callback.
Handle case where no multiple of the block size is in the interval
[min_len, max_len].
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+ *) Minor change to DRBG entropy callback semantics. In some cases
+ there is no mutiple of the block length between min_len and
+ max_len. Allow the callback to return more than max_len bytes
+ of entropy but discard any extra: it is the callback's responsibility
+ to ensure that the extra data discarded does not impact the
+ requested amount of entropy.
+ [Steve Henson]
+
*) Add PRNG security strength checks to RSA, DSA and ECDSA using
information in FIPS186-3, SP800-57 and SP800-131A.
[Steve Henson]
*) Add PRNG security strength checks to RSA, DSA and ECDSA using
information in FIPS186-3, SP800-57 and SP800-131A.
[Steve Henson]
*pout = OPENSSL_malloc(min_len);
if (!*pout)
return 0;
*pout = OPENSSL_malloc(min_len);
if (!*pout)
return 0;
+ /* Round up request to multiple of block size */
+ min_len = ((min_len + 19) / 20) * 20;
if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
{
OPENSSL_free(*pout);
if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
{
OPENSSL_free(*pout);
+ rv -= bl;
+ if (rv > max_len)
+ return max_len;
+ return rv;
}
static void fips_cleanup_entropy(DRBG_CTX *dctx,
}
static void fips_cleanup_entropy(DRBG_CTX *dctx,
projects / openssl.git / commitdiff