ESDM 1.2.1

ESDM Source Code

ESDM Source Code Signature

Documentation

The following documentation is available:

• ESDM Documentation

• ESDM Presentation

Changelog

• Reduce lock contention and increase throughput (thanks to Markus Theil)

• Add helper tool to externalize the C API to command line (thanks to Markus Theil)

• Update OpenSSL backend (thanks to Markus Theil)

• Update Botan backend (thanks to Markus Theil)

• Update systemd for SLES / Tumbleweed to prevent shutdown hangs

• Establish AIS20/31 DRG.4 compliance (thanks to Markus Theil)

• Place Linux RNG seeder into its own application to avoid chicken-egg problem inside the ESDM (thanks to Markus Theil)

• NTG.1 updates to comply with AIS 20/31 v3.0

• Linux kernel ES: Add cryptographic post-processing with state for esdm_es (SP800-90A DRBG). Only use high resolution time code path from now on. All known current CPUs support this and allow for storage of fixed with timestamps. Timestamps are now stored per CPU and directly take part in a combined seed of multiple per-CPU buffers via a scather gather list. Clear state when suspending or rebooting.

• Don’t expose testing interface of esdm_es when in lockdown mode.

• Add NIST test vectors for Botan HMAC-DRBG(SHA-512).

• Fix: RDRAND feature detection.

• Fix: performance with many worker threads on many core systems.

• Added improved systemd support (notify, socket activation). Switch default path to /run in order to prevent systemd deprecation notices. Small refactoring of systemd service generation to unify socket and non-socket activation paths.

• Fix: FIPS 140 init works now, added checksum generation to esdm-tool for better scripting.

• Add explicit OSR to esdm_es. Expose different ES’ via Makefile options.

Standards Compliance

• SP800-90A/B/C compliant

• AIS20/31 2011 compliant

• AIS20/31 2024 compliant

• FIPS IG 7.19 / D.K compliant - use of DRBG as conditioning component for chaining DRBGs