mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-24 13:55:42 +08:00
Code Issues Packages Projects Releases Wiki Activity
fe6fcd3154
openssl/crypto/include/internal
History
Dr. Matthias St. Pierre c16de9d832 Fix reseeding issues of the public RAND_DRBG 
Reseeding is handled very differently by the classic RAND_METHOD API
and the new RAND_DRBG api. These differences led to some problems when
the new RAND_DRBG was made the default OpenSSL RNG. In particular,
RAND_add() did not work as expected anymore. These issues are discussed
on the thread '[openssl-dev] Plea for a new public OpenSSL RNG API'
and in Pull Request #4328. This commit fixes the mentioned issues,
introducing the following changes:

- Replace the fixed size RAND_BYTES_BUFFER by a new RAND_POOL API which
  facilitates collecting entropy by the get_entropy() callback.
- Don't use RAND_poll()/RAND_add() for collecting entropy from the
  get_entropy() callback anymore. Instead, replace RAND_poll() by
  RAND_POOL_acquire_entropy().
- Add a new function rand_drbg_restart() which tries to get the DRBG
  in an instantiated state by all means, regardless of the current
  state (uninstantiated, error, ...) the DRBG is in. If the caller
  provides entropy or additional input, it will be used for reseeding.
- Restore the original documented behaviour of RAND_add() and RAND_poll()
  (namely to reseed the DRBG immediately) by a new implementation based
  on rand_drbg_restart().
- Add automatic error recovery from temporary failures of the entropy
  source to RAND_DRBG_generate() using the rand_drbg_restart() function.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4328)
2017-10-18 08:39:20 -05:00
..
__DECC_INCLUDE_EPILOGUE.H
__DECC_INCLUDE_PROLOGUE.H
aria.h Correct Oracle copyrights & clarify. 2017-06-15 15:50:50 +10:00
asn1_int.h Support key check in EVP interface 2017-09-13 20:38:14 +02:00
async.h
bn_conf.h.in
bn_dh.h DH named parameter support 2017-10-12 02:40:30 +01:00
bn_int.h
bn_srp.h
chacha.h
cryptlib_int.h Add missing include of cryptlib.h 2017-08-06 17:06:19 -04:00
ctype.h This has been added to avoid the situation where some host ctype.h functions 2017-08-22 09:45:25 +10:00
dso_conf.h.in
engine.h Add new /dev/crypto engine 2017-06-28 12:54:33 +02:00
err_int.h
evp_int.h Add EVP_PKEY_set1_engine() function. 2017-10-12 00:03:32 +01:00
md32_common.h Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
objects.h
poly1305.h
rand_int.h Fix reseeding issues of the public RAND_DRBG 2017-10-18 08:39:20 -05:00
siphash.h
store_int.h Add internal functions to fetch PEM data from an opened BIO 2017-06-29 19:25:39 +02:00
store.h Add the STORE module 2017-06-29 11:55:31 +02:00
x509_int.h