> From: "Steve Marquess" <marquess at openssl.com> > Date: 03/24/15 12:38 ? > No, the OpenSSL FIPS module 2.0 code is no longer suitable (as of early > 2014) for use as-is in doing copycat validations. Some non-trivial code > hacks will be necessary. ? > We'll do a new open source based validation to succeed the 2.0 FIPS > module (#1747 validation) at the first opportunity, but that opportunity > has not yet presented itself. I still do not know that much about the validation in practical terms. If our units go through validation, can this benefit OpenSSL ? Also, to go back to the SP 800-90 vs. SP 800-90A regarding the DRBGs, do you know how would the OpenSSL SP 800-90 validation fare in a FIPS testing lab since the Dual EC was removed and the other three were not touched ? Regards.
