On Tue, Aug 29, 2017 at 01:05:21PM +0000, Dr. Matthias St. Pierre wrote: > > Currently it's only possible to customize the callbacks but not the > deterministic algorithm. IMHO this is sufficient for the needs of a standard > OpenSSL user who only wants control over the entropy source. A true new > algorithm (like e.g. CHACHA2_DRBG) should be implemented by experts and added > mainstream. So I don't see any advantage of having an engine over using the > 'vtable' approach from the FIPS DRBG, which has been removed.
I've been looking at implementing a chacha20 based DRBG, which isn't that hard. But there are various choices you can make, and every chacha20 RNG that I've seen seems to take a random set of those choices. I really wish there was some standardized version. Kurt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev