Hi All,
I was asked the details of OpenSSL's FIPS generator. Looking at
fips.{h|c} and fips_rand.{h|c} from OpenSSL's 1.0.x, is see its still
X9.31 using AES (I believe TDEA was used in the past).
What I can't seem to follow is how `static FIPS_PRNG_CTX sctx` is
initialized, so I can't tell if its AES128/AES192/AES256.
Following fips_rand_prng_reset, it appears to be called by
FIPS_x931_reset. But neither initialize the static `FIPS_PRNG_CTX
sctx` structure, so I can't see the parameters for the structure's
`AES_KEY ks;`
>From a higher level, I also can't see where functions from fips.{h|c}
initialize the generator, including fips_set_mode and
FIPS_module_mode.
Could anyone point out what I seem to be missing?
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
