Niels Möller <[email protected]> writes: > Daiki Ueno <[email protected]> writes: > >> I was trying to replace our own implementation of CTR_DRBG in GnuTLS[1] >> with the one provided by Nettle. > > What is the GnuTLS usecase? I got the impression from Simon that drbg > isn't very good and that use should be rather discouraged. So I'm a bit > surprised TLS depends on it.
This is used for FIPS 140-3 certification purposes, where we need to use one of the approved DRBG in the same cryptographic module to be certified with necessary requirements met, e.g., reseeding, power-on self-tests, etc. In non-FIPS mode, we just use the system RNG with ChaCha20, which should be faster. >> I've filed an MR for the latter[2]. Could you take a look? > > The code change looks very reasonable. It needs a doc update, not sure > if it also deserves any additional tests. I've updated the documentation. Given that the code is already exercised through drbg_ctr_aes256_init and drbg_ctr_aes256_random, I don't see the need of dedicated tests, though it might make sense to extend the existing tests with the ACVP test vectors we use[1]. Regards, Footnotes: [1] https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/int/drbg-aes-self-test.c?ref_type=heads -- Daiki Ueno _______________________________________________ nettle-bugs mailing list -- [email protected] To unsubscribe send an email to [email protected]
