diff options
author | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2018-02-13 02:02:22 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-02-13 09:14:00 +0000 |
commit | 53010ea150544a41feb1a62d26b4d321180512e0 (patch) | |
tree | 735c77ea46ebd43c3a6107c1f043288851e9b952 | |
parent | 1c5b57bc0ae5e2d0efc245cd8dd227ea4a0a41f2 (diff) | |
download | openssl-new-53010ea150544a41feb1a62d26b4d321180512e0.tar.gz |
Document new random generator in NEWS and CHANGES
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5344)
-rw-r--r-- | CHANGES | 19 | ||||
-rw-r--r-- | NEWS | 1 |
2 files changed, 20 insertions, 0 deletions
@@ -29,6 +29,25 @@ TODO(TLS1.3): Remove the above note before final release [Matt Caswell] + *) Grand redesign of the OpenSSL random generator + + The default RAND method now utilizes an AES-CTR DRBG according to + NIST standard SP 800-90Ar1. The new random generator is essentially + a port of the default random generator from the OpenSSL FIPS 2.0 + object module. It is a hybrid deterministic random bit generator + using an AES-CTR bit stream and which seeds and reseeds itself + automatically using trusted system entropy sources. + + Some of its new features are: + o Support for multiple DRBG instances with seed chaining. + o Add a public DRBG instance for the default RAND method. + o Add a dedicated DRBG instance for generating long term private keys. + o Make the DRBG instances fork-safe. + o Keep all global DRBG instances on the secure heap if it is enabled. + o Add a DRBG instance to every SSL instance for lock free operation + and to increase unpredictability. + [Paul Dale, Benjamin Kaduk, Kurt Roeckx, Rich Salz, Matthias St. Pierre] + *) Changed Configure so it only says what it does and doesn't dump so much data. Instead, ./configdata.pm should be used as a script to display all sorts of configuration data. @@ -20,6 +20,7 @@ o Add SHA3 o Rewrite of devcrypto engine o Add support for SipHash + o Grand redesign of the OpenSSL random generator Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development] |