RAND, FIPS and providers
Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Tue Sep 24 09:17:53 UTC 2019
On 24.09.19 10:58, Matthias St. Pierre wrote:
> It would also make sense to make the entropy sources themselves fetchable and configurable. This would enable us to
>
> - separate FIPS and non-FIPS entropy sources (using the 'fips' attribute)
This concept would also enable us to ensure that FIPS DRBGs can only seed from FIPS entropy sources, without having to
hardcode the list of approved entropy sources.
Matthias
More information about the openssl-project
mailing list