[openssl-project] Next release is beta1
Dr. Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Mon Mar 5 08:09:55 UTC 2018
Am 04.03.2018 um 17:30 schrieb Kurt Roeckx:
> There is also still work going on related to the DRBG API.
Kurt convinced me that the DRBG backend (the reseeding) needs some
adjustments in order to comply to NIST SP 800-90C. This applies in
particular to the prediction_resistance feature. And there might be more
changes required in the course of the future FIPS evaluation. Since
these questions affect only the FIPS certification, my suggestion is to
postpone major adjustments for NIST SP 800-90C compliance to post-1.1.1
and not start overhauling the DRBG shortly before the code freeze. The
new CSPRNG implentation is already much better than the one we had in
1.1.0, even if it is not fully compliant yet.
The recommendation for postponing changes does not apply to the
following pull requests which are already en queue. In particular it is
reasonable to have the change of the get_entropy callback signature
(#5402) merged before the freeze.
https://github.com/openssl/openssl/pull/5402
https://github.com/openssl/openssl/pull/5503
https://github.com/openssl/openssl/pull/5506
In view of the above said, I will refrain from publishing (and
documenting) the RAND_POOL API and will only publish the RAND_DRBG API
(TBD).
https://github.com/openssl/openssl/pull/5461
https://github.com/openssl/openssl/pull/5462
Matthias
More information about the openssl-project
mailing list