[openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)
Salz, Rich
rsalz at akamai.com
Sat Apr 7 14:15:51 UTC 2018
I would like to see this put on hold until we fix the ‘now requires 50% more random seeding’ issue.
What should I do to force that issue?
From: Richard Levitte <notifications at github.com>
Reply-To: openssl/openssl <reply+006fe294b88b1b00f712afbd9c8b598fbacf36e3d1ffef7092cf0000000116e06f2192a169ce129bc983 at reply.github.com>
Date: Saturday, April 7, 2018 at 7:36 AM
To: openssl/openssl <openssl at noreply.github.com>
Cc: Subscribed <subscribed at noreply.github.com>
Subject: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)
Currently, the VMS version of rand_pool_acquire_entropy() delivers 256
bits of entropy. The DRBG using AES-256-CTR and wanting 50% extra
bits for the nonce demands 384 bits of entropy. Obviously, this makes
anything random related to fail on VMS.
The solution for now, until we get the VMS rand_pool_acquire_entropy()
to deliver more entropy, is to lower the bar for VMS specifically,
i.e. making the default scrambling cipher AES-128-CTR instead of
AES-256-CTR.
Fixes #5849<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_5849&d=DwMCaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=kyk90HbC75s2XWKsF3IXUFtJ3WaC7ro5Lsuohk8GqXc&s=wHYr3-v_LNVUlhpP6-Ra05SuFf41rUBkdz1wSVF3kwE&e=>
________________________________
You can view, comment on, or merge this pull request online at:
https://github.com/openssl/openssl/pull/5904<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_5904&d=DwMCaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=kyk90HbC75s2XWKsF3IXUFtJ3WaC7ro5Lsuohk8GqXc&s=HErxLwNbZRguCm9RhoMqXHQ83nOOsvDQF9bAeieem8c&e=>
Commit Summary
* VMS: lower the entropy demand for this platform specifically
File Changes
* M include/openssl/rand_drbg.h<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_5904_files-23diff-2D0&d=DwMCaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=kyk90HbC75s2XWKsF3IXUFtJ3WaC7ro5Lsuohk8GqXc&s=IQl76CU_ObYAV_UB1YKDT6NjB3ayBFQnn1rWI0NlCMo&e=> (10)
Patch Links:
* https://github.com/openssl/openssl/pull/5904.patch<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_5904.patch&d=DwMCaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=kyk90HbC75s2XWKsF3IXUFtJ3WaC7ro5Lsuohk8GqXc&s=d7Q6NQV7uD6tEaQ-41PC7_UwtnuP7NwdDvO-FvlZtI4&e=>
* https://github.com/openssl/openssl/pull/5904.diff<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_5904.diff&d=DwMCaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=kyk90HbC75s2XWKsF3IXUFtJ3WaC7ro5Lsuohk8GqXc&s=P8cE-AGU9epcphblbrEonkqMykuJYjiRmH3drj3HD1Y&e=>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_5904&d=DwMCaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=kyk90HbC75s2XWKsF3IXUFtJ3WaC7ro5Lsuohk8GqXc&s=HErxLwNbZRguCm9RhoMqXHQ83nOOsvDQF9bAeieem8c&e=>, or mute the thread<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AG-5FilJ8SNbUkW80n2jdBuhC8Nn2N1eZeks5tmKShgaJpZM4TLC-5Fs&d=DwMCaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=kyk90HbC75s2XWKsF3IXUFtJ3WaC7ro5Lsuohk8GqXc&s=O4wdZANToOQhowJYc_HwuOrCQPqe5PY7oRRvd2xAtFM&e=>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20180407/0e993894/attachment-0001.html>
More information about the openssl-project
mailing list