Re: [openssl-project] OpenSSL 3.0 and FIPS Update

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

Richard Levitte - VMS Whacker-2
On Sat, 23 Feb 2019 21:47:00 +0100,
Dmitry Belyavsky wrote:

>
>
> Dear Richard, 
>
> On Sat, Feb 23, 2019 at 8:47 AM Richard Levitte <[hidden email]> wrote:
>
>     Since our RAND API is separate from the EVP API, I'm unsure how we
>     plan on getting custom RAND_methods from providers.
>    
>     Please note that we can add RAND to the list of provider backed APIs,
>     and given a foundation that we're currently building, it may even be
>     quite easy.  However, no one has said explicitly that we would do so.
>    
>     The other option is, of course, to move the RAND API to EVP somehow,
>     but that will probably be more challenging.
>
> I do not think it is really necessary to move RAND to EVP.
> Current architecture suits our requirements, but if the possibility to overwrite
> the RAND_METHOD is removed, it will cause problems for us.

So it turns out that some of my collegues were assuming that the RAND
API would be provider backed.  I simply hadn't caught on to that...

Cheers,
Richard

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
12