> (as for "possibly not the FIPS provider", that's exactly right. That
one *will* be a loadable module and nothing else, and will only be
validated as such... meaning that noone can stop you from hacking
around and have it linked in statically, but that would make it
invalid re FIPS)
To be pedantic: this is true only *if you are using the OpenSSL validation.*
If you are getting your own validation (such as using OpenSSL in an HSM device
or whatnot), this is not true.
> - If permitted by the CMVP rules, allow an option for
> application provided (additional) entropy input to the RNG
> from outside the module boundary.
This is allowed, but it does not count toward the "minimum entropy"
requirements. Anything after the first seeding falls into that category.Re: [openssl-users] Comments on the recent OpenSSL 3.0.0 specification (Monday 2019-02-11)
Salz, Rich via openssl-users Fri, 15 Feb 2019 09:36:08 -0800
- [openssl-users] Comments on the recent OpenSS... Jakob Bohm via openssl-users
- Re: [openssl-users] Comments on the rece... Richard Levitte
- Re: [openssl-users] Comments on the ... Salz, Rich via openssl-users
- Re: [openssl-users] Comments on ... Jakob Bohm via openssl-users
- Re: [openssl-users] Comments on the rece... Matt Caswell
- Re: [openssl-users] Comments on the ... Tomas Mraz
- Re: [openssl-users] Comments on the ... Jakob Bohm via openssl-users
