Hai-May Chao wrote: > > I updated my webrev with review comments from Dan and Ferenc. > The updated webrev is at: > > http://cr.opensolaris.org/~haimay/CR6703956-v1/
I will do code review soon. I have the following design level questions for now - - I see a design document at http://opensolaris.org/os/project/crypto/inprogress/fips/FIPS_RNG_Design/ Is that current? I would like to see a section on the design choice of replacing the existing PRNG algorithm in kcf_random.c with FIPS140-2 by default. I am OK with it. But, it needs to be called out and justified in the document. - Do we discard the first n-bit block as recommended in the FIPS document? "If each call to a RNG produces blocks of n bits (where n > 15), the first n-bit block generated after power-up, initialization, or reset shall not be used" Regards, -Krishna
