> From: "Steve Marquess" <marquess at openssl.com> > Date: 03/24/15 09:22 > At the time that validation was obtained the four (at the time) DRBGs > were specified by SP800-90. That document was subsequently reissued in > several pieces; the current SP800-90A now contains the specifications > for the three surviving DRBGs (the fatally tainted Dual EC DRBG having > been removed from the formal standards and also from the OpenSSL FIPS > Object Module). If it concerns only the removal of the Dual EC, then it should be OK, technically.?? Not on paper. ? > Now the code for the OpenSSL FIPS module can no longer be used as-is for > new "private label" or copycat validations, but that's for different > reasons and not because of the DRBGs. I've read the User Guide bit on private label validations.? In the case of a product that consists of a dedicated unit, what would be the best approach ?? So far I have considered using the OpenSSL FIPS module as is, in the hope that its FIPS validation would save costs at the testing lab.? Is this still feasible ? Regards.
