[openssl-users] FIPS: Which DRBG ?

jonetsu jonetsu at teksavvy.com
Mon Mar 23 14:37:04 UTC 2015


Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, the OpenSSL source code does not seem to mention SP 800-90A.  Only SP 800-90.  So the certifications were made for SP 800-90, is that right ?

Also, does it depend on the application to choose which DRBG and moreover, for regular FIPS uses, does it matter which DRBG is used since they are all approved ?

One more question: is there a way for us to actually know/test which one id used by an application ?  I currently am using a FIPS_post_set_callback() placed in FIPS_mode_set() - can this be useful to identify which DRBG is used ?  Maybe FIPS_drbg_set_callbacks() could be more useful ?


More information about the openssl-users mailing list