[openssl-users] FIPS: Which DRBG ?

Q Gct quentin.gouchet at gmail.com
Mon Mar 23 14:56:53 UTC 2015


Hi,

For the second question any DRBG that are approved in FIPS SP 800-90A are
approved for any application. You can chose over tha Hash, HMAC or CTR DRBG
equivalently.

Best regards

Q Gouchet
Le 23 mars 2015 09:38, "jonetsu" <jonetsu at teksavvy.com> a écrit :

> Hello,
>
> Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic,
> the OpenSSL source code does not seem to mention SP 800-90A.  Only SP
> 800-90.  So the certifications were made for SP 800-90, is that right ?
>
> Also, does it depend on the application to choose which DRBG and moreover,
> for regular FIPS uses, does it matter which DRBG is used since they are all
> approved ?
>
> One more question: is there a way for us to actually know/test which one
> id used by an application ?  I currently am using a
> FIPS_post_set_callback() placed in FIPS_mode_set() - can this be useful to
> identify which DRBG is used ?  Maybe FIPS_drbg_set_callbacks() could be
> more useful ?
>
> Regards.
>
>
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150323/7a41b0bd/attachment.html>


More information about the openssl-users mailing list