git.openssl.org Git - openssl.git/commit

author	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
	Thu, 28 Dec 2017 20:42:14 +0000 (21:42 +0100)
committer	Pauli <paul.dale@oracle.com>
	Thu, 4 Jan 2018 01:47:31 +0000 (11:47 +1000)
commit	8212d50576147cd5db87b1e2f4607a6d5b5f435f
tree	016885875e4a7ed596423afc9fdb8954cc66abaf	tree \| snapshot
parent	4e585e720195788c9546a9ce71d63dafdfd2aaf1	commit \| diff

crypto/rand: restore the generic DRBG implementation

The DRGB concept described in NIST SP 800-90A provides for having different
algorithms to generate random output. In fact, the FIPS object module used to
implement three of them, CTR DRBG, HASH DRBG and HMAC DRBG.

When the FIPS code was ported to master in #4019, two of the three algorithms
were dropped, and together with those the entire code that made RAND_DRBG
generic was removed, since only one concrete implementation was left.

This commit restores the original generic implementation of the DRBG, making it
possible again to add additional implementations using different algorithms
(like RAND_DRBG_CHACHA20) in the future.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4998)

crypto/err/openssl.txt		diff \| blob \| history
crypto/rand/drbg_ctr.c		diff \| blob \| history
crypto/rand/drbg_lib.c		diff \| blob \| history
crypto/rand/rand_err.c		diff \| blob \| history
crypto/rand/rand_lcl.h		diff \| blob \| history
include/openssl/randerr.h		diff \| blob \| history
test/drbgtest.c		diff \| blob \| history