[openssl-dev] Plea for a new public OpenSSL RNG API

Salz, Rich rsalz at akamai.com
Tue Aug 29 15:33:10 UTC 2017


    Could you please be more specific wrt. DRBG organization that in your opinion could impact the UI? 

From your use-case:  you want to add entropy into a specific DRBG.  You want to push it, as opposed to the DRBG “pull when needed” model.  That’s an additional API.  Also from your use-case: you want to specify which DRBG instance gets that entropy.  If we move to a pair per thread, as opposed to one per SSL and two in the global space, how do we make sure that API still works and does the right thing.

Does that makes sense, and does it answer your question?




More information about the openssl-dev mailing list