Simo Sorce

Interesting document however I see some big gaps in the dissertation here. You should really start from the design of current applications and think how OpenSSL would be used by...

If you specify intentionally a different user, it doesn't make sense to me to stick with the group defined in the image. It should be the deployer care to also...

@stefanberger hi, I asked @elmarco to look into some of this. Our concerns are indeed open implemenation of cryptographic algorithms like RSA, HMAC, ECDSA, etc.. we'd like to be able...

Looks like these KDFs have been implemnted in accord with the recommendations put forth in NIST Special Publication 800-108, so they should be fine. OpenSSL carries a number of KDFs...

In fact, at least CryptKDFe looks like is an implementation of The Concatenation KDF decribed in SP 800 56 (I implemented this KDF in python cryptography a while ago and...

Yes KDFs are deterministic, it's their purpose to be. What do you mean with "RSA keys cannot be derived from migrated keys" ?

From the FIPS point of view, this is not a problem, as you cannot "upgrade" to FIPS. Keys that are not created in FIPS mode cannot be used anyway, so...

Yes, all the new OpenSSL API is opaque and uses pointers. And there are no functions to export state. How critical is this?

Understood. We may start with a lock for open HMAC sessions, and then see if upstream openssl is open to add an HMAC state export function. But perhaps simply delaying...

yeah, we'll definitely have to deal with it.