Hi, For the second question any DRBG that are approved in FIPS SP 800-90A are approved for any application. You can chose over tha Hash, HMAC or CTR DRBG equivalently. Best regards Q Gouchet Le 23 mars 2015 09:38, "jonetsu" <jonetsu at teksavvy.com> a ?crit : > Hello, > > Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, > the OpenSSL source code does not seem to mention SP 800-90A. Only SP > 800-90. So the certifications were made for SP 800-90, is that right ? > > Also, does it depend on the application to choose which DRBG and moreover, > for regular FIPS uses, does it matter which DRBG is used since they are all > approved ? > > One more question: is there a way for us to actually know/test which one > id used by an application ? I currently am using a > FIPS_post_set_callback() placed in FIPS_mode_set() - can this be useful to > identify which DRBG is used ? Maybe FIPS_drbg_set_callbacks() could be > more useful ? > > Regards. > > > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150323/7a41b0bd/attachment.html>
