SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/21/2015 02:48 PM, xxiao8 wrote:
> At the moment OpenSSL FIPS validation supports ANSI X9.31 with AES128
> for RNG, however it will be outdated in 2015.
> 
> Another alternative RNG in OpenSSL FIPS is SP800-90 DRBG, however the
> new requirement is to use DRBG per SP800-90A.
> 
> Are the DRBGs in SP800-90/OpenSSL-FIPS-2.0.9 the same as what SP800-90A
> requires? Otherwise how can OpenSSL 2.0 FIPS be used in any new
> validations?

The OpenSSL FIPS Object Module implements all three extant DRBGs (Dual
EC DRBG has been removed). The DRBGs are noted in the Security Policy
document:

  http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf

which is worth referencing for any "does the OpenSSL FIPS Object Module
have X" questions.

-Steve M.

-- 
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux