aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/rand/build.info
Commit message (Collapse)AuthorAgeFilesLines
* rand: implement an unbiased random integer from a rangePauli2023-11-011-1/+2
| | | | | | | | | | | | | | | Refer: https://github.com/apple/swift/pull/39143 for a description of the algorithm. It is optimal in the sense of having: * no divisions * minimal number of blocks of random bits from the generator Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22499)
* Elimination of some sources not needed in the FIPS_MODULETomas Mraz2021-06-071-1/+1
| | | | | | | | | | Unfortunately in terms of fips.sources this does not mean much given the way how the .h files are added via the dependency information from the compiler. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15622)
* RAND_METHOD deprecation: code changesPauli2021-02-231-2/+4
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13652)
* rand: move the entropy source out of the FIPS providerPauli2020-11-201-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
* rand_drbg: remove RAND_DRBG.Pauli2020-08-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509)
* evp_rand: documentationPauli2020-06-241-1/+1
| | | | | | | EVP_RAND, the RNGs and provider-rand. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
* CTR, HASH and HMAC DRBGs in providerPauli2020-06-241-9/+3
| | | | | | | | | | | | | | | | | | | | | | | | Move the three different DRBGs to the provider. As part of the move, the DRBG specific data was pulled out of a common structure and into their own structures. Only these smaller structures are securely allocated. This saves quite a bit of secure memory: +-------------------------------+ | DRBG | Bytes | Secure | +--------------+-------+--------+ | HASH | 376 | 512 | | HMAC | 168 | 256 | | CTR | 176 | 256 | | Common (new) | 320 | 0 | | Common (old) | 592 | 1024 | +--------------+-------+--------+ Bytes is the structure size on the X86/64. Secure is the number of bytes of secure memory used (power of two allocator). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
* CRNGT: continuous DRBG tests for providersPauli2020-06-241-6/+8
| | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
* Put sys-specific files in build.infoRich Salz2020-04-161-2/+8
| | | | | | | | | | | Don't wrap whole files in if[n]def, test in build.info if they should be compiled. rand_win isn't done as there are multiple ways to say "this is windows." Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11263)
* Use build.info, not ifdef for crypto modulesRich Salz2020-04-161-1/+4
| | | | | | | | | | | Don't wrap conditionally-compiled files in global ifndef tests. Instead, test if the feature is disabled and, if so, do not compile it. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11263)
* Rework how our providers are builtRichard Levitte2019-10-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We put almost everything in these internal static libraries: libcommon Block building code that can be used by all our implementations, legacy and non-legacy alike. libimplementations All non-legacy algorithm implementations and only them. All the code that ends up here is agnostic to the definitions of FIPS_MODE. liblegacy All legacy implementations. libnonfips Support code for the algorithm implementations. Built with FIPS_MODE undefined. Any code that checks that FIPS_MODE isn't defined must end up in this library. libfips Support code for the algorithm implementations. Built with FIPS_MODE defined. Any code that checks that FIPS_MODE is defined must end up in this library. The FIPS provider module is built from providers/fips/*.c and linked with libimplementations, libcommon and libfips. The Legacy provider module is built from providers/legacy/*.c and linked with liblegacy, libcommon and libcrypto. If module building is disabled, the object files from liblegacy and libcommon are added to libcrypto and the Legacy provider becomes a built-in provider. The Default provider module is built-in, so it ends up being linked with libimplementations, libcommon and libnonfips. For libcrypto in form of static library, the object files from those other libraries are simply being added to libcrypto. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
* Make the RAND code available from inside the FIPS moduleMatt Caswell2019-06-281-4/+6
| | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9035)
* Use vxRandLib for VxWorks7Klotz, Tobias2019-05-021-2/+1
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/8023)
* Add the FIPS related continuous random number generator (CRNG) testing.Pauli2019-03-291-1/+1
| | | | | | | | | | | | Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details. The check is fairly simplistic, being for the entropy sources to not feed the DRBG the same block of seed material twice in a row. Only the first DRBG in a chain is subject to this check, latter DRBGs are assumed to be safely seeded via the earlier DRBGs. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8599)
* Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for ↵Shane Lontis2018-09-281-1/+3
| | | | | | | | master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6779)
* crypto/rand: rename drbg_rand.c to drbg_ctr.cDr. Matthias St. Pierre2018-01-041-1/+1
| | | | | | | | | | | | | | | | | | | | | The generic part of the FIPS DRBG was implemented in fips_drbg_lib.c and the algorithm specific parts in fips_drbg_<alg>.c for <alg> in {ctr, hash, hmac}. Additionally, there was the module fips_drbg_rand.c which contained 'gluing' code between the RAND_METHOD api and the FIPS DRBG. When the FIPS code was ported to master in #4019, for some reason the ctr-drbg implementation from fips_drbg_ctr.c ended up in drbg_rand.c instead of drbg_ctr.c. This commit renames the module drbg_rand.c back to drbg_ctr.c, thereby restoring a simple relationship between the original fips modules and the drbg modules in master: fips_drbg_lib.c => drbg_lib.c /* generic part of implementation */ fips_drbg_<alg>.c => drbg_<alg>.c /* algorithm specific implementations */ Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4998)
* Switch from ossl_rand to DRBG randRich Salz2017-08-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If RAND_add wraps around, XOR with existing. Add test to drbgtest that does the wrap-around. Re-order seeding and stop after first success. Add RAND_poll_ex() Use the DF and therefore lower RANDOMNESS_NEEDED. Also, for child DRBG's, mix in the address as the personalization bits. Centralize the entropy callbacks, from drbg_lib to rand_lib. (Conceptually, entropy is part of the enclosing application.) Thanks to Dr. Matthias St Pierre for the suggestion. Various code cleanups: -Make state an enum; inline RANDerr calls. -Add RAND_POLL_RETRIES (thanks Pauli for the idea) -Remove most RAND_seed calls from rest of library -Rename DRBG_CTX to RAND_DRBG, etc. -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the implementation of NIST DRBG. -Remove blocklength Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4019)
* Add DRBG random methodRich Salz2017-07-191-1/+1
| | | | | | | | | | | Ported from the last FIPS release, with DUAL_EC and SHA1 and the self-tests removed. Since only AES-CTR is supported, other code simplifications were done. Removed the "entropy blocklen" concept. Moved internal functions to new include/internal/rand.h. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3789)
* Start to overhaul RAND APIRich Salz2017-07-151-1/+1
| | | | | | | | | | | | | | | | | Remove unused rand_hw_xor, MD/EVP indirection Make rand_pseudo same as rand. Cleanup formatting and ifdef control Rename some things: - rand_meth to openssl_rand_meth; make it global - source file - lock/init functions, start per-thread state - ossl_meth_init to ossl_rand_init Put state into RAND_STATE structure And put OSSL_RAND_STATE into ossl_typ.h Use "randomness" instead of "entropy" Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3758)
* Remove Netware and OS/2Rich Salz2016-03-171-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* unified build scheme: add a "unified" template for VMS descrip.mmsRichard Levitte2016-02-101-1/+1
| | | | | | | | | | | | | | | | | | | As part of this, change util/mkdef.pl to stop adding libraries to depend on in its output. mkdef.pl should ONLY output a symbol vector. Because symbol names can't be longer than 31 characters, we use the compiler to shorten those that are longer down to 23 characters plus an 8 character CRC. To make sure users of our header files will pick up on that automatically, add the DEC C supported extra headers files __decc_include_prologue.h and __decc_include_epilogue.h. Furthermore, we add a config.com, so VMS people can configure just as comfortably as any Unix folks, thusly: @config Reviewed-by: Rich Salz <rsalz@openssl.org>
* unified build scheme: add build.info filesRichard Levitte2016-02-011-0/+4
Now that we have the foundation for the "unified" build scheme in place, we add build.info files. They have been generated from the Makefiles in the same directories. Things that are platform specific will appear in later commits. Reviewed-by: Andy Polyakov <appro@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 09:28:14 +0000