[openssl-users] FIPS: Which DRBG ?
Steve Marquess
marquess at openssl.com
Tue Mar 24 16:37:07 UTC 2015
On 03/24/2015 09:53 AM, jonetsu wrote:
>
> ...
>
>> Now the code for the OpenSSL FIPS module can no longer be used
>> as-is for new "private label" or copycat validations, but that's
>> for different reasons and not because of the DRBGs.
>
> I've read the User Guide bit on private label validations. In the
> case of a product that consists of a dedicated unit, what would be
> the best approach ? So far I have considered using the OpenSSL FIPS
> module as is, in the hope that its FIPS validation would save costs
> at the testing lab. Is this still feasible ?
No, the OpenSSL FIPS module 2.0 code is no longer suitable (as of early
2014) for use as-is in doing copycat validations. Some non-trivial code
hacks will be necessary.
We'll do a new open source based validation to succeed the 2.0 FIPS
module (#1747 validation) at the first opportunity, but that opportunity
has not yet presented itself.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
More information about the openssl-users
mailing list