[openssl-project] FW: [openssl/openssl] VMS: lower the entropy demand for this platform specifically (#5904)

Dr. Matthias St. Pierre Matthias.St.Pierre at ncp-e.com
Sun Apr 8 21:51:52 UTC 2018

> This also puts into question the no_df tests in test/drbgtest.c, how
> can we possibly, under the diverse conditions we're facing, assume to
> know if those tests will succeed or fail?

The no_df tests are o.k. as they are. In fact, OpenSSL supports using the DRBG with or without the derivation function. We ourselves, we are not using the no_df feature. But that does not mean we have to rip it out of our sources. It's there since FIPS 2.0 and it's implemented correctly. A possible use case would be the following: if an application has access to a true RNG then it could replace the get_entropy() callbacks and operate our DRBG without the derivation function. 

> So I guess I'm still on track with wanting to specify a get_nonce
> function for VMS.  Speaking of that, got any ideas on how to hook that
> on appropriately, without butchering the current DRBG code?

Hold the line, I'm currently working on it...  


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4328 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20180408/8f9b7fb9/attachment-0001.bin>

More information about the openssl-project mailing list