Skip to content
  1. Apr 30, 2019
    • Pauli's avatar
      Squashed commit of the following: · 8094a694
      Pauli authored
      
      
      Digest stored entropy for CRNG test.
      
      Via the FIPS lab, NIST confirmed:
      
          The CMVP had a chance to discuss this inquiry and we agree that
          hashing the NDRNG block does meet the spirit and letter of AS09.42.
      
          However, the CMVP did have a few questions: what hash algorithm would
          be used in this application? Is it approved? Is it CAVs tested?
      
      SHA256 is being used here and it will be both approved and CAVs tested.
      
      This means that no raw entropy needs to be kept between RNG seedings, preventing
      a potential attack vector aganst the randomness source and the DRBG chains.
      
      It also means the block of secure memory allocated for this purpose is no longer
      required.
      
      Reviewed-by: default avatarMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
      (Merged from https://github.com/openssl/openssl/pull/8790)
      8094a694
  2. Apr 29, 2019
  3. Apr 26, 2019
  4. Apr 25, 2019
  5. Apr 24, 2019
  6. Apr 23, 2019
  7. Apr 20, 2019
  8. Apr 19, 2019