Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: b28b3128048a83ba036c9d8a789badac9b1a2804
https://github.com/openssl/openssl/commit/b28b3128048a83ba036c9d8a789badac9b1a2804
Author: Dimitri John Ledkov <dimitri.led...@surgut.co.uk>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M .github/workflows/run-checker-daily.yml
M CHANGES.md
M Configurations/00-base-templates.conf
M Configure
M INSTALL.md
M crypto/info.c
M providers/baseprov.c
M providers/defltprov.c
M providers/implementations/include/prov/implementations.h
M providers/implementations/include/prov/names.h
M providers/implementations/include/prov/seeding.h
M providers/implementations/rands/build.info
A providers/implementations/rands/seed_src_jitter.c
A test/default-and-jitter.cnf
M util/wrap.pl.in
Log Message:
-----------
jitter: add a new provider containing a jitter entropy source alone
This entropy source can be used instead of SEED-SRC. Sample
openssl.cnf configuration is provided. It is built as a separate
provider, because it is likely to require less frequent updates than
fips provider. The same build likely can span multiple generations of
FIPS 140 standard revisions.
Note that rand-instances currently chain from public/private instances
to primary, prior to consuming the seed. Thus currently a unique ESV
needs to be obtained, and resue of jitterentropy.a certificate is not
possible as is. Separately a patch will be sent to allow for
unchaining public/private RAND instances for the purpose of reusing
ESV.
Also I do wonder if it makes sense to create a fips variant of stock
SEED-SRC entropy source, which in addition to using getrandom() also
verifies that the kernel is operating in FIPS mode and thus is likely
a validated entropy source. As in on Linux, check that
/proc/sys/crypto/fips_enabled is set to 1, and similar checks on
Windows / MacOS and so on.
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24844)
Commit: 8f3ebb7d601e9066b6ac1059fe28d57cb5fd24a7
https://github.com/openssl/openssl/commit/8f3ebb7d601e9066b6ac1059fe28d57cb5fd24a7
Author: Dimitri John Ledkov <dimitri.led...@surgut.co.uk>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M doc/build.info
A doc/man7/EVP_RAND-JITTER.pod
M doc/man7/OSSL_PROVIDER-base.pod
M doc/man7/OSSL_PROVIDER-default.pod
Log Message:
-----------
JITTER: add documentation
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24844)
Commit: 1e7ff7be23c6fc8a88a698a57107a0e0c6db2435
https://github.com/openssl/openssl/commit/1e7ff7be23c6fc8a88a698a57107a0e0c6db2435
Author: Dimitri John Ledkov <dimitri.led...@surgut.co.uk>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M .github/workflows/run-checker-daily.yml
M Configure
M INSTALL.md
M crypto/info.c
M crypto/rand/rand_lib.c
M doc/build.info
M doc/man3/RAND_set_DRBG_type.pod
M doc/man7/EVP_RAND-JITTER.pod
M doc/man7/EVP_RAND.pod
M providers/implementations/rands/seed_src_jitter.c
Log Message:
-----------
JITTER: excercise all tests in CI with JITTER seed source under certain build
configuration
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24844)
Commit: f8c510cd20a43f7ac7705aca40fd38aacd5febeb
https://github.com/openssl/openssl/commit/f8c510cd20a43f7ac7705aca40fd38aacd5febeb
Author: Dimitri John Ledkov <dimitri.led...@surgut.co.uk>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M Configure
M crypto/info.c
M doc/man7/EVP_RAND.pod
M providers/implementations/include/prov/seeding.h
M providers/implementations/rands/seed_src_jitter.c
Log Message:
-----------
JITTER: implement error handling from jitter library
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24844)
Commit: f41b5ffe33bed336827096788b593e87927ae906
https://github.com/openssl/openssl/commit/f41b5ffe33bed336827096788b593e87927ae906
Author: Dimitri John Ledkov <dimitri.led...@surgut.co.uk>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M providers/implementations/rands/seed_src_jitter.c
Log Message:
-----------
jitter: retry intermittent failures
Reviewed-by: Shane Lontis <shane.lon...@oracle.com>
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24844)
Compare: https://github.com/openssl/openssl/compare/4f5febe2c684...f41b5ffe33be
To unsubscribe from these emails, change your notification settings at
https://github.com/openssl/openssl/settings/notifications
