Re: [openssl-project] OpenSSL 3.0 and FIPS Update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 21/02/2019 15:02, Dmitry Belyavsky wrote:
> Dear Matt
> 
> 
> 
> On Wed, Feb 13, 2019 at 9:30 PM Matt Caswell <matt@xxxxxxxxxxx
> <mailto:matt@xxxxxxxxxxx>> wrote:
> 
>     Please see my blog post for an OpenSSL 3.0 and FIPS Update:
> 
>     https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
> 
> 
> After reading the proposed architecture description, I have some questions that
> are very important for the developers of non-US certified openssl-based products.

Hi Dmitry,

Answers inserted.

> 
> 1. Will it still be available to implement custom RAND_methods via the new
> providers API?

Yes, I expect this to be possible.

> 2. Can we do something with a bunch of hard-linked non-extendable lists of
> internal NIDs? 
> For example, providing GOST algorithms always requires a patch to extend 3-5
> internal lists.
> If it could be done dynamically, it will be great.

That's not currently something we've considered, but I agree it would be great
to fix that. Perhaps you could create a github issue identifying the specific
areas we should be looking at and then we can take a look at the feasibility of
fixing it.

> 3. Do you have plans to make some callback structures created by providers? 
> I mean such structures as SSL key exchange/authentication methods, X.509
> extensions etc.

There aren't any plans to do that at the moment. There's nothing in the provider
design that would prevent us from doing so at some point in the future.

Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux