Still Failing: openssl/openssl#24947 (master - 8094a69)

Tue Apr 30 04:03:20 UTC 2019

Build Update for openssl/openssl
-------------------------------------

Build: #24947
Status: Still Failing

Duration: 18 mins and 40 secs
Commit: 8094a69 (master)
Author: Pauli
Message: Squashed commit of the following:

Digest stored entropy for CRNG test.

Via the FIPS lab, NIST confirmed:

    The CMVP had a chance to discuss this inquiry and we agree that
    hashing the NDRNG block does meet the spirit and letter of AS09.42.

    However, the CMVP did have a few questions: what hash algorithm would
    be used in this application? Is it approved? Is it CAVs tested?

SHA256 is being used here and it will be both approved and CAVs tested.

This means that no raw entropy needs to be kept between RNG seedings, preventing
a potential attack vector aganst the randomness source and the DRBG chains.

It also means the block of secure memory allocated for this purpose is no longer
required.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8790)

View the changeset: https://github.com/openssl/openssl/compare/555cbb328ee2...8094a6945873

View the full build log and details: https://travis-ci.org/openssl/openssl/builds/526261931?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-commits/attachments/20190430/369c2fd2/attachment-0001.html>