aboutsummaryrefslogtreecommitdiff
path: root/crypto/rand/drbg_hmac.c
AgeCommit message (Collapse)AuthorFilesLines
2020-04-23Update copyright yearMatt Caswell1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
2020-01-29Deprecate the low level HMAC functionsPauli1-0/+6
Use of the low level HMAC functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
2019-11-02DRBG: add check for XOF so these can be disallowed by the DRBGsPauli1-0/+3
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10321)
2019-11-02DRBG: weaken the restriction on allowed digests.Pauli1-26/+3
The artificial restriction of digests for the HMAC and HASH DRBGs is lifted. Any fetchable digest is acceptable except XOF ones (such as SHAKE). In FIPS mode, the fetch remains internal to the provider so only a FIPS validated digest will be located. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10321)
2019-10-10Cleanup: move remaining providers/common/include/internal/*.hRichard Levitte1-1/+1
The end up in providers/common/include/prov/. All inclusions are adjusted accordingly. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10088)
2019-09-28Reorganize local header filesDr. Matthias St. Pierre1-1/+1
Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-04New function EVP_MD_free()Richard Levitte1-3/+3
This function re-implements EVP_MD_meth_free(), but has a name that isn't encumbered by legacy EVP_MD construction functionality. We also refactor most of EVP_MD_meth_new() into an internal evp_md_new() that's used when creating fetched methods. EVP_MD_meth_new() and EVP_MD_meth_free() are rewritten in terms of evp_md_new() and EVP_MD_free(). This means that at any time, we can deprecate all the EVP_MD_meth_ functions with no harmful consequence. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9758)
2019-06-28Change the DRBG HMAC implementation to lookup allowed digest namesMatt Caswell1-7/+24
As per the previous commit we make the same change for DRBG HMAC and more closely align the FIPS_MODE and non FIPS_MODE implementations. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9035)
2019-06-28Make the RAND code available from inside the FIPS moduleMatt Caswell1-3/+18
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9035)
2018-12-06Following the license change, modify the boilerplates in crypto/rand/Richard Levitte1-1/+1
[skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7811)
2018-10-16DRBG: fix reseeding via RAND_add()/RAND_seed() with large inputDr. Matthias St. Pierre1-2/+2
In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed() was implemented by buffering the data in a random pool where it is picked up later by the rand_drbg_get_entropy() callback. This buffer was limited to the size of 4096 bytes. When a larger input was added via RAND_add() or RAND_seed() to the DRBG, the reseeding failed, but the error returned by the DRBG was ignored by the two calling functions, which both don't return an error code. As a consequence, the data provided by the application was effectively ignored. This commit fixes the problem by a more efficient implementation which does not copy the data in memory and by raising the buffer the size limit to INT32_MAX (2 gigabytes). This is less than the NIST limit of 2^35 bits but it was chosen intentionally to avoid platform dependent problems like integer sizes and/or signed/unsigned conversion. Additionally, the DRBG is now less permissive on errors: In addition to pushing a message to the openssl error stack, it enters the error state, which forces a reinstantiation on next call. Thanks go to Dr. Falko Strenzke for reporting this issue to the openssl-security mailing list. After internal discussion the issue has been categorized as not being security relevant, because the DRBG reseeds automatically and is fully functional even without additional randomness provided by the application. Fixes #7381 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7382)
2018-09-28Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for ↵Shane Lontis1-0/+238
master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6779)
generated by cgit v1.1 at 2024-08-09 22:02:01 +0000