Matt, thanks for the clarification. I’ve looked at the DRBG setup code dozens
of times and it never clicked.
It seems we’re down to making the DRBGs and, perhaps, the seed source available
using fetch.
That doesn’t seem anything like as difficult.
Pauli
--
Dr Paul Dale | Distinguished
FWIW, I agree with Matt's points.
On 24/09/2019 10:17, Matthias St. Pierre wrote:
>
> On 24.09.19 10:58, Matthias St. Pierre wrote:
>> It would also make sense to make the entropy sources themselves fetchable and
>> configurable. This would enable us to
>>
>> - separate FIPS and non-FIPS entropy sources (using the 'fips'
On 24.09.19 10:58, Matthias St. Pierre wrote:
It would also make sense to make the entropy sources themselves fetchable and
configurable. This would enable us to
- separate FIPS and non-FIPS entropy sources (using the 'fips' attribute)
This concept would also enable us to ensure that FIPS
As for what to fetch: the DRBG instances and the seed material source would be
ideal, although we don’t need the seed source for FIPS (so long as the DRBGs
seed from inside their own provider).
I had always assumed we would fetch DRBG instances.
Matt
It would also make sense to make the
This started in #9954, the topic of RAND being used by the legacy provider came
up (in the context of DES). The abridged version is:
* @levitte suggested the possibility of making RAND detachable.
* I noted that this was desirable and in fact necessary for FIPS.
* @mattcaswell added that the
