Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-25 Thread Richard Levitte
On Sat, 23 Feb 2019 21:47:00 +0100, Dmitry Belyavsky wrote: > > > Dear Richard,  > > On Sat, Feb 23, 2019 at 8:47 AM Richard Levitte wrote: > > Since our RAND API is separate from the EVP API, I'm unsure how we > plan on getting custom RAND_methods from providers. > > Please

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-25 Thread Richard Levitte
On Mon, 25 Feb 2019 00:40:51 +0100, Michael Richardson wrote: > I think that the #define/enum of NIDs should be made internal-only, > available as optimization to internal code only. Having asked around a bit on this, that was the original intention... However, in an old era of having everything

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-25 Thread Dmitry Belyavsky
Dear Dr Paul, I think this change is somewhere in a gray zone. On Mon, Feb 25, 2019 at 1:37 PM Dr Paul Dale wrote: > I don’t think that that new OIDs or NIDs are considering breaking. > Changing existing ones definitely is, but that’s an entirely different > proposition. > > > Pauli > -- > Dr

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-25 Thread Dr Paul Dale
I don’t think that that new OIDs or NIDs are considering breaking. Changing existing ones definitely is, but that’s an entirely different proposition. Pauli -- Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia > On 25 Feb 2019, at 5:02 pm,

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-24 Thread Dmitry Belyavsky
Dear Michael, On Mon, Feb 25, 2019 at 2:41 AM Michael Richardson wrote: > > Not sure who Matt quoted, wrote: > >> 2. Can we do something with a bunch of hard-linked non-extendable > >> lists of internal NIDs? > >> > >> For example, providing GOST algorithms always requires a

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-24 Thread Dmitry Belyavsky
On Sun, Feb 24, 2019 at 11:31 PM Viktor Dukhovni wrote: > On Thu, Feb 21, 2019 at 04:20:53PM +, Matt Caswell wrote: > > > > 2. Can we do something with a bunch of hard-linked non-extendable > lists of > > > internal NIDs? > > > > > For example, providing GOST algorithms always requires a

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-24 Thread Michael Richardson
Not sure who Matt quoted, wrote: >> 2. Can we do something with a bunch of hard-linked non-extendable >> lists of internal NIDs? >> >> For example, providing GOST algorithms always requires a patch to >> extend 3-5 >> internal lists. >> If it could be done dynamically,

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-24 Thread Viktor Dukhovni
On Thu, Feb 21, 2019 at 04:20:53PM +, Matt Caswell wrote: > > 2. Can we do something with a bunch of hard-linked non-extendable lists of > > internal NIDs? > > > For example, providing GOST algorithms always requires a patch to extend 3-5 > > internal lists. > > If it could be done

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-23 Thread Dmitry Belyavsky
Dear Richard, On Sat, Feb 23, 2019 at 8:47 AM Richard Levitte wrote: > On Thu, 21 Feb 2019 17:20:53 +0100, > Matt Caswell wrote: > > On 21/02/2019 15:02, Dmitry Belyavsky wrote: > > > Dear Matt > > > > > > > > > > > > On Wed, Feb 13, 2019 at 9:30 PM Matt Caswell > > >

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-22 Thread Richard Levitte
On Thu, 21 Feb 2019 17:20:53 +0100, Matt Caswell wrote: > On 21/02/2019 15:02, Dmitry Belyavsky wrote: > > Dear Matt > > > > > > > > On Wed, Feb 13, 2019 at 9:30 PM Matt Caswell > > wrote: > > > > Please see my blog post for an OpenSSL 3.0 and FIPS Update: > > >

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-21 Thread Matt Caswell
On 21/02/2019 15:02, Dmitry Belyavsky wrote: > Dear Matt > > > > On Wed, Feb 13, 2019 at 9:30 PM Matt Caswell > wrote: > > Please see my blog post for an OpenSSL 3.0 and FIPS Update: > > https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/ > > >

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-21 Thread Dmitry Belyavsky
Dear Matt On Wed, Feb 13, 2019 at 9:30 PM Matt Caswell wrote: > Please see my blog post for an OpenSSL 3.0 and FIPS Update: > > https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/ After reading the proposed architecture description, I have some questions that are very important for

Re: [openssl-users] [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-19 Thread Walter Paley
Thanks for the speculation on validated platforms, Mark. Please be careful about using this resource as a medium for self-promotion. - Walt Walter Paley w...@safelogic.com SafeLogic - FIPS 140-2 Simplified

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-15 Thread Matt Caswell
On 15/02/2019 19:03, Sam Roberts wrote: > I don't see a FIPS repo in https://github.com/openssl, or a FIPS > branch in https://github.com/openssl/openssl/branches/all >> Has coding started? If so, is it visible anywhere? If not, where > should we watch for when it does? All coding will be

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-15 Thread Richard Levitte
On Fri, 15 Feb 2019 20:03:33 +0100, Sam Roberts wrote: > > I don't see a FIPS repo in https://github.com/openssl, or a FIPS > branch in https://github.com/openssl/openssl/branches/all > > Has coding started? If so, is it visible anywhere? If not, where > should we watch for when it does? Coding

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-15 Thread Sam Roberts
I don't see a FIPS repo in https://github.com/openssl, or a FIPS branch in https://github.com/openssl/openssl/branches/all Has coding started? If so, is it visible anywhere? If not, where should we watch for when it does? The FIPS design doc looks like lots of thought has gone into it, which is

Re: [openssl-users] [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-15 Thread Mark Minnoch
Responding to some earlier questions: > Can you give any guidance on which platforms will be validated with the OpenSSL FIPS 3.0 module? My recollection is that it will only be a handful of platforms. I would expect the number of platforms to be small. The wonderful 5 sponsors of the FIPS

Re: [openssl-users] [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-14 Thread Zeke Evans
; openssl-proj...@openssl.org Subject: [openssl-project] OpenSSL 3.0 and FIPS Update Please see my blog post for an OpenSSL 3.0 and FIPS Update: https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/ Matt ___ openssl-project mailing list openssl-proj

Re: [openssl-users] [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-14 Thread Matt Caswell
On 13/02/2019 20:28, Michael Richardson wrote: > > Matt Caswell wrote: > > Please see my blog post for an OpenSSL 3.0 and FIPS Update: > > > https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/ > > Thank you, it is very useful to have these plans made up front. > I think your

Re: [openssl-users] [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-13 Thread Michael Richardson
Matt Caswell wrote: > Please see my blog post for an OpenSSL 3.0 and FIPS Update: > https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/ Thank you, it is very useful to have these plans made up front. I think your posts should probably explain what happened to 2.x, and if this