[openssl-project] OpenSSL 3.0 and FIPS Update

Richard Levitte levitte at openssl.org
Mon Feb 25 18:59:55 UTC 2019

On Sat, 23 Feb 2019 21:47:00 +0100,
Dmitry Belyavsky wrote:
> Dear Richard, 
> On Sat, Feb 23, 2019 at 8:47 AM Richard Levitte <levitte at openssl.org> wrote:
>     Since our RAND API is separate from the EVP API, I'm unsure how we
>     plan on getting custom RAND_methods from providers.
>     Please note that we can add RAND to the list of provider backed APIs,
>     and given a foundation that we're currently building, it may even be
>     quite easy.  However, no one has said explicitly that we would do so.
>     The other option is, of course, to move the RAND API to EVP somehow,
>     but that will probably be more challenging.
> I do not think it is really necessary to move RAND to EVP.
> Current architecture suits our requirements, but if the possibility to overwrite
> the RAND_METHOD is removed, it will cause problems for us.

So it turns out that some of my collegues were assuming that the RAND
API would be provider backed.  I simply hadn't caught on to that...


Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-users mailing list