RAND, FIPS and providers

Matthias St. Pierre Matthias.St.Pierre at ncp-e.com
Tue Sep 24 09:17:53 UTC 2019

On 24.09.19 10:58, Matthias St. Pierre wrote:
> It would also make sense to make the entropy sources themselves fetchable and configurable.  This would enable us to
> - separate FIPS and non-FIPS entropy sources (using the 'fips' attribute)

This concept would also enable us to ensure that FIPS DRBGs can only seed from FIPS entropy sources, without having to
hardcode the list of approved entropy sources.


More information about the openssl-project mailing list