Add prediction resistance capability to the DRBG reseeding process.

Refer to NIST SP 800-90C section 5.4 "Prediction Resistance.l" This requires the seed sources to be approved as entropy sources, after which they should be considered live sources as per section 5.3.2 "Live Entropy Source Availability." Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8647)
author: Pauli <paul.dale@oracle.com> 2019-04-12 18:16:20 +1000
committer: Pauli <paul.dale@oracle.com> 2019-04-12 18:16:20 +1000
commit: 65175163247fe0f56c894c9ac7baf93f4386cebe (patch)
tree: 9d3553c9b3b25f3a458f7d6e8b181c6ec43ae1d4 /CHANGES
parent: 5173cdde7d758824e6a07f2a6c6808b254602e11 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index e70e42b570..11c80b762f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,8 +9,12 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) Add prediction resistance to the DRBG reseeding process.
+     [Paul Dale]
+
   *) Limit the number of blocks in a data unit for AES-XTS to 2^20 as
      mandated by IEEE Std 1619-2018.
+     [Paul Dale]
 
   *) Added newline escaping functionality to a filename when using openssl dgst.
      This output format is to replicate the output format found in the '*sum'
author	Pauli <paul.dale@oracle.com>	2019-04-12 18:16:20 +1000
committer	Pauli <paul.dale@oracle.com>	2019-04-12 18:16:20 +1000
commit	65175163247fe0f56c894c9ac7baf93f4386cebe (patch)
tree	9d3553c9b3b25f3a458f7d6e8b181c6ec43ae1d4 /CHANGES
parent	5173cdde7d758824e6a07f2a6c6808b254602e11 (diff)