7 @@ OSSL_STORE_error_fn datatype OSSL_STORE_load_fn datatype OSSL_STORE_open_fn datatype OSSL_STORE_post_process_info_fn datatype +RAND_poll_fn datatype SSL_CTX_keylog_cb_func datatype SSL_early_cb_fn datatype SSL_psk_client_cb_func datatype |