[openssl-users] SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?
Steve Marquess
marquess at openssl.com
Sun Mar 22 19:50:23 UTC 2015
On 03/21/2015 02:48 PM, xxiao8 wrote:
> At the moment OpenSSL FIPS validation supports ANSI X9.31 with AES128
> for RNG, however it will be outdated in 2015.
>
> Another alternative RNG in OpenSSL FIPS is SP800-90 DRBG, however the
> new requirement is to use DRBG per SP800-90A.
>
> Are the DRBGs in SP800-90/OpenSSL-FIPS-2.0.9 the same as what SP800-90A
> requires? Otherwise how can OpenSSL 2.0 FIPS be used in any new
> validations?
The OpenSSL FIPS Object Module implements all three extant DRBGs (Dual
EC DRBG has been removed). The DRBGs are noted in the Security Policy
document:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf
which is worth referencing for any "does the OpenSSL FIPS Object Module
have X" questions.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
More information about the openssl-users
mailing list