Hello, I was trying to replace our own implementation of CTR_DRBG in GnuTLS[1] with the one provided by Nettle. It is, however, blocked as it is currently not possible to reseed an already initialized instance without re-initializing it, which is needed for FIPS 140-3 compliance.
I would suggest either: - making drbg_ctr_aes256_output internally do reseeding based on the interval defined in SP800 90A - exposing drbg_ctr_aes256_update as a public function, so applications (e.g., GnuTLS) can implement the reseeding logic I've filed an MR for the latter[2]. Could you take a look? Footnotes: [1] https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/int/drbg-aes.c?ref_type=heads [2] https://git.lysator.liu.se/nettle/nettle/-/merge_requests/69 Regards, -- Daiki Ueno _______________________________________________ nettle-bugs mailing list -- [email protected] To unsubscribe send an email to [email protected]
