Add --with-rand-seed
authorRich Salz <rsalz@openssl.org>
Tue, 18 Jul 2017 13:39:21 +0000 (09:39 -0400)
committerRich Salz <rsalz@openssl.org>
Sat, 22 Jul 2017 18:00:07 +0000 (14:00 -0400)
commit8389ec4b4950b9474e72a959eb0b0a6ce77ac1e8
tree433fb30336963d2bd5a8cd7bb87a4dba32313f92
parent0d7903f83f84bba1d29225efd999c633a0c5ba01
Add --with-rand-seed

Add a new config param to specify how the CSPRNG should be seeded.
Illegal values or nonsensical combinations (e.g., anything other
than "os" on VMS or HP VOS etc) result in build failures.
Add RDSEED support.
Add RDTSC but leave it disabled for now pending more investigation.

Refactor and reorganization all seeding files (rand_unix/win/vms) so
that they are simpler.

Only require 128 bits of seeding material.

Many document improvements, including why to not use RAND_add() and the
limitations around using load_file/write_file.
Document RAND_poll().

Cleanup Windows RAND_poll and return correct status

More completely initialize the default DRBG.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3965)
Configure
apps/version.c
crypto/rand/drbg_rand.c
crypto/rand/rand_lcl.h
crypto/rand/rand_lib.c
crypto/rand/rand_unix.c
crypto/rand/rand_vms.c
crypto/rand/rand_win.c
doc/man3/RAND_add.pod
doc/man3/RAND_load_file.pod