>Yes, after what I all said previously, it's clear the code could
use improvements. I think at least Matthias and I assumed the code
about the minimum size was correct and that there was a minimum
requirement of 128 bit.
My expectation was that the *maximum* would also be 128
On 04/08/18 09:49, Kurt Roeckx wrote:
> On Sun, Apr 08, 2018 at 07:15:32AM +0200, Richard Levitte wrote:
>> In message <20180407185034.ga25...@roeckx.be> on Sat, 7 Apr 2018 20:50:35
>> +0200, Kurt Roeckx said:
>>
>> kurt> > In going from 1.1.0 to 1.1.1, breaking platforms that
On Sun, Apr 08, 2018 at 10:31:58AM +0200, Richard Levitte wrote:
> In message <20180408080942.gb3...@roeckx.be> on Sun, 8 Apr 2018 10:09:42
> +0200, Kurt Roeckx said:
>
> kurt> On Sun, Apr 08, 2018 at 07:39:30AM +0200, Richard Levitte wrote:
> kurt> > In message
On Sun, Apr 08, 2018 at 07:39:30AM +0200, Richard Levitte wrote:
> In message <20180407190250.ga27...@roeckx.be> on Sat, 7 Apr 2018 21:02:51
> +0200, Kurt Roeckx said:
>
> kurt> On Sat, Apr 07, 2018 at 06:49:50PM +0200, Richard Levitte wrote:
> kurt> > H... case 4 shouldn't
In message <20180408080942.gb3...@roeckx.be> on Sun, 8 Apr 2018 10:09:42 +0200,
Kurt Roeckx said:
kurt> On Sun, Apr 08, 2018 at 07:39:30AM +0200, Richard Levitte wrote:
kurt> > In message <20180407190250.ga27...@roeckx.be> on Sat, 7 Apr 2018
21:02:51 +0200, Kurt Roeckx
rsalz> My expectation was that the *maximum* would also be 128 bits.
>Not sure what you're saying there. If the entropy acquisition
routines is over enthusiastic and delivers 277 bits of entropy, are
you saying it shouldn't be allowed to?
I meant to say that the
kurt> So then I suggest we support the syscalls on all platforms that
kurt> provide it.
Who takes responsibility for fixing this?
___
openssl-project mailing list
openssl-project@openssl.org
On Sat, Apr 07, 2018 at 08:50:35PM +0200, Kurt Roeckx wrote:
> On Sat, Apr 07, 2018 at 05:55:14PM +, Salz, Rich wrote:
> > > Because
> > > - It is not clear we need to do so
> >
> > >That we need to do what?
> >
> > Do FIPS compliant random numbers in this release.
>
>
Just for completeness sake: The entropy requirement is 256 and *not* 384 if a
derivation function is used.
Please reread
https://mta.openssl.org/pipermail/openssl-project/2018-April/000506.html
> -Ursprüngliche Nachricht-
> Von: openssl-project Im
>The 384 comes straight out of SP800-90A, see the table 10.2.1.
I think we're getting close to needing a team vote on whether or not we want to
follow SP800-90A for this release.
___
openssl-project mailing list
openssl-project@openssl.org
In message <83ae9015-a766-4497-a71d-d537837cf...@openssl.org> on Sun, 08 Apr
2018 19:15:16 +0200, Richard Levitte said:
levitte>
levitte>
levitte> Kurt Roeckx skrev: (8 april 2018 17:36:27 CEST)
levitte> >On Sat, Apr 07, 2018 at 08:50:35PM +0200, Kurt
In message on Sun, 8 Apr 2018
20:10:22 +, "Salz, Rich" said:
rsalz> >The 384 comes straight out of SP800-90A, see the table 10.2.1.
rsalz>
rsalz> I think we're getting close to needing a team vote on whether
rsalz>
On Sun, Apr 08, 2018 at 08:29:18PM +, Dr. Matthias St. Pierre wrote:
> Just for completeness sake: The entropy requirement is 256 and *not* 384 if a
> derivation function is used.
But one way of implementing the nonce when a DF is not used, is to
also have 384 bit in that case, which is our
> This also puts into question the no_df tests in test/drbgtest.c, how
> can we possibly, under the diverse conditions we're facing, assume to
> know if those tests will succeed or fail?
The no_df tests are o.k. as they are. In fact, OpenSSL supports using the DRBG
with or without the derivation
On Sun, Apr 08, 2018 at 07:15:16PM +0200, Richard Levitte wrote:
>
>
> Kurt Roeckx skrev: (8 april 2018 17:36:27 CEST)
> >On Sat, Apr 07, 2018 at 08:50:35PM +0200, Kurt Roeckx wrote:
> >> On Sat, Apr 07, 2018 at 05:55:14PM +, Salz, Rich wrote:
> >> > > Because
> >> >
> > Wait what? This sounds nuts... Can you refer to something that backs your
> > claim?
>
> The 384 comes straight out of SP800-90A, see the table 10.2.1.
> It's also in the code where we do:
> drbg->seedlen = keylen + 16;
> [...]
> if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
>
In message on Sun, 8 Apr 2018
21:51:52 +, "Dr. Matthias St. Pierre" said:
Matthias.St.Pierre> > So I guess I'm still on track with wanting to specify a
get_nonce
Matthias.St.Pierre> > function for VMS.
Kurt Roeckx skrev: (8 april 2018 17:36:27 CEST)
>On Sat, Apr 07, 2018 at 08:50:35PM +0200, Kurt Roeckx wrote:
>> On Sat, Apr 07, 2018 at 05:55:14PM +, Salz, Rich wrote:
>> > > Because
>> > > - It is not clear we need to do so
>> >
>> > >That we need to
18 matches
Mail list logo