> From: "Steve Marquess" <marqu...@openssl.com> > Date: 03/24/15 09:22
> At the time that validation was obtained the four (at the time) DRBGs > were specified by SP800-90. That document was subsequently reissued in > several pieces; the current SP800-90A now contains the specifications > for the three surviving DRBGs (the fatally tainted Dual EC DRBG having > been removed from the formal standards and also from the OpenSSL FIPS > Object Module). If it concerns only the removal of the Dual EC, then it should be OK, technically. Not on paper. > Now the code for the OpenSSL FIPS module can no longer be used as-is for > new "private label" or copycat validations, but that's for different > reasons and not because of the DRBGs. I've read the User Guide bit on private label validations. In the case of a product that consists of a dedicated unit, what would be the best approach ? So far I have considered using the OpenSSL FIPS module as is, in the hope that its FIPS validation would save costs at the testing lab. Is this still feasible ? Regards. _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
